Articles
Writers

Computer Security Weekly, November 15, 1999


© Robert Slade

Nov 15, 1999


Yet another Outlook vulnerability has been found with regard to attachments. Full details have not been made available, but the threat seems to stem from a complex interaction between the ability of Outlook to launch certain types of applications without user intervention, CAB files, the location of temporary files, and ActiveX. A quick fix, as usual, is to disable all forms of active scripting.

An additional complication is that Outlook uses the "trusted zones" set up in Internet Explorer. If the Internet Zone has been set to trusted, attachment attacks are very easy. You can change email to run in the untrusted zone, which protects against a number of the threats listed in this column.

More Information here

BubbleBoy is the latest hot "virus," but is, again, yet another Outlook vulnerability. The only people at risk are those with Windows 98 (or Windows 95 with WSH installed), Internet Explorer 5, and the relevant version of Outlook, or Outlook Express. BubbleBoy uses Visual Basic Script language and the new Windows Script Host. What has everyone so exercised is the fact that, if you are using the Microsoft products listed, the virus does not need to be executed by the user in the normal sense. The only real mystery is why it took so long and why people are so surprised that it has finally appeared. Researcher Padget Peterson, the developer of DISKSECURE and MACROLIST predicted this type of virus at least a year and a half ago, as soon as the new architecture for Windows 98 and Outlook was available. A quick fix to avoid the automatic invocation would be to set the Internet Zone security to High.

McAfee Information
DataFellows Information
Symantec Information

Another trojan for those who have to have the very latest software. Someone has been posting copies of what purports to be ICQ 2000. The trojan actually has a worm aspect to it. When it runs, it appears to have hung on your desktop, but continues to run and to advertise itself to ICQ users as ICQ 2000--available for download from your machine. Further details about payload are not available at this time, although it is possible that this was a test run to see if the concept works, before the real version is released.
Getting rid of that old fax machine, Timex Datalink watch, cell phone, or other device with a lot of digital memory? Before you drop it off at the second hand store, you might want to think about what might be stored in it. Recently a government department was selling off obsoleted equipment. One of the fax machines, when plugged in and loaded with paper at the buyer's office, spit out two highly sensitive (though unclassified) faxes. Office level digital fax machine can now hold two hundred pages or more in memory.

Go To Page: 1 2


The copyright of the article Computer Security Weekly, November 15, 1999 in Computer Security is owned by . Permission to republish Computer Security Weekly, November 15, 1999 in print or online must be granted by the author in writing.

Post this Article to facebook Add this Article to del.icio.us! Digg this Article furl this Article Add this Article to Reddit Add this Article to Technorati Add this Article to Newsvine Add this Article to Windows Live Add this Article to Yahoo Add this Article to StumbleUpon Add this Article to BlinkLists Add this Article to Spurl Add this Article to Google Add this Article to Ask Add this Article to Squidoo




about us Limelight Blog freelance writing jobs careers press room Site Map Terms & Conditions Privacy Policy