hacker's dream

jerry the golden retriever an407769 at anon.penet.fi
Mon Nov 13 01:23:07 PST 1995



Windows 95 Is A Hacker's Dream Over The Internet
CENTRAL, HONG KONG, 1995 NOV 9 (NB) -- Windows 95, combined with the
Internet, could be a dream made in hacker heaven. From seasoned propeller
heads Newsbytes has contacted, it looks like Windows 95 could be more of a
security nightmare than was first thought.

This is especially true where fixed link companies are concerned. An
investigation of the new operating system, when hooked onto the Internet,
leaves computers wide open. Executing a series of simple, uncomplicated
commands opens up company and private users' computers to hacking the moment
they access the Internet, claim some analysts.

Worse, they may never know it has been done. Using a simple Unix command, a
hacker can locate the IP (Internet protocol) address of the subscriber logged
into an Internet service provider. Then he needs only one more thing; a
logged-on Internet user using Microsoft's new operating system.

For businesses with leased line Internet links, it can happen at any time,
day or night. Once the IP address has been noted, the hacker simply creates a
file through DOS on his own system, specifying the address and naming it.
Using two other commands -- which purge the remote names on the IP, or
Internet provider's port -- the system then refreshes and remaps itself in
preparation to be accessed by the hacker's computer.

Because Windows 95 is designed with a networking capability, it leaves all
computers in the office open to illegal access. Once the hacker has called up
his Map Network Drive, the hard disk on his own machine cannot be
differentiated from that of the genuine user. All that need be done then is
to put in a common drive name, most obviously "C:\." For networked machines,
the default "C$" is common.

This gives access to all files on the subscriber's drive. While Windows 95
allows the user to protect the drive by giving it a password, computer
experts Newsbytes talked to said that device won't necessarily lock out
intruders. Because the operating system has no "audit" trail -- in other
words, it does not log who or how someone is accessing the drive -- a hacker
can spend weeks trying to discover the password. Password search programs,
like Cracker, are readily available and can break through most simple
password sequences.

(Joel McCormick & I.T. Daily/19951109)
--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse at anon.penet.fi
For information (incl. non-anon reply) write to    help at anon.penet.fi
If you have any problems, address them to          admin at anon.penet.fi






More information about the cypherpunks-legacy mailing list