ad info

CNN.com
 MAIN PAGE
 WORLD
 ASIANOW
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
 TECHNOLOGY
   computing
   personal technology
   space
 NATURE
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 HEALTH
 STYLE
 IN-DEPTH

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

  CNN WEB SITES:
CNN Websites
 TIME INC. SITES:
 MORE SERVICES:
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines
 pointcast
 pagenet

 DISCUSSION:
 message boards
 chat
 feedback

 SITE GUIDES:
 help
 contents
 search

 FASTER ACCESS:
 europe
 japan

 WEB SERVICES:
Computing

Hackers claim to find security holes in Microsoft's Windows

Sir Dystic
"Sir Dystic"  
August 4, 1998
Web posted at: 10:51 p.m. EDT (0251 GMT)

From Correspondent Ann Kellan

LAS VEGAS (CNN) -- Some serious security holes may have been spotted in the latest Microsoft operating systems. A program just released claims to make it possible to remotely take over a computer running Windows '95 and '98 without the user's knowledge.

"I am currently writing a sniffing plug-in that allows you to sniff any traffic that goes by a Windows machine," explained the man who released the program." ... You can reboot a remote machine; you can lock up a remote machine."

He goes by the nickname Sir Dystic, and he is a member of a so-called hacker group. Members of this and other groups attended a recent hackers' convention in Las Vegas.

While the term "hackers" covers a wide range of people, many at the convention spend their free time figuring out how computers work and looking for weaknesses in computer programs that let people sneak in and look at what's on your computer without your knowing it.

Computer

Back Orifice

Sir Dystic released the new program, called Back Orifice, at the convention. Back Orifice is a play on the name of Microsoft's software package, BackOffice. Back Orifice has advantages for users, but could pose security problems too -- and now it's widely available on the Internet.

According to the hacker group, a person can download the software from a Web site into a computer and, if the computer is logged onto a network, go to any other computer in the world, access it and run it remotely.

It's also possible for someone to load the program onto an unsuspecting victim's computer. This can be accomplished through e-mail attachments or through software that is unintentionally downloaded from the Internet.

"Once it's in there," Sir Dystic said, "a remote user can do pretty much anything that the local user can do and more ... including controlling the full file system, grabbing video from any cameras they have hooked up, seeing what they see on the screen, getting a log of what they type into the keyboard."

Convention
A convention for so-called hackers was held in Las Vegas  

Microsoft sees no legitimate use for this product, and claims Windows users are safe.

"If you use safe computing practice on the Internet and do not download unsigned executables, meaning software from people you don't know, then you're not going to download this software," Microsoft spokesman Ed Muth said.

But Sir Dystic said the hackers are releasing the program to the public to force Microsoft's hand, pressuring the company to fix vulnerabilities in Windows security.

"By releasing this publicly, it is now something people have to deal with," he said. "It is an issue and it will be dealt with, or people will be screwed."

Microsoft said it tried to contact Sir Dystic and his hacker group about their program, but got no response.

Related stories:
Latest Headlines

Today on CNN


CNN Programs

  • Earth Matters
        Sunday 1:30pm - 2:00pm ET (10:30am - 11:00am PT)
  • Science & Technology Week
        Saturday 1:30pm - 2:00pm ET (10:30am - 11:00am PT)
    SEARCH CNN.com
    Enter keyword(s)   go    help

  •   
     

    Back to the top
    © 2000 Cable News Network. All Rights Reserved.
    Terms under which this service is provided to you.
    Read our privacy guidelines.