Computer Security Weekly, February 28, 2000


For those in the Vancouver, BC, area, CBC Radio's Afternoon Show will be having a series on computer security this week.
A weakness has been reported in the installation of Windows 2000. After installation, and until the first time the machine is rebooted, a user can log on, apparently with administrator privileges, regardless of the security restrictions that have been set up. The obvious fix seems to be to reboot as soon after installation as possible.

Another problem became evident when one outfit tried to use passwords with an asterisk (*) as the first character. This seems to create an account that can be accessed with no password, but will not accept the original.

In regard to the distributed denial of service (DDoS) attacks that have been in the news recently, most of the programs for setting up the same have been UNIX based. Now Windows versions have been found installed on a variety of machines. The existence of Windows versions makes the situation much more serious, since Windows computers provide a much greater opportunity for attackers to set up trojans. As always, we remind you, *DON'T RUN ANY PROGRAMS YOU RECEIVE VIA EMAIL OR USENET NEWS*!!! Antivirus programs will likely soon detect Wintrinoo (as it is being called initially) and other similar trojans.

IDG: New Hacking Tools Released
IDG: Windows PC Become Tools for DoS
McAfee
NY Times
PC Week

The new network structure for Windows 2000 is Active Directory. Active Directory uses DDNS. However, DDNS is not secure without DNSSEC for DDNs. Microsoft has not implemented the standard RFC 2137, but rather has its own proprietary system. This is possibly problematic on two counts, a) Microsoft's questionable record of security implementations, and b) the lack of interoperability with other systems.

MOre info here and here.

The US government has finally decided to let Daniel Bernstein put the algorithm for his "Snuffle" encryption system on the Internet. (They were beginning to look a little silly.)

Excite News
Wall Street Journal News

The first virus for Windows 2000 was detected less than six days after the system was officially released.
mailto:rslade@vcn.bc.ca
mailto:rslade@sprint.ca
mailto:robertslade@usa.net
mailto:p1@canada.com Robert Slade's Guide to Computer Viruses, 0-387-94663-2, (800-SPRINGER)
The copyright of the article Computer Security Weekly, February 28, 2000 in Computer Security is owned by Robert Slade. Permission to republish Computer Security Weekly, February 28, 2000 in print or online must be granted by the author in writing.

Go To Page: 1

Articles in this Topic    Discussions in this Topic