Bugs and Bills
By Michael Floyd
By now, the three security flaws discovered in Internet Explorer this past February and March are old news. (Actually, there were just two—one is a variation of the original Cybersnot bug.) Microsoft responded quickly with individual patches, then followed up with a single patch for all three problems. That might be the end of the story, but don't be surprised if new problems show up in the near future, possibly before this reaches print.
You see, Community ConneXion launched a contest in September '95 to find security flaws in Microsoft products. Since that time, the site has posted nearly a dozen security weaknesses ranging from insecure caching of Windows network passwords to Andrew Schulman's discovery that the Windows 95 online Registration Wizard can collect information on your hard-disk applications and send the information back to Microsoft via the Microsoft Network. While it's not clear whether awards are still being handed out, the new discoveries about Internet Explorer ensure the "Hack Microsoft" page at www.c2.org/hackmsoft will continue to grow.
Pro-CODE Redux
The Pro-CODE Act, which I've covered extensively on this page in past issues, is back. This past February, Senator Conrad Burns (R-MT) reintroduced the Promotion of Commerce Online in the Digital Era (Pro-CODE) Act along with 16 other bipartisan cosponsors. At about the same time, another Pro-CODE sponsor, Senator Patrick Leahy (D-VT), introduced a separate bill, the Encrypted Communications Privacy Act (ECPA II).
