LISTSERV - HP3000-L Archives

HP3000-L Archives

August 1998, Week 1

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L August 1998, Week 1

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]
Subject:	Off Topic: FW: Microsoft Security Bulletin (MS98-010)
From:	Joe Geiser <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Wed, 5 Aug 1998 21:46:46 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (150 lines)
Since a good many people run Windows NT/95/98 Workstations and Servers, I
thought that this would be good to pass along to the group.

If you don't use these OSes at all - please disregard this message and
accept my apologies for the waste of bandwidth - but it seems that most, if
not all of you have at least one of these machines in your shops.

Best,
Joe


-----Original Message-----
From: Microsoft Product Security Notification Service On Behalf Of
Microsoft Product Security Response Team
Sent: Wednesday, August 05, 1998 11:21 AM
To: [log in to unmask]
Subject: Microsoft Security Bulletin (MS98-010)


Microsoft Security Bulletin (MS98-010)

----------------------------------------------------------------------- -

Information on the BackOrifice Program

Last Revision: August 04, 1998

Summary
=======
On July 21, a self-described hacker group known as the Cult of the Dead  Cow
released a tool called BackOrifice, and suggested that Windows  users were
at risk from unauthorized attacks.  Microsoft takes security  seriously, and
has issued this bulletin to advise customers that  Windows 95(r) and Windows
98(r) users following safe computing  practices are not at risk and Windows
NT(r) users are not threatened in  any way by this tool.

The Claims About BackOrifice
============================
According to its creators, BackOrifice is "a self-contained,
self-installing utility which allows the user to control and monitor
computers running the Windows operating system over a network".  The
authors claim that the program can be used to remotely control a  Windows
computer, read everything that the user types at the keyboard,  capture
images that are displayed on the monitor, upload and download  files
remotely, and redirect information to a remote internet site.

The Truth About BackOrifice
===========================
BackOrifice does not expose or exploit any security issue with the  Windows
platform or the BackOffice(r) suite of products.

BackOrifice does not compromise the security of a Windows network.
Instead, it relies on the user to install it and, once installed, has  only
the rights and privileges that that the user has on the computer.

For a BackOrifice attack to succeed, a chain of very specific events  must
happen:
 - The user must deliberately install, or be tricked into
   installing the program
 - The attacker must know the user's IP address
 - The attacker must be able to directly address the user's
   computer; e.g., there must not be a firewall between the
   attacker and the user.

What Does This Mean for Customers Running Windows 95 and Windows 98?
====================================================================
BackOrifice is unlikely to pose a threat to the vast majority of   Windows
95 or Windows 98 users, especially those who follow safe  internet computing
practices.  Windows 95 and Windows 98 offer a set of  security features that
will in general allow users to safely use their  computers at home or on the
Internet.  Like any other program,  BackOrifice must be installed before it
can run.  Clearly, users should  prevent this installation by following good
practices like not  downloading unsigned executables, and by insulating
themselves from  direct connection to the Internet with Proxy Servers and/or
firewalls  wherever possible.

What Does This Mean For Customers Running Windows NT?
=====================================================
There is no threat to Windows NT Workstation or Windows NT Server
customers; the program does not run on the Windows NT platform.
BackOrifice's authors don't claim that their product poses any threat  to
Windows NT.

What Customers Should do
========================
Customers do not need to take any special precautions against this  program.
However customers should ensure that they follow all of the  normal
precautions regarding safe computing:
 - Customers should not install or run software from
   unknown sources -- this applies to both software available
   on the Internet and sent via e-mail.   Reputable software
   vendors digitally sign their software to verify its authenticity
   and safety.
 - Corporate administrators can block software that is not digitally
   signed by a reputable or authorized software company at their proxy
   server and/or firewall.
 - Customers should keep their software up to date to ensure that
   hackers cannot take advantage of known issues.
 - Companies should use actively use auditing and  monitor their
   network usage to deter and prevent insider attacks.


More Information
================
Please see the following references for more information related to  this
issue.

 - Microsoft Security Bulletin 98-010, Information on the
   BackOrifice Program (the Web posted version of this
   bulletin),
   http://www.microsoft.com/security/bulletins/ms98-010.htm

Revisions
=========

August 04, 1998: Bulletin Created

For additional security-related information about Microsoft
products, please visit http://www.microsoft.com/security


----------------------------------------------------------------------- --
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED  "AS
IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL  WARRANTIES,
EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF  MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL  MICROSOFT CORPORATION
OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES  WHATSOEVER INCLUDING DIRECT,
INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS  OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION  OR ITS SUPPLIERS HAVE BEEN ADVISED
OF THE POSSIBILITY OF SUCH DAMAGES.  SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR  CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE
FOREGOING LIMITATION MAY NOT  APPLY.

(c) 1998 Microsoft and/or its suppliers. All rights reserved.
For Terms of Use see
http://support.microsoft.com/support/misc/cpyright.asp.

          =====================================================
You have received  this e-mail bulletin as a result  of your registration
to  the   Microsoft  Product  Security  Notification   Service.  You  may
unsubscribe from this e-mail notification  service at any time by sending
an  e-mail  to  [log in to unmask]
The subject line and message body are not used in processing the request,
and can be anything you like.

For  more  information on  the  Microsoft  Security Notification  Service
please    visit    http://www.microsoft.com/security/bulletin.htm.    For
security-related information  about Microsoft products, please  visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.
ATOM RSS1 RSS2
RAVEN.UTC.EDU