- Email: [email protected]
Pagers endure deluge of call-backs
Doubts persist over browser security ‘l‘h~data security of both Web site
Pagers endure deluge of call-backs
Microsot t and Netscape %‘c.b brf )wser software has latcl\, been called into question. Both companic-s have been acC‘II s c d of shipping software, with security loopholes.
The SkyTel paging network in the LJS which has always prided itself in superior service suffered
service had tried to help one particular customer in trying to rcactivatc her service. In so doing the
pager gridlock from an overzealous customcrservice. A chain of unfortunate human-based mistakes rather than any real technical problems, led to an avakillche of erroneous “call-me-back” calls for over 100 000 pager users.
customer was given a personal ID number which wah linked to a secret code SkyTel uses to beam out messages to all 1.2 m of its users from the Dow, _jonc-s News Sewice.
can manipulate files or folders on a Windows 95-based PC. For example, a directory could be removed by the Web site. In response, Microsoft has a software patch that solves this problem.
On its Web site (www.microsoft.com/ie/ security/update.htm), Microsoft states “an) users running Internet Explorer 3.0 and 3.01 for Windows 95 and Windows NT 4.0 could potentially be at risk. so Microsoft strongly recommends that those
Microsoft is pushing the Internet Explorer 3.0 browser hoping to establish it as the de ,frrcto st,mdard Internet browser. In a report in Cor~~p~~fc~~. Week@, a IJK security company, AL Digital. i> said to have spotted a potential securit! problem - based on a bug in the Java language - which allows a user’s T(:P/IP address to be hacked mrhen using this version of Explorer. Microsoft subsequently developed a software patch
to resoh-t
the issue.
.I short time later Microsoft \vas hit again when engineering students at the Worcester Polytechnic Institute in the [IS tliscovered a wa)’ to commandeer a user’s P( 1when running version 3.0. Wlic.n you log on to a W’cb site using Explorer 3.0. the creator of that
Computer (’ 1997,
Audit
users
download
the
fix“
In the other camp. Netscape was also contacted by AL Digital over its Navigator browser which the cornpan) claims has a loophole ex-
posing a user’s Internet protocol address to potential hackers. In contrast to Microsoft’s prompt fix, AL Digital says that Netscape has not reacted. It says that as yet it is unsure whether the fault lies with its browser or the firewall software AI. Digital tiian;lged to circumvent.
Update
$17.00 Elsevier
l April 1997 Science Ltd.
When the callers rcsponded it only made things much worse. A small group of pagers responded to what the! thought were ID codes displayed on their beepers and then called SkyTel giving their o\vn numbers. SkyTel then sent those numbers out to the 100 000 pager customers. A large proportion of them then called back and so it went on back and forth until the whole system was jammed. Sky’l’el said that the fault had been caused 1~). an
anomaly
in
the
data-
base which caused some pagers to be called in error. But according to other parties it turns out that a SkyTel customer-
At first the SkyTel computer correctly assessed the error but an “extra helpful” sewice person overrode it. ‘l’hc number. v hich looks similar to a phone number, was sent over the network so it u ould show up on the customer’s displa),. I’nfortiin;~tel!-, the code \vas also sent to all the other customers too. ‘l’liq~ then tried to call hark and the chain rcaction bccante uncontrollable. ‘The Sky’l’cl pager \vhitcout re\rc;ils that catastrophe can lurk within a scemingl!, perfect systcm should operational procedures bc ovcr-ruIcd. Perhaps others will learn of the perils of not having an unequivocal distinction bc.t\vcen PIN and phone numbers.
Pagers endure deluge of call-backs
Microsot t and Netscape %‘c.b brf )wser software has latcl\, been called into question. Both companic-s have been acC‘II s c d of shipping software, with security loopholes.
The SkyTel paging network in the LJS which has always prided itself in superior service suffered
service had tried to help one particular customer in trying to rcactivatc her service. In so doing the
pager gridlock from an overzealous customcrservice. A chain of unfortunate human-based mistakes rather than any real technical problems, led to an avakillche of erroneous “call-me-back” calls for over 100 000 pager users.
customer was given a personal ID number which wah linked to a secret code SkyTel uses to beam out messages to all 1.2 m of its users from the Dow, _jonc-s News Sewice.
can manipulate files or folders on a Windows 95-based PC. For example, a directory could be removed by the Web site. In response, Microsoft has a software patch that solves this problem.
On its Web site (www.microsoft.com/ie/ security/update.htm), Microsoft states “an) users running Internet Explorer 3.0 and 3.01 for Windows 95 and Windows NT 4.0 could potentially be at risk. so Microsoft strongly recommends that those
Microsoft is pushing the Internet Explorer 3.0 browser hoping to establish it as the de ,frrcto st,mdard Internet browser. In a report in Cor~~p~~fc~~. Week@, a IJK security company, AL Digital. i> said to have spotted a potential securit! problem - based on a bug in the Java language - which allows a user’s T(:P/IP address to be hacked mrhen using this version of Explorer. Microsoft subsequently developed a software patch
to resoh-t
the issue.
.I short time later Microsoft \vas hit again when engineering students at the Worcester Polytechnic Institute in the [IS tliscovered a wa)’ to commandeer a user’s P( 1when running version 3.0. Wlic.n you log on to a W’cb site using Explorer 3.0. the creator of that
Computer (’ 1997,
Audit
users
download
the
fix“
In the other camp. Netscape was also contacted by AL Digital over its Navigator browser which the cornpan) claims has a loophole ex-
posing a user’s Internet protocol address to potential hackers. In contrast to Microsoft’s prompt fix, AL Digital says that Netscape has not reacted. It says that as yet it is unsure whether the fault lies with its browser or the firewall software AI. Digital tiian;lged to circumvent.
Update
$17.00 Elsevier
l April 1997 Science Ltd.
When the callers rcsponded it only made things much worse. A small group of pagers responded to what the! thought were ID codes displayed on their beepers and then called SkyTel giving their o\vn numbers. SkyTel then sent those numbers out to the 100 000 pager customers. A large proportion of them then called back and so it went on back and forth until the whole system was jammed. Sky’l’el said that the fault had been caused 1~). an
anomaly
in
the
data-
base which caused some pagers to be called in error. But according to other parties it turns out that a SkyTel customer-
At first the SkyTel computer correctly assessed the error but an “extra helpful” sewice person overrode it. ‘l’hc number. v hich looks similar to a phone number, was sent over the network so it u ould show up on the customer’s displa),. I’nfortiin;~tel!-, the code \vas also sent to all the other customers too. ‘l’liq~ then tried to call hark and the chain rcaction bccante uncontrollable. ‘The Sky’l’cl pager \vhitcout re\rc;ils that catastrophe can lurk within a scemingl!, perfect systcm should operational procedures bc ovcr-ruIcd. Perhaps others will learn of the perils of not having an unequivocal distinction bc.t\vcen PIN and phone numbers.