In a pre-emptive security strike, Microsoft has acknowledged that its FrontPage product has a security flaw that could let someone browsing a Web site alter pages created with FrontPage 1.1 for Windows or FrontPage '97.
The security admission is the second in a week for Microsoft, which has also been obliged to confirm that the software patch it made last month for a security hole discovered in its Internet Information Server 3.0 cannot prevent the same attack by another means.
Microsoft advises Web site operators, including Internet service providers, to immediately download the new FrontPage server code, which is said to fix the problem, from www.microsoft.com/frontpage/.
Microsoft employees spotted the flaw in the FrontPage Server extensions a few weeks ago and rushed to create a patch before some smart hacker made it headline news.
Only Web sites hosting the FrontPage Server extensions that contain the "save results" and "discussion" webot components are said to be affected. According to Microsoft, it would take someone highly knowledgeable in HTML to exploit the flaw.
The currrent spotlight on security has fallen on other companies and other technologies too.
Digital cellular phone systems, long advertised as being more secure than their analog counterparts, have also taken a hit. An expert team of cryptographers revealed they have designed a program to break what's known as the Cellular Message Encryption Algorithm (CMEA). Now widely used in digital cellular phones, CMEA is intended to keep eavesdroppers from seizing credit-card and personal ID numbers.
Bruce Schneier, president of the Minneapolis-based consultancy Counterpane Systems, announced that he and his associate, John Kelsey, with help from Berkeley graduate student David Wagner, exploited the poor design of the 56-bit CMEA algorithm so it was as easy to break as a far shorter, weaker one.
Schneier said the "closed-door process" conducted by the Telecommunications Industry Association (TIA) when they designed the algorithm, prevented a public review, whichwould have brought the problem to light. He also faulted the National Security Agency for undue influence over export controls.