Computer Security Weekly, September 13, 1999

This is not because UNIX machines can't handle DDNS, but because W2K systems seem to demand to be the top dog root servers for any network: but then can't handle the load.

http://www.zdnet.com/pcweek/stories/news... http://slashdot.org/article.pl?sid=99/08...

---

Oh, the Richard Smith mentioned above? He's quite a collector of security loopholes. He has put together a page of some of the ways that bad guys can use Microsoft's ActiveX (COM and DCOM) controls and Outlook to do things on your machine.

http://www.tiac.net/users/smiths/acctroj... http://www.wired.com/news/print_version/...

---

The US government (see above) had mandated that encryption in exported products had to be limited to 40 bit keys. Now Netscape has provided an upgrade patch that will boost international versions of the browser to full 128 bit strength. In comparison to Microsoft's Java hole (see above), this weigh's in at a mere 36K. However, in comparison to the RSA-155 challenge (see above), 128 bit keys are still pretty weak. (40 bit keys, of course, are a joke.)

http://www.internetnews.com/prod-news/ar... http://cgi.netscape.com/cgi-bin/su/intro... http://www.tbtf.com/archive/1998-03-02.h... http://www.fortify.net/

---

A new and somewhat oddball trojan. This one is called Boobs, and so far has been spreading as a file called BOOBS.EXE, although that could change. If you run the program, it displays a picture of a nude woman. If you click a button on the window, the graphic will animate. However, it will also create a log file of all the .DOC files on your computer. On subsequent execution, the program will (with its own inbuilt SMTP programming) send all those files to an email address in South Africa.

Like all trojans, the program does not replicate. However, it has been spreading by people passing it along to friends. Don't. You can check for the presence of files called BOOBS.EXE or WSTMP.$$$.

---

Online gambling carries a number of risks. Here's one more you may not have thought about.

Many casinos do not program their own games, relying on pre-packaged software from other vendors. At least one of these games, a version of poker used by at least four independent casinos, has been shown to have a security flaw. The random number generator for the "deck" can be determined. (It's not very random.) This means that a player can predict what cards are dealt to each player, and what cards remain in the deck, and in what order. A bit of an advantage, one surmises. The group verified their results in demo games at the casinos identified as using the game, and were able to predict and effect the outcome

Go To Page: 1 2 3 4

Articles in this Topic    Discussions in this Topic