Packet Rat: The Rat develops a split personality

The Rat

Michael J. Bechetti

Whenever the Rat can avoid using Internet Explorer, which is most of the time, he does so. But when he's stuck with it because of lousy support for Mozilla and Opera browsers in some Web applications, he finds himself neatly split in half.

He loathes Explorer's numerous security problems. At the same time, he's forced to appreciate its extra functionality that causes the security problems.

So when the CERT Coordination Center last month issued a warning that essentially said, 'Don't use Internet Explorer if you can help it,' the Rat didn't know whether to smile in satisfaction or grimace in disgust.

The latest security threat to come down the pike exploits a hole in Microsoft Internet Information Server (patched by Microsoft Corp. in April) that pushes nasty code down to Explorer browsers that visit an infected site. Unless users have installed the beta version of Windows XP Service Pack 2, there's no way to guarantee safe browsing with Explorer.

Having managed to avoid being pushed over Niagara Falls by his offspring during his family vacation, the whiskered one returned to the office to find a pile of CERT bulletins and other security alerts in his in-box.

'At least they didn't burn down the server room,' the wirebiter sighed as he looked around the disheveled command bunker. 'I'm away for a week, and discipline around here goes to heck in a handheld network monitoring tool.'

Like the Rat's rage, the Explorer attack is based on mixed messages. It connects the client to two Web servers at once to receive the malicious package of doom. Because it appears to be a trusted site, most users ignore any warnings that pop up, figuring they're just more errors from sloppy JavaScript code.

'After all, I'm always clicking 'Yes' to get past errors in the Explorer applications I use,' muttered the cyberrodent.

The fact that Microsoft had already issued a patch for the server vulnerability further divided the whiskered one's bad attitude. Should he go all righteous on Microsoft yet again for releasing a browser with intentionally built-in security flaws? Or should he focus his rage on the people running public sites with unpatched IIS servers?

Fortunately, most of the infected sites were cured by blocking a single Internet server somewhere in Russia. Unfortunately, the exploit could happen again, and it might not be as easy to stop next time. Some security experts said it captured keystrokes and sent them back to the Russian site for nefarious purposes, such as stealing financial data.

Most of the targeted sites were apparently related to financial services.

'So, as Ralph Nader would say,' the Rat told his department heads, 'Explorer is unsafe at any speed'unless we run it on our own closed track, that is. And I trust,' he added menacingly, 'that nobody's doing any online banking or stock trading on my network in any case.'

The Packet Rat once managed networks but now spends his time ferreting out bad packets in cyberspace. E-mail him at rat@postnewsweektech.com.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above