WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
Hackers Pose Threat to Outlook Express
Serious vulnerability in Microsoft's e-mail application could allow messages to bypass virus scanners.
Wendy Brewer, PC Advisor
Antivirus firm Beyond Security has announced a serious vulnerability within Outlook Express that can bypass the SMTP (simple mail transfer protocol) filtering engines used by many companies, including gateway virus scanners, content filters, and firewalls.
Outlook Express allows users to split up sent e-mails, which in turn enables a connecting user to send smaller segments of larger messages in a multiple e-mail.
But the Message Fragment and Reassembly command within Outlook allows anyone, according to Beyond Security, to bypass most of the security restrictions placed on e-mail messages.
Fragmented Messages
As the messages have been fragmented into smaller segments, virus scanners cannot detect them and the recipient will simply receive one large file containing many smaller potentially dangerous e-mails.
"This generic flaw affects all SMTP content filtering software," says Aviram Jenik, Beyond Security chief executive officer. "As virus writers seek increasingly sophisticated methods to disseminate their viruses, e-mail exploits will become a more popular means for doing so."
Security firm GFI has developed an e-mail security testing engine to allow users to test their systems for the vulnerability.
Warning Users
Several antivirus software vendors have warned users that they could be affected.
"We have confirmed that our product InterScan VirusWall 3.5x is affected by the vulnerability," says a TrendMicro spokesperson. "In order to resolve this problem we have released a patch, which can be downloaded from the FTP server."
Users should look for the ISNT Hotfix_build1494_v352_Smtp_case6593.zip hotfix.
Software vendor Symantec admits it has been aware of the potential malicious use of this feature for some time.
"All currently supported Symantec gateway products, by default, block multipart MIME messages at the gateway. It can be disabled if a multipart e-mail is required," says a spokesperson at Symantec. A formal response is due from Symantec on Friday.
"The rejection of segmented e-mails should be part of a company's comprehensive security policy to restrict potential harmful content from the internal network," he adds.
- Sponsored Resource:Improve your network with the right mix of features, performance and pricing.
- Sponsored Resource:Growing your business requires the right tools. Dell's networking servers can help.
- Sponsored Resource:Thinking about a new Laptop? Lenovo has models to meet everyone's needs.
- Sponsored Resource:Twitter: A how-to guide for using Twitter as a business tool.
- Sponsored Resource:Smartphone security threats are on the rise. Is it time to safegaurd your device?
Print 65% more pages than with refilled inks. Trust Original HP Inks. Hit Print Reliably.
Solve Tech Issues Fast
Upgrade to IE 8
Featured APC Accessories For Your System
10% Off Entire Cart at Online Store
-
APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
-
APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.
People who read this also read:
Best Prices on Security Software
Norton Internet Security 2009 - 1 User/3 PCPrice: $34.99
Norton Internet Security 2009 - 1 User/1 PCPrice: $15.95
Norton 360Price: $25.00
Internet Security 2009Price: $15.99
Norton Internet Security 2009 - 1 User/3 PC, Small BoxPrice: $20.50
Internet Security 2009Price: $24.95
-
Cisco Small Business Center Find out how to keep employees mobile, connected and productive with secure wireless networking.
-
Dell Servers for Small Business Click here to see how a Dell server can help you back up your company's data and save you valuable time.
