|
|
ONLINE FEATURES
Book Reviews
BW Video
Columnists
Interactive Gallery
Newsletters
Past Covers
Philanthropy
Podcasts
Special Reports
BLOGS
Auto Beat
Bangalore Tigers
Blogspotting
Brand New Day
Byte of the Apple
Economics Unbound
Eye on Asia
Fine On Media
Green Biz
Hot Property
Investing Insights
Management IQ
NEXT: Innovation
NussbaumOnDesign
Tech Beat
Working Parents
TECHNOLOGY
J.D. Power Ratings
Product Reviews
Tech Stats
Wildstrom: Tech Maven
AUTOS
Home Page
Auto Reviews
Classic Cars
Car Care & Safety
Hybrids
INNOVATION
& DESIGN Home Page Architecture Brand Equity Auto Design Game Room SMALLBIZ Smart Answers Success Stories Today's Tip INVESTING Investing: Europe Annual Reports BW 50 S&P Picks & Pans Stock Screeners Free S&P Stock Report SCOREBOARDS Hot Growth 100 Mutual Funds Info Tech 100 S&P 500 B-SCHOOLS Undergrad Programs MBA Blogs MBA Profiles MBA Rankings Who's Hiring Grads | |
MAY 2, 2005
Your PC's Many Security Holes Computer users, listen up: Here's research outfit SANS Institute's latest list of the most dangerous and widespread vulnerabilities Computer security researchers at the SANS Institute were planning a May 2 release of their tally of major software vulnerabilities for the first three months of the year (see BW Online, 5/2/05, "Probing Your PC's Weak Spots"). Rather than totaling the number of worms or computer viruses affecting businesses and consumers, the SANS researchers detailed the most dangerous and widespread ones: For more detail, see the SANS Institute's Q1-2005 Update. Software: Microsoft Internet Explorer Systems affected: Desktops, laptops, and servers running any version of Windows Vulnerabilities: Five different weaknesses Risk: Computers with these vulnerabilities can have spyware, keystroke loggers, and remote control software installed on their systems when the user visits Web sites that have been programmed to exploit the flaws Software: Microsoft Windows Media Player, Windows Messenger, and MSN Messenger Systems affected: Windows desktops and laptops Vulnerability: A flaw in PNG File Processing, a format for digital images Risk: These vulnerabilities enable computers to be taken over if the user downloads a malicious media file from a Web site or opens a malicious picture while using MSN or Windows Messenger Software: Microsoft Windows XP Service Pack 1 and 2, Windows 2000 Service Pack 3 and 4, and Windows Server 2003 Systems affected: Laptops, desktops, and servers on Windows networks Vulnerability: Microsoft Server Message Block (SMB), a protocol for file access on networks Risk: Computers with this vulnerability can be completely compromised by an attacker running a malicious server Software: Microsoft Windows Server 2003, Windows 2000 Server Service Pack 3 and 4, Windows NT Server 4.0 Service Pack 6a, and NT Terminal Server Edition Service Pack 6 Systems affected: Servers on Windows networks Vulnerability: Windows License Logging Service Overflow, a variation on an old trick that allows a hacker to hide malicious computer codes Risk: This vulnerability allows computers to be taken over by a malicious user who sends special packets to the machine Software: Windows NT and Windows 2000 (SP2 or earlier) Domain Name Service servers; Symantec Gateway Security, Enterprise Firewall, and VelociRaptor Products Systems affected: Directly, certain servers running address-resolution service; indirectly, any computer on the network using the service Vulnerability: DNS Cache Poisoning, which means a hacker has infected the servers that tell computers on a network how to find Web servers. (Note: This vulnerability didn't affect the big authoritative DNS servers but rather the local server caches, typically on LANs, that actually handle the bulk of DNS requests) Risk: Attackers can direct users to malicious Web sites. These sites, in turn, can exploit Internet Explorer vulnerabilities to install spyware programs Software: Antivirus Products from Symantec, F-Secure, Trend Micro, and McAfee Systems affected: Desktops, laptops, and servers running certain antivirus software Vulnerability: Buffer overflows, a method hackers use that gets computers to execute code disguised as data Risk: Remote attackers can take control of computers running these security products Software: RealPlayer, iTunes, and WinAmp Media Players Systems affected: Desktops and laptops Vulnerability: Buffer overflows Risk: Users of these applications can be infected by simply visiting a Web site that has been tainted with malicious code Software: Oracle Database Server, Application Server, E-business Suite, and Collaboration Suite Systems affected: Multiple Oracle servers Vulnerability: Flaws patched in Oracle's January 2005 Critical Patch Update Risk: Remote hackers can possibly exploit these flaws to gain control of databases and get access to information Software: Computer Associates products running License Manager Systems affected: Computers running Computer Associates software Vulnerability: CA License Package Buffer Overflow Risk: Remote users can take control of computers running various CA products Data: SANS Institute  By Stephen H. Wildstrom
BW MALL
SPONSORED LINKS
Buy a link now!Get BusinessWeek directly on your desktop with our RSS feeds.  Add BusinessWeek news to your Web site with our headline feed. Click to buy an e-print or reprint of a BusinessWeek or BusinessWeek Online story or video. To subscribe online to BusinessWeek magazine, please click here. Learn more, go to the BusinessWeekOnline home page  | | |
 Copyright 2005, Bloomberg L.P.Terms of Use | Privacy Notice |
Printer-Friendly Version
