E-Musings Mon Immorata

ASNine Windows flaw attempts to close stable doors before the horses bolt With my "superior" knowledge of user-lever security and safe practices, I can sit back and wonder anew at just how stupid the average computer user can be. Actually, stupid is incorrect. Sheep-like (aka the herd instinct) is more accurate. Over the past 3 weeks or so, ever since the MyDoom virus began to proliferate, the number of infected junk mail I've received has grown four-fold. I'm even receive mail via forwarding accounts that remain active but havent been used for nearly two years! As well as from people who have read this column and still have a cached copy, complete with email ID, still stashed on their computers. What I'm still unclear about, and haven't been able to gain online wisdom courtesy search engines. Is whether MyDoom-style worms can detect UTF-8 encoded email identities. Unfortunately, the email ID below is not UTF-encoded, so I'm doomed to receive ever more junk mail. What is more critical that one more silly worm are the separate Windows and Internet Explorer vulnerabilities which Microsoft apparently knew about, but managed to suppress so they could work on a patch to resolve the problem. Security vendor eEye Digital Security originally detected the flaw in July 2003 too kept quiet until the patch was fully-tested and certified ready to deploy. An excellent example of responsible computing in this virally-active age. The ASN.1 Vulnerability allows code execution by a remote users. What makes patching your system, workstation or server, critical is that many Windows applications use the ASN sub-layer for root (administrative) level access to the operating system. ASN is also used by SSL-enabled web applications like ActiveX controls. As well as by Windows supposedly high-security Kerberos authentication system. The vulnerability allows a remote user full system privileges that permit installing or removing programs, viewing, editing and deleting data and creating new administrative accounts without the knowledge of the system user.. The flaw affects all variants of Windows NT, Windows 2000, Windows XP, Windows 2003 Server, Windows XP/2003 64-bit versions, Windows XP Tablet PC Edition and Windows XP Media Center Edition. Windows 9x and ME are not affected. According to Microsoft the moment an unauthorized user gains administrative privileges to a Windows system, it is compromised. What they failed to tell us was they left the back door wide open! And the recent leak of Windows 2000 Service Pack-1 source code is going to reveal many more unpatched holes. You can check if your computer running Windows has the flawed library by running "dire c:\msasn1.dll /s" from a command prompt. My computer doesn't have the file present. And Although I don't really need to install this specific update I decided to since its better to be safe than sorry (alter). For the complete details and update download links on the ASN.1 resolution, read Microsoft Security Update MS04-007. In other exciting news this week, Mozilla has revised (again ?) its browser-only component. The newly christened Firefox replaces the previous Firebird version. However, I notice few changes between the new product and Firebird 0.7+ or it's buggy, ill-fated 0.8 successor. If anything Firebird has hopeless resource management that cause CPU utilization on Windows 2000 to rise when you launch the browser as well as every time you open a new tab. And if all this wasn't inefficient enough, overall memory utilization for a single window is worse than IE! Mozilla has also released a revised version of their Thunderbird mail & news client. No surprises here although Thunderbird 0.5 works a bit smoother than earlier builds. But this client is still a long way from becoming an instant Outlook Express replacement. I find its junk mail filtering quite ineffective. I'm no fan of Opera's M2 mail & news client but its ant-spam features are more efficient than Thunderbird's. Opera lovers stay alert as Opera 7.5 Beta Preview 2 is expected sometime this week. It seems some last minute bugs were discovered just before the weekend, and until they are resolved the next update won't be released. I wonder if the ASN.1 vulnerability has anything to do with Opera? Popcorn has finally made it to v1.65. I tested out a copy to see how it compared with my feature-limited 1.40 free version. Overall, Popcorn appears to be trying to become the ultimate lite email client which is a contradiction. It fast becoming bloatware, and the features being included aren't all that necessary. What was great about Popcorn was its complete inability to render HTML scripts, insistence of displaying everything in base ASCII text, with no support for file attachment. In v1.65 you can define which Windows application is used to open and view specific file types. Of course you need to manually enable this feature, but by opening a door the developer is making the app less secure! Finally, if you adopted MyIE2 0.9.16 as fast as I did, you should roll back to an older version like 0.9.13. The x.16 Build is exceeding buggy and cause frequent system lockups. This behaviour is very prevalent if you open pages with Java applets. I keep finding Java VM-generated error logs in my MyIE2 folder. Personally, I wonder if this browser add-on has crossed its ultimate utility level and the quick slide down to oblivion has begun! Click Here to Email Me