 |
 |
 |
Microsoft Patches Lack a Fix for IE
11 Jan 2005
Microsoft released three security patches this week for three well known vulnerabilities in Windows XP and Windows 2000. If you have not run Windows Update recently or if you've ignored it's notifications telling you "Updates Available" then please do not ignore it. Install them right away by going to windowsupdate.microsoft.com
However, one of the three vulnerabilities is still exploitable even after installing the patches! This "extremely critical" vulnerability is in.... yes, you guessed it -- Internet Explorer. The patches only lessen the threat but the really skilled malicious hackers can still exploit it -- yes they can still exploit it even if you have a completely patched and up-to-date copy of Windows XP (with SP 2). That is scary. It allows them to take control of your computer even if you have a firewall that's up to date. All you have to do is visit a web page that has the malicious code installed. You do not have to click on anything! Just by looking at a page, it automatically takes control of your computer and uses it behind your back as a weapon to commit crime such as Denial of Service attacks against other web sites, and/or to send out spam and viruses in the background.
Hear it from Microsoft's own mouth: "We're still working on the IE update," said Stephen Toulouse, program manager at the Microsoft Security Response Center. "As soon as we're satisfied with the quality of the patch, we'll release it."
Ok, so they want to make it a quality fix, right? And we should be patient with them, right? WRONG, Microsoft has known about this "extremely critical" vulnerability since October 2004 when it was first made widely known. Did they release a patch for it in November? No. December? No. If you've been using Internet Explorer regularly since October then you've possibly been sitting in the open all this time -- unprotected. How many times has your computer been used since then without your knowledge by malicious hackers?! I don't know about you, but that makes me mad. Microsoft should know better than to drag it's feet on getting an "extremely critical" vulnerability patched.
News Analysis:
What can you do to protect yourself until Microsoft finally releases a patch?
1. Test to see if your copy of Internet Explorer is vulnerable. Go to www.secunia.com
2. In Internet Explorer, click on Tools, then Internet Options, then Advanced and uncheck any checkbox that has to do with ActiveX.
3. Use a different browser like Opera or Mozilla. And in case you think I'm being overly harsh towards Microsoft, please know that last week two vulnerabilities in Mozilla and Mozilla Firefox were announced. However it affects older versions of the browsers. If you're using the latest versions that were released back in November you're ok. If you haven't upgraded Mozilla since the first week of November then please do so at www.mozilla.org
from www.eweek.com
and www.theregister.co.uk
and www.securityfocus.com
Making the spammers' heads ring!
12 Jan 2005
Unless you're in the forefront of fighting spam (the junk email type) you may not have heard of a new weapon in the fight against spammers -- Project Honey Pot. www.projecthoneypot.org Released in 2004, Project Honey Pot allows website owners to place decoy email addresses on random pages of their website. These decoy email addresses do not affect the experience of your regular visitors. These decoy email addresses are picked up by spammers' address harvesters or spambots. Since the email addresses have a unique tag that identifies where they harvested it from, the spammer can be traced and prosecuted under existing anti-spam laws in most states.
And as we've seen in the news last year, some of the states' penalties can be quite harsh -- even including jail time. And you know from past news that spam is now over half of all email (some studies show that it's up to 80% of all email) and that spam causes billions of dollars in clean-up and lost time every year. It's a leech on businesses all over the globe.
Project Honey Pot is proactive in that it doesn't wait until you get spam -- it stops the spammers in their harvesting phase while they're building lists of email addresses.
News Analysis:
What does this mean for you as a business owner?
1. If you do nothing about spam except for filter against it then you're only using a defense and not an offense. Kind of like sticking your head in the sand. So, sign up for Project Honey Pot! You'll need cgi-bin or script access on your website. Contact your hosting company to see if they allow you to run PHP or Perl scripts. If they do, they sign up today and help take a bite out of spam! www.projecthoneypot.org
2. If you haven't contacted your Senators and Congress people yet, then please do so. The CAN-SPAM act needs to be rewritten to: A) insist on Opt-In policies and B) allow a private right of action by citizens. Get the scoop from last time -- shoptalk.wnsi.net and then head on over to http://congress.org/ to send an email today! :)
Cool Site o' the week -- Archive.org
12 Jan 2005
Due to popular demand, I'll be reviewing a "cool site of the week" from now on. I'll be covering sites that will help you get more out of the Internet.
Archive.org -- www.archive.org -- is best known for their "Wayback Machine" service which allows you to look at copies of websites from last year back to 1996. Archive.org, as the name sounds, archives websites every year.
Can't find a website that you know used to exist? Did you accidentally delete some of your web pages and want to get a copy of them from last year? Or do you just need to do some research on old websites? Then go to www.archive.org and type in the URL of a website like www.cnn.com to see copies of the site from years ago.
This is cool from a practical standpoint and a research standpoint.
The Internet Archive runs Archive.org as a non-profit public service. Donations are accepted and you should check out the rest of their website for cool things like free music and other stuff.
Have a comment or follow-up question? This week's news and tips are brought to you by Roger L. Brown. Contact him through his website -- downtownweb.com He'll include the best comments/questions in the next issue with your name and state. :)
Roger Brown
Website Mentor - www.clickincome.com Fight spam, take back your inbox at www.cauce.org Custom video packages and tips at http://downtownweb.com/
|
|
 |
|
 |
|
|
|
|
