HOW NASTY IS THE NET?

The full impact of widespread distribution of SP2 can't be assessed yet, but some have speculated that making WinXP consistently harder to attack could divert more trash to other systems that were previously "too small a target." No one believes that WinXP SP2 is "bulletproof" yet, but:

A new Banner Ad Exploit appeared a week ago and did some damage. The "vulnerability" was known since last August, but wasn't considered critical because no attacks had been seen, and it's rather difficult to exploit. No fixes are available for any Windows Operating System for this vulnerability, although the vulnerability does not exist in WinXP SP2. Most security people still consider it a "low risk" threat, and it appears now more likely to be a website/server problem than one for individual users. That could change rapidly if someone uses it with more success. Whether Microsoft issues a patch for other Win versions will likely depend on whether additional exploitation occurs.

Within the past few months, SCO has been shut down twice by DDoS attacks, and was Hacked Again on at least three sites, twice within the past weekend. The main SCO site was reported "off-line" three times last weekend. Maybe suing Red Hat isn't cost-effective …(?)[I don't think SCO even uses Windows(?)]

Two new worms affecting CELL PHONES have popped up in the past two weeks. One of these can "infect" and disable another web-capable phone that passes within a few feet. There are virtually no AV systems available for these devices, so it's likely a new "growth industry." Note – only web capable phones are affected.

In a prior post someone asked about reports of a "security problem" with the Google Toolbar. The "problem" that's been discussed recently applies only to the beta Google Desktop Search (GDS) toolbar. You don't have it unless you've gone to the Google "tester's site" and specifically requested it. A very recent commentary on the "problem" by a reputable authority is at Desktop Google Finds Holes eWeek By Bruce Schneier, November 29, 2004. It may be noted that the "problem" applies to virtually all browsers that allow use of the toolbar, but probably is not really a "Google problem." The GDS toolbar merely finds holes that exist in virtually all available browsers. It's the browsers that need fixing, not the GDS toolbar – at least in the opinion of this expert.

On the brighter side at Google, a new site at http://scholar.google.com allows you to search for specific "scholarly papers." You don't have to download or install anything, just put in a search string and read the results. Check the "About Google Scholar" button for info on what it's for. The database is still under development, so results now may be less than "thorough," but if it works as planned it may be very useful for some. (Actually getting the books and papers it finds may still be a problem for much of what's indexed, especially for those of us without an "academic account.")

John