OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Russ (Russ.CooperRC.ON.CA)
Date: Mon May 14 2001 - 19:42:01 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----

    I just wanted to comment about the brain-dead media reports
    propagating from a story running on Yahoo today.

    http://smallbusiness.yahoo.com/entrepreneur.html?s=smallbiz/articles/2
    0010514/microsoft_ackno
    (probably wrapped to two lines)

    The story, from a year ago, pertains to the discovery of a string in
    dvwssr.dll and its alleged ability to backdoor NT. My message from
    4/14/2000 about the issue is attached below. There is no new backdoor
    discovery, Microsoft hasn't recently confirmed anything of the sort,
    Yahoo deserves to be shot for not putting a date on the article and
    not realizing it was wrong when it was first run. Looks like they're
    a bit hard up for ad revenue.

    For anyone who hasn't already deleted the file, read;

    http://www.microsoft.com/technet/security/bulletin/MS00-025.asp

    Cheers,
    Russ - NTBugtraq Editor

    Date: Fri, 14 Apr 2000 11:38:56 -0400
    From: Russ <Russ.CooperRC.ON.CA>
    Subject: Netscape engineers are weenies!
    To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM

    Ok, so let's deal with this.

    This text string, "!seineew era sreenigne epacsteN" is embedded in
    the
    dvwssr.dll that contains the vulnerability just discussed.

    The question raised is what is this string for, and is it a secret
    backdoor
    password. At least that's what the media seems to be hyping up.

    My information says that this string is used to obfuscate file names
    requested via the dvwssr.dll. Nobody seems to know why they're
    obfuscated at
    this point, but it does not represent a "password". Its a piece of
    static
    data used in the obfuscating process is all.

    FYI, it was put into the program sometime in 1995, when the program
    was
    first released, and definitely not in the "height of the battle
    between
    Netscape and Microsoft".

    If you get this string to do anything for you, please let us know.
    The fact
    that the .dll has a vulnerability in it which permits anyone with web
    authoring permission to get access to files on other sites on the
    same box
    may have led the discoverer to believe that it was a password to
    enable that
    "functionality". My information says the two things are unrelated,
    the
    vulnerability exists whether you know the string text or not.

    Let us not make another "NSA backdoor" out of this unless/until
    someone can
    actually prove a claim about it.

    Cheers,
    Russ - NTBugtraq Editor
    "dot-age" (as in "we're in the dot-age") = senility (source
    Webster's)

    -----BEGIN PGP SIGNATURE-----
    Version: PGP Personal Privacy 6.5.2

    iQCVAwUBOwB7WRBh2Kw/l7p5AQFXCgQAk5UFkM49NYb/LFG4ElfuCUkiE71BVacO
    8U1UdfSetJOJW793r5gzvmUdTDFyStn7uEx//RNdvr2r0NkYYqBXWanknWka+0NT
    stYDEB0RVgY7M+QmkbzTPqol0n2CUfXDJwwQJizXnnBVEfX2JfdEAzL7QOiLW4nj
    r/XI6NxDvII=
    =bCbt
    -----END PGP SIGNATURE-----