Microsoft Admits NT Has Serious Security Flaw.
Published:
28 August 1999 y., Saturday
Microsoft has acknowledged a serious security flaw in NT when used with Service Pack 4 (SP4) -- probably the most commonly deployed version of its operating system. The flaw enables hackers to masquerade as trusted hosts to get access to secure systems, using so-called Predictable IP Sequence Numbering - something that was identified and fixed in Unix systems several years ago, according to Richard Thomas, head of Winterfold Datacomm (Guildford, UK), a networking consultancy. Security problems had been found in earlier versions of NT, but the bundle of patches and fixes in SP4 were supposed to have made everything watertight. That_s proved not to be the case, according to NTA Monitor (Rochester, UK), a consultancy that conducts security audits on corporate systems by simulating hacker attacks over the Internet. When conducting such an audit, it came across Predictable IP Sequence Numbering at a customer site using NT with SP4. After doing bench tests to establish
that the problem was generic to NT and SP4, NTA-Monitor contacted Microsoft. After nearly three weeks of deliberations, Microsoft has come clean. Sunil Gopal, a technical specialist at Microsoft,
acknowledged the problem on Tuesday in a memo to Roy Hills, NTA-Monitor_s testing development director. His memo says fault has been eliminated in Windows 2000 and "will be back-ported to NT 4.0 in a future SP release."
Copying, publishing, announcing any information from the News.lt portal without written permission of News.lt editorial office is prohibited.
The most popular articles
Software company announced new structure_ of it_s business.
more »
Virus writer and hacker activity has stepped up dramatically since the U.S. and U.K. armed forces started their war against Iraq
more »
A top EU commissioner has been banging on about the importance of eGovernment
more »
But within hours, firm suffers denial of service attack
more »
Commercial Alliance-Bank will be the first among RK banks implementing a transaction through international chip cards "Visa Smart Debit & Credit (VSDC)" through single processing center
more »
All those interested in British-Polish economic issues now have a new Internet site www.bpcc.org.pl
more »
Minsk to Welcome Belarusian Congress on Telecommunications, Information and Banking Technologies
more »
A drop in federal funding could delay some projects under the Electronic Russia program, which aims to boost the use of information technology throughout the country, the Communications Ministry said Tuesday
more »
The European Commission is consulting its 15 national member governments over a draft decision to pick a Belgian-led consortium to run the long-awaited .eu top-level domain name registry
more »
Previously undiscovered flaw used to attack Army Web site
more »
Wincor Nixdorf presents a range of propositions with the spotlight focused on the specific needs and problems facing the banking industry under the key headings of Branch, Multichannel and Cash Management
more »