TBTF for 8/10/98: No bananas

Keith Dawson (dawson@world.std.com)
Tue, 11 Aug 1998 18:34:47 -0500


TBTF for 8/10/98: No bananas

T a s t y B i t s f r o m t h e T e c h n o l o g y F r o n t

Timely news of the bellwethers in computer and communications
technology that will affect electronic commerce -- since 1994

Your Host: Keith Dawson

This issue: < http://www.tbtf.com/archive/08-10-98.html >

C o n t e n t s

Back Orifice is open for mischief
Judge to MS: hand 'em over
Another source-code ruling goes against Microsoft
Microsoft countersues the states
Is the name altavista.com worth $3M?
A brace of email security holes
Telephony into streaming audio
Three hackers and a security consultant
Buzzword Bingo
No bananas

..Back Orifice is open for mischief

ISS deconstructs the feared cracker tool and finds it wanting

The Cult of the Dead Cow's trojan backdoor tool, covered in TBTF for
7/27/98 [1], has caught the attention of the industry media, bigtime.
Today's PC Week features an editorial [2] as well as a lab analysis
[3] of Back Orifice. Microsoft responded to the news on 8/4 with
content-free marketing blather.

> Back Orifice is unlikely to pose a threat to the vast majority
> of Windows 95 or Windows 98 users, especially those who follow
> safe internet computing practices.

Curiously, Microsoft's security page links two variant but seemingly
official versions of this feel-good memo [4], [5]. cDc's response
[6] to the Microsoft damage-control statement is easily more con-

The most useful contribution so far to the public BO discussion
comes from ISS, which published its analysis [7] on 8/6. ISS re-
verse-engineered and conquered BO's weak encryption scheme.

> With our tools we have been able to capture a BO request
> packet, find a password that will work on the BO server,
> and get the BO server to send a dialog message to warn the
> administrator and kill its own process.

ISS summarizes the threat this way.

> Back Orifice provides an easy method for intruders to install
> a backdoor on a compromised machine. Back Orifice's authenti-
> cation and encryption is weak, therefore an administrator can
> determine what activities and information is being sent via
> BO. Back Orifice can be detected and removed. This backdoor
> only works on Windows 95 and Windows 98 for now and not cur-
> rently on Windows NT.

cDc hints that an NT version is on the way. BO has seen 35,000 down-
loads thus far.

[1] http://www.tbtf.com/archive/07-27-98.html#s04
[2] http://www.zdnet.com/pcweek/opinion/0810/10week.html
[3] http://www.zdnet.com/pcweek/reviews/0810/10hack.html
[4] http://www.microsoft.com/security/mktBackOrifice.htm
[5] http://www.microsoft.com/security/bulletins/ms98-010.htm
[6] http://www.cultdeadcow.com/tools/bo_msrebuttal.html
[7] http://www.iss.net/xforce/alerts/advise5.html

..Judge to MS: hand 'em over

Initial rulings favor the Justice Department

On 8/7 judge Thomas Penfield Jackson handed Microsoft a series of
setbacks [8], [9] in the antitrust suit brought by the Justice De-
partment, 20 states, and the District of Columbia. The company is
required to produce its chairman and 16 other executives this week
for as long as it takes to depose them -- Microsoft had offered 8
hours of Bill Gates's time and 8 executives. (I wonder how they
think court proceedings work?) And the company is required to turn
over source code for Windows 95 and Windows 98 without the restric-
tions Microsoft had sought to impose on those who study the code.
(Microsoft lost a similar battle a week before in a different law-
suit -- see the following story.)

On 8/10 Microsoft filed a 33-page counter to the authorities' re-
quest that the company be ordered to offer Windows without Explorer,
and in addition filed an 88-page motion for summary judgement.
Judge Jackson signaled last Friday his attitude toward the latter
brief, saying "Well, you certainly are entitled to [file for dis-
missal]," but "any dispute of material fact, even one, is sufficient
to deny summary judgment." It is fair to say that the facts are
still in dispute. As for Microsoft's attempt to demonstrate that
they intended -- really! -- to integrate browser and OS as early
as 1993, a timeline [10] on their own MSNBC belies the claim. Thanks
to the folks at Need to Know for this link.

Judge Jackson will rule soon on a request for public access to the
proceeding in which Microsoft executives are deposed [11].

[8] http://www.wired.com/news/news/politics/story/14275.html
[9] http://cbs.marketwatch.com/news/current/msft.htx
[10] http://www.msnbc.com/news/118315.asp
[11] http://www.news.com/News/Item/Textonly/0,25,25149,00.html?tbtf

..Another source-code ruling goes against Microsoft

In an earlier case, another procedural loss

On 7/28 a Utah federal judge ruled [12] that Microsoft must turn
over source code to Windows 95 to Caldera, a Utah company suing
Microsoft for unfair trade practices in the OS market in the
days when DOS had competitors [13]. Microsoft had demanded a
stipulation that anyone who sees the code be barred from OS de-
velopment for 18 months, but the judge denied this request.

The judge also ruled that internal Novell documents in the case
be unsealed, and Microsoft has released some of them [14]. No-
vell owned the DR-DOS technology that Caldera bought and over
which it is suing Microsoft. The documents outline Novell's
thinking in the early 1990s when it was mulling the option to
sue Microsoft, which Novell never did. One surprise in the doc-
uments is the news that Microsoft made a verbal offer to buy
Novell in 1989 and put it in writing in 1991. Novell judged
that the offer was a ploy to forestall a lawsuit, and that Mi-
crosoft knew such a merger would never be approved by federal

[12] http://www.sltrib.com/07291998/utah/45304.htm
[13] http://www.tbtf.com/archive/04-27-98.html#s03
[14] http://www.sltrib.com/1998/jul/07191998/business/43821.htm

..Microsoft countersues the states

Surprising invocation of a Constitutional principle

In a filing formally denying the antitrust charges lodged by 20
states and the District of Columbia, on 7/28 Microsoft accused the
states of Constitutional violation of its copyright privileges [15].
Microsoft's argument to dismiss the states' case turns on the
"Supremacy" clause of the US Constitution, which declares that fed-
eral laws take precedence over state laws. The company argues that
by attempting to limit and define the content of Windows 98, the
states are violating Microsoft's right to license its intellectual
property in unaltered form. Independent attornies contacted by the
SJ Mercury News called the countersuit surprising, unexpected, and
not at all far-fetched.

[15] http://www.mercurycenter.com/business/top/026285.htm

..Is the name altavista.com worth $3M?

Reported purchase shatters the price record

The SF Chronicle reported that Compaq Computer, which recently com-
pleted the purchase of Digital Equipment Corp., bought the domain
name altavista.com for $3.35M USD [16]. If true this would represent
a new record high price for a domain name. The highest previous
price I have heard about was for internet.com, which was rumored to
have fetched $150K. TechWeb reports that Compaq has denied that the
price was over $3M and denied that, at the time of the Chronicle
story, the deal was done [17].

[16] http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/1998/07/28/BU387.DTL&type=printable
[17] http://www.techweb.com/wire/story/TWB19980728S0014

..A brace of email security holes

Afflicting the oldest push technology

First a security flaw based on long filenames for file attachments
affecting Outlook Express and Netscape Communicator [18] had Micro-
soft and Netscape scrambling for fixes. Microsoft's is now avail-
able [19], Netscape's isn't yet -- but the developer of Sendmail
has also developed a free fix to run on mail servers [20]. The flaw
was found by a Finnish tester. It affects Windows platforms only.
Here is Netscape's explanation of the bug [21].

Next it was Eudora's turn in the barrel [22]. On 7/29 the president
of Phar Lap Software discovered a way to cause Eudora to display a
file attachment masquerading as a live link. While users may know
the dangers of double-clicking on an unknown attachment, they might
consider it safe to click on a link. The vulnerability exists in
Eudora Pro 4.0, 4.0.1, and 4.1, again on Windows; older versions
and the Macintosh are immune. The problem only happens when Eudora
uses Internet Explorer to display Web content -- there's that pesky
integration of browser and OS acting up again. Eighteen million
copies of Eudora are in use, not all of them the affected versions.
Qualcomm has posted a fix [23].

[18] http://www.mercurycenter.com/business/top/001482.htm
[19] http://support.microsoft.com/download/support/mslfiles/OUTPATCH.EXE
[20] http://www.sjmercury.com/business/tech/docs/084718.htm
[21] http://home.netscape.com/products/security/resources/bugs/longfile.html
[22] http://www.wired.com/news/news/technology/story/14299.html
[23] http://eudora.qualcomm.com/pro_email/updaters.html

..Telephony into streaming audio

Convert analog to RealAudio in near-realtime

Colorado company TellSoft Technologies [24] is less than a year old
and its iTalk technology is making large waves. TellSoft has defined
a server architecture for converting analog voice messages from the
circuit-switched phone network into streaming, compressed RealAudio
files -- and fast. The company is a primary partner in RealNetworks
next-generation development beta. TechWeb has a good summary of the
technology and its markets [25].

[24] http://www.tellsoft.com/
[25] http://www.techweb.com/wire/story/TWB19980724S0010

..Three hackers and a security consultant

Beware the fabled HERF, and shun the Nether Orifice

If this interview [26] doesn't scare you, you're not paying atten-
tion. The four subjects have plenty of attitude -- comes with the
territory -- and they seem to know whereof they speak. Is it really
possible to put together a high-energy radio frequency weapon that
can disable all the electronics in a building from its parking lot?
One of the hackers calls it a "$300 poor man's nuke." NTK reports
[27] that the FBI detained a hacker named Ph0n-E at the recent Def-
con hackers convention because he had promised to show a prototype
HERF gun.

[26] http://www.forbes.com/asap/6396/hack.htm
[27] http://www.ntk.net/index.cgi?back=archive98/now0807.txt

..Buzzword Bingo

Whiling away those Dilbert hours

If at your next corporate meeting you detect occasional inappro-
priate currents of wild mirth, be suspicious: as you speak your
employees may be using you as the unwitting caller in agame of
Buzzword Bingo. Speaking at a recent college graduation, Al Gore
caught a ripple of suppressed tittering from the audience and
asked, to his credit, "Did I just use a buzzword?" No one knows
when the game started; my guess is the first Buzzword Bingo cards
were printed on line-printer paper and generated from a Teco macro.
It's easier today. Visit any one of these sites [28], [29], [30],
[31], hit Print and Reload as many times as your meeting has at-
tendees, and hand 'em out. Meep! Media grabbed the domain name [32]
and styles itself the epicenter of the BB phenomenon. But by its
nature Buzzword Bingo is anarchic and unpossessable.

[28] http://reality.sgi.com/cgi-bin/bingocard
[29] http://skat.usc.edu/~karl/Bingo/
[30] http://timesync.gmu.edu/cgi-bin/bingo.pl?card
[31] http://it.ncsa.uiuc.edu/~mag/cgi-bin/bingo/bingo.cgi
[32] http://buzzword-bingo.com/cgi/buzzcard.cgi

..No bananas

Tracking the spread of a Web-era meme

On my brief vacation last week in Maine I came across an appealing
digital-age meme [33]. The proprietors at a pottery studio and show-
room in Tenants Harbor are educated and literate but resolutely un-
wired. A hand-lettered sign above a door boasts:

> www.nowedonthaveawebsite.com

This meme had infected them at a Boston brew pub, they said. When I
checked the domain name it hadn't been claimed. That changed quick
[34], and the No Web site is now a member in good standing of the
Technology Front's eclectic stable. Please write if you come across
any other commercial establishments sporting the No Web meme.

[33] http://www.whatis.com/meme.htm
[34] http://www.nowedonthaveawebsite.com/

N o t e s

> Yes, as a matter of fact I do try to arrange to vacation in places
where I can get IP tone.

> This week's TBTF title comes from a novelty song [35] by Frank Silver
and Irving Cohn, the hit of 1923 as sung by Eddie Cantor.

[35] http://www.lyrics.ch/query/get?s=14545

S o u r c e s

> For a complete list of TBTF's (mostly email) sources, see
http://www.tbtf.com/sources.html .

TBTF home and archive at http://www.tbtf.com/ . To subscribe send
the message "subscribe" to tbtf-request@world.std.com. TBTF is
Copyright 1994-1998 by Keith Dawson, <dawson@world.std.com>. Com-
mercial use prohibited. For non-commercial purposes please forward,
post, and link as you see fit.
Keith Dawson dawson@world.std.com
Layer of ash separates morning and evening milk.

Version: PGP for Personal Privacy 5.5