Feeds

Weenie jibe in FrontPage leaves MS web servers wide open

Unauthorised, employee-written back doors - whatever will they think of next?

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Web servers running Microsoft Internet Information Server with FrontPage 98 extensions have a built-in back door, thanks to some code with abusive comments about Netscape that was inserted in the software by a Microsoft coder. Microsoft has acknowledged that the code can act as a back door password, making it a lot easier for hackers to gain unauthorised access. The code, in dvwssr.dll, is commented "Netscape engineers are weenies!" But considering the consequences of its discovery, that probably makes Microsoft engineers suicidal bozos. According to a story in today's Wall Street Journal, Microsoft acknowledges the existence of the hole and intends to issue an email bulletin and security alert, but at time of writing the company appeared not to have done so. It seems to be possible to fix the hole by simply deleting dvwssr.dll, but the delay in publishing the alert perhaps suggests that the code isn't entirely pointless. If it turns out to be, maybe Microsoft could publish us a list of any other useless DLLs it ships... Microsoft does, however, seem to be taking the issue seriously, and views the unauthorised insertion of the code as a sacking offence. But the fact that the offence was committed in the first place will raise further questions about the security of Microsoft's Web offerings, and make it even more difficult for the company to get sites to use them. You wait hours for a massive PR own-goal, then two come along on the same day... According to the WSJ, the hole was identified by security consultant 'Rain Forest Puppy' who was tipped off about it by a European employee of e-commerce software outfit ClientLogic Corp. Mr Puppy, who's been prominent in the exposure of previous IIS security problems, has emailed Microsoft warning that the hole could "improve a hacker's experience". The problem isn't there in Win2k servers with FrontPage 2000 extensions, so an upgrade might be a good idea. But not necessarily to Win2k. ®

New hybrid storage solutions

More from The Register

next story
Quit drooling, fanbois - haven't you SEEN what the iPhone 6 costs?
How keen will buyers be when exposed to the real price?
Ex-Autonomy execs: HP's latest wad blows apart fraud allegations
Top bods claim IT titan's latest court filing is smoking gun of 'reckless aggression'
Forget silly privacy worries - help biometrics firms make MILLIONS
Beancounter reckons dabs-scanning tech is the next big moneypit
Elon Musk says Tesla's stock price is too high ... welp, NOT ANY MORE
As Nevada throws the SpaceX supremo a $1.25bn bone
Microsoft's Office Delve wants work to be more like being on Facebook
Office Graph, social features for Office 365 going public
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.