(A Javascript-enabled browser is required to email me.)
TBTF logo

TBTF for 1998-08-10: No bananas

Keith Dawson ( dawson dot tbtf at gmail dot com )
Tue, 11 Aug 19:44:51 -0400


 _   _
[ x x ]
 \   /
 (' ')

Back Orifice is open for mischief

ISS deconstructs the feared cracker tool and finds it wanting

The Cult of the Dead Cow's trojan backdoor tool, covered in TBTF for 1998-07-27 [1], has caught the attention of the industry media, bigtime. Today's PC Week features an editorial [2] as well as a lab analysis [3] of Back Orifice. Microsoft responded to the news on 8/4 with content-free marketing blather.

Back Orifice is unlikely to pose a threat to the vast majority of Windows 95 or Windows 98 users, especially those who follow safe internet computing practices.
Curiously, Microsoft's security page links two variant but seemingly official versions of this feel-good memo [4], [5]. cDc's response [6] to the Microsoft damage-control statement is easily more convincing.

The most useful contribution so far to the public BO discussion comes from ISS, which published its analysis [7] on 8/6. ISS reverse-engineered and conquered BO's weak encryption scheme.

With our tools we have been able to capture a BO request packet, find a password that will work on the BO server, and get the BO server to send a dialog message to warn the administrator and kill its own process.
ISS summarizes the threat this way.
Back Orifice provides an easy method for intruders to install a backdoor on a compromised machine. Back Orifice's authentication and encryption is weak, therefore an administrator can determine what activities and information is being sent via BO. Back Orifice can be detected and removed. This backdoor only works on Windows 95 and Windows 98 for now and not currently on Windows NT.
cDc hints that an NT version is on the way. BO has seen 35,000 downloads thus far.

[1] http://www.tbtf.com/archive/1998-07-27.html#s04
[2] http://www.zdnet.com/pcweek/opinion/0810/10week.html
[3] http://www.zdnet.com/pcweek/reviews/0810/10hack.html
[4] http://www.microsoft.com/security/mktBackOrifice.htm
[5] http://www.microsoft.com/security/bulletins/ms98-010.htm
[6] http://www.cultdeadcow.com/tools/bo_msrebuttal.html
[7] http://www.iss.net/xforce/alerts/advise5.html


Judge to MS: hand 'em over

Initial rulings favor the Justice Department

On 8/7 judge Thomas Penfield Jackson handed Microsoft a series of setbacks [8], [9] in the antitrust suit brought by the Justice Department, 20 states, and the District of Columbia. The company is required to produce its chairman and 16 other executives this week for as long as it takes to depose them -- Microsoft had offered 8 hours of Bill Gates's time and 8 executives. (I wonder how they think court proceedings work?) And the company is required to turn over source code for Windows 95 and Windows 98 without the restrictions Microsoft had sought to impose on those who study the code. (Microsoft lost a similar battle a week before in a different lawsuit -- see the following story.)

On 8/10 Microsoft filed a 33-page counter to the authorities' request that the company be ordered to offer Windows without Explorer, and in addition filed an 88-page motion for summary judgement. Judge Jackson signaled last Friday his attitude toward the latter brief, saying "Well, you certainly are entitled to [file for dismissal]," but "any dispute of material fact, even one, is sufficient to deny summary judgment." It is fair to say that the facts are still in dispute. As for Microsoft's attempt to demonstrate that they intended -- really! -- to integrate browser and OS as early as 1993, a timeline [10] on their own MSNBC belies the claim. Thanks to the folks at Need to Know for this link.

Judge Jackson will rule soon on a request for public access to the proceeding in which Microsoft executives are deposed [11].

Note added 1998-08-12:
Judge Jackson has ruled that the deposition hearings must be open to the public and the press. The 1913 antitrust law gave him very little leeway, he said. Depositions were to have begun today, but have been put off until lawyers for the two sides can work out how to protect Microsoft's proprietary information in an open forum. The open hearing was requested by the New York Times and other media outlets.

[8] http://www.wired.com/news/news/politics/story/14275.html
[9] http://cbs.marketwatch.com/news/current/msft.htx
[10] http://www.msnbc.com/news/118315.asp
[11] http://www.news.com/News/Item/Textonly/0,25,25149,00.html?tbtf


Another source-code ruling goes against Microsoft

In an earlier case, another procedural loss

On 7/28 a Utah federal judge ruled [12] that Microsoft must turn over source code to Windows 95 to Caldera, a Utah company suing Microsoft for unfair trade practices in the OS market in the days when DOS had competitors [13]. Microsoft had demanded a stipulation that anyone who sees the code be barred from OS development for 18 months, but the judge denied this request.

The judge also ruled that internal Novell documents in the case be unsealed, and Microsoft has released some of them [14]. Novell owned the DR-DOS technology that Caldera bought and over which it is suing Microsoft. The documents outline Novell's thinking in the early 1990s when it was mulling the option to sue Microsoft, which Novell never did. One surprise in the documents is the news that Microsoft made a verbal offer to buy Novell in 1989 and put it in writing in 1991. Novell judged that the offer was a ploy to forestall a lawsuit, and that Microsoft knew such a merger would never be approved by federal regulators.

[12] http://www.sltrib.com/07291998/utah/45304.htm
[13] http://www.tbtf.com/archive/1998-04-27.html#s03
[14] http://www.sltrib.com/1998/jul/07191998/business/43821.htm


Microsoft countersues the states

Surprising invocation of a Constitutional principle

In a filing formally denying the antitrust charges lodged by 20 states and the District of Columbia, on 7/28 Microsoft accused the states of Constitutional violation of its copyright privileges [15]. Microsoft's argument to dismiss the states' case turns on the Supremacy clause of the US Constitution, which declares that federal laws take precedence over state laws. The company argues that by attempting to limit and define the content of Windows 98, the states are violating Microsoft's right to license its intellectual property in unaltered form. Independent attornies contacted by the SJ Mercury News called the countersuit surprising, unexpected, and not at all far-fetched.

[15] http://www.mercurycenter.com/business/top/026285.htm


Is the name altavista.com worth $3M?

Reported purchase shatters the price record

The SF Chronicle reported that Compaq Computer, which recently completed the purchase of Digital Equipment Corp., bought the domain name altavista.com for $3.35M USD [16]. If true this would represent a new record high price for a domain name. The highest previous price I have heard about was for internet.com, which was rumored to have fetched $150K. TechWeb reports that Compaq has denied that the price was over $3M and denied that, at the time of the Chronicle story, the deal was done [17].

[16] http://www.sfgate.com/cgi-bin/article.cgi?file=...
[17] http://www.techweb.com/wire/story/TWB19980728S0014


A brace of email security holes

Afflicting the oldest push technology

First a security flaw based on long filenames for file attachments affecting Outlook Express and Netscape Communicator [18] had Microsoft and Netscape scrambling for fixes. Microsoft's is now available [19], Netscape's isn't yet -- but the developer of Sendmail has also developed a free fix to run on mail servers [20]. The flaw was found by a Finnish tester. It affects Windows platforms only. Here is Netscape's explanation of the bug [21].

Next it was Eudora's turn in the barrel [22]. On 7/29 the president of Phar Lap Software discovered a way to cause Eudora to display a file attachment masquerading as a live link. While users may know the dangers of double-clicking on an unknown attachment, they might consider it safe to click on a link. The vulnerability exists in Eudora Pro 4.0, 4.0.1, and 4.1, again on Windows; older versions and the Macintosh are immune. The problem only happens when Eudora uses Internet Explorer to display Web content -- there's that pesky integration of browser and OS acting up again. Eighteen million copies of Eudora are in use, not all of them the affected versions. Qualcomm has posted a fix [23].

[18] http://www.mercurycenter.com/business/top/001482.htm
[19] http://support.microsoft.com/download/support/mslfiles/OUTPATCH.EXE
[20] http://www.sjmercury.com/business/tech/docs/084718.htm
[21] http://home.netscape.com/products/security/resources/bugs/longfile.html
[22] http://www.wired.com/news/news/technology/story/14299.html
[23] http://eudora.qualcomm.com/pro_email/updaters.html


Telephony into streaming audio

Convert analog to RealAudio in near-realtime

Colorado company TellSoft Technologies [24] is less than a year old and its iTalk technology is making large waves. TellSoft has defined a server architecture for converting analog voice messages from the circuit-switched phone network into streaming, compressed RealAudio files -- and fast. The company is a primary partner in RealNetworks next-generation development beta. TechWeb has a good summary of the technology and its markets [25].

[24] http://www.tellsoft.com/
[25] http://www.techweb.com/wire/story/TWB19980724S0010


Three hackers and a security consultant

Beware the fabled HERF, and shun the Nether Orifice

If this interview [26] doesn't scare you, you're not paying attention. The four subjects have plenty of attitude -- comes with the territory -- and they seem to know whereof they speak. Is it really possible to put together a high-energy radio frequency weapon that can disable all the electronics in a building from its parking lot? One of the hackers calls it a "$300 poor man's nuke." NTK reports [27] that the FBI detained a hacker named Ph0n-E at the recent Defcon hackers convention because he had promised to show a prototype HERF gun.

[26] http://www.forbes.com/asap/6396/hack.htm
[27] http://www.ntk.net/index.cgi?back=archive98/now0807.txt


Buzzword Bingo

Whiling away those Dilbert hours

If at your next corporate meeting you detect occasional inappropriate currents of wild mirth, be suspicious: as you speak your employees may be using you as the unwitting caller in a game of Buzzword Bingo. Speaking at a recent college graduation, Al Gore caught a ripple of suppressed tittering from the audience and asked, to his credit, "Did I just use a buzzword?" No one knows when the game started; my guess is the first Buzzword Bingo cards were printed on line-printer paper and generated from a Teco macro. It's easier today. Visit any one of these sites [28], [29], [30], [31], hit Print and Reload as many times as your meeting has attendees, and hand 'em out. Meep! Media grabbed the domain name [32] and styles itself the epicenter of the BB phenomenon. But by its nature Buzzword Bingo is anarchic and unpossessable.

Note added 1998-08-12: Debby Levinson <debby at mit dot edu> pinned down the incident mentioned above: Al Gore's encounter with Buzzword Bingo was a distributed hack by the 1996 graduating class of MIT [32a].

Jamie Morgan <jamie at morgan dot xo dot com> sent in this URL [32b] from which you can download Buzzword Bingo for the Palm Pilot 2.0. This page also links the Dilbert strip [32c] it claims is the original inspiration for the hack.

[28] http://reality.sgi.com/cgi-bin/bingocard
[29] http://skat.usc.edu/~karl/Bingo/
[30] http://timesync.gmu.edu/cgi-bin/bingo.pl?card
[31] http://it.ncsa.uiuc.edu/~mag/cgi-bin/bingo/bingo.cgi
[32] http://buzzword-bingo.com/cgi/buzzcard.cgi
[32a] http://hacks.mit.edu/Hacks/by_year/1996/gore/
[32b] http://monkeyboys.org/pilot/
[32c] http://monkeyboys.org/images/dilbert-buzzword.jpeg


No bananas

Tracking the spread of a Web-era meme

On my brief vacation last week in Maine I came across an appealing digital-age meme [33]. The proprietors at a pottery studio and showroom in Tenants Harbor are educated and literate but resolutely un-wired. A hand-lettered sign above a door boasts:

This meme had infected them at a Boston brew pub, they said. When I checked the domain name it hadn't been claimed. That changed quick [34], and the No Web site is now a member in good standing of the Technology Front's eclectic stable. Please write if you come across any other commercial establishments sporting the No Web meme.

[33] http://www.whatis.com/meme.htm
[34] http://www.nowedonthaveawebsite.com/


bul Yes, as a matter of fact I do try to arrange to vacation in places where I can get IP tone.

bul This week's TBTF title comes from a novelty song [35] by Frank Silver and Irving Cohn, the hit of 1923 as sung by Eddie Cantor.

[35] http://www.lyrics.ch/query/get?s=14707


bul For a complete list of TBTF's (mostly email) sources, see http://www.tbtf.com/sources.html.

TBTF home and archive at http://www.tbtf.com/ . To subscribe send
the message "subscribe" to tbtf-request@world.std.com. TBTF is
Copyright 1994-1998 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Com-
mercial use prohibited. For non-commercial purposes please forward,
post, and link as you see fit.
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.