Microsoft concerned new 'wink' feature may open system up to attacks
By Joris Evers, IDG News Service October 06, 2004
Microsoft (Profile, Products, Articles) has suspended the beta testing
of the next version of its MSN Messenger client because of a potential
security problem, a company spokeswoman said Wednesday.
ADVERTISEMENT
[EXT]
RELATED LINKS
• SANS unveils Top 20 security vulnerabilities
• Word mangled by unpatched security hole
• CA expects loss on restructuring, settlement charges
• Security RSS feed [EXT]
MORE
IDG ENTERPRISE NETWORK
• More Security News... (ComputerWorld)
• Tandberg promises safer, cheaper storage with fewer disks
(TechWorld)
• Howard Schmidt to lead U.S. CERT (ComputerWorld)
TOP STORIES
• ASP.Net glitch discovered
• Microsoft opens IP in licensing push
• HP to roll out managed SMB services next year
• Top News RSS feed [EXT]
MORE
GOVERNMENT IT & POLICY
• House Approves Spyware Bills
• Spyware Bills Win House Approval
• Urging Fact-Checking, Cheney Got Site Wrong
[EXT]
TOP SITE REFERRALS
'Pure' outsourcing model falls from favor
(OutSourceWatch.com)
Google SMS
(Doing Something Different)
SIGN UP FOR THE MAGAZINE
FREE EMAIL NEWSLETTERS
IT SOLUTION SEARCH
Testers discovered a potential security issue in the early version of
MSN Messenger 7 shortly after Microsoft made the instant messaging
client available to a select group of testers over the weekend,
according to postings on MSN Messenger enthusiast Web site Mess.be.
The problem lies in a new MSN Messenger feature dubbed "winks" that
allows users to send each other sound animations. The feature can be
abused to overwhelm a user's system, according to Mess.be.
The company has decided put the test on hold and pull the software
while it looks into the issue. It will make available a new version of
the client, one without the winks feature, probably some time next
week, the spokeswoman said.
The test version of MSN Messenger 7 was designed to only allow
approved animations to be sent. However, Microsoft is investigating
the possibility that the feature may be exploited to send "rogue winks
that could cause security issues," the spokeswoman said. Although
winks will no longer be in this test version of MSN Messenger,
Microsoft still plans to include the feature in the final version of
the product, she said.
It is unclear how many people downloaded the potentially vulnerable
version of MSN Messenger. The software had not officially been
released to testers and only a small group of people was given access
to the download, according to Microsoft. However, the potentially
vulnerable instant messaging client has popped up elsewhere on the
Web.
Microsoft announced the limited beta of MSN Messenger 7 last week. The
test is a significant step in the release process for MSN Messenger,
which has 135 million active users per month. Microsoft hopes to
release a final version of the software in the first quarter of 2005,
after a public beta test scheduled for later this year.
While Microsoft's MSN group has pulled one trial version of its
products, another is back. The Redmond, Washington-based company on
Monday quietly launched a second "technology preview" of its upcoming
Internet search engine, MSN Search. The first preview went online in
early July with an index of 1 billion Web pages and was taken offline
in August. The second preview is similar, but Microsoft has now
indexed 5 billion Web pages, the spokeswoman said.
In addition to the larger index, MSN Search has been improved to
provide more relevant search results, the spokeswoman said. The
service also offers results from more Internet domains, as well as
spelling correction and cached pages, she said. The launch of the
final version of the MSN Search product, Microsoft's answer to
Google's (Profile, Products, Articles) search success, is expected
later this year or early next year. The MSN Search preview page is
available at
http://techpreview.search.msn.com/.
RELATED TECHINDEX CATEGORIES
Anti-virus
Security
Viruses and Worms
- Special Advertising Partners -
WHITE PAPERS
WHITE PAPERS LIBRARY
WHITE PAPERS E-MAIL ALERT
Find out when the latest white paper is available:
Free Doculabs MarketFocus White Paper from Adobe - Learn more about
Adobe Intelligent Documents today. Download a FREE and informative
Doculabs MarketFocus White Paper: Review of the Adobe Intelligent
Document Platform and Adobe LiveCycle Server.
Cut functional software application testing time and cost by 80% -
Worksoft provides a software testing solution that enables business
analysts and quality experts to efficiently test applications in days
versus months. Worksoft�s Certify is simply point-and-click enabling
analysts to test the software the way it will be used instead of the
way it was built. Learn more on how to work less.
Comparing Secure Remote Access Options: IPSec vs. SSL VPNs - Your
users now demand access to more applications, from more locations and
devices. This free paper describes 28 key decision criteria for
choosing a VPN for secure remote access and extranets. Compared to
IPSec, SSL VPNs offer clientless access from anywhere, greater
security, simpler deployment and administration, and lower costs.
LATEST SECURITY WHITE PAPERS
WHITE PAPERS BY TOPIC
• Application development
• Applications
• Business
• Hardware
• Networking
• Platforms
• Security
• Standards
• Storage
• Telecom
• Web services
• Wireless
Introduction to Web Services and SOA
What are Web services, and why are they different from other
service-oriented architectures such as CORBA or RMI? What are the
advantages and implications of Web services? This paper argues that
Web services can be thought of as Internet middleware.
Security Within (TM) Configuration based Security
Good IT security practice requires more than anti-virus and firewall
systems. Ask for our new white paper "Security Within - Configuration
based Security", which describes the reasons for a configuration-based
monitoring system
SOA Explained: The Four Abilities of a SOA Registry
Discover how a standards-based SOA registry provides visibility,
reusability, adaptability and managability.
SOA Case Study: Amazon Merchant Platform Powered by Systinet
Discover how Systinet Web services technology helps power Amazon's
Merchant Platform, which accounts for more than 20 percent of order
placed on Amazon.com.
A Culture of Measurement - A Practical Guide to BI
Learn how Information Builders' philosophy of business intelligence
will help you to establish a culture of measurement and begin a
powerful cycle of continued improvement within your organization.
SPONSORED LINKS
Fortinet - Find Out Reader Security Challenges and How to Solve Them
SBC - Discover how outsourcing helped United Missouri Bank
Microsoft - Click for free security management tools from Microsoft(R)
IBM - New server for Linux: IBM eServer(TM) OpenPower(TM)
HP - More HorsePower in the office. HP Workstations.
INFOWORLD MARKETPLACE
FREE White Paper Download
Demystify the anti-spam buzz with this white paper from Roaring
Penguin. Cut through the anti-spam buzzword hype and focus on the
essentials. Determine what features you need and whether a solution
you are considering includes them.
Database Encryption Free Buyers Guide
High performance enterprise level packaged solution to encrypt
database and storage systems. Centrally define security policy,
automatically distribute. Secure audit reports, complete
accountability. Over 60 clients, own all fundamental patents.
New Special Report by IDC Industry Analysts
Discover why IDC is saying "Ease of installation and configuration are
key benefits of security appliances." Learn how Internet filtering
appliances make for lower-cost and easier-to-manage Web filtering
solutions. Download your free copy today.
Special Report: Risk-Free Patch Management
Discover how your IT team can dramatically compress the time required
to manage security patches and boost overall system security,
stability and performance while slashing the cost of doing so.
Download your free copy today!
Cost-Effectively Secure Sensitive Data
Encrypting data in servers and databases can address security gaps and
privacy legislation. Ingrian DataSecure Platforms offer granular
encryption, seamless integration, and centralized security management.
Combat data theft--with unprecedented ease and cost effectiveness.
Download a white paper that outlines best practices for securing data.
BUY A LINK NOW
HOME NEWS TEST CENTER OPINIONS TECHINDEX About InfoWorld ::
Advertise :: Subscribe :: Contact Us :: Awards :: Events
Copyright © 2004, Reprints, Permissions, Licensing
http://www.infoworld.com/article/04...eta_1.html
Leer las respuestas