Virtual Security on VPNs? A consulting
company recently released a report that found major flaws in Microsoft Corp.s
implementation of its Point to Point Tunneling Protocol, which is used to create virtual
The company, Counterpane Systems of Minneapolis, said in its report that the version of
PPTP in Microsoft Windows 95 and Windows NT has security holes. Among the problems,
Counterpane said, the operating systems base packet encryption on a users password,
which is easily breakable.
Another security flaw highlighted in the report is Microsofts Challenge/Reply
Authentication Protocol, which reportedly has design flaws that let hackers make their
systems appear to be a server. Also reported are flaws that open PPTP servers to attacks
that can crash a server.
The company has posted the report in Adobe Portable Document Format and Postscript
format on the Web at http://www.counterpane.com/pptp.html.
Microsoft has its response posted at http://www.microsoft.com/communications/pptpfinal.htm.
Whats in a name? Evidently everything
if youre on the Internet. For months, the future of Internet domains has been up in
the air. Although the issue has not been closed, the government has released the final
draft of its plan for Internet domain names.
Current domains include .com, .net and .gov to name a few, but dont look for any
new domains from the government. Its plan would set up a nonprofit organization to decide
domain names, as well as other issues surrounding Net naming. The group will based in the
Serving up the Service Packs. Perhaps
Microsoft ought to sell a product called MS Service Pack 98. That was the thought that
entered the GCN Lab staff members minds when we saw that Microsoft had announced the
release of Service Pack 1 for Internet Explorer 4.01.
A number of fixes are included, among them three minor date code patches. The year 2000
problems are never going to be fixed if all vendorsnot just
Microsoftdont stop introducing them in new products. The Explorer Service
Pack is recommended for all version 4.0 users, but especially for those having problems
with OSR2 and three or more network drive mappings.
The patch is available at http://www.microsoft.com/ie/download/kbsp1.htm.
When Im 64. Sixty-four bits, that is.
Intel Corp. recently announced that it would delay developing its 64-bit processor,
code-named Merced. Originally planned for release in 1999, the chip is now set for
delivery in mid-2000.
The delay will have an impact on Intels plans to enter the high-end enterprise