"Think tank warns that Microsoft hack could pose national security risk"

"Think tank warns that Microsoft hack could pose national security risk"

Post by Adam Warne » Sun, 31 Dec 2000 23:31:36



The report is from the Center for Strategic and International Studies (CSIS)
(www.csis.org).

Here's the article:
http://www.veryComputer.com/,1199,NAV47-68-84-88-93_STO...
0.html

It also contains a link to the report:
http://www.veryComputer.com/*threatsandinfosec.pdf

I wonder if this could hurt Microsoft's defence aspirations? Also this is
partially the result of a closed source development process where security
through obscurity is paramount.

Some quotes from the report:

Page 6:
"Almost all the Fortune 500 corporations have been victims. The apparent
ease with which * criminals breached the security firewalls of
Microsoft, the world's mightiest software company, and obtained early sight
of unannounced coming products, sent alarms through the industrialized
world's computer dependent economies. If this could happen to Microsoft,
then no company is safe. The FBI, called in by Microsoft, suspects Russian
hackers. Whoever stole proprietary secrets at the heart of the ubiquitous
Windows program can hack into any PC in the world that uses it and is
connected to the Internet."

(Now that's an overstatement--I hope :-)

Page 20:
"A profound concern to both private and public entities becomes whether or
not any of these products will be trustworthy once they are released. It is
doubtful that the millions (sometimes billions) of lines of code required to
power Microsoft's products could readily be sanitized. More troubling still
is the admission that the hackers used a relatively unsophisticated program
(the QAZ Trojan Horse) to penetrate the security perimeter of the world's
most powerful software company. With most military and government systems
powered by Microsoft software and more generally reliant on COTS, this
recent development can pose grave national security-related concerns."

(billions of lines of code???)

Regards,
Adam

 
 
 

"Think tank warns that Microsoft hack could pose national security risk"

Post by goug.. » Sun, 31 Dec 2000 22:47:07



> The report is from the Center for Strategic and International Studies (CSIS)
> (www.csis.org).

> Here's the article:
> http://www.veryComputer.com/,1199,NAV47-68-84-88-93_STO...
> 0.html

> It also contains a link to the report:
> http://www.veryComputer.com/*threatsandinfosec.pdf

> I wonder if this could hurt Microsoft's defence aspirations? Also this is
> partially the result of a closed source development process where security
> through obscurity is paramount.

> Some quotes from the report:

> Page 6:
> "Almost all the Fortune 500 corporations have been victims. The apparent
> ease with which * criminals breached the security firewalls of
> Microsoft, the world's mightiest software company, and obtained early sight
> of unannounced coming products, sent alarms through the industrialized
> world's computer dependent economies. If this could happen to Microsoft,
> then no company is safe. The FBI, called in by Microsoft, suspects Russian
> hackers. Whoever stole proprietary secrets at the heart of the ubiquitous
> Windows program can hack into any PC in the world that uses it and is
> connected to the Internet."

> (Now that's an overstatement--I hope :-)

I see no reason why this should be an overstatement.  The group in
question probably now know all the security precautions taken in the
windows kernel an so can get around them.  Moreover, despite denials
from MS, they may have inserted Trojan code, giving them easy access to
all windows machines.

At the end of the day, it is closed source, so who knows?

--
http://www.veryComputer.com/

 
 
 

"Think tank warns that Microsoft hack could pose national security risk"

Post by Adam Warne » Mon, 01 Jan 2001 08:52:26


Hi goughtr,

Quote:> > hackers. Whoever stole proprietary secrets at the heart of the
ubiquitous
> > Windows program can hack into any PC in the world that uses it and is
> > connected to the Internet."

> > (Now that's an overstatement--I hope :-)

> I see no reason why this should be an overstatement.  The group in
> question probably now know all the security precautions taken in the
> windows kernel an so can get around them.  Moreover, despite denials
> from MS, they may have inserted Trojan code, giving them easy access to
> all windows machines.

> At the end of the day, it is closed source, so who knows?

One of the reasons why it must be an overstatement is that if someone uses a
firewall that blocks incoming connections by default then there would be
little if any way for anyone to break into the computer (unless they find a
buffer overrun in the early stage of the TCP/IP stack?)

Regards,
Adam

 
 
 

"Think tank warns that Microsoft hack could pose national security risk"

Post by goug.. » Mon, 01 Jan 2001 09:56:54



> Hi goughtr,

> > > hackers. Whoever stole proprietary secrets at the heart of the
> ubiquitous
> > > Windows program can hack into any PC in the world that uses it and is
> > > connected to the Internet."

> > > (Now that's an overstatement--I hope :-)

> > I see no reason why this should be an overstatement.  The group in
> > question probably now know all the security precautions taken in the
> > windows kernel an so can get around them.  Moreover, despite denials
> > from MS, they may have inserted Trojan code, giving them easy access to
> > all windows machines.

> > At the end of the day, it is closed source, so who knows?

> One of the reasons why it must be an overstatement is that if someone uses a
> firewall that blocks incoming connections by default then there would be
> little if any way for anyone to break into the computer (unless they find a
> buffer overrun in the early stage of the TCP/IP stack?)

> Regards,
> Adam

But if you use a closed source firewall, how do you know it really does
block incoming connections?  Or does this just sound paranoid?
--
http://www.guild.bham.ac.uk/chess-club
 
 
 

"Think tank warns that Microsoft hack could pose national security risk"

Post by The Ghost In The Machi » Tue, 02 Jan 2001 11:09:06




 wrote
on Sun, 31 Dec 2000 00:56:54 +0000


>> Hi goughtr,

>> > > hackers. Whoever stole proprietary secrets at the heart of the
>> ubiquitous
>> > > Windows program can hack into any PC in the world that uses it and is
>> > > connected to the Internet."

>> > > (Now that's an overstatement--I hope :-)

>> > I see no reason why this should be an overstatement.  The group in
>> > question probably now know all the security precautions taken in the
>> > windows kernel an so can get around them.  Moreover, despite denials
>> > from MS, they may have inserted Trojan code, giving them easy access to
>> > all windows machines.

>> > At the end of the day, it is closed source, so who knows?

>> One of the reasons why it must be an overstatement is that if someone uses a
>> firewall that blocks incoming connections by default then there would be
>> little if any way for anyone to break into the computer (unless they find a
>> buffer overrun in the early stage of the TCP/IP stack?)

>> Regards,
>> Adam

>But if you use a closed source firewall, how do you know it really does
>block incoming connections?  Or does this just sound paranoid?

One can try to connect to it from an outside source.  There
are a few websites -- hackerwhacker comes to mind
(http://www.hackerwhacker.com) -- which will, for free, attempt to
probe for vulnerabilities and report via Email what it finds.

There are a number of safeguards used -- for example, a valid
Email address must be used and the key is only good for 24 hours,
as I recall.

Quote:>--
>http://www.guild.bham.ac.uk/chess-club

--

                    up 93 days, 1:23, running Linux.
 
 
 

1. Microsoft's "borrowed" code may pose risk

A security flaw in open-source software used by Linux and Unix systems
for compression may affect some Microsoft products that also use the
code.

http://news.com.com/2100-1001-860328.html

Hehehheehheh
Sooooooooooo Microsoft Innovates (huh Erik, huh all you M$ paid
lackeys....
They "Borrow" Errrmmm If it was us borrowing from them it would be
"Stealing" right Erik??????...) its own code .

At least the Open Source people had a fix out in 24 hours... This
"Borrowed" heck Im gonna say Stolen code(Even though Erik will say its
legal to do it LOL" cannot be fixed as fast in Windows because its all
Closed Code LOL.

Thought on the state of this "Innovated Code"  ????
Jim

2. My compiled bash is too big...

3. Microsoft "Outlook" should be named Microsoft "Lookout"

4. DHCP and Hostname

5. GETSERVBYNAME()????????????????????"""""""""""""

6. WSH, anyone?

7. """"""""My SoundBlast 16 pnp isn't up yet""""""""""""

8. Contract Real Time

9. "otify" what is it? Security risk?

10. rss" and "stack" and "data" in /etc/security/limits file

11. "Land attack" - security risk?

12. "Kit", "Kat", and hacked Linux

13. WARNING: SCO-Xenix game "hack", setuid root