Return-Path: <sentto-279987-4205-1010198054-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Fri, 04 Jan 2002 18:35:08 -0800 (PST) Received: (qmail 30759 invoked by uid 510); 5 Jan 2002 02:34:32 -0000 Received: from n21.groups.yahoo.com (216.115.96.71) by all.net with SMTP; 5 Jan 2002 02:34:32 -0000 X-eGroups-Return: sentto-279987-4205-1010198054-fc=all.net@returns.groups.yahoo.com Received: from [216.115.97.187] by n21.groups.yahoo.com with NNFMP; 05 Jan 2002 02:24:57 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_1_3); 5 Jan 2002 02:34:13 -0000 Received: (qmail 37886 invoked from network); 5 Jan 2002 02:34:13 -0000 Received: from unknown (216.115.97.167) by m6.grp.snv.yahoo.com with QMQP; 5 Jan 2002 02:34:13 -0000 Received: from unknown (HELO red.all.net) (12.232.125.69) by mta1.grp.snv.yahoo.com with SMTP; 5 Jan 2002 02:34:13 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g052YT530354 for iwar@onelist.com; Fri, 4 Jan 2002 18:34:29 -0800 Message-Id: <200201050234.g052YT530354@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 4 Jan 2002 18:34:29 -0800 (PST) Subject: [iwar] [fc:FBI.Changes.Advice.for.Windows.Users] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit FBI Changes Advice for Windows Users By TED BRIDIS, Associated Press Writer WASHINGTON (AP) - The FBI (news - web sites) has reversed its advice for computer users trying to protect themselves against serious flaws in the latest version of Windows: Applying the free fix from Microsoft Corp. is adequate, after all. The bureau's top cyber-security unit, the National Infrastructure Protection Center, told consumers and companies Thursday to disregard its earlier advice to go beyond the Microsoft recommendations to protect against hackers who might try to attack Windows computers. The FBI said it based its latest determination ``upon a careful review of the written technical materials provided by Microsoft'' and after working with the federally funded CERT Coordination Center (news - web sites), who are researchers at Carnegie Mellon University. Microsoft said last month that Windows XP (news - web sites) suffers from serious problems that allow hackers to steal or destroy a victim's data files across the Internet or implant rogue computer software. The glitches were unusually serious because they allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet. The problem also affects some copies of earlier Windows ME (news - web sites) software, and in some rare cases can affect users of Windows 98 (news - web sites). Microsoft offered a free fix on its Web site the day the vulnerability was announced. But one day later, on Dec. 21, the FBI urged consumers and corporations to go beyond installing that fix and to disable the Windows ``universal plug and play'' features affected by the glitches. However, even those warnings came under fire by experts as inaccurate. The steps outlined by the FBI failed to instruct consumers also to turn off in Windows an important, related feature - called a ``discovery service'' - that still left computers vulnerable. ``They made an honest mistake, gave the wrong information,'' said Richard M. Smith, an independent security expert in Brookline, Mass. ``All this stuff is so complicated. It shows that even the experts can't keep track of it.'' At the time, the FBI said its recommendation to shut down the vulnerable Windows features was based on ``technical discussions with Microsoft and other partners in the Internet and information-security community.'' Outside experts have cautioned that disabling the affected Windows XP features threatens to render unusable an entire category of high-tech devices about to go on the market, such as a new class of printers that are easier to set up. But they also said that disabling it could afford some protection against similar flaws discovered in the future. After its first warning, the FBI's cyber-security unit published an Internet link to the Web site for eEye Digital Security Inc., which discovered the Windows flaws. eEye's advisory, published on its Web site, also urged consumers to install Microsoft's fix and cautioned that ``it would be wise'' to turn off the vulnerable features completely. The FBI acknowledged Thursday that neither it nor security experts at CERT had independently tested Microsoft's repair solution. But the FBI said, ``We are satisfied that it corrects the problem that could lead to system compromise and affords substantial and adequate protection.'' ------------------------ Yahoo! Groups Sponsor ---------------------~--> Tiny Wireless Camera under $80! Order Now! FREE VCR Commander! Click Here - Only 1 Day Left! http://us.click.yahoo.com/WoOlbB/7.PDAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:02 PST