Thirteen Servers Found Vulnerable to the Unicode Exploit|
All within a Microsoft Class "B" IP Range
By John Holstein, Cotse Help Desk Coordinator
Ok. So I am hitting Microsoft pretty hard as of late. Do you feel sorry for them? Do you feel sorry for the company that attempts to override the normal, accepted process of developing standards for the Internet? Do you feel sorry for the people that have given you Windows ME, one of the worst operating systems I have ever tried? Do you feel sorry for the company that has denied even a remote possibility that the trouble *might* have stemmed from an unpatched server?
I have it on "very good authority" that a minimum of 13 servers were vulnerable to the Unicode Exploit as of Friday, November 3 2000. Why is this? Why would they allow this to continue? I warrant that absolutely NONE of my servers are weakened by this minor problem that takes a minimal amount of time to patch. As stated in previous editorials, they are the publishers of the software, they develop the patches when exploits are found; A patch was developed and announced, why haven't the patches been put in place?
Does this mean that there may be a reason behind Microsoft not patching some servers? Are they not telling us everything we need to know? Have other System Administrators opened themselves up for other exploits by applying this patch? Seriously, I doubt it. But the possibility does exist. We may not be getting the whole truth. Microsoft may be turning into a mirror image of government agencies as seen in an episode of the "X-Files". Conspiracy Theories will blossum from this state of denial that Microsoft is in.
Instead of just giving you my thoughts, I would also like to include a question: During the period of time that the theory was presented including the "email drop" in Russia, it was reported by just about every major news agency that Microsoft has came to the conclusion that the perpetrator of the crack is in Russia. This came not more than 4 days after the crack. I must make an assumption here and say that the person that infiltrated Microsoft is NOT a script kiddie. This being the case, my question is; With the use of proxies, bouncing from server to server off shell accounts, bouncing from one dialup computer to another via shell accounts, how would an experienced hacker be traced so quickly without a company legally seeking log files from ALL computer systems accessed in the route of the connection?
You might answer this question by saying that Microsoft believes that the actual perpetrator is the originating IP address as seen while they "watched" the cracker gaining access and looking at source code. Again, that brings up other questions; Why would they allow this in the first place? Why would an experienced cracker do something that juvenile? They have the information, they can notify the authorities at this point and let them handle it. This keeps going and going. If a crime is being commited and someone is watching, at what point do they attempt to intercede and try to stop the intrusion? Is it the Police that are responsible for detering crime? Who are the experts here? The Police or the actual people that wrote the software that's being affected?
This is a learning experience for all parties involved. Whether you realize it or not, you are participating in the story as it unfolds. Microsoft is one of the most widely traded stocks on the market. What happens when they release information about a break-in attempt that originates from a faulty server, a faulty server with their software running it? I think you get the point. If however, the "spin doctors" can make the idea stick that the Trojan-Horse-via-Telecommuter-on-family-computer caused the whole fiasco, then I guess Microsoft gets by "scot-free" without really answering any detailed questions asked by stockholders.
I may be totally wrong. There may not be anything to all this. I may be jumping the gun on this one and finding something where there is a void. I doubt it. There's more to this than meets the eye. Denial, Spin-Doctors, Forgetfulness, Insertion of Information all leads one to believe that there is a coverup amongst us. Seek it out and make someone accoutable for it.
But ofcourse, that's just my opinion.
Problems? Questions? Bugs? Email me.
Return to the Help Desk