Vol.Three Issue #65 The Surveillance List Forum Apr.3,1998
**************************************************************************
16)From: "Shake Communications Pty Ltd" <shake@shake.net>
Subject: Hackers Exploiting Over 100 Holes In Windows NT
101 Ways to Hack into Windows NT
MELBOURNE, AUSTRALIA: A study by Shake Communications Pty Ltd has
identified not 101, but 104, vulnerabilities in Microsoft Windows NT,
which hackers can use to penetrate an organisation's network.
Many of the holes are very serious, allowing intruders privileged access
into an organisation's information system and giving them the ability to
cause critical damage - such as copying, changing and deleting files, and
crashing the network. Most of the holes apply to all versions (3.5, 3.51
and 4) of the popular operating system.
Shake Communications, an information and internet security firm, has
compiled the statistics as part of an ongoing study and compilation of
vulnerabilities in popular hardware, operating systems, applications and
programming languages.
The vulnerabilities are ranked High, Medium or Low according to the damage
(loss or resources, time and money) they can cause and are categorised
into Denial of Service (D.O.S.) vulnerabilities, Server Message Block
(S.M.B.) vulnerabilities, Malicious Program vulnerabilities and
Miscellaneous vulnerabilities. The majority of weaknesses affect Versions
3.5, 3.51 and 4. Some apply only to one or two of the versions and others
apply where an application, such as Microsoft Access, is running on
Windows NT.
Some examples of how hackers (from both the outside and the inside of an
organisation) can exploit the various vulnerabilities are as follows:
* An intruder can crash the Windows NT system by sending spoofed packets
to multiple ports where the source and destination settings are the same;
* Holes in the Server Message Block authentication can give a local user
unauthorised network access under certain conditions (for example, an
employee can break into the payroll system);
* An unauthorised user can use the alerter and messenger services to send
fake pop-up messages to legitimate users and thereby fool them into
entering information such as their password;
* Hackers can use their own programs to exploit holes, such as L0phtCrack,
a password cracking program, and NtAddAtom, a program which crashes NT;
* Even where a domain user creates a file and removes all its permissions
(reading, writing, deleting), an unauthorised user can still delete such a
file.
Some of the holes have no recommended countermeasures and others rely on
physical security measures (such as locking the Windows NT server in a
room). Fortunately, there are software patches or fixes available to
rectify many of the vulnerabilities. Microsoft freely provides these at
its Web Site (http://www.microsoft.com). Unfortunately, many users are
probably unaware that this service exists.
Shake Communications also provides links to patches/fixes in its
Vulnerabilities Database, which also covers other operating systems,
programs, applications, languages and hardware.
For more information contact Shake Communications at info@shake.net or
+613 9555 8560. Shake Communications maintains a Vulnerabilities Database
containing over 3,000 vulnerabilities and associated patches/fixes at
http://www.shake.net. This is updated daily and available by subscription.
Acknowledgments
Costin Raiu
Joba DoVoe
Microsoft Corporation
Paul Ashton
The L0pht
www.ntshop.com
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Dimensional Communications (www.dim.com)
Received on Mon Apr 6 03:41:11 1998