Patch Available to Re-enable Personal Firewall

Last week, BugNet reported an incompatibility between Windows 2000 Service Pack 1 and ZoneAlarm. After more testing with KeyLabs, BugNet was able to identify another personal firewall product that fell victim to Microsoft’s update for Windows 2000. BlackICE Defender users were surprised to find their TCP/IP filtering down for the count after installing SP1. Fortunately, Network ICE was quick to release a patched version that eliminates the SP1 incompatibility. Read the rest of this entry »

Key Vulnerability Hits PGP

Testing at KeyLabs has verified a security vulnerability that has been discovered in Network Associates PGP (Pretty Good Privacy) encryption program. Giving rise to some “I told you sos”, the vulnerability happens because of a feature added to let certain third-parties read your encrypted mail.

The problem was found by German researcher Ralf Senderek, and has been circulated by CERT, and acknowledged by Network Associates. It affects PGP 5.5.x through PGP 6.5.3 for Windows 95, 98, NT, and 2000.

Encryption in PGP works via a mathematical formula using a private key and a public key. The public key is known to others, and is usually made available through public sources. The problem is due to the introduction of another type of key, called an Additional Decryption Key (ADK). These ADKs were the solution that PGP used for key escrow, which provides a means for someone else, like your company or the FBI, to read your encrypted mail.? Read the rest of this entry »

Hotmail Users Need to Update Browser

For many people, the axiom, “If it ain’t broke, don’t fix it”, is their modus operandi. With so many other things to worry about, updating a browser that seems to be working fine just isn’t a high priority. However, a recently discovered security bug in Hotmail may serve as a wakeup call to all Internet Explorer 4.x and 5.0 users. BugNet has verified a security vulnerability that would allow a malicious user to usurp control of someone else’s Hotmail account, allowing the hacker to read and to send e-mail from that account. Because this security hole can be thwarted by upgrading IE, we recommend that all Hotmail users verify that they are running the most current version of the Microsoft browser.? Read the rest of this entry »

Telnet, the mainstay of remote management for decades, got a feature enhancement in Windows 2000 that might streamline the logon process, but could also expose user authentication credentials to a hacker. Microsoft has recently released a patch that eliminates a security vulnerability in Windows 2000 telnet client. The bug could allow a malicious user to trick an unsuspecting victim into automatically starting a telnet session with the hacker’s telnet server, thereby transmitting critical user authentication information to that server.

With the help of KeyLabs, BugNet was able to reproduce this bug that affects all Windows 2000 users. The vulnerability occurs because of a new authentication feature added to Windows 2000’s telnet.exe. Read the rest of this entry »

Pragma Systems Inc., an Internet software products developer for the Windows platform, recently released a patch for their telnet server for Windows NT/2000. The fix eliminates a denial of service (DoS) vulnerability that could cause an application crash if one of two different scenarios is met. The bug, originally reported by the Underground Security Systems Research organization (USSRBack), involves a buffer overflow memory problem in the remote execution daemon (rexecd.exe) in the Pragma Telnet Server. By hitting the server with a carefully constructed Internet packet, a malicious user could crash the Pragma telnet server requiring the server administrator to restart the telnet server application, or, in some situations, to reboot the system.? Read the rest of this entry »

With the testing out of the way, the time comes to implement your groupware system. With a little skill, roll-out can be smooth sailing because the implementation is phased, and you’re having the server do most the work.

Do: Script the client installation and use application launcher to automatically push the client install to the desktop. Groupware client installations have several questions that affect the installed settings. Your users don’t need to answer those questions (or bother you with questions about how to answer them) if you script the install to do the work for them.? Read the rest of this entry »

Here are some of the more dangerous,
comic or widespread bugs affecting PCs right now, selected from among
thousands of entries in the BugNet BugMaster Database.

Picture
It! 2000Microsoft says in Picture It! 2000 the steps for “Create a new folder”
in the Catalog Help topic aren’t accurate. An existing folder can be
cataloged, but creating a new folder in the Picture It! 2000 catalog
isn’t possible. Read the rest of this entry »

Strange but true software guffaws, glitches, and gotchas

Not quite ripped from today’s headlines, these are the stories of our readers, their close encounters with not-so-helpful tech support staffers, narrow escapes from would-be viruses, and humble opinions on unwelcome software features. These are uncut and uncensored accounts, straight from BugNet subscribers. As such, BugNet makes no claims regarding their validity, ownership, safety, or even usefulness. But we think you’ll enjoy their honest and candid approach to those software maladies we lovingly call bugs, and no, not these kinds of bugs.

• McAfee VirusScan Alert
• Me Crashes
• Apologies
• More Naming Names
• Old Computers Equal Slow Computers
• A Real Fix