Security Information

Horizon Net is not responsible for ensuring the security of your system at home or at work. Although we can make recommendations, and offer consulting services in this regard, it is ultimately the responsibility of the user to ensure their system is secure.

What is meant by "secure" is becoming more complex each day, as new programs become available and as new methods are found to compromise your computer. The most common way to have your computer "hacked" by an outsider, is through e-mail viruses. These viruses can be attached to mail messages and run by you, or your mail program, causing a wide variety of problems.

To find out more about viruses, do a search on any of the search engines found on our search page, and enter the keyword "virus".

Many viruses warnings that you receive are actually hoaxes. To keep informed about which virus warnings are real and which are not, check out http://www.datafellows.fi/news/hoax.htm

While your computer is connected to the Internet, an intruder can also gain access through open ports. To find out more about this type of security issue, we recommend that you check out www.grc.com and request a port scan.

The CERT Coordination Center has received reports of a vulnerability in some MIME-aware mail and news clients. As of the publication date of this advisory, they have not received any reports indicating this vulnerability has been successfully exploited.

The solution to the problem is to obtain and install a patch for your software from their site.

Netscape

http://www.netscape.com/products/security/resources/bugs/longfile.html

Microsoft Corporation

http://www.microsoft.com/security/bulletins/ms98-008.htm

Affected Software Versions
==========================
- Outlook 98 on Windows (R) 95, Windows 98 and Microsoft Windows NT (R) 4.0
- Outlook Express 4.0, 4.01 (including Outlook Express 4.01 with Service Pack 1) on Windows 95, Windows 98 and Windows NT 4.0
- Outlook Express 4.01 on Solaris
- Outlook Express 4.01 on the Macintosh

QUALCOMM Incorporated

http://eudora.qualcomm.com/security.html

Affected Software include Eudora, Eudora Light and Eudora Pro.

Hewlett-Packard Company

The version of dtmail supplied by HP, as part of HP's CDE product, is vulnerable. Patches in process.

NetBSD Foundation

The NetBSD Foundation package system contains packages for mutt and pine. All users should upgrade to the latest version of these packages as soon as possible. Updated binary packages will become available on the NetBSD FTP server as soon as possible, and will be announced on the netbsd-announce@netbsd.org list. To join this list, or more information about NetBSD, please see http://www.NetBSD.ORG/.

Sun Microsystems, Inc.

Sun Microsystems is working on patches for the following products:
  • dtmail
    • CDE versions 1.0.1, 1.0.2 and 1.2.
    • Patches will be available within three weeks
  • mailtool
    • Openwindows versions 3.0, 3.3, 3.4, 3.5 and 3.6.
    • Patches will be available within one week.

University of Washington

Pursuant to recent reports of vulnerability to mal-formed or malicious MIME attachments, the UW Pine Team has corrected a few cases of potential buffer overrun in the latest Pine Message System release, version 4.02, that might cause Pine to crash when inordinately long MIME-header information is encountered.

It has been speculated that these problems could be exploited to allow a message sender to execute an arbitrary command on behalf of the receiving user, although with no more privilege than the receiving user. While the UW Pine Team is not aware of any specific attacks involving this bug, they have made a source patch available to address this threat.

The source patch is available from: ftp://ftp.cac.washington.edu/pine/pine4.02A.patch

Or via links found within the Pine Information Center at: http://www.washington.edu/pine/

To read the entire text orf the CERT advisory, click here.

Horizon Net is not responsible for upgrading your software to ensure it is secure. If you require assistance, with respect to this advisory, please contact the office to set up an appointment and one of our technicians can be scheduled to perform the upgrade on your system. There will be a minimum $30.00 fee if you bring your computer to our office or a minimum $50.00 fee if we go to your premises.

 

    
This site is copyright © 2008 Horizon Net, all rights reserved (See copyright notice)
Terms of Service Horizon Net is owned and operated byT'ND Graphics Ltd.
Please contact us at support@horizon.bc.ca