Lee, Here's the e-mail on that special Microsoft email hole. --Alan ----- Original Message ----- From: "Neil Palmer" <firstname.lastname@example.org> To: <email@example.com> Sent: Wednesday, August 14, 2002 4:39 PM Subject: Another gaping security hole in Microsoft IE > 1. DEF CON TEAM DEMONSTRATES MICROSOFT IE TROJAN SETIRI > > > From: > *************** Club Tech Networking Tips Newsletter *************** > A Penton Publication > http://www.iSeriesNetwork.com http://www.e-ProMag.com > Issue 35 August 14, 2002 > > > 1. DEF CON TEAM DEMONSTRATES MICROSOFT IE TROJAN SETIRI > Def Con is the infamous conference of underground "security > specialists" (a.k.a. "hackers") that has become the annual venue for > the alarming announcement of new security weaknesses. At this year's > conference -- the 10th -- in Las Vegas, a team of three South African > security consultants reported a flaw in Microsoft's Internet Explorer > that lets them breach the security of virtually any firewall-protected > network. > > The security breach uses a Trojan horse program, which is a program > designed to look like something innocuous, but which actually carries > a dangerous cargo to the deepest recesses of your protected network. > The consulting trio, Roelof Temmingh, Haroon Meer, and Charl van der > Walt, wrote a demonstration version of the Trojan horse program, > called Setiri, and demonstrated it at the conference. > > Setiri propagates like many viruses -- via e-mail or an indiscreet Web > download. Unlike a virus, however, it doesn't replicate itself. > Instead, it opens an invisible window in IE that then connects to a > secret Web server via an anonymous Web proxy called Anonymizer.com. > Once Setiri reaches its mother ship, it can execute arbitrary commands > on the infected user's computer, allowing it to do such things as > install keystroke logging software or extract sensitive data files > (such as password registries). By using Anonymizer.com, the identity > of the mother ship site is hidden. > > Perhaps the most astounding fact about this demonstration is that > Setiri does not exploit a hitherto-unrevealed Microsoft bug, as many > prior viruses and Trojans have done. No, Setiri uses only standard > features built into IE. Microsoft routinely uses the invisible window > feature of IE to send surreptitious e-mails from a user's computer > back to its own mother ship, Microsoft.com. > > Many people have warned for years that such Microsoft "back door" > features can be uncovered and exploited by hackers. This is yet > another instance of Microsoft inflicting damage on its own users > through bad software architecture. Despite the fact that Roelof and > his colleagues promise not to release their Trojan onto the Internet, > the very fact that they have produced the program has spurred others > to duplicate their work. At the same conference, a hacker in the > audience claimed to have already produced a similar poison pill. > > For its part, Microsoft has reportedly acknowledged the invisible > window problem and promised to look into a fix. In the meantime, you > use IE at your own risk. > > Biographical information for the Setiri developers and an abstract of > their presentation is available online at > > http://www.defcon.org/dcx-speakers.html . > > > ___________________________ > Copyright 2002, Penton Technology Media > http://www.iSeriesNetwork.com > http://www.e-ProMag.com > > > _______________________________________________ > This is the Non-Technical Discussion about the AS400 / iSeries (Midrange-NonTech) mailing list > To post a message email: Midrange-NonTech@midrange.com > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-nontech > or email: Midrange-NonTechfirstname.lastname@example.org > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-nontech. > >
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.