microsoft date fault

Chuck Grimes cgrimes at tsoft.com
Sun Aug 9 14:49:16 PDT 1998


Les Schaffer wrote:


> >>>>> "Mark" == Mark Jones <Jones_M at netcomuk.co.uk> writes:
>
> Mark> Millennium test exposes date fault in Windows 98
>
> Mark:
>
> where did you find this? i'd like to track this bug to 'study' more how
> Microsoft deals with this stuff.
>
>


>From Mark Jones:

It came from today's Sunday Times (London). Even worse is this (same issue):Hacker software hijacks Windows

SOFTWARE that lets hackers remotely control

personal computers (PCs) over the Internet was

unveiled last week at a hacking convention.

The program, called Back Orifice (a pun on

Microsoft's Back Office), enables a third party to

remotely control any PC that is running Windows

95 or 98 software and is connected to a network

(including the Net).

----------------------------

Good morning, fellow propeller beenies.

Certainly music to my ears. But it all sounds too good to be true. The only thing that makes this kinda sound real is the exploitation of Bill's typically sloppy, bloated, and arrogant designs. The date problem is even more hilarious. Writing a date calculation program is one of the first programming exercises I remember from the Basic, Cobol, Fortran days--so I don't understand how supposedly 'real' software engineers ever made this kind of mistake. BIOS chip makers of course have even less excuse. Now there is a really sleazy field of crapy design worth exposing.

The idea that Win9x is secure based on network security is less than reassuring, since the first goal of all hackers is to keep finding ways to open the server interfaces--after all you have to get into the house before you can loot it. This reminds me that MSNBC requires you to accept cookies in order to open their sites or did the last time I clicked on anything there sometime last year. Isn't that an invitation to hackers as the very means to exploit? I don't know, so this is a serious question.

There is another game that should bother Bill and that is the freewarez trade in his software. My kid offered me the entire win9x office suite along with valid registration and serial numbers from a CD one of his friends in LA made. Evidently the under thirty cybercrew considers it bad taste to pay for software (see, there is hope). I settled for down loading the latest versions of photoshop, quark, and illustrator instead. But that was all before I went on this unix kick.

The FreeBSD news group announcements update their battle with hackers almost weekly with techniques and small patches to keep server firewalls, e-mail, and encryption secure. A lot of these announcements are devoted to keeping relays and spam off e-mail servers--which are a whole hacker subculture. Since the BSD guys are protecting their image as the roughest and toughest lions around, they make it a point to keep the hyenas at bay.

It is interesting to watch these lion/hyena wars between Unix and hacker community because they are such a perfect match for each other that the boundaries seem a little blurred to me.

To bring this a little closer to the list topics, what are hackers political profiles--populist, left, neo-nazis? Wouldn't it be scary if the Christian right ever discovered hacking as a pastime? I sort of doubt this because of their hypotrophic morality. Although, I could see them trying to hack the porn sites to screw them up--sort of anti-abortion clinic bombing on the internet. The only book I've read on hacking (forgot the title now) concerned a grad student at UCB in astronomy who discovered an East German hacker-spy wondering around inside the federal lab networks--this was sometime in the late seventies or early eighties. ISM, this astronomy guy turned into some sort of cyber-cop, later--to bad.

Chuck Grimes



More information about the lbo-talk mailing list