Return-Path: <sentto-279987-4124-1009123413-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Sun, 23 Dec 2001 08:05:07 -0800 (PST) Received: (qmail 2767 invoked by uid 510); 23 Dec 2001 16:03:54 -0000 Received: from n21.groups.yahoo.com (216.115.96.71) by all.net with SMTP; 23 Dec 2001 16:03:54 -0000 X-eGroups-Return: sentto-279987-4124-1009123413-fc=all.net@returns.groups.yahoo.com Received: from [216.115.97.189] by n21.groups.yahoo.com with NNFMP; 23 Dec 2001 15:55:47 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_1_3); 23 Dec 2001 16:03:33 -0000 Received: (qmail 4178 invoked from network); 23 Dec 2001 16:03:33 -0000 Received: from unknown (216.115.97.167) by m3.grp.snv.yahoo.com with QMQP; 23 Dec 2001 16:03:33 -0000 Received: from unknown (HELO red.all.net) (12.232.125.69) by mta1.grp.snv.yahoo.com with SMTP; 23 Dec 2001 16:03:33 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fBNG3j500382 for iwar@onelist.com; Sun, 23 Dec 2001 08:03:45 -0800 Message-Id: <200112231603.fBNG3j500382@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sun, 23 Dec 2001 08:03:44 -0800 (PST) Subject: [iwar] [fc:FBI.Warns.Microsoft.Windows.XP.Users] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit FBI Warns Microsoft Windows XP Users By TED BRIDIS .c The Associated Press WASHINGTON (Dec. 22) - Consumers and corporations using Microsoft Corp.'s new Windows XP software are being warned by the FBI to take added steps against hackers who might try to take advantage of major flaws. The bureau's National Infrastructure Protection Center said Friday that, in addition to installing a free software fix offered by Microsoft on the company's Web site, consumers and corporations using Windows XP should disable the product's ''universal plug and play'' features affected by the glitches. The FBI did not provide detailed instructions how to do this. Microsoft considers disabling the ''plug and play'' features unnecessary. The company acknowledged this week that Windows XP suffers from serious problems that allow hackers to steal or destroy a victim's data files across the Internet or implant rogue computer software. The glitches were unusually serious because they allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet. Outside experts cautioned that disabling the affected Windows XP features threatens to render unusable an entire category of high-tech devices about to go on the market, such as a new class of computer printers that are easier to set up. But they also acknowledged that disabling it could afford some protection against similar flaws discovered in the future. The FBI also warned professional computer administrators to actively monitor for specific types of Internet traffic that might indicate an attack was under way. It acted after bureau and Defense Department officials and some top industry experts sought reassurance from Microsoft that the free software fix it offered effectively stops hackers from attacking the Windows XP flaws. The government's rare interest in the problems with Windows XP software, which is expected to be widely adopted by consumers, illustrates U.S. concerns about risks to the Internet. Friday's discussions came during a private conference call organized by the National Infrastructure Protection Center. During the call, Microsoft's experts acknowledged the threats posed by the Windows XP problems, but they assured federal officials and industry experts that its fix - if installed by consumers - resolves the issues. Microsoft declined to tell U.S. officials how many consumers downloaded and installed its fix during the first 24 hours it was available. Experts from Internet providers, including AT&T Corp., argued that information was vital to determine the scope of the threat. Microsoft also indicated it would not send e-mail messages to Windows XP customers to remind them of the importance of installing the patch. It said a new feature of Windows XP can automatically download the free fix, which takes several minutes, and prompt consumers to install it. ''The patch is effective,'' Steve Lipner, Microsoft's director of security assurance, told The Associated Press. Officials expressed fears to Microsoft about electronic attacks launched against Web sites and federal agencies during the Christmas holidays from computers running still-vulnerable versions of Windows, participants said. Several experts said they had already managed to duplicate within their research labs ''denial of service'' attacks made possible by the Windows XP flaws. Such attacks can overwhelm Web sites and prevent their use by legitimate visitors. Another risk, that hackers can implant rogue software on vulnerable computers, was considered more remote because of the technical sophistication required. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Access Your PC from Anywhere - Full setup in 2 minutes - Free Download http://us.click.yahoo.com/StuHlD/E6eDAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 21:00:00 PST