ad info

CNN.com
MAIN PAGE
WORLD
ASIANOW
U.S.
LOCAL
POLITICS
WEATHER
BUSINESS
SPORTS
TECHNOLOGY
computing
personal technology
space
NATURE
ENTERTAINMENT
BOOKS
TRAVEL
FOOD
HEALTH
STYLE
IN-DEPTH

custom news
Headline News brief
daily almanac
CNN networks
CNN programs
on-air transcripts
news quiz

CNN WEB SITES:
CNN Websites
TIME INC. SITES:
MORE SERVICES:
video on demand
video archive
audio on demand
news email services
free email accounts
desktop headlines
pointcast
pagenet

DISCUSSION:
message boards
chat
feedback

SITE GUIDES:
help
contents
search

FASTER ACCESS:
europe
japan

WEB SERVICES:
Computing

Hackers claim to find security holes in Microsoft's Windows

Sir Dystic
"Sir Dystic"
August 4, 1998
Web posted at: 10:51 p.m. EDT (0251 GMT)

From Correspondent Ann Kellan

LAS VEGAS (CNN) -- Some serious security holes may have been spotted in the latest Microsoft operating systems. A program just released claims to make it possible to remotely take over a computer running Windows '95 and '98 without the user's knowledge.

"I am currently writing a sniffing plug-in that allows you to sniff any traffic that goes by a Windows machine," explained the man who released the program." ... You can reboot a remote machine; you can lock up a remote machine."

He goes by the nickname Sir Dystic, and he is a member of a so-called hacker group. Members of this and other groups attended a recent hackers' convention in Las Vegas.

While the term "hackers" covers a wide range of people, many at the convention spend their free time figuring out how computers work and looking for weaknesses in computer programs that let people sneak in and look at what's on your computer without your knowing it.

Computer

Back Orifice

Sir Dystic released the new program, called Back Orifice, at the convention. Back Orifice is a play on the name of Microsoft's software package, BackOffice. Back Orifice has advantages for users, but could pose security problems too -- and now it's widely available on the Internet.

According to the hacker group, a person can download the software from a Web site into a computer and, if the computer is logged onto a network, go to any other computer in the world, access it and run it remotely.

It's also possible for someone to load the program onto an unsuspecting victim's computer. This can be accomplished through e-mail attachments or through software that is unintentionally downloaded from the Internet.

"Once it's in there," Sir Dystic said, "a remote user can do pretty much anything that the local user can do and more ... including controlling the full file system, grabbing video from any cameras they have hooked up, seeing what they see on the screen, getting a log of what they type into the keyboard."

Convention
A convention for so-called hackers was held in Las Vegas

Microsoft sees no legitimate use for this product, and claims Windows users are safe.

"If you use safe computing practice on the Internet and do not download unsigned executables, meaning software from people you don't know, then you're not going to download this software," Microsoft spokesman Ed Muth said.

But Sir Dystic said the hackers are releasing the program to the public to force Microsoft's hand, pressuring the company to fix vulnerabilities in Windows security.

"By releasing this publicly, it is now something people have to deal with," he said. "It is an issue and it will be dealt with, or people will be screwed."

Microsoft said it tried to contact Sir Dystic and his hacker group about their program, but got no response.

Related stories:
Latest Headlines

Today on CNN


CNN Programs

  • Earth Matters
    Sunday 1:30pm - 2:00pm ET (10:30am - 11:00am PT)
  • Science & Technology Week
    Saturday 1:30pm - 2:00pm ET (10:30am - 11:00am PT)
    SEARCH CNN.com
    Enter keyword(s) go help


  • Back to the top
    2000 Cable News Network. All Rights Reserved.
    Terms under which this service is provided to you.
    Read our privacy guidelines.