1995-11-10 - Win95 A Hacker’s Net Dream

Header Data

From: cpunk@remail.ecafe.org (ECafe Anonymous Remailer)
To: cypherpunks@toad.com
Message Hash: 4ca2dabe468930b040da161580dcc97566f860e3f4c9b5791a06167df27b0d0a
Message ID: <199511101057.KAA01104@pangaea.ang.ecafe.org>
Reply To: N/A
UTC Datetime: 1995-11-10 10:18:48 UTC
Raw Date: Fri, 10 Nov 1995 18:18:48 +0800

Raw message

From: cpunk@remail.ecafe.org (ECafe Anonymous Remailer)
Date: Fri, 10 Nov 1995 18:18:48 +0800
To: cypherpunks@toad.com
Subject: Win95 A Hacker's Net Dream
Message-ID: <199511101057.KAA01104@pangaea.ang.ecafe.org>
MIME-Version: 1.0
Content-Type: text/plain


Windows 95 Is A Hacker's Dream Over The Internet


Central, Hong Kong, Nov 9 (NB) -- Windows 95, combined
with the Internet, could be a dream made in hacker
heaven. From seasoned propeller heads Newsbytes has
contacted, it looks like Windows 95 could be more of
a security nightmare than was first thought.

This is especially true where fixed link companies are
concerned. An investigation of the new operating system,
when hooked onto the Internet, leaves computers wide
open. Executing a series of simple, uncomplicated
commands opens up company and private users' computers to
hacking the moment they access the Internet, claim some
analysts.

Worse, they may never know it has been done. Using a
simple Unix command, a hacker can locate the IP (Internet
protocol) address of the subscriber logged into an
Internet service provider. Then he needs only one more
thing; a logged-on Internet user using Microsoft's new
operating system.

For businesses with leased line Internet links, it can
happen at any time, day or night. Once the IP address has
been noted, the hacker simply creates a file through DOS
on his own system, specifying the address and naming it.
Using two other commands -- which purge the remote names
on the IP, or Internet provider's port -- the system then
refreshes and remaps itself in preparation to be accessed
by the hacker's computer.

Because Windows 95 is designed with a networking
capability, it leaves all computers in the office open to
illegal access. Once the hacker has called up his Map
Network Drive, the hard disk on his own machine cannot be
differentiated from that of the genuine user. All that
need be done then is to put in a common drive name, most
obviously "C:\." For networked machines, the default "C$"
is common.

This gives access to all files on the subscriber's drive.
While Windows 95 allows the user to protect the drive by
giving it a password, computer experts Newsbytes talked
to said that device won't necessarily lock out intruders.
Because the operating system has no "audit" trail -- in
other words, it does not log who or how someone is
accessing the drive -- a hacker can spend weeks trying to
discover the password. Password search programs, like
Cracker, are readily available and can break through most
simple password sequences.

-----













Thread