Serious NT bug emerges news.com 
Meanwhile, another timeless headline on a different topic. At least this one doesn't seem to be leaving any warships dead in the water.
flaw in Microsoft's Windows NT operating system allows an ordinary network user, and possibly anyone with Internet access, to impersonate a system administrator.
Armed with knowledge of how to exploit this flaw, anyone on a
Windows NT client on an NT network can gain the power to switch other users' passwords, add new addresses, change access rights to confidential network areas, and generally run the network in the same manner as an administrator, according to Mark Edwards, a private security consultant and principal behind the NT Security and NT Shop Web pages.
Better watch out with those web site names. Sounds like a profound violation of somebody's sacred intellectual property rights.
"It's a pretty big problem," he said. "Even though it's a local attack, it's probably one of the top five or six bugs [for Windows NT]."
Now, for a concise explanation:
The bug consists of code written by programmers.
As opposed to your normal "known issue", I guess.
Prasad Dabak, Sandeep Phadke, and Milind Borate, three programmers from India, discovered the flaw late last year. Edwards recently verified the existence of the flaw. The bug is similar to another NT glitch discovered last year, he added.
The trio are in the midst of publishing a book tentatively titled "Undocumented Windows NT," a guide to undocumented API (application program interface) calls.
Hope they got good lawyers, lest anybody forget the history of the web site formerly known as ntinternals.com. What they're doing is unconstitutional! No fair!
Cheers, Dan. |
