Warning! Windows graphics glitch opens new security front
Thread Starter
Join Date: Apr 2001
Location: Launceston. Tasmania,Australia
Posts: 96
Likes: 0
Received 0 Likes
on
0 Posts
Warning! Windows graphics glitch opens new security front
Windows graphics glitch opens new security front
SMH
By Mike Barton
September 17, 2004
Another flaw in Microsoft software has surfaced, with a graphics file now able to crash the security gates of Windows.
The flaw, in the JPEG imaging technology, is so broad that using the Microsoft's Internet Explorer to view web pages could be risky, security analysts say.
A technical director at the security firm Symantec, Tim Hartman, said it exposed the "low-hanging fruit of the internet" to attackers.
On Wednesday, Microsoft issued a security patch and urged people to use the Windows Update website to download it and protect their computers. But the problem is not exclusive to Windows, so Microsoft provided a tool to scan for other vulnerable products.
Mr Hartman said it was not as easy as it looked, however. The size of one of the security updates, for Office XP, was so large, at 58 megabytes, that people with dial-up internet access would take hours to download it.
Most broadband users would use more than a quarter of their monthly download limit to patch their computers.
The head of security for Microsoft Australia, Ben English, said the updates were free to download, but added: "Currently, it's at the discretion of [internet service providers] whether they choose to make these updates freely available to their customers."
A Telstra BigPond spokesman, Craig Middleton, said it was unable to work out an arrangement with Microsoft to provide unmetred updates for its broadband customers.
He said that customers who had already exceeded their monthly download limits would be charged 15 cents a megabyte. So a 58 megabyte download would cost $8.70.
"Really, that's a reasonable investment in the safety of your PC," he said.
Affected computers include those with Windows XP, Windows Server 2003 or earlier versions of Windows with Office and some specialised Microsoft and third-party applications.
Industry reports say Microsoft's tool comes up short, and the list of affected programs may grow.
People who had updated their computers with another recent major Microsoft security update for Windows XP, Service Pack 2, would not need to install the patch but should still run the update scan, Microsoft said.
A Microsoft spokeswoman said it can also deliver the larger Office XP update, Service Pack 3, on CD, to be delivered in five to seven days for $9.90 to cover shipping and handling.
Regardless of the patches, now that it was out in the open, Mr Hartman said, it was only a matter of time before an attack occured.
"You can probably expect [an attack] sometime within a week or so," he said.
PS Problem solved Get a Mac
SMH
By Mike Barton
September 17, 2004
Another flaw in Microsoft software has surfaced, with a graphics file now able to crash the security gates of Windows.
The flaw, in the JPEG imaging technology, is so broad that using the Microsoft's Internet Explorer to view web pages could be risky, security analysts say.
A technical director at the security firm Symantec, Tim Hartman, said it exposed the "low-hanging fruit of the internet" to attackers.
On Wednesday, Microsoft issued a security patch and urged people to use the Windows Update website to download it and protect their computers. But the problem is not exclusive to Windows, so Microsoft provided a tool to scan for other vulnerable products.
Mr Hartman said it was not as easy as it looked, however. The size of one of the security updates, for Office XP, was so large, at 58 megabytes, that people with dial-up internet access would take hours to download it.
Most broadband users would use more than a quarter of their monthly download limit to patch their computers.
The head of security for Microsoft Australia, Ben English, said the updates were free to download, but added: "Currently, it's at the discretion of [internet service providers] whether they choose to make these updates freely available to their customers."
A Telstra BigPond spokesman, Craig Middleton, said it was unable to work out an arrangement with Microsoft to provide unmetred updates for its broadband customers.
He said that customers who had already exceeded their monthly download limits would be charged 15 cents a megabyte. So a 58 megabyte download would cost $8.70.
"Really, that's a reasonable investment in the safety of your PC," he said.
Affected computers include those with Windows XP, Windows Server 2003 or earlier versions of Windows with Office and some specialised Microsoft and third-party applications.
Industry reports say Microsoft's tool comes up short, and the list of affected programs may grow.
People who had updated their computers with another recent major Microsoft security update for Windows XP, Service Pack 2, would not need to install the patch but should still run the update scan, Microsoft said.
A Microsoft spokeswoman said it can also deliver the larger Office XP update, Service Pack 3, on CD, to be delivered in five to seven days for $9.90 to cover shipping and handling.
Regardless of the patches, now that it was out in the open, Mr Hartman said, it was only a matter of time before an attack occured.
"You can probably expect [an attack] sometime within a week or so," he said.
PS Problem solved Get a Mac
Join Date: Jul 2003
Location: Planet Plazbot
Posts: 1,003
Likes: 0
Received 0 Likes
on
0 Posts
For all your non microsoft related crap (dunno if it gets around this one)
use
www.mozilla.org and get firefox. Pop up blocker is an added bonus. Plus Telstra are a bunch of useless pricks. They can download the file once and have it sit on their system and have it passed out for free (bandwidth) after that. Optus does it Tel$tra does not.
use
www.mozilla.org and get firefox. Pop up blocker is an added bonus. Plus Telstra are a bunch of useless pricks. They can download the file once and have it sit on their system and have it passed out for free (bandwidth) after that. Optus does it Tel$tra does not.
