Slashdot Mirror
Back Orifice 2000 on CNN.COM
LLatson writes "CNN.COM is running an article about Sir Distic
releasing Back Orifice 2000. Sounds like this
time it will run on NT..." Comments on why this
is being done, as well as a source release and a few
changes to the 2k system.
I know that this is mostly a 'me too' type of reply, but Tweety Fish has made an excellent point.
We all remember the stink that went up after Farmer and Venema (sp?) released SATAN. (COPS before that)
Anyone out there remember Asmodeus?
Any sysadmins here ever use a rootkit on their boxen to see what it did, and what to watch for? Without port scanners there wouldn't be firewalls, and without sniffers there wouldn't be encryption.
I know tfish is looking even farther than the benefits of reacting to a security threat. And a good thing too. Something like BO, designed to have such a low activity signature as to be undetectable by a casual user, is a huge accomplishment for a Windows product.
There are benefits for network admin tools, from having the BO code available. And if M$ doesn't learn, at least the rest of us will.
-- What you do today will cost you a day of your life.
"Groups of (mostly teenaged) hackers... release nasty computer bugs..."
;)
Looks like Micros~1 has some serious competition from cDc.
Geeky modern art T-shirts
The article makes an interesting analogy, claiming that CDC releasing BO in order to force MS to clean up is the equivalent of the American Medical Association polluting meat with e. coli to force a cleanup by meat suppliers. However, the article ignores the point that the government has created channels by which the meat suppliers can be regulated, and that nature provides regular e. coli outbreaks to check on our precautions. Since the only oversight on MS is the market, and there is no such thing as a "natural" security problem, problems must be highlighted by human groups like the CDC, and the market must be manipulated in order to get a response.
Anyway, that's my two cents- I'd love to find the author's email to let him know, but I can't find it. Any clue?
-Luge
IAAL,BIANLY
I dunno. This thing plagued our college campus for a few months until we got it under control. Our network is NT on a UNIX backbone.
I agree with the CNN article: this cult's motives don't make any sense; it's like a cult from the automobile industry who steals cars to make everyone get car alarms. It does much more harm than good. This is a negative way of getting attention to network security, not a positive way.
The correct analogy in this case would be the AMA infecting cattle with E. coli to make cattle owners produce cattle that are resistant to that bacteria. I'm not surprised he used an incorrect analogy: the right one would undermine the "popular" opinion that virii and hackers are universally bad, instead of good for flagrantly (and typically non-destructively) exploiting security flaws and shoddy programming.
Kyle
NP: Arkhe, S/T
--
Kyle R. Rose, MIT LCS
[ home ]
... BO2K (kinda rolls of the tounge, don't it?) is more pro-WinNT that anti. The people working on it know a lot about the OS and therefore have spent quite a bit of time with it. In the short term it makes M$ look bad, but in the long term it actually improves their product. (That is _if_ they do anything to plug up the holes.)
What's even sadder is that this could all be avoided if M$ was as open as Linux and there was an open envionment for users to say something like "Hey, you gotta problem here, thought you'd like to know." and get a responce. That's not the way it works.
I guess the way I view it is yes, the ethics of giving 'fire' to script kiddeez is somewhat questionable, but as with Melissa and every other stupid hole in M$ software who's more to blame? The person pointing out the way to a wide open back door, or M$ telling everone not to worry, they're getting the most secure system around? Let me tell you that as someone who unfortunately has to put up with an NT network at present, it's a bit disturbing when I read about a hole in NT and see a link to an exploit _days_ before I'm notified by Micro$oft's security mailing list that there's even a problem, and then all they ever do is play it down and point out how rare it is and what little threat it is to my system.
Personally, I say more power to cDc. Somebody has to speak up and sometimes it takes some punk wiping out a network with a keystroke to get the right people to listen. All's fair in code and war. If it's not CNN it looks like somebodies already doing that. Maybe this time they'll learn.
Imagine and IS department making this part of their standard workstation build? They could claim that it is for remote administration but could also use it for spying on everything that an employee does on his/her PC. Granted, users shouldn't be doing anything questionable in the first place but still, there are some things that should be kept private.
>>It should be noted that PC World Online has no >>independent confirmation that new Back Orifice >>2000 program actually lives up to the claims of >>Cult of the Dead Cow.
It should be legally mandated that any article speaking of upcoming Microsoft products carry a disclaimer similar to this.
.02
Brian Seppanen
Minister of Information and Propaganda
Area 54 The Secret Government Disco Labs Provo
For those who believe that Back Orifice 2000 is some malicious tool that may or may not cause untold havoc for win32 consider this:
If you had a comprehensive remote control application that ran unobtrusively and efficiently on any win32 system, was released absolutely free and open source, and came with a comprehensive SDK for developing your own modules, plugins and clients for whatever platform you choose to use for administration, and it was released by somebody more "respectable" than us louts at the Cult of the Dead Cow, would you call it a threat?
Back Orifice 2000 is a tremendously useful tool for any administrator, and will only become more valuable as hackers around the world (please note that I understand that word, and I do mean hackers) modify and extend it. Managing windows networks is a far easier and richer experience when you have something like BO2K to work with. Is it a mixed blessing? Possibly so. But the best way to make BO2K work for you is to use it, and understand it.
The Cult of the Dead Cow isn't just about scaring people into wanting real security. We want computers to be fully under the command of the people who use them, not the vendors who sell them. One way to make that happen is by convincing major vendors that they need to tighten up their products and make SURE that customers understand how to keep themselves secure, and that the products help them do that. The other way is by letting those same users get at the functional guts of the systems they use, without the layers of obfuscation and abstraction that characterize a modern operating system. Hopefully, BO2K will achieve both these goals.
Back Orifice 2000. Show some control.
I'm disappointed in the author's use of his own opinion in this article. This is supposed to be a hard news story, not an editorial. He does present the Cult of the Dead Cow's explanation for why they write these programs, but then makes an argument agains them directly. He doesn't even bother to get quotes from anyone, but simply makes the argument himself. (He says something about "computer security experts" but doesn't elaborate.) This is just plain bad journalism. I learned not to do that in high school journalism class. I would imagine that someone who works for a major news organization like IDG would know better.
Score: -50, Rant
It's about time! They promised NT support for Back Orifice last year. Well, their exact words were, "Soon." And I think it's just a delicious pun that they call it "Back Orifice 2000."
I'm sorry if anyone finds this offensive, but I consider NT to be inferior. Microsoft typically buys its way into technology, but it never takes the time to make any true advancements of their own: they bully companies into working only with them, and when these companies do, it becomes almost impossible to get software products or device drivers for non-MS platforms. When Microsoft "embraces & extends" they're only taking someone else's work, adding a few functions so it won't work on anything but Windows, and locking up the changes so no one else can make their product compatible with the MS version. They [Microsoft] then engage the marketing machine and have their minions in the trade press hype the crap out of the product; which many of these publications routinely do despite the fact that MS' product is really just a polluted version of a good idea. The point is, I am offended by Microsoft. It is deceitful for them to engage in the practices that they do. The great irony is that they claim to be leading the world away from weak, bug ridden software, when that is in fact what they produce!
I do a dance of joy every time a new virus is announced for Windows. Like Melissa -- I loved the fact that it only infected people using MS email clients. I believe Chernobly served as a point of awakening for many people who have only used Microsoft systems. Despite the belief to the contrary, Windows is just as difficult to install from scratch as some Linux distributions. It's a lot like "The Matrix" when these people who had spent their entire lives in this fabricated reality wake up. When they first run Linux they discover that this whole time they have been mindlessly sleeping in a pool of goo with their brains hooked up to some interface -- they discover they don't have to play by the System's rules: that they have true power.
This tool also provides something interesting. Imagine a remote administration utility so powerful, that you have more control over someone's computer remotely than they have in front of it. NT doesn't even ship with a telnet server! It's ironic what this tool does, because remote administration utilities are EXACTLY what NT is lacking in. And by the way, NT is supposed to be a "Network Operating System;" but an NOS that is susceptible to viruses? Unforgiveable!
So what's the big solution? I want everyone to be able to have the opportunity to write software without getting unfairly squashed. I'd like to see software companies get behind Linux, or at least the standard Unix binary that all the commercial Unix companies are pushing. This includes Microsoft, they can write their software for Linux if they want. If everyone sticks to an open, universal platform then everyone has a fair chance at making it in the computer business. When I originally heard NT was going to be POSIX compliant I thought, "Well great!" But that changed as Microsoft opted for "proprietary" instead of "open," so they could lock MS drones into using MS only products.
So, if the cracker ethic is a means to an end, let it be. Perhaps that is the true evolution of the [computer] species.