carefully our disclaimer before using this message board !You are viewing a page out of the ShareExpress2000 web site
(c) Click2.com Pty Ltd Australia
| Post Reply | Read Follow Ups |
Main Index | Download ShareExpress Portfolio Manager |
Message subject : Microsoft is set for a free fall tonight
This message was posted by Gail on April 14, 2000 :
Check out this article :
Microsoft Corp. acknowledged Thursday that its engineers included in some of its Internet software a secret password — a phrase deriding their rivals at Netscape as “weenies” — that could be used to gain illicit access to hundreds of thousands of Internet sites world-wide. The manager of Microsoft’s security-response center, Steve Lipner, acknowledged the online-security risk in an interview Thursday and described such a backdoor password as “absolutely against our policy” and a firing offense for the as yet unidentified employees.
THE COMPANY PLANNED to warn customers as soon as possible with an e-mail bulletin and an advisory published on its corporate Web site. Microsoft urged customers to delete the computer file-called “dvwssr.dll”-containing the offending code. The file is installed on the company’s Internet-server software with Frontpage 98 extensions.
While there are no reports that the alleged security flaw has been exploited, the affected software is believed to be used by many Web sites. By using the so-called back door, a hacker may be able to gain access to key Web-site management files, which could in turn provide a road map to such things as customer credit-card numbers, said security experts who discovered the password.
Two security experts discovered the rogue computer code — part of which was the denigrating comment “Netscape engineers are weenies!” — buried within the three-year-old piece of software. It was apparently written by a Microsoft employee near the peak of the hard-fought wars between Netscape Communications Corp. and Microsoft over their versions of Internet-browser software. Netscape later was acquired by America Online Inc.
One of the experts who helped identify the file is a professional security consultant known widely among the Internet underground as “Rain Forest Puppy.” Despite his unusual moniker, he is highly regarded by experts and helped publicize a serious flaw in Microsoft’s Internet-server software last summer that put hundreds of high-profile Web sites at risk of intrusion.
Russ Cooper, who runs the popular NT Bugtraq discussion forum on the Internet, estimated that the problem threatened “almost every Web-hosting provider.”
“It’s a serious flaw,” Mr. Cooper said. “Chances are, you’re going to find some major sites that still have it enabled.” Mr. Lipner of Microsoft said the company will warn the nation’s largest Web-site providers directly.
In an e-mail to Microsoft earlier Thursday, Rain Forest Puppy complained that the affected code threatened to “improve a hacker’s experience.” Experts said the risk was greatest at commercial Internet-hosting providers, which maintain hundreds or thousands of separate Web sites for different organizations.
Mr. Lipner said the problem doesn’t affect Internet servers running Windows 2000, or the latest version of its server extensions included in Frontpage 2000.
The digital gaffe initially was discovered by a Europe-based employee of ClientLogic Corp. (www.clientlogic.com) of Nashville, Tenn., which sells e-commerce technology. The company declined to comment because of its coming stock sale. The other expert, Rain Forest Puppy, said he was tipped off to the code by a ClientLogic employee.
When asked about the hidden insult Thursday, Jon Mittelhauser, one of Netscape’s original engineers, called it “classic engineer rivalry.”
Source Wall Street Journal
Warning: at times comments aimed at manipulating other investors may appear on these
message boards. Posters may post overly optimistic or pessimistic comments on particular
stocks, in an attempt to influence other investors. While every effort is made by the moderators
to remove these, some may still appear on these boards. Unless specifically stated persons posting
on this site are NOT investment advisors and do NOT hold the necessary licence, or have any
formal training, to give investment advice.
Before acting on any of the information you read and making any financial or investment
decisions, you should always consult your advisor(s) or other relevant professional
Post a Followup