Home page logo

isn logo Information Security News mailing list archives

Beware That Company Box You Took
From: InfoSec News <isn () c4i org>
Date: Wed, 5 Sep 2001 01:14:43 -0500 (CDT)


By Michelle Delio 
2:00 a.m. Sep. 4, 2001 PDT  
Dead dot-coms are still alive in some ex-employees' computers. But
these haunted hard drives harbor huge security holes instead of

Inexperienced home users running corporate-configured computers are a
security disaster just waiting to happen, said Christopher Budd, a
manager at Microsoft's Security Response Center.

Many who worked for now-defunct businesses inherited or appropriated
the computers they had been using at the office. These computers are
typically configured for use on a corporate network protected by
skilled system administrators, firewalls and other industrial-strength
security measures.

When removed from their network, taken home and hooked up to a modem,
the computers are immediately transformed into easy targets for
malicious hackers.

And it's not just the recently fired who are running these highly
vulnerable machines. Bargain hunters are also at risk, said Jack
Danahy, manager of the Server Security Division at WatchGuard

"Take a look at how many powerful machines are suddenly for sale cheap
at places like eBay. There are kabillions of these machines, and I'd
guess that many come from closed-down businesses and haven't been
reconfigured," Danahy said. "Chances are good that the systems
administrator was fired before the accountant, and nobody was left to
clean up these machines before they got sold for 10 cents on the

Kerry Rondell took her laptop home when the Web design company she
worked for suddenly went out of business in July. Employees were
allowed to take computers and other office equipment in lieu of
severance pay.

Rondell said that after a week or so, her computer began "acting
funny." Shortly after, she started getting e-mails warning her that
her machine, which runs Windows 2000, was infected with the Code Red
II worm.

"I didn't know what to do so I took the computer to a repair shop,"
Rondell said. "They told me yes, my machine was infected with that
Code (Red) worm, and it was also infested with programs that could let
hackers look at whatever is on my computer. My whole life is on that
machine. I feel like I've been raped."

Microsoft's Windows 2000 and NT are the operating systems of choice
for many networked business computers, but some security experts say
that these systems are not the best choice for unskilled users.

"I don't think NT/2000 is suitable for the average home user," said
Robin Keir, chief software engineer of security firm Foundstone. "Many
of these people can barely use AOL, so they don't stand a chance
trying to configure their network protocols and security settings."

Microsoft's Budd said Windows 2000 and NT operating systems are quite
secure, but he is worried about people running machines that were
configured for use on corporate networks.

"Microsoft Windows 2000 and NT are proven secure platforms that are
used successfully by millions of customers," Budd said. "In this case,
though, people are using configurations that they've inherited from
the previous owners. This is never a good idea and has the potential
to lead to disaster."

One of Windows 2000/NT's major selling points is that the systems
allow knowledgeable users to configure the system to suit their
individual requirements, Budd said.

"But clearly, settings that are appropriate for an enterprise will not
be appropriate for home use," Budd said. "This may lead to a number of
problems, including security issues."

Marquis Grove of Security News Portal thinks that the "more earnest"
users will make the effort to reconfigure their machines for home use
and will also perform other essential chores such as regularly
patching their software and updating antiviral applications.

But Grove believes that many of these "fully loaded" machines are now
owned by people who have always relied on a systems administrator to
secure and maintain their machines.

"Most of them are totally unaware that computers can't just be turned
on and left to their own devices," Grove said.

Jerome DelVicchio, an accountant for a defunct pet supplies e-commerce
site, said that he and other employees were allowed to take their
"wonderfully powerful" laptops with them when the company closed.

"Some of us keep in touch, and we all started to notice our machines
were acting oddly - they were really sluggish, the screensavers or
other settings would sometimes spontaneously change, and sometimes the
disk drive light would be flickering when we weren't doing anything on
the computer," DelVicchio said.

"So I got ahold of our old systems guy, who was horrified that we were
running network machines without changing the security settings to
suit non-networked computers. He said it was like having unprotected
sex with 100 hookers - you're bound to get infected with something."

DelVicchio's ex-system administrator, who did not want to be
identified, said in an e-mail, "These idiots are running machines that
were specifically configured to make it very easy for them to share
information with each other across the network. And most of them have
high-speed Internet connections, but they didn't bother to install a
basic firewall application.

"I told them all this when the office closed, but they always thought
I was paranoid. So now they are for all intents and purposes happily
sharing whatever it is on their computers with the entire Internet.
Way to go, guys."

There are no statistics on how many corporate machines have made their
way to non-corporate use, but many security experts thought that a
significant number have recently moved from business to home machines.
And security watchdog CERT issued an alert in July, warning of the
"significant increase" in security compromises of home computers.

Budd's advice to those who "choose to operate inherited software" is
to start from the very beginning.

"They should perform a new installation of the software from scratch
and configure it appropriately using the tools and checklists
available on Microsoft's website," Budd said. "This process of
customizing software to operate securely in a new environment is

That's a good plan, assuming you have access to the software disks. If
not, the best thing to do is to scan the computer with Microsoft's new
MPSA security tool and apply the suggested fixes and patches. The tool
only works with Windows 2000 and NT operating systems.

Radsoft, a company that makes security tools and other software, has
posted a safe-computing checklist on its site to aid the overwhelmed.

And all users, especially those with cable and DSL connections, should
run personal firewall software and an antiviral utility, Grove said.

"Running a home computer without these two essential programs is like
trying to drive a car that is not equipped with brakes or a horn,"
Grove said. "You can't stop and you can't warn others."

ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.

  By Date           By Thread  

Current thread:
  • Beware That Company Box You Took InfoSec News (Sep 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]