Rather than trying to get a password, many hackers take the alternative (but not always reliable) route of trying to exploit a flaw in the operating system or application server, thus bypassing the target computer's security altogether. Exploits (called 'sploits among hackers) that use software flaws are especially popular with novice hackers, called script kiddies, because they can use them to sneak into a system without knowing much about the system they're breaking into. In fact, script kiddies are often more dangerous than more technically skilled hackers because a script kiddie may damage or delete files through sheer clumsiness, while a more technically sophisticated hacker would know how to avoid causing accidental damage (although he would know how to do even more serious damage if he wanted).

Buffer overflows

Perhaps the most common flaw in many operating systems and in server software is the buffer overflow, which occurs when you feed a program too much data, or sometimes a type of data that the program isn't expecting. In many cases, overflowing a computer with data simply crashes it.

While crashing a computer might be fun for some people, buffer overflows have a potentially dangerous flaw. If a hacker floods a target computer with too much data along with a program, the overload of data tricks the computer into running the program, which can tell the computer to open a port, wipe out files, or give the hacker access to parts of the computer that only an administrator should be allowed to modify.

To see how prevalent buffer overflow vulnerabilities are in a variety of programs, including ICQ, Microsoft Internet Information Server (IIS), WS-FTP, Macromedia Flash, HP Tru64 UNIX, and AOL Instant Messenger, visit the CERT Coordination Center ( and search for "buffer overflows" as shown in Figure 12-6.

Click To expand Figure 12-6: An ever-growing list of known buffer overflow vulnerabilities.

Hidden back doors

When creating software, programmers often create back door or default accounts and passwords to test their software, so they can bypass the login process and quickly access and test other portions of the program. Before the company ships the finished program, the programmers need to remove any back door accounts and passwords, but inevitably they forget a few, which leaves a back door open to any hacker who can find it.

When Red Hat shipped its Linux Virtual Server (LVS) software (nicknamed "Piranha"), the developers inadvertently left in an undocumented backdoor account with the username set to "piranha" and a password set to "q", giving anyone who knew of this exploit access to servers running on Red Hat's LVS.

The piranha problem highlights the double-edged nature of open source software, such as Linux. While revealing the source code can help strengthen its security by allowing others to study the program, it also allows hackers the chance to find flaws they might not otherwise have been able to discover and exploit.

Default settings

Many programs, such as operating systems or webserver software, come packed with plenty of built-in security. The only problem is that when you install the software, it fails to install any of its security features unless you specifically tell it to do so. Since most people rarely customize the installation of their software, it's possible and common for someone to install a perfectly secure program with all the security features turned off.

If you're using Windows XP, you may not realize that it comes with a built-in Internet firewall to protect your computer from unauthorized access over the Internet. Unfortunately, many manufacturers install Windows XP with the firewall turned off, because it can interfere with someone's Internet connection if they don't realize that the firewall is turned on.

To turn on (or off) the Windows XP firewall, follow these steps:

  1. Click the Start button and click Control Panel.

  2. Click Network and Internet Connections.

  3. Click Network Connections.

  4. Click the Local Area Connection icon.

  5. Click Change Settings of This Connection, which appears in the left side of the Network Connections window. A Local Area Connection dialog box is displayed.

  6. Click the Advanced tab.

  7. Click in the "Protect my computer and network by limiting or preventing access to this computer from the Internet check box." (If the check box already has a check mark in it, the firewall is already turned on.)

  8. Click OK.

  9. Click the close box of the Network Connections window.

Finding more software exploits

Every program has flaws, and someone discovers a new one practically every day, so website administrators spend much of their time just keeping up with the latest information and installing the latest patches. Inevitably, some administrators won't hear about a particular patch, which means that a commonly known exploit can often be found in computers years after the vulnerability has been discovered. Sometimes installing a patch to fix one flaw accidentally creates and opens up another flaw, which means installing another patch again in the future.

To exploit these flaws, hackers create tools that allow anyone to probe a computer and test for commonly known flaws, which is how novices (script kiddies) can access a computer without even understanding what they're doing.

To read about the latest security exploits for Windows, visit Microsoft's Security & Privacy site ( and download patches, or read bulletins describing just how insecure your Windows network may really be.

To stay up to date with the latest security breaches in products as diverse as Windows 2000, Linux, ColdFusion, Solaris, FreeBSD, and Unix, visit these sites:

Security Administrator


Packet Storm


Linux Security