From: Rich Graves <llurch@networking.stanford.edu>
To: jerry the golden retriever <an407769@anon.penet.fi>
Message Hash: 683979be0d7f5c08cc4bf2e55b3aeb9e6e6b18d64b076ee66ad8bb9ad10dec11
Message ID: <Pine.ULT.3.91.951112170211.25412B-100000@Networking.Stanford.EDU>
Reply To: <9511110629.AA27945@anon.penet.fi>
UTC Datetime: 1995-11-13 01:30:05 UTC
Raw Date: Mon, 13 Nov 1995 09:30:05 +0800
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 13 Nov 1995 09:30:05 +0800
To: jerry the golden retriever <an407769@anon.penet.fi>
Subject: Re: hacker's dream [Win95]
In-Reply-To: <9511110629.AA27945@anon.penet.fi>
Message-ID: <Pine.ULT.3.91.951112170211.25412B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
This article is basically true. I'm not sure what they mean be "creating
a simple file on your local machine," though. Anybody?
Microsoft appears to have patched the SMB and C$ bugs, but in the
US/English release only. Yusuf Mehdi sent me email Thursday promising
that international patches would be available *within two weeks* --
there was no explanation for the delay, and I can think of none.
This is discussed a bit in article <4814sh$i3g@Networking.Stanford.EDU>
and folowups, and a bunch of places on
gopher://quixote.stanford.edu/1m/win95netbugs.
- -rich
On Sat, 11 Nov 1995, jerry the golden retriever wrote:
>
> Windows 95 Is A Hacker's Dream Over The Internet
> CENTRAL, HONG KONG, 1995 NOV 9 (NB) -- Windows 95, combined with the
> Internet, could be a dream made in hacker heaven. From seasoned propeller
> heads Newsbytes has contacted, it looks like Windows 95 could be more of a
> security nightmare than was first thought.
>
> This is especially true where fixed link companies are concerned. An
> investigation of the new operating system, when hooked onto the Internet,
> leaves computers wide open. Executing a series of simple, uncomplicated
> commands opens up company and private users' computers to hacking the moment
> they access the Internet, claim some analysts.
>
> Worse, they may never know it has been done. Using a simple Unix command, a
> hacker can locate the IP (Internet protocol) address of the subscriber logged
> into an Internet service provider. Then he needs only one more thing; a
> logged-on Internet user using Microsoft's new operating system.
>
> For businesses with leased line Internet links, it can happen at any time,
> day or night. Once the IP address has been noted, the hacker simply creates a
> file through DOS on his own system, specifying the address and naming it.
> Using two other commands -- which purge the remote names on the IP, or
> Internet provider's port -- the system then refreshes and remaps itself in
> preparation to be accessed by the hacker's computer.
>
> Because Windows 95 is designed with a networking capability, it leaves all
> computers in the office open to illegal access. Once the hacker has called up
> his Map Network Drive, the hard disk on his own machine cannot be
> differentiated from that of the genuine user. All that need be done then is
> to put in a common drive name, most obviously "C:\." For networked machines,
> the default "C$" is common.
>
> This gives access to all files on the subscriber's drive. While Windows 95
> allows the user to protect the drive by giving it a password, computer
> experts Newsbytes talked to said that device won't necessarily lock out
> intruders. Because the operating system has no "audit" trail -- in other
> words, it does not log who or how someone is accessing the drive -- a hacker
> can spend weeks trying to discover the password. Password search programs,
> like Cracker, are readily available and can break through most simple
> password sequences.
>
> (Joel McCormick & I.T. Daily/19951109)
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMKaaO43DXUbM57SdAQG8PQQAvfv+srjQZgAlIIRnrhtpj89scqEQWN5Z
uEHPZE56TSaqVOZnd0m+m8VVaXk0AQ9Lnw9+GwJFG5+LbrF0rkImstRhrquYuO4L
0UjSAKKehTw+Cv023pICPpZ28mqdyXSl7/1ovbuY4U8xJbYc9AxhnCrsUWKexwm4
jN/+LHYQ39M=
=Bhu8
-----END PGP SIGNATURE-----
Return to November 1995
Return to “Rich Graves <llurch@networking.stanford.edu>”