Even though BBSs employ security features, there are at least eight factors which serve to make them vulnerable to any resourceful hacker. These security loopholes are:
• Hacker is familiar with the remote hardware.
• BBS run on home computer.
• Hacker is familiar with the BBS software.
• Hacker is familiar with the people involved.
• Diversity of people involved.
• File transfer section.
• Hacker knows when sysop is and is not watching.
• Hacker knows usage patterns.
Each of these vulnerabilities offers numerous opportunities for a hacker to break into the BBS of his or her choice. Taken as a whole, it should be pretty much impossible for a hacker to NOT be successful at a BBS breach.
Unlike other hacking situations - such as when dialing up a large government computer for the first time - you will be familiar with practi-cally every aspect of the BBS you select to hack. BBSs often have a menu option that gives you the rundown on what equipment is being used to op-erate the system. The brand of software will also be known to you, and from regular conversations with the sysops and users, a personal familiarity will develop. Knowing all these facts gives you a great advantage in the writing and uploading of Trojan horse programs, in the seeking out of bugs to profit by and, yes, in the guessing of passwords.
BBSs will generally tell you upon login whether or not the sysop is available to chat. Naturally there is no guarantee that the sysop is not present when the notice says he's not present, but the "Sysop is IN" sign can at least warn you of when you should definitely be most cautious.
Even if the sysop appears to be unavailable, the BBS software itself might be watching you like a hawk, printing out your every move, or every at-tempt at crashing the software. For example, RBBS-PC bulletin board software allows the sysop to keep a continuous printout on each caller's name, files exchanged, and
error messages that oc-cur. As we will see later in this chapter, this can be troublesome depending on the type of attack you wage against the BBS.
