Week in review: Doing the security dance

Patches and exploits to software flaws led to a week of hackers and security managers playing a game of cat and mouse.

Jennifer Guevin Former Managing Editor / Reviews

Jennifer Guevin was a managing editor at CNET, overseeing the ever-helpful How To section, special packages and front-page programming. As a writer, she gravitated toward science, quirky geek culture stories, robots and food. In real life, she mostly just gravitates toward food.

See full bio

Jennifer Guevin

Dec. 2, 2005 12:21 p.m. PT

5 min read

The Sober worm e-mails ran rampant this week amid a race between software makers plugging flaws and hackers writing attack code.

Malicious messages that purported to be from the FBI, CIA or Paris Hilton generated the vast majority of virus-laden e-mail traffic in November, according to security companies.

The e-mails carried a new variant of the Sober worm in an attachment which, when opened, infected the recipient's computer. The worm then attempted to disable antivirus programs and send copies of itself to any e-mail addresses found on the hard drive.

The Sober worm still accounts for close to 43 percent of all viruses being reported to British antivirus firm Sophos. At its peak, the worm accounted for one out of every 13 e-mails relayed over the Internet, the group said Wednesday.

While e-mail users struggled to keep their in-boxes virus-free, security managers scrambled to patch users' systems to avoid potentially serious security problems.

Apple released "highly critical" security updates to address more than a dozen vulnerabilities in the Mac OS X operating system. Thirteen security flaws were found in areas related to the Apache 2 Web server, curl technology and the Safari browser. The vulnerabilities ranged from potentially letting an attacker launch a denial-of-service attack to enabling one to control a person's system remotely.

"I'm not going to stand here and defend one OS over another. I really don't care. I use WinXP, Panther, Ubuntu, and Fedora. They all have their issues."
--Rob Stevens

People running Windows faced a more pressing challenge when two new pieces of computer code that could be used in cyberattacks were posted on the Web on Wednesday and Thursday.

The exploit posted Thursday is another that could allow a remote attacker to gain complete control over a vulnerable computer. The code takes advantage of a flaw in a Windows component for transaction processing, called the Microsoft Distributed Transaction Coordinator. Microsoft addressed the flaw in security bulletin MS05-051 in October.

The attack code published Wednesday is another that exploits a flaw in the way Windows handles certain graphics files and could cause a vulnerable system to crash. Microsoft provided a patch for the flaw in November with security bulletin MS05-053 and warned that the vulnerability could create an opening for spyware and Trojan horse attacks.

Including these last two, a total of four exploits have been released for the same two Windows flaws since Sunday, according to the French Security Incident Response Team, a security research company.

Shot in the arm for open source
Change was in the wind for some prominent open-source software, with a reworking of the license covering Linux and a makeover for the Firefox browser.

The rules governing the use of most free software programs will be revised for the first time in 15 years, in an open process that began Wednesday.

The revisions will be closely watched for how the new General Public License will take account of software patents, which have exploded among proprietary software developers since 1991, the last time the license was revised.

The process could involve comments from thousands of corporations and individuals, but the Free Software Foundation will make the final judgments. The final draft is expected to be complete by fall of 2006.

Open source continues to elbow its way into corporate infrastructures. Sun Microsystems said Wednesday that it will offer free access to its Java server suite and N1 management software and bundle them with its Solaris operating system. The move will create a single package called the Solaris Enterprise System, and the company hopes the strategy will help it transform to a services-based software business.

On the browser side, Mozilla unveiled the newest version of its Web browser to eager fans. Firefox 1.5 is the first

big upgrade--promising speedier browsing, swifter updates and better pop-up blocking--since the open-source browser's debut a year ago.

Laptops go to beauty school
Laptops got a lesson in high fashion, with the unveiling of several models that said farewell to boring beige and ushered in an era of devices as stylish as they are functional.

A few Windows laptops coming from Asian manufacturers pushed the size envelope and showed off impressively compact devices. But small dimensions didn't always mean small price tags; the Flybook laptop was going for $2,490. And early reviews said smaller isn't necessarily better as some devices took the miniaturization trend a touch too far to be useful.

Another laptop showed off its softer side. Intel and Toray Ultrasuede have designed a concept laptop that features a microfiber suede fabric. The skin is integrated directly into the casing of Intel Centrino laptop PCs.

End of the affair
The honeymoon between avid gamers and the Xbox 360 was short. There was no shortage of excitement leading up to the sale of the next-gen consoles. In a scene that played out across North America, game addicts huddled in the cold night to buy one of the first Xbox 360 consoles when they went on sale last week. And those who weren't lucky enough to score an Xbox through the usual means could buy one on eBay just 36 hours after the devices went on sale--if they were willing to shell out some serious cash. Average eBay sale prices for both the core and premium systems were several hundred dollars higher than regular retail prices.

But the love affair soured shortly after the initial craze. It didn't take long for some gamers to start griping about the new consoles. In the days following the 360's debut, video game fan sites and the mainstream press seemed to be in a race to outdo each other with reports of problems with the new consoles.

Quite a few postings, such as those appearing on game sites like Xbox-Scene, related the experiences of some angry Xbox 360 owners whose new machines have already overheated or crashed. But the good news for consumers--at least so far--is that the glitches appear to be isolated, according to game experts and research analysts.

Also of note
A device called the Mosquito emits a high-frequency pulsing sound that can reportedly be heard only by young people. The Mosquito's creator hopes it will provide a solution to the eternal problem of obstreperous teenagers who hang around outside stores and cause trouble...As Hollywood readies its new and controversial high-definition DVDs, at least one major studio is leaving some of the most advanced parts of the new disc formats on the table in favor of technology that's more than a decade old...By all accounts, Sony's high-definition discs are being tapped as the successor to standard DVD, but serious production questions remain...Samsung has created the world's largest flexible LCD screen.