Bugs & Viruses Archive

Security Hole Discovered in Mac OS X

Delfim Machado made public a way of crashing a password-protected screensaver and thus giving full access to the user account that the screensaver was running under. All a user has to do is to keep pressing any key for 5 minutes or so and then pressing Enter. Delfim Machado contacted Apple's Security department with his discovery, but when he didn't hear back, he decided to go public.

Langa Letter: Linux Has Bugs – Get Over It

Fred Langa contends that some Linux proponents harm their cause by hiding from the facts--it's just as buggy as Windows XP: "As much as the partisans wish it were so, open sourcing isn't a magic solution to the problems of bugs and security issues. As Linux and other open-source software grow in popularity and extend into a fragmented, uncontrolled mass marketplace, they will inevitably have their own full share of bugs and security problems, same as with any other software. Anyone who tells you differently, or tries to convince you that their favorite operating system is somehow immune to market forces, human error, and plain malice, is doing both you and the operating system they espouse a disservice."

Microsoft: SSL Flaw is in Operating System, not in Web Browser

"Microsoft Corp. said yesterday that the Secure Sockets Layer (SSL) flaw recently uncovered by an independent researcher is in multiple versions of the Windows operating system, not its Internet Explorer Web browser. Company officials added that the flaw isn't in Microsoft's CryptoAPI application program interface (CAPI) either, which would have left a number of applications and Windows services vulnerable, not just Internet Explorer." Read the report at ComputerWorld.

Microsoft Accidentally Distributes Virus

"Microsoft accidentally sent the virulent Nimda worm to South Korean developers when it distributed Korean-language versions of Visual Studio .Net that carried the virus, the company acknowledged Friday. Microsoft's flagship developer tools picked up the digital pest when a third-party company translated the program into Korean, said Christopher Flores, lead product manager for Visual Studio .Net." Read the story at C|Net News.

Sharpei Virus Hits C# Note

"Virus writers took another shot at Microsoft's .Net vision. On Friday, antivirus companies received a copy of a worm called Sharpei, which is partially written in Microsoft's newest computer language, C#, and designed to infect computers loaded with the .Net framework. Antivirus company Network Associates gave the infectious program a "low" rating for risk but highlighted it as the second example of a virus writer attempting to infect parts of the .Net framework." Read the rest of the story at C|Net.

Antivirus Firms: FBI Loophole is Out of Line

"Antivirus software vendors said Monday they don't want to create a loophole in their security products to let the FBI or other government agencies use a virus to eavesdrop on the computer communications of suspected criminals. Under a project code-named "Magic Lantern," the U.S. Federal Bureau of Investigation is creating an e-mail-borne virus or Trojan horse that hides itself on the computer and captures all keystrokes made, including passwords that could be used to read encrypted mail. Despite subsequent reports to the contrary, officials at Symantec and Network Associates said they had no intention of voluntarily modifying their products to satisfy the FBI. Spokesmen at two other computer security companies, Japan-based Trend Micro and the U.S. subsidiary of U.K.-based Sophos made similar statements." Read the rest of the story on ZDNews.

Top-Ten Virus Chart for 2001

Sophos, a world leader in corporate anti-virus protection, has revealed that just two viruses, Nimda and Sircam, accounted for almost 50% of the reports received by Sophos's helpdesk during 2001. Code Red, the most hyped virus of the year, does not even appear in the top ten. Sophos has detected 11,160 new viruses, worms and Trojan horses to date this year, bringing the total protected against to almost 70,000. On average, the Sophos virus labs produce detection routines for over 30 viruses each day.

MS Passport Cracked with Hotmail

"Passport and Wallet users are going to be disappointed to learn that these feature-rich tools can't be used until MS fixes a little bug which makes sport of taking over someone else's account. Passport authenticates a user for access to his credit cards and Web site accounts and passwords, to make life easy for on-line merchants and shoppers, and hackers and identity thieves." TheRegister reports.