LAB NOTES

Virtual Security on VPNs? A consulting
company recently released a report that found major flaws in Microsoft Corp.’s
implementation of its Point to Point Tunneling Protocol, which is used to create virtual
private networks.


The company, Counterpane Systems of Minneapolis, said in its report that the version of
PPTP in Microsoft Windows 95 and Windows NT has security holes. Among the problems,
Counterpane said, the operating systems base packet encryption on a user’s password,
which is easily breakable.


Another security flaw highlighted in the report is Microsoft’s Challenge/Reply
Authentication Protocol, which reportedly has design flaws that let hackers make their
systems appear to be a server. Also reported are flaws that open PPTP servers to attacks
that can crash a server.


The company has posted the report in Adobe Portable Document Format and Postscript
format on the Web at http://www.counterpane.com/pptp.html.
Microsoft has its response posted at http://www.microsoft.com/communications/pptpfinal.htm.


What’s in a name? Evidently everything
if you’re on the Internet. For months, the future of Internet domains has been up in
the air. Although the issue has not been closed, the government has released the final
draft of its plan for Internet domain names.


Current domains include .com, .net and .gov to name a few, but don’t look for any
new domains from the government. Its plan would set up a nonprofit organization to decide
domain names, as well as other issues surrounding Net naming. The group will based in the
United States.


Serving up the Service Packs. Perhaps
Microsoft ought to sell a product called MS Service Pack 98. That was the thought that
entered the GCN Lab staff members’ minds when we saw that Microsoft had announced the
release of Service Pack 1 for Internet Explorer 4.01.


A number of fixes are included, among them three minor date code patches. The year 2000
problems are never going to be fixed if all vendors—not just
Microsoft—don’t stop introducing them in new products. The Explorer Service
Pack is recommended for all version 4.0 users, but especially for those having problems
with OSR2 and three or more network drive mappings.


The patch is available at http://www.microsoft.com/ie/download/kbsp1.htm.


When I’m 64. Sixty-four bits, that is.
Intel Corp. recently announced that it would delay developing its 64-bit processor,
code-named Merced. Originally planned for release in 1999, the chip is now set for
delivery in mid-2000.


The delay will have an impact on Intel’s plans to enter the high-end enterprise
system market.



—Jason Byrne
Internet: jbyrne@gcn.com



inside gcn

  • data science (chombosan/Shutterstock.com)

    4 steps to excellence in data analysis

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above