[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NT (In)Security [a bit off topic]

A bit off topic, aber ich fand's hinreichend interessant, es trotzdem
hier zu posten ... (nicht wegen der Security Holes sondern wegen des
Tools und der damit verbundenen Moeglichkeiten fuer Dummuser ... )...


Black holes are where GOD is dividing by zero ... 

--------------- Forwarded message --------------------
                                   _   _
  SECURITY ALERT                  ((___))                   SECURITY ALERT
                                  [ x x ] 
                                   \   /  
                                   (' ')  



[July 17, San Francisco] The CULT OF THE DEAD COW (cDc) will release Back
Orifice, a remote MS Windows Administration tool at Defcon VI in Las Vegas
on July 31 (www.defcon.org). Back Orifice is a self-contained,
self-installing utility which allows the user to control and monitor
computers running the Windows operating system over a network. Written by
Sir Dystic [cDc], Back Orifice was developed to look for security breaches
in the MS Windows OS.

Sir Dystic - who makes no apologies about being a hacker - sounded more
like an overworked sysadmin when he said, "The main legitimate
purposes for BO are remote tech support aid, employee monitoring and
remote administering [of a Windows network]." 


Not that Back Orifice won't be used by overworked sysadmins, but hey,
we're all adults here. Back Orifice is going to be made available to
anyone who takes the time to download it [read, a lot of bored teenagers].
So what does that mean for anyone who's bought into Microsoft's Swiss
cheese approach to security? Plenty according to Mike Bloom, Chief
Technical Officer for Gomi Media in Toronto. 

"The current path of learning I see around me is to learn what you have to
to cover your ass, go home and watch Jerry. Microsoft has capitalized on
this at the cost of production value which translates down to security. A
move like releasing [Back Orifice] means that the lowest common
denominator of user will have to come to understand the threat, and that
it is not from [Sir Dystic] writing an app that [potentially] turns Win32
security on its ear, but that Microsoft has leveraged itself into a
position where anyone who wants to can download an app and learn a few
tricks and make serious shit happen." 

None of this is lost on Microsoft. But then again, they don't care. 
Security is way down on their list of priorities because it has no impact
on profit. Nice. But regardless of which side of the firewall you sit on,
you can't afford not to have a copy of Back Orifice. Here are the specs: 

Back Orifice (BO) allows the user to remotely control almost all parts of
the operating system, including: 

. File system 
. Registry 
. System Passwords 
. Network 
. Processes

. BO contains extensive multimedia control, allowing images to be captured
from the server machine's screen, or from any video input device attached
to the machine. 

. BO has an integrated HTTP server, allowing uploads and downloads of
files to and from a machine on any port using any http client. 

. BO has an integrated packet sniffer, allowing easy monitoring of network

. BO has an integrated keyboard monitor, allowing the easy logging of 
keystrokes to a log file.

. BO allows connection redirection, allowing connections to be bounced off
a machine to any other machine on the Internet. 

. BO allows application redirection, allowing text based applications
running on the server machine to be controlled via a simple telnet
session.  Even open a remote shell. 

. BO has a simple plugin interface, allowing additional modules to be 
written by third parties, and executed in Back Orifice's hidden system 

. BO is EASY TO INSTALL!  Simply run the server, and it installs itself,
and removes the executable it was originally run from, or it can be
attached to any other Windows executable, which will run normally after
installing the Back Orifice server. 

. BO is TRANSPARENT!  Back Orifice does not show up in the task list, or

even the Close Programs dialog, it is automatically restarted each time
the computer boots, and does not affect the operation of any other

. BO is CONFIGURABLE!  The filename that Back Orifice installs itself as,
the port Back Orifice communicates on, and the encryption key are all
configurable before the server is installed. 

. BO is ENCRYPTED!  Communication packets used by Back Orifice are
encrypted with a user definable key, so only the intended client can
control the server. 

. BO is FREE!  All the functionality mentioned above AND MORE is available
in the 120k server, along with an easy to use text based or GUI client,
Back Orifice comes with everything you need to distribute and control any
number of machines. 

. BO is GROWING!  New features, increased efficiency, new plugins, and
more support are being added to Back Orifice every day. 

After July 30, Back Orifice will be available from www.cultdeadcow.com 
free of charge. 

For further details or lucrative film offers, contact: veggie@L0pht.com

The CULT OF THE DEAD COW (cDc) is the most influential group of hackers in
the world. Formed in 1984, the cDc has done everything from publish the
longest running e-zine on the Internet to diddling military networks
around the globe. We could go on, but who's got the time. Journalists can
check out the Medialist link on our Web site for more background
information.  Cheerio. 

                 "cDc. It's alla'bout style, jackass."

----- End forwarded message -----