Security hole in Netscape browser infects almost 1,000 computers By D. IAN HOPPER, Associated Press WASHINGTON (August 8, 2000 8:58 a.m. EDT http://www.nandotimes.com) - Security experts warned Internet users Monday about a security hole in Netscape's Web browser that has already infected almost 1,000 computers. Once a computer is infected, a hacker can click through the victim's computer and see, run and delete files on the target computer. The method, dubbed "Brown Orifice" in a reference to the popular hacker tool BackOrifice, has been making the rounds of computer security mailing lists and bulletin boards over the weekend. Netscape has not yet made a remedy available, but are working on the problem. "Netscape takes all security issues very seriously," said Netscape spokesman Andrew Weinstein, "We're working to quickly evaluate and address this concern." The person who posted the code also posted a sample bit of computer code on his Web site that can be modified for more malicious purposes and a list of some of the users who have been infected. This list is being used by other hackers, said computer security expert Chris Rouland of Internet Security Systems, making those infected computers open to anyone who wants to click through their wide-open hard drives. "As of (Monday) morning," Rouland said, "965 people have it loaded." It's common practice to make dangerous code public so security professionals can better prepare themselves to defend against the code. ISS said information about the security hole had also appeared on several popular Web sites such as Slashdot, an online community of users of the Linux operating system. "It can be assumed that knowledge of the exploit, its source code, and variations are widespread," ISS said in a press release. However, there is still no remedy available from Netscape. Atlanta-based ISS, which analyzed the security hole, advises Netscape users to disable the Java programming language in their browser. Netscape, owned by America Online, suggested the same temporary workaround. Both ISS and Netscape officials noted that business users, because they're protected by the company's network firewall, are not vulnerable. Rouland said Brown Orifice is especially dangerous because it's easy to modify and can be changed into a self-copying virus form - as opposed to the current infection method, where a victim visits a Web site that includes the malicious code. "The bar's been lowered for any script-kiddie to modify this code and make it even more malicious," Rouland said. Netscape Communicator versions 4.74 and earlier are affected, Rouland said. Microsoft Internet Explorer users and users of the Mozilla prerelease version of the new Netscape browser 6.0 are not vulnerable to this problem. Rouland noted that Microsoft users who have switched to Netscape - a company whose history includes the earliest Web browsers - after the recent stream of Microsoft-related security holes in Internet Explorer and the Outlook and Outlook Express e-mail programs are finding that no computer programs are without problems. Also Monday, another security expert pointed out a security hole in Microsoft's Word and Excel products that can let a hacker take over the victim's computer. Microsoft officials said they are working on the issue. "The vendor-changing strategy obviously doesn't work," he said. "Security coding practices are being ignored by even one of the Internet's oldest companies." ------------------------------------------------------------------------ Steve Wingate Anomalous Images and UFO Files http://www.anomalous-images.com <A HREF="http://www.ctrl.org/">www.ctrl.org</A> DECLARATION & DISCLAIMER ========== CTRL is a discussion & informational exchange list. Proselytizing propagandic screeds are unwelcomed. Substance—not soap-boxing—please! These are sordid matters and 'conspiracy theory'—with its many half-truths, mis- directions and outright frauds—is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRLgives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://peach.ease.lsoft.com/archives/ctrl.html <A HREF="http://peach.ease.lsoft.com/archives/ctrl.html">Archives of [EMAIL PROTECTED]</A> http:[EMAIL PROTECTED]/ <A HREF="http:[EMAIL PROTECTED]/">ctrl</A> ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
