Slashdot Mirror

This makes Google's browser hostile code. It should not be allowed through corporate firewalls. On the browser front, progress has been made by giving parts of the browser that run external code less privilege. Sandboxing Flash and Acrobat Reader is progress. Mozilla's dividing of add-ons into a non privileged content script and a somewhat more privileged add-on code is progress. Putting an equivalent of Back Orifice into a browser is not.

The announcement says: the technology right now is limited so that permission must be granted each time remote administration is activated. How long will that last? Could be changed silently by a forced update? What if law enforcement wants to use it? Does the remote session run through a Google server? (The protocol is apparently based on Google Talk, which does.) How else do they get two clients behind DHCP routers talking to each other? Is the connection encrypted? Is it encrypted end to end, or is the server in a position to mount a man in the middle attack? Does Google commit contractually to not accessing your machine, or is there an EULA that says they can do that whenever they want to?

If you want remote desktop access in the corporate environment, there are management tools for that. They're usually locked down tightly, since they're inherently a security risk.

While Live CDs are the best way to remove a lot of viruses, and the only way to remove some, you're just being a dork.

I know, I know....AC and all....

But, instead of doing this pointless crap to get FRSTSOYSPOSGSTTPTT, why don't you do something useful.

Like, maybe point the poster to something that could be exactly what they're looking for:

http://www.bo2k.com/software/index.html
BackOrifice 2000.

Remote control/administration tool, which can be used for all sorts of perfectly legitimate things, or be totally nefarious.
It's also open source, modular, and the client control console will run on Linux.

What more could he want?

Don't forget the link to Back Orifice 2000. :)

simple web browsing is still "safer" in Firefox. Your computer might get pwn3d

than to have a hacker gain any kind of control over your machine.

Do you even know what the word "pwn" means? It is "to seize total control, almost as if the legal owner". A pwn3d PC must be assumed to have a bo2k install or even worse.

Yes, a few people have used Back Orifice, a renowned trojan, for legitimate tasks. Firefox root exploits are unlikely to be used for good though...

Hehe, you probably had these pictures in mind:

http://www.ntk.net/bo2k/

alternatively:

Google 1st picture, Google 2nd picture

Back Orifice indeed had this functionality back in 1998. We used it on friends a couple of times for fun.

The program was released by CDC

The feature list contains the following:

"Multimedia control
Play wav files, capture screen shots, and capture video or still frames from any video input device (like a Quickcam)."

Here's a link to the whole feature list and application.

Back Orifice was followed by the second version, Back Orifice 2k (BO2k) which still seems to be maintained.

At the time, Netbus was another alternative.

BackOrifice! *ducks*

Talk about passe' -- hey, how come nobody in the spyware/drive-by-installer/adware discussion ever talks about cDc or Back-Orifice anymore? Have they been rendered totally irrelevant or are those bastards in the spyware "industry" the only ones who actually paid attention to the lessons they tried to teach about MS security?

Back Orifice 2k (FAQ here.)

What happens if I do nothing?

The Macromedia Flash Player automatically detects any default microphone or other audio recorder on your computer, and sets microphone sensitivity to a medium value.

....

What happens if I do nothing?

The Flash Player automatically detects any video cameras on your computer and displays the name of the default camera it will use. If you do not select another camera from the pop-up menu, the Flash Player uses the default camera. To see a live display of the image being detected by the default camera, click the video preview area.


Now this is scary.

But picture this-- a virus that takes your picture, records you for a minute, compresses into .mp3, then sends the sound and a snapshot as an email attachment to the next person...

I think Back Orifice already has this in as a plugin, but man, a viral version of this... What's the best way to disable a laptop mic?

W

As you should know, one of the best Open Source direct competitors to Microsoft SMS is Back Orifice 2000. Enable it with a password and some strong encryption and it's just fine, thank you :D

a company, maybe. But perhaps not a product. Take Back Orifice for instance.

Well, the cops can just say posession itself proves intent.

Possession of a tool indicates possible intent to use that tool for one or more of the purposes for which it is designed, not necessarily for the most destructive purpose. For instance, a crowbar can be used for changing a tire, a well-written portscanner can help index the Internet by finding hosts that run a given service, and the Back Orifice package is designed to administer Windows machines remotely. Other factors must be considered.

The record industry would then be able to not only determine whether there were any illegal copies of their works on individual computers, but be able to place songs users should be listening to onto their machines.

The Orifister(TM): "Playing the Songs You Should Hear, When We Want You To Listen.®"

But as the AC pointed out:
the ability to get a screen capture via a sudden-notice attack on a Windows box (Win9x? WinNT?) seems very unlikely. There's reason to be skeptical.

You can certainly read through the comments from the time is was discussed here on slashdot, but I'll boil it down a bit. There seems to be three schools of though (more or less).

• It's gotta be a fake, windoze doesn't have remote login and nobody could have done that hacking. (as our AC above pointed out)
• It's real... it'd be very hard and a lot of work to fake so much data. The spammers were running windows file sharing wide-open, and they used PC Anywhere, so their systems were very easy to attack (many people provided details of how to do it). The (very long) ICQ chat logs show them asking script kiddies for help setting up their networking, and there's conversations about how they liked PC Anywhere so they could lay in bed while "working".
• The data is real, but the "hacker" is someone who had physical access and stole the disks or otherwise made a copy with physical access.

Maybe it's all a hoax, but as many folks posted, the remote windows screen capture is apparantly a simple trick if the target has unsecure windows file sharing. The Back Orifice tool is certainly not a hoax.

So if it really was a hoax, I'd like to see some real evidence that it's a hoax... remembering that remote windoze screen capture being a relatively easy thing if file sharing is unsecure, and not even all that hard if you can trick the user into running some code in one of many ways pointed out in the June 7th discussion. A thing like this is much easier to prove to be a hoax than to confirm.

It may indeed be a hoax, so AC, if you're reading this, take a moment to post anything you can find to discredit the story, other than you don't believe the hack was possible because it's beyond your knowledge/paradigm. The hack is easy and many people have explained how to do it.

Or the free(speech) pcanywhere clone commonly known as Back Orifice 2000, released under GNU GPL by cDc Communications.

Not to mention an OS where you can log in remotely and its like your in front of the machine without a hideous lag of 'move mouse'...'wait for screen to catch up'...'click on icon'...'wait for screen to repaint new window'...'move mouse'...

Remote graphical login is now in the hands of lowly Windows 9x users with Back Orifice 2000, released by CDC under GNU GPL. If Back Orifice 2000 is a digital crime tool, then so is PCAnywhere.

I say FrontPage 2000's the Pits,
But my Boss seems to think it's the Shits.
(so) I threw BO2K,
On his Server one day,
Now the Network's at my fingertips!

3. Microsoft Back Office for the server apps
6. Third-party software for shells, scripting, and other essentials.

Does this third-party software in your working Windows system include a remote Windows graphical login tool?

His claim of capturing a screen shot of the spammer's computer is just outrageous...Windows may be full of networking holes, but c'mon...

Don't confuse your ignorance with technical impossibility. BackOriface is similar to pcAnywhere or Microsoft's SMS, all of which give you remote GUI access to a Windows box. Want even more? According to the Back Oriface feature list BO2k supports Multimedia support for audio/video capture, and audio playback.

Note that BO is pretty easy to install. A shared drive with no password or a weak one or a trojan horse email or website (ActiveX can work for you!) would all allow you to break into a clean Windows box. One with dozens of insecure programs installed (e.g. ICQ, some IRC clients, some email clients, etc.) would be even easier.

--

I believe that one of the communication protocols used in back orifice 2000 www.bo2k.com involves sending information in ICMP echo request and responses. There is a limited amount of optional information that you can include in the IP header of any such packet (ICMP or otherwise) that you can use for such a purpose. -kozubik

[GASP!] Napster SENT the COMPLETE location of the file!!!!
Does this mean that there is a way to coax the client to offer up ANY file?

Hrm.... I can just picture Cult of the Dead Cow writing a BO plug-in for Napster, allowing you to download any file off of a windows box.

:-)

I can already see some manager wondering who got their hands on it -- a competitor? 2600 or LoD -- aren't they based in the east coast, possibly New York? Then thoughts shift to what this will do when management hears about this: have we just committed a "career-limiting act"?

There's probably always been a kind of siege mentality at Microsoft. I'm sure that this has only intensified with the recent finding of fact by Judge Jackson, BackOrifice 2000, the spotlight that Linux took from Windows and all the general ill will towards the company. Couple that with the human tendency to assume that something that's gone missing has been stolen (especially if that something is valuable), and you have a recipe for paranoia. Except that paranoia is the mistaken impression that people are out to get you.

In the end, they assumed theft-by-scam, for which it would have been justified to call the cops. Since it wasn't the case, it's yet more egg on Microsoft's face, and you can allow yourself a little schadenfreude and know that somewhere inside 1 Microsoft Way, someone is getting the riot act read to them.

Any way, if you want to retarget Windows applications, you can use Back Orifice ( it's actually probably the best remote tool for windows...)
or VNC (yes, there is a server as well as a client for win32, despite the screenshots being mainly unix)

www.bo2k.com

www.uk.research.att.com/vnc/

I was at Defcon as a speaker, and
although *some* of the details of this
article were correct (eg great parties to which
windbags like Glass were not invited), overall this is a *horrible* piece on Defcon.

The CIH computer virus was found on
*copies* of the bo2k cd's distributed at
Defcon, not the originals, correct me if I'm wrong.

The idea that bo2k contains obfuscated
trojans is laughable, cosidering it's open
source. Leave it to Glass to connect the
dots... open source + GPL = plot to hide
backdoor. (?!) Brett... if you don't
trust the binaries, compile the source.
And if you don't trust the source,
then show us why... Maybe you
can contribute to some bugs that have already
been spotted and patched in bo2k.

Of course, this is probably asking
too much from someone that's proud to
amid to secretly tape-recording
comments at a post-conference party and
consiers his own 10-year-old phreaking
activities a passport to the underground.

"one cannot trust the group's output and must regard it as not only untrustworthy but dangerous. "

fear + ignorance = loathing, that's understandable, but I'm disappointed
that Hemos referred to it as "Very well
written coverage".

The authors of BO2K on the other hand have clearly stated their intention to provide a system management tool. They even point out the potential danger when not properly handled and when combined with the security hole provided by the MS-Word macro language.

The question is who decides. Maybe now big companies like Microsoft have one more weapon to crush small competitors writing power tools.

This is why I use my own box at work. Well, ok, it's not really why, but it's one nice side-effect. Generally companies large enough to do this sort of thing have standardized on NT, and have nothing but point-and-drool admins who have no idea what to do with a Linux box. My workstation: I built it, I own it, I administer it, and it runs Linux. I trust my new employers though, so I don't think it'll be an issue. :-) They ran SMS at my last job-- funny story: When I first got there, they installed NT on my machine (of course it was going to get wiped and Linux-ed as soon as they left the room). I had to sit there and watch for 1/2 hour while they installed the system, set it up, created a user for me, blah blah blah. Finally at the end they set up SMS, and told me "I'm sure you know how to disable this, but please don't, because we need it to... yadda yadda yadda." I just nodded and smiled. Weirdly enough, although I was not allowed to disable SMS if I used NT, removing NT entirely was fine with everyone.

----
We all take pink lemonade for granted.

...

What this article proposes is nothing less than the dumbing down of Linux. And his motivation?

"We have to do it so all the drooling idiots will never have to think for themselves or learn about their computers!"

The drooling idiots can keep their Windoze and MacOS, for all I care. I'm a Linux elitist and proud of it. I'm sick of the M$ myth that computers are easy to use. Computers are not always easy to use, and damnit people deserve to be honestly told that when they get into Linux. They need to be sat down and told: "Look, you're graduating off your training wheels now. There are fewer safeguards in your new OS. UNIX (and Linux, of course) have a philosophy called "leave enough rope", which means they give you the power to hang yourself by the neck if you ask for it. Don't think this is going to be easy. You have been granted great power and flexibility, but with it comes complexity."

This will undoubtedly scare away some novices or lazy people, or people who just aren't interested in their computers except as a means to an end. This is all well and good and as it should be. M$ OSen are out there for people WHO DON'T WANT TO THINK. And personally, I'm not so worshipful of the Cult of Linux that I feel the need to turn everyone into a Linux junkie. Let there be diversity and many OSes. Let those who would willingly walk into the Gates of hell take their damnation in the form of bluescreens and Back Orifice. You asked for it, you got it! No pity for the masses.

...

Now, none of this is to say that shipping distros with better "out of the box" security is a bad thing. Precisely the opposite, in fact. Let's get real here, folks. Out of the new users coming into Linux now, the "second wave", (i.e., the typical users), how many of them will actually need a real mailer daemon running on their box?

So does it make sense to ship with sendmail or POP/IMAP (both notorious security holes) enabled and running by default? I don't think so. Similiarly with webservers. If a user wants these daemons, they should set them up themselves.

Yes, I can hear you saying "but those things are hard to set up!" Well, I have two replies for that. The first is: Yeah, damn right those things are hard to set up. There's a reason for that. It's so fools with incomplete understanding who don't want to take the time to enlighten themselves, don't mess with them. The other reply is: Yeah, damn right those things are hard to set up - and shouldn't we the open source community be doing something to fix that?

I agree with main point of this article, which is that distros need to ship with tighter security. But I think the author is advocating better security for all the wrong reasons.

-Ben

Check out the BO2K website at http://www.bo2k.com/ if you don't belive me.

Lock-up Machine

Makes the server machine completely unresponsive. The mouse will not move, and the keyboard will not work. Grinding halt. Also makes the BO2K server unresponsive and will kill your connection to the server after the protocol times out.

Keep in mind, they didn't say temporarily lock out--it completely kills the machine! So that might be a bit of ammunition for M$. Or is there actually a legitimate use for this?

Of course, I still think it's a great program! I intend to use it on my own machine at school once I get back.