Re: Another gaping security hole in Microsoft IE -- MIDRANGE-NONTECH

Lee,

Here's the e-mail on that special Microsoft email hole.

--Alan


----- Original Message -----
From: "Neil Palmer" <neilp@dpslink.com>
To: <midrange-nontech@midrange.com>
Sent: Wednesday, August 14, 2002 4:39 PM
Subject: Another gaping security hole in Microsoft IE


> 1. DEF CON TEAM DEMONSTRATES MICROSOFT IE TROJAN SETIRI
>
>
> From:
> *************** Club Tech Networking Tips Newsletter ***************
> A Penton Publication
> http://www.iSeriesNetwork.com                http://www.e-ProMag.com
> Issue 35                                             August 14, 2002
>
>
> 1. DEF CON TEAM DEMONSTRATES MICROSOFT IE TROJAN SETIRI
> Def Con is the infamous conference of underground "security
> specialists" (a.k.a. "hackers") that has become the annual venue for
> the alarming announcement of new security weaknesses. At this year's
> conference -- the 10th -- in Las Vegas, a team of three South African
> security consultants reported a flaw in Microsoft's Internet Explorer
> that lets them breach the security of virtually any firewall-protected
> network.
>
> The security breach uses a Trojan horse program, which is a program
> designed to look like something innocuous, but which actually carries
> a dangerous cargo to the deepest recesses of your protected network.
> The consulting trio, Roelof Temmingh, Haroon Meer, and Charl van der
> Walt, wrote a demonstration version of the Trojan horse program,
> called Setiri, and demonstrated it at the conference.
>
> Setiri propagates like many viruses -- via e-mail or an indiscreet Web
> download. Unlike a virus, however, it doesn't replicate itself.
> Instead, it opens an invisible window in IE that then connects to a
> secret Web server via an anonymous Web proxy called Anonymizer.com.
> Once Setiri reaches its mother ship, it can execute arbitrary commands
> on the infected user's computer, allowing it to do such things as
> install keystroke logging software or extract sensitive data files
> (such as password registries). By using Anonymizer.com, the identity
> of the mother ship site is hidden.
>
> Perhaps the most astounding fact about this demonstration is that
> Setiri does not exploit a hitherto-unrevealed Microsoft bug, as many
> prior viruses and Trojans have done. No, Setiri uses only standard
> features built into IE. Microsoft routinely uses the invisible window
> feature of IE to send surreptitious e-mails from a user's computer
> back to its own mother ship, Microsoft.com.
>
> Many people have warned for years that such Microsoft "back door"
> features can be uncovered and exploited by hackers. This is yet
> another instance of Microsoft inflicting damage on its own users
> through bad software architecture. Despite the fact that Roelof and
> his colleagues promise not to release their Trojan onto the Internet,
> the very fact that they have produced the program has spurred others
> to duplicate their work. At the same conference, a hacker in the
> audience claimed to have already produced a similar poison pill.
>
> For its part, Microsoft has reportedly acknowledged the invisible
> window problem and promised to look into a fix. In the meantime, you
> use IE at your own risk.
>
> Biographical information for the Setiri developers and an abstract of
> their presentation is available online at
>
> http://www.defcon.org/dcx-speakers.html .
>
>
> ___________________________
> Copyright 2002, Penton Technology Media
> http://www.iSeriesNetwork.com
> http://www.e-ProMag.com
>
>
> _______________________________________________
> This is the Non-Technical Discussion about the AS400 / iSeries
(Midrange-NonTech) mailing list
> To post a message email: Midrange-NonTech@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-nontech
> or email: Midrange-NonTech-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-nontech.
>
>