Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Back Orifice 2000 on CNN.COM

CmdrTaco posted more than 15 years ago | from the stuff-to-read dept.

News 339

LLatson writes "CNN.COM is running an article about Sir Distic releasing Back Orifice 2000. Sounds like this time it will run on NT..." Comments on why this is being done, as well as a source release and a few changes to the 2k system.

cancel ×

339 comments

Sorry! There are no comments related to the filter you selected.

Because (1)

Scutter (18425) | more than 15 years ago | (#1814417)

They do it becasue they can. Most irritating.



I won't say first, even though i am. :-)

Fun Stuff (0)

Anonymous Coward | more than 15 years ago | (#1814420)

I don't know about you guys, but i love this program. It's a fine example of how shi**y Win9x is and should only give MS a reason to make a real product. I nice web based linux control panel would be fun though.

Are they attacking MS or stealing their niche? (4)

Sun Tzu (41522) | more than 15 years ago | (#1814423)

"Groups of (mostly teenaged) hackers... release nasty computer bugs..."

Looks like Micros~1 has some serious competition from cDc. ;)

Microsoft as martyr? (2)

kmb (56194) | more than 15 years ago | (#1814426)

While few people here wouldn't like to see Microsoft get a come-uppance, this sounds like the most incredibly juvenile, wise-ass way to do it. While these twits never mention preferring Linux to Windows, maybe someone should forward them the advocacy FAQ anyway.

"Excuse me, but you realize, of course, that you're just helping to make Windows `better' in the long run?"

Has anyone ever heard of a major user or someone in a business setting abandoning Windows mainly over security/virus fears?

Boy my management would love this! (1)

nevets (39138) | more than 15 years ago | (#1814429)


Management would love to have this. They could see what your doing with your time. Right down to the keystrokes.

Actually, if this does what it claims then management should really be worried about security. But noone will do anything until its too late.

PS.
I saw this article a few days ago and tried to submit it, but slashdot wasn't responding :( so I just gave up.

Re:Fun Stuff (1)

Shabazz (29233) | more than 15 years ago | (#1814432)

I hate MS just as much as the next guy, but I still think it is messed up to release a program like this. The end result is that script kiddies will do the only thing they know how to do.

While sir dystic might say he wants MS to boast its security, I think it is clear that this is a thinly disguised one. How is this different from releasing the source code to a virus and then letting the script kiddies actually send it out?

Excellent. (2)

Shoeboy (16224) | more than 15 years ago | (#1814434)

Smaller, nimbler, faster, easily customizable... This sounds like the perfect replacement for SMS Remote Control. Now I just need to sell my boss on the idea...
--Shoeboy

Re:Because [is isn't it best though?] (0)

Anonymous Coward | more than 15 years ago | (#1814436)

I feel better knowing that at least these wholes will be known publicly and raise some sense of awareness rather than in a closed private environment where exploitation could continue unfettered. These wholes exist, the fact that the wholes are present is irritating, knowing how to monitor and defend against such programs/wholes is one spin off of releasing such an exploit. If back orifice had not been so wide spread the first time around, would there be as many countermeasures now?

I'm a coward.

AMA polluting meat (5)

luge (4808) | more than 15 years ago | (#1814438)

The article makes an interesting analogy, claiming that CDC releasing BO in order to force MS to clean up is the equivalent of the American Medical Association polluting meat with e. coli to force a cleanup by meat suppliers. However, the article ignores the point that the government has created channels by which the meat suppliers can be regulated, and that nature provides regular e. coli outbreaks to check on our precautions. Since the only oversight on MS is the market, and there is no such thing as a "natural" security problem, problems must be highlighted by human groups like the CDC, and the market must be manipulated in order to get a response.

Anyway, that's my two cents- I'd love to find the author's email to let him know, but I can't find it. Any clue?
-Luge

Just make a bad situation, worse (0)

Anonymous Coward | more than 15 years ago | (#1814531)

Nothing else seems to catch the attention as
a release of a backdoor.

I say as long as cDc are having fun....
...and allowing us to have a little to....

Then by all means, target anything and everything.

This is supposed to be fun right.

Microsoft seeks BackOrifice warez (1)

drougie (36782) | more than 15 years ago | (#1814533)

It was written somewhere that Microsoft was keeping "a close eye" on Back Orifice 2000. Could it be that they are somehow connected and can get a hold of pre-release coppies? I bet so, and I also bet that immediately after this thing is released at DefCon, that Microsoft will be ready with a quick counter as well as bug fixes and news releases, etc.
But still, isn't that unethical of them?

Re:Fun Stuff (1)

uberfunk (60264) | more than 15 years ago | (#1814536)

I don't like it, for two reasons that come to mind immediately:

1) It shouldn't be as public as it is. Remember the movie Sneakers? I'd like it to be more like that... hackers actually hired by the companies they are breaking into, rather than random acts of violence by geeks who are bitter that Bill's operating system sells better than theirs. Granted, Windows has some serious security issues, but this isn't a mature way to publicize them, and the majority of people will be annoyed with the hackers rather than with Microsoft. It doesn't go too far to point out the problems.

2) It targets Windows. How many programs out there are actually designed to attack "other" operating systems? How well would the default install of Linux stand up to a program designed to exploit its security flaws? Granted, you can hack it... but what good is an OS that is only good to hackers? I'd like to see a port of Linux with the ease of Caldera which has impeccable security. Until then, we can laugh at MS, but it's a hollow victory.

If it still works Microsoft dident do a good job (1)

will12 (59620) | more than 15 years ago | (#1814540)

If the program still works than wouldent that suggest that Microsoft hasent done enough to fix the problems, and the sorce code will help them fix the problems but also allow people to exploit more.

Instant poll (0)

Anonymous Coward | more than 15 years ago | (#1814542)

I like the instant poll that they had on the CNN
site -- just how many of the type of folk that
can't separate hackers from crackers are going
to say that Back Orifice helps provoke security
enhancements? They are practically feeding the
"right" (never-question-microsoft) answer through
the poll. Hopefully, the results won't come back to haunt us...

Idiot (0)

Foogle (35117) | more than 15 years ago | (#1814549)

Oh yeah, NT is such a horrible OS... C'mon, get real. It's a decent system and, even if it weren't, the "holes" in the Windows system that these crackers are exploiting aren't really holes at all.

BackOrifice is nothing more than a version of pcAnywhere that runs invisibly (more or less). This could actually be a decent remote administration tool if it weren't built to be used covertly.

And as for their claims that it's all to promote good security - Bullshit. It's such an ego-trip for them to think that people are worried about apps that *they* wrote. The fact of the matter is that their software doesn't do anything spectacular or innovative - it's just destructive. Olivetti Labs in England wrote something very similar under the name of VNC. It's for remote control of PCs. No one talks about them being at the forefront of security because they're doing it for the usefulness of the program, not the publicity.

The Cult of the Dead Cow (JESUS! What a friggin script-kid name!!) should all be shot.

Of course, that's just my opinion - I could be wrong.

Not a good thing (3)

StephenJ (61393) | more than 15 years ago | (#1814552)

I dunno. This thing plagued our college campus for a few months until we got it under control. Our network is NT on a UNIX backbone.

I agree with the CNN article: this cult's motives don't make any sense; it's like a cult from the automobile industry who steals cars to make everyone get car alarms. It does much more harm than good. This is a negative way of getting attention to network security, not a positive way.

Re:Microsoft as martyr? (2)

Bwah (3970) | more than 15 years ago | (#1814557)

"Excuse me, but you realize, of course, that you're just helping to make Windows `better' in the long run?"

Yeah, so? Do you have a problem with that? I sure as hell don't use windows when I don't have to, but since it is forced on me as an email machine at work, I would sure like it to be secure.

If you have a problem with MS fixing their own OS due to security concerns I think you need to step back and think about your views. Why do you care so much about it?

/dev

Oh please (1)

Anonymous Coward | more than 15 years ago | (#1814559)

These people are just in it for the attention. You first have to install the trojan to even get it to work, which in no way proves that Windows has security issues (it does, but this isn't the way to prove it). If you've downloaded and installed the trojan without knowing it, tough break. Don't blame Windows, it's your own dumb-ass fault.

It's a tool people (1)

Plasmoid (8367) | more than 15 years ago | (#1814562)

It's a tool kind of like a gun. You can do positive things(Hunt for food) or negative things(slaghter people). It really depends on how you use it. You could easily use this for remote administration or for destroying entire networks of data. It's all up to you.

Bad analogy, as usual (3)

squarooticus (5092) | more than 15 years ago | (#1814572)

I take issue with the following analogy:

Releasing a hacking tool like Back

Orifice 2000 in the name of
safeguarding computer privacy is a bit
like the American Medical Association
infecting cattle with the deadly e. coli
bacteria to inspire food companies to
sell healthier meats.


The correct analogy in this case would be the AMA infecting cattle with E. coli to make cattle owners produce cattle that are resistant to that bacteria. I'm not surprised he used an incorrect analogy: the right one would undermine the "popular" opinion that virii and hackers are universally bad, instead of good for flagrantly (and typically non-destructively) exploiting security flaws and shoddy programming.

Kyle

NP: Arkhe, S/T
--
Kyle R. Rose, MIT LCS

Re:Not a good thing (2)

Tweety Fish (4476) | more than 15 years ago | (#1814575)

First of all, if your campus network was NT, you would have had >0 problems with Back Orifice, because it didn't run on NT.

Second of all, the tool we are releasing is an incredibly useful and powerful remote administration tool, much better than anything else currently available from Microsoft, Symantec or anybody else. If Microsoft didn't make it so irritatingly difficult to figure out what your server is actually doing at any given moment, the security concerns would be a moot point.

Re:Microsoft seeks BackOrifice warez (2)

Obscure Images (21733) | more than 15 years ago | (#1814577)

We didn't pass any copies to anyone outside of cDc and beta testers. Microsoft will have to wait like everyone else.

Re:Fun Stuff (1)

nmarshall (33189) | more than 15 years ago | (#1814579)

hmmmm web based linux control panel? so you can install it on a box and then control it without takeing the blame? but making one shouldnt be that hard... just make a Back Orifice 2000 perl mod. then build your cgi / form thingi...
nmarshall
#include "standard_disclaimer.h"
R.U. SIRIUS: THE ONLY POSSIBLE RESPONSE

Re:It's a tool people (0)

Anonymous Coward | more than 15 years ago | (#1814581)

you don't hunt for food with a handgun..

vegetarianism for all.

Re:AMA polluting meat (1)

Hygelac (11040) | more than 15 years ago | (#1814583)

tom_spring@pcworld.com
"Your heart is free. Have the courage to follow 'er."

Re:Fun Stuff (1)

Sonik (161767) | more than 15 years ago | (#1814584)

Really, it doesn't say ANYTHING about the quality of win9x! Couldn't this sort of thing be written for ANY OS?

Re:Microsoft seeks BackOrifice warez (1)

Tweety Fish (4476) | more than 15 years ago | (#1814587)

I think you overestimate Microsoft's proactivness when it comes to security issues. I'm sure they're interested, but a prerelease copy? Maybe we're a little better at keeping a handle on our betas than some people are.

Re:Because a whole is a hole (0)

Anonymous Coward | more than 15 years ago | (#1814588)

Whole must equal hole.

Re:AMA polluting meat (1)

Ri-Del (36036) | more than 15 years ago | (#1814590)

Yes, I noticed the same thing. If someone were infectin cattle with e. coli bacteria, they would be introducing a problem that did not exist before hand. Back Orifice exploits problems that already exist.

I looked for the author's email address at both CNN and IDG.net where the article originated but was also unsuccesful in locating the address.

heh, they're releasing the source code too... (0)

Anonymous Coward | more than 15 years ago | (#1814593)

that'll make it a real pain in the arse

Re:It's a tool people (1)

topher1kenobe (2041) | more than 15 years ago | (#1814595)

Sure you do. I have, and it was tasty.

Sadly enough... (3)

WareW01f (18905) | more than 15 years ago | (#1814596)

... BO2K (kinda rolls of the tounge, don't it?) is more pro-WinNT that anti. The people working on it know a lot about the OS and therefore have spent quite a bit of time with it. In the short term it makes M$ look bad, but in the long term it actually improves their product. (That is _if_ they do anything to plug up the holes.)

What's even sadder is that this could all be avoided if M$ was as open as Linux and there was an open envionment for users to say something like "Hey, you gotta problem here, thought you'd like to know." and get a responce. That's not the way it works.

I guess the way I view it is yes, the ethics of giving 'fire' to script kiddeez is somewhat questionable, but as with Melissa and every other stupid hole in M$ software who's more to blame? The person pointing out the way to a wide open back door, or M$ telling everone not to worry, they're getting the most secure system around? Let me tell you that as someone who unfortunately has to put up with an NT network at present, it's a bit disturbing when I read about a hole in NT and see a link to an exploit _days_ before I'm notified by Micro$oft's security mailing list that there's even a problem, and then all they ever do is play it down and point out how rare it is and what little threat it is to my system.

Personally, I say more power to cDc. Somebody has to speak up and sometimes it takes some punk wiping out a network with a keystroke to get the right people to listen. All's fair in code and war. If it's not CNN it looks like somebodies already doing that. Maybe this time they'll learn.

Re:Microsoft seeks BackOrifice warez (2)

dattaway (3088) | more than 15 years ago | (#1814598)

Microsoft interested in security issues? Somehow I feel it is more macho they are more interested in offensive measures than defensive.

I'd like to see the neighborhood traffic on your street. How many are dark vans and limos with dark tinted windows and stay parked close to your house? Have you ever walked up to one of them to say "Hi!" to the occupants? I'm sure there is a vested interest in knowing who you are and watching your residence, friends, and place of work.

Re:Microsoft seeks BackOrifice warez (0)

Anonymous Coward | more than 15 years ago | (#1814601)

They are proactive when it comes to publicized security issues...

Privacy Concerns? (3)

KevCo (2333) | more than 15 years ago | (#1814602)

Apart from the possible exploitation by crackers, what about the privacy concerns of an employer using this software?

Imagine and IS department making this part of their standard workstation build? They could claim that it is for remote administration but could also use it for spying on everything that an employee does on his/her PC. Granted, users shouldn't be doing anything questionable in the first place but still, there are some things that should be kept private.

BO is usefull (1)

Anonymous Coward | more than 15 years ago | (#1814604)

I find BO to be most usefull in the remote management of my computer.

Having at one time or another had shoutcasts/ftp servers/webservers and anything else going, BO provided a really easy way to run/shut-down/reconfigure these...

The only thing I was worried about was that the server might provide a back door (go figure?) for the cDc... anyone know about that?

- I am ODiV, hear me type.

Re:It's a tool people (1)

Ares (5306) | more than 15 years ago | (#1814606)

You'll take notice that no mention of handgun was made.

If God hadn't intended for us to eat animals he wouldn't have made them of meat.

Re:Because [is isn't it best though?] (1)

Scutter (18425) | more than 15 years ago | (#1814607)

I disagree. CODC releases BO to point out security holes. Their whole philosphy with BO is "someone else should fix the security holes". Their efforts could be more productively focused towards providing software to make systems MORE secure, not less (incidentally making them some bucks in the process). The security specialists can't churn out protection software as fast as the trojans (or virii, or whatever) can be released and proliferate, leaving us (system admins) stuck in the danger zone. This is just going to create one more headache for me that I won't be able to do anything about.
Doesn't it make more sense to have them (CODC et. al.) on our side instead of on the bad guys'?

cDc justified (1)

blahtree (55190) | more than 15 years ago | (#1814610)

Most detractors of the policy of the cult of the dead cow releasing back orifice label the practice as irresponsible, and juvenile. Yet what is the alternative? If cDc had quietly said to ms, "Hey look, we know how to exploit these holes in your OS, please remedy the situation," it would end there. The easy holes would be fixed, but the rest would remain open because only a small group of people knew about them. MS would try to sweep it under the carpet.

Given how widespread Windows is, this is really pretty scary. The information that was restricted to a few individuals wouldn't remain that way, and soon many crackers would know how to do what they please with a Windows box. Eventually, the public would catch on.

Compare this to the current scenario where the public is informed right at the start. This presumably should force ms into action. Seems like a better solution to me.

Perl Front end (0)

Anonymous Coward | more than 15 years ago | (#1814613)

There is already a perl front end on freshmeat called "boscript". It looks a little out of date, but it would be easy to make a CGI interface from this.

Good to know (0)

Anonymous Coward | more than 15 years ago | (#1814615)

It's good to know that the CDC has updated their
remote administration tools in time for W2K. These guys are really on the ball.

Re:It's a tool people (2)

dattaway (3088) | more than 15 years ago | (#1814616)

you don't hunt for food with a handgun..


I have.

Re:AMA polluting meat (1)

Tattva (53901) | more than 15 years ago | (#1814618)

"Yes, I noticed the same thing. If someone were infectin cattle with e. coli bacteria, they would be introducing a problem that did not exist before hand. "

I disagree with your point about problems that already exist. Correct me if I'm wrong, but I was under the impression Back Orifice is only as powerful as the user permissions of the account used to install it (exploiting the same API's any user with those priviledges could do anyway.)

How brilliant, someone gives you the keys to his house, you make copies and give them to all your punk friends to clean the place out and burn it down.

Back Orifice exposes that NT does allow users with proper permission to do whatever they want. That's a design decision, not a defect.

Re:Microsoft seeks BackOrifice warez (1)

Saint Nobody (21391) | more than 15 years ago | (#1814621)

if you were actually doing this for security purposes, then why not let ms have a prerelease copy? that would give them opportunity to fix the problems, making the negative aspects of back orifice a moot point. script kiddies couldn't exploit those holes.
I honestly don't think ms would fix the holes, but they deserve the opportunity.

Re:Fun Stuff (0)

Anonymous Coward | more than 15 years ago | (#1814623)

Well It's been there for a long long time... These programs are called, Crack, Satan, cops etc...
They exist and are found usefull by unix system administrators.
If Nt sysadmins are not clever enough to use
this info to their advantage, well too bad for them
It is a shame that ms people get offended for a silly
thing like this.
If you are not aware how burglars can enter your house, how can you protect yourself?

Re:heh, they're releasing the source code too... (2)

Obscure Images (21733) | more than 15 years ago | (#1814624)

Exactly one year ago, we released the first version of Back Orifice to the cries of "Make it open source! Make it open source!" We listen to our public and hence the source is completely open, complete with a fully documented SDK. BO2K is industrial strength software for the people, for FREE. It is also clearly better than the competition. If free software is a pain in the ass, why don't you go tell Linus to start charging for kernels?

Re:Bad analogy, as usual (1)

Anonymous Coward | more than 15 years ago | (#1814626)

just to let you know ALL cattle have e. coli.
In fact most animals including humans have e. coli. The e. coli bacteria live in our intestines and aid in our digestive processes. Our relationship with them is symbiotic, as longs as they don't creep into our stomachs.

We react negatively to different strains of e. coli when they get into our stomach. Some strains are worse than others, e.g., the ones found in cattle.

But the gist of your point is well taken.
I still like the car alarm analogy.

Re: hole == whole (0)

Anonymous Coward | more than 15 years ago | (#1814627)

yeah, it does... heh, boss walked in as I posted, and well, no proofing it... sorry for that extreme err.

Re:AMA polluting meat (1)

luge (4808) | more than 15 years ago | (#1814630)

But it allows not just the user to do it- also anyone who happens to know what port BO is installed on, without a password, as long as the program is running. THAT is a design defect.
~luge
(besides, there are no "permissions" in 95/98- which was the original target.)

Re:Not a good thing (0)

Anonymous Coward | more than 15 years ago | (#1814633)


I agree with the CNN article: this cult's motives don't make any sense; it's like a cult from the automobile industry who steals cars to make everyone get car alarms. It does much more harm than good. This is a negative way of getting attention to network security, not a positive way.

For as long as the bbs scene thrived, cDc was around pointing out the security holes in software(s). Following each text they released, a horde of the k-rad 31337 would abuse the exploit until it got patched. 'Media saturation'.

jon l [201]

New Disclaimer (4)

seppy (2431) | more than 15 years ago | (#1814634)

>>It should be noted that PC World Online has no >>independent confirmation that new Back Orifice >>2000 program actually lives up to the claims of >>Cult of the Dead Cow.

It should be legally mandated that any article speaking of upcoming Microsoft products carry a disclaimer similar to this.

.02



Re:Because a whole is a hole (0)

Anonymous Coward | more than 15 years ago | (#1814635)

And if you're running Windows, you get the whole hole.

But wait, could it be... USEFUL? (5)

Tweety Fish (4476) | more than 15 years ago | (#1814636)

For those who believe that Back Orifice 2000 is some malicious tool that may or may not cause untold havoc for win32 consider this:

If you had a comprehensive remote control application that ran unobtrusively and efficiently on any win32 system, was released absolutely free and open source, and came with a comprehensive SDK for developing your own modules, plugins and clients for whatever platform you choose to use for administration, and it was released by somebody more "respectable" than us louts at the Cult of the Dead Cow, would you call it a threat?

Back Orifice 2000 is a tremendously useful tool for any administrator, and will only become more valuable as hackers around the world (please note that I understand that word, and I do mean hackers) modify and extend it. Managing windows networks is a far easier and richer experience when you have something like BO2K to work with. Is it a mixed blessing? Possibly so. But the best way to make BO2K work for you is to use it, and understand it.

The Cult of the Dead Cow isn't just about scaring people into wanting real security. We want computers to be fully under the command of the people who use them, not the vendors who sell them. One way to make that happen is by convincing major vendors that they need to tighten up their products and make SURE that customers understand how to keep themselves secure, and that the products help them do that. The other way is by letting those same users get at the functional guts of the systems they use, without the layers of obfuscation and abstraction that characterize a modern operating system. Hopefully, BO2K will achieve both these goals.

Back Orifice 2000. Show some control.

Re:Fun Stuff (tried Gspot yet??) (1)

MSG (12810) | more than 15 years ago | (#1814637)

There are *nix based controls, actually. I authored "gspot" myself, from the original *nix sources. It was kinda fun, though I get less respect from some of my co-workers. There's at least one other graphical control for Linux, too.

If you want gspot, you can find it on freshmeat.

key words "RUNS INVISIBLY" (1)

nmarshall (33189) | more than 15 years ago | (#1814638)

BackOrifice is nothing more than a version of pcAnywhere that runs invisibly (more or less).

key words, "runs invisibly". now, explane why is it so damn diffaclt for NT to tell me whats going on inside? with linux this isnt a problem i can telnet in and ask it what running and unless someone has "fixed" top or ps i know whats running and whats not.

yea it maybe a ego-trip, but then most all of my programing is an ego-trip ie it is just damn kewl to tell a computer what to do and have it do it, and it is even better when other people find my program useful.

also try reading some of cDc's essays, they dont just hack, errr crack... some of their writing is just damn funny!

ps: Jesus can't save you out here, Cthulhu has eaten him...

nmarshall
#include "standard_disclaimer.h"
R.U. SIRIUS: THE ONLY POSSIBLE RESPONSE

Re:cDc justified (0)

Anonymous Coward | more than 15 years ago | (#1814639)

Um, what hole? If you can convince Joe User to run a trojan, than unless you can show that it grants privileges that the User could not obtain w/o additional authentication, what's the big deal?

Rockin. (0)

Dast (10275) | more than 15 years ago | (#1814640)

Anyone know if the encryption between the client and server will be any better?

Script Kiddies (1)

AaronW (33736) | more than 15 years ago | (#1814641)

The script kiddies are going to love this. I'm on a cable modem and run a Perl script called booby (see http://members.home.com/lazyx/booby [home.com] which emulates BO. It's interesting to see how many script kiddies try hacking in without knowing everything they do is emulated and being logged. Most of the kiddies I see don't really know what they're doing, but I've seen some pretty malicious people out there.

The potential of this program is fairly large. If someone made an installer that would search out other systems on the LAN and install it on them as well this could be a nightmare (shudder) for Micro$oft shops. One more reason to not use M$ products.

Of course *NIX can be vulnerable as well to this type of trojan horse. The user security of *NIX may be better, but security is only as good as the user using it. The main difference, I believe, is that *NIX users are a lot more knowlegable about their systems and are much less likely to download and install software of questionable origins.

A more apropos analogy (2)

jabber (13196) | more than 15 years ago | (#1814642)

A more apropos analogy would be that of the CDC (Ctr for Disease Ctrl) periodically releasing new and mutant strains of diseases into municipal drinking water to make sure that major hospitals are making their patients immune to illness in general, rather than innoculating them against many specific strains of many specific diseases.

All that the Clan of the Deceased Cattle is demonstrating - however effectively - is that M$ doesn't make the best mousetrap. But then who does?

Re:If it still works Microsoft dident do a good jo (0)

Anonymous Coward | more than 15 years ago | (#1814643)

dident=didn't
wouldent=wouldn't
hasent=hasn't

there, got my anal nit-picking done for the day all at once! :-)

(moderators, please demote this into the basement)

quick demo on/for the author? (2)

Gordo (5765) | more than 15 years ago | (#1814644)

From the article:

It should be noted that PC World Online has no independent confirmation that new Back Orifice 2000 program actually lives up to the claims of Cult of the Dead Cow.

Hmmm, if the author is running NT then perhaps one of you cDc chaps would be good enough to give him a quick demo? *grin*

Heh. Nevermind. (1)

Dast (10275) | more than 15 years ago | (#1814645)

Found it at this URL:
http://www.cultdeadcow.com/tools/bo2k/pr19990702 .html

Re:Fun Stuff (2)

dattaway (3088) | more than 15 years ago | (#1814646)

If you don't believe this program should be so public, then you must be one of the people that put trust in security through obscurity. This is what got Windows in the trap that it is. The problem is that NT is too popular and dominates the workforce already. That means massive security holes waiting to be breached. Would you like to have a position with lots of information waiting to be cracked and have your trust in a company that produces products that leak and crash? Its a terrible problem. What kind of secure encryption does NT enjoy? If you shared a network with disgruntled employees, would you be safe? Think about your job security...

Re:Just make a bad situation, worse (0)

Anonymous Coward | more than 15 years ago | (#1814647)

woohoo! yeah baby. just like throwing bricks though storefront windows and tagging wharehouse walls!

destruction is just so kewl!

Re:AMA polluting meat (1)

Dr. Evil (3501) | more than 15 years ago | (#1814648)

Analogies like these are just intended to stir people up. The thought of the AMA, a public organization doing anything of the sort, potentially killing millions of innocent people would be outrageous. Therefore, releasing backorifice must be similarly outrageous.

To paraphrase Bill Gates... "It's just a remote administration tool"

If that's what he believes, then to use their twisted analogies and flawed logic, the meat producers, after years of outbreaks of disease, to the suggestion of stepping up security argue "why would anybody want to taint beef?"

It's a horrible analogy. The facts of computer security aren't as black and white as deadly bacteria and food supplies.

(I agree with your criticisms, I just don't think the analogy is worth extending into that of governement regulation and control)

Re:Not a good thing (1)

pal (16076) | more than 15 years ago | (#1814649)

i oby-ject.

it's not quite like a fiendish automobile cult stealing cars to make you buy car alarms. any analogy is flawed, but, come on, cdc isn't stealing anything.

if you want to make an automobile analogy, i prefer to think it's like someone pointing out that gm hasn't provided your car with a lock!

that's the point, right? i see every reason to blame microsoft for all the security problems their products have. of course, you can blame the guy that breaks into your system, but how productive is that?

at least putting pressure on microsoft might get them to fix their problems. an even better solution: don't use (or pay for) their products.

whatever happened to the poor guy that got arrested for allegedly releasing melissa a few months ago? i feel bad for him. compare his fate to that of the office development team, and ask yourself who's more to blame.

- pal

Re:Oh please (2)

dattaway (3088) | more than 15 years ago | (#1814650)

Its a trojan waiting to be installed through some email document/application attatchment. Attatching word documents seems to be very popular with people who are trapped in the Windows environment.

Re:Privacy Concerns? (1)

poink (7454) | more than 15 years ago | (#1814651)

If you think BO is a breach of privacy, then just wait until your company is bitten by the Windows Terminal Server and MetaFrame bug. Such wonderful features, like "ghosting" (remote viewing/control) without user notifcation (the admin can choose to pop up a box warning you). There are all sorts of log and audit trail things, and if your company has a proxy server, than your web activity is prob. also logged.

Even worse, if you have a decent PBX/Vmail system, then administrative stations can log and save your call activity, break into calls without notification, etc.

The amount of privacy one has at a workplace is suprisingly small.

PS - Most IS people that I know don't like to target individuals for monitoring, and when it does occur, it usally happens at the request/order of The Boss.

Re:Oh please (1)

fr0g (63626) | more than 15 years ago | (#1814652)

I agree. Windows 9x is not a networking OS and it dosent run "servers" on it to exploit. And if somebody installes it themselves or if they download the latest 0 day warez with BO wrapped into the *.exe its their dumb fault. I work for a very large computer manufactuer as a technician and I will enjoy every minute of charging folks like this 50 bucks to remove it.

Re:AMA polluting meat (1)

Obscure Images (21733) | more than 15 years ago | (#1814653)

I may be slipping out some information a bit early, but BO2k does not have a default port and will NOT ALLOW a server to have no password. That is by design, as it will generally stop, or at least slow down people who would like to scan for BO2k. It also weeds out the people who can't figure out what a port is.

Re:Because [is isn't it best though?] (0)

Anonymous Coward | more than 15 years ago | (#1814654)

Much love to the sysadmins of the world, but what you said is exactly true, and it contradicts your whole point. (Or is it your hole point ?) Guys like CODC and various nefarious virologists, trojan writers and so on CAN churn out security exploints for Windows at a phenomenal rate simply because there is so MUCH in Windows to exploit ! And to attempt to use their powers for good, as you suggest, is also futile. To make a third-party security program for Windows is to applying a bandaid to a cancer patient. The problems are inside, in the kernel, where your apps can't go, and where they therefore can't help. Sure, it sucks to be a sysadmin in this day and age, if you're in the all-too-common position of being forced to use an inferior OS by some guy in a suit, when doing so only makes your life a living hell and you KNOW better. But BO isn't targeted at chaps like you (and me, for that matter). It's a message addresed to the aforementioned suits, which says roughly "If you allow your ignorance of security issues to put yourself in an avoidable position of being vulnerable, we will exploit you." Less directly, it's a message to Microsoft reading "If you don't get your act together and kick out something that passes for a real Operating System, we will scare away all of your precious customers."

Unfortunately, this war, like any other, has left some innocent casualties, and from the point of view you espouse I would imagine you're one of them. But make no mistake, CODC are the Good Guys, same as Linus and Alan, same as anybody else you care to mention who fights against the woeful status quo of computing. At least, they're the good guys as long as the virtue you uphold is a secure and stable technology infrastructure on which to build a more connected future.

I for one am a patriot to the end.

Re:New Disclaimer (0)

Anonymous Coward | more than 15 years ago | (#1814655)

Yes indeed!

"According to a Microsoft marketing executive Windows 98 is an easier, faster way to get on the Internet."

"It should be noted that Slashdot has no independent confirmation that the new Windows 98 program actually lives up to the claims of Microsoft."

Re:A more apropos analogy (1)

Shafik (29058) | more than 15 years ago | (#1814656)

Now you are mixing apples and oranges here. You could compare virus protection software as a hospital but you can not compare MS to a hospital. the logic is all wrong. MS is a product producer a hospital is a service provider. There is a huge huge difference. The first anology was although faulty, it was logical.

And no they are not demonstrating that MS does not make a better mouse trap. Windows is a well estahblished product that most of the world uses and as it has been shown by Mellissa(sp?) et al that means one hole can cause major major world wide problems. So _it is_ MS's responsibility to deal with these issues better then they currently are and if they need to embaress MS by relasing products like BO 2000 to get that done then they will.

nuff said

Re:heh, they're releasing the source code too... (0)

Anonymous Coward | more than 15 years ago | (#1814657)

Thank you. I want to take a look at this. Is it faster than VNC? My parents use a Windows 95 machine as a print server for a cheap WinPrinter; it would be nice to be able to see the spool on Linux. With the source, it may be easier to do this, and I think it would be interesting to look at. I think the only concern is that people who have to deal with this will see more strains of it. Honestly, though, if you release it _only_ in source, that may keep it away from a lot of the "script kiddies", but then that may not coincide with your motives.

Back Orifice for Linux... (0)

Anonymous Coward | more than 15 years ago | (#1814658)

Close, but even nastier:

http://www.phrack.com/search .phtml?view&article=p52-18 [phrack.com] . It modifies system calls to make itself invisible and pretty much undetectable. The #include lines are mangled from the html display. Look at the source if you want to give this a try. It works on 2.0.x but I don't have the guts to try it on a 2.2.x production system.

Re:AMA polluting meat (0)

Anonymous Coward | more than 15 years ago | (#1814659)

Get real these problems exist in every operating system that allows user input over a network. Like telnet. All these kids are doing is writing a glorified version of telnet for NT.


Re:BO is usefull (0)

Anonymous Coward | more than 15 years ago | (#1814660)

And now they're releasing a version with source. Cool, huh?

proactive vs. reactive. (1)

Xamot (924) | more than 15 years ago | (#1814661)

They are being reactive if something has already been publisized. They would be proactive if the fixed it before that.


--

Re:Bad analogy, as usual (1)

Hard_Code (49548) | more than 15 years ago | (#1814662)

Even the revised analogy is bad, because it indicates the cattle are infected with something that isn't already there. The bugs are *already* there, waiting to spring up and bite somebody. Perhaps a better analogy would be somebody putting coloring in the meat that made disease show up in some nasty bright color...or made meat that had some flaw in it taste terrible (which would be a good thing).

Anyway, all these analogies are wrong because AFAIK BO2K doesn't exploit *bugs*, per se, it exploits *poor design* in the OS.

Hey, it's cool. (0)

Anonymous Coward | more than 15 years ago | (#1814664)

I say let 'em code it. cDc folks code, and go demo the software in front of folks at expos. If they were malicious, they'd keep quiet about it and use it for evil. This is HELPFUL. The emperor has no clothes. If I'm spending about $1000.00 on an operating system and it has easy exploits, I certainly would want to know about them - wouldn't you?

Microsoft does the same type of thing with their office apps and WebTV (OK, so they don't capture keystrokes - YET) but they don't tell you about it. cDc gets a post on CNN.

This is educating the consumer, whether he wants to be or not.

-----
"There are some things we don't want to know about - important things!"


Re:Back Orifice for Linux... (1)

tqbf (59350) | more than 15 years ago | (#1814667)


Modifying system calls does not make a trojan
undetectable, even "pretty much". Because of the
fact that kernel source is readily available to
both white hats AND black hats, crackers who want
to develop "stealth trojans" have a considerably
harder time under Linux than under NT (where the
kernel source is available only to black hats).

This is a fundamental security advantage held
only by open-source operating systems.

Re:Oh please (1)

questionlp (58365) | more than 15 years ago | (#1814668)

I completely agree, since the trojan horse just pops open a certain port or two so the client proggie can worm inside.

A *real* security hole would be to find a way to get control of the OS without having a piece of software running on the receiving end of the attack.

This kind of "tool" just makes things worse by lying and passing FUD around the net.

Imagine (0)

joq (63625) | more than 15 years ago | (#1814671)

Image for a quick minute what it would be like if the cDc used their programming skills for something positive instead of this lame script kiddie visual basic junk. Great now I have to audit my NT server first thing when I get to work tommorow.

I find the legal disclaimer humorous... A remote administration tool? hah. Thats some funny shit. Oh well thank god I use SuSE and OpenBSD at home.

Re:If it still works Microsoft dident do a good jo (1)

egon (29680) | more than 15 years ago | (#1814672)

If you're going to use this philosophy, you must continue on to say that Linux has never addressed the issue and hence must be doing an even worse job.

People, people, people. This program does not point out a single flaw with Microsoft, as much as I would like it to. A program like this could just as easily be written for linux, sco, hell - even openbsd.

About all this program does point out is the gullibility of the Windows user base.

e. coli? Back Orifice? (2)

cje (33931) | more than 15 years ago | (#1814673)

Am I the only one who finds it ironic that the Centers for Disease Control and Cult of the Dead Cow have the same acronym?

Re:AMA polluting meat (1)

luge (4808) | more than 15 years ago | (#1814674)

I knew about the port thing (it was in some of the early press releases) but not the password detail. If you open source it, a more virulent version will be out soon anyway.
~luge
P.S. What license will the source be under?

Re:If it still works Microsoft dident do a good jo (0)

Anonymous Coward | more than 15 years ago | (#1814675)

And how would you fix this problem? By disabling networking in NT or not allowing TCP/IP servers to run and bind to a port. Come on this is a problem that could appear on any server running any operating system attached to the Internet. Even Linux.

bad journalism (3)

Sourdough (1889) | more than 15 years ago | (#1814676)

I'm disappointed in the author's use of his own opinion in this article. This is supposed to be a hard news story, not an editorial. He does present the Cult of the Dead Cow's explanation for why they write these programs, but then makes an argument agains them directly. He doesn't even bother to get quotes from anyone, but simply makes the argument himself. (He says something about "computer security experts" but doesn't elaborate.) This is just plain bad journalism. I learned not to do that in high school journalism class. I would imagine that someone who works for a major news organization like IDG would know better.

Re:Fun Stuff (1)

whoop (194) | more than 15 years ago | (#1814678)

Sure you can write a program to do these things on any OS. But the problem with Windows, is it thinks it's smarter than any user, so has great features like not being able to kill processes, not listing processes in the list, hiding network connections, etc. I never understood the notion of not having "permission" to kill something when I was admin on NT.

To do this sort of stuff within Linux would not just require emailing Joe User an executable, and saying "Run this to get Office 2000 for free, or $100,000 in two hours." It would take some kernel modifications to hide the things from /proc, the user would have to be root when the executable is ran and install the kernel. Then the user would have to reboot and activate that kernel, which could be several weeks for the waiting cracker. Even then, you would have to make sure the user didn't download a new kernel source tarball and install a pure kernel.

Windows just makes everything so much easier for the cracker hacker making such programs...

Re:AMA polluting meat (1)

luge (4808) | more than 15 years ago | (#1814682)

I'm certainly not advocating government control, but since it is not present, some other force has to be present to limit/coerce/constrain the beast. Generally speaking, the market plays that role, but specific incidents have to occur to bring information to the attention of the market.
~luge

Re:key words "RUNS INVISIBLY" (1)

L0rdJedi (65690) | more than 15 years ago | (#1814689)

The original Back Orifice ran invisibly. To my knowledge, this is because Windows 95 doesn't have a low level process viewer like NT does. It may not run invisibly under NT (be viewable in the process viewer), but we won't know until the 10th. That is unless cDc has released details about BO2K that I'm not aware of (which is very possible).

Re:A more apropos analogy (0)

Anonymous Coward | more than 15 years ago | (#1814690)

What a mess of an analogy. Back Orifice isn't virus. There's no disease being released here.

Re:It's a tool people (2)

hawk (1151) | more than 15 years ago | (#1814691)

>you don't hunt for food with a handgun..

>vegetarianism for all.

If all you're after is vegetables, why would you use anything bigger than a handgun? Killer turnips? Mutated venus fly traps?

vegetarians for all. preferably grilled.

WHY exactly is it.... (1)

CrudPuppy (33870) | more than 15 years ago | (#1814692)

that the guy who wrote the Melissa Virus (and the guy who wrote the Chernobyl Virus...etc, etc, etc ad infinitum) is burned at the stake, and every government agency is telling the public how the Melissa virus author (who only exploited yet another security hole in MS shitware) is going to get 10 years in federal prison and like 2 zillion dollars in fines..etc,

meanwhile, sir jerkoff can freely write, release, and boast his backshit 5000 and is somehow viewed as the saint of security...saving the public from hidden MS holes and bugs!!!

dont get me wrong, i dont happen to see any problem with EITHER of these guys...but it pisses me off to no end when our lame-shit big brotherment treats twin-cases like black and white.

bah!!

Re:Fun Stuff (1)

thal (33211) | more than 15 years ago | (#1814693)

it could be written for almost any OS, but it couldn't so easily installed without windows' lack of a superuser/regular user login scheme and the integration of email into the system. the first one is windows' fault, the second one is just a symptom of trying to make everything easier to use.

if something like this were written for linux, first the person getting the trojan horse install program would actually have to execute/view it. in outlook express or whatever, you usually do this by just clicking on it. there is no real difference between "executing" and "viewing" in windows because of how all of the file types are set up. most linux users don't do this, simply because the gui isn't as integrated.

second, for the program to completely wipe out really important stuff, it would have to have root access. this is possible to hack in linux or something sure, but in windows every user has that access by default.

Eliminate with Extreme Altruism (0)

fliptout (9217) | more than 15 years ago | (#1814694)

If somebody is kind enough to alert me of my system insecurity, I will gladly reciprocate the gesture with my boot up their ass.

Re:Microsoft seeks BackOrifice warez (0)

Anonymous Coward | more than 15 years ago | (#1814695)

In that case, wouldn't it be highlighting Microsoft's lack of proactiveness by giving them a pre-release copy, source and all, and not seeing a fix come out?

Re:Not a good thing (1)

j_edge (20712) | more than 15 years ago | (#1814698)

it's like a cult from the automobile industry who steals cars to make everyone get car alarms

Actually, they would open your door and start your car for you, since your car manufacturer doesn't require keys. It is not equivalent to theft. Though of course they'd write up a text file telling everyone (thieves, owners, manufacturers) the stupidity of creating a car with no locks. And to top it off they'd do it in that oh-so-humourous way that the cDc is famous for. (and it's very, very far from murder, as the "computer security experts" equate it with in their analogy.)

BO2k (0)

Anonymous Coward | more than 15 years ago | (#1814699)

according to the author of the article, we should just accept the fact that there are tons of security holes in windows, and instead of releasing a program that will allow the masses to be exploited, and force MS to fix some of the problems, we should let Windows users be attacked one by one, letting MS continue to write poor operating systems.

While I agree that anyone that uses BO just to cause trouble really isn't helping any, I think the fact that the program exists should make bug fixes be released faster. Raising comsumer awareness is a good thing.

Also, it's hardly like infecting cattle with a disease. The security holes are already there...BO just takes advantage of them.

Mystery meat = mad cow meat...yummy

Re:AMA polluting meat (1)

Obscure Images (21733) | more than 15 years ago | (#1814701)

Some of the code will be GPL, some will be completely free, no licence at all.

As for a more virulent version... someone would have to make an initially virulent version. Currently BO2K doesn't go anywhere it hasn't been put. It has no viral behavior at all, and even by itself is not even a trojan.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>