Re: Windoze 95/98 in the news? :{)

["Jeffrey Alan Messer" <messer@xxxxxxxx>]

> Date:          Mon, 24 Aug 1998 16:00:05 -0400 (EDT)
> From:          Bruce Smith <bruce@armintl.com>
> Subject:       Windoze 95/98 in the news?  :{)
> To:            klug@klug.armintl.com
> Reply-to:      klug@klug.armintl.com


> security levels to users. (The program does not threaten
> Windows NT systems.) 

The WinNT version is under development.  It will probably be out 
within 2 months.

They released the Unix client on August 9.  You need to download the 
Windows verion to get the server, though.

How does this (next paragraph) work?  Only if you use WinZip?  I'm 
wondering about people putting up zipps of porno jpeg's and 
distributing it that way.  People download anonymous zipped porno 
archives from web pages all the time, and I am wondering what the 
risk is in that.

a set of zipped JPEG files, for example--with the Back Orifice 
server hidden in it. The unwitting victim unzips the file and 
unknowingly installs the Back Orifice server on his or her computer. 

Our testing showed that this little 120KB number can easily be hidden
in another application or in zipped files and installed without the
intended victim ever knowing it.

Here's the article I am referring to:

http://www.zdnet.com/pcweek/opinion/0810/10week.html

This PC Week
Tales from the Dead Cow reveal dastardly danger
By John Dodge 
August 10, 1998
An easier way to crack Windows
'Back Orifice' wows DEF CON crowd

Firewall pioneer on Net security: 'We're doomed!' 

IBM injected the mainframe computer into the corporate mainstream.
Apple brought the GUI to the masses. And now the Cult of the Dead Cow
could bring hacking to those who are neither capable nor smart enough
to do it any other way. In other words, hacking Windows 95/98 PCs just
got a lot easier.

As Jim Rapoza's story says, Back Orifice allows the perpetrator to run
computers remotely. You either find who you want to hack or randomly
select your victims. Then you send them a seemingly innocuous file--a
set of zipped JPEG files, for example--with the Back Orifice server
hidden in it. The unwitting victim unzips the file and unknowingly
installs the Back Orifice server on his or her computer. The hacker,
using the Back Orifice client, can virtually control the remote
computer.

With "members" whose names are right out of a rogues' gallery--Sir
Dystic, WeaselBoy, Tarkin Darklighter, The Deth Vegetable and Tweety
Fish--and profanity galore, CDC's site is hacker paradise.
Counterculture and ghoulish, certainly, but at the same time, real and
potentially destructive.

----------------------------------------------------------------------
-- Then again, why shouldn't Microsoft be mad and attempt damage
control?
----------------------------------------------------------------------
--

Microsoft's stuffy retort that Back Orifice poses little security
threat carries that aroma of corporate denial that so often
accompanies arrogant organizations. For instance, Microsoft says
you're safe if you're "not connected to the outside world." Great. It
also claims that Back Orifice penetration is unlikely because the user
must be tricked into installing it. Our testing showed that this
little 120KB number can easily be hidden in another application or in
zipped files and installed without the intended victim ever knowing
it. Well, then, Microsoft argues, you have to know the IP address of
your victim. Finding out key parts of a company's IP addresses isn't
rocket science.

Then again, why shouldn't Microsoft be mad and attempt damage control?
After all, CDC wants to shake public confidence in Microsoft's
products.

Back Orifice performs numerous and truly scary activities--remote
password and keystroke capturing, file creation and deletion--all the
things the rightful owner can do locally, plus some mischief. I
watched Rapoza create a dialog box on a remote computer that said:
"Warning!!!! Don't touch this button!" This amusing trick pales in
comparison to the real damage a Back Orifice-wielding miscreant could
do.

Reportedly, CDC's release of Back Orifice to the public free of charge
is well-intentioned. A few well-publicized Back Orifice blowups will
get Microsoft to strengthen the security in Windows 95 and Windows 98,
one CDC member suggested.

Just who are Sir Dystic, Tweety Fish and The Deth Vegetable?

Clearly, these iconoclasts use shock value well. Sir Dystic's home
page has grotesque graphics of skulls and what appear to be shriveled
human remains. Tweety Fish describes himself or herself as a
"superhero ... rockstar ... ninja ... pimp." Deth's CDC site tracks
the history of "Cow" and warmly greets you with a few expletives and
the message: "You've found us. What are you going to do about it now,
Rodent?"

Individually, most of these people are probably bored programmers from
solid middle-class families. They like impact and, for sure, they are
making one. Collectively and intellectually, there's no way to gauge
how much of their work constitutes a threat to the Microsoft way. They
are worth paying attention to, which Microsoft has only minimally
done.

Go to www.cultdeadcow.com and tell me how seriously we should take
Back Orifice and its creators. Write me at john_dodge@zd.com. 

See more This PC Week columns. 


 SPONSORED LINKSFinance  Save now, save later - 9.99% Visa card - NOT
an intro rate.Software  X10.com -- The SuperSite for Home Automation
Internet  100% Site Availability! IP Web Hosting from Sprint! ZDNET
FEATURED LINKSSoftware  Download the best - the 1998 Shareware Award
Winners!Bargains  Shop the Basement for super deals on computer
products  MAGAZINE OFFERSFree Offer  Get eMediaweekly magazine FREE!
Send E-mail to PC Week | Copyright notice 





<<<Wednesday, Aug 5, 1998  3:54 PM>>>
Aug  5, 1998  9:38 from Sample
Anyone have the URL for Back Orifice?
[Windows Of Yore> msg #3009 (1 remaining)] Read cmd -> Next

Aug  5, 1998  9:41 from Sample
I'll answer my own question.  :)
www.cultdeadcow.com
[Windows Of Yore> msg #3010 (0 remaining)] Read cmd ->


<<<Friday, Aug 21, 1998  2:18 PM>>>
Back Orifice "security" tools miss the mark
http://www.zdnet.com/pcweek/news/0817/20mbosec.html

Back Orifice "security" tools miss the mark
PC Week Labs easily confounds two apps that claim to provide
protection from Cult of the Dead Cow hacker program By Jim Rapoza, PC
Week Labs August 21, 1998 1:53 am ET 

Computer security: Fear and fascination in Las Vegas

ZDTV's CyberCrime virus watch 


Two new applications claim to protect against the hacker program Back
Orifice, but PC Week Labs has found that these products provide about
as much protection as an old Chihuahua on sedatives.

Back Orifice, created in August by the hacker group Cult of the Dead
Cow, makes it possible to invisibly monitor and control remote
systems, with the most difficult step being getting the Back Orifice
server onto the remote system. 

The more ambitious of the two free Back Orifice security applications
is Back Orifice Eliminator, from Bardon Data Systems. This application
attempts to not only remove Back Orifice but also monitor for, and
thus prevent, further attacks. The second program, called Plugger, is
simpler in scope. A beta program created by Bradley Callis of Stanley
Associates Inc., Plugger attempts only to find, stop and delete Back
Orifice.

In our tests, we were surprised that both Back Orifice Eliminator 1.01
and Plugger were unable to respond to a standard feature of Back
Orifice--a configuration utility that lets hackers change many of the
Back Orifice server's default settings, including what name it will
run under.

To defeat both security programs, we simply changed the name that the
Back Orifice server application ran under, then changed the name of
the Back Orifice server installation application. This gave us full
command of all of Back Orifice's capabilities.

Back Orifice Eliminator and Plugger worked better if we maintained all
of the Back Orifice server default settings, but even then the
protection provided by the security programs was less then complete.

Plugger successfully found and removed Back Orifice, but its lack of
continuous monitoring allowed us to reinstall Back Orifice and use it
to remove the Plugger application remotely.

Back Orifice Eliminator was unable to completely live up to its claim
of continuous monitoring. Eliminator found and removed Back Orifice if
we tried to immediately install the offending program, but we were
able to get around Eliminator by placing the Back Orifice install
application in the startup menu.

When the system was then rebooted, we had a window of time ranging
from 1 to 10 minutes before the program detected and removed the Back
Orifice server. During this time we had access to almost all of Back
Orifice's capabilities.

During one test, we used this window of opportunity to find and stop
the Back Orifice Eliminator program. This gave us full access to the
remote system, and we were able to delete the program files for Back
Orifice Eliminator, effectively removing it from the system.

A version of Back Orifice Eliminator--Version 1.02--that was posted
after we informed Bardon Data of the problems we had encountered in
Version 1.01 was able to detect our reconfigured Back Orifice server.
Symantec Corp.'s Norton AntiVirus also successfully detected Back
Orifice, even after we had changed its configuration, and prevented us
from loading it on the remote system.

However, although the new 1.02 version of Back Orifice Eliminator
worked fairly well, the problems we found in Version 1.01 were caused
by the vendor's need to respond quickly to new information about Back
Orifice, which had opened new holes in the security application's
defenses.

It will probably be some time before companies can feel secure with
these kinds of programs. However, we did find the most recently
updated antivirus scanners to be effective at detecting Back Orifice
before it could be installed.

The best defense against Back Orifice, and other attacks, is regular
monitoring of network activity, a well-configured firewall and regular
reminders of company security policies.

Back Orifice Eliminator can be downloaded from www.bardon.com. Plugger
is available at bradley.callis.com.




 SPONSORED LINKSFinance  Save now, save later - 9.99% Visa card - NOT
an intro rate.Software  X10.com -- The SuperSite for Home Automation
Internet  100% Site Availability! IP Web Hosting from Sprint! ZDNET
FEATURED LINKSFreeware  It's a software free for all - 100 FREE
downloads!Investing  Stay on top of the market with ZDII's Daily
Preview  MAGAZINE OFFERSFree Offer  Get WindowsPro Magazine - the NT
Authority! Send E-mail to PC Week | Copyright notice 


<<<Wednesday, Aug 12, 1998  6:01 PM>>>
Aug 12, 1998 12:43 from CyberBlazer


                           Sony's Rated X-ray vision

                           Sony halts shipments of Handycam,
                           infrared function sees through clothes

                           August 12, 1998: 7:25 a.m. ET

                  TOKYO (Reuters) - Electronics giant Sony Corp.
                  said Wednesday it had halted shipments of some
                  video cameras after finding they could be used for
                  filming more of their subjects than meets the eye.
                     Some versions of the Handycam have infrared
                  technology which lets users shoot at night or in
                  darkness in a "night shot" mode.
                     But magazine reports revealed that when the
                  special feature is used in daylight or a lighted
                  room with a special filter it can "see through"
                  clothing -- underwear can show up, especially on
                  those lightly dressed, and people wearing swimsuits
                  look almost naked.
                      A Sony
                  spokesman said the first the company knew of the
                  camera's surprise feature was when reporters started
                  asking for comments on the "new way" of using the
                  camera.
                     Sony technicians then experimented and
                  confirmed that the technology had the unintended
                  capability.
                     "When we developed this feature for the
                  Handycam, we were thinking of people filming night
                  views -- their children sleeping, or perhaps the
                  nocturnal behaviour of animals," the spokesman said.
                     Concerned at the possibility of less innocent
                     users
                  taking advantage of the technology, Sony has
                  modified the camera so the "night shot" mode only
                  works in the dark.
                     Shipment of the new versions have already begun,
                  replacing the original ones, which hit the market in
                  March and had sold around 180,000 units in the
                  domestic market up to the end of July, the spokesman
                  said.
                     It sold 870,000 of the original cameras worldwide
                  by the end of June, including 400,000 in North
                  America and 290,000 in Europe. The spokesman
                  said it is now shipping the modified version
                  overseas.
                     He denied local media reports that it had asked
                  stores to remove the original versions from their
                  shelves. The company declined to confirm retail
                  prices, but media reports said the cameras range
                  from 100,000 yen ($684) to 200,000 yen in Japan.
                  ($1146).
[Late Breaking News> msg #16945 (0 remaining)] Read cmd ->