Articles in this Topic Discussions in this Topic

Computer Security Weekly, September 27, 1999

Sep 27, 1999

Just a little more on the bug in Internet Explorer that allows you to force the execution of programs. Microsoft's new Media Player program has yet more functionality that provides for multiplayer games over the Internet. If you get an advanced account, you can even force players entering game lobbies to view Web pages with the exploit on them. Game, page, and exploit, all to the cracker crowd ...

New motherboards may have a new, advanced feature that allows someone to remotely turn on the computer via the LAN or modem port. On some it requires a special packet, on others anything that is received on the ports will trigger power on. Some will also allow shutdown via LAN messages. It won't be long before the pranksters start sending these packets out over cable modem segments ...

Floyd brought some interesting problems to light. Amtrak had to shut down train service in areas far removed from the storm, since trains for a large area were dispatched out of the US freight rail operations centre in Jacksonville, Florida. A number of years ago the RISKS-FORUM Digest noted the consolidation of 34 dispatch centres in the CSX room.

USA Today has a weather page that many people were checking for information whle the storm was in progress. At one point it was saying that:

THURSDAY: Rain is likely. The high temperature will be 577 degrees Fahrenheit (303 degrees Celsius).

In Florida, a new emergency alert system can take over from local broadcasters to provide information when local sources cannot. During the storm, the EAS triggered, interrupting the local hurricane anouncement, and then crashed, leaving viewers with nothing at all.

PLN, Indonesia's national electricity board, was recently asked by an Indonesian newspaper about its Y2K Preparedness.

The reply?

"We can observe what happens (at midnight 1999) in Western Samoa, New Zealand and Australia and still have 6 hours to make plans."

There were a number of news reports recently about a trojan horse program, hidden in a JPEG, and intended to steal ICQ users' passwords. ICQ isn't secure at the best of times, but the plain fact is that you cannot hide a program inside of a JPEG file. The truth was, of course, that the file was not a JPEG but a program, and it was only the message carrying the file as an attachment that referred to it as a JPEG file. The security loophole here is, of course, that you shouldn't just "click" on any attachment you receive, and expect your system to deal with it. Know what you are doing.

Go To Page: 1 2

The copyright of the article Computer Security Weekly, September 27, 1999 in Computer Security is owned by . Permission to republish Computer Security Weekly, September 27, 1999 in print or online must be granted by the author in writing.

Join the latest discussions

Print Article

Email Article

View All Articles

reference