Computer hash. It has nothing to do with illegal drugs but a lot to do with security and digital signatures'hashing protects electronically transmitted messages against tampering.

A hash is generated from a string of text or characters by a formula designed to make it highly unlikely that another string could produce the same hash value.

A secure message must first be hashed and then encrypted before sending. The recipient's software must decrypt the message, then the hash, then produce another hash from the received message and finally compare the two to make sure the message was not tampered with in transit.

Hash and the Domino effect. A vulnerability in Lotus Notes and Domino client-server software might let a hacker impersonate an authorized user, according to iDefense Inc., a Fairfax, Va., network security company.

IDefense said the weakness shows up when Domino's user-authentication tool is on a system that is under attack. The vulnerability has to do with the Lotus client's Hypertext Transfer Protocol hash password file, which an attacker can break into to masquerade as an authorized user.

The password file needs stronger encryption, iDefense said, to prevent brute-force attackers from accessing the hash password file. Lotus also should implement better permission settings, according to iDefense; once a system has been penetrated, Domino by default grants the invader world-readable access to delete, create and modify files remotely.

Patching up, Part I. Microsoft Corp. has released another security patch to counter the so-called malformed e-mail header attack, which lets hackers run their code on compromised computers.

An attacker sends an e-mail that, once downloaded from the mail server, turns over control of the computer to the attacker via a Dynamic Link Library hole.

The weak spot is a .dll file shared by Microsoft Outlook and Outlook Express. Outlook clients that use only the Messaging Application Programming Interface to communicate with their mail servers are not affected; it mostly applies to Post Office Protocol 3 accounts.

Go to for the download.

Still patching things up, Part II. The first bug patches for Microsoft Windows 2000 concentrate on making it more secure and compatible with hardware devices and other software.

Service Pack 1 is not a required upgrade for the operating system, but it improves setup, application compatibility, reliability and security. Users can download or order it on CD-ROM. For more information, visit

'Carlos A. Soto

E-mail: [email protected]


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected