Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

(Fwd) Re: Win 95 is Hacker's Dream

2 views
Skip to first unread message

David Smith

unread,
Nov 29, 1995, 3:00:00 AM11/29/95
to

This message was forwarded to me and all my co-workers, igniting our own
little corporate net crisis of the month as we just installed three dozen
machines with Win 95, oh, two weeks ago.

Is this report about the ease to secure unauthorized access accurate? The
source is Newsbytes, so I'm assuming that it is. Are there any precautions
my sysadmin/network operator can take?


>FYI - got this over the net.
>
>
>Windows 95 Is A Hacker's Dream Over The Internet
>>
>>
>> Central, Hong Kong, Nov 9 (NB) -- Windows 95, combined
>> with the Internet, could be a dream made in hacker
>> heaven. From seasoned propeller heads Newsbytes has
>> contacted, it looks like Windows 95 could be more of
>> a security nightmare than was first thought.
>>
>> This is especially true where fixed link companies are
>> concerned. An investigation of the new operating system,
>> when hooked onto the Internet, leaves computers wide
>> open. Executing a series of simple, uncomplicated
>> commands opens up company and private users' computers to
>> hacking the moment they access the Internet, claim some
>> analysts.
>>
>> Worse, they may never know it has been done. Using a
>> simple Unix command, a hacker can locate the IP (Internet
>> protocol) address of the subscriber logged into an
>> Internet service provider. Then he needs only one more
>> thing; a logged-on Internet user using Microsoft's new
>> operating system.
>>
>> For businesses with leased line Internet links, it can
>> happen at any time, day or night. Once the IP address has
>> been noted, the hacker simply creates a file through DOS
>> on his own system, specifying the address and naming it.
>> Using two other commands -- which purge the remote names
>> on the IP, or Internet provider's port -- the system then
>> refreshes and remaps itself in preparation to be accessed
>> by the hacker's computer.
>>
>> Because Windows 95 is designed with a networking
>> capability, it leaves all computers in the office open to
>> illegal access. Once the hacker has called up his Map
>> Network Drive, the hard disk on his own machine cannot be
>> differentiated from that of the genuine user. All that
>> need be done then is to put in a common drive name, most
>> obviously "C:\." For networked machines, the default "C$"
>> is common.
>>
>> This gives access to all files on the subscriber's drive.
>> While Windows 95 allows the user to protect the drive by
>> giving it a password, computer experts Newsbytes talked
>> to said that device won't necessarily lock out intruders.
>> Because the operating system has no "audit" trail -- in
>> other words, it does not log who or how someone is
>> accessing the drive -- a hacker can spend weeks trying to
>> discover the password. Password search programs, like
>> Cracker, are readily available and can break through most
>> simple password sequences.
>>
David Smith * "We truly believe that even though we live in an
evil
bla...@bga.com * world, if you can stand up with a stronger
will, then you
President, EFF-Austin * can't be beaten down. This is the true spirit
of the
Board of Directors, CTCLU * EFF-Austin member" -- John Woo

0 new messages