[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Win95 A Hacker's Net Dream

Windows 95 Is A Hacker's Dream Over The Internet

Central, Hong Kong, Nov 9 (NB) -- Windows 95, combined
with the Internet, could be a dream made in hacker
heaven. From seasoned propeller heads Newsbytes has
contacted, it looks like Windows 95 could be more of
a security nightmare than was first thought.

This is especially true where fixed link companies are
concerned. An investigation of the new operating system,
when hooked onto the Internet, leaves computers wide
open. Executing a series of simple, uncomplicated
commands opens up company and private users' computers to
hacking the moment they access the Internet, claim some

Worse, they may never know it has been done. Using a
simple Unix command, a hacker can locate the IP (Internet
protocol) address of the subscriber logged into an
Internet service provider. Then he needs only one more
thing; a logged-on Internet user using Microsoft's new
operating system.

For businesses with leased line Internet links, it can
happen at any time, day or night. Once the IP address has
been noted, the hacker simply creates a file through DOS
on his own system, specifying the address and naming it.
Using two other commands -- which purge the remote names
on the IP, or Internet provider's port -- the system then
refreshes and remaps itself in preparation to be accessed
by the hacker's computer.

Because Windows 95 is designed with a networking
capability, it leaves all computers in the office open to
illegal access. Once the hacker has called up his Map
Network Drive, the hard disk on his own machine cannot be
differentiated from that of the genuine user. All that
need be done then is to put in a common drive name, most
obviously "C:\." For networked machines, the default "C$"
is common.

This gives access to all files on the subscriber's drive.
While Windows 95 allows the user to protect the drive by
giving it a password, computer experts Newsbytes talked
to said that device won't necessarily lock out intruders.
Because the operating system has no "audit" trail -- in
other words, it does not log who or how someone is
accessing the drive -- a hacker can spend weeks trying to
discover the password. Password search programs, like
Cracker, are readily available and can break through most
simple password sequences.