Threat Level: green Handler on Duty: Russ McRee

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Dirty O.W.!

Published: 2007-10-08
Last Updated: 2007-10-08 20:36:58 UTC
by Tom Liston (Version: 1)
0 comment(s)

One of my all-time favorite movies is the 1965 classic, "A Thousand Clowns" starring Jason Robards as the unforgettable Murray Burns. Murray is a rather unconventional character, and the film's plot revolves around his struggles with a child welfare department threat to remove his twelve-year old nephew Nick from his custody unless he "conforms" to what they consider to be an appropriate role model for the young man.  Nick is Murray's sister's child, born out-of-wedlock and thus referred to (by a social worker) as an "O.W." child.  One of the best lines in the movie is when Murray calls one of the child welfare workers "a dirty O.W.".

The point of all of this?  Well, I have a quick "quiz" for our loyal readership.  No prizes beyond a shot at ISC Handler's Diary glory: The first person who correctly answers will be have their name or initials enshrined here and can thus use that ISC mention to claim all of the rights and honors they so richly deserve.  In perpetuity.

Here we go:

The other day, I was at a client site, setting up and locking down a Solaris 10 box.  In the process of doing that, I needed to move some scripts that I had written on my Linux laptop over to the Solaris machine.  When I popped my USB key into the Solaris box, it was auto-recognized and appeared on the desktop.  I immediately (and erroneously it turns out...) accused my friend, colleague, and fellow ISC Handler, Ed Skoudis of being "a dirty O.W."

Why?

UPDATE 1: Since the answers I've received so far have been somewhat disappointing (to say the least...) here's Hint #1: There is a very specific reason that I chose Ed Skoudis as the target of my accusation.  Normally, I blame the ISO Standard Scapegoat, Mike Poor, for pretty much anything that goes wrong/bad/viral with a computer.

UPDATE 2: Arrrgh!  You guys are really disappointing me.  Hint #2: Perhaps my accusation might have something to do with the default name assigned to the device...

UPDATE 3: We have a winner! Ok... so reader David Lesperon didn't get it EXACTLY right, but he was on the right track... Here's the skinny: I plugged my USB key into the machine and what name was assigned? /dsk/c0d0!  But the funky window manager attempted to remove what it assumed were "escaped" characters, and left it as: sk0d0! I immediately unplugged it from the Solaris machine and plugged it into my Linux laptop, mounted it, and saw that it was identified it as the normal "tliston" name I've assigned to the drive.  Pulled it from the Linux box and reinserted it in the Solaris machine and "sk0d0" returned.  Strange... very strange...

And to those who felt compelled to write in with the "obvious" answer, Ed is a very nice man.  You should be ashamed of yourselves...

Keywords:
0 comment(s)
Diary Archives