[ISN] New IE spy progie exploits DCOM

From: InfoSec News (isnat_private)
Date: Tue Jul 02 2002 - 02:35:10 PDT

  • Next message: InfoSec News: "[ISN] Web site exposes credit card fraud"

    By Thomas C Greene in Washington
    Posted: 02/07/2002 at 06:55 GMT
    A group of Japanese security enthusiasts has developed a little tool
    called IE'en which exposes traffic between an IE user and any server
    he's contacting, including logins and passwords over HTTPS.
    The group, SecurityFriday, has made the tool available for download
    here. [1]
    To use the tool it's necessary to log in as a current user on a Win-NT
    or 2K system. Of course if someone can log into your account they
    already have a great deal of your life in their hands and this is only
    going to give them a little bit more.
    What's interesting here is the ability to capture packets between the
    client and server by exploiting DCOM (Distributed Component Object
    Model), a Microsoft program interface allowing the mediation and
    exchange of program and data objects over a network, similar to CORBA.
    According to MS, it "enables software components to communicate
    directly over a network in a reliable, secure, and efficient manner."
    Well, reliable and efficient it may be, but 'secure' is clearly a bit
    of a stretcher. And as for a workaround, that's easy: make sure you
    have a strong password for your user account. If you think yours may
    be weak, or if you've shared it, then reset it. Ten characters
    involving a combination of lower and upper-case letters, numerals, and
    special characters will keep you safe from IE'en jockeys.
    [1] http://securityfriday.com/ToolDownload/IEen/ieen_doc.html
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Jul 02 2002 - 05:10:31 PDT