Computer Security Weekly, December 20, 1999


Network Associates has announced that, under the new "softer" American crypto export regulations, they now have a world wide export license for their version of PGP. However, there are also now some reports that the US government may delay implementing the new rules.
Disney's Go Express Search operates an http server, meant for search queries, without any authentication. Remote users can submit search queries, and view queries and personal links left by other users. It's possible to access the configuration interface, which can reveal user information. Configuration settings can be changed remotely to, for instance, add, remove or alter personal links.

Story here

Reliable Software Technologies has published a fairly significant bug in the password storage for Netscape. The email password is stored using a simple XOR and substitution cypher. Since many people use the same password for all their systems, access to this single, but important, password can be vital.

However, RST hasn't really discovered anything new. This same information has been around since April at the latest.

The BBC Web pages have links on them that allow you to email the pages to friends, along with a comment of your own. If you try them out, you'll find that the BBC has made a token effort to censor language that might be included. Using the, by now standard, sentence "I hope you still have your appetite for scraps of dickens when I bump into you in class in Scunthorpe, Essex on Saturday," that checks for "embedded" dirty words, you'll find that a number of them get "x"ed out, while some others get through.
The RISKS-FORUM Digest recently reported a case where simply selecting a message in Outlook 98 caused the HTML it contained to be executed. The message was spam, and the HTML code created a connection to a remote Web site. With all the material presented here over that past months, it should be quite clear that this kind of function can be a huge security risk.
The BBC isn't alone in the censorship game. It appears that some, though possibly not all, versions of Windows 98 have an overall censorship function when the default login is used. This function will affect all Microsoft word processors and editors, and possibly other programs as well.
mailto:rslade@vcn.bc.ca
mailto:rslade@sprint.ca
mailto:robertslade@usa.net
mailto:p1@canada.com Robert Slade's Guide to Computer Viruses, 0-387-94663-2, (800-SPRINGER)
The copyright of the article Computer Security Weekly, December 20, 1999 in Computer Security is owned by Robert Slade. Permission to republish Computer Security Weekly, December 20, 1999 in print or online must be granted by the author in writing.

Go To Page: 1

Articles in this Topic    Discussions in this Topic