Microsoft recently announced that someone tricked VeriSign, the company that issues digital certificates, into granting two certificates to a person claiming to be a Microsoft employee. That's a bit like allowing someone to steal a police officer's badge--it puts the thief in a position of trust that he or she can abuse.
When you download a program off the Web, its digital certificate guarantees that it comes from the company it says it comes from. Using the stolen certificates, though, a cracker could send you a Trojan horse, a virus, or another nasty piece of code that presents itself as an officially approved Microsoft program.
Microsoft has released a security update to address the problem, and offers a link to the 128KB fix (along with a FAQ section discussing the security breach and related issues).
For Norton AntiVirus users, Symantec says that any virus definitions dated March 23, 2001, or later will detect the two stolen certificates. Similarly, McAfee users are protected with virus definition files dated March 24, 2001, or later.
Hole in Outlook, Outlook Express
Outlook 98, Outlook 2000, and Outlook Express 5.x have a security hole in their VCard capabilities. A VCard stores your business card information in an electronic format. In addition, it permits you to send your contact information to other users as an attachment that they can load into their Outlook and Outlook Express contacts databases--no typing required.
Though it's handy, the VCard technology has a bug that enables a malicious hacker to create a VCard that could crash the user's e-mail program or, worst case, let the attacker take over the user's computer. In this last instance, the bad guy could do anything the user had privileges to do, including reformat the hard drive.
The specific element responsible for this flaw ships as part of Outlook Express and is shared by Outlook. Since IE installs Outlook Express by default, identifying the correct patch for your PC depends on the version of IE you use, not on the version of Outlook you have, according to Microsoft. (To find out which version of IE runs on your system, from within IE select Help, About Internet Explorer.) The attack takes advantage of a buffer overflow error to flood the program with data. Envision a stoppered sink with the water left on. By sending the VCard feature too much info, the hacker can overwhelm Outlook or Outlook Express.
The patch turns off the flow by truncating the length of the character stream that the rigged VCard is trying to pour into the program.
- Page 1 of 3
- Next »
Would you recommend this story? YES NO
-
Help Solve the Outlook 'General Failure' E-Mail Error
-
Five Outlook Nightmares (and How to Fix Them)
-
Fixes for Outlook General Failure Error, Unwanted Windows Reboots
-
A Potential Fix for the Outlook 'General Failure' Error
- Bugs and Fixes: Medicine for IE, Outlook, and Windows
-
Microsoft's Fix for Outlook's 'General Failure' Error for E-Mail Links
-
ThinkPad Edge E420 Lenovo Style in an Affordable Package
Buy now direct from Lenovo -
ThinkPad X220 Fast and light, with great input ergonomics and battery life, this powerhouse ultraportable is best-of-breed.
Buy now direct from Lenovo -
ThinkPad X120e One of the best netbooks ever, X120e has the best netbook keyboard ever--nothing else comes close
Buy now direct from Lenovo
- The Cloud, Day 24: Backing Up Your Cloud I have a lot of photos, videos, and other personal information stored on my social networks. Today I explore some options to backup and protect my social media accounts.
- Minecraft Developers Creating a Game in One Weekend Mojang are creating a game in record time this weekend and donating the proceeds to charity.
- Amazon Rockets to Second Place in Tablet Market, iSuppli Says Apple continues to dominate, but Amazon's Kindle Fire is doing very well.
- Mountain Lion Brings Mobile UI to Desktops Apple's latest OS X, Mountain Lion, looks more like iOS than anything.
- 12 Criteria for Selecting the Best ERP System Replacement An ERP system is your information backbone and reaches into all areas of your business and value chain. Replacing it can open unlimited business opportunities. This white paper explains the 12 criteria that allow you to identify and select the solution that will meet these expectations.
- Leveraging Social Computing Technologies for ERP Applications This white paper details how Web 2.0 technologies support business strategies by improving efficiency, productivity, and collaboration.
-
Android Dodges Apple iOS Address Book Debacle: But not by Much
-
Hacker Suspected in Pentagon, NASA Breaches is Arrested
-
Adobe Confirms New Zero-day Flash Bug
-
How to Become an Ethical Hacker
-
Apple: Apps That Take Your Contact Info Are in Violation, Fix Coming Soon
-
FBI Says Social Media Monitoring Won't Infringe Privacy Rights
-
How to Block Websites
-
Is Your Definition of Security Holding You Back?
-
How Do I See Who's Been Using My PC?
-
Piracy Driven by Overseas Film Release Lag Time, Researchers Say
-
Kill Web Trackers Dead
-
Online Dating Sites: Seek Love, Find Privacy Violations
Ad Choices