[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Windows NT vulnerability
---------- Forwarded message ----------
Date: Thu, 2 Apr 1998 14:58:02 -0800 (PST)
From: risks@csl.sri.com
To: risks@csl.sri.com
Subject: RISKS DIGEST 19.65
RISKS-LIST: Risks-Forum Digest Thursday 2 April 1998 Volume 19 : Issue 65
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
***** See last item for further information, disclaimers, caveats, etc. *****
Contents:
Problem in wintertime/summertime switching in Germany (Nikolaus Bernhardt)
Y2K in China (Don Wagner)
April First, a bad day for high tech in Holland (Paul van Keep)
Hackers Exploiting Over 100 Holes In Windows NT (Shake Communications)
Pull rip cord (Andrew Gabriel)
Painful spell-checker mistake in WordPerfect (Jeroen Bruintjes)
Risks of unfortunate product names (Roger Strong via Jim Griffith)
Inaccurate study quoting, Re: anti-crypto rhetoric (Robert J. Perillo)
RC5-64 Project can change laws on encryption technology (RC5 Team)
Re: Funding for a new software paradigm (Fred Cohen)
Re: DJ10K (Frank Markus)
Re: Rivest's chaffing concept (Stacy Friedman)
Re: EMI and TWA 800 (Piers Thompson)
"Computers, Ethics and Society", Ermann/Williams/Schauf (Rob Slade)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
[... snipped other articles ...]
------------------------------
Date: Thu, 26 Mar 1998 00:03:32 +1000
From: "Shake Communications Pty Ltd" <shake@shake.net>
Subject: Hackers Exploiting Over 100 Holes In Windows NT
101 Ways to Hack into Windows NT
MELBOURNE, AUSTRALIA: A study by Shake Communications Pty Ltd has identified
not 101, but 104, vulnerabilities in Microsoft Windows NT, which hackers can
use to penetrate an organisation's network.
Many of the holes are very serious, allowing intruders privileged access
into an organisation's information system and giving them the ability to
cause critical damage - such as copying, changing and deleting files, and
crashing the network. Most of the holes apply to all versions (3.5, 3.51
and 4) of the popular operating system.
Shake Communications, an information and internet security firm, has
compiled the statistics as part of an ongoing study and compilation of
vulnerabilities in popular hardware, operating systems, applications and
programming languages.
The vulnerabilities are ranked High, Medium or Low according to the damage
(loss or resources, time and money) they can cause and are categorised into
Denial of Service (D.O.S.) vulnerabilities, Server Message Block (S.M.B.)
vulnerabilities, Malicious Program vulnerabilities and Miscellaneous
vulnerabilities. The majority of weaknesses affect Versions 3.5, 3.51 and 4.
Some apply only to one or two of the versions and others apply where an
application, such as Microsoft Access, is running on Windows NT.
Some examples of how hackers (from both the outside and the inside of an
organisation) can exploit the various vulnerabilities are as follows:
* An intruder can crash the Windows NT system by sending spoofed packets to
multiple ports where the source and destination settings are the same;
* Holes in the Server Message Block authentication can give a local user
unauthorised network access under certain conditions (for example, an
employee can break into the payroll system);
* An unauthorised user can use the alerter and messenger services to send
fake pop-up messages to legitimate users and thereby fool them into entering
information such as their password;
* Hackers can use their own programs to exploit holes, such as L0phtCrack, a
password cracking program, and NtAddAtom, a program which crashes NT;
* Even where a domain user creates a file and removes all its permissions
(reading, writing, deleting), an unauthorised user can still delete such a
file.
Some of the holes have no recommended countermeasures and others rely on
physical security measures (such as locking the Windows NT server in a
room). Fortunately, there are software patches or fixes available to rectify
many of the vulnerabilities. Microsoft freely provides these at its Web Site
(http://www.microsoft.com). Unfortunately, many users are probably unaware
that this service exists.
Shake Communications also provides links to patches/fixes in its
Vulnerabilities Database, which also covers other operating systems,
programs, applications, languages and hardware.
For more information contact Shake Communications at info@shake.net or +613
9555 8560. Shake Communications maintains a Vulnerabilities Database
containing over 3,000 vulnerabilities and associated patches/fixes at
http://www.shake.net. This is updated daily and available by subscription.
Acknowledgments
Costin Raiu
Joba DoVoe
Microsoft Corporation
Paul Ashton
The L0pht
www.ntshop.com
------------------------------
[... snipped other articles ...]
------------------------------
Date: 31 Mar 1998 (LAST-MODIFIED)
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. Alternatively, via majordomo,
SEND DIRECT E-MAIL REQUESTS to <risks-request@csl.sri.com> with one-line,
SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or
INFO [for unabridged version of RISKS information]
.MIL users should contact <risks-request@pica.army.mil> (Dennis Rears).
.UK users should contact <Lindsay.Marshall@newcastle.ac.uk>.
=> The INFO file (submissions, default disclaimers, archive sites,
copyright policy, PRIVACY digests, etc.) is also obtainable from
http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info
The full info file will appear now and then in future issues. *** All
contributors are assumed to have read the full info file for guidelines. ***
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line.
=> ARCHIVES are available: ftp://ftp.sri.com/risks or
ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
[volume-summary issues are in risks-*.00]
[back volumes have their own subdirectories, e.g., "cd 18" for volume 18]
or http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue].
The ftp.sri.com site risks directory also contains the most recent
PostScript copy of PGN's comprehensive historical summary of one liners:
get illustrative.PS
------------------------------
End of RISKS-FORUM Digest 19.65
************************