Computer Security Weekly, May 10, 1999


© Robert Slade
Articles in this Topic    Discussions in this Topic

May 10, 1999


ICQ has fixed, in build 1701, the previous bug that allowed people to look at files on your computer. However, the new version does still allow others to check for specific files on your computer, which information can be used to formulate other attacks. Information about the previous bug is here and the new build is here.
DejaNews has announced that they will no longer be monitoring clickthroughs from their site. Computerworld Story and Wired Digital's
Georgi Guniski's tireless browser prodding has turned up another bug that allows hostile JavaScript applets to read your cache, including information on forms. Interestingly, the same bug makes IE 5 grab 100% of the CPU, and hangs the browser.
Intel has said that its embedded serial number is hidden, and can only be turned on by the user. Someone at Zero-Knowledge Systems found that it could be turned on without the user's knowledge, and posted a demonstration program to show how. Intel sent the program to the Norton Antivirus people, claiming it was a trojan program. Stay tuned for more silliness on "As the Code Churns."
All kinds of shenanigans are roiling around the decision to end Network Solutions' monopoly on domain name registrations. Perhaps the silliest is a lawsuit against NSI for its policy of not registering "dirty words" domains.
Network Associates VirusScan NT 4.0.2 does not properly update virus signature definition files under certain conditions, and will falsely report it is up to date during manual updates, reports the Nomad group.
Serbo-spam is coming thick and fast. Lots are being sent to private citizens, presumably from purchased spam address lists, but news media seem to be particularly targeted.
A couple more security bugs have surfaced in IE 5, allowing users of shared computers to track where others have surfed, and to get onto password protected sites.

ZDNet stories one, two and three!
Adi Shamir (the "S" in "RSA") has published a design for an optical computer for cracking encryption with keys up to 512 bits in length. While many things are promised for the machine, named "TWINKLE," the major consideration is that it has yet to be built.
mailto:rslade@vcn.bc.ca
mailto:rslade@sprint.ca
mailto:robertslade@usa.net
mailto:p1@canada.com Robert Slade's Guide to Computer Viruses, 0-387-94663-2, (800-SPRINGER)

Go To Page: 1


Post this Article to facebook Add this Article to del.icio.us! Digg this Article furl this Article Add this Article to Reddit Add this Article to Technorati Add this Article to Newsvine Add this Article to Windows Live Add this Article to Yahoo Add this Article to StumbleUpon Add this Article to BlinkLists Add this Article to Spurl Add this Article to Google Add this Article to Ask Add this Article to Squidoo
Start a discussion for Computer Security Weekly, May 10, 1999 Join the latest discussions
Print Article Print Article
Email Article Email Article
View All Articles View All Articles