Date: Wed, 02 Dec 1998 14:10:50 -0800 From: Greg Shenaut <greg@bogslab.ucdavis.edu> To: questions@FreeBSD.ORG Subject: Re: back orifice Message-ID: <199812022210.OAA18109@deal1.bogs.org> In-Reply-To: Your message of "Wed, 02 Dec 1998 16:22:57 EST." <6C37EE640B78D2118D2F00A0C90FCB441A5CF7@site2s1>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <6C37EE640B78D2118D2F00A0C90FCB441A5CF7@site2s1>, Christopher Michaels - SSG cleopede: >Not to mention that any malicious user inside of the firewall can wreak >total havoc on any systems with Back Orifice installed. My understanding of >the purpose of that software was to point out and exploit a security hole in >Win95 to gain a response from Microsoft. Not to be used as a legitimate >administration tool. (although it does sound promising). Thanks to you and others for pointing out the potential security holes. It sounds *very* promising. I did look at a web site that discusses the security issues involved, and my understanding of it was that if the program is installed *on purpose* and correctly (i.e., with an adequate, maintained password) that it is not much less (if any less) secure than a *nix system that allows remote access to its root/superuser account. The big security problem comes from the fact that unscrupulous folks out on the 'net are including it in "free" software add-ons so that it can be installed without the user knowing it, with no password (or, I suppose, a password known only to the cracker). Then people can break into net-accessible W95 machines whose owners don't even know their systems allow remote access. In my case, all of the W95 machines navigate their way to the Internet via natd on a fbsd server, and currently none are accessible directly from the outside. And of course, I will install BO with passwords and other necessary security features installed. -Greg To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812022210.OAA18109>