Information Security News mailing list archives
How MS Helped With Own Hack
From: William Knowles <wk () C4I ORG>
Date: Sat, 28 Oct 2000 20:42:25 -0500
http://www.wired.com/news/culture/0,1284,39805,00.html by Michelle Delio 12:00 p.m. Oct. 27, 2000 PDT The Qaz worm used to hack into Microsoft's servers on Thursday was not a particularly elegant piece of coding, but Shakespeare would have loved it. As in, Bill Gates was hoisted with his own petard. Qaz, as it turns out, was written in the company's own programming language: Microsoft Visual C++. Security experts say an equally efficient worm could have been written in another programming language, but Visual C++ is rapidly becoming the hacking program of choice. It's relatively easy to learn Visual C programming, and rogue programs created with C++ are compatible with the majority of applications used by corporations. So, it's more ironic than anything that Qaz was used for the latest Microsoft hack. "Do I think it was written in C++ specifically to mock Microsoft? No," said David Anderson, of Anderson Consulting (a small, freelance consulting firm not to be confused with the much larger Andersen Consulting). "But do I think its amusing that their own application was indirectly used to attack them? Yes. God, I hate to admit it, but it made me smile," Anderson added. "It is interesting in a kind of cruel way that Microsoft has been eaten by the monsters it created," said Andrew Antipass, a security consultant. But Antipass said he finds it more interesting that Microsoft obviously stored valuable source code on a very accessible server. "I tell my clients to isolate all valuable information off the network. There's something about this whole Microsoft hack that doesn't make sense. Either they thought they were invincible, or they left a door very open for reasons I can't even begin to guess at." Jonathan Addams, a freelance security consultant, says that virtually any firewall can be bypassed if the organization behind that firewall has "the Outlook e-mail program, a Windows NT box as the server and just one dim employee." He wasn't surprised to learn that the worm was written in Visual C++. "Microsoft products are in wide use," Addams said. "The cracks that are directed at Microsoft products are partly because they are so popular. Why crack something that's obscure? Addams said that this crack is more about people "being stupid" and opening e-mail attachments -- and systems administrators "being too lazy" to apply fixes for known problems -- than it is an issue with the security levels of Microsoft's products. The Qaz worm was identified in August. It is a network worm with backdoor capabilities, which allows an attacker entry into an infected computer system. Once a system has been breached by the worm, it is possible to grab passwords off the server logs and use those passwords to enter into other sections of the server. The worm was considered to be of moderate risk, since it wasn't spreading quickly and there was a fix for it at available at security sites such as F-Secure. Addams said he was troubled by the fact that the crackers had access to the MS network for three months. "You'd think someone would have looked at the log, seen unusual activity and caught it in a day or two," Addams said. "There would have been significant and odd activity on their servers when this was happening." *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- How MS Helped With Own Hack William Knowles (Oct 30)