This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mimeat_private for more info. --------------434C1B0112A2 Content-Type: TEXT/PLAIN; CHARSET=us-ascii Content-ID: <Pine.SUN.3.96.981201050953.21126Oat_private> Forwarded From: Virus News <spam@mail-me.com> Posted to: Virus News 12/01/98 http://www.zdnet.com/pcweek/stories/printme/0,4235,374497,00.html NT Server bug exposes user groups, users By Scott Berinato A bug in Microsoft Corp.'s NT Server 4.0 can expose a server's user groups and users, according to tests done by PC Week Labs. The bug only affects NT servers set to default settings with no firewall protection, a configuration rarely seen unless users are not concerned with security. So while administrators ought to be concerned, simple precautions can prevent the situation, PC Week Labs analysts said. However, on a Web page posted by "Vitali Chkliar," 10 companies are listed as susceptible to the bug as of November 25. To prove the point, Chkliar has links to the companies' hacked information. Chkliar also has two ASP (Active Server Pages) applications available at the site that will expose any site under the base NT configuration without a firewall. Users only need to know a server's IP address to learn the server's group names. Given the IP address and a group name, a hacker could pull user names from the server, according to the site. Chkliar could not be reached for comment. His site contains no e-mail address or contact information and attempts to locate him have proven unsuccessful. The Web page says that "It is also possible through lower level API to get read, write access to the registry and folders of the target computer, configured with default settings." Karan Khanna, lead product manager for Windows NT security at Microsoft, in Redmond, Wash., said this is not a security issue and that the function Chkliar provides on his Web page is available through a base-level API. "What's happening is, whenever you configure a server, we tell people to lock down the server appropriately so you can control the access to server," Khanna said. "In this situation, you haven't locked out the appropriate ports and haven't set the right access controls. We tell customers exactly how to lock down the systems. If you do it, this is a non-issue." Khanna also said the API does not allow write access, but it will allow read capabilities. "In Service Pack 4, we have a security configuration editor which allows automatic lock-down of NT Server," he said. Service Pack 4 is available now from Microsoft at www.microsoft.com. (For security considerations, Chkliar's Web site and the names of the hacked companies have been omitted from this story.) --------------434C1B0112A2-- -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:12:57 PDT