washingtonpost.com  > Technology > Technology > Tech Policy E-letter

Correction to This Article
A Sept. 12 Business article on a Microsoft Windows software update known as Service Pack 2 incorrectly said that the upgrade would cause problems for Yahoo's Instant Messenger.

Quick! A Patch for Pickled Pixels

Wednesday, September 15, 2004;

It's patch time again for Microsoft Windows XP users, even for those who just installed Service Pack 2, the mammoth software security update Microsoft released last month for its estimated 200 million XP users worldwide.

Microsoft on Tuesday urged XP users to download a free software update for their computers to guard against a "critical" security flaw in the way the operating system processes JPEG digital image files, the same image format commonly used on most Web sites.

_____Recent E-letters_____
Internet Sales Tax? Don't Hold Your Breath (washingtonpost.com, Sep 8, 2004)
Feds Sting Movie Pirates (washingtonpost.com, Sep 1, 2004)
Ashcroft vs. the Scam Artists (washingtonpost.com, Aug 25, 2004)

Microsoft said an attacker could use the flaw to install viruses on or take complete control over XP machines whose users visit a Web site that has been seeded with a specially crafted image. The software hole also could allow hackers to embed infected images in e-mail which could drop their viral payload on vulnerable machines after the recipient merely opens the infected message.

Microsoft says it fixed this problem with the release of Service Pack 2 (SP2). So those users who have already installed the massive update shouldn't have to worry, right? Not exactly: See, the same security hole also is present in dozens of other Microsoft products, including its popular Office productivity suite - the program bundle that includes Microsoft Word and Excel.

Windows XP users who visit the Windows Update site will be prompted to install a program that searches their computers for applications that may be vulnerable to the new security hole. That tool should then direct users to download the corresponding patches for any vulnerable apps it finds.

One of SP2's features is that it turns on Microsoft's automatic update service that downloads and installs Windows patches shortly after they are made available. If you have already installed SP2, it should soon begin downloading the new tool. XP users who do not have SP2 installed or do not have their PCs set to receive and install Microsoft updates automatically can get the latest patches - including Service Pack 2 -- at the update site. Computers powered by versions of Windows older than XP -- such as Windows 2000, Windows ME, NT 4.0 and Windows 95 - are not affected by this flaw.

--Brian Krebs, washingtonpost.com Staff Writer

You Know Summer Is Over When ...

Congress dusted off the beach sand and got down to business in a hurry last week, kick-starting the legislative process in what promises to be an eventful run-up to the November elections. Technology measures loomed large in lawmakers' first week back as the powerful House Judiciary Committee passed a pair of measures targeting "spyware" and online piracy.

Spyware -- a catchall term for parasitic software that surreptitiously monitors a computer user's online activities -- rocketed onto congressional radar screens this year after a series of hearings demonstrated the exponential growth of the problem. The House alone is considering no fewer than three measures intended to stamp it out, including one that passed the Commerce Committee last year. The bill approved last week goes a step further than other approaches, making it a crime to install monitoring software on people's computers without their express permission.

The Judiciary Committee also voted to criminalize the sharing of more than 1,000 copyrighted songs over peer-to-peer services like Kazaa or eDonkey. First-time violators could be jailed up to five years.

Court Nixes Child Porn Law

A federal court last week struck down a Pennsylvania law that required Internet service providers to block access to sites containing child pornography. Because ISPs will often use the same overarching Internet address for several sites, providers say it's difficult to comply without also cordoning off legitimate operators. Although 400 child porn sites had been blocked under the law, so too had more than 1 million non-offending sites.

--David McGuire, washingtonpost.com Staff Writer

© 2004 TechNews.com