From the dWb website
News Snippets

March 1999 News

  • NT 4.0 Security flaw
  • Trusting U Trusting Me
  • Strange Days are here

NT 4.0 Security flaw

Yet another security hole in MS NT 4.0 has been found. Problems found in PPTP using weak authentication and poor encryption e.g. password used as encryption key.

Problems found:
  • weak algorithms allowing eavesdroppers to learn user's passwords
  • flaw in challenge/reply protocol allowing attackers to masquerade as the server
  • unauthenticated messages that let attackers crash PPTP servers
NT Service Pack 2 addresses most problems but tests were made on NTSP3 !!! The problems are so basic that patches will not help.

A BIG issue is that NT is popular with VPNs.

Trusting U Trusting Me

The future programming issue is going to be how much can one bit of code TRUST another bit of code. This will become critical as the computing world implements ever more "object" technology, as each object can be a different version. Java wrappers are phenomenally powerful but can you trust the contents? DCOM and ActiveX have the same problems. If the developers cannot handle it properly and safely how are mere mortals going to cope?

Strange Days are Here

An Office 97 macro virus that can migrate between Word & Excel environments has been bred. Strange Days contains some destructive code which deletes files on 26th of the month. Strange Days could be a reference to a song by the Doors.
This document maintained by dwb@dwb.co.uk. -------- Material Copyright © 1999-2002 dWb