Spacer Sidebar Directory Map

The Training Book, the handbook for trainers

Training Express computer learning guides

 

ITrain - International Association of Computer Trainers New Security Threats
Cracker tools threaten Windows users
ITINFO Sponsor
Automation Consulting and Supply, Inc.

Inkjet Printer Users Can Save Money by Refilling Your Cartridges with our Low-Cost Ink.

Black - $21.95/pint; Color - $23.95/pint
Black & 3 colors - $89.00 (1 pint ea. color)
Mention ITINFO: save $5 shipping & handling.

Toll free: 1-888-728-2465; Fax: +1-770-925-4243
automate@bellsouth.net
http://www.oddparts.com/ink/dglink.htm

Internet Poll
Have you attended a seminar via e-learning?
yes
no

poll archive

Microsoft Reacts to Cracker Tools
by Dave Murphy
ISSN 1535-3613

Dave Murphy, DGL President & ITrain founder Crackers (destructive computer hackers) recently released two programs that allow unscrupulous individuals to scan and decode data transmitted between Microsoft's Windows NT servers or take control of a Win95/98 system.

The tools were revealed at the recent Black Hat Briefings conference held in Las Vegas, Nevada (USA).

Back Orifice, a play on the name of Microsoft's Back Office suite of applications, reportedly allows a remote users to gain complete access to Win95/98 system via the Internet.

The program was created by a hacker group called The Cult of the Dead Cow. The Black Orifice program uses only 120KB of data that can be sent to a victim's computer as an email attachment or downloaded by the unsuspecting user in another way. Once activated, a user may not even know their system is no longer under their complete control, according to the group.

Until a reliable response to the Back Orifice threat is available, email users should be vigilant about not opening email attachments received from unknown or unexpected sources.

The other tool, released by the L0pht hacker group, allows an individual to grab PPTP authentication packets from a network. PPTP is commonly used by WinNT machines to establish secure transmissions between a network server and a remote client, such as a traveling employee checking for updates on the company's network.

Microsoft intends to counter L0phtcrack with a new version of its Microsoft Dial Up Networking (MSDUN) system, which is currently in beta release, according to Karan Khanna, product manager of Microsoft's Windows NT security team.

"With Microsoft Dial Up Networking, we've made some enhancements there to address these issues--how we encrypt the data on both streams, the issue of authenticating the control channel, (and other enhancements)," Khanna said.

However, Microsoft has not announced the release date of the new MSDUN version.

ITINFO will post additional details of these two programs as reliable responses become available. You're welcome to leave your comments at DGL's Message Center.

Subscribe to ITINFO.
Receive computing and Internet news & tips
by subscribing to the ITINFO information service.
Type your Internet email address in the form, and click "Subscribe."
Email Address:

Damar Group, Ltd. helps business use technology.

ITINFO is again accepting sponsors. Sponsor messages are included in ITINFO's email newsletter and are permanently posted to DGL's website and online reference areas.

ITINFO is an electronic publication of Damar Group, Ltd., publisher of Training Express computer learning guides. Comments and submissions to info@dgl.com.

Previous issues are on our website at dgl.com/dglinfo.

updated August 10, 1998
http://dgl.com/dglinfo/1998/dg980810.html

Return to DGL homepage
Contact Us
Copyright © 1998, Damar Group, Ltd., All Rights Reserved