SI
SI
discoversearch

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor.  We ask that you disable ad blocking while on Silicon Investor in the best interests of our community.  If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.
Technology Stocks : How high will Microsoft fly? -- Ignore unavailable to you. Want to Upgrade?

To: Charles Tutt who wrote (9969)8/5/1998 4:49:00 PM
From: Phil Melemed  Read Replies (2) | Respond to of 74651
 
You said:
Everything perhaps except fix the underlying problem?


Which part of this farce do you see as the underlying problem?

(The word "farce" is meant to refer to the Back Orifice program and its distribution, not to you or your comments.)



To: Charles Tutt who wrote (9969)8/7/1998 4:22:00 PM
From: Hal Rubel  Respond to of 74651
 
FYI: MS Press Release On BO

"Information on the "BackOrifice" Program
------------------------------------------------------------------------
Microsoft's response to the Cult of the Dead Cow's "BackOrifice" tool

Last Revision: August 4, 1998

Summary
On July 21, a self-described hacker group known as the Cult of the Dead Cow released a tool called "BackOrifice," and suggested that Microsoftr Windowsr users were at risk from unauthorized attacks. Microsoft takes security seriously, and has issued this bulletin to advise customers that Windows 95 and Windows 98 users following safe computing practices are not at risk and WindowsÿNTr users are not threatened in any way by this tool.

The Claims About "BackOrifice"
According to its creators, "BackOrifice" is "a self-contained, self-installing utility which allows the user to control and monitor computers running the Windows operating system over a network." The authors claim that the program can be used to remotely control a Windows computer, read everything that the user types at the keyboard, capture images that are displayed on the monitor, upload and download files remotely, and redirect information to a remote internet site.

The Truth About "BackOrifice"
"BackOrifice" does not expose or exploit any security issue with the Windows platform or the Microsoft BackOfficer suite of products.

"BackOrifice" does not compromise the security of a Windows-based network. Instead, it relies on the user to install it and, once installed, has only the rights and privileges that the user has on the computer.

For a "BackOrifice" attack to succeed, a chain of very specific events must happen:

The user must deliberately install, or be tricked into installing the program The attacker must know the user's IP address The attacker must be able to directly address the user's computer; e.g., there must not be a firewall between the attacker and the user.

What Does This Mean for Customers Running Windows 95 and Windows 98?
"BackOrifice" is unlikely to pose a threat to the vast majority of Windows 95 or Windows 98 users, especially those who follow safe internet computing practices. Windows 95 and Windowsÿ98 offer a set of security features that will in general allow users to safely use their computers at home or on the Internet. Like any other program, "BackOrifice" must be installed before it can run. Clearly, users should prevent this installation by following good practices like not downloading unsigned executables, and by insulating themselves from direct connection to the Internet with Proxy Servers and/or firewalls wherever possible.

What Does This Mean For Customers Running WindowsÿNT?
There is no threat to WindowsÿNT Workstation or WindowsÿNT Server customers; the program does not run on the WindowsÿNT platform. "BackOrifice's" authors don't claim that their product poses any threat to WindowsÿNT.

What Customers Should do
Customers do not need to take any special precautions against this program. However customers should ensure that they follow all of the normal precautions regarding safe computing:

Customers should not install or run software from unknown sources -- this applies to both software available on the Internet and that sent via e-mail. Reputable software vendors digitally sign their software to verify its authenticity and safety. Corporate administrators can block software that is not digitally signed by a reputable or authorized software company at their proxy server and/or firewall. Customers should keep their software up to date to ensure that hackers cannot take advantage of known issues. Companies should actively use auditing and monitor their network usage to deter and prevent insider attacks.

More Information
Please see Microsoft's Response to the "BackOrifice" Program, for more information related to this issue."



To: Charles Tutt who wrote (9969)8/7/1998 4:33:00 PM
From: Hal Rubel  Read Replies (3) | Respond to of 74651
 
FYI: cDc Response to Microsoft (with some jucy links)

"MORALITY ALERT
www.cultdeadcow.com

ST. PAUL, BACK DOOR BOOM BOOM, AND ALL THE TEA IN CHINA

[San Francisco, August 6] Almost two thousand years ago St. Paul made an
abrupt about face on the road to Tarsus. The CULT OF THE DEAD COW is not
sure which road Microsoft is travelling, but they have just made a
series of one hundred and eighty degree turns that would shock the
apostle. What could account for Redmond's rapid reversals, and more
importantly, does it point towards some deeper problems?

After releasing Back Orifice - our remote Windows 9x administration tool -
the CULT OF THE DEAD COW was by turns publicly mocked or dismissed by
Microsoft flunkies. A useless tool, they droned, users have nothing to
worry about, the constellations still spin around our mighty OS. What a
load. But the point is, in the space of a few short days Microsoft is
now puling that Back Orifice is a dangerous weapon. And to add insult to
injury, not only do they slam us in public, privately they're asking for
our help to patch up _their_ mess.

However, this does raise an interesting question. Was releasing Back
Orifice to the public immoral? Microsoft would love for their customers
to believe that we're the bad guys and that they - as vendors of a digital
sieve - bear no responsibility whatever. But questions of morality are
more often relative than absolute. So to make things easier, we'll frame
our culture and actions against their's and let the public determine
which one of us looks better in black.

We'd like to ask Microsoft, or more to the point, we'd like to ask Bill
Gates why he stood shoulder to shoulder in 1996 with China's president
and head of the Communist Party to denounce any discussion of China's
human rights record at the annual meeting of the United Nations
Commission on Human Rights in Geneva? Was the decision to cozy up to the
world's largest totalitarian state based on some superior moral
position, or was it just more convenient to trample human decency
underfoot and go for even more money? Call us crazy, but we think that
Microsoft has about as much right to condescend to the CULT OF THE DEAD
COW as Li Peng does to lecture anyone who raises the issue of human
rights abuses in China - a point of view that Bill Gates shares.

Now let's return to Back Orifice. Would it be immoral to use this tool
for untoward purposes on Windows networks? Would it be immoral for Back
Orifice to find its way to China and cause a lot of dry heaving in
Microsoft's largest target market? Should hacktivists use Back Orifice
as a form of protest against multinationals who share Microsoft's position
of dollars before dignity?

It's a short life and we're all going to be judged by our actions. So,
whether or not we've done the right thing is a matter for history and
human conscience to decide. But if the gods want to curse us for
bringing fire down from the mountain, we'll take a seat with Prometheus
and deal with the heat. At the end of the day, the CULT OF THE DEAD COW
doesn't think that the world was meant to be a dark place.

--
For background information on this whole damn kerfuffle, the public may
consult the following documents:

1) Our technical rebuttal to...
[http://www.cultdeadcow.com/news/rebuttal.txt]

2) Microsoft marketing's spin-control job on Back Orifice
[http://www.microsoft.com/security/mktBackOrifice.htm]

3) Back Orifice Press Release
[http://www.cultdeadcow.com/news/back_orifice.txt]

4) BO homepage
[http://www.cultdeadcow.com/tools/]

5) To learn more about cDc's stance on the PRC...
[http://www.cultdeadcow.com/cDc_files/cDc-0356.html]

For further details or lucrative film offers, please contact:

The Deth Vegetable
Minister of Propoganda
CULT OF THE DEAD COW
veggie@cultdeadcow.com

............................................................................

The CULT OF THE DEAD COW (cDc) is the most influential group of hackers
in the world. Formed in 1984, the cDc has done everything from publish the
longest running e-zine on the Internet to diddling military networks
around the globe. We could go on, but who's got the time. Journalists
can check out the Medialist link on our Web site for more background
information. Cheerio.

"cDc. It's alla'bout style, jackass." "

Hal

PS: Hoax? The first link did not work for me. I'm going to the home page to find it. Sorry. Hope the rest work for you all. I've not had the time to test. HR


HomeMailHotSubjectMarksPeopleMarksKeepersSettings
Terms Of UseContact UsCopyright/IP PolicyPrivacy PolicyAbout UsFAQAdvertise on SI
© 2025 Knight Sac Media.  Data provided by Twelve Data, Alpha Vantage, and CityFALCON News