Digg this story   Add to del.icio.us  
Beware 'Brown Orifice'
Kevin Poulsen, SecurityFocus 2000-08-07

The latest in backdoor programs comes in through your web browser.

A new backdoor called "Brown Orifice" turns Netscape Navigator into a covert web server by exploiting devastating security holes in the browser's Java interpreter.
Read the File


Gray hat hacker and Silicon Valley computer consultant Dan Brumleve released the program over the weekend to demonstrate holes he discovered that allow a Java applet to listen on an network port that is accessible to the world, and to access local files.

In concert, the holes permit Brown Orifice -- an applet that launches directly from a web page without a victim even having to click 'okay,' then allows others to surf to a victim's computer and read their files. Brumleve's demonstration page politely asks visitors to specify a directory on their computer for public access, then reports every new installation to a page on Brumleve's site. The remarkable demonstration drove a spontaneous outburst of Napster-like file sharing over the weekend, with some 800 people on Windows and Unix machines briefly opening up select portions of their hard drives within the first 24 hours of release.

Less whimsically, an attacker could use Brown Orifice to covertly read anything on a victim's hard drive. A Navigator user need only visit a malicious web site to be afflicted, and the backdoor would remain open until the user exits Navigator entirely.

"This is a pretty scary bug," says the 22-year old Brumleve. "I think what I did with it is pretty cool -- it might have a lot of practical uses. The danger here is what other people might do with the same technique in the future."

Sun Microsystems crafted Java, in part, as a way for allow web-specific miniature applications, or 'applets,' that could safely run on a variety of different platforms. A rigid security model theoretically makes Java safe for surfing, because programs are forced to play in a self-contained "sandbox" where they cannot access a user's private files or reach out to the Internet. The holes exploited by Brown Orifice violate that model.
Read the File


In the fall of 1998, Brumleve uncovered a JavaScript flaw in Netscape Navigator that allowed malicious web programmers to steal users' cookies and track their recent surfing history. Netscape promptly closed the hole.

    Digg this story   Add to del.icio.us  
Comments Mode:
What ports does Brown orifice use, how can it be detected? 2000-08-08
Sean Boran (2 replies)
What ports does Brown orifice use, how can it be detected? 2000-08-08
morphon (at) yahoo (dot) com [email concealed]
What ports does Brown orifice use, how can it be detected? 2000-08-08
Henri Torgemane <henri_torgemane (at) yahoo (dot) com [email concealed]>
Re: Beware 'Brown Orifice' 2000-08-09
Lori Carrig (2 replies)
Re: Beware 'Brown Orifice' 2000-08-09
Bruce
Re: Beware 'Brown Orifice' 2000-08-11
netapi (2 replies)
IP not snatchable from IE? well sorta. 2000-08-11
henri torgemane
Re: Beware 'Brown Orifice' 2000-08-17
Orca_sniff


 

Privacy Statement
Copyright 2010, SecurityFocus