LAB NOTES

Strike up the band. Coming into
view at last is the second beta release of Microsoft Windows NT 5.0, the first broad beta
with up to 270,000 test copies. About two months behind schedule, Beta 2 has fairly
complete features, although much work remains to be done on it.


Once testers’ comments have been weighed, Microsoft Corp. will bring out a final
release version. Don’t be surprised if parts of NT 5.0 don’t arrive until 2000.
Most likely, NT 5.0 Workstation and Server will be released before the Server Enterprise
Edition.


To keep nonbeta testers busy, the GCN Lab is inaugurating another reader contest. The
winner gets a GCN T-shirt. Send e-mail titled NT Launch Date to labnotes@gcn.com with your best guess for the day,
month and year that Windows NT 5.0 will be released. If you expect separate dates for
parts of the operating system, specify them. The first entry received with the guess
closest to the correct date—or dates—will be the sole winner.


You either do or Eudora. Qualcomm Inc.
of San Diego has experienced some fallout from the long-filename security bug affecting
Microsoft Outlook 98, Outlook Express and Netscape Mail. Although Qualcomm’s Eudora
Pro mail client did not suffer from that bug, it does have another security hole involving
the way it handles Java.


Hostile Java applets evidently can hide as uniform resource locators in e-mail messages
read by Eudora Pro 4.0 or 4.1 for Windows. When the recipient clicks on the URL, the
hostile code activates.


Severity of the security exposure depends on the nature of the Java code, but it could
be quite serious. The immediate fix is to disable Java applets from running.


You can disable the “Use Microsoft Viewer” option in Eudora. In addition, you
can download a Eudora 4.02 patch that prevents Java applets or JavaScript from being
initiated from within an e-mail message. Visit the Web site at http://www.eudora.com.


Those aren’t dots; they’re security
holes. Lotus Domino, known for its tough overall security, nevertheless has a
security hole involving Lotus Notes 4.6 clients that attach to Notes databases. Earlier
client versions may have the same exposure, although it has not been confirmed.


The exposure begins when a Notes 4.6 client user opens a Domino database and chooses
the “Preview in Web Browser” option. This connects the browser to the database.
But it also opens the way to other Web browsers, whose users can modify documents in the
database.


Fixes include reconfiguring access control lists and cutting off access to the
Hypertext Transfer Protocol port—Port 80—of Notes client machines. To see the
advisory put out by the group that discovered the hole, point a browser to http://www.lopht.com/advisories/nny.txt.


—Jason Byrne
Internet: jbyrne@gcn.com

inside gcn

  • robot typing on laptop (Zapp2Photo/Shutterstock.com)

    GSA to agencies: Tap MGT for emerging tech

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group