Computer Knowledge Newsletter – October 1998 Issue

In This Issue:

Admin Note: Sorry for the delay this month. When I would normally be writing this I was on a trip to Death Valley and had to start organizing the pictures and story of that trip to post on my new domain for such things. If curious, give this URL a try: Link

Virus News

NAI Buys Dr. Solomon’s. Network Associates, Inc. has purchased Dr. Solomon’s. It appears that they will be combining the McAfee interface with the Dr. Solomon anti-virus engine; although will we have to wait to see if that is their plan and how well it will work.

General Security

Delete Doesn’t. If you’ve read the Starr Report you might have come upon this little item: “In addition, a deleted computer file from Ms. Lewinsky’s home computer contained an apparent draft letter to the President that….” There is a clear lesson in this sentence fragment: when you delete a file on a computer, it’s not really deleted and there is some possibility it can be recovered. Indeed, with Windows95 and later there is an even better chance it can be recovered than with prior versions of Windows or DOS.

The basic delete command on a computer simply removes a pointer to the file in the disk’s directory; it does not delete the file itself from the disk. That means the file can be recovered if it can be found on the disk. So, if you want to be more secure, you have to purchase and use a third-party utility that overwrites the file on deletion; and overwrites it several times since a simple overwrite can also be recovered from using special techniques. When evaluating such utilities, don’t just pick one that overwrites files you delete; pick one that overwrites those plus all temporary files created by the system. Finally, also beware of word processors (and other programs) that automatically create backup files with every save. These backup files can be forgotten and a source of potential embarrassment.

Last, but not least, don’t forget files that might reside on backups hidden away off-site.

Deleting files is not as easy as it sounds!

Scientific American Article. Last month we told you about an article in the October 1998 issue of Scientific American about computer network security. It seems that article has generated quite a bit of comment on newsgroups. The majority complaint is from those involved in hacking networks, and their complaint was that the article was too general and did not cover newer hacking techniques. While these complaints are generally true, if the article can be used in any way to enhance computer security awareness, particularly in management that does not understand computers, then it will have served a very valuable service. We stand by our recommendation that it be read. But, in reading it, understand that there is much more than what’s covered.

AOL DNS Hacked. The middle of October you may have noticed problems getting to any AOL location. A hacker was able to take advantage of lax security in the relationship between AOL and InterNIC and changed the IP pointers for AOL in the InterNIC database, effectively placing AOL off limits.

InterNIC, the keeper of the master database that relates domains to IP numbers, has several levels of security. At the most secure, InterNIC will only accept changes that are encrypted using a specific known key. At the least secure, InterNIC will accept changes from anyone with the right return E-mail address (which is easy to forge). AOL had used the least secure option for their main entry and some hacker was able to take advantage of that.

The problem was quickly found and fixed, but because of transmission time across the internet, some remote databases took up to a day or two to get updated.

Hotmail Frames. Hotmail users have always been able to click on a URL in E-mail messages and have their browser start and display the referenced page. In an effort to help users Hotmail started framing such sites in a frame that told them they were leaving the Hotmail site. The frame persisted until the user manually entered a URL into their browser.

While an interesting concept, several demonstration hacks have been able to easily bypass this “security” measure. Also, since clicking on Hotmail advertisers did not bring up the warning frame; non-advertisers have claimed bias.

The bottom line is that users must take responsibility for their actions. Never rely on automatic means to fully protect you.

Another Netscape Bug. If you’re using Netscape Navigator, it’s time to upgrade (again). The latest bug allows any web site operator use JavaScript to obtain copies of a user’s browser cache, cookie files, and directory file information. By now the Netscape site should have new versions with fixes posted.

Auction Site Security Hole. Personal information, including names, addresses, and even credit card numbers have been exposed for months via a rather large hole in the security of small and medium-sized auction sites. The really bad part of this problem was that the records did not necessarily require extensive hacks to get to; a simple click on the right web page listing could have revealed them.

The problem revolved around sites using older versions of particular auction software (from a company called OpenSite) with the site managers not setting the software up properly or securing their sites with keys. Large auction sites (e.g., eBay) use proprietary software and were not affected.

As a user you have little control over things like this; just beware. In my case, I have several different credit cards, from different banks. I use one when physically presenting the card. I use another when phoning in an order for something. And, I use a third for orders processed over the internet. That gives me some security and, should something happen, a way to help the bank’s security people find out how the card number was compromised.

Shadow Hacking. In the past hackers could be detected by their extensive activities on a site. Most firewalls will detect and lock out such activity from a single site. But, a new attack mode has come up where hackers have started to cooperate and mount what have been called “shadow” attacks. In a shadow attack many hackers in different locations each probe the site under attack at rates of no more than two hits per hour. The information from each hit is coordinated among the hackers and significant information about the site can be obtained; usually without triggering alarms at the site.

Shadow attacks have been noted at Defense Department computers and at private sites both in and outside the U.S. Sites that have detected attacks have also started to cooperate by providing information about the attacks to CERT for analysis.

So, if you are noting a great increase in activity from sites not normally accessing your system, take care; it just might be a shadow attack in progress.

Information of Interest

Computer Users Have Lower Grades. A study performed by the Educational Testing Service (New Jersey) has reported that in some cases the $5 billion going into educational technology may be hurting children instead of helping them. In a study of almost 14,000 grade-school students math tests had reduced scores for the computer users.

This appears to be a result of the way the computer were being used. They were used for repetitive math drills instead of applications of math concepts.

So, get out the pens and pencils for math drills folks.

New on the Web Site

We’re working hard on our new domain ( and will be integrating and together into a whole over the next several months. We hope you will enjoy the two together. [Try it!Web Link]

In closing: If you get a chance to visit Death Valley (when it’s comfortable!) take it; it’s a fascinating place.