Microsoft has released sevenpatches for July, two of whichare cited as “critical,” butexperts doubt that the bugswill turn into worms.

The most severe vulnerabili-ties relate to HTML Helpaffecting Internet Explorer,and Microsoft Task Scheduler.

"The flaws exploit a prob-lem in Microsoft InternetExplorer, that permits code torun on the system," said PhilRobinson, Technical Managerat security company, IRM.For a worm to be forthcom-ing, it needs transportbetween systems. As IE does-n't listen for network connec-tions, this can't happen, hesaid.

Windows Task Schedulerhas a buffer overflow, which ifexploited could let an attackerexecute code by duping a vic-tim into visiting an infectedwebsite or opening a mali-cious email, warns US-CERT,the computer emergencydepartment centre.

The other critical updatepatches two holes, one inshowHelp, and the other inHTML help, which couldenable a Web-based attack,where an attacker woulddirect users to an infected site.Microsoft says that the vulner-ability in showHelp is alreadybeing exploited.

Brian White, Labour MP forMilton Keynes, and a memberof the APIG.

In its review of the 1990,pre-web, CMA, the group hascalled for the basic sentencefor hacking to be raised to twoyears; this would allow extra-dition proceedings to bebrought against suspects.Serious hacking carries a max-imum five-year sentence atpresent.

"It is important to send aclear message that society nowtakes hacking offences moreseriously in 1990", said thereport.

Steve Gold, a freelancejournalist who, along withRobert Schifreen, provokedthe original Act into being,queries whether a CMA 2would be "capable of stop-ping elite hackers". TheComputer Misuse Act wasprompted by the Law Lords'acquittal on appeal of Gold

and Schifreen, who hadhacked into Prince Philip'smailbox in 1984 on theBritish Telecom servicePrestel. The Lords ruled thatthe Forgery Act did not coverdeceiving a computer, and sothe CMA was born.

The former hacker agreesthat the CMA is "certainlyout of date, but the problemreally lies in whether the pow-ers have the technical where-withal to deal with theproblem. My gut reaction isthat black, and white, hathackers will do what they doregardless of whether the sentence is 20 years or 20months".

Better computer ethics edu-cation in Europe is the wayforward, he says. "In the USthere are fewer instances ofhack attacks pro rata thanthere are Europe, and that'sbecause computer ethics hasbeen taught to children therefor six or seven years now."

news

3

MICROSOFT RELEASESTROJAN KILLERMicrosoft has released a soft-ware tool that cleans theDownload.Ject or "Scob"payload from the BerbrewTrojan horse program developed by Russian hack-ers. It has also disabled aWindows component calledADODB.Stream, whichhackers used to copy mali-cious code onto Windowsmachines. Both are availablefrom the company website.

FTC RANKS SPAMMERSWITH VERMINThe US Government pays abounty to anyone who killsvermin such as coyotes andrats. Now, because January'sCAN-Spam law has not cutthe volume of unsolicited e-mail, the Federal TradeCommission may pay abounty of 20% of court finesto citizens who provide infor-mation that leads to a convic-tion under the Act. Reportssay the FTC will seek multi-million-dollar fines fromthose who turn other people'scomputers into zombie spamagents.

MICROSOFT SEARCHEXPERT CHARGEDWITH HACKINGThe FBI has charged aMicrosoft expert on searchtechnology with hacking andstealing source code from hisformer employer, searchengine company Alta Vista.The alleged incident hap-pened in 2002, beforeFrenchman Laurent Chavetjoined Microsoft to work on

a project to make Microsoftsearch engines competitivewith Google and Yahoo,which owns Alta Vista.

SOFTWARE PIRATESLOOT $29 BILLIONSoftware developers lose 60%of their annual sales, nowworth an estimated $51 bil-lion, to pirates, claims theBusiness Software Alliance(BSA)."Peer-to-peer file-shar-ing services are becoming ahuge problem for us," saysBSA's Asia-Pacific directorJeffrey Hardee.

CHINESE SELL VIRUSSERVICEChinese hackers are advertis-ing computers viruses madeto order for less than US$25. Rising, a leading Chineseanti-virus software firm saysthe hackers are upgradingexisting viruses to dodge anti-virus applications. An adver-tisement on a website, nowblocked by the government,asked interested parties tocontact the hackers via theirQQ instant messaging serviceaccount. "

XP UPGRADE TO COMEON FREE CDMicrosoft UK will distributeup to one million free CDscontaining XP Service Pack2, a major upgrade thatimproves the overall securityof XP and makes it easier forusers to control their securitysettings. Microsoft UK, saysusers can download or orderthe CD from the Microsoftwebsite.

In Brief

Microsoft unleash 7 updates

Continued from page 1 ...