Computer Security Weekly, March 1, 1999

Lauren Weinstein recently reported in the Privacy Forum Digest that a major medical centre left 18 megabytes of patient data exposed to the Web. The problem apparently occurred when the data was being made available to an outside vendor.

While this sort of thing in unfortunately common, a more disturbing aspect of the event is that the authorities seemed much more concerned about punishing the whistleblower suspected to be involved than in dealing with the problem ...

---

eBay, the online auctioneers, seem to want to have their cake and eat it too. In the wake of problems with fraud, they have stated that they cannot be held responsible since they make no attempt to verify user information. On the other hand, if you don't provide them with verifiable information, they'll terminate your account ...

---

NetBus, one of the programs that can be used to remotely take control of your machine, has recently been upgraded. A variety of trojaned programs can be used to install NetBus on your machine. Again, don't run anything unless you know where it came from. But, in the meantime, you might want to check to see if you have a Registry key:

HKEY_CURRENT_USER\NetBus Server

If you have this key in your registry, NetBus 2.0 may be running on your machine.

---

That "April Fools 2001" bug in Windows? Seems it might be just a little bit more prevalent than was initially thought. The base problem actually lies in the Visual C++ Runtime library files, and so could have propagated through and programs compiled with the affected compilers. Details

---

A denial of service attack (usually referred to as a DOS or DoS attack) generally either crashes a system or renders it otherwise temporarily unusable by tying up a resource like processing time or disk space. A couple of years ago, Gene Spafford and Simson Garfinkel pointed out that the number of processes running is a resource like any other. Sure enough, there have been recent attacks that try to connect to a computer on the Internet, but then do nothing. Each of these attempts ties up a process, and eventually the machine stops accepting legitimate new work.

---

Using McAfee NetShield on Windows NT? NetShield, when it finds an infected file, is supposed to automatically rename or remove the file, at the discretion of the user. However, unless specific permissions have been granted to the account running the program, it won't. Nor will it tell you it hasn't or can't. According to the user who noted this on NTBUGTRAQ, Network Associates has said that they don't consider this a bug, and won't be fixing it.

Go To Page: 1 2 3

Articles in this Topic    Discussions in this Topic