Most MS Windows users don't know anything about this patch, so it's very new news to most of them. I bet I could walk into the majority of corporations and find that most, if not all, of their Windows machines are not patched.
The following is from a March 4, 2000 news release from Securiteam.com
Microsoft has released a patch that eliminates a security vulnerability in Microsoft Windows 95/98/98 Second Edition. The vulnerability could cause a user's system to crash, if they attempted to access a file or folder whose path contained certain reserved words.
Vulnerable systems: - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows 98 Second Edition
DOS device names are reserved words, and cannot be used as folder or file names. When parsing a reference to a file or folder, Windows correctly checks for the case in which a single DOS device name is used in the path, and treats it as invalid. However, it does not check for the case in which the path includes multiple DOS device names. When Windows attempts to interpret the device name as a file resource, it performs an illegal resource access that usually results in a crash.
Because it is not possible to create files or folders that contain DOS device names, it would be unusual for a user to try to access one under normal circumstances. The chief threat posed by this vulnerability is that a malicious user could attempt to entice a user to attempt such an access. For instance, if a web site operator hosted a hyperlink that referenced such a path, clicking the link would result in the user's machine crashing. Likewise, a web page or HTML mail that specified a local file as the source of rendering information could cause the user's machine to crash when it was displayed. If this happened, the machine could be put back into normal service by restarting it.
What causes the vulnerability? The vulnerability results because of a flaw in the way Windows 95 and 98 (including Windows 98 Second Edition) parse file path names. Device names such as COM1, CON or LPT1 are reserved words, and they can't be used as folder or file names. When parsing a reference to a path, Windows checks for the presence of a single DOS device name in the path. If one is found, the path is correctly treated as invalid and an error is returned. However, neither Windows 95 nor 98 check for multiple DOS device names. This is the source of the vulnerability. If a read or write operation is attempted to a path whose name contains multiple DOS device names, it will cause Windows to attempt to access invalid resources. In some cases, the effect of this invalid access would be to cause the application that supplied the path to hang, but the more likely effect is that the machine would present a blue debug screen and crash. What names could cause this problem? It's not possible to compile an exhaustive list of all DOS device names, because third-party application developers can create their own device drivers and add their names to the reserved list. However, Microsoft Knowledge Base article Q256015 provides a list of all standard DOS device names. What would need to happen for me to be affected by this vulnerability? You would need to try to reference a path that contains more than one DOS device name. The operations by which this could happen are familiar file and folder access operations - reading a file, listing a folder's contents, etc. Under normal conditions, this problem is unlikely to occur. Users cannot create files and folders whose names are reserved words like DOS device names. Because of this, it would be very unusual for a user to try to access such a file or folder. For example, it would be very unlikely that a user would try to list the contents of C:\COM1\COM1, since it is impossible for him to have created such a folder. However, a malicious user might use this vulnerability to try to cause other users' systems to crash. How could a malicious user do this? She would need to entice the user into doing something that resulted in an attempt to access a file whose path contained reserved words. For example, if she hosted a web site, she could include a link on a web page that displayed a file located in C:\COM1\COM1. Normally, it's safe to allow a web site to do this - the site can't read or change the file, only display it in the owner's browser. However, when Windows tried to locate the file, it would cause the system to crash. It wouldn't matter that the file doesn't even exist on the user's machine, because the very act of trying to find it is what would cause the crash. There also are scenarios in which it would not be necessary for the user to click on a link to be affected by the vulnerability. For example, web pages can specify that an image file on the user's computer should be used as the page background. If this were done, simply displaying the page would cause the user's computer to crash. HTML mails could be used in a similar manner. Are customers who have Preview Mode enabled on their mail viewers at any greater risk from this vulnerability? Yes. HTML mail renders in Preview Mode, so if a malicious user sent an HTML mail to someone who had Preview Mode enabled, the vulnerability be exploited as soon as the mail was previewed. I have preview mode enabled in Outlook. If I received such a mail, what should I do? Start Outlook from a command prompt, and use the/safe and/nopreview options to turn off preview mode. Microsoft Knowledge Base articles Q197180 and Q182112 provide information on how to do this. Once you're able to get into Outlook, you can simply delete the offending mail. Obviously, you should do this without opening the mail. What would I need to do to put my machine back in service after a crash? You would just need to restart the machine. There's no lasting harm from the crash, although any work that was in progress would be lost during the crash. Does this vulnerability affect Windows NT 4.0 or Windows 2000? No. Who should install the patch? Customers using Windows 95, Windows 98 or Windows 98 Second Edition should install the patch. What does the patch do? The patch causes paths containing more than one DOS device name to be treated as invalid paths. This is correct behavior.
First, Nothing is new in this world. Second, I was speaking statistically, not personally. Speaking personally, it's not about getting layed, it's about relationships. Try having a long lasting relationship without making any money. Finally, you should be careful when you talk about "our" gene pool. To whom is the "our" referring?
Orgs like the Navy pay big money contracts to network Palms together. Higher personal income usually means, on average, that there is a higher chance of female interaction. I'd much rather network my Palm and make big bucks than use my palm for a self-intercourse transaction. The more you know the former, the less you need the latter.
It's really nice to have access to my network almost anywhere there's CDPD coverage. Here's an old article about a hole I found at NSI using a wireless palm III.
It's great to get work done while just sitting at the airport. A palm link
If Mumia Abul Jamal can speak at a college invocation, why can't Mitnick speak to computer professionals? Mitnick is on probation for white-collar crimes. Mumia is on death row. Mitnick never killed anyone. Mumia was convicted of shooting a police officer.
I didn't realize that minimum wage/poverty was also part of Mitnick's sentence.
This Judge has overstepped the bounds of democracy and judicial fairness. I've always found that when stupid people feel threatened, they often blame the ones with the answers. This blame-game gives them a reason for their existence. I wonder who the Judge is really protecting? Is society better served by keeping Kevin silent, or is he making those who would like to keep him silent look stupid.
My suggestion... Kevin should bake bread for the next two years. Mixing the dough is a lot of fun. There are all sorts of bread styles and yeast combinations. If all goes well he could open a bake shop. If he doesn't like that, he could always go to law school, earn a lot of money suing people and then start a foundation that protects our rights, since no one else seems to be doing it.
My experience shows that most of these Best Host and Top 10 lists are a sham. I've had trouble with every providor I've ever selected from these lists. What do the reviewers get for listing a site? There is too much crap and not enough good information on these ratings sites. Using stars as a rating system is good for resturants, but I want hard performance data. Until we start demanding better service contracts and agreements, we'll just have to deal with outages and unexpected changes in service.
I vote for Jesus as the next Russian President. He's due back sometime today. The Messiah Cam! Maybe it's time to purchase stock in Burkenstock. I think sandles will be the next big thing.
With some money to burn, I ordered 10 Visor Deluxe units on the first day the phone line went live. Somehow I had faith that Handspring would deliver. Well, after calling 12 times and sitting on the phone at least an hour for each call, I don't have much confidence in Handspring. I was told that the units would be $240.00 each, and all units would ship together. Then I was told 3 weeks ago that they would be 249.99 + 8 shipping and shipped separately. Then I was told my order was shipped and I couldn't change the color I selected. I wanted 2 of each color. When My card wasn't billed on Oct 15, I was told they were on the way anyway. I was told to call UPS, but Handspring couldn't give me a tracking number. Isn't it illegal to advertise and then not fulfill on the advertisement? I ordered the 10 units to give away for the holidays and just to have fun. What a load of BS Handspring has given me. If they had just been honest and said we don't have a clue then I would understand. Instead, they keep telling me that my units have shipped and should have arrived. Also, when pressed I was told to call "Corporate" in California, so I did. They had no clue either. (BTW, 650-230-5000 x429 is Hawkins #) At least I haven't been billed. I think I'll cancel my order and blow my money on something else. Grow up Handspring Learn how to run a business
From the "If You Can't Speak Chinese, Please Shutup! Dept": This whole Coca-Cola/Tadpole/Dead Hourse thing is a myth. AP picked up the story off some website, but never check the sources. This story also included movies titles with strange translations. This was all a bunch of crap. It's just another case of bad reporting.
Darmok and Jalad at Tanagra. Rai and Jiri at Lungha. Rai of Lowani. Lowani under two moons. Jiri of Ubaya. Ubaya of crossed roads. At Lungha. Lungha, her sky gray. Kadir beneath Mo Moteh. The river Temarc in winter. Shaka, when the walls fell. Mirab, his sails unfurled! Temba, his arms wide. Uzani, his army at Lashmir. Uzani, his army, with fists open. His army with fists closed. Sokath, his eyes uncovered! Kailash! When it rises. Kiazi's children, their faces wet. Zinda! His face black, his eyes red! Temba, his arms wide. http://www.chaparraltree.com/sflang/discurs.shtml
I have over 21oo addresses from Dotcomexpress.com Mymailbag.com Nsimail.com(the best by far), and Good old Dotcomnow.com that are now cashed, i.e. Browser temp folder to simple cut and paste from notepad and I'm in. Some of these people, judging from subject lines, have used these accounts to register domain names. If you fill out and e-mail network solutions with say, Domain Registration Template from the admin or tech contact account what do you think might happen? Nah! No biG dEaL;)
Special Note: The NSI dotcomnow.com e-mail system vulnerability was discovered with a PalmIII PDA via a CDPD Novatel Plus Wireless modem connection to the internet using the Proxiweb browser..
Reply to Buddy on 01:17 PM September 20th, 1999 EDT
Well, you haven't seen it in the media because they are ignoring it. I've been paying way too much attention to this topic and I haven't heard a peep except what the hacker community already knows. This is not because I didn't try..Read On..
I messaged all the news media starting late Thursday night, Sept 16, 1999 and then into Friday. Tips@wired.com was the first place to be e-mailed: no response. Then I mailed local news and got the same. CNN, ABC, CBS, MSNBC, Microsoft (for the H of it), and NSI to name a few, were all mailed: again no response. Slashdot was also messaged sometime on Saturday, but there were 100+ submission pending, so I understand. http://slashdot.org/faq.shtml#Q42
The following message was sent: You may already know this. I know at least one other person has figured it out. The new Network Solutions E-mail systems are wide open. There are two ways to break in. The first is to know the name of someone with an account with NSI, type User: name Pass: namensi The second is this... Here is the entry to the support account. http://mail.dotcomnow.com/signup/poll/support?dlan g=default Replace the word support with any valid account and bang, you're in.
The only response I received was sometime on Monday from http://netsecurity.about.com but well after it became public knowledge..
As an ethical person, I wanted to give NSI fair warning. They were officially notified on Saturday, September 18, 1999. Since they were changing their production billing system on Saturday I figured that someone would react by verifying the hole and then taking down the system. This did not happen. I also tried calling. Don't try calling them; it's waste of time. 48 hours after notifying NSI, I released the information to various and nefarious sources detailing a 6-step process for guaranteed access. www.2600.com responded within minutes. In fact, they were so fast that they edited and posted the info about 5 minutes after it was sent. Now that's action.
Needless to say, We had a lot of fun collecting accounts over the weekend. Slightly on the dark side of ethical? Maybe, but isn't it more unethical to offer a service that you know is flawed and yet do nothing to fix it. More importantly, we collected these accounts to demonstrate that Hole #2 is still open. Yet, where is the news coverage, where is the outrage, and where does NSI get off ignoring this personal privacy breach. If you want to try out Hole #2 for yourself, you can e-mail me for a small list of inconsequential accounts. Hey M$, This method is also being used on Hotmail.
Message to the people who use Network Solutions freemail: You should be scared. I'm nice and I'm trying to save you. I won't do anything, but I will make this information available to anyone (members of congress, the media, NSI, your neighbors) via request. What does this mean? IT MEANS WE CAN STILL READ YOUR E-MAIL Solution: Forward and then delete all of your mail. Don't have any passwords mailed to the account. Don't register any Domain Names using the account. Stop using the NSI mail system until it's really fixed.
Message to NSI: Shut down the server, fix the problem, and be nice. What you are doing is just wrong, very wrong. Get your third-party e-mail vendor to shape up. Or is that third-party thing just your way of shifting the blame? Tell us, who is this vendor and why do they suck so badly?
Message to the Mainstream News Media (/. Excluded) You Suck! Maybe NSI has some commercial hold on you or maybe you're just stupid. Why so much coverage on the Hotmail gaffs? NSI provided the world with a code free hack; a front door into their system. This was an idiot door far worse (my opinion) than the Hotmail blunder(s). I stumbled upon it with no thinking required. Is this not news? I guess that a mail system that is used by mostly "nerds" (taken from someone's previous post) isn't worth the attention. I understand that an earthquake in Taiwan, Raisa Gorbachev dying, and of course, Hurricane Floyd, are all big issues, but why so little comment in the tech and headline news media. Personally, I wanted to hear Sarah Baskin report it to the world. Oh well, poor me. Maybe some reporter will summarize what I've said here and get the word out that FREE MAIL IS NOT SAFE. Let me say it again...FREE MAIL IS NOT SAFE. I'm just a regular guy, I'm no "hacker". Look how easy it was to open up their system. This should be a wakeup call.
Well I have to go now. Unlike the folks at NSI, I need to stop playing around and get some real work done.
At approx. 12:45 PM, Monday, September 20, 1999 they closed the front door. It seems that everyone that read the article started using the webmaster@dotcomnow.com account so they regenerated the account. The sign-up system came back online at approx. 1 AM ish, Tuesday, September 21, 1999. Too bad for them that I can still get in. The hint: Hole 1 made Hole2 Nurf said "Eat cheese Bebo Cerveza the equinox and fall begins"
Whatever you do, don't mail any NSI support accounts associated with the freemail system. They are all compromised. If you haven't used that account yet, you shouldn't worry. What did you say your domain name was?;)
Yes, very, very sad. Someone at NSI should lose their job. Oh wait, I forgot, they don't really care. They must still be riding the monopoly train. I guess that's why I can still steam right in. I bet they thought they fixed the thing. Sorry! Over 2100 accounts are still compromised. Here's a programming hint, hole 1 created hole 2. Idiots! So Sad.
Slashdot Mirror
I don't like to be that nasty.
I bet I could walk into the majority of corporations and find that most, if not all, of their Windows machines are not patched.
Patch Availability:
Windows 95 Patch
Windows 98 Patch
The following is from a March 4, 2000 news release from Securiteam.com
Microsoft has released a patch that eliminates a security vulnerability in Microsoft Windows 95/98/98 Second Edition.
The vulnerability could cause a user's system to crash, if they attempted to access a file or folder whose path contained certain reserved words.
Vulnerable systems:
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition
DOS device names are reserved words, and cannot be used as folder or file names.
When parsing a reference to a file or folder, Windows correctly checks for the case in which a single DOS device name is used in the path, and treats it as invalid.
However, it does not check for the case in which the path includes multiple DOS device names.
When Windows attempts to interpret the device name as a file resource, it performs an illegal resource access that usually results in a crash.
Because it is not possible to create files or folders that contain DOS device names, it would be unusual for a user to try to access one under normal circumstances.
The chief threat posed by this vulnerability is that a malicious user could attempt to entice a user to attempt such an access.
For instance, if a web site operator hosted a hyperlink that referenced such a path, clicking the link would result in the user's machine crashing. Likewise, a web page or HTML mail that specified a local file as the source of rendering information could cause the user's machine to crash when it was displayed. If this happened, the machine could be put back into normal service by restarting it.
What causes the vulnerability? The vulnerability results because of a flaw in the way Windows 95 and 98 (including Windows 98 Second Edition) parse file path names. Device names such as COM1, CON or LPT1 are reserved words, and they can't be used as folder or file names. When parsing a reference to a path, Windows checks for the presence of a single DOS device name in the path. If one is found, the path is correctly treated as invalid and an error is returned. However, neither Windows 95 nor 98 check for multiple DOS device names. This is the source of the vulnerability. If a read or write operation is attempted to a path whose name contains multiple DOS device names, it will cause Windows to attempt to access invalid resources. In some cases, the effect of this invalid access would be to cause the application that supplied the path to hang, but the more likely effect is that the machine would present a blue debug screen and crash. What names could cause this problem? It's not possible to compile an exhaustive list of all DOS device names, because third-party application developers can create their own device drivers and add their names to the reserved list. However, Microsoft Knowledge Base article Q256015 provides a list of all standard DOS device names. What would need to happen for me to be affected by this vulnerability? You would need to try to reference a path that contains more than one DOS device name. The operations by which this could happen are familiar file and folder access operations - reading a file, listing a folder's contents, etc. Under normal conditions, this problem is unlikely to occur. Users cannot create files and folders whose names are reserved words like DOS device names. Because of this, it would be very unusual for a user to try to access such a file or folder. For example, it would be very unlikely that a user would try to list the contents of C:\COM1\COM1, since it is impossible for him to have created such a folder. However, a malicious user might use this vulnerability to try to cause other users' systems to crash. How could a malicious user do this? She would need to entice the user into doing something that resulted in an attempt to access a file whose path contained reserved words. For example, if she hosted a web site, she could include a link on a web page that displayed a file located in C:\COM1\COM1. Normally, it's safe to allow a web site to do this - the site can't read or change the file, only display it in the owner's browser. However, when Windows tried to locate the file, it would cause the system to crash. It wouldn't matter that the file doesn't even exist on the user's machine, because the very act of trying to find it is what would cause the crash. There also are scenarios in which it would not be necessary for the user to click on a link to be affected by the vulnerability. For example, web pages can specify that an image file on the user's computer should be used as the page background. If this were done, simply displaying the page would cause the user's computer to crash. HTML mails could be used in a similar manner. Are customers who have Preview Mode enabled on their mail viewers at any greater risk from this vulnerability? Yes. HTML mail renders in Preview Mode, so if a malicious user sent an HTML mail to someone who had Preview Mode enabled, the vulnerability be exploited as soon as the mail was previewed. I have preview mode enabled in Outlook. If I received such a mail, what should I do? Start Outlook from a command prompt, and use the /safe and /nopreview options to turn off preview mode. Microsoft Knowledge Base articles Q197180 and Q182112 provide information on how to do this. Once you're able to get into Outlook, you can simply delete the offending mail. Obviously, you should do this without opening the mail. What would I need to do to put my machine back in service after a crash? You would just need to restart the machine. There's no lasting harm from the crash, although any work that was in progress would be lost during the crash. Does this vulnerability affect Windows NT 4.0 or Windows 2000? No. Who should install the patch? Customers using Windows 95, Windows 98 or Windows 98 Second Edition should install the patch. What does the patch do? The patch causes paths containing more than one DOS device name to be treated as invalid paths. This is correct behavior.
Didn't anyone ever tell you that Hate is a strong word... Do you spend a lot of valuable time rushing to judgement and criticizing people?
Orgs like the Navy pay big money contracts to network Palms together. Higher personal income usually means, on average, that there is a higher chance of female interaction. I'd much rather network my Palm and make big bucks than use my palm for a self-intercourse transaction. The more you know the former, the less you need the latter.
Here's an old article about a hole I found at NSI using a wireless palm III.
It's great to get work done while just sitting at the airport. A palm link
I didn't realize that minimum wage/poverty was also part of Mitnick's sentence.
This Judge has overstepped the bounds of democracy and judicial fairness. I've always found that when stupid people feel threatened, they often blame the ones with the answers. This blame-game gives them a reason for their existence. I wonder who the Judge is really protecting? Is society better served by keeping Kevin silent, or is he making those who would like to keep him silent look stupid.
My suggestion... Kevin should bake bread for the next two years. Mixing the dough is a lot of fun. There are all sorts of bread styles and yeast combinations. If all goes well he could open a bake shop.
If he doesn't like that, he could always go to law school, earn a lot of money suing people and then start a foundation that protects our rights, since no one else seems to be doing it.
My experience shows that most of these Best Host and Top 10 lists are a sham. I've had trouble with every providor I've ever selected from these lists. What do the reviewers get for listing a site? There is too much crap and not enough good information on these ratings sites. Using stars as a rating system is good for resturants, but I want hard performance data. Until we start demanding better service contracts and agreements, we'll just have to deal with outages and unexpected changes in service.
I vote for Jesus as the next Russian President. He's due back sometime today.
The Messiah Cam!
Maybe it's time to purchase stock in Burkenstock.
I think sandles will be the next big thing.
With some money to burn, I ordered 10 Visor Deluxe units on the first day the phone line went live. Somehow I had faith that Handspring would deliver. Well, after calling 12 times and sitting on the phone at least an hour for each call, I don't have much confidence in Handspring. I was told that the units would be $240.00 each, and all units would ship together. Then I was told 3 weeks ago that they would be 249.99 + 8 shipping and shipped separately. Then I was told my order was shipped and I couldn't change the color I selected. I wanted 2 of each color. When My card wasn't billed on Oct 15, I was told they were on the way anyway. I was told to call UPS, but Handspring couldn't give me a tracking number. Isn't it illegal to advertise and then not fulfill on the advertisement? I ordered the 10 units to give away for the holidays and just to have fun. What a load of BS Handspring has given me. If they had just been honest and said we don't have a clue then I would understand. Instead, they keep telling me that my units have shipped and should have arrived. Also, when pressed I was told to call "Corporate" in California, so I did. They had no clue either. (BTW, 650-230-5000 x429 is Hawkins #) At least I haven't been billed. I think I'll cancel my order and blow my money on something else.
Grow up Handspring
Learn how to run a business
Good luck getting help if your Visor breaks!
From the "If You Can't Speak Chinese, Please Shutup! Dept": This whole Coca-Cola/Tadpole/Dead Hourse thing is a myth. AP picked up the story off some website, but never check the sources. This story also included movies titles with strange translations. This was all a bunch of crap. It's just another case of bad reporting.
Darmok and Jalad at Tanagra. Rai and Jiri at Lungha. Rai of Lowani. Lowani under two moons. Jiri of Ubaya. Ubaya of crossed roads. At Lungha. Lungha, her sky gray. Kadir beneath Mo Moteh. The river Temarc in winter. Shaka, when the walls fell. Mirab, his sails unfurled! Temba, his arms wide. Uzani, his army at Lashmir. Uzani, his army, with fists open. His army with fists closed. Sokath, his eyes uncovered! Kailash! When it rises. Kiazi's children, their faces wet. Zinda! His face black, his eyes red! Temba, his arms wide. http://www.chaparraltree.com/sflang/discurs.shtml
Cool, I wouldn't have had the time to write it, but I found the time to read it. Visor
I have over 21oo addresses from Dotcomexpress.com ;)
Mymailbag.com
Nsimail.com(the best by far),
and Good old Dotcomnow.com that are now cashed, i.e. Browser temp folder to simple cut and paste from notepad and I'm in. Some of these people, judging from subject lines, have used these accounts to register domain names. If you fill out and e-mail network solutions with say, Domain Registration Template from the admin or tech contact account what do you think might happen? Nah! No biG dEaL
Special Note: The NSI dotcomnow.com e-mail system vulnerability was discovered with a PalmIII PDA via a CDPD Novatel Plus Wireless modem connection to the internet using the Proxiweb browser..
Reply to Buddy on 01:17 PM September 20th, 1999 EDT
Well, you haven't seen it in the media because they are ignoring it. I've been paying way too much attention to this topic and I haven't heard a peep except what the hacker community already knows. This is not because I didn't try..Read On..
I messaged all the news media starting late Thursday night, Sept 16, 1999 and then into Friday. Tips@wired.com was the first place to be e-mailed: no response. Then I mailed local news and got the same. CNN, ABC, CBS, MSNBC, Microsoft (for the H of it), and NSI to name a few, were all mailed: again no response. Slashdot was also messaged sometime on Saturday, but there were 100+ submission pending, so I understand. http://slashdot.org/faq.shtml#Q42
The following message was sent:n g=default
You may already know this. I know at least one other person has figured it out.
The new Network Solutions E-mail systems are wide open. There are two ways to break in.
The first is to know the name of someone with an account with NSI, type
User: name
Pass: namensi
The second is this...
Here is the entry to the support account.
http://mail.dotcomnow.com/signup/poll/support?dla
Replace the word support with any valid account and bang, you're in.
The only response I received was sometime on Monday from http://netsecurity.about.com but well after it became public knowledge. .
As an ethical person, I wanted to give NSI fair warning. They were officially notified on Saturday, September 18, 1999. Since they were changing their production billing system on Saturday I figured that someone would react by verifying the hole and then taking down the system. This did not happen. I also tried calling. Don't try calling them; it's waste of time. 48 hours after notifying NSI, I released the information to various and nefarious sources detailing a 6-step process for guaranteed access. www.2600.com responded within minutes. In fact, they were so fast that they edited and posted the info about 5 minutes after it was sent. Now that's action.
Here's a copy of the original instructions:e >?dlang=defautn g=default Actual Support Account
Here is how to do it..
Instructions:
1. Click on Access Free Web Mail from Http://www.networksolutions.com
2. Click on one of the e-mail address near the bottom of the screen.
3. Click Click Here
4. Enter first and last name
5. Create a valid e-mail account
6. Wait until the screen says "Your Mailbox has been Created".
From here you can change the account name in this line
http://mail.dotcomnow.com/signup/poll/nametochang
http://mail.dotcomnow.com/signup/poll/support?dla
Here's a copy of the original mail I sent to my friends at 12:52 AM Sep. 18, 1999n g=default g =default l ang=default d lang=default
Get this!
I just created an account on the Network Solutions new e-mail server and guess what...
I discovered a back door! NO SH***ING.....
Someone didn't do a good programming job here at all.
Simply type any name where you see the word "support"..
The link here will take you to their support e-mail
http://mail.dotcomnow.com/signup/poll/support?dla
If the account exists you will get in
http://mail.dotcomnow.com/signup/poll/oracle?dlan
http://mail.dotcomnow.com/signup/poll/microsoft?d
http://mail.dotcomnow.com/signup/poll/whitehouse?
Needless to say, We had a lot of fun collecting accounts over the weekend. Slightly on the dark side of ethical? Maybe, but isn't it more unethical to offer a service that you know is flawed and yet do nothing to fix it. More importantly, we collected these accounts to demonstrate that Hole #2 is still open. Yet, where is the news coverage, where is the outrage, and where does NSI get off ignoring this personal privacy breach. If you want to try out Hole #2 for yourself, you can e-mail me for a small list of inconsequential accounts. Hey M$, This method is also being used on Hotmail.
Message to the people who use Network Solutions freemail:
You should be scared. I'm nice and I'm trying to save you. I won't do anything, but I will make this information available to anyone (members of congress, the media, NSI, your neighbors) via request.
What does this mean?
IT MEANS WE CAN STILL READ YOUR E-MAIL
Solution: Forward and then delete all of your mail. Don't have any passwords mailed to the account. Don't register any Domain Names using the account. Stop using the NSI mail system until it's really fixed.
Message to NSI:
Shut down the server, fix the problem, and be nice. What you are doing is just wrong, very wrong. Get your third-party e-mail vendor to shape up. Or is that third-party thing just your way of shifting the blame? Tell us, who is this vendor and why do they suck so badly?
Message to the Mainstream News Media ( /. Excluded)
You Suck! Maybe NSI has some commercial hold on you or maybe you're just stupid. Why so much coverage on the Hotmail gaffs? NSI provided the world with a code free hack; a front door into their system. This was an idiot door far worse (my opinion) than the Hotmail blunder(s). I stumbled upon it with no thinking required. Is this not news? I guess that a mail system that is used by mostly "nerds" (taken from someone's previous post) isn't worth the attention. I understand that an earthquake in Taiwan, Raisa Gorbachev dying, and of course, Hurricane Floyd, are all big issues, but why so little comment in the tech and headline news media. Personally, I wanted to hear Sarah Baskin report it to the world. Oh well, poor me. Maybe some reporter will summarize what I've said here and get the word out that FREE MAIL IS NOT SAFE. Let me say it again...FREE MAIL IS NOT SAFE. I'm just a regular guy, I'm no "hacker". Look how easy it was to open up their system. This should be a wakeup call.
Well I have to go now. Unlike the folks at NSI, I need to stop playing around and get some real work done.
At approx. 12:45 PM, Monday, September 20, 1999 they closed the front door. It seems that everyone that read the article started using the webmaster@dotcomnow.com account so they regenerated the account. The sign-up system came back online at approx. 1 AM ish, Tuesday, September 21, 1999. Too bad for them that I can still get in. The hint: Hole 1 made Hole2 Nurf said "Eat cheese Bebo Cerveza the equinox and fall begins"
Whatever you do, don't mail any NSI support accounts associated with the freemail system. They are all compromised. If you haven't used that account yet, you shouldn't worry. What did you say your domain name was? ;)
Yes, very, very sad. Someone at NSI should lose their job. Oh wait, I forgot, they don't really care. They must still be riding the monopoly train. I guess that's why I can still steam right in. I bet they thought they fixed the thing.
Sorry! Over 2100 accounts are still compromised. Here's a programming hint, hole 1 created hole 2.
Idiots! So Sad.