Articles in this Topic Discussions in this Topic

Computer Security Weekly, August 16, 1999

Aug 16, 1999

You've probably heard about the new VBS.Monopoly virus. A number of reports have been generated in the media, and it is getting a fair amount of ink. Probably more than it deserves. Although many people are touting it as the next Melissa, the virus is fairly limited. Relying on Visual Basic Script, it is restricted to Outlook and other Microsoft clients. At present, the samples examined seem to have been isolated, rather than major outbreaks.

Additional Information: http://vil.nai.com/vil/vbs10234.asp http://www.uk.sophos.com/downloads/ide/m...

The Office 97/Jet/ODBC security bug continues to unfold--very slowly. Microsoft is still witholding details. Microsoft did announce a patch, but then withdrew it. Another one should be out this week.

http://officeupdate.microsoft.com/ http://www.microsoft.com/security http://www.microsoft.com/security/Issues...

Others besides Microsoft, however, have already come up with other patches.

Windows NT Terminal Server is apparently subject to a denial of service attack. A flood of requests can fill computer memory to the point that no new connections can be established. Occasionally the server can be made to crash.

The Microsoft bulletin describing this issue is available at http://www.microsoft.com/security/bullet... - Microsoft Security Bulletin MS99-028: Frequently Asked Questions,
http://www.microsoft.com/security/bullet... - Microsoft Knowledge Base (KB) article Q238600,
Multiple Connection Requests Promote Denial of Service Attack,
http://support.microsoft.com/support/kb/...

Auditing is a major part of security. Windows NT has a series of auditting files known as event logs. It has now been found that the logs work in very odd ways. There is a setting that allows you to specify that the security log (for example) will not be overwritten. One would assume that this setting should be chosen for high security environments, so that security information will not be lost. Unfortunately, it has been found that, if this setting is chosen, logging will proceed until the log has filled its quota--and then it will stop. There is no notification. Users who select this setting may find that, unless the log is cleared manually on a regular basis, security logging may be effectively disabled by a full log that may be months or years old.

mailto:rslade@vcn.bc.ca
mailto:rslade@sprint.ca
mailto:robertslade@usa.net
mailto:p1@canada.com

http://victoria.tc.ca/techrev/rms.htm

http://sun.soci.niu.edu/~rslade/rms.htm

http://www97.pair.com/robslade/

Robert Slade's Guide to Computer Viruses, 0-387-94663-2, (800-SPRINGER)

Go To Page: 1

The copyright of the article Computer Security Weekly, August 16, 1999 in Computer Security is owned by . Permission to republish Computer Security Weekly, August 16, 1999 in print or online must be granted by the author in writing.

Join the latest discussions

Email Article

View All Articles

reference