Hackers taking advantage of Netscape hole



Front Page
Local
Sports
	Bengals
	Reds
	Bearcats
	Xavier
Business
Health
Technology
Weather
Traffic
Back Issues
Photographs
AP Wire
	World
	Nation
	Sports
	Business
	Arts
	Health

Jobs
Autos
General
Obits
Homes

Movies
Dining
Calendars
Weekend

Columns
Borgman

HelpDesk
Feedback
Circulation
Subscribe
Phone #'s
Search

E N Q U I R E R L O C A L N E W S C O V E R A G E

Tuesday, August 08, 2000
Hackers taking advantage of Netscape hole

By D. Ian Hopper
The Associated Press
WASHINGTON — Security experts were warning Internet users Monday about a security hole in Netscape's Web browser that has already infected almost 1,000 computers.
Once a computer is infected, a hacker can click through the victim's computer and see, run and delete files on the target computer. The method, dubbed “Brown Orifice” in a reference to the popular hacker tool BackOrifice, has been making the rounds of computer security mailing lists and bulletin boards over the weekend.
Netscape has not yet made a remedy available but is working on the problem.
“Netscape takes all security issues very seriously,” said Netscape spokesman Andrew Weinstein. “We're working to quickly evaluate and address this concern.”
The person who posted the code, who identified himself as Dan Brumleve, also posted a sample bit of computer code on his Web site that can be modified for more malicious purposes and a list of some of the users who have been infected.
This list is being used by other hackers, said computer security expert Chris Rouland of Internet Security Systems, making those infected computers open to anyone who wants to click through their wide-open hard drives.
“As of (Monday) morning,” Mr. Rouland said, “965 people have it loaded.”
It's common practice to make dangerous code public, so that security professionals can better prepare themselves to defend against the code.
But there is still no remedy available from Netscape. Atlanta-based ISS, which analyzed the security hole, advises Netscape users to disable the Java programming language in their browser. Netscape suggested the same workaround.
Both ISS and Netscape officials noted that business users, because they're protected by the company's network firewall, are not vulnerable.

'Safe Place' aims to save infants
Festival controversy continues
Robbery suspect hails taxi, fails getaway
Jewish leaders say Lieberman optimistic choice
Tristate calls pick 'inspired'
Weekend parties serve conversation
Hackers taking advantage of Netscape hole
Butler Co.'s $35M+ jail project on track
CPS mulls levy request amount
More than money needed for tower
Reading program pays off
Snowden opponent quits post on panel
Survey finds support for CPS
Taxpayers kick in $250,000 for art at Bengals' stadium
Lazio taps Cincinnati funds for campaign
Man faces murder charge
Money will be returned to city
Scootering through summer
Six up for police top job
Teachers tapped for awards
Grants help buy police vests
Hidden weapon lawsuit revised
Mother wins Kenton Co. lawsuit
School bells ring for early start
Clooney's TV work victim of his success
Counting Crows, Live mesh well
Fort Wright loses power after crash
Get to it
Pig Parade: I Squeal. You Squeal. We All Squeal for Ice Cream.
Tristate digest