Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

BO2K cracked

Hemos posted more than 15 years ago | from the shut-down-the-red-lights dept.

Microsoft 225

Ford writes "The BBC is reporting that Internet Security Systems has "decoded the protocols and encryption algorithms of Back Orifice 2000 (BO2K) within 24 hours" of it's release. Microsoft has only issued only a warning, refusing to admit that there might be security vulnerabilities in WinNT. " The security agencies interviewed in the article are claiming that BO2k is child's play, and that they've already detection systems in place. I'm just waiting for the Defcon response to their claims.

cancel ×

225 comments

Sorry! There are no comments related to the filter you selected.

Re:So the original is cracked. BFD. (0)

Anonymous Coward | more than 15 years ago | (#1805708)

Just tried Back Orifice 2000, cool stuff!
Is this one of the new features of NT 2000 ?
:)

ISS Is Amazing! (0)

Anonymous Coward | more than 15 years ago | (#1805709)

I'm simply amazed that ISS could figure out the XOR and 3DES encryption included with BO2K.

I would have figured reading and understanding C source code was a bit out of their league.

Maybe they had some help.

-foo

Stupid Media Hype (0)

Anonymous Coward | more than 15 years ago | (#1805710)

geezz, silly media

1) cDc released the source
2) They stated that the default source only includes XOR and DES encryption
3) there is a plug in interface, so you can add whatever encryption you want relativley easily
4) Microsoft has too many "undocumented features" in there OS's

Dangerous Child Play (0)

Anonymous Coward | more than 15 years ago | (#1805711)

They call it a stupid child play in one sentence and an extremely dangerous thing in the next, i.e. everybody should still rush and buy their antivirus products...

Sounds like they've found the ideal way to both piss off the (cr)hackers and to fool the customers.

So what's the solution? (0)

Anonymous Coward | more than 15 years ago | (#1805712)

How would you solve this little problem of Trojan Horse vulnerability? Even Linux is susceptible, given a decent utility or application program to hide in that needs to be installed as root.

I can only think of one way to do it: Have the user be unable to run as a superuser entirely. To install something at root level, say a device driver, the driver install would need to be signed by a master DH key, or the OS wouldn't take it.

Frankly, this scares me. Being unable to master ones own machine? Why, that smacks of Microsoft!

Cracked. (0)

Anonymous Coward | more than 15 years ago | (#1805713)

Logic will indicate that if source code is provided, the encryption algorithm is there to be decrypted.

Ummm - some stats please? (0)

Anonymous Coward | more than 15 years ago | (#1805714)

"But Graham Cluley, senior technology consultant with Sophos, said: "No-one got hit by it a year ago and we think it's going to be a complete non-issue now."

Maybe I'm being naive here but there are probably still systems that have BO sitting around somewhere just 'cos the users don't know they've been infected.

And for the more experienced users - it's a matter of pride for machine and personal hygiene that you don't mention to someone 'I have BO' or 'I had BO'.

Perhaps I've misread that paragraph - who knows - but the number hit certainly was not 0.

What with this and this company having the source code for it to write a detector with:-
Senior Technical Consultant doesn't seem that hard a job for that company.

-----------------------------------------
'Where do the omnipresent go on holiday?'
-----------------------------------------






Microsoft ALWAYS does this. (0)

Anonymous Coward | more than 15 years ago | (#1805715)

All the self-proclaimed experts at ZDNET are always trying to show how secure NT is, and how Microsoft always responds to problems. Pure bullshit.

Whenever a security flaw or bug has been found in Windows, Microsoft has ALWAYS downplayed or outright denied it. ActiveX was shown to be a huge security hole, and microsoft responded with FUD, lies and bullshit. The SMB password block was sliced and diced with ease and Microsoft responded with silence.

But hey, the ZDNEtters will just cover the bullshit with whipped cream and Windows fanatics will continue to gush about how Bill Gates is so 'brilliant'.

More media distortion (0)

Anonymous Coward | more than 15 years ago | (#1805716)

Yay, another sad attempt to discredit cDc while making a big deal out of BO2K in the same breath. cDc's CDs were NOT infected with CIH, what happened was that some smart guy took his CD and decided to burn copies at DEFCON, and HE was infected with CIH. Perhaps if the media actually tried to get their facts right and stopped editorializing their supposedly objective news, I'd start taking them seriously.

Re:The BO2K Debacle & The Truth (0)

Anonymous Coward | more than 15 years ago | (#1805717)

You're overlooking how it manages to call a thread from another process and tunnel into it to hide itself. That's a serious problem all by itself. Please go back and do some research next time before you open your mouth.

Re:telnet (0)

Anonymous Coward | more than 15 years ago | (#1805718)

Windows 2000/NT5 will come with a telnet server out of the box on all versions. Lots of neat WSH scripts too (someone told me a leaked internal build have a version of vi with it)

It's not anything new of course but a step in the right direction

Re:Ummm - some stats please? (0)

Anonymous Coward | more than 15 years ago | (#1805719)

I used to work for an ISP, and i'd say at least 2% of our 20,000 users had the B.O. at one time or another... Not a day went by when people wouldnt call in and ask what this strange dialog box that said "God is speaking to you" meant... Imagine how many people didnt know they had it, and just assumed because their machine decided to reboot out of no reason must be a flaw of windows (well it is a lot:)... The B.O. was definately no childs play joke, and it definately spread a LOT.. tsk tsk M$

What this really means. (0)

Anonymous Coward | more than 15 years ago | (#1805720)

What this whole debacle shows is that the so-called security experts have disabled a trojan horse, instead of pushing to have the bugs and holes the trojan EXPLOITS fixed.

Interesting philosophy. It ensures that the 'antivirus community' and other self-proclaimed experts will continue to have a cash flow.

I thought the whole point of Back Orifice was to showcase the insecurities in Windows, and to hopefully get Microsoft to address them. Disabling the trojan and NOT addressing the security problems is akin to sweeping the whole thing under the rug. Or, it's like addressing the hole in the side of the boat with a bucket. Patch the hole, you have no NEED for the bucket (but that would mean no more 'antivirus community').

--an anonymous Frobozz

Re:Security? (0)

Anonymous Coward | more than 15 years ago | (#1805721)

Instead of killing, how about getting off your ass and looking around. There have been plenty of telnetd programs for NT around for years.

Re:ISS Is Amazing! (0)

Anonymous Coward | more than 15 years ago | (#1805722)

XOR is the only crypto algorythm available in BO2K by default. Copies made for use inside the US include a plugin which adds 3DES functionality.

The 3DES key is fixed. No DH by default, although a DH plugin could easily be written.

-foo

Re:Ummm - some stats please? (0)

Anonymous Coward | more than 15 years ago | (#1805723)

This person should take NMAP and do a quick scan...he'd be surprised how many BO clients are installed on given networks.

It's almost funny to watch these security 'experts' just 'dismiss' things as being a non-issue. If I don't see it, then it must not exist! Brilliant!

It's "practical" to take machines off-line? (0)

Anonymous Coward | more than 15 years ago | (#1805724)

Yeah, right, let's give up on networking entirely. Not only that, turn off the computer, disconnect its power supply, and lock it in a bank vault.

Saying things like "taking computers off the network is the only reliable way to make them secure" is just refusing to address the issue.

BO2K (0)

Anonymous Coward | more than 15 years ago | (#1805725)

I'm unimpressed by the whole issue. This program is more like PC Anywhere than a virus. If someone gets infected with this stuff it's most likely because the end user is nieve, not because their NT software sucks. God knows there's plenty of holes in MS's work...this isn't one of them.

Re:Security? (0)

Anonymous Coward | more than 15 years ago | (#1805726)

Telnet servers have been available forever for NT (as is just about every other UNIX type tool). Indeed Windows 2000 Server includes a secure telnet server and Terminal Server.

Re:Trojan horses are hard to protect against (0)

Anonymous Coward | more than 15 years ago | (#1805727)

Check out www.thirdpig.com. They have a version of linux with security granted to processes running instead of users.

Re:The problem is more severe in Windows (0)

Anonymous Coward | more than 15 years ago | (#1805728)

"On the other hand, with NT, as soon as any user runs the trojan, the machine is wide open with full administrator rights for the cracker."

Is this anti-Microsoft "FUD"? I've yet to see anywhere that this product achieves a higher security than the installing user, and if it did it would be an OS hole and would be patched pronto.

Re:Security? (0)

Anonymous Coward | more than 15 years ago | (#1805729)

You can get telnet for NT. And a bash or csh prompt as well. Just purchase and bolt on the third party POSIX API called Interix. For awhile I was leaving an NT box at home connected to the 'net through my Earthlink home account, and using Telnet and FTP to access it from work. Interix also comes with GCC, and if you buy the expensive version, the Exceed X server, an X11 implementation, and Motif. I've run X apps on my NT box from an X desktop on my Linux box.

Re:what's the fscking deal? (0)

Anonymous Coward | more than 15 years ago | (#1805730)

Unless the NT user is running 'that shell script' with Administrator access, it wouldn't happen. (lots of people run NT everyday with Administator access)

Re:What this really means. (0)

Anonymous Coward | more than 15 years ago | (#1805731)

"I thought the whole point of Back Orifice was to showcase the insecurities in Windows, and to hopefully get Microsoft to address them."

Get them to address insecurities? That is hardly the goal. The goal is for these clowns to get themselves as much press as possible by completely overselling something that is really quite simplistic (the fact that the media is giving these guys press is RIDICULOUS), and to garner some friends in the psycho anti-Microsoft movement. It has NOTHING to do with trying to increase security in MS Products, as the fundamental principles they are "exploiting" hold true of any operating system that is network capable.

Re:what's the fscking deal? (0)

Anonymous Coward | more than 15 years ago | (#1805732)

You're supposed to be the hacker. You tell us.

Re:Dangerous Child Play (0)

Anonymous Coward | more than 15 years ago | (#1805733)

Well, stupid childs play is often extremely dangerous.

Re:The problem is more severe in Windows (0)

Anonymous Coward | more than 15 years ago | (#1805734)

In NT the cracker only gets the access of the user who ran the trojan. It's possible to run NT at a non-administrator level. Sadly, many users aren't aware of that.

What Back Orfice is really accomplishing is that the IS people at many companies are getting a clue now and locking down their NT workstations. An unfortunate here at my place of work who runs NT can't even install a Quicktime player now, because he doesn't have Administrator access to the machine on his desk. Thanks, BackOffice authors, you're making the world a friendlier place.

BO2K is not a big deal (0)

Anonymous Coward | more than 15 years ago | (#1805735)

BO2K does some--interesting things which compromise the security of the machine, but as the article very rightly points out, it depends on user (un)knowingly running the program on the target machine. And as several other people have pointed out already, one could make a similar program for a UNIX box. So what is the cDc asking Microsoft to fix? Dumbass users? If they created a remote security exploit, that would be far more intriguing.

Re:Childs Play (0)

Anonymous Coward | more than 15 years ago | (#1805736)

It says that youths can hack together trojans, and that if they can get inexperienced users to run them, they can gain illegal access to computer systems.

Re:More media distortion (0)

Anonymous Coward | more than 15 years ago | (#1805737)

No, you'd never take them seriously. They don't have a total obsession with the subject which leads them to dig in as deeply as you do regarding the subject.

However, they didn't publish this news item for your benefit, so whatever....

Re:Just wondering... (0)

Anonymous Coward | more than 15 years ago | (#1805738)

Can minors sue anybody?

I can see all the virus writers surfacing all over the place to claim ownership of their little critters, in order to sue their victims. Not.

It would be fun to witness, though.

Re:So the original is cracked. BFD. (0)

Anonymous Coward | more than 15 years ago | (#1805739)

That is probably EXACTLY what the company wants to do. When you take away the profit motive, you loose your BEST ally for controling and manipulating people. The next best idea is to play on peoples egos and emotions.

Re:An actual quote from MS's PR machine: (0)

Anonymous Coward | more than 15 years ago | (#1805740)

One way you could interpret this statement is that it is in the interest of Microsoft's customers for Microsoft to protect the integrity of their technology.

Bet you never thought of that possiblity.

Re:Quite funny stuff, actually.. (0)

Anonymous Coward | more than 15 years ago | (#1805741)

I know a 30 year old who contributed to the cDc
when he was in high school in Lubbock. See 'Scarfing' article in cDc archives.

'Course it's silly, but he's still a hacker and
now on to much bigger projects than scarfing!

-kabloie

Re:Ummm - some stats please? (0)

Anonymous Coward | more than 15 years ago | (#1805742)

I worked at a large up-and-coming ISP, and would estimate that 50% of our security incidents had BO associated with them ... the other half were smurf attacks, and many of those smurfs were being unleashed from BO-"enabled" clients.

From an ISP perspective, Graham Cluely is clueless.

Hidden Settings (1)

Anonymous Coward | more than 15 years ago | (#1805783)

http://www.ntk.net/doh/options.html

(Thanks Virulent Memes)

Re:Microsoft ALWAYS does this. (1)

Anonymous Coward | more than 15 years ago | (#1805784)

Most of the 'fanatics' in the computer operating system sphere are people ranting about smaller players like Linux. Most Windows users and advocates are just people getting things done, living their life, and trying to keep 'fanatics' from lunging at their computers.

I don't know of anybody who attributes the success of Microsoft to the 'brilliance' of Bill Gates or any one individual within that company. They know what they're doing and how to meet the needs of a market, but the only 'gushing' I see happening occurs any time Linus Torvalds walks onto a stage.

It's noteworthy that Linus, equally as much as the founders of Microsoft, happened to be at the right place at the right time. And also came up with nothing particularly new.

I use Linux, OS/2, Solaris, Windows 95, Windows 98, Windows NT, Windows 2000, the BeOS, and even a little Atari ST in my daily computing life. All have merits and weaknesses. I've grown away from a tendency toward fanaticism. It doesn't reflect well on anybody to be obsessed.

Re:It's "practical" to take machines off-line? (1)

Anonymous Coward | more than 15 years ago | (#1805785)

I think what he probably meant was that taking the machine off-line
(and locking it in a vault without a keyboard,mouse, or monitor) is
the only way to guarantee that a machine is secure :o)

Of course this makes said machine singularly useless...

The BO2K Debacle & The Truth (2)

Anonymous Coward | more than 15 years ago | (#1805786)

BO2K doesn't take advantage of any security holes in NT. It runs as a system service that accepts connections and allows the client to perform a myriad of both benign and unbenign tasks on the host machine. Of course, it has decent legitimate uses for system administrators but it is being presented in a viral fashion from a group who's objective is clearly to pull the wool over the collective eyes of the uneducated computer user and media. If CDC was truly interested in "helping" they would cease this childish, "me too" Microsoft bashing and provide the community with something new and insightful. I'm sure they're having all sorts of little rallies and pep-talks with one and other about how they're "showing some control" when they're just showing their own contempt for the rest of us professionals that know better. I am, quite frankly, offended that CDC assumes we're all so naive to believe that they're doing us a favor.

To get straight to the meat of my post: this (BO2K) is not exposing any security hole. BO2K could be written for *NIX, BeOS, MacOS, etc.

People seem to generally miss the most important detail of all: the only practical way to truly lock down any OS is to remove it from the network entirely and allow zero points of entry.

The problem is more severe in Windows (1)

ryder (111) | more than 15 years ago | (#1805787)

In Linux the cracker would only get the access of the user who ran the trojan.

Sure it's possible that a Linux newbie might log in as root all the time. But what does a linux newbie have to loose anyway? The real threat is in the corporate environment, where the users are not going to be logged in as root ever. And most employees are much less likely to screw around like that on a Unix system at work anyway.

With Linux, while the threat of a trojan is there, the possible damage is much less severe, because of the limited rights of the user.

On the other hand, with NT, as soon as any user runs the trojan, the machine is wide open with full administrator rights for the cracker.

Trojan horses are hard to protect against (3)

Anders (395) | more than 15 years ago | (#1805789)

BO is a trojan horse. If you can get a user to run an executeable, you have him fscked. If I send someone a Linux executeable which modifies his login script to start a telnet server (modified to not require a login, of course) on some non standard (>1024) port, he has his account wide open. Anything he can do, you can log in and do as well. Is this a security flaw of Linux?

You cannot prevent users from doing such things, under any OS. As such I think Microsoft is right that this is not really a security problem in Windows.

Now, I do not know if BO gives administrator rights to the invader. If it does, then *that* would be a security problem. But letting people install programs is not.

Of course, you could make users unable to run programs from $HOME at all, but that would be unacceptable in many circumstances.
--

Re:Ummm - some stats please? (1)

J4 (449) | more than 15 years ago | (#1805790)

heheheh Cluely has BO....Cluly heheheh

Security? (1)

pb (1020) | more than 15 years ago | (#1805796)

I would call giving every user root access a *big* security hole. (of course that doesn't apply as much with Windows NT, but...) Also, I'm sure BO2000 *is* a better remote administration tool than anything Microsoft has ever offered since XENIX. I would kill for telnet to Windows machines... (but then I'd want a *useful* CLI... :)

Re:Security? (1)

pb (1020) | more than 15 years ago | (#1805797)

Oh, right, that's why I don't use them. (I have used bash and some other ported UNIX utils, the GNU/DJGPP prots, and some other inferior ones) Either everything is slow and big and statically linked, or it's fast, and re-written for DOS, and has new, quirky limitations... *sigh*

Also... what kind of an argument is that? There are millions of insecure machines on the internet that haven't been cracked or crashed because *no one has cracked them*. That doesn't mean it can't be done, it just means that we don't have enough crackers to go around. :) Don't complain, one of them might perk up and notice you...

Heh. If they're running IIS and NT, that's almost like trying to hack your own machine. Have fun keeping it stable. Running a vanilla NT machine and not doing anything with it is easy, but I have a lot of respect for anyone who tries to use NT for heavy work *and* keep it stable. That's much more arcane than UNIX ever was...

Re:telnet (1)

pb (1020) | more than 15 years ago | (#1805798)

Yay, more ports to scan! ;)

But seriously, I've seen W2000 Beta 3, and I'm not impressed. It's bloated, and it crashes more than NT ever should have. And that's saying something.

Re:ISS Is Amazing! (1)

C.Lee (1190) | more than 15 years ago | (#1805801)

You guys know what the ISS anoucement really means don't you? A hell of a lot of people are going to end up getting burned by BO2K. The clowns at ISS have just made BO2K a hell of a lot more dangerous to MS operating systems than it ever was...

Haven't laughed so much since.. (2)

martin (1336) | more than 15 years ago | (#1805806)


I haven't laughed so much since zipexplorer came out. ISS have wonderful marketing spin, I mean, how difficult is it to 'crack' things when you've source (as other people have pointed out). Come on Kris, I wasn't born yesterday.

I'm now waiting for a modified zipexplorer that includes the BO2K client, then we can all go back to installing proper email servers on our lans.

M-Sexchange no product has never been so well named :-)

Martin

Security flaws (1)

jd (1658) | more than 15 years ago | (#1805809)

I don't know why so many people have posted about it being possible to e-mail a trojan telnet server to a machine, running on an unnamed port. Most forms of Unix still use the olde, quaint "remote" programs, such as rlogin, which leaves the nasty hole offered by .rhosts. That would seem to be a far deadlier security hole than the prospect of running a complete server.

Re:Microsoft ALWAYS does this. (1)

mikfer (3266) | more than 15 years ago | (#1805817)

You mean their's *another* person out there who believes that computers are tools and does not scream the mantra "...but it's the technology for the sake of technology that matters"?

Thanks. Glad to see I'm not alone.

Can you say Service Pack? (1)

db (3944) | more than 15 years ago | (#1805819)


"Trojan horse software doesn't target technology,

it targets the user. If BackOrifice did in fact

exploit security vulnerabilities in Windows

or Windows NT, Microsoft would promptly fix the

vulnerability, and BackOrifice would be stopped."


Uhh huh, sure. What would they do? Release a Service Pack? Offer a "free" upgrade? I think MicroSoft is too busy with it's head shoved up it's rear end to notice. If(When) a program like BO2K becomes available affecting linux, how quickly would the code be edited to stop such a thing, Trojan Horse or not? Very quickly, I say!

--
Dave Brooks (db@amorphous.org)
http://www.amorphous.org

Re:what's the fscking deal? (1)

Richard (5962) | more than 15 years ago | (#1805823)

Unless the linux user is running that shell script as root, it wouldn't happen.

-Richard, barbarian geek.

Good thing (1)

kaptin (8996) | more than 15 years ago | (#1805830)

>Crackers often reason that
>they are performing a service
>in breaking into Websites and
>networks because they expose security flaws.

Oh so true...The best way to fully be safe from a "virus" is to be immune to it and what better way to be immune to it than to have recovered from an attack of the "virus".

I think Microsoft should start paying these people...maybe then they would release a safer W2K.

SOOOOO Impressed :P (2)

GraZZ (9716) | more than 15 years ago | (#1805834)

Wow, that must have been a HUGE difficulty, considering the source is available (get it at this site [www.hlz.nl] )

Re:"Decode" a GPL program? (1)

drwatt (10850) | more than 15 years ago | (#1805835)

"ISS cracking abilities are viewed as childs play!"

Re:Security? (1)

Cally (10873) | more than 15 years ago | (#1805836)

Well, I'm not suggesting it's better to run stuff on NT than Linux or BSD -- but they are out there if you're stuck on NT.

Re: the BBC -- sure there are loads of uncracked boxes out there, but don't you think bbc.com would make a rather prestigious trophy ?

BTW www.zpok.demon.co.uk is hosted by Demon -- I'm pretty certain they're not using NT.

Re:Security? (2)

Cally (10873) | more than 15 years ago | (#1805839)

telnetd (and lots lots more ports of 'real' software) are available for NT and possibly '9x as well. Certainly bash. csh and tcsh are available; so is X11R6.4 ... no, really ! Performance sucks of course. There's a short & incomplete list here [demon.co.uk] .

BTW if NT is so ludicrously insecure, how come www.bbc.co.uk [bbc.co.uk] has never been cracked ? They seem to use IIS as well as NT ...

Remember BO2K does not have to rely on the user (1)

Ice Tiger (10883) | more than 15 years ago | (#1805840)

Ok the easiest way to have it installed is via a user running it from email. Remember that NT has been a victim of the good old buffer overflow exploit of late as well.

I have heard of BO being installed via the outlook exploit under 95. Ok so even if this was done under NT then you still get user rights. However what if I installed it on someones IIS server using the recent buffer overflow exploit, or again using the ftp exploit. These will give me access under the user System.

Again these have been patched, but I would be very suprised indeed if the last buffer overflow for a service runnning under NT had been found.

Ice Tiger

Another Journo gets it right, NOT (1)

Ice Tiger (10883) | more than 15 years ago | (#1805841)

Erm no this is not true, remember what one reads in a paper must be true. :)

BTW I suppose BO2K might be installable via an activex component, another secure microsoft feature. Oh yes before anyone points out about signatures and such, dodgy activex coponents have been used in the past by legitimate developers and then they get signed under that developers id.

Ice Tiger

Re:An actual quote from MS's PR machine: (1)

FigWig (10981) | more than 15 years ago | (#1805842)

I thought this was the legal basis for the whole software industry. The software companies take no responsibility for their products at all, yet at the same time the end user has no rights that would resemble ownership of the product: can't modify, limited use, etc. Seems like a double whammy to me.

Aw crap! Now I sound like an open source advocate!

Bo2k is open... (1)

jscott (11965) | more than 15 years ago | (#1805843)

...source that is, :)

telnet (1)

jscott (11965) | more than 15 years ago | (#1805844)

the orginal BO include telnet functionality (a bit sketch tho) not sure about bo2k yet...

useful (1)

jscott (11965) | more than 15 years ago | (#1805845)

I'm may be a lowly temp, but i do a lot of user support/configs. To me the og ob was _very_ useful (at times) I only hope bo2k is better and more stable. Although I don't think anyone else (sysadmin) around here would agree :)

Re:ISS Is Amazing! (1)

sboss (13167) | more than 15 years ago | (#1805852)

Why do people always have to put down other people? Is it human nature or what? I have met several of the guys from ISS and they all seem fairly intelligent especially in their field of work.

Maybe I am biased since I know a few of them...
Scott

Scott
C{E,F,O,T}O
sboss dot net
email: scott@sboss.net

Fixing Quake (was Re:what's the fscking deal?) (1)

Greg W. (15623) | more than 15 years ago | (#1805856)

couldn't be bothered writing 'su' and then a lengthy password every time he wants to play Quake

chmod 1777 /usr/local/games/quake/id1 cat >/usr/local/bin/squake <<EOF #!/bin/sh cd /usr/local/games/quake exec ./squake "$@" EOF chmod 755 /usr/local/bin/squake

You'll probably want to do the same for the "hipnotic" and "rogue" directories, and make similar wrappers for the other quake binaries. Shame on id for not writing a better installation script.

Fixing Quake (was Re:what's the fscking deal?) (1)

Greg W. (15623) | more than 15 years ago | (#1805857)

couldn't be bothered writing 'su' and then a lengthy password every time he wants to play Quake

chmod 1777 /usr/local/games/quake/id1
cat >/usr/local/bin/squake <<EOF
#!/bin/sh
cd /usr/local/games/quake
exec ./squake "$@"
EOF
chmod 755 /usr/local/bin/squake

You'll probably want to do the same for the "hipnotic" and "rogue" directories, and make similar wrappers for the other quake binaries. Shame on id for not writing a better installation script.

(Sorry about the first one. I honestly thought the Preview button was on the left, not the right, and clicked Submit too fast.) :(

So the original is cracked. BFD. (1)

rde (17364) | more than 15 years ago | (#1805860)

Woohoo! The world is safe, unless someone manages to get their hands on the source code and come up with a variant.
The report is quite sanctimonious, reflecting Rouland's attitude (I suppose). Dissing crackers in such a manner, though, is just inviting trouble.

Re:SOOOOO Impressed :P (1)

PinheadX (18941) | more than 15 years ago | (#1805862)

Anyone know if this will compile under BeOS? I mean, is there any code in here that would throw BeOS for a loop? I just want to remotely administer my windoze box from across the room...

- - - - - - - - - - - - - - - - -
I run BeOS. The rules don't apply.

Just wondering... (3)

Black Parrot (19622) | more than 15 years ago | (#1805867)

I guess it wouldn't have mattered in this case, since BO2K is GPL'd, but I wonder: If the software lobbies manages to ram through all their proposed laws that would illegalize reverse engineering, will virus writers be able to sue anti-virus companies that crack their code?

Re:This was inevitable.... (2)

Seth The Man (20457) | more than 15 years ago | (#1805868)

Actually,I think the oldest cDc member (in age, not membership) is someting over 60.

The youngest is 20.

And there's everything in between. For the most part the cDc guys are yer average white twenty-somethings (go figure) ..

I don't think it's right to lump all of them together as teenagers with delusions of grandeur, sure, some sort of fit that description (the ones that claim the hacker profile...) but the original guys aren't REALLY like that at all.

They are just some weird guys who released wizardry docs as text files when they were in Jr. High. oh, and some other stuff about rabbits.

Personally I prefer the text file aspect of cDc, the hacker part is a bit silly.

Summary (5)

schporto (20516) | more than 15 years ago | (#1805869)

Below is my summary of the article....

Sophos cracked BO2K. Errr wrote a detector for it. We don't know the difference though. But they figured out the protocols and encryption schemes. Ohhh buzzwords.
Those nasty cDc'ers didn't like Rouland and he showed them. He asked for a copy which is completely sensible as he's a good guy, but they don't like him. We won't mention that he wanted a copy before everyone else.
We think this will allow them to control other computers. But we aren't sure what control it gives you, so we'll just blather on. Oh and insult them. They're kids. They are even infected.
But not to worry any one M$ is right on top of it. They even issued gasp a warning.
Its a toy but ISS warned the program could easily be used to delete files, reconfigure machines, steal passwords and redirect network traffic, without a user or administrator's knowledge.
Isn't it amazing what toys can do now.

Pardon the sarcasm.
-cpd

To hack or not to hack (1)

Nothinman (22765) | more than 15 years ago | (#1805874)

>>would-be hackers, or crackers as they are more >>accurately known

Atleast the writers of the article got this right.

(First Post)

Re:So what's the solution? (2)

artg (24127) | more than 15 years ago | (#1805876)

Do all the package maintenance tools want to run as root ? As far as I know, rpm does. What about the others ?

If there's a culture of using root access to do any significant operation on a machine, it becomes much easier to convince a user to use root for every job, and hence to run any arbitrary install script from the net as root.

Package admin should demand only as much access as is necessary ; if run as a normal user, they should install only with that user's rights (modifying ~/bin, ~/lib etc.)


Re:The problem is more severe in Windows (1)

puppet (27092) | more than 15 years ago | (#1805880)

Under NT, the program also runs with same rights as the user running it. It would not give full access to the system unless the user is logged in as Administrator.

Re:Security flaws (1)

sporty (27564) | more than 15 years ago | (#1805881)

That's the great thing about Unix design, you can easily get rid of the basic service and replace it with something else that is just as functional if not more.

Because of PAM, you don't need to use <sarcasm> the "stupid password file" which is so "insecure" since it's a file on a filesystem </sarcasm>. Hell.. if I wrote a program in pc assembler, i'm quite sure moving the needle over the right part of the disk and reading the bytes where the root password is, is NOT the hardest of things, providing that one knows assembler *grin*.

The moral fo teh story is that *nix has more ability for possibilities while NT is more about using MS's possibilties for lowerlevel functionality.

Re:An actual quote from MS's PR machine: (1)

opencode (28152) | more than 15 years ago | (#1805882)

You're right ... I never thought of that ....

So MS is kinda like an HMO: YOU buy the product, you allegedly benefit from the product, and it is COMPLETELY YOUR RESPONSIBILITY to do ALL the checking and qualifying of the integrity of the product (so that WHEN things go awry, YOU'RE responsible to represent your OWN interests). the product vendor has too wide of a userbase to care about your lone satisfaction ....

Is this what you mean ? Again, not an easy joke, but a request for elaboration and clarification ...

An actual quote from MS's PR machine: (2)

opencode (28152) | more than 15 years ago | (#1805883)

"Trojan horse software doesn't target technology, it targets the user. If BackOrifice did in fact exploit security vulnerabilities in Windows or Windows NT, Microsoft would promptly fix the vulnerability, and BackOrifice would be stopped."

Does this mean (as we knew all along) that Microsoft is more interested in maintaining the integrity of their technology than the interests of their users?

Sounds like a really easy joke here, but I'm interested how else I could interpret this statement. Please reply if you know ....

bbc runs SunOS 5.6 (2)

fixe (28769) | more than 15 years ago | (#1805884)

if you ftp to www.bbc.co.uk you get:

Connected to www.bbc.net.uk.
220 www2.thny.bbc.co.uk FTP server (SunOS 5.6) ready.

"Decode" a GPL program? (3)

rhdwdg (29954) | more than 15 years ago | (#1805890)

Pretty easy when they give you the source. Sheesh. Next thing you know they'll "decode" how OpenBSD implements IPSec.

I rather think the Cult's point is still made.

Look at that last quoted sentence... (2)

uncleFester (29998) | more than 15 years ago | (#1805891)

Microsoft has only issued only a warning, refusing to admit that there might be security vulnerabilities in WinNT.

To me, this is more serious than the BO2k release itself. Denial of any problems makes it very hard to solve them.

(I'd love to go into the 'you shouldn't even be able to install such tools under a proper or well-protected OS' thread, but then I'm not really feeling like Mr. Unix Snob this particular morning.)

-fester

ps.. SECOND POST.. MUAHAHAHA *spak*

Re:what's the fscking deal? (0)

xcene (31785) | more than 15 years ago | (#1805893)

OK, i forgot to add this part:

"..and trick this clueless linux newbie
into running the shell script as root"

Do you think the Linux newbie, who most likely is spending 98% of his uptime being logged in as root because he couldn't be bothered writing 'su' and then a lengthy password every time he wants to play Quake, would even bother thinking about the possibility of being trojaned?

And anyway, the shell script could at least add a telnet daemon which allows password-less logins to the *user* account, to the user's crontab.

what's the fscking deal? (1)

xcene (31785) | more than 15 years ago | (#1805894)

There's been "rootkits" available for most flavours of UN*X for as long as I can remember. If running a "undetectable remote administration service" constitutes a security hole in the OS, I guess the only OS that does not contain such a security hole must be something along the lines of DOS 1.0.

Writing a "Back Orifice Linux Edition" isn't exactly hard. Create a shell script or something similar, mail it to someone who have just installed Linux at his home PC, trick him into running it, and what-do-you-know, the shell script might just add a telnet daemon (suitably UUEncoded in the shell script) which runs at port 31337 and allows root logins without a password to his inetd.conf. Does this mean that Linux has a security flaw?

Downplayed (was Re:This was inevitable....) (2)

flesh99 (32039) | more than 15 years ago | (#1805897)

And which division of MS do you work for ?
After the original release of BO and the way MS downplayed it, and now BO2k, it doesn't really matter if they are "a bunch of sad teenagers with serious delusions of grandeur" now does it. they've even released it under the GPL, for God's sake! which means it will be mutated and changed in ways that MS and the "anti-viral community" cannot even begin to keep up with. Yes Linux has security flaws, and they are fixed usually within 24 hours of being reported. The effect this could have is frightening, however I think that most of us out here that still have to use MS product are aware of the security threats and take precautions to minimize the risk. Linux is easier to lock down than NT and any sysadmin worth his salt is the only one who even knows the root password. It is much harder to hack a root password from a user account on Linux than it is to send someone an e-greeting card with BO attached. I don't think this is being overplayed by Linux advocates, I do know for a fact it is being played down to the point of being dangerous by MS advocates. The cDc is forcing MS to notice them and by doing that they just might be able to force MS to fix some flaws in their OS. IMHO this is a "Good Thing" I don't think any of the Linux users that have a decent IQ are getting cocky about NT, the fact is, it is less secure, more unstable, and frankly uglier than Linux. (OK uglier is an opinion not a fact) Oh and from the looks of it (just look around on /.) most of the anti-social lamers seem to be part of this side of the fight, I have to disagree with the terrorist type tactics some of them use, but overall they are pretty amusing. I am sorry if it seemed I was ranting, oh and back to the original question, which MS division did you say you worked for ?

Re:BO2K is not a big deal (3)

flesh99 (32039) | more than 15 years ago | (#1805898)

One could not write a program that would do what BO does on every Linux box it was run on, it would have to run as root. Only newbies are logged in as root all the time, and within 24 hours of something like BO being released for Linux there would be a patch/detection/fix released and sysadmins would know to use it. NT admins do not tend to have the level of security awareness the *nix admins do. Sending a secretary a electronic greeting card will get BO installed on most networks. After that she forwards the file to a few of her friends and guess what, security comprimised. It might be a little harder to get upper management to run a program but I doubt it.

I know your solution is to install a detector on every machine, but this is open source, it will mutate beyond detection very quickly. MS downplayed the initial release of BO, and the cDc responded with this release, maybe the unwashed masses will finally see that MS products are full of security holes, don't even get me started on VBA. It is the, dumbass users as you call them, that make up the majority of the computer market, what makes you think you are so much better than they are. Frankly your comment about that disgusts me, I suppose you have never gotten a virus. I am an admin, but I don't feel that I am high and mighty compared to my users, get real, without users I wouldn't ahve a job.

I cannot agree with the tactics used to prove MS's security flaws, but at least someone is pointing them out, and they are using a big red pointer to do it. If NT security was not screwed to begin with then this problem wouldn't exist. There is a reason that there are not many programs like this and viruses for Linux, it is very hard to do. There are plenty of cracking tools, but most sysadmins know what to watch for. I'll bet at least 50% of the NT admins out there have believed MS's FUD about this and are telling their users there is no problem. So no, the cDc is not asking MS to fix the users, how about fixing the things that allow this prgram to do this to begin with. I am going to lower myself to your level now and say this, it's people like you that allow MS to continue to produce buggy software with swiss cheese like security holes. ( I was going to call you something insulting, but I decided that I couldn't bear to lower myself all the way to your level) Have a nice day.

This was inevitable.... (0)

briggers (32641) | more than 15 years ago | (#1805899)

It only takes a few minutes browsing the cDc website to discover that they are basically a bunch of sad teenagers with serious delusions of grandeur. The sheer pretentiousness of this whole Back Orifice nonsense is truly something to behold - they've even released it under the GPL, for God's sake!

However, it's important for Linux users not to get too cocky about Window's security flaws, for it's only a matter of time before trojan horses start appearing on Linux. Remember that running a program as root makes your system just as vulnerable as any Windows platform. I'm sure there are plenty of anti-social lamers with a grudge against the Linux community who could certainly write something similar, if they haven't done so already.

Re:More media distortion (1)

AtlantaPenguin (33997) | more than 15 years ago | (#1805900)

Sorry to say so, but we have an original CD that was thrown out to the crowd at DEFcon, and it was infected with CIH. (I worked this weekend various BO2K related items @ ISS)

I really could give a shit about the virus. It does l0pht (these guys are in both cDc and the so-called white knights of hackers) more harm than ISS or anyone else who got an infected CD.

We may lose a few machines (I doubt), but the credibility of their intention with this "Remote Administration Tool" just went in the trashcan.

We heard from people who are friends with the Cow that the virus was purposefully put there.

Don't think their isn't some degree of media distortion from everyone involved. Starting with cDc.

The point they have proved is that they can easily divert everyone's attention away from the real security issues of Windows NT on a silly trojan.

It is an exercise in social engineering, or using other security holes to get trojans onto the system.

And this is released under Open Source. So any hacker group can try and bring the world of Windows to its knees with a new trojan mutation for the next year.

BO2K has very little to do with Windows security.

It is very easy to feel smug and comfortable and take pot shots at the cDc/M$/ISS press releases.

Security is something we all constantly need to be aware of; With the amount of Open Source software that is being developed and released, and the breakneck speed of Red Hat distributions, there are a number of security holes in Linux that could easily be exploited by a "Remote Administration Tool", even though the Unix/Linux model doesn't raise too many eyebrows in regard to security.





Re:ISS Is Amazing! (1)

Sun Tzu (41522) | more than 15 years ago | (#1805903)

Well, it *did* take them 24 hours!

To select out a fingerprint only took the experts an hour. wow.

Re:what's the fscking deal? (1)

drudd (43032) | more than 15 years ago | (#1805905)

Oh boy, I can hack into the little linux newbie's personal comp and grab all his porn.

Yeah, that's a useful and a hack worthy of legend.

In response to A. Coward's comment on crypto (1)

johnnyw (46152) | more than 15 years ago | (#1805906)

Not quite, any nontrivial cryptosystem should be able to old up when it's underlying logic is examined. If that were not the case, we would all be walking around with hardware crypto-devices that explode when we tamper with them... and we dont do that... right? :)

I think that we are getting off-topic a bit.. ISS claimed to have figured out BO2K's crypto. I personally think that this is true. But it is irrelevant. What is important is wether or not they are capable of monitoring the connection between the client and the server for any and all keys known or unknown. I do not think this is true.
As for their analysis of the network traffic between the client and the server. That is trivial. Anyone with five spare minutes and tcpdump can do that. What is important is to recognize that this is all for nought. When was the last time that anyone took a look at how commercial IDS work? When was the last time that someone put together some programs that try to confuse IDS sensors by fragmenting packets, munging flags, tossing around impossible rst's, and sending packets slightly out-of order (but with good seq's)? I personally question ISS's (and all IDS vendors) ability to stand up to this test..

-jcw

ISS X-farce findings (2)

johnnyw (46152) | more than 15 years ago | (#1805910)

What ISS did was pretty trivial. The "detection" system simply looks at the properties of the network connection. When testing IDS systems at a client site, I found that certain systems, which I can not elaborate on, could not "see" connections if certain operations were carried out on the packets that make up the connection prior to their transission. This effectivly serves as verification of of Timothy Newsham and Thom Ptacek's excellent paper on problems with IDS software.
Here is the URL, thus absolving me from being accused of inventing this idea myself :)
http://www.nai.com/media/ps/nai_labs/ids.ps

Enjoy
-johnny waters, former Information Security Professional (Being a Dillitante is not so bad)

"Microsoft hit by Cult of the Dead Cow" (1)

cainem (48703) | more than 15 years ago | (#1805914)

This story by Julian Borger, in today's Guardian (UK newspaper) contains the following:

"True to the hacker's word, anyone curious enough to log into the cult's website will find his or her computer automatically infected with a virus."

How true is this?

Quite funny stuff, actually.. (1)

ViGe (49356) | more than 15 years ago | (#1805915)

I find it really amusing, that such a group claims to be founded in 1984 - and they still, after 15 years, don't have anything better to do than write trojan horses? Writing that kind of stuff is something I would believe about 14-15 old kids do, so a little calculation - they formed cDc about the same minute they were born.. Quite an impressive achievement!
--

Re:Quite funny stuff, actually.. (1)

Natty (51284) | more than 15 years ago | (#1805916)

Hey, what do you meen about 14-15 year old punks writing trojan horses. I'm 14-15 years old and I don't do stuff like that! Then again I don't do much, other then reading slashdot and playing quake that is. ..sigh.. I really need to find something productive to do.

Childs Play (0)

growler66 (52493) | more than 15 years ago | (#1805918)

If BO2k is 'childs play' does that say much about the security of MS OS's ?

Re:Just wondering... (1)

Microlith (54737) | more than 15 years ago | (#1805919)

Don't assume the virus author is a minor. Also, if they hold a copyright(left) in their name, yes.

Now I doubt it would apply to viruses, as you would get nailed to a wall for it.

Re:ISS Is Amazing! (1)

jovlinger (55075) | more than 15 years ago | (#1805920)

So now americans infecting non american hosts are liable under the munitions-export rules? That'd be a bummer. Get caught playing with one of these babies and don't get out of jail forever...

anyways, about the 3des: is the secret key fixed or is there some diffie-hellman going on?

Johan

Re:what's the fscking deal? (1)

alonso (63617) | more than 15 years ago | (#1805923)

Who can I login in a W98 box without root privileges? ;)

Re:what's the fscking deal? (1)

alonso (63617) | more than 15 years ago | (#1805924)

Thanks:)) but I'm not and I have to protect myself from the cracker.... I use Linux, and I don't login as root..

NT security flaws (1)

Tincan (64139) | more than 15 years ago | (#1805925)

I just think it's funny that Mickeysoft denies that there might be any security flaws with NT. No system (computer or otherwise) is truly secure and NT isn't all that advanced of an OS. In my days as an NT network admin, I've installed countless hotfixes and security patches. There's no denying that NT is closer to wide open than bulletproof, but that doesn't mean that BO exposes any problems with NT itself.

Re:BO2K is not a big deal (1)

DaveKempe (66367) | more than 15 years ago | (#1805926)

So what is the cDc asking Microsoft to fix? Dumbass users?
Plenty of them around! - No reason not to help out i spose.

Re:This was inevitable.... (1)

Varkmitek (68625) | more than 15 years ago | (#1805932)

Linux users have always known, and admitted the fact that security flaws exist in their OS, and that they will continue to crop up. Admitting that there are flaws is the first step towards getting them fixed - I don't think we're "cocky" about a the security of our OS: we're just confident that the security model is a bit more useful and, well, secure.

PS. I didn't know you could tell someones age by looking at their web page...
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>