Windows 95 Is A Hacker's Dream Over The Internet

Central, Hong Kong, Nov 9 (NB) -- Windows 95, combined with the Internet, could be a dream made in hacker heaven. From seasoned propeller heads Newsbytes has contacted, it looks like Windows 95 could be more of a security nightmare than was first thought.

This is especially true where fixed link companies are concerned. An investigation of the new operating system, when hooked onto the Internet, leaves computers wide open. Executing a series of simple, uncomplicated commands opens up company and private users' computers to hacking the moment they access the Internet, claim some analysts.

Worse, they may never know it has been done. Using a simple Unix command, a hacker can locate the IP (Internet protocol) address of the subscriber logged into an Internet service provider. Then he needs only one more thing; a logged-on Internet user using Microsoft's new operating system.

For businesses with leased line Internet links, it can happen at any time, day or night. Once the IP address has been noted, the hacker simply creates a file through DOS on his own system, specifying the address and naming it. Using two other commands -- which purge the remote names on the IP, or Internet provider's port -- the system then refreshes and remaps itself in preparation to be accessed by the hacker's computer.

Because Windows 95 is designed with a networking capability, it leaves all computers in the office open to illegal access. Once the hacker has called up his Map Network Drive, the hard disk on his own machine cannot be differentiated from that of the genuine user. All that need be done then is to put in a common drive name, most obviously "C:\." For networked machines, the default "C$" is common.

This gives access to all files on the subscriber's drive. While Windows 95 allows the user to protect the drive by giving it a password, computer experts Newsbytes talked to said that device won't necessarily lock out intruders. Because the operating system has no "audit" trail -- in other words, it does not log who or how someone is accessing the drive -- a hacker can spend weeks trying to discover the password. Password search programs, like Cracker, are readily available and can break through most simple password sequences.


Date: Fri, 10 Nov 1995 10:57:05 GMT
To: cypherpunks@toad.com
From: cpunk@remail.ecafe.org (ECafe Anonymous Remailer)
Subject: Win95 A Hacker's Net Dream
Remailed-By: ECafe Anonymous Remailer


Lightly edited 95/12/01
J.A.N. Lee