-Caveat Lector- from: http://www.aci.net/kalliste/ Click Here: <A HREF="http://www.aci.net/kalliste/">The Home Page of J. Orlin Grabbe</A> ----- Information Warfare How Microsoft Hacked Itself As the worm turns. The Qaz worm used to hack into Microsoft's servers on Thursday was not a particularly elegant piece of coding, but Shakespeare would have loved it. As in, Bill Gates was hoisted with his own petard. Qaz, as it turns out, was written in the company's own programming language: Microsoft Visual C++. Security experts say an equally efficient worm could have been written in another programming language, but Visual C++ is rapidly becoming the hacking program of choice. It's relatively easy to learn Visual C programming, and rogue programs created with C++ are compatible with the majority of applications used by corporations. So, it's more ironic than anything that Qaz was used for the latest Microsoft hack. "Do I think it was written in C++ specifically to mock Microsoft? No," said David Anderson, of Anderson Consulting (a small, freelance consulting firm not to be confused with the much larger Andersen Consulting). "But do I think its amusing that their own application was indirectly used to attack them? Yes. God, I hate to admit it, but it made me smile," Anderson added. "It is interesting in a kind of cruel way that Microsoft has been eaten by the monsters it created," said Andrew Antipass, a security consultant. But Antipass said he finds it more interesting that Microsoft obviously stored valuable source code on a very accessible server. "I tell my clients to isolate all valuable information off the network. There's something about this whole Microsoft hack that doesn't make sense. Either they thought they were invincible, or they left a door very open for reasons I can't even begin to guess at." Jonathan Addams, a freelance security consultant, says that virtually any firewall can be bypassed if the organization behind that firewall has "the Outlook e-mail program, a Windows NT box as the server and just one dim employee." He wasn't surprised to learn that the worm was written in Visual C++. "Microsoft products are in wide use," Addams said. "The cracks that are directed at Microsoft products are partly because they are so popular. Why crack something that's obscure? Addams said that this crack is more about people "being stupid" and opening e-mail attachments -- and systems administrators "being too lazy" to apply fixes for known problems -- than it is an issue with the security levels of Microsoft's products. The Qaz worm was identified in August. It is a network worm with backdoor capabilities, which allows an attacker entry into an infected computer system. Once a system has been breached by the worm, it is possible to grab passwords off the server logs and use those passwords to enter into other sections of the server. The worm was considered to be of moderate risk, since it wasn't spreading quickly and there was a fix for it at available at security sites such as F-Secure. Addams said he was troubled by the fact that the crackers had access to the MS network for three months. "You'd think someone would have looked at the log, seen unusual activity and caught it in a day or two," Addams said. "There would have been significant and odd activity on their servers when this was happening." Wired News, October 27, 2000 ------------------------------------------------------------------------ ----- Aloha, He'Ping, Om, Shalom, Salaam. Em Hotep, Peace Be, All My Relations. Omnia Bona Bonis, Adieu, Adios, Aloha. Amen. Roads End <A HREF="http://www.ctrl.org/">www.ctrl.org</A> DECLARATION & DISCLAIMER ========== CTRL is a discussion & informational exchange list. Proselytizing propagandic screeds are unwelcomed. Substance—not soap-boxing—please! These are sordid matters and 'conspiracy theory'—with its many half-truths, mis- directions and outright frauds—is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRLgives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://peach.ease.lsoft.com/archives/ctrl.html <A HREF="http://peach.ease.lsoft.com/archives/ctrl.html">Archives of [EMAIL PROTECTED]</A> http:[EMAIL PROTECTED]/ <A HREF="http:[EMAIL PROTECTED]/">ctrl</A> ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
