|INTERFACE : So many 'holes' to patch
|What's the story behind these holes? Well, it's simply a case of rushing a product to market too soon without sufficient testing.|
JORDAN (Star) - Have you noticed how many security 'holes' are being discovered in software nowadays? From Internet Explorer, through Yahoo Instant Messenger and including MSN Hotmail; there has been enough talk of holes to create concern among users who won't ever believe claims of '100 percent secure' software producers. Not until we get a hole-free period.
What's the story behind these holes? Well, it's simply a case of rushing a product to market too soon without sufficient testing. What's more, it's an example of incompetence on the part of software producers being exposed by creative hackers.
Apart from the well-documented, and ever continuing, security holes found in Microsoft products, Yahoo users have become the most recent victims of another hole.
Yahoo Messenger has a 'security vulnerability' that could allow hackers to delete files on a user's computer. It has prompted Yahoo to issue a patch for the latest version of its IM software.
By April 2002, 19.1 million people in the United States used Yahoo Messenger; however, because Yahoo has many international users, the total number of people potentially affected by the vulnerability is likely much greater.
If you're one of those users, get version 5.0 of Yahoo IM now. Microsoft also issued a warning on its Web site earlier this month informing people of a similar weakness affecting MSN Messenger software.
This was only part of a series of such breaches reported in Microsoft products, which has caused Chairman Bill Gates to earmark security as a top priority for the company. The importance of secure Internet-based services is going to grow with Microsoft's .Net initiative, which will offer software and services over the Internet. The fixes released by Microsoft are numerous. Only recently, last week in fact, Microsoft issued a patch, called MS02-023, which "includes five different fixes for six known vulnerabilities in three recent releases of Internet Explorer". This confusing statement sums up the mess these holes have caused to the software giant's image.
Beware, though, as even these patches are not fully tested! The simplest description of these holes is quite complex, but here it is. First, there's a hole that 'allows code injected by malicious users to run in the local computer zone'. Second, Microsoft has fixed the problems that arise from the practice of 'cascading style sheets', as it could allow a malicious user to read-although not change or delete-files on a remote system. Third, Microsoft claims the "Script within Cookies reading Cookies" flaw, which could allow a malicious user to plant a script on your computer that reads remote cookies, is fixed.
Finally, Microsoft has repaired a bug in Outlook, which changes the font in the Outlook e-mail program.
Still, all these fixes are just the tip of the iceberg when it comes to Internet Explorer vulnerabilities.
Experts are already exposing other flaws and some 'hobbyists' are listing these flaws on their websites. One such site claims that, even after this recent patch, Explorer has 13 security holes.
It makes you wonder if downloading this patch is any good. It is. After all, some protection is better than none.
The idea is to be aware of these dangers, so regularly visit Microsoft's website to check on new holes discovered, and download their fixes.
It's a hassle and a pain, but it seems to be the way computing will be for a while. Plug those holes and prepare for more!