ad info




CNN.com
 MAIN PAGE
 WORLD
 ASIANOW
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
 TECHNOLOGY
   computing
   personal technology
   space
 NATURE
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 HEALTH
 STYLE
 IN-DEPTH

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

  CNN WEB SITES:
CNN Websites
 TIME INC. SITES:
 MORE SERVICES:
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines
 pointcast
 pagenet

 DISCUSSION:
 message boards
 chat
 feedback

 SITE GUIDES:
 help
 contents
 search

 FASTER ACCESS:
 europe
 japan

 WEB SERVICES:
COMPUTING

From...
Computerworld

Hacking group reveals IP-security glitch

August 13, 1999
Web posted at: 1:50 p.m. EDT (1750 GMT)

by Kathleen Ohlson

graphic
 ALSO:
Hackers, IT consultants embrace free security tool

Hacking your way to an IT career

 

(IDG) -- A hacking group says it's discovered a security vulnerability affecting Windows 95, 98 and 2000 as well as the SunOS and Solaris operating systems, allowing unauthorized users to intercept outgoing information.

The problem is related to the ICMP (Internet Control Message Protocol) Router Discovery Protocol (IRDF), which determines the way computers connect to the Internet. The glitch lets an attacker spoof a route, according to an advisory issued Wednesday by hacker-security specialists L0pht Heavy Industries (link below). As a result, attackers can reroute outbound traffic on vulnerable systems; modify traffic; act as "man in the middle;" or launch denial of service attacks, L0pht said. All of these attacks, excluding denial of service, require the unauthorized user to be on the same network as the victim, the specialists said.

Man-in-the-middle attacks occur when an attacker acts as "a proxy between the victim and end host," L0pht said. The victims think they are directly connected to the end host, but they are actually connected to the attacker, who is connected to the end host feeding information through. For example, an attacker acting as man in the middle may access all banking information online without the victim knowing, L0pht said.

A denial of service attack is when routers, T1 and T3 lines are jammed with data that prevent users from accessing a site.

According to L0pht's Weld Pond, Microsoft Corp. turned IRDF on by default for Windows 95 and 98, and it stays enabled even when a user has configured a system to turn it off. "This means that many people out there are running this vulnerable protocol and they don't know it," Weld said. "This is the crux of the security problem."

However, Microsoft said IRDP is enabled by default in Windows 95 and 98 "because the industry standard requires it." The company said IRDP attacks are due to "weaknesses in the protocol itself and not due to any security vulnerabilities in Microsoft products." Microsoft also said these attacks could happen with other vendors that implemented IRDF.

According to Microsoft, IRDF "assumes a benign environment" and can't check if any participants are deliberately providing false information. Agreeing with L0pht that an authenticated protocol would be more secure, Microsoft said it hopes L0pht plans "to design a more secure version of the protocol" and bring it to the Internet Engineering Task Force.


RELATED STORIES:
OPINION: A firewall can't do it all
July 30, 1999
Extranet management technology matures beyond the firewall
July 19, 1999
Is your business as safe as you think?
July 16, 1999
Global effort to push Net protocol
June 30, 1999
Is the e-commerce boom fueling security holes?
April 26, 1999

RELATED IDG.net STORIES:
Want to prevent break-ins? Just ask a hacker
(Computerworld)
Security hole in IE 5 reportedly exposes user names, passwords
(InfoWorld)
Making the Web safe for commerce
(The Industry Standard)
Hackers take a holiday
(PC World Online)
Security lax for federal employees' personal info
(FCW)
Clinton creates joint public-private security council
(Civic.com)
How does social engineering compromise Internet security?
(SunWorld)
Year 2000 World
(IDG.net)
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

RELATED SITES:
L0pht Heavy Industries advisory
Microsoft Corp.
Sun Microsystems, Inc.
IPV6
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
 LATEST HEADLINES:
SEARCH CNN.com
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.