Security problems

Published: 28 August 1999 y., Saturday
Microsoft has acknowledged a serious security flaw in NT when used with Service Pack 4 (SP4) -- probably the most commonly deployed version of its operating system. The flaw enables hackers to masquerade as trusted hosts to get access to secure systems, using so-called Predictable IP Sequence Numbering - something that was identified and fixed in Unix systems several years ago, according to Richard Thomas, head of Winterfold Datacomm (Guildford, UK), a networking consultancy. Security problems had been found in earlier versions of NT, but the bundle of patches and fixes in SP4 were supposed to have made everything watertight. That_s proved not to be the case, according to NTA Monitor (Rochester, UK), a consultancy that conducts security audits on corporate systems by simulating hacker attacks over the Internet. When conducting such an audit, it came across Predictable IP Sequence Numbering at a customer site using NT with SP4. After doing bench tests to establish that the problem was generic to NT and SP4, NTA-Monitor contacted Microsoft. After nearly three weeks of deliberations, Microsoft has come clean. Sunil Gopal, a technical specialist at Microsoft, acknowledged the problem on Tuesday in a memo to Roy Hills, NTA-Monitor_s testing development director. His memo says fault has been eliminated in Windows 2000 and "will be back-ported to NT 4.0 in a future SP release."
Copying, publishing, announcing any information from the News.lt portal without written permission of News.lt editorial office is prohibited.

Facebook Comments

New comment


Captcha

Associated articles

What impact will sites like Facebook and YouTube have in the EP elections?

Networking sites like Facebook and YouTube are changing politics. more »

Santander Selects Wincor Nixdorf for its ATMs

Vendor to service almost 4,000 existing ATMs and supply another 450. more »

WINCOR: Check 21, deposit automation will revolutionize the branch

The advent of deposit automation, facilitated in many ways by the implementation of Check 21, is not only improving check-handling processes at the self-service terminal – it also is improving handling within the bank branch itself. more »

Moroccan Post Office chooses Bull

The Moroccan Post Office, Barid Al-Maghrib, has selected Bull to act as project manager on the automation project for its International Mail Center in Casablanca. more »

Gemalto Wins Austin Business Journal Tech Innovation Award

Gemalto has taken home one of the most coveted technology prizes in Austin with its Smart Enterprise Guardian (SEG). more »

So-called 'bam-raids' on Aussie ATMs get bankers' attention

Banks in Australia are rushing to install gas detectors into their ATMs, as gas-explosive attacks on ATMs in the country continue to climb. more »

EMC and Microsoft Extend Strategic Alliance Through 2011

EMC CEO Joe Tucci and Microsoft CEO Steve Ballmer showcase deep technology collaboration at New York CIO Summit. more »

Gemalto and mChek Join Forces to Serve Mobile Payment Markets in South Asia

India-based mChek looks to offer its secured SIM-card-based mobile applications through partnership with Gemalto. more »

Heartland Payments CEO says end-to-end encryption could prevent card, data breaches

Nearly one week after news emerged of the big data breach at Princeton, N.J.-based merchant acquirer Heartland Payment Systems Inc., it remains unclear how much damage actually happened and who did it. more »

Wincor Nixdorf launches new ATM tech that shields ATMs from attacks

Wincor Nixdorf AG has announced the release of an enhanced security product for bank branches called ProTect. more »