CasinoCityTimes.com

Home
Gaming Strategy
Featured Stories
News
Newsletter
Legal News Financial News Casino Opening and Remodeling News Gaming Industry Executives Search News Subscribe
Newsletter Signup
Stay informed with the
NEW Casino City Times newsletter!
SEARCH NEWS:
Search Our Archive of Gaming Articles 
 

Netscape Vulnerability Opens Door for Hackers

8 August 2000

Security experts have identified a weakness in certain versions of the popular Netscape browser that opens the door for hackers to remotely view or alter any file stored on an affected computer.

Dubbed "Brown Orifice" after the popular hacker ware "Back Orifice," the security gap allows outside users to create Web pages that invisibly load a malicious program that allows outside users to connect to the victim's computer and view any files stored there.

The security alert was first posted on the Internet on Saturday by 22-year-old computer programmer Dan Brumleve, and has since appeared on various security sites to assist programmers in learning more about the vulnerability and taking precautionary measures.

The trouble is, that code also is available to hackers. So far, Brumleve estimates, more than 1,000 users have fallen victim to the security flaw.

The security flaw exploits weaknesses in both Sun Microsystems' Java programming language and the way Netscape implements Java commands.

David Endler, a security engineer with iDefense, said the flaw affects users of Netscape Navigator 4.71 and earlier, but that users working behind a secure firewall should be immune to the bug. Endler warned, however, that individual home users and corporate systems outside of firewall protection are vulnerable to anyone attempting to access their machines.

Endler said Brown Orifice essentially turns an affected users' computer into a Web server, making Netscape a very useful tool for a closed group of users who want to share files on each others' computers.

But, he said, Brown Orifice could also be placed on a given commercial Web page, where users unknowingly load the program onto their computers just by visiting the page.

"Java operates on the sandbox model: Java is its own playground, has its own set of resources and is not supposed to leave the sandbox and romp around system," Endler said. "The reason this is going to be a big deal is because here's an example of Java using system resources on a client workstation maliciously."

Once installed on a popular Web page, Hackers and virus writers could easily configure the code to relay information about affected users to a particular Web page. In fact, Brumleve's site gives detailed information about how to configure one of these so-called "spy links."

"This is very customizable," Endler said. "I'm really curious to think what the next step is. The real question is what are we going to see in the future?"

Netscape spokesman Andrew Weinstein said the company is working on a patch for the problem, and plans to make that available for downloading from its site within the next 48 hours.

"Netscape takes all security issues very seriously, and we are working to quickly evaluate and address this concern," Weinstein said.

In the meantime, Weinstein urges Netscape users to simply turn off Java (users can do so by clicking on Edit, Preferences, and Advanced, and then removing the check mark next to Enable Java).

Brumleve's site notes that remote users can access files on affected computers until the victim has closed Navigator, and that in Windows 2000 systems, Brown Orifice continues to operate even after Navigator is closed.

Reported by Newsbytes, www.newsbytes.com.

< Gaming News