Articles in this Topic Discussions in this Topic

Computer Security Weekly, September 13, 1999

Sep 13, 1999

Lots and *lots* to pass along this week ...

In the AOL vs Microsoft Instant Messaging fight, AOL seems to have done a rather foolish thing. This idea is to get the AOL client to send back a quickly updatable response. AOL has chosen to do this via a buffer overflow means. At one point the client calls for a request from the server. The server sends back the response--but it also sends back a little more data. This data overflows the space allowed by the response, and flows into a space that gets passed to the processor for execution. This means that AOL can send short programs to your computer, and they get executed.

While this may be a smart trick in the AOL vs MS fight, it has all kinds of nasty implications for users. AOL is still denying that a buffer overflow bug is involved, probably on the basis that it is not a bug if they chose to put it there. There is, however, no saying that the additional code will work perfectly on all systems, nor that someone could not find a way to use this with ill intent.

(Microsoft has also tried to use this information in the ongoing fight. A spoofed message was sent to Richard Smith detailing something about the bug. The spoofer wasn't very adept, and it was relatively simple to trace it back to Microsoft.)

More information can be found at:

http://www.ozemail.com.au/~geoffch/secur... http://www.ozemail.com.au/~geoffch/secur...

Java security is rather complex, but for most people the important aspect is the applet model that makes network based programs run in a security "sandbox." Microsoft, of course, already has its own problems with Java, but now they've got one more. The Microsoft version has a hole in its sandbox. You can download a patch to fix it from:

http://download.microsoft.com/download/j...

That's only a 6.3 MB download. Prior to that you had to download a rather larger chunk of code. Microsoft's own version of the bug can be had at:

http://www.microsoft.com/Security/Bullet...

You've probably heard something of the new "Thursday" virus. This is a plain old MS Word macro virus, but it has been getting a lot of press, possibly due to the prevalence in financial institutions. The biggest news about it is that it will attempt to delete all files on the C: drive on December 13th. Remember, avoid Word documents if you can, and, if you can't, use the WordViewer program to view those that come to you. Most virus scanners should have an update for it by now.

Go To Page: 1 2 3 4

The copyright of the article Computer Security Weekly, September 13, 1999 in Computer Security is owned by . Permission to republish Computer Security Weekly, September 13, 1999 in print or online must be granted by the author in writing.

Join the latest discussions

Print Article

Email Article

View All Articles

reference