Hackers pick security holes

[InfoSec News <isn () C4I ORG>]

http://www.fcw.com/fcw/articles/2000/0731/web-defcon-08-02-00.asp

BY Ann Harrison, Computerworld
08/02/2000 RELATED LINKS

Feds heard warnings from hackers last weekend in Las Vegas during Def
Con 8, which featured workshops on exploitable vulnerabilities,
defense strategies and the latest tools for the security community.

One of Def Cons most anticipated events was the annual presentation by
the Cult of the Dead Cow. The group released the Back Orifice hacking
tool at Def Con in 1998 and announced an updated version of the Trojan
horse program that targets Microsoft Corp. Windows NT systems at last
years conference. The groups tools could be used to attack or defend
networks.

This year, members of the group offered information on a type of
denial-of-service attack that can disable NetBIOS services on Windows
machines. NetBIOS is a commonly used network protocol for PC
local-area networks.

A member of the Cult of the Dead Cow known as Sir Dystic developed a
tool called NBName that he said can exploit the NetBIOS hole by
rejecting all name-registration requests received by servers on TCP/IP
networks.

NBName can disable entire LANS and prevent machines from rejoining
them, according to Sir Dystic, who said nodes infected by the tool
will think that their names already are being used by other machines.
"It should be impossible for everyone to figure out what is going on,"
he added.

However, Microsoft Corp. last week posted an advisory on its Web site
saying that the company is aware of the potential NetBIOS
vulnerability. The company said a patch addressing the problem on
Windows 2000 systems can be downloaded now, while others for the
various versions of Windows NT 4.0 are due to be released "shortly."

Microsoft added that external attacks shouldnt be possible "if normal
security practices have been followed" by organizations.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".