Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Novell (NOVL) dirt cheap, good buy? -- Ignore unavailable to you. Want to Upgrade?

To: Sam who wrote (27203)	6/18/1999 5:13:00 AM
From: EPS	Read Replies (1) \| Respond to of 42771

NT blues Firm exposes WinNT security hole By Brett Glass 06/16/99 03:55:00 PM eEye posts break-in code that lets hackers hijack Windows NT servers -- and some networks. Microsoft scrambling for a patch. Nearly every Windows NT-based Web server on the Internet is vulnerable to a newly discovered security hole that lets a malicious hacker take over the server -- and, in some cases, the network to which it is attached, says a network security company. According to the eEye Digital Security Team, which develops network security software, it discovered the bug on June 6 when its Retina network security scanning software -- which automatically employs techniques commonly used to break into computer systems -- succeeded in crashing an NT server. The engineers quickly realized that the bug could be exploited not only to crash the NT machine but also to take it over completely. According to eEye CEO Firas Bushnaq, the company supplied detailed information about the bug to Microsoft Corp. (Nasdaq:MSFT) on June 8. However, a week later, said Bushnaq, the software giant had still not published a fix and stopped responding to e-mail correspondence about the bug. eEye released break-in code Believing that Microsoft "was not giving the problem the attention it deserved," eEye released not only a description of the hole but two working demonstration programs that allow anyone to break into an NT server running IIS 4.0. The break-in code appears to work on any server from which a Web page can be retrieved, even if a firewall is present. eEye explained its decision to disclose the bug, and to publish a program that lets anyone readily exploit it, in a brief note on its Web site. "We are a full-disclosure security team," they wrote. "If our team starts hiding the facts, we'll be no better than a software vendor that rushes insecure products to market." Microsoft not impressed Microsoft, however, took exception to this philosophy. "Responsible security companies do not provide tools that can be used to attack innocent people," said Microsoft security manager Scott Culp. Bushnaq, for his part, noted that a moderately skilled hacker, armed with the knowledge that the bug existed, could easily craft a program to exploit it in less than two hours. At 6 p.m. PT on Tuesday, June 15, Microsoft published instructions describing how system administrators could implement a temporary workaround for the problem. Unfortunately, one side effect of the workaround is that users who upload pages to the NT Web server cannot employ a Web-based mechanism to change their expiring passwords, and thus may be left without access. Microsoft's Culp says that a more permanent patch that does not have this problem is in the works. Users can subscribe to a mailing list that distributes bulletins about security problems, and remedies for them, by following the instructions on the company's Web site. WinNT: Tough to secure This security glitch is one of many that have plagued Windows NT and IIS. Microsoft advises customers that a long list of steps, posted at its site, should be taken whenever an NT/IIS machine is placed on the Net as a Web server. These steps include disabling many NT features, such as POSIX compatibility, and in some cases reformatting the machine's hard drives.