Is This "The Last Flaw" For Windows??
Subject: Is This "The Last Flaw"??
Date: Thu, Jul 30, 1998 04:13 EDT
From: FKSmart
Message-id: <1998073008132900.EAA24869@ladder03.news.aol.com>
While living under my rock, I got this little notice today from a very well-sourced contact at a firm I am working with. Windows systems EVERYWHERE are now at risk. ISPs are trying to deal with the problem now. Stay tuned....
As my contact stated:
>>"This is yet another major security problem on windows platforms, with the potential to wreck havoc much like the Internet Worm of 1988.">>
Here's the "rest of the story...":
Wednesday July 29 10:29 AM EDT
Security Gap Found In E-mail Programs - Report
PALO ALTO, Calif. (Reuters) - Some of the most popular e-mail programs have a security flaw that could allow hackers to erase files or wreak other damage on users' systems, The San Jose Mercury News reported.
The report called the flaw a "gaping hole" in the e-mail programs and said that some experts believe it to be the biggest such problem to surface in a decade.
The flaw, discovered by computer security experts in Finland, affects two Microsoft e-mail programs -- Outlook Express and Outlook 98 -- as well as Netscape Communications' Web browser.
Microsoft officials were not immediately available to comment, but Netscape said it was working on a patch to fix the security hole and should have one available in two weeks.
Netscape emphasized that there have been no reports of an actual hacker attack through the hole, which was discovered by experts who routinely scan computer programs looking for bugs.
The flaw was found last month by the Secure Programming Group at Oulu University in Finland, the newspaper said.
The discovery alarmed some experts because it appears comparatively easy to execute an attack. Tests found an attack could be activated simply when the user tried to delete an offending message.
The flaw centers around e-mail "attachments," commonly used in electronic correspondence to send background files or additional information. But unlike other flaws, which allow attacks only when the user runs the offending attachment, users with this flaw in their systems could potentially be attacked without even opening the attachment.
"The implications and the repercussions could be so powerful and
long-lasting that if you don't address it immediately, you run the risk of
the problem cascading," Mike Nelson, a computer industry consultant who previously worked for the security firm Pretty Good Privacy Inc., told Reuters.
One problem with a flaw in e-mail systems is that it cannot be corrected centrally. Even after companies come out with a fix, it is up to individual users to hear about the patch and take the time to install it.
Dave Rothschild, vice president of Client Products at Netscape, said the company advises e-mail users not to read attachments from unknown senders, as a security precaution.
As an alternative, users receiving a mysterious attachment may write back to the sender and ask them to resend the attachment in the main body of the e-mail.
The new flaws appear to affect only e-mail programs running on Microsoft's Windows, but not Macintosh or Unix systems.
Ida5683
|
