ISS deconstructs the feared cracker tool and finds it wanting

The Cult of the Dead Cow's trojan backdoor tool, covered in TBTF for 1998-07-27 [1], has caught the attention of the industry media, bigtime. Today's PC Week features an editorial [2] as well as a lab analysis [3] of Back Orifice. Microsoft responded to the news on 8/4 with content-free marketing blather.

The most useful contribution so far to the public BO discussion comes from ISS, which published its analysis [7] on 8/6. ISS reverse-engineered and conquered BO's weak encryption scheme.

[1] http://www.tbtf.com/archive/1998-07-27.html#s04
[2] http://www.zdnet.com/pcweek/opinion/0810/10week.html
[3] http://www.zdnet.com/pcweek/reviews/0810/10hack.html
[4] http://www.microsoft.com/security/mktBackOrifice.htm
[5] http://www.microsoft.com/security/bulletins/ms98-010.htm
[6] http://www.cultdeadcow.com/tools/bo_msrebuttal.html
[7] http://www.iss.net/xforce/alerts/advise5.html

Initial rulings favor the Justice Department

On 8/7 judge Thomas Penfield Jackson handed Microsoft a series of setbacks [8], [9] in the antitrust suit brought by the Justice Department, 20 states, and the District of Columbia. The company is required to produce its chairman and 16 other executives this week for as long as it takes to depose them -- Microsoft had offered 8 hours of Bill Gates's time and 8 executives. (I wonder how they think court proceedings work?) And the company is required to turn over source code for Windows 95 and Windows 98 without the restrictions Microsoft had sought to impose on those who study the code. (Microsoft lost a similar battle a week before in a different lawsuit -- see the following story.)

On 8/10 Microsoft filed a 33-page counter to the authorities' request that the company be ordered to offer Windows without Explorer, and in addition filed an 88-page motion for summary judgement. Judge Jackson signaled last Friday his attitude toward the latter brief, saying "Well, you certainly are entitled to [file for dismissal]," but "any dispute of material fact, even one, is sufficient to deny summary judgment." It is fair to say that the facts are still in dispute. As for Microsoft's attempt to demonstrate that they intended -- really! -- to integrate browser and OS as early as 1993, a timeline [10] on their own MSNBC belies the claim. Thanks to the folks at Need to Know for this link.

Judge Jackson will rule soon on a request for public access to the proceeding in which Microsoft executives are deposed [11].

[8] http://www.wired.com/news/news/politics/story/14275.html
[9] http://cbs.marketwatch.com/news/current/msft.htx
[10] http://www.msnbc.com/news/118315.asp
[11] http://www.news.com/News/Item/Textonly/0,25,25149,00.html?tbtf

In an earlier case, another procedural loss

On 7/28 a Utah federal judge ruled [12] that Microsoft must turn over source code to Windows 95 to Caldera, a Utah company suing Microsoft for unfair trade practices in the OS market in the days when DOS had competitors [13]. Microsoft had demanded a stipulation that anyone who sees the code be barred from OS development for 18 months, but the judge denied this request.

The judge also ruled that internal Novell documents in the case be unsealed, and Microsoft has released some of them [14]. Novell owned the DR-DOS technology that Caldera bought and over which it is suing Microsoft. The documents outline Novell's thinking in the early 1990s when it was mulling the option to sue Microsoft, which Novell never did. One surprise in the documents is the news that Microsoft made a verbal offer to buy Novell in 1989 and put it in writing in 1991. Novell judged that the offer was a ploy to forestall a lawsuit, and that Microsoft knew such a merger would never be approved by federal regulators.

[12] http://www.sltrib.com/07291998/utah/45304.htm
[13] http://www.tbtf.com/archive/1998-04-27.html#s03
[14] http://www.sltrib.com/1998/jul/07191998/business/43821.htm

Surprising invocation of a Constitutional principle

In a filing formally denying the antitrust charges lodged by 20 states and the District of Columbia, on 7/28 Microsoft accused the states of Constitutional violation of its copyright privileges [15]. Microsoft's argument to dismiss the states' case turns on the Supremacy clause of the US Constitution, which declares that federal laws take precedence over state laws. The company argues that by attempting to limit and define the content of Windows 98, the states are violating Microsoft's right to license its intellectual property in unaltered form. Independent attornies contacted by the SJ Mercury News called the countersuit surprising, unexpected, and not at all far-fetched.

[15] http://www.mercurycenter.com/business/top/026285.htm

Reported purchase shatters the price record

The SF Chronicle reported that Compaq Computer, which recently completed the purchase of Digital Equipment Corp., bought the domain name altavista.com for $3.35M USD [16]. If true this would represent a new record high price for a domain name. The highest previous price I have heard about was for internet.com, which was rumored to have fetched $150K. TechWeb reports that Compaq has denied that the price was over $3M and denied that, at the time of the Chronicle story, the deal was done [17].

[16] http://www.sfgate.com/cgi-bin/article.cgi?file=...
[17] http://www.techweb.com/wire/story/TWB19980728S0014

Afflicting the oldest push technology

First a security flaw based on long filenames for file attachments affecting Outlook Express and Netscape Communicator [18] had Microsoft and Netscape scrambling for fixes. Microsoft's is now available [19], Netscape's isn't yet -- but the developer of Sendmail has also developed a free fix to run on mail servers [20]. The flaw was found by a Finnish tester. It affects Windows platforms only. Here is Netscape's explanation of the bug [21].

Next it was Eudora's turn in the barrel [22]. On 7/29 the president of Phar Lap Software discovered a way to cause Eudora to display a file attachment masquerading as a live link. While users may know the dangers of double-clicking on an unknown attachment, they might consider it safe to click on a link. The vulnerability exists in Eudora Pro 4.0, 4.0.1, and 4.1, again on Windows; older versions and the Macintosh are immune. The problem only happens when Eudora uses Internet Explorer to display Web content -- there's that pesky integration of browser and OS acting up again. Eighteen million copies of Eudora are in use, not all of them the affected versions. Qualcomm has posted a fix [23].

[18] http://www.mercurycenter.com/business/top/001482.htm
[19] http://support.microsoft.com/download/support/mslfiles/OUTPATCH.EXE
[20] http://www.sjmercury.com/business/tech/docs/084718.htm
[21] http://home.netscape.com/products/security/resources/bugs/longfile.html
[22] http://www.wired.com/news/news/technology/story/14299.html
[23] http://eudora.qualcomm.com/pro_email/updaters.html

Convert analog to RealAudio in near-realtime

Colorado company TellSoft Technologies [24] is less than a year old and its iTalk technology is making large waves. TellSoft has defined a server architecture for converting analog voice messages from the circuit-switched phone network into streaming, compressed RealAudio files -- and fast. The company is a primary partner in RealNetworks next-generation development beta. TechWeb has a good summary of the technology and its markets [25].

[24] http://www.tellsoft.com/
[25] http://www.techweb.com/wire/story/TWB19980724S0010

Beware the fabled HERF, and shun the Nether Orifice

If this interview [26] doesn't scare you, you're not paying attention. The four subjects have plenty of attitude -- comes with the territory -- and they seem to know whereof they speak. Is it really possible to put together a high-energy radio frequency weapon that can disable all the electronics in a building from its parking lot? One of the hackers calls it a "$300 poor man's nuke." NTK reports [27] that the FBI detained a hacker named Ph0n-E at the recent Defcon hackers convention because he had promised to show a prototype HERF gun.

[26] http://www.forbes.com/asap/6396/hack.htm
[27] http://www.ntk.net/index.cgi?back=archive98/now0807.txt

Whiling away those Dilbert hours

If at your next corporate meeting you detect occasional inappropriate currents of wild mirth, be suspicious: as you speak your employees may be using you as the unwitting caller in a game of Buzzword Bingo. Speaking at a recent college graduation, Al Gore caught a ripple of suppressed tittering from the audience and asked, to his credit, "Did I just use a buzzword?" No one knows when the game started; my guess is the first Buzzword Bingo cards were printed on line-printer paper and generated from a Teco macro. It's easier today. Visit any one of these sites [28], [29], [30], [31], hit Print and Reload as many times as your meeting has attendees, and hand 'em out. Meep! Media grabbed the domain name [32] and styles itself the epicenter of the BB phenomenon. But by its nature Buzzword Bingo is anarchic and unpossessable.

[28] http://reality.sgi.com/cgi-bin/bingocard
[29] http://skat.usc.edu/~karl/Bingo/
[30] http://timesync.gmu.edu/cgi-bin/bingo.pl?card
[31] http://it.ncsa.uiuc.edu/~mag/cgi-bin/bingo/bingo.cgi
[32] http://buzzword-bingo.com/cgi/buzzcard.cgi
[32a] http://hacks.mit.edu/Hacks/by_year/1996/gore/
[32b] http://monkeyboys.org/pilot/
[32c] http://monkeyboys.org/images/dilbert-buzzword.jpeg

Tracking the spread of a Web-era meme

On my brief vacation last week in Maine I came across an appealing digital-age meme [33]. The proprietors at a pottery studio and showroom in Tenants Harbor are educated and literate but resolutely un-wired. A hand-lettered sign above a door boasts:

[33] http://www.whatis.com/meme.htm
[34] http://www.nowedonthaveawebsite.com/

[35] http://www.lyrics.ch/query/get?s=14707

TBTF home and archive at http://www.tbtf.com/ . To subscribe send
the message "subscribe" to tbtf-request@world.std.com. TBTF is
Copyright 1994-1998 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Com-
mercial use prohibited. For non-commercial purposes please forward,
post, and link as you see fit.
_______________________________________________
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.