Is your software bugging you?
The reputable hardware, operating systems and applications software you buy have many glitches in them which allow hackers to cause damage or break into your company's electronic network.
The amount of viruses and security flaws being reported is quite astounding.
The Computer Emergency Response Team Co-ordination Centre (CERT) had reports of 4,398 "incidents'' in the first half of 1999 compared to 3,734 for all of 1998. Up to June 30, a total of 163 vulnerabilities were reported, compared 262 in 1998.
One such major flaw was what is labelled the "Microsoft JET ODBC Vulnerability''. On Friday Microsoft Corp. was able to release a patch to close a security hole found in the database drivers for Excel 97 and Excel 2000. The problem in Excel 97 was discovered by a computer programmer in Spain, Juan Carlos Garcia Cuartango, who notified both NTBugTraq and Microsoft in late July this year.
Jet is a database engine for a lot of Microsoft applications and implements basic database functions, like the ability to store data in an organised fashion, to add, modify or delete data, and search the data.
The Excel 97 problem in the Jet engine allows a user to create malicious code in a spreadsheet that will plant viruses and delete files. Opening an affected spreadsheet attached to an e-mail message or linked from a Web site opens the security hole. Microsoft also found a similar problem in Excel 2000 while working on the solution for Excel 97.
The driver in question, which also ships with Office 97, Microsoft Visual Studio, Microsoft Project, Microsoft Publisher and Microsoft Streets & Trips, "could allow an attacker to create a malicious .xls or .doc file, which when opened would execute arbitrary commands on the target system. The file could be distributed via email, the web (including in hidden frames), or any number of methods,FF according to Security-Focus.com.
Microsoft has posted a patch at officeupdate.microsoft.com for Office 2000, Office 97, Excel 2000 and Excel 97 to solve the problem.
Most of the Internet sites coming on the Internet are attempting to consolidate all the vast amount of information on the subject of such bugs in programmes. Check out SecurityFocus at www.securityfocus.com for one such company that is attempting to get consensus in the industry for the use of its simple numbering system.
The particular major flaw above was identified as 548. Go to its description on the site and click the exploit tab for some fun. There's a link to a live, benign demonstration of what the bug could do to your system.
SecurityFocus.com also has a Bugtraq (www.ntbugtraq.com) mailing list to keep you up to date.
Other sites are CERT at www.cert.org and the International Computer Security Association at www.icsa net.
Watch out for a new computer virus due to hit Christmas Day. The Win32.Kriz.3862 virus will attempt to erase a computerFs CMOS memory information, including date and time functions, to erase data on the hard drive, and undermine the BIOS function making it impossible for starting.
The new virus is similar to the Chernobyl virus which damaged hundreds of thousands of computers running Microsoft Corp.Fs Windows systems.
Tech Tattle deals with topics relating to technology. Contact Ahmed at techtattle ygazette.newsmedia.bm or 295-5881 ext. 248 or 238-3854.