Forgot password?
|
|
|
|
Home
We were unable to sign you in.
Please verify your user name and password and try again. If you do not have a TEC account, register now.
Printer Friendly
  • E-Mail Article
    • To: (e-mail address)
        

      From: (e-mail address)
        

      Subject:


      Message:
       

Contact Us
Articles RSS
Rate this article
Average Reader Rating 0.00
You may also be interested in:
25% Less Learning Time? Find the Right Approach to Training
The Path to Healthy Data Governance through Data Security
Waking Up to a “New Day” at Infor

White Papers related to this article:
On-Premise vs. On-Demand CRM
Decisions, Decisions: Key Issues to Consider in Selecting a Field Service Management Solution
The Mobile App Debate—HTML5: Hype or Help?

Other articles written by C. McNulty:
21st Century Fox Hunt - US vs. Microsoft
NetWare for Small Business – NetWhy?
Intraware Acquires Janus for its Extranets

Featured Author
Read Comments <

Event Summary

10 March 2000 (PCWeek) Microsoft Corp. (NASDAQ:MSFT) today admitted it found out months ago that there is a hole in its Windows 95 and 98 operating systems that leads to system crashes, yet decided the problem wasn't serious enough to warrant alerting customers or issuing a patch.

The problem arises when a user goes to a Web page or opens a Web-based e-mail message that contains a hidden string of characters that instructs the computer to use DOS commands for accessing the keyboard, printer and other devices, said Eric Bowden, general manager of BugNet.com, an online bug-tracking service.

"The insidious thing is that you can stick this in a Web page and e-mail it to someone and it will cause their machine to [crash] when they open it," Bowden said. Users could also encounter the hole by typing the string of characters at the DOS prompt in Windows 95 or 98.

Microsoft acknowledges it was alerted to the problem at the end of last year but did nothing to fix it or make customers aware of the problem. "It wasn't considered a serious issue," said a Microsoft spokeswoman.

"It's an inconvenience more than anything. It's not a security issue. No one is reading your e-mail."

But the spokeswoman added that Microsoft, of Redmond, Wash., decided to reconsider its decision this week and is now working on a patch for the problem. The spokeswoman did not know when the fix will be available but said it will be posted to the http://www.microsoft.com/security site.

Market Impact

Further reports have indicated that this crash can occur under Outlook 2000, whether or not the offending message is opened. However, the crash will not occur on Windows NT or Windows 2000 systems. Outlook 98 is also immune to the problem.

If someone can crash your system remotely, that's a lot more than an "inconvenience". It's called a Denial of Service attack.

Microsoft's approach to the problem is less than ideal - it reacts to publicity, not problems. The problem surfaced in late 1999, but wasn't publicized on BugNet until March 2000. Only then did Microsoft move to address the problem. This creates a window of opportunity for alternate OS vendors, such as Red Hat (NASDAQ:RHAT) to distinguish their level of product support from Microsoft's offerings.

User Recommendations

We believe this is yet another reason to favor the Windows NT/2000 operating system family instead of Windows 95/98/Me. It also underlines the importance of antivirus software for corporate email systems.

Monitor http://www.microsoft.com/security, or BugNet for a patch. (Let's hope it's not called Windows Me.) If you have paid Microsoft for any tech support related to this problem in the last three months, demand a refund.
 
comments powered by Disqus


Secure Mobile ERP—Is It Possible? | Role of In-memory Analytics in Big Data Analysis | SAP HANA—One Technology to Watch in 2012 (and Beyond) | Demystifying SAP Solution Manager | Cloud Assets: A Guide for SMBs—Part 3 | Mobile Supply Chain Management: The Dream Is Becoming a Reality | I Want My Private Cloud | The Sum of All Malware Fears: Siemens on Stuxnet | Managing the Overflow of E-mails | Security Risk Assessment and Management in Web Application Security | Are You Adequately Protecting Your IT Infrastructure Components Inside the Firewall? | Software Selection for Organizations: Are We Becoming Too Web-biased? | Enterprise Resource Planning Giants Eye the Shop Floor | Who Else is Using Your Wireless Network? | Information Security Firewalls Market Report Part Two: Current Market Trends and User Recommendations |
+
Information Security Firewalls Market Report Part One: Market Overview and Technology Background | Automated Enterprise: Many High-ROI Opportunities | Secure Transfers of Large Files Over the Internet Using YouSendIt | Fed Warms Up to ERP Spending, but Will Contractors and Their ERP Vendors Comply? Part Two: Challenges and User Recommendations | Feds Warms Up to ERP Spending, but Will Contractors and Their ERP Vendors Comply? Part One: Event Summary and Market Impact | Product Review: GFI's LANguard Network Security Scanner | The Best ACT! Is Still to Come | HIPAA-Watch for Security Speeds Up Compliance Part Two: Phase III and IV, and Product and User Recommendations | HIPAA-Watch for Security Speeds Up Compliance Part One: Vendor and Product Information | Program Testing Methodology Part One: Preparing for Testing | Whose ROI is it Anyway? Part One: Introduction | EAM Versus CMMS: What's Right for Your Company? Part One | Justification of ERP Investments Part Three: Costs of Implementing an ERP System | Using PKI to Protect Your Business Information | The CyberAngel: Laptop Recovery and File Encryption All-in-One | Evaluating Enterprise Software-Business Process or Feature/Function-Based Approach? All the above, Perhaps? Part Three: Knowledge Bases and User Recommendations | InsideOut Firewall Reporter Unravels the Mysteries of Your Firewall Logs | The Future of Secure Remote Password (SRP) Part Two: Overcoming Obstacles to Success | The Future of Secure Remote Password (SRP) | Top 10 Reasons For Having A Project Kickoff - Part II | Top 10 Reasons For Having A Project Kickoff - Part I | Integrated Security: A New Network Approach Part Two: The Shift Toward Integration | Integrated Security: A New Network Approach | Vendor Analysis: Kaspersky Anti-Virus Products Examined | 6 Immediate Business Improvements Offered by an Online SRM System: Part 3: Other Points to Consider | Legacy Single Sign-On: Novell, Evidian, IBM, PassGo, or Computer Associates? | Fourth Shift's evolution Within SoftBrands' DemandStream | OKENA Brews Up a StormSystem that Secures All Applications | What’s All This Benchmark Stuff, Anyway? | Incident Handling and Response Capability: An IT Security Safeguard Part 2: Establishing the Capability | Incident Handling and Response Capability: An IT Security Safeguard Part 1: Are You Ready to Support an Incident Response Capability? | Outsourcing Security Part 3: Selecting a Managed Security Services Provider | Outsourcing Security Part 2: Measuring the Cost | Outsourcing Security Part 1: Noting the Benefits | Vendor Review: SecureWave Protects Microsoft Operating System Platforms | Thanks to a Smart Little Company called Lexias, CIOs Can Now Empower their Users to Assist in eBusiness Security | Feds Buckle Down on Customer Information Security | Identix Leads Biometric Authentication | Bootcamp for the Pros; Why Ernst & Young Will Lead Security Auditing Standards | Vendor Analysis: Interliant's Security Vulnerability Assessment | OKENA Pioneers Next-Generation Intrusion Prevention | Social Engineering Can Thwart the Best Laid Security Plans | Application Single-Sign On: Netegrity, Securant, or Evidian? | Lost Your Laptop? The CyberAngel® Brings It Back | InsideOut Makes Firewall Reporting Useful | Are ASP Applications Right for You? Part 2: Decision Criteria | Are ASP Applications Right for You? Part 1: Decision Factors | The SOAP Opera Progresses - Helping XML to Rule the World | SCT Corporation Means (e)Business For Process Manufacturing | Evolutionary Technologies Does EAI (Always Did, We Just Didn’t Call It That) | AMD Hooks Up with Transmeta – For Now | Talarian and NextSet Team for B2B Solutions | Red Hat Plays 'Love You, Love You Not' with CPUs | Dell Sharpens Its Linux Focus | Prophet 21 First Quarter Revenues Suffer But Pipeline Grows | Palm to Give Developers a Leg Up | Gates Previews Pen-Based Computer | Quantum Snaps Off Its NAS Group | Tempest Creates a Secure Teapot | E*Trade Ignores Private Security Warning, But Public Hullaballoo Gets Response | eMachines to Ship Appliance | What’s in a Name? | Technology Hardware Maintenance-Acquiring and Managing Cost Effective Service | frontpath Announces Mobile Internet Appliance | Commerce One: First SAP, then Microsoft. But What About Clarus? | Transmeta to Intel/AMD: Eat Our Dust | Ariba Holds Announcement Festival | Sun Buys Cobalt | My Network Engineers are Talking about Implementing Split DNS. What Does that Mean? | VA Linux Releases NAS Server | How Do You Categorize Notebooks? | IMI Sees Red In Dawn Of Fiscal 2001 | Turmoil in CPU-Land | Red Hat’s Linux Domination Weakens | GNOME Will Try to Buff Up Linux | New Internet Appliances Coming from Compaq | How Do You Categorize Servers? | Human-Machine Interaction Company Ramps Up Firewall Product Line | Security Information Market Heading for Growth | Alibris Charged with Intercepting Email | Compaq to Offer Co-Branded iPAQ BlackBerry Wireless E-mail Solution | Cart32 in Need of Duct Tape | Compaq Wins Supercomputer Contract, But Is It Enough? | PC Market Figures Show Compaq, Dell, and HP Lead | Deutsche Telekom to Acquire VoiceStream Wireless | Study Shows: FBI Alienates Industry Security Experts | Firewall Cowboyz Set the Stage to Free Innocent Convict | Computer Manufacturers Shifting Their Focus to Start-Ups | Rackmount Server Sales Surge | Symantec Swallows AXENT; Takes on Network Associates | Novatel Wireless and Diversinet Team Up to Provide Security for Wireless Modems | Manhattan Associates Completes Second Quarter On Record Pace | Red Hat Releases Clustering Software | Windows 2000 Bug Fixes Posted | Baltimore Technologies Doubles Revenues, Offers World-Class PKI Hosting | The Whys and Hows of a Security Vulnerability Assessment | Earthlink Leads the Way in DSL Security | PKI and Biometrics Ready for Take-Off | Secure Transport of EDI and XML for Trading Exchanges | Compaq and IBM Alliance for Storage | Should It Be Renamed 'Unobtainium'? | Can You Trust Entrust? | Dell Drops WebPC | Standard & Poor's Announces Security Certification | 21st Century Fox Hunt - US vs. Microsoft | Check Point Leads Firewall Market | Lynx to Donate Advanced Messaging to Linux Open-Source Community | Netpliance’s 4X Price Hike - Will It Spell Boom or Doom? | HP’s LT 6000r Six-CPU Server | Handspring’s Visor Passes Pocket PC | Fighting Cybercrime on the Internet | Active Voice Adds Unified Messaging to Cisco’s CallManager | NetWare for Small Business – NetWhy? | Let Your Hard Drives Tell You Where they Are! | New Storage Array from Sun | E&Y Spins-Off eSecurity Online and Unveils Security Vulnerability Assessment Services | Compaq to Open Tru64 Unix? | Intraware Acquires Janus for its Extranets | Lucent Receives Engineering Award in Unified Messaging | Technology Project Selection and Management in Community Banks | Dell and Red Hat Form Alliance | With Record Revenues, AXENT Puts Down a Solid Fist | At Least It Hasn’t Been Renamed Linux 2001 | NAI Will Pay Trend $12.5 Million Resulting from Law Suit | Intel 820 Chipset Delays Again, Again, Again… | Sub7 Tells Chat Rooms All Your Stuff; F-Secure Leads the Battle | Cobalt Releases Linux "Clustering" Software | E-Cash Rollout Replaces Amex | GSA Schedule Partnership Gets Network-1 in the Door | It Takes More Than a Fast CPU to Rule the Web | Compaq’s 'Photon' Comes into the Light | Los Alamos Loses Top-Secret Information, Again! | Standard & Poor's Exposes Customers' Security | The AS/400 Takes You Securely Where You Want to Go | Caldera eDesktop Edges Out Microsoft Windows 2000 in Functionality – Part II | IA-64 Linux From Red Hat | Trend Micro Steps into PDA/Wireless AntiVirus Information Market | Gateway & AOL Follow Crusoe’s Footprints | CryptoSwift Takes Rainbow Revenues Up 620% | Bezos to McNealy: Drop Dead! | IBM Loads Linux on Mainframes | Smart Shoppers Go Abroad for Affordable Information Security Programs | Anti-Virus Advisories: Rating Them | MicronPC.com, or, “Where Are They Now?” | Mirapoint Adds Web-Mail Client to Messaging Appliance Line | Network Appliance to Ship Sub-$10K Caching Hardware | The 7 Habits of Highly Effective Security | Compaq Reorganizes Again | Fischer’s Prio! SecureSync ~ A Solution to Enterprise Directory Chaos | Dell Tops in Customer Satisfaction | Intel Faces 820 Chipset Problems (Again) | Intel Small Server Market | eBay Looking For Sun Block? | Abandon All Insecurity, Ye Who Enter Here | HP “Medals” In U.S. PC Olympics | Top 10 Excuses For Not Securing Your Website or Network | AMD Server Plans De-Railed | Net Woes for NetWare | Ernst & Young Leads Big 5 in Security | 6 Days After Advisory Posted, AboveNet Gets Hit | A Firewall is Cheaper Than a Lawyer | Intel Reorganization | It’s a Portal...AND It;s a Gateway | Cooler-running Notebooks from HP, Toshiba, et al. | Fixing Security Backdoors:
Red Hat 1, Microsoft 0 | WAP Forum Specifies RSA’s RC5 Encryption For Wireless | Netpliance Responds Quickly to Hardware Hack | Intel Server Trends | AMD Earnings Beat the Street! Intel Earnings Beat the Street? | Desktop PCs: Meet the New Boss, Same as the Old Boss… (Dell) | HP e-Vectra Product Follow-up | Dell Updates Its Appliance Line | Apple Displays Its Core in Mac OS X | Security Stocks Burn Rubber | U.S. vs. Microsoft: Another Day of Reckoning | Why Would Anyone Need More Than 50 IP Addresses? | Will Intel Take a Loss on Each CPU, but Make It Up in Volume? | DSL Provider Scoops up Netscreen Firewall Goldmine | Cyclone Untangles Digital Partnerships | Security Begins on Your Desktop | Network Associates Hopes to Rekindle the Flame | “Whistler” Beta on the Web? | Hacker Publication Gets Top Defense Attorney | HP Reorganizes Storage Group, Addresses NAS-cent Market | HP: Why Not Just Call It “e-Vectra.com”? | Compaq Streamlines Product Line | Will MS try the "Open Source" Gambit with WinCE? Why Not – Nothing Else Seems to Work | “It’s a Notebook!” “It’s a Paperweight!” “Wait - It’s Both!” | Saudi Arabian Network Security Provokes Local Considerations | Cisco: IPv6 is Coming, Eventually | Wintel Tries to “Embrace and Extend” the English Language | Robust Systems are Built from the Bottom Up | DOJ Keeps Low Profile on Curador; Protect Your IIS Server Today! | Information/Internet Appliances | Hewlett-Packard’s NetServer Division – #3 to Get Ready, or #4 to Go? | Security Breach: Now What? | Palm IPO: 3Com’s morning after, or “Do you know the way to San Jose?” | Does Microsoft Have Something Against 64-Bit Processors? | Acta Technology Helps Add Business Intelligence Capabilities to Major ERP Vendors | Bus-Tech Speeds up Mainframe DB2 Access | Total Uptime Guarantees? It Must Be A New Millennium! | Analysis of Novell's Announced Support for Sun's Solaris 8 Operating Environment | Sendmail, Inc. and Disappearing, Inc. Team Up to Add Enhanced Security | Tentative Unification in Server I/O Architecture Battle | Dell Unveils Internet-Enabled Customer Support Strategy | Compaq, Dell Announce Eight-Way Intel Servers | Dell Takes Over the #1 Spot in the U.S. PC Market | Dell to Acquire ConvergeNet International | Microsoft to Purchase Softway Systems | Gateway Drops AMD | Intel Delays Shipment of 820 Chipset | Flaw in Intel Xeon 550 Chips: Shipments Stopped | Sun to Make Solaris Source Code Available | Palm Tries to Take the Desktop in Hand | MainWin for Linux - NT Apps without NT | TurboLinux Clusters One More Step Taken | Cisco Tries to Cache In By Buying Software Start-Up Tasmania Networks | Intel Throws its "Red Hat" into Linux Ring | NEC Pulls Packard Bell PCs in US | Corel and PC Chips to Accelerate Mass Desktop Deployment of Linux | Gateway, Dell Plan Windows-free Appliances | Here Come the "Information Appliances" | Sony Picks Palm OS | Intel Invests in eSoft - "Lintel" Continues to Grow | AMD Athlon Debuts | EMC to Buy Data General | Compaq to Halt NT on Alpha Development | eMachines Considering Internet Appliance | Sun to "Community Source" Almost Everything | eMachines to Buy FreePC | Dell Jumps Into Internet PC Arena | Be Announces Software Licensing Agreement With Compaq | Acer to Jump on Internet Appliance Bandwagon | Sun's StarPortal Opens Its Gates Early | OS SmackDown! | What If They Shipped an OS and Nobody Came? | Presarios Freezing - and Not Because it's Winter | Intel's "New Best Friend" for Web Appliances is Linux | Compaq Buys a Chunk of Inacom - But Will It Help? | Gateway, Jilted by Intel, Kisses and Makes Up with AMD | Be to Be FreeB(i)e | HP Joins the Athlon Pile-On | Will Sun Burn Linux with "Free" Solaris? | HP says "When in Doubt, Buy It Out" for Server Appliances | Intel Chip Shortage Continuing | Embedded Linux for Handhelds | Linux Laptops from Dell | Come See the Softer Side of Linux? | Windows 2000: Paragon for Partisans, Skewered by Skeptics | Compaq Plans Direct Sales. DTja vu All Over Again? | Goodbye PCs, Hello Appliances? | Intel Tries to Give it Away - AMD Says "No Way" | Microsoft says: Pay No Attention to the Man Behind the Glasses | U.S. vs. Microsoft - Breaking Up Is Hard To Do, But Not That Hard | Linux at 25% of Server OS Market - Is Redmond Hearing Footsteps? | Is Your Financial Transaction Secure? | Compaq, HP, IBM, Intel and Microsoft Create New PC Security Alliance | Expect Boom in Electronic Signatures | Secure Your Search Engine | President Proposes Security of Medical Records | Sendmail Takes Security to the Next Level with Version 3.0 for NT | CheckPoint & Nokia Team Up to Unleash a Rockin' Security Appliance | Trend Micro Anti-Virus Server for Microsoft Exchange ~ A Secure Choice For Enterprise Wide Anti Virus Protection. | Security Snafu at NetBank | Freeware Vendor's Web Tracking Draws Curses | The "S" in SAP Doesn't Stand for Security (that goes for PeopleSoft too) | Content Technologies releases MIMEsweeper PolicyPlus | Hackers Will Be Out in Full Force On New Year's Eve | Analysis of Virgin Net's Hacker Scare | Network Associates RePositions Itself as a Security E-Village | Lexiguard™: The Coming "Adobe Acrobat" of Encryption | CyberPeepers from Korean Sites Peek at U.S. Networks | Would You Hire a Hacker? What Would Your Mother Say? | @Home Scans Own Customers | CIOs Need to Be Held Accountable for Security | New Market for Security Insurance | At Least Your Boss Can't Read Your Home E-mail, Right? Wrong! | PrettyPark Virus Litters Cyberspace | Dell Uses its Muscle to Beat Side-Effects of Taiwan Quake | IBM to Make Cuts in PC Business Real Change, or Just Buying Time? | Micron to Push "Subscriber Computing" Rentals 'R' Us? | Compaq Partners with Red Hat in Linux Support Deal | Bristol Technology Ships Win-to-Lin Migration Tool | Compaq and Samsung in Deal to Save Alpha | Gateway Announces Server Appliances | Dell to Factory-Install Red Hat Linux on Servers | Windows 2000 Releases to Manufacturing - Finally | Packard Bell / NEC Leads Secure Etoken Deployment | Congress Acknowledges Outdated Banking Laws | Catalyst International Ties Fate to SAP | Geac Computer Corporation: Mastering Growth by Acquisitions | How Secure is Your E-Mail? | Trend Virus Control System - A Centralized Approach to Protection | Dell's High-End Rackmount Servers - Challenging Compaq's Wintel Dominance | Compaq's High-End Wintel-based Rack Servers - Working Hard to Stay #1 | Compaq's Alpha - Moving Toward Its Omega? | High-End Wintel-Based Rackmount Servers - The Big Get Bigger | IBM's Four-CPU Wintel-Based Rack Servers High Performance, High Cost | HP's Four-CPU Wintel-Based Rack Servers: Focusing on Reliability and Expandability | Dell's 8-CPU Intel Servers Increasing Its Enterprise Focus | Compaq's 8-CPU Intel Servers: the New "Big Iron" | Network Engines, Inc. - Double the CPUs for Web Serving | #2 Dell Tries Harder, Compaq Hurts | Server Appliances - "Caching" In on Internet's Growth | VPNs Are Hot, but What Are They? | ATM Machines Hacked in Moscow | How To Mitigate Holiday Cybercrime | Surf's Up at Akamai |


Use this index to search for white papers related to commonly used search terms A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Others 
Recent Searches
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Others
A: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
B: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
D: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
E: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
F: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
G: 1 2 3 4 5 6 7
H: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
I: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
J: 1 2 3 4 5
K: 1 2 3 4
L: 1 2 3 4 5 6 7 8 9 10 11 12 13 14
M: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
N: 1 2 3 4 5 6 7 8
O: 1 2 3 4 5 6 7 8 9 10 11 12 13 14
P: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
Q: 1 2
R: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
T: 1 2 3 4 5 6 7 8 9 10 11 12 13
U: 1 2 3
V: 1 2 3 4
W: 1 2 3 4 5 6 7 8 9 10 11
X: 1
Y: 1
Z: 1
Others: 1 2 3


©2013 Technology Evaluation Centers Inc. All rights reserved. Search powered by Google