Spinner Tech Tips Inner Outpost
VOL #1 Issue 5
A Technical Guide
iNTRAcomm
of the
iNTRAport
Bi-Weekly Reports
tate@qru.com
david@qru.com
Qru
Search:
Windows Security Hole

A small start-up firm named ByteTight Computer Security Corp. has announced a gaping hole in Windows Internet security lets any person get into any other Internet-connected computer that has file sharing turned on. Programs ranging from games to file transfer protocol (FTP) servers to Windows 98 itself turn on file sharing without even telling the user, the firm says.

ByteTight's president, Michael Paris, told Newsbytes Monday morning he is taking the security problem public at this point because a very popular hacker site just posted a Windows program that automates the intrusions, making them simple enough for Grandma to pull off, if she's feloniously inclined.

To pull off the intrusion, a person needs the Internet protocol (IP) address of any connected machine running Windows 95, 98 or NT, says Paris. A person opens the "run" box on their own machine and types in two backslash characters followed by the remote machine's IP address. If file sharing is turned on, a Windows Explorer window will open, listing all shared resources on the remote machine. If full access is enabled, a person can then open any file, make changes, add or delete files, steal information or do whatever else they want.

A person then works on the other machine in your own copy of Windows Explorer. Note this not the Internet Explorer -- it is the default Windows Explorer used on all Windows 95, 98 and NT machines to manage files. They can copy, delete, move or open files at will unless the host machine's file sharing is in "read only" mode, in which case they can only look at the shared drives and copy information they want to steal.

In Florida, accessing another's machine without permission in this fashion is a Class 2 felony, Paris told Newsbytes. But the problem is global, he stressed.

Newsbytes tried the technique on another Newsbytes reporter's computer, with permission, and created a new file with "Ha ha - Kilroy was here!" as its contents.

Newsbytes notes most machines connected to the Internet through an Internet service provider (ISP) have dynamic IP addresses assigned by the ISP. Those numbers change from one session to the next. To find a current session's address, one must open the "run" box and enters the command, WINIPCFG -- Windows will return the current address in an IP Configuration dialog box. It consists of a series of numbers connected by "dots," something like 234.567.890.24.

The wildcat software, called WinHost Gold, has two main functions, says Paris. First, it can log onto the machine of anyone using an MIRC Internet relay chat room, where the intruder can then commit mischief. Or it can scan "C" blocks -- the "890" portion of the fictitious IP address just shown for live addresses, giving the intruder a place to hack.

Paris told Newsbytes, "In tests I've run here, if I take an IP address for, say, one of the major cable companies, I'll get a very, very high rate of connection to host machines. I don't understand why, but a lot of programs turn sharing on without asking permission. On Windows 98, if you disable file sharing and you then reboot, it turns it back on again. Without asking. I don't understand why they wrote it that way."

He says the percentage of vulnerable people on the Internet is startlingly high, maybe as high as 80 percent, and they tend also to have their main "C" drives shared.

"I don't understand why people do that," Paris told Newsbytes. "I mean, these are standalone machines. Maybe it's games. Most of the popular interactive games like Quake require file sharing. And other programs turn sharing on as well. The FTP programs (servers) do it without telling you and they do it without a password."

He said the popular War FTP program is one such program. "Users need to be aware of this," declared Paris. His firm now markets a utility, HackerProof98, for $99 that not only blocks such attempts but logs who tried to get on, their IP address, user name and machine name.

Said Paris, "I contacted about 30 hackers and found two who knew about this, before. But now, with it up on (hacker site name), it will be very widespread. And the kids who use it will try to commit all kinds of mischief."

He added, "We started writing HackerProof originally just for us in-house and realized it was a real problem for everybody on the Internet. We figured we'd better make this commercial, protect the world and maybe make a few bucks. At the very least, people do need to know about this."

More information? Visit HackerProof98.
contributed by Craig Menefee, Newsbytes.


Studio Staff LAN Tech Tips Search News

September 14, 1998
August 31, 1998
August 16, 1998
August 3, 1998
July 19, 1998
June 7, 1998
March 17, 1998
March 3, 1998

In This Issue:
Windows Security Hole
Information Illuminati
Computer Graphics
Jokebase Tech Note

Tech Tips
Tech Terms
Tech Tips Forum

Qru
  info@qru.com
© Qru Studios Incorporated 1998 [ 708 ] 652-7581