22nd > February > 2002 Archive
We are indebted to CNET for the news that walmart.com is to experiment with selling PCs without operating systems i.e. a whole lot cheaper than their Windows-loaded counterparts.
It's been over a week since CERT released a seemingly endless list of devices and software products containing SNMP vulnerabilities discovered by Finnish University of Oulu researchers, and to date very little bad has happened, no doubt to the disappointment of most news agencies. As the story drops off the media radar screen, it's important to keep in mind that threats to your system can't be measured by the amount of mainstream press coverage they receive.
First up, the mildest of the three. Microsoft XML Core Services (MSXML) may ignore IE security zone settings during a request for data from a Web site, meaning that an attacker could request data from the user's local drive. It would be necessary for the attacker to know the path to the file being sought, and he would have only read privileges. HTML e-mail seems not to be vulnerable to this sort of attack. The hole exists in the XMLHTTP ActiveX control, which "allows Web pages to send and receive XML data via HTTP operations such as POST, GET, and PUT." Supposedly there are security mechanisms to prevent abuse, but they're obviously not quite comprehensive.
The boss of Surrey-based ISP V21 has pledged to donate cash to children’s charity Barnardo’s.
Computer Associates (CA) is to cease providing updates for its free InoculateIT Personal Edition (IPE) anti-virus software on May 15.
Unix server vendors just love benchmarks, which means, we guess that their corporate clients think they're pretty important to.
Computacenter and BT fall foul of TUPE?
Punters are warned to be on their guard against dodgy domain name sales tactics.