It has nothing to do with illegal drugs but a lot to do with security and digital signatures'hashing protects electronically transmitted messages against tampering.
A hash is generated from a string of text or characters by a formula designed to make it highly unlikely that another string could produce the same hash value.
A secure message must first be hashed and then encrypted before sending. The recipient's software must decrypt the message, then the hash, then produce another hash from the received message and finally compare the two to make sure the message was not tampered with in transit.Hash and the Domino effect.
A vulnerability in Lotus Notes and Domino client-server software might let a hacker impersonate an authorized user, according to iDefense Inc., a Fairfax, Va., network security company.
IDefense said the weakness shows up when Domino's user-authentication tool is on a system that is under attack. The problem is the Lotus client's Hypertext Transfer Protocol hash password file, which an attacker can break into to masquerade as an authorized user.
The password file needs stronger encryption, iDefense said, to prevent brute-force attackers from accessing the hash password file. Lotus also should implement better permission settings, according to iDefense; once a system has been penetrated, Domino by default grants the invader world-readable access to delete, create and modify files remotely.Patching up, Part I.
Microsoft Corp. has released another security patch to counter the so-called malformed e-mail header attack, which lets hackers run their code on compromised computers.
An attacker sends an e-mail that, once downloaded from the mail server, hands control of the computer to the attacker via a Dynamic Link Library hole. The weakness is a DLL file shared by Microsoft Outlook and Outlook Express. Outlook clients using only Messaging Application Programming Interface to communicate with their mail servers are OK; this mostly applies to Post Office Protocol 3 accounts. Go to www.microsoft.com/windows/ie/download/critical/patch9.htm
for the download.Still patching things up, Part II.
The first bug patches for Windows 2000 focus on making it more secure and compatible with hardware and other software.
Service Pack 1 is not a required upgrade, but it improves setup, application compatibility, reliability and security. Users can download or order a CD-ROM. Visit www.microsoft.com
.'Carlos A. Soto