OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Frontpage and permissions - EVERYONE GROUP. (Daniel Docenkal 's Message to the list)
From: Steve (SteveSECURESOLUTIONS.ORG)
Date: Fri Mar 03 2000 - 15:01:06 CST

I am not entirely sure if I should have let this message through to the
list.

I don't normally do this but I took the liberty of further editing out the
domain names in question as while I believe that this is a valid issue that
needs to be known, I don't believe in hanging some poor company and their
system admins out to dry. The fact that their security is lacking will
cause them enough pain I am sure.

The whole point of this message is that many system administrators do not
realize what they are doing when they use the EVERYONE group in Windows NT.
In general, the EVERYONE group should never be used. I realize that a lot
of you will see this as a very obvious statement, but the message below
proves that others don't.

Regards;

Steve Manzuik
Moderator
Win2K Security Advice

-=- Online Archives can be found at www.ntsecurity.net -=-

-----Original Message by Daniel Docenkal------

How? What about this.

Open your FrontPage (97 or 2000) if you have on. Open web

http://www.*********.com/ (URL EDITED BY STEVE MANZUIK)

(that's commercial professional site, but still i want to protect them,
so
if you are clever enough you would guess)

And now feel free to do anything you want. Download everything, change
anything - just hack their page if you want. Also there is directory
PRIVATE
(how obvious) where .MDB file is stored (some 3.6MB big) - of course,
anybody can download the data.

For others

YES, i have sent the warning to COMPANY.
YES, they have answered me that it will be fixed
and YES, it was several days ago i have got that answer

and YES, it is still open (because EVERYONE group has ALL rights give by
somebody clueless).

and YES, there are free FrontPage security checkers and scanners - one
just
feeds there thousands of IP adresses, leaves it through night and at
morning, voila, there are hundreths of webs which are in the same
condition.

here is the copy of letter from that COMPAY:

------------------------------------------------------------------------ 

----
--------------------------------------------
From: Matthew webmaster [Matthew_webmaster*****.com]
Sent: 27.2.2000 10:23

Dear Daniel,

Thank you for the information, we will make the necessary changes to
that
site.

regards

webmaster  *****

                    Daniel

                    Docekal              To:     webmaster******.com

                    <ddocmia.cz>        cc:

                                         Subject:
http://www.************.com/

                    26/02/00

                    22:19

http://www.*******.com/

it might interest you that *******.com is completely open for any user
of
FrontPage - EVERYONE group has Administer, Author and browse rights. I
am
sure that it is not intended to be like this. So before someone makes
nice
hack, i suggest that you take neccessary steps and fix that sexurity
breach.

With best regards
Daniel Docekal
Editor in chief
Svet Namodro
http://svet.namodro.cz

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net