Back Orifice, the Windows administration tool written by the Cult of the Dead Cow (CI No 3464), apparently impressed hackers gathered for Def Con VI in Las Vegas on the weekend. CDC’s software also caught out your ComputerWire correspondent, who, in the name of research, downloaded and inadvertantly installed the Trojan Horse server application onto a company PC. A couple of frantic emails later, the rogue tool was finally squelched. Thanks to this adventure, we can confirm most of CDC’s claims for Back Orifice. The software really can install, run and delete programs and files on remote machines. Back Orifice poses a genuine threat to the security of Windows networks, but as hackers point out, it only does so by exploiting long-standing vulnerabilities in the operating system. This application is something that has needed to be written and released to the public for a long time, says computer security consultant at Def Con speaker Pete Shipley, it finally forces people to pay attention to the security flaws in Windows 95.
