ICQ has fixed, in build 1701, the previous bug that allowed people to look at files on your computer. However, the new version does still allow others to check for specific files on your computer, which information can be used to formulate other attacks. Information about the previous bug is
here and the new build is
here.
DejaNews has announced that they will no longer be monitoring clickthroughs from their site.
Computerworld Story and
Wired Digital's
Georgi Guniski's tireless browser prodding has turned up
another bug that allows hostile
JavaScript applets to read your cache, including information on forms. Interestingly, the same bug makes
IE 5 grab 100% of the CPU, and hangs the browser.
Intel has said that its embedded serial number is hidden, and can only be turned on by the user. Someone at
Zero-Knowledge Systems found that it could be turned on without the user's knowledge, and posted a demonstration program to show how.
Intel sent the program to the
Norton Antivirus people, claiming it was a trojan program. Stay tuned for more silliness on "
As the Code Churns."
All kinds of shenanigans are roiling around the decision to end
Network Solutions' monopoly on domain name registrations. Perhaps the silliest is a
lawsuit against NSI for its policy of not registering "dirty words" domains.
Network Associates VirusScan NT 4.0.2 does not properly update virus signature definition files under certain conditions, and will falsely report it is up to date during manual updates, reports the
Nomad group.
Serbo-spam is coming thick and fast. Lots are being sent to private citizens, presumably from purchased spam address lists, but
news media seem to be particularly targeted.
A couple more security bugs have surfaced in
IE 5, allowing users of shared computers to track where others have surfed, and to get onto password protected sites.
ZDNet stories
one,
two and
three!
Adi Shamir (the "S" in "RSA") has published a design for an
optical computer for cracking encryption with keys up to 512 bits in length. While many things are promised for the machine, named "TWINKLE," the major consideration is that it has yet to be built.
mailto:rslade@vcn.bc.ca
mailto:rslade@sprint.ca
mailto:robertslade@usa.net
mailto:p1@canada.com
Robert Slade's Guide to Computer Viruses, 0-387-94663-2, (800-SPRINGER)