From:         Patrick Douglas Crispen 
Subject:      Tourbus - 17 Sep 04 - 20 Questions / MS and Moz Patches

TODAY'S TOURBUS TOPIC: 20 Questions / Microsoft Patches / Mozilla Upgrades

The Internet Tourbus - U.S. Library of Congress ISSN #1094-2239
Copyright © Bob Rankin and Patrick Crispen - All rights reserved

Howdy, y'all, and greetings once again from deep behind the orange curtain in beautiful Irvine, California, the snack that smiles back.

TOURBUS is made possible by the kind support of our sponsors. Please take a moment to visit today's sponsors and thank them for keeping our little bus of Internet happiness on the road week after week.

On with the show...

20 Questions Audience: Everyone

Remember the old game "20 questions" where you'd think of an object and your friends would have to guess that object by asking you 20 yes or no questions? Well, thanks to some really frightening artificial intelligence, you can now play 20 questions against a computer. And more likely than not, the computer is going to guess your object. No, really.

I, for one, welcome our new object-guessing computer overlords. :P

To play 20 questions against a computer, just go to

http://y.20q.net/

Ignore the demographic information and click on the "Play" button at the bottom of the page. Think of an object and then answer the computer's questions. And prepare to be shocked. 20q guessed that I was thinking of a squirrel in 19 questions and a stop sign in 18.

That's not to say you can't stump the computer, though. 20q wasn't able to guess that I was thinking of Microsoft Windows even though I gave it some very specific clues:

Q: Can you switch it on and off? A: Sometimes.

Q: Can you open it? A: Sometimes.

Q: Is it comforting? A: No.

Q: Would you give it as a gift? A: No.

But if you think of simple objects, 20q can be quite good. Frighteningly good.

Give it a shot and let me know what you think.

Microsoft Security Update Audience: All Windows Users [sort of]

Microsoft released a series of patches earlier this week that [hopefully] closes a rather nasty security hole in how Microsoft products process JPEG images. Over a dozen Microsoft products are affected, including:

  • Windows XP and XP SP1 [but not SP2]
  • Internet Explorer 6 SP1
  • Microsoft Office XP [Outlook, Word, Excel, PowerPoint,
  • FrontPage, and/or Publisher]

  • Microsoft Office 2003 [Outlook, Word, Excel, PowerPoint,
  • FrontPage, Publisher, InfoPath, and/or OneNote]

    Long story short, if you have a new-ish computer running any of a host of Microsoft's newer software applications, your computer is probably vulnerable to attack through this JPEG processing vulnerability... even if you have a firewall and an up-to-date antivirus program.

    How do you close the hole? Get the patch! But, because this JPEG processing vulnerability effects so many different Microsoft applications, there is actually a three step process you must follow to ensure your computer has ALL of the patches it needs.

    1. Run Windows Update by going to Tools > Windows Update in Internet Explorer. Click on "Scan for updates." Then just install all of the critical updates available for your computer by clicking "Review and install critical updates." You may need to restart after you install the critical updates, and remember to always rerun Windows Update until it tells you to go away.

    Most people will stop here, thinking they have successfully protected their computers from this new JPEG processing vulnerability. And most people will be wrong. You still have two more steps to go.

    2. Run Office Update by going to http://officeupdate.microsoft.com/ and clicking on "Check for updates." Since the JPEG processing vulnerability is in both Windows *and* Office, and since the older version of Windows Update doesn't automatically scan Office for updates, the only way--well, actually, the *easiest* way--to get the latest critical updates for Microsoft Office is to manually go to officeupdate.microsoft.com.

    Have your Office installation CD-ROM nearby. Microsoft may want to "sniff" your disk to make sure you actually own a licensed copy of Office. But what if you can't find your Office installation disk? Unfortunately, you're hosed. You are going to have to borrow a disc from a friend. No disc, no Office update. And this JPEG processing vulnerability is so severe that you NEED to update Office as soon as possible.

    3. The third and final step is to, in Internet Explorer, go to http://www.microsoft.com/security/bulletins/200409_jpeg.mspx and click on "Check for Affected Imaging Software." This scans your computer to make sure that you don't have any Microsoft imaging software hiding on your computer that is also vulnerable to this JPEG processing vulnerability.

    Remember, running Windows Update is only one-third of the patch process. You also need to run Office Update and have Microsoft scan your imaging programs.

    And if you are thinking about putting this off for a few days, don't:

    http://www.informationweek.com/story/showArticle.jhtml?articleID=47212221

    Fun, isn't it?

    Mozilla Firefox Patch Audience: All PC users who also use Mozilla

    It seems that Microsoft isn't the only organization having problems with buffer overflows in their image parser. On Tuesday security company Secunia announced that Mozilla has a similar vulnerability in their bitmap parser. This vulnerability affects ALL versions of

  • Mozilla 1.7x and earlier
  • Mozilla FireFox 0.9x and earlier
  • Mozilla Thunderbird 0.X
  • Fortunately, the patch process is pretty simple: Just go to http://www.mozilla.org/ and download a new version. The old versions are vulnerable and the new ones aren't.

    The only hard part is figuring out what version to get:

  • Firefox is Mozilla's award-winning web browser/Internet
  • Explorer replacement. The latest version is Firefox 1.0PR.

  • Thunderbird is Mozilla's stand-alone email client, kind of like
  • Pegasus Mail or Eudora. The latest version is Thunderbird 0.8.

  • Mozilla is a combination web browser, newsgroup client, IRC
  • chat client, and web page editor. [Unless you need all of these features, stick with Thunderbird.] The latest version is Mozilla 1.7.3.

    So if you are a PC user who also uses some form of Mozilla, you're going to busy. First you need to apply all of those Microsoft patches we talked about earlier, then you need to head over to mozilla.org and get the latest version of Mozilla.

    Whee.

    Quick Clarification: XP SP2 CD Audience: XP users

    Last week I said that you should order a copy of Windows XP SP2 on CD- ROM but not install it until after Halloween. A few people wondered if, considering the problems a few people have been having upgrading to XP SP2, it would be better to wait to order the disc until just before you're ready to upgrade. That way Microsoft would have time to put some new updates on it.

    Unfortunately, it doesn't work that way. The XP SP2 CD-ROM is pretty much etched in stone. Microsoft isn't going to add, delete, or change anything on that disk for at least six or eight months. So there's no real point in waiting.

    But how are you going to be able to get the patches necessary to ensure that your computer doesn't become a really loud, expensive door stop when you upgrade? Well, we'll talk more about this when we get closer to Halloween, but the upgrade process you're going to follow will be:

    1. Run the latest version of your anti-spyware program[s] to make sure your computer is free of spyware.

    2. Visit your computer manufacturer's web site and download any patches they recommend. If your computer manufacturer doesn't have a homepage, you'll need to run the Belarc Advisor to identify the major components in your computer and then visit each component manufacturer's web site for the necessary patches.

    3. Install Windows XP SP2 from the CD-ROM.

    4. Immediately run Windows Update to get all of the new patches that aren't on the CD-ROM.

    So, get the XP SP2 CD-ROM today but put it away for later.

    To order a free copy of XP SP2 on a CD-ROM, just hop on over to either

    http://tinyurl.com/6g675

    or

    http://www.microsoft.com/windowsxp/downloads/updates/sp2/cdorder/en_us/defau lt.mspx

    Both addresses take you to the same page, and that last address needs to be on one line. The English language version of XP SP2 is available today, and versions written in other languages will be released over the next two weeks.

    You can also find free copies of the XP SP2 CD-ROM at many major retailers including Circuit City, Best Buy, and Office Depot. Maybe. I had to beg the clerk at my local Circuit City for the disc, and it took him about 15 minutes to find it somewhere in the back of the store.

    Happy hunting!

    The Internet Tourbus - U.S. Library of Congress ISSN #1094-2239
    Copyright © Bob Rankin and Patrick Crispen - All rights reserved

    That's it. Have a safe and happy weekend, and we'll talk again soon!

               .~~~.  ))
     (\__/)  .'     )  ))       Patrick Douglas Crispen
     /o o  \/     .~
    {o_,    \    {              crispen@netsquirrel.com
      / ,  , )    \            http://www.netsquirrel.com/ 
      `~  -' \    } ))    AOL Instant Messenger: Squirrel2K
     _(    (   )_.'
    ---..{____}                  Warning: squirrels.
    

    TOURBUS
    HOME PAGE
    LINUX
    TUTORIAL
    TOURBUS
    ARCHIVES
    20 Questions-MS and Moz Patches, viruses, hoaxes, urban legends, search engines, cookies, cool sites
    TOURBUS Site Search