Free Hosting : Credit & Debt : Free Web Hosting : Best Credit Cards  

 
Latest HackerNewz
This page last updated 05/28/2000
Below are only a few of the publicly known exploits, most of which have been addressed  to some extent.
However, hundreds of new exploits are found daily. Your 1st clue should have been Microslops heavy-handed
 PR of WinNT to the lamest of all users, Corporate America. By making claims of a more secure & robust kernel
 they also made it a primary target of exploitation.
Rent-A-Page will not and does not use NT. See our SERVICES page.

 "NT 4.0 Does Not Delete Unattended Installation File" Bug:
     Affects NT4
     workstation/server/enterprise/terminal: "When an
     unattended installation of Windows NT 4.0
     completes, a copy of the file that contains
     installation parameters remains on the hard drive.
     Depending on the method that was to perform the
     installation and the specific installation
     parameters that were selected, the file could
     contain sensitive information, potentially
     including the local Administrator password."
     Workaround:

Army Moves To MacOS To Thwart Hackers

 Ever since the hacker organization known as Global Hell cracked the Army's webserver on June 28, the nation's top brass have been trying to think of ways to beef up security. Now, they're "thinking different."

Though the Army is hesitant to divulge exact details of how its security has improved, it did reveal it has switched from Windows NT to Macintosh OS for its website, citing increased security. Christopher Unger, the Webmaster for the Army's site, says the move was prompted by the recommendations of the World Wide Web Consortium, which has published reports claiming the Macintosh platform is more secure than its counterparts. The Consortium, which is a worldwide group of over 350 organizations that focus on issues pertaining to the Web's development, concluded the Macintosh OS is safer than Windows due to its lack of a command shell and because it does not allow remote logins.

The alleged leader of Global Hell was arrested Aug. 30, in Wisconsin. FBI agents charged the 19-year-old with malicious altering of a U.S. Army Web page.

More NT Bugs

If you or your company is running Microsoft Windows NT
Server 4.0, Microsoft Windows NT Workstation 4.0, Microsoft
Windows NT Server 4.0, Terminal Server Edition, grab a patch
for this bug. Microsoft describes it this way:

"If an executable file with a specially-malformed image header is
executed, it will cause a system failure. The affected
machine will need to be rebooted in order to place it back
in service. Any work that was in progress when the machine
crashed could be lost."

 
 

eEye posts break-in code that lets hackers hijack Windows NT servers -- and some networks. Microsoft scrambling for a patch.

The eEye Digital Security Team has implemented a patch for Microsoft's Internet Information Server (IIS), closing the security hole for which eEye previously posted a controversial exploit.

While the patch may not fix all possible security problems in the Microsoft code, it guards against exploitation of the bug, allows users with expiring passwords to change them passwords via the Web, and logs attempts to break into the server via the known security hole.

Nearly every NT server vulnerable
Nearly every Windows NT-based Web server on the Internet is vulnerable to a newly discovered security hole that lets a malicious hacker take over the server -- and, in some cases, the network to which it is attached, says a network security company.

According to the eEye Digital Security Team, which develops network security software, it discovered the bug on June 6 when its Retina network security scanning software -- which automatically employs techniques commonly used to break into computer systems -- succeeded in crashing an NT server.

The engineers quickly realized that the bug could be exploited not only to crash the NT machine but also to take it over completely.

According to eEye CEO Firas Bushnaq, the company supplied detailed information about the bug to Microsoft Corp.  on June 8. However, a week later, said Bushnaq, the software giant had still not published a fix and stopped responding to e-mail correspondence about the bug.

eEye released break-in code
Believing that Microsoft "was not giving the problem the attention it deserved," eEye released not only a description of the hole but two working demonstration programs that allow anyone to break into an NT server running IIS 4.0. The break-in code appears to work on any server from which a Web page can be retrieved, even if a firewall is present.

eEye explained its decision to disclose the bug, and to publish a program that lets anyone readily exploit it, in a brief note on its Web site.

"We are a full-disclosure security team," they wrote. "If our team starts hiding the facts, we'll be no better than a software vendor that rushes insecure products to market."

Microsoft not impressed
Microsoft, however, took exception to this philosophy.

"Responsible security companies do not provide tools that can be used to attack innocent people," said Microsoft security manager Scott Culp.


'Responsible security companies do not provide tools that can be used to attack innocent people.'
-- Microsoft security manager Scott Culp

Bushnaq, for his part, noted that a moderately skilled hacker, armed with the knowledge that the bug existed, could easily craft a program to exploit it in less than two hours.

Users who upload pages to the NT Web server cannot employ a Web-based mechanism to change their expiring passwords, and thus may be left without access.

WinNT: Tough to secure
This security glitch is one of many that have plagued Windows NT and IIS. Microsoft advises customers that a long list of steps, posted at its

site, should be taken whenever an NT/IIS machine is placed on the Net as a Web server.

These steps include disabling many NT features, such as POSIX compatibility, and in some cases reformatting the machine's hard drives.

Ed Curry is a man on a mission. Curry says he is out to warn the government that Windows NT is not secure, and will soon meet with the Secretary of Defense staff. Microsoft Corp. says he is on a personal vendetta against the company.

The issue over which the two sides are at odds is C2 certification of NT. C2 is a basic security rating that is one of several evaluations awarded by the National Security Agency (NSA), based on its Trusted Computer System Evaluation Criteria (TCSEC), or "Orange Book" criteria.

Both Microsoft  and Curry agree on a few key facts. In the mid-1990s, Curry was working closely with Microsoft to obtain the company's NCSC/NSA C2 evaluation of NT 3.5 with Service Pack 3. As part of that effort, Curry developed a set of hardware security diagnostics for NT and wrote a C2 Rating Maintenance Phase (RAMP) program on behalf of Microsoft.

From this point, Curry's and Microsoft's respective accounts diverge on what happened next.

 

SAIC to take over certification efforts
In 1995, Microsoft ended Curry's contract for reasons that "we can't divulge due to our lawyers' recommendations," according to a Microsoft spokesperson. Microsoft last year hired Science Applications International Corp. (SAIC) to continue its NT C2 certification efforts. An SAIC official says a networked NT 4.0 configuration could pass its first C2 milestone within a few weeks.

To date, Microsoft has not obtained C2 certification for any release of NT beyond version 3.5, the company acknowledges.

Curry, meanwhile, says he was forced out of business when Microsoft ceased working with him. In recent months, Curry stepped up his campaign to alert the government and the public in general about "the government's procurement of millions of copies of non-evaluated versions of Windows NT that fail to meet the C2-level security requirements of the Department of Defense and other agencies."

 

Curry wouldn't lie about MS violations
Curry has an Oct. 13 meeting slated with the Secretary of Defense staff. The meeting is in response to a letter that Curry sent to Defense Secretary William Cohen, alerting him to potential security violations involving Windows NT. In the letter, Curry says his C2 certification contract was discontinued by Microsoft because he refused to lie about Microsoft's violations of C2 guidelines.

"Microsoft has knowingly and willfully concealed information regarding security flaws in computer hardware from the NSA out of fear that revealing such flaws would reduce the number of copies of its products that would be purchased by the government," Curry's letter to Cohen says. "I have raised this issue internally with Microsoft, and in return have been the subject of both bribes and threats."
A security hole in Microsoft Corp.'s Windows NT 4.0 server and workstation could allow users connected to a network to get access to information they shouldn't be viewing -- or even take over the network.

The hole was discovered by L0pht Heavy Industries, a hacker group and security-consulting firm. Right now, L0pht, which posted details about the hole on its Web site.

'You could get elevated access.'
-- Karan Khanna, Microsoft
According to L0pht, the opening could allow a local user to take control of a network.

Microsoft said it will issue a bulletin to system administrators.

From user to 'superuser'
The problem arises when a network administrator uses one of the default security settings instead of altering it to provide tighter protection. Under the default setting, any user in the network potentially could replace commonly used files with their own versions. As a result, that person can obtain privileges they shouldn't have access to, essentially becoming an administrator or "superuser."

"If somebody had access to a machine, and the setting is not tight enough, you could get elevated access," Karan Khanna, lead product manager of Microsoft's Windows NT team, said.

"We were able to sniff passwords, eavesdrop on the networks, and passively do traffic analysis," said Bruce Schneier, president of Counterpane Systems Inc., of Minneapolis, Minn. "Any Microsoft NT server on the Internet is (potentially) insecure."
Counterpane discovered the problems while doing a security analysis on a network based on Windows NT, an operating system used by a swiftly growing number of corporations as the foundation for their computer networks. Microsoft  confirmed the security problems later the same day.

VPNs increasingly popular
The flaws weaken the security of so-called "virtual private networks," or VPNs, based on NT and the so-called point-to-point tunneling protocol, or PPTP. These VPNs connect company networks from various locations and are quickly becoming popular in the corporate world as a low-cost solution to buying a dedicated phone line to connect computers between company sites.

"A lot of people are creating their virtual private networks using NT," said Schneier. "That makes the flaw that much more serious."

 
'A lot of people are creating virtual private networks using NT. That makes the flaw that much more serious.'
-- Bruce Schneier, Counterpane Systems Inc.
The PPTP is Microsoft's homegrown way of securely sending and receiving data over the public Internet. It's also used to identify whether the person logging in is a valid user.

"Windows NT has a rich set of security services, of which PPTP is one," said Karan Khanna, security product manager at Microsoft. "Most common customer scenarios do not include any PPTP usage, since this is only used by remote users."

 

 


 

WindowsNT2000 Registry Hacks

 



For additional info (NFO's)
See previous FYI's
StreamingVideos

<<Go Back

© 1992-2000 Rent-A-Page™ all rights reserved