News

The New Gen Ed Lottery System, Explained

News

Armed Individuals Sighted in Harvard Square Arraigned

News

Harvard Students Form Coalition Supporting Slave Photo Lawsuit's Demands

News

Police Apprehend Armed Man and Woman in Central Square

News

107 Faculty Called for Review of Tenure Procedures in Letter to Dean Gay

techTALK

By Baratunde R. Thurston

Web paranoia has increased in direct proportion to the Internet's popularity over the past few years. Usually the fears are baseless and serve only to slow down mail servers across the land. But events last week showed that roads to the Information Superhighway can actually be treacherous, and even the mighty Microsoft Corp. can be slowed down by pot-holes.

College students discovered that Microsoft's web browser has security holes. The bugs affect the Internet Explorer (IE) versions 2.0 and later for Windows 95 and NT 4.0. They also affect users of America Online's browser, which is really just the Internet Explorer.

That's right. A product released by good donor Bill Gates has cooties. Ho, hum. Surprise, surprise.

Now, errors in Microsoft products are nothing new. Just ask users of Windows 3.1 about general protection faults or Windows 95 users about network printing problems.

Nor are software bugs new to other vendors. But, this latest scare has manifested in the security (or lack thereof) of the sacred World Wide Web, and it may just cause all of us to surf a little slower from now on.

The Web browser actually contains at least three bugs.

The first bug was discovered by students at Worcester Polytechnic right here in Massachusetts. It allows a web page designer to include regular shortcuts (files that end in '.LNK') and Internet shortcuts (files that end in '.URL') on a page that could start programs on a user's computer if clicked. Because of the common location of many of the files on Windows-based PCs, it would not be difficult to create a link, for example, that would start the calculator program on your computer. While this is an innocent example, it could be very destructive if another program was started with more malicious intent.

The second bug was announced shortly after the first and was discovered by MIT students. It is basically the same as the first bug except that it extends the possible files to include those that end in ".isp."

University of Maryland students found the third security hole. It also allows you to start a program, but via different means. Instead of using shortcuts, it manipulates the frames feature of IE so that by double clicking on certain icons or graphics whole folders could be accessed on the host computer or the computer of the user. Net surfers would be able to copy, run or delete files.

Now, there's no real need to get all worked up over these problems at this point. Microsoft has created a patch that it says fixes all three of the security breaches. You can download it from http://www.microsoft.com/ie/security/update.htm.

But, a larger issue remains unresolved. How many other such security breaches lie out there waiting to destroy you and your computer? What if some disgruntled Web page designer with no life decides it's time to get even with the world. Suppose he works for Netscape, The New York Times or any other company whose Website has high traffic. The potential for disaster increases many times over.

Yet hasn't new technology always been prone to all sorts of errors? Why, the Wright brothers' first plane was probably a death trap, and now it's safer to fly than drive.

Even though the Information Superhighway doesn't have real passing lanes or slick roads or even cars, we still must drive defensively and be ready for any new twists and turns the road may take.

--Baratunde R. Thurston '99 is the Claverly Hall User Assistant for HASCS, a member of the Harvard Computer Society and a Crimson editor.

Want to keep up with breaking news? Subscribe to our email newsletter.

Tags