LAB NOTES

LAB NOTES

Computer hash. It has nothing to do with illegal drugs but a lot to do with security and digital signatures'hashing protects electronically transmitted messages against tampering.

A hash is generated from a string of text or characters by a formula designed to make it highly unlikely that another string could produce the same hash value.

A secure message must first be hashed and then encrypted before sending. The recipient's software must decrypt the message, then the hash, then produce another hash from the received message and finally compare the two to make sure the message was not tampered with in transit.

Hash and the Domino effect. A vulnerability in Lotus Notes and Domino client-server software might let a hacker impersonate an authorized user, according to iDefense Inc., a Fairfax, Va., network security company.

IDefense said the weakness shows up when Domino's user-authentication tool is on a system that is under attack. The vulnerability has to do with the Lotus client's Hypertext Transfer Protocol hash password file, which an attacker can break into to masquerade as an authorized user.

The password file needs stronger encryption, iDefense said, to prevent brute-force attackers from accessing the hash password file. Lotus also should implement better permission settings, according to iDefense; once a system has been penetrated, Domino by default grants the invader world-readable access to delete, create and modify files remotely.

Patching up, Part I. Microsoft Corp. has released another security patch to counter the so-called malformed e-mail header attack, which lets hackers run their code on compromised computers.

An attacker sends an e-mail that, once downloaded from the mail server, turns over control of the computer to the attacker via a Dynamic Link Library hole.

The weak spot is a .dll file shared by Microsoft Outlook and Outlook Express. Outlook clients that use only the Messaging Application Programming Interface to communicate with their mail servers are not affected; it mostly applies to Post Office Protocol 3 accounts.

Go to
www.microsoft.com/windows/ie/download/critical/patch9.htm for the download.

Still patching things up, Part II. The first bug patches for Microsoft Windows 2000 concentrate on making it more secure and compatible with hardware devices and other software.

Service Pack 1 is not a required upgrade for the operating system, but it improves setup, application compatibility, reliability and security. Users can download or order it on CD-ROM. For more information, visit www.microsoft.com.

'Carlos A. Soto

E-mail: csoto@gcnlab.com

inside gcn

  • artificial intelligence (vs148/Shutterstock.com)

    Government leans into machine learning

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group