Computer hash. It has nothing to do with illegal drugs but a lot to do with security and digital signatures'hashing protects electronically transmitted messages against tampering.

A hash is generated from a string of text or characters by a formula designed to make it highly unlikely that another string could produce the same hash value.

A secure message must first be hashed and then encrypted before sending. The recipient's software must decrypt the message, then the hash, then produce another hash from the received message and finally compare the two to make sure the message was not tampered with in transit.

Hash and the Domino effect. A vulnerability in Lotus Notes and Domino client-server software might let a hacker impersonate an authorized user, according to iDefense Inc., a Fairfax, Va., network security company.

IDefense said the weakness shows up when Domino's user-authentication tool is on a system that is under attack. The vulnerability has to do with the Lotus client's Hypertext Transfer Protocol hash password file, which an attacker can break into to masquerade as an authorized user.

The password file needs stronger encryption, iDefense said, to prevent brute-force attackers from accessing the hash password file. Lotus also should implement better permission settings, according to iDefense; once a system has been penetrated, Domino by default grants the invader world-readable access to delete, create and modify files remotely.

Patching up, Part I. Microsoft Corp. has released another security patch to counter the so-called malformed e-mail header attack, which lets hackers run their code on compromised computers.

An attacker sends an e-mail that, once downloaded from the mail server, turns over control of the computer to the attacker via a Dynamic Link Library hole.

The weak spot is a .dll file shared by Microsoft Outlook and Outlook Express. Outlook clients that use only the Messaging Application Programming Interface to communicate with their mail servers are not affected; it mostly applies to Post Office Protocol 3 accounts.

Go to for the download.

Still patching things up, Part II. The first bug patches for Microsoft Windows 2000 concentrate on making it more secure and compatible with hardware devices and other software.

Service Pack 1 is not a required upgrade for the operating system, but it improves setup, application compatibility, reliability and security. Users can download or order it on CD-ROM. For more information, visit

'Carlos A. Soto

E-mail: [email protected]


  • 2020 Government Innovation Awards
    Government Innovation Awards -

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected