Staticusers.net – AtEase Security
At Ease popularity has kind of died down. I remember schools using it but now they don’t seem to. It’s a product I never liked. Found it rather insecure. Millions of ways to hack around it.
The New Version, Well You need to email me with information on it. I couldn’t find any on Apples website, so if you run it, Email me! I guess this product would be good for Jr High or Elementary schools.
At Ease Files + Hacks + Fixes:
Open Other peoples files is a email submitted from someone with malicious intent. Always know what other people are expecting so the administrator can be prepared.
- Complete AtEase Bypassing Guide – Jibblet
- Bypassing AtEase version 3.0 -RDK
- Bypassing AtEase -By the Weasel
- AtEase 5.0 Security Advisory: At Ease 5.0 will allow a user to access any user’s volume on the server.
The tested configuration is as follows:
- MacOS 7.6.1 (should work with anything greater than 7)
- At Ease 5.0.2 AppleShare IP 5.0.3
- Netscape 4.0.7 (No reason it shouldn’t work from .99 to 4.5)
How to do it
Log in as any user that has access to Netscape Communicator, and type in file://Macintosh%20HD/System%20Folder/ and you are able to access the disk.
Do the same thing, except use file://At%20Ease%20Volume%20Name/At%20Ease%20%Docs/username and it’s quite easy to browse through anyone’s files.
It is possible to download files from any user’s directory. I have been unable to actually open any of the files once they are downloaded, however in an educational setting, just viewing names in a certain directory could constitute some serious problems (such as if a teacher works with Special Education students, and has a list of documents to their parents).
Apple apparently will not fix their own product.
There is a 3rd party extension available for this at: http://www.ncal.verio.com/~lsr/programs/MSIENoServers.hqx