From: mea culpa (jerichoDIMENSIONAL.COM)
Date: Fri Sep 10 1999 - 16:20:31 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.zdnn.com/a/zdnn091099/2331412/

A real Windows back door
Beta 3 releases of Windows 2000 are wide open to hack attack.

By David Raikow, Smrt Reseller
September 9, 1999 12:58 PM PT [INLINE]

Amid all the spurious hype about the supposed "NSA Back Door" in Windows
NT, a real and very dangerous security breach in some builds of Windows
2000 Beta 3 has gone almost unnoticed.

Add your comments to the bottom of this page. In an e-mail circulated
Monday, David Litchfield of security consultancy Arca Systems Inc.
described a simple technique that would give an attacker full access to a
susceptible machine.

Microsoft (Nasdaq:MSFT) acknowledges it was aware of the breach within
days of shipping Windows 2000 Beta 3 in April. The breach will be disabled
in its Release Candidate 2 build, which Microsoft could release next week.

While not the final release of Windows 2000, Beta 3 is the most widely
circulated build, and one which Microsoft sold to interested testers and
got certain OEMs to agree to preload on new systems. Microsoft claims
that more than 650,000 testers are working with the build and the
subsequent release candidates which Beta 3 testers receive.

Autologin the culprit The Windows 2000 security problem stems from an
"autologin" feature that Microsoft incorporated into the initial Beta 3
release.

[snip..]

ISN is sponsored by Security-Focus.COM

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]