The first is a new VIA IDE (3.14) driver dated 10/02/01 for the new Windows XP. This is the first VIA IDE driver for XP and is currently not included in the latest 4-1 drivers. Here is a list of the fixes:
News source: VIAHardware
Download: VIA 3.14 IDE miniport driver
Download: VIA VT686A/B and VT8321 chipsets v2.10b
- First version for XP
- Support to uninstall driver from ControlPanel >Add/Remove Program
- Support Large Disk Feature(over 128GiB)
- Support ATA133, VIA VT8233A SouthBridge
- Enables the user to control the behavior of the Mixer control lines
- Solves a problem with IBM e-phones
- Fixes a problem reported of chopping sound when playing AVI files
- Increases stability
- Provides for multiple wave playing function
News source: VIAHardware Download: VIA 3.14 IDE miniport driver Download: VIA VT686A/B and VT8321 chipsets v2.10b
Further investigation revealed postings to online bulletin boards regarding the incident. According to WhiteHat Security CEO and founder Jeremiah Grossman, 'site' hackers often accumulate cracked accounts. One such account obtained by the hackers had Rainman overhead -- meaning it had the ability to edit associated content. Once logged in, all that was needed for editing rights was a group ID and password. Group IDs are exposed in a URL when an attempt is made to access Rainman, making the password the only roadblock to unfettered access.
Apparently, when a hacker was signed into the compromised account, an AOL employee sent an instant message mistaking the individual for a co-worker. With slight of hand and some misdirection, the AOL employee offered up the password to Rainman, as well as the password to his wife's account. In each instance, the login for the AOL account itself was identical to the Rainman password.
The alleged hacker summed up the experience in a bulletin board posting. "I hopped on it the other day and got a message from a coworker telling me about how he uploaded the new version of the economist and found out that he also used 'my' account. To make a long story short...I told him I was locked out of my account and he gave up the password. The next day I figured I could extort the rainman password out of him and I later found out...He also gave me the rainman password for his wifes account who also has rights to those keywords. It turned out that her logon password was also the same as here Rainman password but was bound to a Securid key." (sic)
Reports indicate that a brute force style program dubbed "Rainstorm" may have been used in the attack as well. However, all indications BetaNews has received point to human error as being a principal and deciding factor.
According to Grossman, "AOL and its staff require increased enforcement of security guidelines and policies when it comes to user account security. Whether it be an internal AOL account or a user account. These types of employee disclosure incidents should be allowed to take place. If employee accounts can be compromised through such modest means, what assurances do normal users have that they won't be targeted next?"
He continued on, "Apparently, AOL account passwords, whether belonging to employees and/or users need stricter requirements. Requirements such as, password length and sophistication have been implemented in security for quite some time. Its clear AOL has a big job and should be doing a better job in protecting accounts from this style of attack," said Grossman.
Despite repeated attempts to notify AOL and obtain comment, AOL did not respond by press time.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.