Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Intel Corporation (INTC) -- Ignore unavailable to you. Want to Upgrade?

To: Ibexx who wrote (44752)	1/10/1998 10:48:00 PM
From: greenspirit	Read Replies (4) \| Respond to of 186894

Ibexx and ALL, Article...Why SI IS NOT WORKING RIGHT!! Bonk! A New Windows Security Hole by Michael Stutz 10:30am 9.Jan.98.PST Microsoft is scrambling this morning to fix a newly re-opened security hole that can crash any Windows 95 or NT machine connected to the Internet or any other TCP/IP network. The attack, named "bonk" - after the program that unleashes it - is a variant of an earlier security hole that creates a "denial of service" attack and essentially freezes the system. "In terms of what we're doing, we're doing what we always do - which takes any security issue very, very seriously," said Microsoft's Jonathan Roberts, director of product management for Windows. "We're testing this program and working on a fix very actively," he said. When completed, Redmond's fix will be posted to their Security Advisor Web site. Until it comes - and system administrators implement it - networked Windows 95 and Windows NT machines will remain vulnerable. Bonk is a variant of the "teardrop" hole, which was initially reported by the Computer Emergency Response Team on 16 Dec of last year. Teardrop fools a machine into performing lots of operations that it shouldn't, Knox said. Bonk does the same: it sends corrupt UDP (User Datagram Protocol) packets to the target machine - overwhelming and crashing the system. "The extent to which this affects other systems, we don't [yet] know," said Jonathan Roberts, director of product management for Windows. "Without having the source code to Windows 95, it is hard to say exactly how their [networking subsystem] is handling this," said Kit Knox, a Senior System Administrator for CONNECTnet INS Inc., and co-maintainer of rootshell.com, a full-disclosure resource for security enthusiasts. In essence, teardrop fools a machine into performing lots of operations that it shouldn't, Knox said. Bonk does the same: it sends corrupt Internet Control Message Protocol (ICMP) - or ping - datagram fragments to the target machine - overwhelming and crashing the system. "It results in a blue screen of death which kills the Windows TCP/IP stack and leaves everything else alone," he said. "System data is not at risk." Jiva DeVoe, a systems engineer with Devware Systems, discovered the exploit after one of his Windows NT machines was attacked several days ago, in an attack spree that seemed to be targeted at DeVoe and other frequenters of an online Windows-related chat area. "I observed it, captured the packets, and then reverse engineered it," he said. DeVoe noticed that it looked very similar to a teardrop attack, even though his machine was running the Microsoft patch for that exploit. After examining the subtle variations, he was able to modify the source code for the old teardrop exploit to reproduce it, and then contacted Microsoft last night with his findings. Until Microsoft releases a software patch, nothing can be done to stop a bonk attack, short of taking the machine off the network. "Unless you've got a firewall or something like that, there's not a whole heck of a lot that you can do," DeVoe said. His solution: run Linux, a free variant of UNIX. "I dual-boot my workstation between Linux and Windows NT," he said. "I'm a Microsoft Certified Systems Engineer, so kind of have to have NT there - even though I prefer Linux." DeVoe said that openly-developed operating systems, such as FreeBSD and Linux, had patches available for the teardrop exploit very early on. "Those patches have stood up to this new attack as well," he said. "Microsoft's patch - a closed patch that nobody could review - was susceptible to this." Meanwhile, the creators of bonk are trying to ensure that Microsoft does a more thorough job this (second) time around of patching the hole. A security bulletin on rootshell.com this morning released a modified, more resilient version of bonk, called "boink." ______________________________________________________________________ When it starts effecting our beloved SI this is serious!! Michael