Slashdot Mirror

← Back to Stories (view on slashdot.org)

BO2K cracked

Posted by ryuzaki0 on from the shut-down-the-red-lights dept.

Ford writes "The BBC is reporting that Internet Security Systems has "decoded the protocols and encryption algorithms of Back Orifice 2000 (BO2K) within 24 hours" of it's release. Microsoft has only issued only a warning, refusing to admit that there might be security vulnerabilities in WinNT. " The security agencies interviewed in the article are claiming that BO2k is child's play, and that they've already detection systems in place. I'm just waiting for the Defcon response to their claims.

2 of 225 comments (clear)

  1. Facts from the con by HunterD · · Score: 4
    Ok, I'm seeing alot of disinfo about BO2K here. So let's address a few right here:

    1. Breaking BO2K's Crypto:
    Of course he broke BO2K's crypto - the Generic, straight from the 'box' crypto is XOR encryption - which is simple to 'break'. That said, inseide the US, you can download a plug-in that will allow BO2K to use 3DES. Sophos did not crack 3DES. Even if he did, the plugin architecture allows a programmer to add any encryption scheme they wish, and BO2K will use it fore all of it's transfers.

    2. Detecting of BO2K
    Well - to detect BO2K in one configuration, all IIS had to do is look at the threads, and it will show up. This could be what they are discussing as easily detectable. However it is also possible to get BO2K to hide quite effectivly by having it hop between threads, and use whatever ports it wants to. IIS could also be referring to the fact that BO2K uses the same registry key every time - and it does so on purpose which leads into point 3....

    3. BO2K is a virus
    BO2K is not a virus. Not even remotly. At worst it's a Trojan, but it is no more a Trojan then other packages like say PC Anywhere (and another one that I can not remember the name of - it starts with an S) Interestingly, some other 'remote admin' packages can also be installed over the net, or given as a 'trojan', or even be run as a hidden process. BO2K has many of the same features as similar packages, and has the same ability to be used for admin, as well as cracking.

    4. BO2K is bad
    BO2K is what you make of it. It's a tool. it can be used in many ways - some bad, some good. It really has some very useful features. Those features again can be used as you see fit.

    I am not affiliated with the cdc, these views come from seeing their presentation of BO2K at defcon.

    --
    - The unexamined life is not worth leading -
  2. Summary by schporto · · Score: 5

    Below is my summary of the article....

    Sophos cracked BO2K. Errr wrote a detector for it. We don't know the difference though. But they figured out the protocols and encryption schemes. Ohhh buzzwords.
    Those nasty cDc'ers didn't like Rouland and he showed them. He asked for a copy which is completely sensible as he's a good guy, but they don't like him. We won't mention that he wanted a copy before everyone else.
    We think this will allow them to control other computers. But we aren't sure what control it gives you, so we'll just blather on. Oh and insult them. They're kids. They are even infected.
    But not to worry any one M$ is right on top of it. They even issued gasp a warning.
    Its a toy but ISS warned the program could easily be used to delete files, reconfigure machines, steal passwords and redirect network traffic, without a user or administrator's knowledge.
    Isn't it amazing what toys can do now.

    Pardon the sarcasm.
    -cpd