A UK security firm has discovered a flaw in Microsoft’s NT4 operating system which allows hackers to communicate as if they were using another PC. The error, found in the IP sequence numbering that computers use to identify themselves in networks, is one that Microsoft has made before, but failed to rectify fully.
With the release of Service Pack 4 earlier this year, Microsoft did stop hackers from predicting transmission control protocol (TCP) numbers by counting the milliseconds between messages. However, according to NTA Monitor Ltd of Rochester, UK another flaw in NT4 traffic could enable hackers to spoof a legitimate response to an NT4 traffic packet by generating no more than seven responses.
NTA Monitor alerted Microsoft to the flaw in July, but it took the Redmond, Washington company until this week to respond. In an email to NTA Monitor, Microsoft Technical Specialist /Systems Engineer Sunil Gopal called the SP4 changes an improvement and promised that the problem would be fixed by the panacea of Windows 2000. Gopal’s email is suffixed by a Microsoft slogan Enable people to do anything they want, anytime they want, anywhere they want, on any device. It appears that the latest update fulfills all those pledges, particularly for the hacking community.
