RSS |
 |
| F E A T U R E | |
|
|
|
In Through the Back Door
August 21, 2000 |
||
|
|
If you want to pinpoint the security holes in Microsoft Windows, look no further than Back Orifice. Released in 1997 by a hacker group called the Cult of the Dead Cow (CDC), Back Orifice 2000 is one of the most powerful remote-administration tools used by the underground. It has two parts: a small, invisible server that runs on the victim and a client (either GUI- or CLI-based) that runs on the attacker's computer. The server is a tiny program that secretly installs itself and will run even after rebooting. It can be attached to any Windows executable, which will run normally after the server is installed. This means the server can sneak in just like any virus, completely transparently. Back Orifice 1.20 runs over any UDP (User Datagram Protocol) port but defaults to 31337 (which spells "elite" in warez-speak, a form of jive in the underground). There is no initial connection or handshake (other Trojans, including BO 2000, require an initial connection to be made), so it can be very quick and can do damage with only one or two simple packets. An attacker types in a command, and that command is the only thing sent to the victim. The victim computer then interprets the command and sends back a status message or other information, depending on the task that's been ordered. The attacker can initiate, among other things, a directory listing, a process list, a process kill, keystroke logging and the running of a small HTTP server. BO also supports the ability to write custom DLL (dynamic link library) plug-ins to extend flexibility, and the source code can be easily modified and recompiled. The software (and source code) can be downloaded from www.cultdeadcow.com/tools/bo.html.
| |
|
PAGE: 1 I 2 I 3 I 4 I 5 I 6 I 7 I 8 I 9 I NEXT PAGE |
||
Best of the Web
Data deduplication: Declawing the clones
Data deduplication is emerging as a critically important new arrow in the storage administrator's quiver to answer hard questions about the increasing problem in storage growth costs.
Compression, Encryption, Deduplication, and Replication: Strange Bedfellows
One of the great ironies of storage technology is the inverse relationship between efficiency and security: Adding performance or reducing storage requirements almost always results in reducing the confidentiality, integrity, or availability of a system.
WAN Optimization Whitelists and Blacklists
Optimization is a fantastic way of saving money and creating really happy customers at the same time, but it doesn't work flawlessly for all applications.
WAN Optimization as a Managed Service: It's Not About the Cost
This insight examines how organizations outsourcing their WAN optimization initiatives to a third-party go about achieving their goals for application performance, reducing operational costs, and streamlining enterprise infrastructure.
