[Moderator: There were several articles on this sent in. If you want more info, most of the big news sites have something on it.] E-Mail Security Flaw Found SEATTLE (AP) Computer security experts have reportedly identified a flaw in three widely used e-mail programs made by Microsoft and Netscape that could allow Internet-based attacks. Though no attacks have been reported, experts worry that millions of people will need to upgrade their software to remain safe from unscrupulous hackers who know about the loophole. The flaw allows any outsider to send a booby-trapped message that could, among other things, erase a computer's hard drive. ``This is something that goes right to the soft, chewy inside of your computer,'' computer consultant Russ Cooper of Lindsey, Ontario, told The San Diego Union-Tribune in a story Tuesday. Most e-mailed attacks involve attachments to e-mail and are harmless unless the user runs the attached program. The new flaw, however, cannot be so easily avoided. In some test cases, simply trying to delete e-mail activated the attack. The attacks cannot be guarded against with firewalls or anti-viral software, the two most widely used security methods. Finnish researchers discovered the problem last month. Since then, tests have shown its presence in Microsoft Corp.'s Outlook Express and Outlook 98, and Netscape Communications Corp.'s current Web browser, Communicator. Researchers are also checking other programs. Both Netscape and Microsoft were informed of the problem. Microsoft has devised a software patch that is now available at its Web site. Netscape's patch is expected soon at its Web site. ``We're definitely not taking this lightly,'' Microsoft group product manager George Meng told the San Jose Mercury News. ``There definitely is a scenario in which someone could do damage to people's systems.'' The flaw exists on any type of Windows machine, from 3.1 to NT and on computers running Sun Microsystem Inc.'s Solaris operating system, as well as computers made by Apple Computer Inc. The Microsoft list of computers at risk includes UNIX systems using Outlook Express 4.0. ``My concern is that this is going to develop into more of a problem as time goes on, as people miss the original warning or forget about it, and then people start exploiting it,'' said Eugene H. Spafford, director of the Center for Education and Research in Information Assurance and Security at Purdue University. ``People just don't take security seriously,'' Spafford told the Mercury News. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:00:02 PDT