Re: [ISN] Things Better Left Undone (read: scathing hacker article)

From: mea culpa (jerichoat_private)
Date: Fri Sep 25 1998 - 13:36:32 PDT

  • Next message: mea culpa: "[ISN] Tracking Global CyberCrime"

    [Moderator: I think this reply will speak for most of us. Last of the
     thread..]
    
    Reply From: Anonymous 
    
    On Fri, 25 Sep 1998, mea culpa wrote:
    
    >      At a hacker convention - yes, they have a convention - a group of
    > hackers released some new hacker software they call "Back Orifice,"  a pun
    > on Microsoft's BackOffice. The hackers claim that Back Orifice can allow
    > hackers complete, unobstructed access to an individual's desktop and hard
    > drive on any PC running Windows '95 or Windows '98.  (They claim to be
    > working on an NT version). For the hackers to get access, a user must
    > unwittingly download Back Orifice from the Internet to their own computer. 
    
    And judging from the technical savvy of the average Microsoft user, many
    of them *will* unwittingly download BackOrifice.  These are the same
    people who propagate the "Good Times" and "Join the Crew" virus hoaxes,
    for pete's sake. 
    
    >      Microsoft says you'd have to be pretty stupid to download a file from
    > an untrusted source, but I'm sure Back Orifice can find its way around. 
    
    Uh...Microsoft says that Microsoft users are "pretty stupid."  Wow.  First
    time that company's called a spade a spade. 
    
    >      And now these hackers - who claim to have written Back Orifice for
    > the *good* of the computer industry - have created it, security risks on
    > the Internet are that much greater. 
    > 
    >      Thanks a lot, guys. 
    
    You're welcome. 
    
    But seriously, would the author of this diatribe prefer that hackers kept
    these nifty little vulnerabilities to themselves and gradually released
    them, one-by-one until every system out there was crawling with little
    baby BackOrifices? 
    
    I'd suggest Mr. Hanback abandon his ostrich-like stance with regard to
    computer security.
    
    >      Hackers claim they write this kind of software to reveal security
    > holes in software so that manufacturers can fix them. Fine, but the group
    > that created Back Orifice also allows it to be downloaded freely from the
    > Internet by any psychotic geek who desires to see what his fatal
    > attraction has stored on her hard drive. 
    
    You forgot to throw in "Digital Pearl Harbor" and "Electronic Terrorism," 
    Mr. Hanback.  Come on, if you want to whip up hysteria, at least make an
    effort!
    
    >      Forgive me if I question the hackers' intentions. If they meant well,
    > they wouldn't be demonstrating their software to the world at large.
    > They'd be sharing it with Microsoft, who could then fix the problem. 
    
    These problems *have* been shared with Microsoft innumerable times in one
    form or another.  That nothing was done to repair them is certainly no
    fault of cDc. 
    
    >      Here's my advice to computer users who fear Back Orifice: Don't
    > download files from sources you don't know or don't trust. And start
    > asking Microsoft for a fix. So far, the company has not released any
    > indication that it plans to secure Windows against Back Orifice. 
    
    The latter part of this paragraph demonstrates who the true villian in
    this whole mess is.  Microsoft has long been aware of the problems, yet
    did nothing. 
    
    >      How do we know that hackers have become a danger to society?  The
    > White House took special precautions to make sure no one could intercept
    > the closed-circuit broadcast of the president's testimony to Kenneth
    > Starr's grand jury. If the White House is worried about the problem, we'd
    > probably better be worried too. 
    
    And the cryptologic methods that the White House utilized in that
    closed-circuit broadcast are the *same* robust cryptologic methods which
    they seek to deny the average American citizen.  Now try to tell me that
    Washington really has our best interests at heart. 
    
    >      And if you meet a hacker named Sir Dystic (the individual who
    > released Back Orifice, and whose name is an obvious play on "sadistic"),
    > punch him in the nose. Or maybe you can just sue him for invasion of
    > privacy. 
    
    Uh..."punch him in the nose."  Now *WHERE* have I heard that before??  Oh.
    Oh yeah...*that* "book."
    
    Well, when I next run into Sir Dystic, I'll clap him on the back and buy
    him a drink.  Anyone who can, by merely releasing one software package,
    make a Software Giant look like a bungling fool is A-Okay in my book.
    Fools such as Mr. Hanback are hardly worth the derision they've earned.
    
    >      In fact, "hacker" is too mild a term for people who try to force a
    > corporation's hand by threatening the computing safety of millions of
    > innocent people. By that definition, these people are not hackers; they're
    > cyber-terrorists.  --
    
    *rolling eyes*  Someone forget their medication. 
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:05:54 PDT