[Moderator: I think this reply will speak for most of us. Last of the
thread..]
Reply From: Anonymous
On Fri, 25 Sep 1998, mea culpa wrote:
> At a hacker convention - yes, they have a convention - a group of
> hackers released some new hacker software they call "Back Orifice," a pun
> on Microsoft's BackOffice. The hackers claim that Back Orifice can allow
> hackers complete, unobstructed access to an individual's desktop and hard
> drive on any PC running Windows '95 or Windows '98. (They claim to be
> working on an NT version). For the hackers to get access, a user must
> unwittingly download Back Orifice from the Internet to their own computer.
And judging from the technical savvy of the average Microsoft user, many
of them *will* unwittingly download BackOrifice. These are the same
people who propagate the "Good Times" and "Join the Crew" virus hoaxes,
for pete's sake.
> Microsoft says you'd have to be pretty stupid to download a file from
> an untrusted source, but I'm sure Back Orifice can find its way around.
Uh...Microsoft says that Microsoft users are "pretty stupid." Wow. First
time that company's called a spade a spade.
> And now these hackers - who claim to have written Back Orifice for
> the *good* of the computer industry - have created it, security risks on
> the Internet are that much greater.
>
> Thanks a lot, guys.
You're welcome.
But seriously, would the author of this diatribe prefer that hackers kept
these nifty little vulnerabilities to themselves and gradually released
them, one-by-one until every system out there was crawling with little
baby BackOrifices?
I'd suggest Mr. Hanback abandon his ostrich-like stance with regard to
computer security.
> Hackers claim they write this kind of software to reveal security
> holes in software so that manufacturers can fix them. Fine, but the group
> that created Back Orifice also allows it to be downloaded freely from the
> Internet by any psychotic geek who desires to see what his fatal
> attraction has stored on her hard drive.
You forgot to throw in "Digital Pearl Harbor" and "Electronic Terrorism,"
Mr. Hanback. Come on, if you want to whip up hysteria, at least make an
effort!
> Forgive me if I question the hackers' intentions. If they meant well,
> they wouldn't be demonstrating their software to the world at large.
> They'd be sharing it with Microsoft, who could then fix the problem.
These problems *have* been shared with Microsoft innumerable times in one
form or another. That nothing was done to repair them is certainly no
fault of cDc.
> Here's my advice to computer users who fear Back Orifice: Don't
> download files from sources you don't know or don't trust. And start
> asking Microsoft for a fix. So far, the company has not released any
> indication that it plans to secure Windows against Back Orifice.
The latter part of this paragraph demonstrates who the true villian in
this whole mess is. Microsoft has long been aware of the problems, yet
did nothing.
> How do we know that hackers have become a danger to society? The
> White House took special precautions to make sure no one could intercept
> the closed-circuit broadcast of the president's testimony to Kenneth
> Starr's grand jury. If the White House is worried about the problem, we'd
> probably better be worried too.
And the cryptologic methods that the White House utilized in that
closed-circuit broadcast are the *same* robust cryptologic methods which
they seek to deny the average American citizen. Now try to tell me that
Washington really has our best interests at heart.
> And if you meet a hacker named Sir Dystic (the individual who
> released Back Orifice, and whose name is an obvious play on "sadistic"),
> punch him in the nose. Or maybe you can just sue him for invasion of
> privacy.
Uh..."punch him in the nose." Now *WHERE* have I heard that before?? Oh.
Oh yeah...*that* "book."
Well, when I next run into Sir Dystic, I'll clap him on the back and buy
him a drink. Anyone who can, by merely releasing one software package,
make a Software Giant look like a bungling fool is A-Okay in my book.
Fools such as Mr. Hanback are hardly worth the derision they've earned.
> In fact, "hacker" is too mild a term for people who try to force a
> corporation's hand by threatening the computing safety of millions of
> innocent people. By that definition, these people are not hackers; they're
> cyber-terrorists. --
*rolling eyes* Someone forget their medication.
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Fri Sep 25 17:26:37 1998