Friday, November 19, 1999

11/19/99 8:34:44 pm

• Ganging up on Microsoft See also TBTF for 1999-08-16, 07-19, 02-15, 02-01, 01-13, 01-04, 1998-12-23, 12-15, 12-07, 11-11, 10-19, more...

  Judge appoints a mediator if Microsoft, DoJ want to talk. Judge Thomas Penfield Jackson appointed a fellow jurist to help Microsoft and the Justice Department reach a settlement, if the two sides decide to get together and try. Richard Posner, chief judge for the 7th U.S. Circuit Court of Appeals in Chicago, will have full discretion in setting out the "manner and duration" of any such talks. A Microsoft spokesman said the appointment was "potentially a very positive step."

Thursday, November 18, 1999

11/18/99 1:32:34 pm

• German high court overturns Net censorship verdict, and Australia cheers.

  (Published in TBTF -- see http://tbtf.com/archive/1999-12-16.html#s03.)

11/18/99 8:54:47 am

• A new way to probe a network. The SANS Institute (a non-profit organization of system and network administrators) has issued an advisory, and a request for assistance, on a new form of network probe. Within the last week admins have been reporting unrequested ICMP echo replies -- that is, ping echo replies on their networks for which there were no corresponding echo requests. This technique could function as a stealthy network mapping scan: when a probe arrives for a host that doesn't exist, an internal router will reply with an "unreachable" message. By finding all the unreachable hosts, an attacker would be able to enumerate the hosts that do exist, in order to target them for later, loving attention.

  The SANS Institute issued this request for help in profiling this new intrusion threat.

  If your site has instrumentation and can detect echo replies for which there are no echo requests, please sanitize your internal addresses and send the trace here. If we receive enough information to write a report, the latest information will be posted on the SANS web site.

  Thanks to TBTF Irregular Mark Gibbs for the forward.

Wednesday, November 17, 1999

11/17/99 1:54:44 pm

• Microsoft security bugs and exploits See also TBTF for 1999-08-30, 1998-02-02, 01-26, 01-19, 1997-11-17, 11-10, 10-20, 08-11, 06-23, 05-22, 05-08, more...

  Do not entrust a password to Windows CE. Bill Gates pushed Windows CE at Comdex, but it's beginning to look like Palm OS has won and WinCE is destined for the ash-heap of history. In recent weeks both Philips Electronics and South Korea's LG Electronics have pulled their Windows CE-based handhelds from the market -- they just weren't selling. And at Comdex, Everex announced that it too will abandon its non-starter line of WinCE-based portables. The biggest blow so far, though, was Sony's choice of the PalmOS over WinCE for its yet-to-be-developed line of consumer portable gadgets.

  In his CRYPTO-GRAM newsletter (see TBTF Sources), Bruce Schneier broke news of yet more trouble for WinCE. Seems its developers, out of laziness or time pressure, have ripped a massive hole in the security of any Windows NT password stored on a WinCE device. Let Schneier describe it:

  Microsoft encrypts your Windows NT password when stored on a Windows CE device. But if you look carefully at their encryption algorithm, they simply XOR the password with "susageP", Pegasus spelled backwards. Pegasus is the code name of Windows CE. This is so pathetic it's staggering.

  Here is Jeff Zamora of CEGadgets.com describing how he discovered this dizzying implementation blunder. WinCE? Whoever wrote that code ought to cringe and shrivel.

  (Though I read Schneier's newsletter when it arrived -- I don't dare do otherwise -- Alan Wexelblat's prodding was what made this item happen.)

Tuesday, November 16, 1999

11/16/99 2:51:22 pm

• Two new activist sites.

  [ Lost this article in a system crash; may be recoverable from backup. Sysadmin says "Don't hold your breath." ]

Sunday, November 14, 1999

11/14/99 3:42:43 pm

• First-ever Usenet gag order.

  [ Lost in the system crash. ]