Light at the end of the tunnel? Or is it an
oncoming train? Microsoft Corp. has said the second beta version of its Windows NT 5.0 is
on track for release this summer. A third beta version will get wider distribution before
the final release.

Previous statements had indicated a final NT 5.0 release in the first half of next
year, and observers think the date may slip to late 1999. Some organizations that have
held off on operating system deployments, hoping to put NT 5.0 on both servers and desktop
computers, are going ahead with NT 4.0. That will hurt NT 5.0, as sites are unlikely to
make two OS transitions within 18 months of each other.

Grab the insecticide. More bugs have been reported in
Intel Corp.’s latest processor, the Pentium II Xeon for workstations and servers.

Processor bugs, or what Intel calls errata, are not unusual, and there is usually some
kind of workaround. Intel already had listed 39 errata in the Xeon specification update
when the three latest errata were discovered. The update is available at
in Adobe Acrobat format.

The new bugs are esoteric, but that doesn’t mean they don’t have potentially
serious consequences. One error involves operation execution. The P6 architecture boosts
its native performance by predicting which operations it will be asked to perform before
it actually does so. If it guesses wrong, it is supposed to wipe out the prediction, but
the Xeon doesn’t always. It might execute commands that have not been sent, resulting
in erratic behavior or OS failure.

Other bugs cause system reboots, lockups or false error reports. Of 42 errata on
Xeon’s list, Intel plans not to fix 32. Instead, BIOS and application developers will
have to develop workarounds. Only two errata have already been fixed, and five will be
fixed in future chip versions. The three newest will probably have workarounds.

Keys to the kingdom. That’s what a cryptographer
at Lucent Technologies’ Bell Labs Secure System Research Department discovered.
Daniel Bleichenbacher was investigating ways to break security protocols, focusing on the
protocol used in Secure Sockets Layer connections—the Public Key Cryptography
Standard. SSL is used in most secure online transactions, including many electronic
commerce applications.

From the protocol’s error reporting features, Bleichenbacher discovered he could
get information about contents of encrypted messages. The problem lies in SSL
implementations that use PKCS 1 tools from RSA Data Security Inc. of Redwood City, Calif.
RSA is working with a number of vendors to develop a fix for the security hole. More
information is on RSA’s Web site at

—Jason Byrne

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.