Hacking 101.4
Reasons for Microsoft Updates
from the April 2001 Actrix Newsletter

by Dean Moor

I am again grateful to Dean Moor for this next article in his series on hacking. To many it is a fascinating topic. It really would be a good idea for those interested but new to computers or the net to read over Dean's previous articles at:

http://editor.actrix.co.nz/0008.htm,
http://editor.actrix.co.nz/0009.htm,
http://editor.actrix.co.nz/0010.htm,
http://editor.actrix.co.nz/0011.htm and
http://editor.actrix.co.nz/0012.htm -Ed

Hi Folks, Well, its been a while. I apologise for not submitting an article for the last couple of months. I have been absolutely flat out. Anyway; back in to it...

The first article I wrote was more like instructions on how to use the Microsoft update web site, and the last one I wrote was regarding Trojan software. Well, this month, we are going to learn why the Windows updates are so crucial.

In the last article we discussed how dangerous a Trojan in your system can be. Well, I am sorry to say, that Trojans are not the only way into your system. When your computer is online you have several services running, such as your web browser loading a page, your e-mail program checking e-mail, or your web server handing out your web site to those who wish to see it.

Now, as you most likely know, web pages are designed using a code called HTML. What some of you may not know is that other types of code can be inserted into the HTML on the web page, such as Java, Pearl, C+ and various others. The most common of these is Java. Java is generally pretty safe. However, to display a web page your browser must download all of the code related to that particular page, and then run it. Like I said, generally Java is safe, but there are certain things that can be done using this programming language that you may not wish to happen. For example, an intruder can get a large amount of personal details from your machine such as the information displayed below.

This information has been gathered using a simple Java script.
No Information what so ever has been kept in any form.

A malicious web designer can even see what pages you have been to, and how often, drop cookies on your machine that will track you every where you go, and the next time you view his web site, deliver all the information and more. It can be a truly dangerous adventure on the Internet. Now for the good news, if you have the latest updates from Microsoft you are protected from the majority of these exploits.

Now, lets take a look quickly at a vulnerability with the web server, the machine that displays the web page on your machine. One particular vulnerability called "Malformed URL" can cause Service Failure in IIS 5.0 and Exchange 2000" by Microsoft. If a malicious attacker found that your machine had this vulnerability, they could request a specific URL (Address) that would cause the web server to stop functioning. Now, imagine for a moment that you are running an e-commerce web site, and relied on your web page to be operational. A "hacker" finds your web site, decides that they don't like you, and types in this URL. Your Web Server stops running, and nobody else can see your web page until the machine or service has been restarted. It could be a couple of days before you realise, and that could equal a large amount of lost profit. Once again, time for the good news, If you are up to date with your Security Patches, you would be protected from this attack, and therefore would not lose anything.

Another example: many of you would use Outlook Express as your e-mail client. What would you think if I told you that anyone could run almost any code on your machine that they wished if you were to add their vCard (Personal Contact Details exported to a small file) to your address book. Well, believe it or not, it can be done. This code could be a Trojan Virus to make the attackers life easier, or it could be any program of their choosing. Once again, there is some good news. Firstly you would have to manually add the vCard, and secondly, Microsoft know about this problem, and yes, they have released a patch to fix it.

So, you see, above I have listed just three of the vulnerabilities that may exist on your machine. As I mention in one of my earlier articles, the average Windows 98 machine has about 50 vulnerabilities, and the average Windows NT machine with Internet Information Server 4.0 has about 400. Please, do use the Windows Update Site to protect yourself from as much as possible. I would also like to suggest that you drop by the StarTech Web Site from time to time as well. I have the latest Microsoft Security Bulletins listed and the Operating Systems/Programs that they refer to for easy reference. The reason I say this is the Windows Update Site doesn't have all of the Security Patches that you may need. I would also like to suggest the Microsoft Tech Support Site - Technet.

So, to wrap up. Your computer may be more vulnerable than you are aware of. The solution, use the available assistance and save yourself trouble and money employing the Technicians fixing those annoying crashes.

The windows Update site is found at http://www.windowsupdate.microsoft.com. Simply go there and follow instructions.

Safe Browsing and Good Luck. Most of all Have Fun.

Dean Moor
StarTech.
www.startech.co.nz