- Email: [email protected]
Germany: hackers give live TV demo
FRAUD/HACKING
NEWS
Germany: hackers give live TV demo were being received from the various c o m p a n i e s w h o s e s o f t w a r e was involved. Evidently the club seemed to have been able to exploit certain l o o p h o l e s in the s o f t w a r e and procedures, but it was not at the time clear-cut as to whether the demo was genuine or if anyone had actually transgressed the law.
amburg's noted Chaos Computer H Clu b recently astounded TV viewers with a live demonstration of how someone could anonymously electronically transfer funds from a bank account without use of a PIN or transaction number. The basis of the d e m o was the c l u b ' s c o n t r o l of A c t i v e X u n d e r t he M i c r o s o f t Explorer Web browser which was used to access the transaction list within the Intuit personal accounting software Quicken. Soon after the demo reassurances
M i c r o s o f t , is a p p a r e n t l y h a v i n g discussions with the Chaos Computer Club and had tried to gain access to the ActiveX control before it was r e l e a s e d on the W W W on 20
February. Microsoft's Explorer apparently has a code signing feature - - called Authenticode - - to enable users to c h e c k out the A c t i v e X control, plug-ins or Java applets, users may access. But it is still taking the demo seriously and is stepping up efforts to warn and educate users. The Company promised to launch a new p r o g r a m w hi ch will i n v o l v e an I n t e r n e t ' c h a t s i t e ' to f u r t h e r emphasize the potential and real dangers of Net security.
Roy Szweda
Hackers threaten to steal personal information using University systems E-mails are being circulated around the world using computers at the UK's Southampton University, T hreatening reports Computing. The E-mail, which originates from 'Naughty Robot', claims that the hackers have secured phone and credit card numbers, as well as the physical addresses of individuals. The group claims to "crawl into your server through a tiny hole in the World Wide Web". The hackers also claim to exploit a security weakness in HTTP. A public affairs spokesperson at Southampton University said, "This is someone from Queen's University Belfast who hacked into our archaeology section." An Internet system administrator from Southampton University said, "We know they [the Naughty Robot E-mails] came through a departmental machine at our university using a loop-hole in our old software. It did not originate from Southampton. People who do this kind of thing are a virus of a kind. They waste mine and other system administrators' time. It's the first time we think this has happened through Southampton." He also said that while it was theoretically possible for an experienced hacker to access bank accounts and other sensitive sites, when this type of message had appeared on other systems it has been a spoof.
Editor: HELEN MEYER American .Editor: CHARLES CRESSON WOOD Baseline Software, Sausalito, California~ USA Australasian Editor: BILL J. CAELLI Queensland University of Technology, Australia European Editor: KEN WONG Insight Consulting, London, UK
Correspondents: Frank R ~ S , Melbourne, Australia; John Sterlicchi, Ca fomia, USA; Paul GannOni Brussels, Belg urn.
ee special
Computer Fraud & Security March1997 © 1997 Elsevier Science Ltd
NEWS
Germany: hackers give live TV demo were being received from the various c o m p a n i e s w h o s e s o f t w a r e was involved. Evidently the club seemed to have been able to exploit certain l o o p h o l e s in the s o f t w a r e and procedures, but it was not at the time clear-cut as to whether the demo was genuine or if anyone had actually transgressed the law.
amburg's noted Chaos Computer H Clu b recently astounded TV viewers with a live demonstration of how someone could anonymously electronically transfer funds from a bank account without use of a PIN or transaction number. The basis of the d e m o was the c l u b ' s c o n t r o l of A c t i v e X u n d e r t he M i c r o s o f t Explorer Web browser which was used to access the transaction list within the Intuit personal accounting software Quicken. Soon after the demo reassurances
M i c r o s o f t , is a p p a r e n t l y h a v i n g discussions with the Chaos Computer Club and had tried to gain access to the ActiveX control before it was r e l e a s e d on the W W W on 20
February. Microsoft's Explorer apparently has a code signing feature - - called Authenticode - - to enable users to c h e c k out the A c t i v e X control, plug-ins or Java applets, users may access. But it is still taking the demo seriously and is stepping up efforts to warn and educate users. The Company promised to launch a new p r o g r a m w hi ch will i n v o l v e an I n t e r n e t ' c h a t s i t e ' to f u r t h e r emphasize the potential and real dangers of Net security.
Roy Szweda
Hackers threaten to steal personal information using University systems E-mails are being circulated around the world using computers at the UK's Southampton University, T hreatening reports Computing. The E-mail, which originates from 'Naughty Robot', claims that the hackers have secured phone and credit card numbers, as well as the physical addresses of individuals. The group claims to "crawl into your server through a tiny hole in the World Wide Web". The hackers also claim to exploit a security weakness in HTTP. A public affairs spokesperson at Southampton University said, "This is someone from Queen's University Belfast who hacked into our archaeology section." An Internet system administrator from Southampton University said, "We know they [the Naughty Robot E-mails] came through a departmental machine at our university using a loop-hole in our old software. It did not originate from Southampton. People who do this kind of thing are a virus of a kind. They waste mine and other system administrators' time. It's the first time we think this has happened through Southampton." He also said that while it was theoretically possible for an experienced hacker to access bank accounts and other sensitive sites, when this type of message had appeared on other systems it has been a spoof.
Editor: HELEN MEYER American .Editor: CHARLES CRESSON WOOD Baseline Software, Sausalito, California~ USA Australasian Editor: BILL J. CAELLI Queensland University of Technology, Australia European Editor: KEN WONG Insight Consulting, London, UK
Correspondents: Frank R ~ S , Melbourne, Australia; John Sterlicchi, Ca fomia, USA; Paul GannOni Brussels, Belg urn.
ee special
Computer Fraud & Security March1997 © 1997 Elsevier Science Ltd