Les Schaffer wrote:
> >>>>> "Mark" == Mark Jones <Jones_M at netcomuk.co.uk> writes:
>
> Mark> Millennium test exposes date fault in Windows 98
>
> Mark:
>
> where did you find this? i'd like to track this bug to 'study' more how
> Microsoft deals with this stuff.
>
>
It came from today's Sunday Times (London). Even worse is this (same issue):Hacker software hijacks Windows
SOFTWARE that lets hackers remotely control
personal computers (PCs) over the Internet was
unveiled last week at a hacking convention.
The program, called Back Orifice (a pun on
Microsoft's Back Office), enables a third party to
remotely control any PC that is running Windows
95 or 98 software and is connected to a network
(including the Net).
The program can be attached to an e-mail and will
run invisibly, turning your PC into a web server
that will allow hackers to raid your hard drive.
Users downloading a "spiked" e-mail are unlikely
to notice the attachment, which installs itself on a
hard disk immediately.
Once the program is in place, the hacker can then
use separate software to get into any part of the
PC. He will obtain full access to passwords and
even the use of printers, CD-Roms or video
cameras connected to the hacked PC.
The Cult of the Dead Cow, the American group of
hackers behind Back Orifice, says its software
simply shows up the security holes in Windows
software.
Sir Dystic, the program's author, says: "Microsoft
has been so keen to make the PC easy to use, it
has left huge security holes by effectively taking
away the user's control.
"We made the software easy enough for an
eight-year-old to hack with and we think it could
do serious damage."
According to Dystic, the software also has a
commercial use as a remote-control system for
companies with hundreds of networked PCs.
Weld Pond, a hacker with the L0pht hacking
group, who has closely followed the progress of
Back Orifice, believes it will lead to an epidemic of
hacking.
"There is a huge percentage of Window 95 and 98
machines that could be affected. The software
even comes with a scanning facility that allows
you to target vulnerable PCs on the Net," he says.
According to Pond, previous hacking software was
tame compared with Back Orifice. "Until now
you've been able to play around a bit and read
some files, but now you can really do something
once you are in a machine," he says.
Hackers will also be able to write their own add-on
software for Back Orifice, which could be used to
automatically send pictures from a video camera
connected to the hacked PC, or alert the hacker
when the user is logged on.
Pond says: "Back Orifice will be the catalyst for a
renewed attack on Windows machines in the
hacking community and there's not a lot Microsoft
can do because its software has so many
vulnerabilities."
Microsoft, however, says its software is perfectly
safe and points out that similar hacker software
has been available for years. "Back Orifice won't
affect users that practise safe Net usage, which
means not running files downloaded from the Net,
or only accessing the Net through a company
network running a firewall [a system that controls
and monitors data sent to and from the Net]," says
the company.
Microsoft also says the Cult of the Dead Cow is
simply seeking publicity and that its software will
provide no risk for most Windows users: "If your
PC is set up properly, then there is no risk at all."
However, according to Pond, users find Windows
far too confusing to set up, resulting in security
gaps.
"The biggest problem is people misconfiguring file
sharing. Many users have the C drive shared as
writeable with no password, or a password that is
a dictionary word and is therefore easy to guess,"
he says.
Windows security lets users try as many
passwords as they want, so hackers can simply
keep trying until they find the right password.
According to Pond, users of Back Orifice are
already working on a Net "worm" virus that would
automatically scan Windows 95 or 98 PCs
connected to the Net and, if they are vulnerable,
download and install Back Orifice. The worm
would then tell hackers about the machine and
even automatically send a list of passwords.
Security flaws in Microsoft and Netscape e-mail
packages can also be used to trick Windows into
installing the Back Orifice server, using a
technique known as buffer overflow, which is also
undetectable. Although patches for fixing the bug
are available, many users are unaware the bug
even exists, so they have not downloaded the fix.
The hacker uses a simple graphical interface to
control the remote PC. All communication
between the two computers is encrypted while
sent over the Net and decrypted by the invisible
server software residing on the hacked PC.
Hackers can choose from dozens of commands,
including the ability to delete files, reboot the
machine and even capture all of the passwords on
the remote machine. They can also play sounds
and movie files and copy files. Applications can
also be hijacked and run by the hacker.
The software was launched last week at Def Con,
a convention for hackers held in Las Vegas.
Several American Department of Defense
representatives were among the huge audience that
turned out for for the launch of the software.