Brown Orifice: Netscape Security hole information

Hits:20

What is Brown Orifice?
 
Brown Orifice named after the infamous Black Orifice hacker tool uses a java security hole in Netscape's browser to turn your computer into a server on the Internet. The problem with this is it allows hackers into your system. The software written by Dan Brumleve uses a java security hole to allow Java to open a server which can be accessed by arbitrary clients. The second security breach allows Java to access arbitrary URLs, including local files. In other words, it turns your Netscape Web browser into a Web server that can serve up your entire file system to any other Web browser. This makes it possible to build a Web page that can turn a Netscape 4.7 or earlier browser into a Web server, letting anyone browse and download files on the system. 
 
The Brown Orifice web site even shows a list of IP addresses and computers that have been infected by it.
 
How Can I Protect Myself from Brown Orifice?
 
As of August 8th, 2000, there is no security patch from Netscape to prevent this invasion. However you can disable Java in your Netscape browser to stop it. Follow these simple steps for disabling Java in Netscape.
 
 1) Open Netscape, Click on Edit
 2) Click on Preferences
 3) Click on Advanced
 4) Uncheck the Enable Java box
 5) Since other worms and viruses travel through Javascript, you may also want to uncheck the Enable Javascript box as well
 
For more Information on the Netscape security hole, visit the following site:
 
ZDNET Brown Orifice Info
 
Another way to protect yourself is by installing a firewall security product. According to one hacker, ZoneAlarm displays the quite prophetic warning "Do you want Netscape Application File to act as a server?" when BOHTTPD is attempting to initialize.