Census contract keeps numbers crunching

Feds heard warnings from hackers last weekend in Las Vegas during Def Con

8, which featured workshops on exploitable vulnerabilities, defense strategies

and the latest tools for the security community.

One of Def Con's most anticipated events was the annual presentation by

the Cult of the Dead Cow. The group released the Back Orifice hacking tool

at Def Con in 1998 and announced an updated version of the Trojan horse

program that targets Microsoft Corp. Windows NT systems at last year's conference.

The group's tools could be used to attack or defend networks.

This year, members of the group offered information on a type of denial-of-service

attack that can disable NetBIOS services on Windows machines. NetBIOS is

a commonly used network protocol for PC local-area networks.

A member of the Cult of the Dead Cow known as Sir Dystic developed a tool

called NBName that he said can exploit the NetBIOS hole by rejecting all

name-registration requests received by servers on TCP/IP networks.

NBName can disable entire LANS and prevent machines from rejoining them,

according to Sir Dystic, who said nodes infected by the tool will think

that their names already are being used by other machines. "It should be

impossible for everyone to figure out what is going on," he added.

However, Microsoft Corp. last week posted an advisory on its Web site saying

that the company is aware of the potential NetBIOS vulnerability. The company

said a patch addressing the problem on Windows 2000 systems can be downloaded

now, while others for the various versions of Windows NT 4.0 are due to

be released "shortly."

Microsoft added that external attacks shouldn't be possible "if normal security

practices have been followed" by organizations.

Distributed by IDG News Service.