Autor: Gregorio Kus (Grego_at_RMnet.it)
Data: Mon 31 Mar 1997 - 20:28:41 MET DST
==================BEGIN FORWARDED MESSAGE==================
>From: DGL Information Services
>Precedence: high
A major security flaw in Microsoft Windows NT has been revealed. The flaw
enables a remote user to unscramble encrypted information--including the
entire registry of user passwords--and display it as text.
This is especially troublesome for Microsoft because it has tried
positioning NT as more secure than alternatives such as Unix. And it
follows weeks of reports and fixes to the security of Internet Explorer,
Microsoft's flagship Internet web browser and email client.
A pair of professional security technologists wrote the code that found the
flaw. The code has been verified and is making the rounds on the Internet
in areas frequented by skilled hackers with an interest in NT-security
issues. The password-cracking code is the third major hack of NT.
Mike Nash, Microsoft's director of marketing for NT Server, acknowledged
the security flaw without elaborating on a possible fix.
"It's good that people are testing our products and the best thing we can
do is increase the awareness about security to our customers," he said.
"It's a double-edged sword," Jeremy Allison, principal author of the hack's
code."This is a useful utility for migrating users to Unix systems from
Windows NT, but it can also enable people to see all the actual passwords,
which until now wasn't possible. "If you are inside an NT system, this
could be used for hacker purposes," he said.
"All that's missing is intent," said Yobie Benjamin, senior consulting
architect for emerging technologies at Cambridge Technology Partners and
co-author of the code. "If somebody wanted to crack an NT server today, for
malicious purposes or financial gain, the pieces of the puzzle are now all
there."
Microsoft's Nash admitted to some of that. "In this case, it is possible to
break into the system and decrypt passwords," he said. "But it requires
that you have administrative privilege."
Yobie Benjamin disagrees. In fact, Benjamin said, even a "reasonably
skilled kid" with an inexpensive 386 PC and a 28.8Kbit/s modem could access
an NT network, though not through a direct dial-in and log-on attack.
Rather, access could be obtained via a "Trojan horse," which is a series of
small programs embedded in a file that are sent to a user via email over a
network.
"All one of these NT users has to do is double-click on one of these
programs to execute it and the program does what it's supposed to do,"
which is to retrieve plain text files of passwords, he said. "At some
point, (the program) E-mails back the results. You wouldn't even know what
hit you."
David Stephen Murphy, Damar Group, Ltd.'s President, warns that all NT
networks are now at risk for attack. "Most networks have some access to the
outside--either via remote access or direct Internet connectivity--unless
an additional tool such as Instant Internet is implemented, no NT system
administrator will be able to sleep confidently," he said.
Chris Goggans, senior networking security engineer at Wheelgroup agreed
that the hack code "makes NT or anything using Microsoft networking
vulnerable to attacks." Now that NT "is being accepted into all kinds of
environments, you're going to see all kinds of bugs come out," he said. But
that shouldn't be surprising. After all, Goggans noted, "we're still seeing
bugs coming out of 20-year-old Unix and NT is a baby in comparison."
Allison, a programmer at Cygnus Solutions, which provides Unix and NT
desktop and cross-platform development tools, said he put in only three
months of part-time work on the hack. "Microsoft's marketing has positioned
NT as being much more secure than Unix. They're playing on people's fears,"
he said. But "their password-encryption mechanism obviously has some flaws
in it. It's not as good as Unix's. They know that -- but I guess they'll
really know it now."
The security-breaching code goes directly for the heart of the NT security
system: the Security Accounts Manager (SAM), where the passwords reside.
The code effectively exploits that area by "breaking" the hashing algorithm
via a reverse-engineering technique.
"If someone can break into NT security," said Allison, "this allows them to
dump out the password database and run a 'dictionary attack.' It's very
easy because NT doesn't use 'salt,' data that avoids duplicate passwords
(salt adds another level of complexity to the password-hashing algorithm).
Instead, NT uses a very simple password-hashing algorithm."
On a positive note, by using this code NT system administrators can view
the passwords established by users. For years UNIX administrators have used
a program called Crack to open the password databases of their systems. But
until now, NT administrators had no similar program.
"However, with this code available on the net, anyone with access to a
network can effectively become a system administrator," said David Stephen
Murphy, President and CEO of Damar Group, Ltd.
"NT is not as safe as it had been, because of this hack," Goggans said.
===================END FORWARDED MESSAGE===================
-- /----------------------------------------------------------------- Gregorio Kus Grego_at_RMnet.it Grego_at_cyberspace.org ROMA, Italy 2ndAdmin_at_iName.com Grego_at_FreeNet.hut.fi Anonymous Mail Service - http://free.rmnet.it/~grego/AnonMail.html
To archiwum zostało wygenerowane przez hypermail 2.1.7 : Tue 18 May 2004 - 15:59:31 MET DST