From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 13 Nov 1995 09:30:05 +0800
To: jerry the golden retriever <an407769@anon.penet.fi>
Subject: Re: hacker's dream [Win95]
In-Reply-To: <9511110629.AA27945@anon.penet.fi>
Message-ID: <Pine.ULT.3.91.951112170211.25412B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

This article is basically true. I'm not sure what they mean be "creating 
a simple file on your local machine," though. Anybody?

Microsoft appears to have patched the SMB and C$ bugs, but in the 
US/English release only. Yusuf Mehdi sent me email Thursday promising 
that international patches would be available *within two weeks* --
there  was no explanation for the delay, and I can think of none.

This is discussed a bit in article <4814sh$i3g@Networking.Stanford.EDU>
and folowups, and a bunch of places on 
gopher://quixote.stanford.edu/1m/win95netbugs.

- -rich

On Sat, 11 Nov 1995, jerry the golden retriever wrote:

> 
> Windows 95 Is A Hacker's Dream Over The Internet
> CENTRAL, HONG KONG, 1995 NOV 9 (NB) -- Windows 95, combined with the
> Internet, could be a dream made in hacker heaven. From seasoned propeller
> heads Newsbytes has contacted, it looks like Windows 95 could be more of a
> security nightmare than was first thought.
> 
> This is especially true where fixed link companies are concerned. An
> investigation of the new operating system, when hooked onto the Internet,
> leaves computers wide open. Executing a series of simple, uncomplicated
> commands opens up company and private users' computers to hacking the moment
> they access the Internet, claim some analysts.
> 
> Worse, they may never know it has been done. Using a simple Unix command, a
> hacker can locate the IP (Internet protocol) address of the subscriber logged
> into an Internet service provider. Then he needs only one more thing; a
> logged-on Internet user using Microsoft's new operating system.
> 
> For businesses with leased line Internet links, it can happen at any time,
> day or night. Once the IP address has been noted, the hacker simply creates a
> file through DOS on his own system, specifying the address and naming it.
> Using two other commands -- which purge the remote names on the IP, or
> Internet provider's port -- the system then refreshes and remaps itself in
> preparation to be accessed by the hacker's computer.
> 
> Because Windows 95 is designed with a networking capability, it leaves all
> computers in the office open to illegal access. Once the hacker has called up
> his Map Network Drive, the hard disk on his own machine cannot be
> differentiated from that of the genuine user. All that need be done then is
> to put in a common drive name, most obviously "C:\." For networked machines,
> the default "C$" is common.
> 
> This gives access to all files on the subscriber's drive. While Windows 95
> allows the user to protect the drive by giving it a password, computer
> experts Newsbytes talked to said that device won't necessarily lock out
> intruders. Because the operating system has no "audit" trail -- in other
> words, it does not log who or how someone is accessing the drive -- a hacker
> can spend weeks trying to discover the password. Password search programs,
> like Cracker, are readily available and can break through most simple
> password sequences.
> 
> (Joel McCormick & I.T. Daily/19951109)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMKaaO43DXUbM57SdAQG8PQQAvfv+srjQZgAlIIRnrhtpj89scqEQWN5Z
uEHPZE56TSaqVOZnd0m+m8VVaXk0AQ9Lnw9+GwJFG5+LbrF0rkImstRhrquYuO4L
0UjSAKKehTw+Cv023pICPpZ28mqdyXSl7/1ovbuY4U8xJbYc9AxhnCrsUWKexwm4
jN/+LHYQ39M=
=Bhu8
-----END PGP SIGNATURE-----