Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : COMS & the Ghost of USRX w/ other STUFF -- Ignore unavailable to you. Want to Upgrade?

To: djane who wrote (16850)	7/29/1998 5:38:00 PM
From: Moonray	Respond to of 22053

U.S. issues alert over e-mail flaw San Jose Mercury News - Tuesday, July 28, 1998 Emergency bulletin calls problem extremely serious The U.S. Energy Department's computer security team confirmed Tuesday that a significant security flaw exists in three of the most popular e-mail programs around that, left unrepaired, could have catastrophic consequences and urged users to repair or replace the software. Corporate technology managers spent Tuesday frantically scrambling for more information about the flaw, which was first reported in the Mercury News. And users found it difficult to find the correct patches for the the security hole. Software companies initially provided little additional technical information about the problem and no real fixes. Microsoft Corp., for example, offered patches that were determined to be ineffective and were subsequently withdrawn. The flaw, which allows an outsider to send a booby-trapped e-mail message capable of executing commands on the user's computer -- anything from sending out thousands of e-mails in the user's name to erasing the hard drive -- exists in some of the most popular software in the world: Microsoft's Outlook Express and Outlook 98, and Netscape Communications Corp.'s Messenger Mail, which accompanies versions 4.x of the Communicator Web browser software. Other e-mail readers may be affected, but most researchers now believe that another commonly used program, Qualcomm Corp.'s Eudora, is safe. The flaw can be exploited on the most common computer operating systems. The Computer Incident Advisory Capability, the Energy Department's team, headquartered at the Lawrence Livermore National Laboratory, declared in an emergency bulletin that the situation is extremely serious: ''We base this assessment on the ease with which the vulnerability can be exploited, the widespread use of the vulnerable e-mail/news readers and the potential for doing serious damage to a computer.'' Microsoft attempted to post patches for the hole in its products Monday, but technical problems kept most users from getting to them. Then the company discovered that the first set of patches didn't work. Anybody who downloaded the first set of patches is urged by the company to download them again, probably later this week. Alternatively, users can download a free copy of Eudora Light until a patched version of their favorite e-mail program is available. Some users believed the story was incorrect because it is so similar to a well-known Internet hoax called the Good Times virus. Typically, a user gets an e-mail warning them to delete any e-mail with the subject ''Good Times'' because, if opened, the Good Times e-mail will reformat the hard drive. The warning message urges the recipient to ''send this to all your friends,'' creating a flood of unnecessary e-mail and chewing up system resources. Normally, e-mail alone can't do any damage to a system. But attackers can attach a file that's essentially a program to an e-mail message. If a user runs that program, it could do damage to the system, which is why system administrators warn users to avoid opening attachments from strangers. But this latest flaw can be triggered in some cases without even opening the booby-trapped e-mail. The problem can be exploited by assigning an exceptionally long file name -- sometimes hundreds of characters -- to an attachment. If the name is too long, it will overflow the e-mail program's buffer. At that point, any software code contained in that overflow can sometimes execute commands on the user's computer. The problem is related to MIME capabilities, or Multipurpose Internet Mail Extensions, which let e-mailers work with items besides text. MIME headers tell the e-mail software how to treat the file. Older e-mail software that is not MIME-compliant is not vulnerable to the hole. While no one believes this flaw has been exploited outside the laboratories where it's been researched for the past month, experts are urging users and computer system administrators to repair their systems as quickly as possible, on the assumption that ''black hat'' hackers will soon be exploiting the problem. ''I'm just scared that somebody is going to spam the world with this. Soon.'' said William J. Orvis, a security specialist with CIAC. Computer system administrators around the world are studying the situation, trying to see what needs to be done. ''We don't normally comment on our internal systems, for security reasons,'' said Lew Wagner, senior manager of the corporate information security department at networking giant Cisco Systems Inc. Wagner, however, said the standard e-mail package used inside Cisco is not affected by the problem, adding there could be some people within the organization who are using something else. ''We're trying to make sure our 14,000 employees are not using any unauthorized applications,'' he said. o~~~ O

To: djane who wrote (16850)	7/29/1998 6:31:00 PM
From: djane	Respond to of 22053

V.90: As Fast as It's Going to Get Modem vendors reject a proposed standard that would have boosted the upload speed of V.90 modems. by Brian McWilliams, PC World Daily News Radio July 28, 1998, 3:46 p.m. PT A proposal to boost the upload speeds of V.90 modems has died, apparently due to poor modem sales and the indifference of manufacturers. Current V.90 modems are limited to 33.6-kbps upstream speeds. But Lucent has developed a way to enable nearly symmetrical data rates, with upload speeds approaching 45 kbps. More than a year ago, Lucent proposed that its technology become part of the International Telecommunications V.90 standard, which will be ratified in September. But according to Les Brown, a Motorola engineer and rapporteur for the ITU study group on 56-kbps modems, Lucent's proposal never made it into the spec, and the company hasn't pushed to have it added to the second revision of the V.90 spec, to be released next year. On Thursday this week, the ITU's 56K study group will meet in Quebec City to finalize the V.90 spec before it goes to the vote in September. Lucent spokesperson Charlie Hartley said the company still thinks the technology is promising, but Lucent won't bring a formal proposal to the meeting. Analysts say that since most modem users are Web surfers, the industry doesn't see the 33-percent upstream speed increase Lucent offers as worth the trouble. Many modem companies are now turning their attention to building DSL products rather than enhancing their analog modems. Lucent says it has no plans currently to develop the technology as a proprietary standard. Tune in to PC World News Radio to hear today's news broadcast via RealAudio. Copyright c 1998 PC World Communications. All Rights Reserved. Use of this service is subject to the PC World Online Terms of Service Agreement. T