Koreksi jika salah Indonesian Shopping Mall http://www.IndoMall.or.id/ RedHat 5.2 starting from Rp 29.500,- T-Shirt , Mp3 Subject: [zdnn] Hackers find Windows NT hole >Hackers find Windows NT hole >By Lisa M. Bowman >February 19, 1999 >ZDNN > > A security hole in Microsoft Corp.'s Windows NT 4.0 server and workstation >could allow users connected to a network to get access to information they >shouldn't be viewing -- or even take over the network. > > The hole was discovered by L0pht Heavy Industries, a hacker group and >security-consulting firm. Right now, L0pht, which posted details about the >hole on its Web site, has only confirmed the problem in versions 4.0 service >pack 4. > >---------------------------------------------- > 'You could get elevated access.' > -- Karan Khanna, Microsoft > --------------------------------------------- > > According to L0pht, the opening could allow a local user to take >control of a network. > > Microsoft (Nasdaq:MSFT) said it will issue a bulletin to system >administrators who've subscribed to its security newsletter and post more >information on its Web site. > > From user to 'superuser' > The problem arises when a network administrator uses one of the default >security settings instead of altering it to provide tighter protection. >Under the default setting, any user in the network potentially could replace >commonly used files with their own versions. As a result, that person can >obtain privileges they shouldn't have access to, essentially becoming an >administrator or "superuser." > > "If somebody had access to a machine, and the setting is not tight enough, >you could get elevated access," Karan Khanna, lead product manager of >Microsoft's Windows NT team, said. > > Microsoft said it hasn't heard of any users who've been adversely affected >by the hole. The company outlined ways to improve security in NT in a white >paper issued a year ago. Users who want to exploit this hole would have to >have an account and password on the network, so, in theory, they could be >easily traced. > > "It can't be done by an outsider," Khanna said. > > > >See Also: >Intruder-alert simulators: Hackers plug security holes >Firm finds big security holes in Windows NT >MS, Netscape scramble to fix security holes > > >Copyright (c) 1999 ZDNet. All rights reserved. > > http://www.hackerlink.or.id - question reality - be paranoid (?) ====================================================================== berhenti dari milis hackerlink : [EMAIL PROTECTED] peraturan pada milis hackerlink : [EMAIL PROTECTED] arsip milis ini : http://www.mail-archive.com/[email protected]
