 |
| | | August 17, 2003
|
|
|
 |
Sunday, August 17, 2003 |
|
Microsoft "blasted" on security
Weeks after Microsoft released a patch for what some called the most widespread critical software security vulnerability, a fast-replicating worm exploiting the flaw appeared on the Internet. MSBlaster, also known as Blaster and LovSan, takes advantage of a hole in the Remote Procedure Call (RPC) interface in nearly all Windows operating systems.
Microsoft made available an update fixing the vulnerability on July 16, but the Blaster virus infected tens, even hundreds of thousands of unpatched computer systems in mere hours. The author of the worm has included two messages in its code, one of which reads: "Billy Gates why do you make this possible? ... Stop making money and fix your software!!"
Exploiting the RPC flaw, Blaster does not arrive by e-mail and can hardly be detected by an antivirus scanner. It transmits itself via the Trivial File Transfer Protocol (TFTP) and has a hidden payload, which, starting August 16, causes infected computers to flood Microsoft's Windows Update web site -- the primary source for updates for the company's products.
Security researches indicated the Blaster worm has been poorly written, which is most probably the reason for not reaching its infection potential, believed to be in the millions. Modified versions have already sprung up, breeding additional fears more destructive and significantly more effective variants could set the stage for large-scale Internet slowdowns.
On Friday, news broke that an e-mail message containing the Blaster worm has been mimicking a Microsoft e-mail, urging users to run the attached executable file and patch their systems against the threat from Blaster. The software giant warned its customers the message is fake and that the company never sends attached files to its e-mails.
Microsoft and the U.S. Federal Bureau of Investigation (FBI) are working to locate the origins and the author of the virus.
More from: CNET News.com 1 2 3 4 5 | ComputerWorld 1 2 3 | CRN | eWeek 1 2 3 | InternetNews.com 1 2 3 4 | NewsFactor | The Register | Reuters 1 2 3 | VNUNET.com 1 2 3 | The Washington Post 1 2 3
SCO lands first Linux licensee
The SCO Group announced a Fortune 500 company signed up for its Linux intellectual property licensing program. The Utah-based software maker, which claims Linux infringes its UNIX copyrights, did not disclose neither the name of the company, nor the terms of the deal, but noted it expects other corporations to follow suit.
Last week, SCO revealed a program to license Linux customers, precluding them from getting into the heated legal wrangling over Linux intellectual property.
Upping the ante even further, SCO terminated the license of IBM's Sequent unit, which developed the discontinued Dynix/ptx operating system. SCO, which gave IBM a two months notice prior to the termination, charges 148 files, or 168,276 lines of source code, went from Dynix "directly" into the Linux kernel. SCO's lawyers, also attacked the GNU General Public License (GPL), under which Linux is currently being distributed, saying GPL is "preempted" by the U.S. Copyright Act. IBM filed a countersuit against SCO last week, claiming that SCO's voluntary distribution of its own version of Linux under the GPL, deprives the company's allegations of any legitimacy.
More from: CNET News.com 1 2 3 | ComputerWorld 1 2 3 | CRN | eWeek 1 2 | TechNewsWorld | TechWeb | VNUNET.com 1 2 3
In Other News...
 A U.S. federal jury ruled Microsoft has illegally included patented technology in its flagship Internet Explorer browser and ordered the software giant to pay $520.6 million in damages to the University of California and Chicago-based Eolas Technologies Inc. Eolas' chief executive officer, Michael Doyle, claims Microsoft infringed the patents of a technology used to visualize interactive web pages, which he developed while studying at the University of California. In a statement to the press, Microsoft said it would appeal the verdict, retorting the code used in Internet Explorer had been developed by its own software engineers.
Internet search giant Google released version 2.0 of its popular Internet Explorer toolbar, offering users new tools, including pop-up blocking, auto-filling of web forms and one-click blog publishing. The California-based company also announced Calculator, a new feature of its search engine, which allows Google.com visitors to perform swift arithmetic computations and convert various units.
AOL Time Warner Inc. may consider dropping "AOL" from the media conglomerate's name after the chairman of America Online, the company's Internet unit, proposed the idea to the giant's CEO, Richard Parsons. Citing AOL's damaged brand name, Jonathan Miller, AOL's chief executive, said the company should revert its name to Time Warner.
Late on Friday, Microsoft's main web site, microsoft.com, fell victim to a second major Denial-of-Service (DoS) attack in recent weeks. The software maker's web address was completely inaccessible for more than two hours, but the company said the event is unrelated to the currently circulating Blaster worm.
The Free Software Foundation (FSF) has discovered the FTP servers of the GNU Project had been compromised by a hacker. The event apparently occurred sometime in March, but was left unnoticed until recently. FSF believes none of the software stored on GNU's servers had been modified.
|
|
|
|
|
|
| |
