Hyper-Threading Vulnerability

Hyper-Threading technology, built into some Intel Pentium 4 central processing unit (CPU) microprocessors can be exploited by crackers and allow access to security keys. A description of the timing attack was presented Friday by a Colin Percival, a computer science researcher, at the BSDCan 2005 conference. Intel’s Hyper-Threading (HT) algorithm enables Pentium CPUs to maximize the efficiency of the processing system. According to Intel’s website, with HT technology “desktop users can experience greater system responsiveness and performance when multitasking. At home, users can encode audio and video at the same time, or run a virus scan in the background while continuing to play their favorite game. In the office, HT Technology enables IT managers to deploy PC services such as encryption, compression or backup technologies while minimizing the impact on PC user productivity. In addition, multitasking business workers can experience greater system responsiveness, enabling increased productivity. In summary, the Pentium 4 processor supporting HT Technology delivers a new level of performance and PC responsiveness for consumers and business professionals.”

[Read more...]

Users Warned of Multiple Windows Security Vulnerabilities

Symantec Corp., manufacturer of the popular Norton series of antivirus products, yesterday warned customers of a multiple critical holes in Microsoft Corp.’s Windows operating system. The security holes make the Windows systems vulnerable to remote attack.

[Read more...]

Security Hole in Google Desktop Search Toolbar

Three academic computer scientists have uncovered a serious security hole in the Google Desktop Search Toolbar that was released on October 14th. Dan Wallach, assistant professor of computer science at Rice University and two graduate students, Seth Fogarty and Seth Nielson, have known of the security problem for a month; however, this is the first confirmed report of a serious problem with Google’s popular search tool.

[Read more...]

Windows Servers Vulnerable to Takeover through WINS

A flaw in the Windows Internet Name Service (WINS) in Windows NT Server 4.0, Server 2000, and Server 2003 creates a security hole that would allow a cracker to gain full control over the network server, thereby putting corporate data at risk.

WINS is a network component that manages a distributed database of network stations by mapping computer names and IP addresses across a routed network. While other versions of Microsoft Windows include support for WINS, only the server versions are currently known to be infected, according to Microsoft.

Microsoft will patch this security flaw as part of it’s scheduled monthly update.

Dave’s Comment
This is a serious security issue. Until an update is released, network administrators can secure their systems by blocking their firewall’s TCP and UDP ports 42 and either removing WINS or using IPsec to secure the network traffic.

Call for Comments
What do you think? Leave your comments below.

References
Microsoft Security

Windows XP SP2 is a Must-Have Upgrade

Microsoft is readying the Windows XP Service Pack 2 (SP2) upgrade for release in mid-2004. The upgrade will address many of the security problems that currently plague the company’s flagship operating system.

For example, the current Internet Connection Firewall is disabled by default and most users find it difficult to configure. In WinXP SP2 the feature is renamed Windows Firewall, enabled by default, and is prominently displayed. The new Windows Firewall will offer many of the features of third-party firewalls, such as ZoneLabs’ ZoneAlarm, a product that I currently recommend to all clients.

WinXP SP2 modifies the operating system’s wireless networking (Wi-Fi) service, allowing users to select primary Wi-Fi networks to which the system should always connect when within range. This will make laptop systems much easier to manage.

All users will be glad that Internet Explorer now blocks pop-up ads, negating the need to purchase a third-party web browser or ad-blocking application. Next to spam, I find pop-ups the most annoying downside to life online.

Outlook Express and Windows Messenger will block many dangerous file types by isolating file attachments so that they aren’t automatically executed upon receipt. By default HTML-formatted e-mail messages won’t display images, this will prevent web bugs embedded in e-mail messages from confirming your e-mail address to spammers.

Dave’s Opinion
I’m not a Pollyanna, believing that Windows is now a secure operating system, but Microsoft’s efforts will make it more difficult for crackers and spammers to ruin our online experience. But as my students constantly remind me, there’s no better line of security than an educated user. Learn all that you can about how to secure your system, keep your antivirus definitions updated daily, and don’t ever open a file attachment that you didn’t expect.

Call for Comments
What do you think? Leave your comments below.