The Archives of The Evil Empire1999 September | ||
30 September: Hacker Exposes IE5 'Download Behavior' Privacy Peephole The "Download Behavior" privacy peephole can enable maliscious webmasters to read files on a user's hard drive. The problem is this: when a user downloads a Web page using Microsoft IE5, that page can use server-side redirection to execute client-code capable of accessing and then returning those files to the Web server. 28 September: Internet Explorer 5 Rendering Engine Alters HTML Attribute Tags Microsoft Internet Explorer 5 (IE5) and Microsoft's underlying MSHTML editing and rendering engine can corrupt some HTML tags. Specifically, when users save a document with IE5's default setting of "Web Page, complete," or when developers instruct the MSHTML engine to render a document on the fly, the resulting document no longer retains quotation marks around HTML element attributes. 24 September: Internet Explorer 5 Severe Security Hole Microsoft has found out about another security hole in Internet Explorer 5.0. An unscrupulous webmaster could construct a page that takes advantage of IE5's ImportExportFavorites function to run some malicious code on a visitor's computer. Until Microsoft develops a fix for this hole, the only fix is to disable Active Scripting for your browser. 18 September: Microsoft secretly paid for ads for Independent Institute Microsoft secretly paid for newspaper ads by a California foundation that purported to present the independent views of 240 academic experts who said the U.S. government's antitrust case against the software giant was hurting consumers, according to a published report. 17 September: Bogus e-mail eats MS data A bogus Y2K email with a return address pointing to Microsoft's support staff has been circulating around the Internet with a Trojan horse attached. The Trojan horse attachment reportedly steals data from a user's computer. Microsoft has posted a warning about the hoax on its Year 2000 Portal Page. 10 September: US Army moving web servers to "more secure platform" Christopher Unger, web site administrator for the Army Home Page, said the Army has moved its web sites to a more secure platform. The Army had been using Windows NT and is currently using Mac OS servers running WebSTAR web server software for its home page web site. 3 September: MS denies Windows 'spy key' Experts have discovered a hidden key in Microsoft Windows that they say grants high-level access to the most powerful spy agency in the United States. Hogwash, says Redmond. 1 September: Security woes continue for Microsoft It appears that a patch meant to address one issue in Excel, Office 97, and Office 2000 may have some holes or "vulnerabilities" of its own. According to a recent posting to the NTbugtraq.com listserve, that fix itself, dubbed jetcoPkg.exe, contains its own vulnerabilities. "[The] jet driver can be used from an Excel worksheet or Word document to silently create, delete, or modify some kinds of files," wrote Juan Carlos Cuartango, a programmer in Spain who first uncovered the ODBC Office vulnerability. |
