• United States



by CSO Contributor

Microsoft Urges Switch to Latest IE Version Following Source Code Leaks; E-Mail Fraud Soars; Concerns Raised Over Amber Alert; Bioterror Expert Says Mad Cow an Unlikely Weapon

Feb 18, 20043 mins
CSO and CISOData and Information Security

Microsoft Urges Switch to Latest IE Version Following Source Code Leaks

According to a CRN story, Microsoft is advising customers to move to Internet Explorer 6 Service Pack 1 and more recent patches following the leak of Windows NT and Windows 2000 source code to the Internet last week. CRN reports that, one top Microsoft Windows executive said during a monthly security briefing on Tuesday that customers using IE 5.x or IE 4.X versions should quickly download the latest IE code to protect their networks, while downplaying the potential for hackers to uncover new vulnerabilities in Windows by having access to the source code. However, according to yesterdays Sydney Morning Herald, the first exploit based on Windows NT and 2000 source code which was reported last week as having leaked from Microsofts longtime partner Mainsoft, has shown up on a vulnerability mailing list. Internet Explorer 5 but not IE 6 is vulnerable to an exploit where a remote user can execute arbitrary code on a target user’s computer when the target user’s browser loads a specially crafted bitmap file. The code will run with the privileges of the target user. E-Mail Fraud SoarsThe Register today. (Phishing e-mails appear to come from well-known businesses but they ask for account details and passwords. The collected details are used for credit card frauds and identity theft.) In December a security flaw in Microsoft IE was identified which could be exploited to display a false URL in the browser’s address bar; this was used in 7.8 per cent of attacks in January. A smaller percentage of attacks use Trojans that run key logging software to get hold of passwords.

Attempted e-mail fraud and phishing attacks went up 50 percent in January compared to the month before, according to Anti-Phishing Working Group research reported in

Concerns Raised Over Amber AlertThe Boston Globe yesterday, the amber alert issued on Feb. 2 caught the public’s attention and is being credited with helping lead detectives to a suspect. But by the time the alert was issued for 11-year-old Carlie Brucia of Sarasota, a full day had passed since the moment she was led away by a dark-haired stranger in an abduction that was videotaped by a security camera. Carlie’s body was found several days later, and now the alert system is under scrutiny for the ways it is used and the timing of its implementation, the Globe reports. While it is credited with helping rescue more than 120 children from kidnappers since 1996, records show the use of the alert system has been haphazard. Critics say most police agencies are too slow to issue Amber Alerts, for one thing because states must have one another’s permission to broadcast cross-border Amber Alerts.

According to a story in

Bioterror Expert Says Mad Cow an Unlikely WeaponThe Missoulian, “That has to be an awfully patient terrorist.” However, public perception of the disease as an extreme health risk to humans has created its own web of terror. After the discovery of a single infected cow in Washington state in December, U.S. cattle prices plummeted, and Japan, Mexico and other important buyers of U.S. beef banned American beef products from entering their borders. Although domestic consumption of U.S. beef has not been seriously affected, import bans remain in place, the Missoulian reports, causing economic hardship to the industry.

Citing a two to six year incubation period, a bioterrorism expert says mad cow disease would be an unlikely choice for terrorists bent on destroying confidence in the U.S. government. As Marc E. Mattix, a veterinarian and state pathologist with the Montana Veterinarian Diagnostic Laboratory in Bozeman, told