Computer Security Weekly, Aug. 20, 2000
Getting your security information from a moderated mailing list? Maybe Lyris based? It has been found that versions 3 and 4 of Lyris List Manager allows any subscriber to grab administrative privileges. The loophole is in the Web interface, so you can't control the world via email.
http://www.lyris.com/lm/lm_updates.html
Georgi Guninski has found a rather large loophole in Windows 98 and 2000. This isn't, unfortunately, limited to Internet Explorer, although it is related. A file named folder.htt turns out to have the ability to set many parameters governing how the folder containing it is viewed. So many, that arbitrary commands can be issued, programs can be run, and administrator security can be overridden.
Another US court waffle in the debate over code. The DeCSS court case has barred posting of the DeCSS code, or even linking to sites that post the code. This flies so far in the face of other decisions that it is very likely to be overturned.
http://www.pcworld.com/cgi-bin/pcwtoday?...
mailto:rslade@sprint.ca
mailto:robertslade@usa.net
mailto:p1@canada.com
-
Find virus, book info http://victoria.tc.ca/techrev/rms.htm
Mirrored at http://sun.soci.niu.edu/~rslade/rms.htm
Linked to bookstore at http://www97.pair.com/robslade/
The copyright of the article Computer Security Weekly, Aug. 20, 2000 in Computer Security is owned by Robert Slade. Permission to republish Computer Security Weekly, Aug. 20, 2000 in print or online must be granted by the author in writing.
Go To Page: 1
Articles in this Topic Discussions in this Topic
Latest Articles