Claims Microsoft security holes landed him in the dock
Published: 8 October 2003 14:33 GMT
A UK teenager accused of launching a distributed denial of service (DDoS) attack on a major US port has said a flaw in Windows allowed hackers to take control of his machine and launch the attack without his knowledge.
In his interview with the police, which was read out in court on Tuesday, Aaron Caffrey said: "My OS supports remote admin and remote assistance. At that time, the patches were not available. Anyone could control it. Windows Media Player was also unpatched."
Caffrey added: "Someone has edited those log files. just because something says something, it doesn't mean it happened. My machine was hackable. They have planted it or added to it."
On Wednesday, the trial's second day, the defence counsel for Aaron Caffrey started questioning Detective Constable Stunt, a member of the Computer Crime Squad that forensically examined Caffery's computer in January 2002, which was around three months after the Port of Houston in Texas was attacked.
Southwark Crown Court heard that it was possible for someone to take control of the defendant's computer because of critical vulnerabilities in Microsoft's Windows operating system. Stunt said that although he was not aware of any specific vulnerability, he admitted that Microsoft does have security problems. "There are thousands of [security bulletins] and Microsoft issues numerous patches on a daily basis," he said.
The court heard that police examinations of Caffrey's machine recovered log files of a chatroom conversation that recorded the exact moment the attack took place. But the defence argued that if a vulnerability exists, the log files could easily have been changed by someone who had accessed the system remotely.
The defence counsel asked Stunt if it was possible to cut some text from one log file and paste it into another log file from a remote computer. Stunt dismissed the idea: "Remotely, the answer would be no. It is impossible, the technology does not exist," he said.
The case continues.
Munir Kotadia writes for ZDNet UK
Application Support AnalystOur client is a specialised brokerage and financial technology firm that provides performance enhancing financial ...
s Service Management guidelines (ITIL) and participate and provide recommendations in process, service and system improvements.Requirements Degree in ...
IIS/Firewalls and exchange mail admin Advanced SQL database admin skills including backup/restore and performance monitoring Working knowledge of CNC ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Data Protection Strategies: Deduplication for More Efficient Backups
Dell PowerVault DL2100 Powered by CommVault - Spec Sheet
True Convergence Demands a Communication Service Provider that Embraces a Customer-Centric...
Learn how Performance Metrics for Telcomm Expense Management Drive new ROIs and SLAs
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Mark Crichard Doing business with citizen developers: Beware the legal pitfalls Legal Eye: Make sure your business is protected from potential hazards
Tim Ferguson How CIOs can achieve post-recession success Q&A: McKinsey & Company on living in the 'new normal' business world