CNET también está disponible en español.

Ir a español

Don't show this again


This week in security

ISP gets hijacked, with all DNS records moved to the U.K. Plus, both Microsoft and Apple come under fire for holes in Office and Mac OS X.

Security is often a complex undertaking, especially when you find your ability to control it wrenched from your hands. An Internet service provider in New York learned that first hand last week, when its domain name and e-mail were apparently hijacked.

A representative said that ownership of the domain had been moved to a company in Australia, that the domain name server (DNS) records had been moved to the United Kingdom, and that the company's e-mail had been redirected to a company in Canada. E-mail to the domain was being directed to the false site and "should be considered lost or compromised," the ISP said.

Your desktop may not be much safer. The data protection feature in Microsoft Word and Excel documents has a major flaw that could allow snoopers to decode password-protected files, a security researcher has warned.

In the world of cryptographers, encryption schemes that encode more than one message using the same key are seen as flawed. That's because a comparison of the information in the encrypted messages can significantly shorten the search for the correct key to unlock the messages.

The Office flaw is the latest issue that Microsoft has had with implementing encryption in its products. Security researchers have taken the company to task repeatedly in the past for the weak passwords in previous versions of the Windows operating system.

Meanwhile, Apple Computer was wrestling with its own reports of flaws. A source-code audit of the open-source operating system from which Apple borrowed much of the code for Mac OS X revealed four vulnerabilities of varying severity in Apple's software, a security company said.

The flaws in the Darwin OS affect Mac OS X version 10.3--code-named Panther--and are caused by memory errors in the kernel, according to an advisory released by ImmunitySec, the security company that found the flaws. The flaws include a bug in Mac OS X's SearchFS function, several kernel memory overflows and a logic bug in the AT command, which is used to schedule tasks by the operating system.