1. Most Discussed
  2. Gainers & Losers

Are you vulnerable?

  1. Security flaws dog Microsoft's security-first stance
    April 26 2002
    Icon


    Microsoft products secure? Only if you keep updating, writes Nicole Manktelow.

    A spate of security flaws in Microsoft's popular browser Internet Explorer, Web server software and claims of vulnerabilities in its developer tools are dogging the company's recent security-first stance. Software holes affecting Web browsers, instant messengers, developer tools, Web server software and network products have Internet users pondering how false their sense of security has been.

    Microsoft released two patches in March and three patches in February dealing with Internet Explorer alone. Some updates target single issues but its most recent release is a cumulative update, fixing all known security issues and two newly discovered problems.

    The problems provide attackers with varying opportunities to exert control over others' computers. One problem could allow attackers to run a program that is already installed on a system. The other makes Internet Explorer put more trust in certain Web sites than it should.

    A Microsoft security bulletin (www.microsoft.com/technet/security/bulletin/MS02-015.asp) describes the problems as critical and urges users to download and install the cumulative patch (www.microsoft .com/windows/ie/downloads/critical).


    With many of Microsoft's products designed to "interoperate", vulnerabilities in one program can cascade to its cousins. The way Internet Explorer executes JavaScript code, for example, has given MSN Messenger an unexpected side effect.

    Researchers published a demonstration of how MSN Messenger could be "hijacked" and, just days later, the method was exploited by a worm (a kind of virus that sends copies of itself to others, usually via a victim's email program).

    The worm, although harmless, uses the flaw in Internet Explorer to access the MSN Messenger's contact list and send messages to other MSN Messenger users.

    While patches mitigate these security risks, experts have criticised Microsoft for taking too long to respond to some threats. And more, as yet unpatched, vulnerabilities are listed by security experts Tom Gilder and Thor Larholm at their Web site (http://tom.me.uk/msn).

    Microsoft's co-founder and chief software architect, Bill Gates, recently directed his company to put security as its No 1 focus as part of its new "Trustworthy Computing Initiative".

    Internet users should be concerned, however, about the security of their computers.

    "It's not something to be taken lightly,'' says Peter Moore, the .NET and developers director for Microsoft Australia. "They have a responsibility to think about the vulnerability of their system. We're serious about providing regular updates so they can protect themselves. You have a responsibility to keep your system updated.

    Security will be vital to the success of Microsoft's .NET strategy, which pushes for applications to communicate via the Internet but also requires end users to trust these programs to safely store and handle data.

    Where the Internet is concerned, trust is a precious quality. After 10 years, trust in the Simple Network Management Protocol (SNMP) disappeared overnight when researchers discovered a vulnerability which could give hackers the ability to control or shut down connected devices.

    SNMP is a standard widely used in modems, routers and other networking equipment. ISPs and network operators have been hurriedly patching the flaw since February 12, when it was exposed by the CERT Co-ordination Centre (www.cert.org).

DISCLAIMER:
Before making any financial decisions based on what you read, always consult an advisor or expert.

The HotCopper website is operated by Report Card Pty Ltd. Any information posted on the website has been prepared without taking into account your objectives, financial situation or needs and as such, you should before acting on the information or advice, consider the appropriateness of the information or advice in relation to your objectives, financial situation or needs. Please be aware that any information posted on this site should not be considered to be financial product advice.

From time to time comments aimed at manipulating other investors may appear on these forums. Posters may post overly optimistic or pessimistic comments on particular stocks, in an attempt to influence other investors. It is not possible for management to moderate all posts so some misleading and inaccurate posts may still appear on these forums. If you do have serious concerns with a post or posts you should report a Terms of Use Violation (TOU) on the link above. Unless specifically stated persons posting on this site are NOT investment advisors and do NOT hold the necessary licence, or have any formal training, to give investment advice.

Top