Blogs
- Contributing Editor Stuart J. Johnston advises you on how to fix the latest problems affecting your operating system, your browser, your other software, and your hardware.
Subscribe to this blog
Bugs and Fixes
Microsoft recently announced that someone tricked VeriSign, the company that issues digital certificates, into granting two certificates to a person claiming to be a Microsoft employee. That's a bit like allowing someone to steal a police officer's badge--it puts the thief in a position of trust that he or she can abuse.
When you download a program off the Web, its digital certificate guarantees that it comes from the company it says it comes from. Using the stolen certificates, though, a cracker could send you a Trojan horse, a virus, or another nasty piece of code that presents itself as an officially approved Microsoft program.
Microsoft has released a security update to address the problem, and offers a link to the 128KB fix (along with a FAQ section discussing the security breach and related issues).
For Norton AntiVirus users, Symantec says that any virus definitions dated March 23, 2001, or later will detect the two stolen certificates. Similarly, McAfee users are protected with virus definition files dated March 24, 2001, or later.
Hole in Outlook, Outlook Express
Outlook 98, Outlook 2000, and Outlook Express 5.x have a security hole in their VCard capabilities. A VCard stores your business card information in an electronic format. In addition, it permits you to send your contact information to other users as an attachment that they can load into their Outlook and Outlook Express contacts databases--no typing required.
Though it's handy, the VCard technology has a bug that enables a malicious hacker to create a VCard that could crash the user's e-mail program or, worst case, let the attacker take over the user's computer. In this last instance, the bad guy could do anything the user had privileges to do, including reformat the hard drive.
The specific element responsible for this flaw ships as part of Outlook Express and is shared by Outlook. Since IE installs Outlook Express by default, identifying the correct patch for your PC depends on the version of IE you use, not on the version of Outlook you have, according to Microsoft. (To find out which version of IE runs on your system, from within IE select Help, About Internet Explorer.) The attack takes advantage of a buffer overflow error to flood the program with data. Envision a stoppered sink with the water left on. By sending the VCard feature too much info, the hacker can overwhelm Outlook or Outlook Express.
The patch turns off the flow by truncating the length of the character stream that the rigged VCard is trying to pour into the program.
- Page 1 of 3
- Next »
Acer Laptop Center
The Best of PC World
- Great year-end deals

for small business! -
Get 24/7 live remote AT&T Tech Support 360* service along with select Lenovo* PCs (with Intel® Core™ 2 Duo processors) and save up to 200!
-
HP EliteBook* 6930p Notebook with Intel® vPro™ technology and a free HP Basic Docking Station - $641 instant savings!
- *Other names and brands may be claimed as the property of others. ©2009 Intel Corporation. Intel, the Intel logo, vPro and Core trademarks of Intel Corporation in the United States and other countries. All rights reserved.
Dell End of Year Deals
-
Ring in the New Year with Huge Deals on Dell Computers
Up to 30% Popular Dell Laptops, up to 25% off Popular Dell Desktops. Sales ends 12/31 5AM EST.
Focus on Personal Productivitysponsored by Microsoft
- Personal Finance 2.0 These free and fee-based Web services not only aggregate data from your online bank accounts, they give you tools for managing your money.
- High-Tech Travel Tips Plenty of stories provide advice for elite mobile professionals. But what about you, the unproductive traveler?
People who read this also read:
Best Prices on Security Software
Norton Internet Security 2010 - 3 UsersPrice: $26.30
Norton Internet Security 2010 - 3 UserPrice: $26.30
Internet Security 2010Price: $31.89
Norton 360 Version 3.0 - 3 LicensesPrice: $39.99
Norton 360Price: $25.00
Total Protection 2010 - 3 UserPrice: $26.97
All PC World Blogs
- Muvee Reveal Makes It Easy to Turn Footage Into Movies Producing professional-looking movies is simple with template-driven production utility Muvee Reveal.
- Why Can't the Law Get the Crooks? Victor Rodriguez wants to know why law enforcement agencies can’t stop the criminals infecting our PCs
- Make Your CDs and DVDs Look Great With SureThing CD Labeler Deluxe Layout program SureThing CD Labeler Deluxe creates effective DVD/CD labels, case labels and inserts.
- As DDoS Attacks Go, This One's a Dud Key Internet retailers were knocked offline briefly by a would-be Scrooge -- but it couldn't stop the shopping.
- Perfect Printing Solutions Find just the right All-in-One printer for you from HP. Visit the HP Resource Center.
- Lenovo Laptop Showcase Find out how Lenovo IdeaPads and Thinkpads balance performance and portability. Visit the Lenovo Resource Center for more info...
Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage







