Minor Web security threat surfaces

Microsoft Corp. has acknowledged a minor threat posed by a "backdoor" password

in server software that could be exploited to gain access to World Wide

Web pages.

Engineers had written a backdoor into some of the company's Internet software

containing a password phrase that calls rival Netscape Communication Corp.

"weenies."

The threat, uncovered by two security experts, is not as serious as it seemed

when it first was identified last week. Initially, it had seemed that the

backdoor could be used by hackers to access Web site management files, but

it turns out that there are many caveats.

It was thought that any Web site using Microsoft FrontPage 98 extensions

was vulnerable, but instead, the backdoor is a problem for Web sites that

installed anything from the 4.0 option kit for the Microsoft NT 4.0 server

software. The backdoor isn't an issue for sites that use Windows 98 or Windows

2000, nor is it an issue for sites that installed software straight from

the Windows NT 4.0 CD-ROM.

Moreover, it affects only those sites that use Microsoft's Visual InterDev

1.0. That application, which is now in Release 7.0, is used to link information

from Web sites that use Microsoft's Active Server Pages.

Also, the backdoor can be exploited only by users who have Web-authoring

permission at a particular Web site. Such users could manipulate an ASP

(those containing the ".asp" extension), but because they need a valid user

name and password for Web-authoring access, their actions could be tracked.

Customers can eliminate the threat by deleting the computer file "dvwssr.dll"

from the affected software. That's the file that contains the backdoor "weenie"

code.

— Story copyright 2000 IDG News Service. All rights reserved.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.