Microsoft Admits NT Has Serious Security Flaw.
Published:
28 August 1999 y., Saturday
Microsoft has acknowledged a serious security flaw in NT when used with Service Pack 4 (SP4) -- probably the most commonly deployed version of its operating system. The flaw enables hackers to masquerade as trusted hosts to get access to secure systems, using so-called Predictable IP Sequence Numbering - something that was identified and fixed in Unix systems several years ago, according to Richard Thomas, head of Winterfold Datacomm (Guildford, UK), a networking consultancy. Security problems had been found in earlier versions of NT, but the bundle of patches and fixes in SP4 were supposed to have made everything watertight. That_s proved not to be the case, according to NTA Monitor (Rochester, UK), a consultancy that conducts security audits on corporate systems by simulating hacker attacks over the Internet. When conducting such an audit, it came across Predictable IP Sequence Numbering at a customer site using NT with SP4. After doing bench tests to establish
that the problem was generic to NT and SP4, NTA-Monitor contacted Microsoft. After nearly three weeks of deliberations, Microsoft has come clean. Sunil Gopal, a technical specialist at Microsoft,
acknowledged the problem on Tuesday in a memo to Roy Hills, NTA-Monitor_s testing development director. His memo says fault has been eliminated in Windows 2000 and "will be back-ported to NT 4.0 in a future SP release."
Copying, publishing, announcing any information from the News.lt portal without written permission of News.lt editorial office is prohibited.
The most popular articles
Software company announced new structure_ of it_s business.
more »
Email churn surges into the tens of billions
more »
Experts say the Nimda virus spreads through e-mail, vulnerable servers, and the Internet via open network sharing features and altered Web pages.
more »
Hackers have begun attacking Web sites connected to Afghanistan's Taliban rulers and to other Islamic nations
more »
Corporate altruism is replacing shock as some tech companies offer free services and bandwidth to businesses affected by last week's attacks.
more »
In an apparent response to terrorist attacks on America, a notorious hacker known as "Fluffi Bunni" defaced potentially tens of thousands of high-profile Web sites, replacing their home pages with a rant about religion, capitalism, and violence.
more »
U.S. consumers are more likely to revisit Web sites that are fast loading, customizable and more informative than those that offer rich media or content delivery to wireless handsets, according to research by Jupiter Media Metrix.
more »
Entertainment industry lobbyists say programmers and open-source activists should not be alarmed by a controversial proposal to embed copy-protection controls in nearly all PCs and consumer electronic devices.
more »
Homegrown instant messaging start-up Odigo, Inc. has scored a lucrative deal to develop and power "MTV Messenger", a new IM communications tool for MTV-owned Web sites in Europe.
more »
search.lt presents newest links
more »
A South Korean Internet portal has filed a complaint with fair trade regulators, alleging Microsoft is shutting out competition by tying a range of application software into its new Windows operating system.
more »