James is right about this. More hacking has gone on, and does go on, on Unix systems (esp. if you count Linux) than anything else. I think the most significant things about BackOrifice 2000 is a) They advertise it, and b) It has a tremendously well-crafted name. If the code is as well-executed as the name, Back Orifice will be a useful tool for Microsoft and NT security people (and many others).
It's funny how a phenomenon like this can be so completely misunderstood, as shown by the quotes in the wire articles about how "dangerous" this is. When the Cult of the Dead Cow asked for $1,000,000 "and a monster truck" in exchange for an advance copy of Back Orifice, they should have gotten it, and Microsoft should have been the ones to give it to them. This program is a total gift (assuming it works well, which it probably does), a valuable piece of free R&D for Microsoft et. al. that would have cost them far, far more than $1M to develop on their own. It will just serve as a gigantic lesson to everyone who wants to learn it. It might enable a few hackers for a brief period, it might create a few, etc., but it will do far more to close security holes than to exploit them.
Remember, these hackers could have put this tool together and just used it to commit crimes or sold it to bad guys. There are certainly other hackers, just as good or better than these, who have done and are doing precisely that. Instead, the cDc guys use their program to teach the world what not to do. You really have to question the level of expertise of the "security experts" who are quoted in wire stories calling BackOrifice a "threat" because the source is being released.
Regards,
--QwikSand |
