Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Short, But Sweet

A memo from Microsoft Chairman, Bill Gates, was recently 'leaked' onto the Internet, and it heralds a fairly surprising change in direction for the company. Citing examples such as Google and Yahoo!, it appears that the head of Microsoft feels threatened by an environment where a small startup can come from nowhere and rapidly gain the dominant market share, before the larger established companies have a chance to react.

This call for a move to online advertising and services as a cornerstone for future revenue already looks like it has the first components in place by Microsoft. They have announced the creation of a 'Live' project which is designed to further the capabilities offered by MSN, which will continue to operate alongside the new service. The new project will offer a range of additional services for offline applications, as well as some unique online tools, supported by advertising and premium subscription content.

Microsoft claim to have invented the AJAX phenomenon through their Outlook Web Access technology which made use of their XMLHttpRequest object (an essential component of all AJAX applications), which is a claim not too far from the truth. The leaked memo makes reference to Microsoft having missed a great opportunity with Outlook Web Access, something which they do not wish to repeat.

More concerning for competing companies is the reference to Microsoft focussing on developing a competing format to the ubiquitous PDF (Portable Document Format), which is closely tied to Adobe. For many users, .pdf files have become a de facto standard, such that it is used as the underlying default image type for Apple's OS X Operating System. Microsoft's competing format, dubbed Metro, is scheduled to be included with the Microsoft Vista release which is expected for release next year.

Microsoft's 'Black Tuesday' security patch release for November came and went with only a single patch, rated critical, for Windows NT-derived systems (2000, XP, 2003). A memory error in the processing of EMF / WMF image types for vulnerable systems could allow a remote attacker to gain control of the system. It was highlighted that, provided the user could be tricked into viewing the file, this could be exploited through Internet Explorer, Microsoft Office, and Microsoft Outlook (when viewing HTML formatted emails).

Initial reaction was that the disclosed vulnerability would not be suitable for use as a mass spreading automated worm, but could be used as an infection vector for other worms. At least one Anti-Virus company claimed that the vulnerability was already being used by a worm that was in the wild, however they subsequently retracted this claim. One other Anti-Virus company's product went haywire with the detection routines for identifying this flaw, flagging numerous legitimate files as infected and causing Excel to stop functioning correctly. The current set of definition files has corrected this issue, and it is a standard recommendation to ensure that all readers maintain their Anti-Virus products with the latest definition files.

With the recent arrests in Australia over suspected terrorism related activities, and the ongoing rioting throughout Western Europe, the use of the Internet, computers, mobiles, and other networked technology devices to plan and manage these actions has been highlighted. With the Australian arrests, some of the evidence that is known to have been secured is computer equipment and related storage material. While it is not known whether the suspects used the Internet to co-ordinate their activities, any emails on the systems would surely be of interest to investigating officers. The presence of any encrypted data is also likely to draw additional attention.

The English parliament recently overturned an effort to increase the length of time that a suspect could be held without charge to 90 days, from the current 28. The primary argument being given for the proposed increase was that it would take that length of time for forensic specialists to recover and process information from an encrypted computer drive. This argument appears weak when it is considered that it is an offence in the UK not to provide the encryption key to law enforcement upon request. Also, the possible types of encryption encountered include methods which can not be reliably cracked in a human lifetime, so 90 days is an odd number for decryption of a device.

Across the Channel from England, and France has seen some of the worst rioting for a number of years, seemingly restricted to a fairly narrow group of residents. Alongside all of the other unique features associated with the rioting, it has been reported that there has been a high level of coordination and planning which has utilised everything from mobile phone networks to Internet chat rooms to manage the rioters. Even though it appears that the riots have slowed down, there are claims that on the 14th of November, something known as 'Operation Midnight Storm' is scheduled to start, having been planned and managed through various Internet sites.

14 November 2005

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.