A previously unknown flaw in Microsoft Corp.'s Windows operating system is leaving computer users vulnerable to spyware, viruses and other programs that could overtake their machines and has sent the company scrambling to come up with a fix.
Microsoft said in a statement yesterday that it is investigating the vulnerability and plans to issue a software patch to fix the problem. The company could not say how soon that patch would be available.
Mike Reavey, operations manager for Microsoft's Security Response Center, called the flaw "a very serious issue."
Security researchers revealed the flaw on Tuesday and posted instructions online that showed how would-be attackers could exploit the flaw. Within hours, computer virus and spyware authors were using the flaw to distribute malicious programs that could allow them to take over and remotely control afflicted computers.
Unlike with previously revealed vulnerabilities, computers can be infected simply by visiting one of the Web sites or viewing an infected image in an e-mail through the preview pane in older versions of Microsoft Outlook, even if users did not click on anything or open any files. Operating system versions ranging from the current Windows XP to Windows 98 are affected.
An estimated 90 percent of personal computers run on Microsoft Windows operating systems. Microsoft has found itself under attack on several instances and has been forced to issue a number of patches to keep computers running Windows safe. Mac and Linux computer users are not at risk with this attack, even if their computers run Microsoft programs such as Office or the Internet Explorer Web browser.
Reavey encouraged users to update their anti-virus software, ensure all Windows security patches are installed, avoid visiting unfamiliar Web sites, and refrain from clicking on links that arrive via e-mail or instant message.
"The problem with this attack is that it is so hard to defend against for the average user," said Johannes Ullrich, chief research officer for the SANS Internet Storm Center in Bethesda.
At first, the vulnerability was exploited by just a few dozen Web sites. Programming code embedded in these pages would install a program that warned victims their machines were infested with spyware, then prompted them to pay $40 to remove the supposed pests.
Since then, however, hundreds of sites have begun using the flaw to install a broad range of malicious software. SANS has received several reports of attackers blasting out spam e-mails containing links that lead to malicious sites exploiting the new flaw, Ullrich said.
Dean Turner, a senior manager at anti-virus firm Symantec Corp. of Cupertino, Calif., said the company has seen the vulnerability exploited to install software that intercepts personal and financial information when users of infected computers enter the data at certain banking or e-commerce sites.
Eric Sites, vice president of research and development for anti-spyware firm Sunbelt Software, said he has spotted spyware being downloaded to a user's machine by online banner advertisements.
"Pretty much all of the spyware guys who normally use other techniques for pushing this stuff down to your machine are now picking this exploit up," Sites said.
Because the vulnerability exists within a faulty Windows component, security experts warn that Windows users who eschew Internet Explorer in favor of alternative Web browsers, such as older versions of Firefox and Opera, can still get their PCs infected if they agree to download a file from a site taking advantage of the flaw.
Richard M. Smith, a Boston security and privacy consultant, said he was particularly worried that the vulnerability could soon be used to power a fast-spreading e-mail worm.
"We could see the mother of all worms here," Smith said. "My big fear is we're going to wake up in the next week or two and have people warning users not to read their e-mail because something is going around that's extremely virulent."
Written by: Brian Krebs is a washingtonpost.com reporter.
Friday, December 30, 2005
Web services thrive, but outages outrage users
LONDON (Reuters) - Web sites that share blogs, bookmarks and photos exploded in popularity in 2005, but in recent weeks a number of major outages left users stranded and frustrated.
The new breed of Web site includes blogging services such as TypePad, the photo site Flickr, the shared bookmark site del.icio.us and many others. They are sometimes known collectively as "Web 2.0": hosted online, relying heavily on users' submissions, and frequently updated and tweaked by their owners.
Their growth in the last year has been huge. Flickr and del.icio.us were high-profile acquisitions for Internet giant Yahoo, and there are now at least 20 million blogs in existence, according to some estimates, with tens of thousands being added every day.
But the surge in Web-based applications hasn't come without some serious hiccups as several notable services have crashed.
Six Apart, whose TypePad service is used by many high-profile bloggers, experienced nearly an entire day of downtime on December 16, when it suffered a hardware failure. Del.icio.us had a major power failure on December 14. Services including Bloglines, Feedster and WordPress have also experienced problems.
Nothing underlines the importance of these "social media" services as much as the outcry of users when the sites crash. While the services were usually back up and running within a few days at most, the outages prompted much consternation from users who were temporarily unable to share their blogs and bookmarks with the world.
Russell Buckley and Carlo Longino wrote on their blog MobHappy (http://mobhappy.typepad.com/) that waiting for TypePad to be fixed was like "waiting for a train to arrive, when you're sitting on a cold, damp platform. It's mildly irritating for the first 5 minutes, but then annoyance levels start to rise exponentially."
"TypePad has been growing so rapidly that it is finding the hard way that scale and scalability matter," Business 2.0 technology writer Om Malik wrote on his blog (http://gigaom.com/). "Are they the only ones? Not really -- over (the) past few days Bloglines, Feedster and Wordpress.com have been behaving like a temperamental 3-year-old."
The usefulness of Web 2.0 services -- which also include the collaborative Web pages known as Wikis and RSS feeds that deliver customized information to users -- is highlighted when they are abruptly taken away.
"You need those services to be 'on.' I have come to expect 99.9 percent uptime, and when a service crashes there is significant frustration," said David Boxer, director of instructional technology and research at the Windward School in Los Angeles, where he runs workshops on subjects like podcasting and photoblogging.
"When those services go down, then we are stuck in a ditch," he said.
Boxer's students have worked on projects aimed at making them "citizen journalists" via publishing their own blogs, podcasts, documentaries and photo essays. But when those services suffer outages, everything grinds to a halt.
When the Blogger Web site went down, Boxer's students lost some of their work. And when del.icio.us crashed recently, "it left me personally in a lurch," he said.
"I knew that eventually a machine or software application will crash, but I always expect a third-party provider like del.icio.us will build enough redundancy into the infrastructure that it will never go down," Boxer said.
It is still early days for Web 2.0, and some of the recent difficulties are likely just teething problems as companies adapt to their new popularity. However, the outages may make it harder to convince businesses and investors that blogging is ready for primetime.
Boxer, for one, is willing to ride out a few outages to take advantage of the new services.
"They allow for elements of personalization, content delivery and information pushing unlike any previous incarnation of the Net," he said.
WEB 2.0 LINKS
TypePad (http://www.typepad.com/): A paid-for service for publishing blogs and photo albums. Competitors include Wordpress (http://wordpress.org/) and Google's Blogger.com (http://www.blogger.com).
Flickr (http://www.flickr.com/): An online service for sharing and managing photos.
Del.icio.us (http://del.icio.us): A site for storing and sharing bookmarked Web pages.
Computer book publisher Tim O'Reilly's essay on Web 2.0 (http://www.oreillynet.com/pub/a/oreilly/tim/news/2005/09/30/wha t-is-web-20.html)
Written by: By Adam Pasick
The new breed of Web site includes blogging services such as TypePad, the photo site Flickr, the shared bookmark site del.icio.us and many others. They are sometimes known collectively as "Web 2.0": hosted online, relying heavily on users' submissions, and frequently updated and tweaked by their owners.
Their growth in the last year has been huge. Flickr and del.icio.us were high-profile acquisitions for Internet giant Yahoo, and there are now at least 20 million blogs in existence, according to some estimates, with tens of thousands being added every day.
But the surge in Web-based applications hasn't come without some serious hiccups as several notable services have crashed.
Six Apart, whose TypePad service is used by many high-profile bloggers, experienced nearly an entire day of downtime on December 16, when it suffered a hardware failure. Del.icio.us had a major power failure on December 14. Services including Bloglines, Feedster and WordPress have also experienced problems.
Nothing underlines the importance of these "social media" services as much as the outcry of users when the sites crash. While the services were usually back up and running within a few days at most, the outages prompted much consternation from users who were temporarily unable to share their blogs and bookmarks with the world.
Russell Buckley and Carlo Longino wrote on their blog MobHappy (http://mobhappy.typepad.com/) that waiting for TypePad to be fixed was like "waiting for a train to arrive, when you're sitting on a cold, damp platform. It's mildly irritating for the first 5 minutes, but then annoyance levels start to rise exponentially."
"TypePad has been growing so rapidly that it is finding the hard way that scale and scalability matter," Business 2.0 technology writer Om Malik wrote on his blog (http://gigaom.com/). "Are they the only ones? Not really -- over (the) past few days Bloglines, Feedster and Wordpress.com have been behaving like a temperamental 3-year-old."
The usefulness of Web 2.0 services -- which also include the collaborative Web pages known as Wikis and RSS feeds that deliver customized information to users -- is highlighted when they are abruptly taken away.
"You need those services to be 'on.' I have come to expect 99.9 percent uptime, and when a service crashes there is significant frustration," said David Boxer, director of instructional technology and research at the Windward School in Los Angeles, where he runs workshops on subjects like podcasting and photoblogging.
"When those services go down, then we are stuck in a ditch," he said.
Boxer's students have worked on projects aimed at making them "citizen journalists" via publishing their own blogs, podcasts, documentaries and photo essays. But when those services suffer outages, everything grinds to a halt.
When the Blogger Web site went down, Boxer's students lost some of their work. And when del.icio.us crashed recently, "it left me personally in a lurch," he said.
"I knew that eventually a machine or software application will crash, but I always expect a third-party provider like del.icio.us will build enough redundancy into the infrastructure that it will never go down," Boxer said.
It is still early days for Web 2.0, and some of the recent difficulties are likely just teething problems as companies adapt to their new popularity. However, the outages may make it harder to convince businesses and investors that blogging is ready for primetime.
Boxer, for one, is willing to ride out a few outages to take advantage of the new services.
"They allow for elements of personalization, content delivery and information pushing unlike any previous incarnation of the Net," he said.
WEB 2.0 LINKS
TypePad (http://www.typepad.com/): A paid-for service for publishing blogs and photo albums. Competitors include Wordpress (http://wordpress.org/) and Google's Blogger.com (http://www.blogger.com).
Flickr (http://www.flickr.com/): An online service for sharing and managing photos.
Del.icio.us (http://del.icio.us): A site for storing and sharing bookmarked Web pages.
Computer book publisher Tim O'Reilly's essay on Web 2.0 (http://www.oreillynet.com/pub/a/oreilly/tim/news/2005/09/30/wha t-is-web-20.html)
Written by: By Adam Pasick
Subscribe to:
Posts (Atom)
