Continued from page 1
On other hand, UPnP is a special kind of plug-and-play. This looks for printers and other devices added on network (wired and wireless). It's actually a pretty cool idea. Now, when someone adds a printer to network you must configure it on each and every workstation. With UPnP configuration is totally automatic.
However, UPnP is very, very new and there is almost no real support for it with any devices. So UPnP is more or less not used, and it is certainly not needed by home computer users. By shipping Windows XP with product Microsoft was solving classic "which came first, chicken or egg" problem. They had to send out support for these devices in order to convince vendors to start providing them.
But Microsoft made one big mistake - when you install Windows XP, this unused service is turned on! What that means is everyone who has ever installed Windows XP is running this service.
And service has a bug - a huge bug, kind of bug that if it hit your windshield would smash car and cause it to explode in flames, killing all of passengers and driver.
The problem is very bad, and Microsoft has released a patch to fix it. But story gets even more interesting.
The National Infrastructure Protection Center released an advisory stating that everyone who is not using this service should disable it. This is an incredible statement from this agency. What they are implying is UPnP service problem directly puts United States computer infrastructure at risk (that's what this agency protects)! That's a big thing for them to be saying.
What are they afraid of? That hackers and perhaps hostile governments can use bug to their advantage. You see, special programs called Zombies can be installed on Windows XP machines with this problem, and Zombies can be used to launch distributed denial of service attacks on computers throughout world.
In fact, I'll bet you heard about denial of service attack performed by Code Red worm recently against Whitehouse (the attack failed, if you remember). That's exactly what this agency is afraid of and what they are trying to prevent.
So next time you are thinking about giving all of your credit card data to a site which uses Microsoft Passport, think about this article. Do you want to trust all of your confidential data to a company which cannot keep it secure? Just think about it, read some more, and make rational decision.
For more information, check out following articles.
Microsoft Security Bulletin MS01-059 http://www.microsoft.com echnet reeview/default.asp?url= echnet/security/bulletin/MS01-059.asp
eEye Digital Security http://www.eeye.com/html/Research/Advisories/AD20011220.html
NIPC ADVISORY 01-030.2 Universal Plug and Play Vulnerabilities http://www.nipc.gov/warnings/advisories/2001/01-030-2.htm
Richard Lowe Jr. is the webmaster of Internet Tips And Secrets at http://www.internet-tips.net - Visit our website any time to read over 1,000 complete FREE articles about how to improve your internet profits, enjoyment and knowledge.