|
PureBytes Links
Trading Reference Links
|
<x-html><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.2614.3401" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV><FONT size=2>Ian Glazier's WSH flash-mail:</FONT></DIV>
<DIV style="MARGIN-RIGHT: 0px"><FONT size=2>Subject: WSH v2 Beta 2
Update</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=+0>*** WSH News Flash ***<BR><BR>Security fix for ActiveX
controls marked 'Safe For Scripting' that shouldn't be.<BR><BR>Read about it
here...<BR><A
href="http://www.microsoft.com/Security/Bulletins/ms99-032.asp";>http://www.microsoft.com/Security/Bulletins/ms99-032.asp</A><BR><BR>Download
it from here...<BR><A
href="ftp://ftp.microsoft.com/peropsys/IE/IE-Public/Fixes/usa/Eyedog-fix/x86/q240308.exe";>ftp://ftp.microsoft.com/peropsys/IE/IE-Public/Fixes/usa/Eyedog-fix/x86/q240308.exe</A><BR><BR><EM><Check
out this Mind article that mentions the microsoft.public.scripting.wsh newsgroup
and<BR>quotes comments made by Peter (don't quote me) Torr!><BR></EM><A
href="http://www.wired.com/news/news/technology/story/21524.html";>http://www.wired.com/news/news/technology/story/21524.html</A><BR><BR>Regards,<BR>Ian<BR>WSH
FAQ http://wsh.glazier.co.nz<BR><BR><FONT
size=2><STRONG>Just received Ian's update mail,
and w</STRONG></FONT></FONT><FONT size=2><STRONG>hile we are at the
subject, here below is this Mind-article's</STRONG></FONT></DIV>
<DIV><FONT size=2><STRONG>contents and also Peter Torr's message
</STRONG></FONT><STRONG><FONT size=2>to the <A
href="news:microsoft.public.scripting.wsh";>news:microsoft.public.scripting.wsh</A> </FONT></STRONG><STRONG><FONT
size=2>newsgroup</FONT></STRONG><STRONG><FONT size=2>. </FONT></STRONG></DIV>
<DIV><BR><FONT size=2><STRONG>Regards,<BR>Ton Maas<BR><A
href="mailto:ms-irb@xxxxxxxxxxxxxxxx";>ms-irb@xxxxxxxxxxxxxxxx</A><BR>Dismiss the
".nospam" bit (including the dot) when replying and<BR>note the new address
change. Also for my Homepage<BR><A
href="http://home.planet.nl/~anthmaas";>http://home.planet.nl/~anthmaas</A></STRONG></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face="Arial, Helvetica, sans-serif"><FONT
face="Arial, Helvetica, sans-serif"
size=2>========================================================</FONT></FONT></DIV>
<DIV><FONT size=2><FONT face="Arial, Helvetica, sans-serif" size=2><FONT
face="Arial, Helvetica, sans-serif" size=3></FONT></FONT></FONT> </DIV>
<DIV><FONT size=2><FONT face="Arial, Helvetica, sans-serif" size=2><FONT
face="Arial, Helvetica, sans-serif" size=3><B>Hits Keep On Coming Against
MS</B><BR><FONT face="Verdana, Arial, Geneva, sans-serif" size=1><B>by <A
href="mailto:declan@xxxxxxxxx";>Declan McCullagh</A> </B></FONT><BR><BR><FONT
color=#ff0000 face="Verdana, Arial, Geneva, sans-serif"
size=1>2:45 p.m. 31.Aug.99.PDT</FONT><BR><!-- START_OF_BODY --><FONT
face="Verdana, Arial, Geneva, sans-serif" size=2>Some experts have have long
argued that MS Windows was inherently insecure, but now a Microsoft manager has
confirmed it. </DIV>
<P>It all started in a technical discussion forum during last week's parade of
security flaws in Windows products that were uncovered by outside experts.
<P>
<HR noShade>
<DIV><FONT face="Verdana, Arial, Geneva, sans-serif"
size=2><B><I>Also:</I></B></FONT> <BR><A
href="http://www.wired.com/news/news/politics/story/21525.html";>Hotmail
Scofflaw? No Worries</A> <BR><A
href="http://www.wired.com/news/news/technology/story/21506.html";>Hotmail
Fallout: A Mere Trickle</A> <BR><A
href="http://www.wired.com/news/news/technology/story/21503.html";>Hotmail
Hackers: 'We Did It'</A> <BR><A
href="http://www.wired.com/news/news/business/story/21490.html";>Hotmail Accounts
Exposed to All</A> <BR><A
href="http://www.wired.com/news/news/politics/story/21498.html";>Want Security?
Forget Web Mail</A> <BR><A
href="http://www.wired.com/news/news/technology/story/21495.html";>Did MS Dig Its
Hotmail Hole?</A> </A></DIV>
<HR noShade>
<P>
<P>Security experts identified some of the problems during presentations at the
Usenix
convention last week in Washington.
<P>One, unearthed by Bulgarian bug expert <A
href="http://www.wired.com/news/news/technology/story/14874.html";>Georgi
Guninski</A>, lets hackers insert malicious programs into a victim's hard drive.
Another, <A
href="http://www.wired.com/news/news/technology/story/http//www.wired.com/news/news/technology/story/21459.html";>reported</A>
by Wired News, lets an attacker take control of a PC by sending an email
message.
<P>On the Usenet discussion group microsoft.public.scripting.wsh, the reaction
was fast and furious.
<P>One participant complained that Microsoft's ActiveX scripting technology was
so flaky that it was a time bomb waiting to explode.
<P>"ActiveX in general, and ActiveX over the Web in particular, were never
designed for anything at all, but are merely the final stages of a bomb which
has been ticking in Microsoft's foundations," the poster wrote.
<P>It should be noted, though, that the poster was comparing ActiveX to Java and
Perl-5, which were designed specifically with safety in mind.
<P>A few posts later, Peter Torr, MS Windows Script program manager, joined the
fray. He defended MS Windows NT as an operating system that's "generally
considered" less prone to break-ins than either Unix or Linux.
<P>But what about Windows 95 or 98, used by millions of customers worldwide?
<P>"If you're talking about Windows 9x, forget it," Torr <A
href="http://x31.deja.com/getdoc.xp?AN=518053044&search=thread&CONTEXT=936124443.892207173&HIT_CONTEXT=936124443.892207173&HIT_NUM=1&hitnum=4";>wrote</A>.
"No one ever (seriously) claimed that it was secure."
<P>But Windows fans shouldn't rush en masse to defenestrate those buggy PCs --
yet.
<P>On Tuesday, Microsoft <A
href="http://www.microsoft.com/security/bulletins/MS99-032.asp";>released a
patch</A> that it said repaired "security vulnerabilities" in two ActiveX
programs included with Windows. Anyone who knows enough about the technology can
use those glitches to seize control of a PC through email or a Web page.
<P>Microsoft could not be immediately reached for comment. <BR><BR><FONT
face="Verdana, Arial, Geneva, sans-serif" size=2><B><I>Related Wired
Links:</I></B></FONT><BR><IMG height=10
src="http://static.wired.com/news/images/pix155.gif"; width=155><BR><FONT
face="Arial, Helvetica, sans-serif" size=2><B><A
href="http://www.wired.com/news/news/technology/story/21459.html";>'A Flaw Worse
Than Melissa'</A></B></FONT><BR><FONT color=#ff0000
face="Verdana, Arial, Geneva, sans-serif"
size=1>26.Aug.99</FONT><BR><BR><FONT face="Arial, Helvetica, sans-serif"
size=2><B><A
href="http://www.wired.com/news/news/business/story/18617.html";>Hotel
Hotmail</A></B></FONT><BR><FONT color=#ff0000
face="Verdana, Arial, Geneva, sans-serif"
size=1>22.Mar.99</FONT><BR><BR><FONT face="Arial, Helvetica, sans-serif"
size=2><B><A
href="http://www.wired.com/news/news/technology/story/15112.html";>Hotmail Bug,
Still an Open Book?</A></B></FONT><BR><FONT color=#ff0000
face="Verdana, Arial, Geneva, sans-serif"
size=1>21.Sep.98</FONT><BR><BR><FONT face="Arial, Helvetica, sans-serif"
size=2><B><A
href="http://www.wired.com/news/news/technology/story/14751.html";>Another
Freemail Security Flaw</A></B></FONT><BR><FONT color=#ff0000
face="Verdana, Arial, Geneva, sans-serif"
size=1>31.Aug.98</FONT><BR><BR><FONT face="Arial, Helvetica, sans-serif"
size=2><B><A
href="http://www.wired.com/news/news/technology/story/14701.html";>Microsoft
Rights Hotmail</A></B></FONT><BR><FONT color=#ff0000
face="Verdana, Arial, Geneva, sans-serif"
size=1>27.Aug.98</FONT><BR><BR><FONT face="Arial, Helvetica, sans-serif"
size=2><B><A
href="http://www.wired.com/news/news/technology/story/14617.html";>Hotmail Open
to Script Attacks</A></B></FONT><BR><FONT color=#ff0000
face="Verdana, Arial, Geneva, sans-serif"
size=1>24.Aug.98</FONT><BR><BR></FONT><!-- END_OF_BODY --><BR><BR><!-- start of newsbot query --><!-- generic newsbot text --></B><FONT
face="Verdana, Arial, Geneva, sans-serif" size=2><I>
<P>Have a comment on this article?<BR><A
href="mailto:newsfeedback@xxxxxxxxx";>Send it</A>.</I></FONT> <!-- end generic newsbot text --><!-- end of newsbot query --><!-- FOOTER --><BR><IMG
alt=[] border=0 height=10 src="http://static.wired.com/news/images/pix155.gif";
useMap=#navstrip.map width=155> <BR><IMG alt=[] border=0 height=17
src="http://static.wired.com/news/images/navstrip_tech.gif"; useMap=#navstrip.map
width=126><BR><BR>
<P><FONT face="Verdana, Arial, Geneva, sans-serif" size=1><A
href="http://www.wired.com/news/feedback.html"; target=_top>Send us
feedback</A> | <A href="http://www.hotwired.com/jobs/"; target=_top>Work at
Wired Digital</A> | <A href="http://home.wired.com/advertising/";
target=_top>Advertise with us</A> <BR><A href="http://home.wired.com/";
target=_top>About Wired Digital</A> | <A
href="http://www.wired.com/home/digital/privacy/"; target=_top>Our Privacy
Policy</A></FONT></P>
<P><FONT face="Verdana, Arial, Geneva" size=1><A
href="http://www.wired.com/home/copyright.html"; target=_top>Copyright</A> ©
1994-99 Wired Digital Inc. All rights reserved.</FONT></P>
<P><BR> </P><!-- TRACKING --></FONT></FONT></FONT><FONT
face="Arial, Helvetica, sans-serif" size=2></FONT>
<DIV><FONT
size=2>========//////////////////////================//////////////////////=========</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>
<TABLE border=0 cellPadding=0 cellSpacing=2 width="100%">
<TBODY>
<TR>
<TD align=left vAlign=top><FONT face=geneva,arial size=1><FONT
color=#999999><B>>></B> Community</FONT> </FONT></TD>
<TD align=right rowSpan=4 vAlign=top>
<TABLE border=0 cellPadding=0 cellSpacing=0>
<TBODY>
<TR>
<TD colSpan=2><IMG border=0 height=25
src="http://g.deja.com/gifs/prev_s_x.gif"; width=132></TD></TR>
<TR>
<TD><A
href="http://x31.deja.com/getdoc.xp?AN=516856112&search=thread&CONTEXT=936124443.892207173&HIT_CONTEXT=936124443.892207173&HIT_NUM=1&hitnum=3";><IMG
alt="Previous in Search" border=0 height=19
src="http://g.deja.com/gifs/prev_t.gif"; width=66></A></TD>
<TD><A
href="http://x31.deja.com/getdoc.xp?AN=517295921&search=thread&CONTEXT=936124443.892207173&HIT_CONTEXT=936124443.892207173&HIT_NUM=1&hitnum=5";><IMG
alt="Next in Search" border=0 height=19
src="http://g.deja.com/gifs/next_t.gif"; width=66></A></TD></TR>
<TR>
<TD colSpan=2><IMG border=0 height=24
src="http://g.deja.com/gifs/next_s_x.gif";
width=132></TD></TR></TBODY></TABLE></TD></TR>
<TR>
<TD align=left vAlign=top><FONT face=geneva,arial size=1>
<FONT color=#ff6600><B>>></B></FONT> <A
href="http://www.deja.com/topics_if.xp?search=topic&group=microsoft.public.scripting.wsh&GRPP=936124443.892207173&title=Related&query=";>Forum</A>:
<B>microsoft.public.scripting.wsh</B> </FONT><BR></TD></TR>
<TR>
<TD align=left vAlign=top><FONT face=geneva,arial
size=1> <FONT
color=#ff6600><B>>></B></FONT> <A
href="http://x31.deja.com/viewthread.xp?AN=518053044&search=thread&svcclass=dncurrent&ST=PS&CONTEXT=936124443.892207173&HIT_CONTEXT=936124443.892207173&HIT_NUM=1&REDO=1&recnum=%3cO8CIUjP8%23GA.227@xxxxxxxxxxx%3e%231/1&group=microsoft.public.scripting.wsh&frpage=getdoc.xp&back=clarinet";>Thread</A>:
<B>Using Web and ActiveX to Destroy a System </B></FONT></TD></TR>
<TR>
<TD align=left bgColor=#000000 vAlign=top><FONT face=geneva,arial
size=1> <FONT color=#ff6600
size=2><B>>></B></FONT> <FONT color=#ffffff size=3><B>Message 5 of
21</B></FONT></FONT></TD></TR>
<TR>
<TD><FONT size=1> </FONT></TD></TR></TBODY></TABLE>
<TABLE border=0 cellPadding=0 cellSpacing=2 width="100%">
<TBODY>
<TR vAlign=top>
<TD><FONT face=geneva,arial size=2>Subject:</FONT></TD>
<TD><FONT color=#ff6600 face=geneva,arial size=2><B>Re: Using Web and
ActiveX to Destroy a System </B></FONT></TD></TR>
<TR vAlign=top>
<TD><FONT face=geneva,arial size=2>Date:</FONT></TD>
<TD><FONT face=geneva,arial size=2>1999/08/27</FONT></TD></TR>
<TR vAlign=top>
<TD><FONT face=geneva,arial size=2>Author:</FONT></TD>
<TD><FONT face=geneva,arial size=2><B>Peter Torr \(MS\)</B> <<A
href="mailto:ptorr@xxxxxxxxxxxxx";>ptorr@xxxxxxxxxxxxx</A>></FONT></TD></TR>
<TR>
<TD></TD>
<TD vAlign=top><FONT face=geneva,arial size=1><NOBR> <A
href="http://www.deja.com/profile.xp?author=%22Peter%20Torr%20%5c(MS%5c)%22%20%3cptorr@xxxxxxxxxxxxx%3e&ST=PS">Posting
History</A> </FONT></NOBR></TD>
<TD align=right><A
href="http://www.deja.com/post.xp?NG=microsoft.public.scripting.wsh&SUB=Re:%20Using%20Web%20and%20ActiveX%20to%20Destroy%20a%20System%20&REF=%3cO8CIUjP8%23GA.227@xxxxxxxxxxx%3e&AN=518053044&go=00315f00141df51431ec9961c4d6c7a5f068a4ae704e4ddc17b0484dd56b977ae8d17523a91a9b7d939f583763aa557acf870670eea2e7603f7ba2d39cd4a4ebba55a3161973a2492c8e049f9134c7c8ee180238030078729141f247490c9e306e7745b1ef33a6e3fb39404a774b84553ff021793fe81885aa439477fe8fb24607ccb350920b903fd76dfadf617fb5989f9706ef5fdd6f4d";><IMG
align=right alt="Post Reply" border=0 height=18 hspace=2
src="http://g.deja.com/gifs/post_r.gif"; width=90></A> </TD></TR></TBODY></TABLE>
<TABLE border=0 cellPadding=5 cellSpacing=2 width="100%">
<TBODY>
<TR>
<TD bgColor=#eeeeee><FONT face=geneva,arial size=2></FONT>
<P><FONT face=geneva,arial size=2>Westerner <<A
href="http://www.deja.com/profile.xp?author=Westerner@xxxxx&ST=QS";>Westerner@xxxxx</A>>
wrote in message<BR><FONT color=#666600>news:<A
href="http://www.deja.com/profile.xp?author=MPG.122ce68f8421917f989723@xxxxxxxxxxxx&ST=QS";>MPG.122ce68f8421917f989723@xxxxxxxxxxxx</A>...<BR>>
That problem, I believe, is not a question of a given human error in
the<BR>> manual marking of a given component as safe or unsafe. It is a
question<BR>> of immediately and automatically marking every component,
by every<BR>> vendor, as unsafe, until it can be proven safe, by
rigorous computer-<BR>> science and software-engineering
methods.<BR></FONT> <BR>I don't quite understand this paragraph.
Given IE's default settings, everything *is* considered unsafe, and you
are asked if you want to accept a control. If you click on the checkbox
that says "always accept code from X" then you are moving all
responsibility onto the control manufacturers, and being human, they
sometimes make mistakes. Then again, sometimes they do it deliberately (as
*appears* to have happened with the Compaq and HP
controls).<BR> <BR><FONT color=#666600>> From Day One till now,
Microsoft has always ignored the lessons of<BR>> serious OS and
language design, with regard to such concepts as process-<BR>> level
and object-level operation masks -- lessons which go back before<BR>>
Unix, before VMS, all the way back to the System 360, the Burroughs
5500,<BR>> and the Jovial language.<BR></FONT> <BR>Again, I'm not
an expert on Windows NT's security model, but I believe it is generally
considered better than Unix's model.<BR> <BR><FONT color=#666600>>
The promiscuous overwriting of system DLLs by application installers
is<BR>> bad enough. Now we are expected to dynamically install
black-box ActiveX<BR>> components by relying on there own claims that
they're "signed" and<BR>> "safe". To me, these are not components, but
patches, and so are all the<BR>> frantic attempts to fix the
fundamental flaws in the architecture itself.<BR></FONT> <BR>I don't
see how downloading, say, Macromedia FLASH can be seen as a "patch". What
do you mean by the "fundamental flaws" in the architecture? If you're
talking about Windows 9x, forget it. No one ever (<B>seriously</B>)
claimed that it was secure.<BR> <BR>Peter<BR> <BR><FONT
face=courier size=2>--<BR>Peter J. <B>Torr</B> - Microsoft Windows Script
Program Manager<BR><A
href="http://www.deja.com/profile.xp?author=ptorr@xxxxxxxxxxxxx&ST=QS";>ptorr@xxxxxxxxxxxxx</A>
- <A
href="http://msdn.microsoft.com/scripting/";>http://msdn.microsoft.com/scripting/</A><BR>Please
do not e-mail me with questions - post them to this<BR>newsgroup instead.
Thankyou!<BR></FONT></FONT></P></TD></TR></TBODY></TABLE>
<P>
<TABLE border=0 cellPadding=5 cellSpacing=0 width="96%">
<TBODY>
<TR>
<TD vAlign=top><FONT face=geneva,arial size=1><A
href="http://www.deja.com/trackthread.xp?query=Re:%20Using%20Web%20and%20ActiveX%20to%20Destroy%20a%20System%20&wp_query=ST%3dQS%26recnum%3d%253cO8CIUjP8%2523GA.227@xxxxxxxxxxx%253e%26HIT_NUM%3d1%26ageweight%3d0%26search%3dthread%26query%3dRe:%2520Using%2520Web%2520and%2520ActiveX%2520to%2520Destroy%2520a%2520System%2520%26server%3ddb99p6x%26HT%3d0%26maxhits%3d0%26RN%3d0%26AN%3d518053044%26hitnum%3d4%26URN%3d518053044%26agesign%3d0&return_to=http://x31.deja.com/getdoc.xp%3fAN%3d518053044%26search%3dthread%26CONTEXT%3d936124443.892207173%26HIT_CONTEXT%3d936124443.892207173%26HIT_NUM%3d1%26hitnum%3d4";><FONT
size=2><B>Track this thread for me</B></FONT></A><FONT
size=1><BR></FONT><BR><A
href="http://www.deja.com/subng.xp?group=microsoft.public.scripting.wsh&go=00315f00141df51431ec9961c4d6c7a5f068a4ae704e4ddc17b0484dd56b977ae8d17523a91a9b7d939f583763aa557acf870670eea2e7603f7ba2d39cd4a4ebba55a3161973a2492c8e049f9134c7c8ee180238030078729141f247490c9e306e7745b1ef33a6e3fb39404a774b84553ff021793fe81885aa439477fe8fb24607ccb350920b903fd76dfadf617fb5989f9706ef5fdd6f4d";>Subscribe</A>
to <B>microsoft.public.scripting.wsh</B></A> <BR><A
href="http://www.deja.com/maf_enter.xp?SUB=Re:%20Using%20Web%20and%20ActiveX%20to%20Destroy%20a%20System%20&AN=518053044&DBS=2&continue=http://x31.deja.com/getdoc.xp%3fAN%3d518053044%26search%3dthread%26CONTEXT%3d936124443.892207173%26HIT_CONTEXT%3d936124443.892207173%26HIT_NUM%3d1%26hitnum%3d4";>Mail
this message to a friend</A> <BR><A
href="http://www.deja.com/getdoc.xp?AN=518053044&fmt=text";>View
original Usenet format</A> <BR><A
href="http://www.deja.com/linkback.xp?act=f&res_type=message&res_title=Re:%20Using%20Web%20and%20ActiveX%20to%20Destroy%20a%20System%20&res_url=http://www.deja.com/threadmsg_ct.xp%3fAN%3d518053044";>Create
a custom link to this message from your own Web site</A><BR></FONT></TD>
<TD align=middle vAlign=top><A
href="http://www.deja.com/post.xp?NG=microsoft.public.scripting.wsh&SUB=Re:%20Using%20Web%20and%20ActiveX%20to%20Destroy%20a%20System%20&REF=%3cO8CIUjP8%23GA.227@xxxxxxxxxxx%3e&AN=518053044&go=00315f00141df51431ec9961c4d6c7a5f068a4ae704e4ddc17b0484dd56b977ae8d17523a91a9b7d939f583763aa557acf870670eea2e7603f7ba2d39cd4a4ebba55a3161973a2492c8e049f9134c7c8ee180238030078729141f247490c9e306e7745b1ef33a6e3fb39404a774b84553ff021793fe81885aa439477fe8fb24607ccb350920b903fd76dfadf617fb5989f9706ef5fdd6f4d";><FONT
face=geneva,arial><B>Post Reply</B></FONT></A> </TD></TR></TBODY></TABLE>
<P><FONT face=geneva,arial size=2>
<P>
<TABLE cellPadding=0 cellSpacing=0 width="100%">
<TBODY>
<TR align=right>
<TD><FONT face=geneva,arial size=2><B><FONT color=#ff6600
size=3><<</FONT> <A
href="http://x31.deja.com/getdoc.xp?AN=516856112&search=thread&CONTEXT=936124443.892207173&HIT_CONTEXT=936124443.892207173&HIT_NUM=1&hitnum=3";>Previous
in thread</B></A> · <B><A
href="http://x31.deja.com/getdoc.xp?AN=517295921&search=thread&CONTEXT=936124443.892207173&HIT_CONTEXT=936124443.892207173&HIT_NUM=1&hitnum=5";>Next
in thread</A> <FONT color=#ff6600 size=3>>></FONT></B>
</FONT></TD></TR></TBODY></TABLE></FONT><!-- second stage content : end --><!-- search again : begin -->
<P>
<TABLE bgColor=#cccc66 border=0 cellPadding=2 cellSpacing=0 width="100%"
margineheight="1" marginewidth="1">
<FORM action=http://www.deja.com/dnquery.xp>
<TBODY>
<TR><INPUT name=DBS type=hidden value=2>
<TD bgColor=#000000>
<CENTER><FONT color=#ff6600 face=geneva,arial size=2><B>Search
Discussions</B></FONT></CENTER></TD>
<TD><FONT color=#000000 face=geneva,arial size=1> For a more
detailed search go to <A
href="http://www.deja.com/home_ps.shtml?QRY=microsoft.public.scripting.wsh%20torr%20seriously";>Power
Search</A></FONT></TD></TR>
<TR>
<TD align=right vAlign=top><FONT face=geneva,arial size=1><B>Search only
in:</B></FONT></TD>
<TD vAlign=top><FONT face=geneva,arial size=1><INPUT name=groups
type=radio value=microsoft.public.scripting.wsh>
microsoft.public.scripting.wsh<BR><INPUT CHECKED name=groups type=radio
value=""> All Deja.com</FONT> </TD></TR>
<TR>
<TD align=right vAlign=top><FONT face=geneva,arial size=2><B>Search
for:</B></FONT></TD>
<TD vAlign=top><INPUT name=QRY size=35
value="microsoft.public.scripting.wsh torr seriously"> <INPUT type=submit value=Search> <BR><NOBR><FONT face=geneva,arial
size=1>Search <SELECT name=svcclass> <OPTION selected
value=dncurrent>recent<OPTION value=dnold>past<OPTION
value=dnserver>all</OPTION></SELECT> Messages</FONT></NOBR>
</TD></TR></TBODY></FORM></TABLE></FONT><FONT
face="Arial, Helvetica, sans-serif" size=2></FONT></P></DIV>
<DIV><FONT face="Arial, Helvetica, sans-serif"
size=2>==============//////////////////====================////////////////////==================</FONT></DIV>
<DIV><FONT size=2><FONT face="Arial, Helvetica, sans-serif"
size=3></FONT></FONT> </DIV>
<DIV><FONT size=2><FONT face="Arial, Helvetica, sans-serif" size=3><B>'A Flaw
Worse Than Melissa'</B><BR><FONT face="Verdana, Arial, Geneva, sans-serif"
size=1><B>by Declan McCullagh
</B></FONT><BR><BR><FONT color=#ff0000 face="Verdana, Arial, Geneva, sans-serif"
size=1>4:50 p.m. 26.Aug.99.PDT</FONT><BR><!-- START_OF_BODY --><FONT
face="Verdana, Arial, Geneva, sans-serif" size=2>WASHINGTON -- A team of
computer scientists has discovered a bug in tens of millions of Microsoft
Windows computers that lets an attacker take control of a PC by sending an email
message. </DIV>
<P>The security hole, present in most copies of Windows 95 and all versions of
Windows 98, would allow a malcontent to conceal malicious computer code in an
email message or Web page that can surreptitiously modify files, reformat a hard
drive, or execute any DOS command.
<P>
<CENTER>
<HR noShade>
See also: <A
href="http://www.wired.com/news/news/technology/story/21456.html";>Swatting Down
the Win 98 Bug</A>
<HR noShade>
</CENTER>
<P>
<P>"It's the Melissa virus, but even worse," says <A
href="http://www.cs.rice.edu/~dwallach/";>Dan Wallach</A>, an assistant professor
of computer science at Rice University who is one of the team members. "The
Melissa virus required someone to click 'OK.' This doesn't."
<P>Microsoft has acknowledged the backdoor. This week, after the researchers
contacted the company, it released an <A
href="http://www.microsoft.com/Security/Bulletins/MS99-031.asp";>upgraded
version</A> of its Java virtual machine that fixes the problem.
<P>But the tens of millions of Windows users who have not downloaded the patch
and have not disabled Java remain vulnerable to anyone who knows the technical
details of the bug.
<P>At risk are Windows users who read email using programs like Outlook, Outlook
Express, and Qualcomm's Eudora that use Microsoft's viewing software and have
fairly recent versions of its Java virtual machine. A Trojan Horse sent via
email will be executed as soon as the message is viewed -- without any
prompting.
<P>Web browsing with Internet Explorer 4.0 and 5.0 can be dangerous if users
click on a Web site with malicious Java -- but Netscape's browsers are immune.
"If you use Navigator, you're not vulnerable to this attack," says Rice
University's Wallach.
<P>Other members of the team include <A
href="http://www.cs.princeton.edu/~ddean/";>Drew Dean</A> and <A
href="http://www.cs.princeton.edu/~balfanz/";>Dirk Balfanz</A> of Xerox PARC, and
Princeton computer science professor <A
href="http://www.cs.princeton.edu/~felten/";>Ed Felten</A>, best known for his
testimony as the government's technical expert in the Microsoft antitrust case.
<P>All are current or former members of Princeton's <A
href="http://www.cs.princeton.edu/sip/";>Secure Internet Programming group</A>,
which has revealed many security vulnerabilities in Java implementations over
the last four years.
<P>This attack works by repeatedly sending a specific message to a Java thread,
exploiting what computer scientists call a race condition. Usually, Microsoft's
Java virtual machine does the right thing by barring a program from executing
dangerous functions.
<P>But the attacking program the researchers showed to Wired News doesn't give
up. Each try takes scant milliseconds, and in less than a second, the Java VM's
security is toast. Thanks to that programming flaw in Microsoft's Java class
library, the hostile Java program has full system privileges and can,
essentially, do whatever it wants.
<P>The four-person team of security researchers jointly unearthed the
vulnerability during a brainstorming session last month at Dean's home in Palo
Alto, California. "It began with looking at a piece of Microsoft code and
saying, 'That's sloppy!'" says Wallach, who says the team will not release the
source code of the Java program that exploits the vulnerability.
<P>After the researchers tipped off Microsoft last Thursday evening, the company
quickly scrambled to fix the error. "At that point we had to find the developers
and call a conference and get to writing the code and testing it to verify we
fixed it," said John Montgomery, MS product manager.
<P>"It doesn't just happen to us. If you look at <A
href="http://www.cert.org/";>CERT</A> [Computer Emergency Response Team], most of
the advisories posted are for Unix.... Building sophisticated software is hard.
Giving people a rich user experience means you're going to run into situations
where that can be abused," Montgomery said.
<P>A Microsoft <A
href="http://www.microsoft.com/Security/Bulletins/MS99-031faq.asp";>security
bulletin</A> says the glitch lets anyone "create, delete or modify files on the
user's computer, reformat the hard drive, copy data to or from a Web page, or
take other desired action."
<P>A Microsoft spokesman stressed that the company had made the patch available
on its Web site within a few days.
<P>The original glitch seems to originate in the Java code provided by Sun to
companies including Microsoft. Security experts say Sun and Netscape have
already fixed the problem in their Java VM implementations.
<P>To disable Java in Outlook, go to the Security tab in the "Outlook Options"
dialog box and select "restricted sites zone." Then, in the Windows control
panel "Internet Options," go to "Restricted sites/Custom level" and scroll down
and "Disable Java."
<P>Users of Unix, Linux, and Macintosh computers are not affected. <BR><BR><FONT
face="Verdana, Arial, Geneva, sans-serif" size=2><B><I>Related Wired
Links:</I></B></FONT><BR><IMG height=10
src="http://static.wired.com/news/images/pix155.gif"; width=155><BR><FONT
face="Arial, Helvetica, sans-serif" size=2><B><A
href="http://www.wired.com/news/news/business/story/21442.html";>Locking Windows'
Backdoors</A></B></FONT><BR><FONT color=#ff0000
face="Verdana, Arial, Geneva, sans-serif"
size=1>26.Aug.99</FONT><BR><BR><FONT face="Arial, Helvetica, sans-serif"
size=2><B><A
href="http://www.wired.com/news/news/technology/story/20916.html";>Same Hole,
Different Exploit</A></B></FONT><BR><FONT color=#ff0000
face="Verdana, Arial, Geneva, sans-serif"
size=1>23.Jul.99</FONT><BR><BR><FONT face="Arial, Helvetica, sans-serif"
size=2><B><A
href="http://www.wired.com/news/news/technology/story/19160.html";>Another
Privacy Hole in IE 5.0?</A></B></FONT><BR><FONT color=#ff0000
face="Verdana, Arial, Geneva, sans-serif"
size=1>16.Apr.99</FONT><BR><BR><FONT face="Arial, Helvetica, sans-serif"
size=2><B><A
href="http://www.wired.com/news/news/technology/story/18819.html";>Melissa,
Spawned by Spam</A></B></FONT><BR><FONT color=#ff0000
face="Verdana, Arial, Geneva, sans-serif"
size=1>30.Mar.99</FONT><BR><BR><FONT face="Arial, Helvetica, sans-serif"
size=2><B><A
href="http://www.wired.com/news/news/technology/story/18016.html";>New NT
Security Risk Uncovered</A></B></FONT><BR><FONT color=#ff0000
face="Verdana, Arial, Geneva, sans-serif"
size=1>19.Feb.99</FONT><BR><BR><FONT face="Arial, Helvetica, sans-serif"
size=2><B><A
href="http://www.wired.com/news/news/technology/story/14044.html";>Microsoft
Patches NT Hole</A></B></FONT><BR><FONT color=#ff0000
face="Verdana, Arial, Geneva, sans-serif"
size=1>28.Jul.98</FONT><BR><BR></FONT><!-- END_OF_BODY --><BR><BR><!-- start of newsbot query --><!-- generic newsbot text --></B><FONT
face="Verdana, Arial, Geneva, sans-serif" size=2><I>
<P>Have a comment on this article?<BR><A
href="mailto:newsfeedback@xxxxxxxxx";>Send it</A>.</I></FONT> <!-- end generic newsbot text --><!-- end of newsbot query --><!-- FOOTER --><BR><IMG
alt=[] border=0 height=10 src="http://static.wired.com/news/images/pix155.gif";
useMap=#navstrip.map width=155> <BR><IMG alt=[] border=0 height=17
src="http://static.wired.com/news/images/navstrip_tech.gif"; useMap=#navstrip.map
width=126><BR><BR>
<P><FONT face="Verdana, Arial, Geneva, sans-serif" size=1><A
href="http://www.wired.com/news/feedback.html"; target=_top>Send us
feedback</A> | <A href="http://www.hotwired.com/jobs/"; target=_top>Work at
Wired Digital</A> | <A href="http://home.wired.com/advertising/";
target=_top>Advertise with us</A> <BR><A href="http://home.wired.com/";
target=_top>About Wired Digital</A> | <A
href="http://www.wired.com/home/digital/privacy/"; target=_top>Our Privacy
Policy</A></FONT></P>
<P><FONT face="Verdana, Arial, Geneva" size=1><A
href="http://www.wired.com/home/copyright.html"; target=_top>Copyright</A> ©
1994-99 Wired Digital Inc. All rights
reserved.</FONT><BR><!-- TRACKING --></P></FONT></FONT></BODY></HTML>
</x-html>Content-Type: image/gif;
name="pix155.gif"
Content-Location: http://static.wired.com/news/images/pix155.gif
Attachment Converted: "c:\eudora\attach\pix155.gif"
Content-Type: image/gif;
name="navstrip_tech.gif"
Content-Location: http://static.wired.com/news/images/navstrip_tech.gif
Attachment Converted: "c:\eudora\attach\navstrip_tech.gif"
Content-Type: image/gif;
name="prev_s_x.gif"
Content-Location: http://g.deja.com/gifs/prev_s_x.gif
Attachment Converted: "c:\eudora\attach\prev_s_x.gif"
Content-Type: image/gif;
name="prev_t.gif"
Content-Location: http://g.deja.com/gifs/prev_t.gif
Attachment Converted: "c:\eudora\attach\prev_t.gif"
Content-Type: image/gif;
name="next_t.gif"
Content-Location: http://g.deja.com/gifs/next_t.gif
Attachment Converted: "c:\eudora\attach\next_t.gif"
Content-Type: image/gif;
name="next_s_x.gif"
Content-Location: http://g.deja.com/gifs/next_s_x.gif
Attachment Converted: "c:\eudora\attach\next_s_x.gif"
Content-Type: image/gif;
name="post_r.gif"
Content-Location: http://g.deja.com/gifs/post_r.gif
Attachment Converted: "c:\eudora\attach\post_r.gif"
|
![http://static.wired.com/news/images/pix155.gif"](http://static.wired.com/news/images/pix155.gif"){kind=link}
![http://static.wired.com/news/images/navstrip_tech.gif"](http://static.wired.com/news/images/navstrip_tech.gif"){kind=link}
![http://g.deja.com/gifs/prev_s_x.gif"](http://g.deja.com/gifs/prev_s_x.gif"){kind=link}
![http://g.deja.com/gifs/prev_t.gif"](http://g.deja.com/gifs/prev_t.gif"){kind=link}
![http://g.deja.com/gifs/next_t.gif"](http://g.deja.com/gifs/next_t.gif"){kind=link}
![http://g.deja.com/gifs/next_s_x.gif"](http://g.deja.com/gifs/next_s_x.gif"){kind=link}
![http://g.deja.com/gifs/post_r.gif"](http://g.deja.com/gifs/post_r.gif"){kind=link}
