Hackers claim to find security holes in Microsoft's Windows
Web posted at: 10:51 p.m. EDT (0251 GMT)
From Correspondent Ann Kellan
LAS VEGAS (CNN) -- Some serious security holes may have been spotted in the latest Microsoft operating systems. A program just released claims to make it possible to remotely take over a computer running Windows '95 and '98 without the user's knowledge.
"I am currently writing a sniffing plug-in that allows you to sniff any traffic that goes by a Windows machine," explained the man who released the program." ... You can reboot a remote machine; you can lock up a remote machine."
He goes by the nickname Sir Dystic, and he is a member of a so-called hacker group. Members of this and other groups attended a recent hackers' convention in Las Vegas.
While the term "hackers" covers a wide range of people, many at the convention spend their free time figuring out how computers work and looking for weaknesses in computer programs that let people sneak in and look at what's on your computer without your knowing it.
Sir Dystic released the new program, called Back Orifice, at the convention. Back Orifice is a play on the name of Microsoft's software package, BackOffice. Back Orifice has advantages for users, but could pose security problems too -- and now it's widely available on the Internet.
According to the hacker group, a person can download the software from a Web site into a computer and, if the computer is logged onto a network, go to any other computer in the world, access it and run it remotely.
It's also possible for someone to load the program onto an unsuspecting victim's computer. This can be accomplished through e-mail attachments or through software that is unintentionally downloaded from the Internet.
"Once it's in there," Sir Dystic said, "a remote user can do pretty much anything that the local user can do and more ... including controlling the full file system, grabbing video from any cameras they have hooked up, seeing what they see on the screen, getting a log of what they type into the keyboard."
Microsoft sees no legitimate use for this product, and claims Windows users are safe.
"If you use safe computing practice on the Internet and do not download unsigned executables, meaning software from people you don't know, then you're not going to download this software," Microsoft spokesman Ed Muth said.
But Sir Dystic said the hackers are releasing the program to the public to force Microsoft's hand, pressuring the company to fix vulnerabilities in Windows security.
"By releasing this publicly, it is now something people have to deal with," he said. "It is an issue and it will be dealt with, or people will be screwed."
Microsoft said it tried to contact Sir Dystic and his hacker group about their program, but got no response.
Sunday 1:30pm - 2:00pm ET (10:30am - 11:00am PT)
Saturday 1:30pm - 2:00pm ET (10:30am - 11:00am PT)
Back to the top
© 2000 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.