Bugs & Viruses Archive

Delfim Machado made public a way of crashing a password-protected screensaver and thus giving full access to the user account that the screensaver was running under. All a user has to do is to keep pressing any key for 5 minutes or so and then pressing Enter. Delfim Machado contacted Apple's Security department with his discovery, but when he didn't hear back, he decided to go public.

"There's a community within Unix-Linux that has grown to increase its stability, where finding the bugs is considered a positive thing. Whereas, with Windows, there's a rather aggressive community trying to find bugs to denigrate Microsoft and Windows." Read the article at NewsFactor.

DesktopLinux.com talks with CEO Kevin Peer of top Linux antivirus vendor Central Command to discover where vulnerabilities exist, the cost to companies, and the growing interest in Linux from virus writers.

Two Cambridge University researchers have discovered serious flaws in the security that many banks use in Auomatic Teller Machines around the world. The researchers, Mike Bond and Piotr Zielinski, released their findings in a paper, but various powers-that-be in the banking industry are not happy.

Fred Langa contends that some Linux proponents harm their cause by hiding from the facts--it's just as buggy as Windows XP: "As much as the partisans wish it were so, open sourcing isn't a magic solution to the problems of bugs and security issues. As Linux and other open-source software grow in popularity and extend into a fragmented, uncontrolled mass marketplace, they will inevitably have their own full share of bugs and security problems, same as with any other software. Anyone who tells you differently, or tries to convince you that their favorite operating system is somehow immune to market forces, human error, and plain malice, is doing both you and the operating system they espouse a disservice."

"Microsoft Corp. said yesterday that the Secure Sockets Layer (SSL) flaw recently uncovered by an independent researcher is in multiple versions of the Windows operating system, not its Internet Explorer Web browser. Company officials added that the flaw isn't in Microsoft's CryptoAPI application program interface (CAPI) either, which would have left a number of applications and Windows services vulnerable, not just Internet Explorer." Read the report at ComputerWorld.

A new virus called Simile.D may not be much of a threat to computer systems, but some of its technical tricks could lead to a rethinking of the principles underlying antivirus software. Read the story at C|Net.

"Virus writers took another shot at Microsoft's .Net vision. On Friday, antivirus companies received a copy of a worm called Sharpei, which is partially written in Microsoft's newest computer language, C#, and designed to infect computers loaded with the .Net framework. Antivirus company Network Associates gave the infectious program a "low" rating for risk but highlighted it as the second example of a virus writer attempting to infect parts of the .Net framework." Read the rest of the story at C|Net.

Sophos, a world leader in corporate anti-virus protection, has revealed that just two viruses, Nimda and Sircam, accounted for almost 50% of the reports received by Sophos's helpdesk during 2001. Code Red, the most hyped virus of the year, does not even appear in the top ten. Sophos has detected 11,160 new viruses, worms and Trojan horses to date this year, bringing the total protected against to almost 70,000. On average, the Sophos virus labs produce detection routines for over 30 viruses each day.

"Passport and Wallet users are going to be disappointed to learn that these feature-rich tools can't be used until MS fixes a little bug which makes sport of taking over someone else's account. Passport authenticates a user for access to his credit cards and Web site accounts and passwords, to make life easy for on-line merchants and shoppers, and hackers and identity thieves." TheRegister reports.