Freelance Writing Jobs | Today's Articles | Sign In

Articles
Writers
 
Browse Sections
Home Computer Security

Computer Security Weekly, June 21, 1999


Pretty.Park is a new spamming worm/virus. It spreads in much the same way as Melissa and Win32/Explore.Zip. In addition, it tries to find password and setting files on your computer, and send them to certain IRC channels.

More information can be found in the AntiViral Toolkit Pro Virus Encyclopedia.

Downloading fixes, patches, and service packs from Microsoft has always been an interesting exercise. Most of the time you must allow cookies to be set. Recently, a user trying to update Internet Explorer to avoid the Y2K bugs in it found an additional wrinkle. You must have security settings relatively low in order to even download the upgrade, let alone install it. Apparently Microsoft must be running some kind of ActiveX control during the download process.
Speaking of the which, the latest Microsoft security bulletin notes patches for two Internet Explorer bugs. One is a fairly simple stack overrun. The other is a bug dating back to IE3 which allows a hostile user to determine the presence or absence of files on the disk.
An interesting bug has been noted on RISKS, affecting Windows 9x and NT. The bug involves the use of long file names, and wildcards. It seems that when doing wildcard expansion, Windows matches both the long filename and the short system filename. This means that certain wildcard operations, such as bulk deletion, can match more names that the user means, or realizes ...
Microsoft has issued a bulletin, work around, and patch for the security hole in IIS found by eEye. However, a very large number of companies are using IIS for electronic commerce, and with example hostile apps being thrown about the net with gay abandon, a great many sites may still be unprotected and at risk. It might be a good idea to hold back on e-commerce for a little while, unless you know the site is not using the Microsoft server.
While an earlier anti-spam bill in the US Senate was considered flawed, a more recent piece of congressional legislation is receiving praise from the Coalition Against Unsolicited Consumer E-Mail. With a good national standard in place, ISPs may have the clout to do something about the problem.
mailto:rslade@vcn.bc.ca
mailto:rslade@sprint.ca
mailto:robertslade@usa.net
mailto:p1@canada.com Robert Slade's Guide to Computer Viruses, 0-387-94663-2, (800-SPRINGER)
The copyright of the article Computer Security Weekly, June 21, 1999 in Computer Security is owned by Robert Slade. Permission to republish Computer Security Weekly, June 21, 1999 in print or online must be granted by the author in writing.

Go To Page: 1

Articles in this Topic    Discussions in this Topic