-Caveat Lector- Software bug bites US military
Computer vandals have been exploiting a flaw in Microsoft's Windows 2000 operating system even before the software giant warned people of its existence. A server operated by the US Army has already been attacked via the security hole. If successfully exploited the loophole can give attackers control over a target machine. In an advisory, Microsoft called the flaw "critical" and has been telling customers to patch their computers in case they fall victim. Bad bug The flaw is present in servers running Windows 2000, up to and including service pack 3, and version 5.0 of Microsoft's Internet Information Server (IIS) software. It arises because of Microsoft's implementation of a program called WebDAV that lets different people remotely manage what is on a net server. Using a cleverly crafted HTTP request an attacker could exploit the flaw to gain control of a server and either crash it or make it run programs of their choice. Microsoft has issued an advisory about the flaw, calling it "critical" and said an attacker that successfully exploited it could gain "complete control" over a machine. The software company has also provided a patch to close the loophole as well as other tools to help customers protect themselves against attack. Often there is a hiatus between the discovery of a flaw in software and its active exploitation by vandals. However, in this case at least one net server has been attacked via the WebDAV loophole before security advisories have been issued. The server, belonging to the US Army, was successfully attacked in early March. No serious damage was done because it was not connected to any important systems. Once patched it was attacked again. Microsoft has reportedly spent time talking to customers warning them to take action over the flaw. Security firm ISS has also reported seeing isolated attacks carried out using the WebDAV flaw. Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/2860189.stm Published: 2003/03/18 11:13:49 © BBC MMIII Forwarded for your information. The text and intent of the article have to stand on their own merits. ~~~~~~~~~~~~~~~~~~~~ In accordance with Title 17 U.S.C. section 107, this material is distributed without charge or profit to those who have expressed a prior interest in receiving this type of information for non-profit research and educational purposes only. ~~~~~~~~~~~~~~~~~~~~ "Do not believe in anything simply because you have heard it. Do not believe simply because it has been handed down for many genera- tions. Do not believe in anything simply because it is spoken and rumoured by many. Do not believe in anything simply because it is written in Holy Scriptures. Do not believe in anything merely on the authority of teachers, elders or wise men. Believe only after careful observation and analysis, when you find that it agrees with reason and is conducive to the good and benefit of one and all. Then accept it and live up to it." The Buddha on Belief, from the Kalama Sutra <A HREF="http://www.ctrl.org/";>www.ctrl.org</A> DECLARATION & DISCLAIMER ========== CTRL is a discussion & informational exchange list. Proselytizing propagandic screeds are unwelcomed. Substance—not soap-boxing—please! These are sordid matters and 'conspiracy theory'—with its many half-truths, mis- directions and outright frauds—is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRLgives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://peach.ease.lsoft.com/archives/ctrl.html <A HREF="http://peach.ease.lsoft.com/archives/ctrl.html";>Archives of [EMAIL PROTECTED]</A> http://archive.jab.org/[EMAIL PROTECTED]/ <A HREF="http://archive.jab.org/[EMAIL PROTECTED]/">ctrl</A> ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
