Articles
Writers

Computer Security Weekly, August 30, 1999


© Robert Slade

Aug 30, 1999


Microsoft finally seems to have settled on a patch for the Office 97/Jet/ODBC bug. More (MUCH more) information can be obtained at:
However, please note that the bug does not seem to be confined to Office 97. A very similar, if not identical, security problem has been noted in Office 2000 with Jet 4.
You may have heard some reports of the new Toadie virus this week. While vicious--it attempts to corrupt the CMOS table and flash boot ROMs--it doesn't appear to be particularly successful. It attempts to use IRC and the Pegasus mailer to spread, but then it also tries to do a number of other things, without universal success. Those who use Pegasus as a mailer are probably less likely that Outlook users to run programs they know nothing about, and Pegasus doesn't make such activity quite as easy.

No, the reason that you might have heard about Toadie is that the author, like the author of Melissa, has been boasting about his (rather dubious) accomplishment. As I have always said, the drive to write viruses seems to be very much akin to the drive to write messages on bathroom walls.

The input and output controls that run the keyboard and mouse drivers in Windows NT don't require that the calling program have high security privileges. A minimal permission program can use legitimate calls to disable the mouse and keyboard, after which the machine would need to be rebooted to restore normal service.

Patch #1 and Patch #2

For more information, see the Microsoft Security Bulletin

I'm still not sure why we have heard so little about the UCITA (Uniform Computer Information Transactions Act), especially given the enormous ramifications if it should pass. (Of course, there are some who say that so egregious a piece of legislation would immediately be challenged and fail, on constitutional grounds.) In any case, a rather interesting take on it appears in the Linux Journal, stating that using Linux is not only a good way to avoid the problem of heavily restrictive user licenses, but also gives one in the eye to large software corporations who are backing the UCITA.
mailto:rslade@vcn.bc.ca
mailto:rslade@sprint.ca
mailto:robertslade@usa.net
mailto:p1@canada.com Robert Slade's Guide to Computer Viruses, 0-387-94663-2, (800-SPRINGER)

Go To Page: 1


The copyright of the article Computer Security Weekly, August 30, 1999 in Computer Security is owned by . Permission to republish Computer Security Weekly, August 30, 1999 in print or online must be granted by the author in writing.

Post this Article to facebook Add this Article to del.icio.us! Digg this Article furl this Article Add this Article to Reddit Add this Article to Technorati Add this Article to Newsvine Add this Article to Windows Live Add this Article to Yahoo Add this Article to StumbleUpon Add this Article to BlinkLists Add this Article to Spurl Add this Article to Google Add this Article to Ask Add this Article to Squidoo




about us Limelight Blog freelance writing jobs careers press room Site Map Terms & Conditions Privacy Policy