From bobrankin@MHV.NET Tue Mar 11 01:16:00 1997
Date: Tue, 11 Mar 1997 01:05:27 -0500
From: Bob Rankin 
Subject: TOURBUS - 11 Mar 1997 - IE Bugs and Caffe Lardo

  |     "Why | Surf When / You Can | Ride The | Bus?"      /    |  \
  |__________|__________/__________|__________|___________/     |   \
 /                                                       /______|----\
|     Visit the TOURBUS website to see the Archives,     |//////|    |
|           FAQ, and Subscription Information!           |//////|    |
|                        |//////|    |
|                                                        |//////|    |
    \___/  \___/  T h e   I n t e r n e t   T o u r B u s    \___/

    TODAY'S TOURBUS TOPIC: More Explorer Bugs & Caffe Lardo

Last Thursday, Patrick mentioned that a serious flaw in Microsoft's
Internet Explorer web browser had been discovered.  This security hole
made it possible for deviant web page authors to do nasty things to
your hard drive if you use the Windows 95 or NT operating system.

+--------- Free Discussion Digest on Internet Advertising ------------+
  I-Advertising is a new moderated discussion digest that focuses on
  Internet Advertising, Marketing and Online Commerce. To SUBSCRIBE, with: SUBSCRIBE I-ADVERTISING in the
  BODY of your message.  It's a great free resource.
+--------- ( )-------------+

Although Microsoft posted a fix the very next day, that was not the
end of the story.  Two MORE serious security holes were discovered
in the Explorer browser by researchers at the University of Maryland
and MIT.  And again, both could enable malicious web site operators
to swipe files from your hard drive or even delete files and folders.

To their credit, Microsoft pumped their programmers full of Mountain
Dew and Twinkies and they plugged these holes as well.  The embarrassed
software giant has posted a software patch that fixes all three security
holes.  You can download this patch and find instructions for updating
your Explorer program here:

If you run MS Internet Explorer on Windows 95 or NT 4.0, you should do this
right away.  If you run Explorer on Windows 3.1 or the Mac, you are not
affected.  Users of Netscape and other web browsers are safe as well.

Note: If you are using AOL Version 3 AND you run Windows 95 (or Windows NT
4.0) then you ARE affected by the Explorer bug because this version of AOL
uses Explorer as the browser.


Maybe.  But many security experts point out that the Explorer bugs are a
direct result of this browser's tight coupling with the Windows operating
system, so there may be other nasty surprises as yet uncovered.

Adding fuel to the fire is the discovery of a security hole in Microsoft's
ActiveX code just before this recent spate of Explorer bug reports.
ActiveX is a technology similar to Java which allows a web browser to
download and execute mini-programs called applets.  Both Java and ActiveX
have been criticized for having the potential to expose a user's hard
drive to harm or theft of data.  (See the TOURBUS issue "Java and Jumping
Frogs - August 6, 1996" for some background.)


So what's a web surfer to do?  First step, don't panic - the web is still
a safe place.  Here are a few steps you can take to keep your precious
data safe from prying eyes and maintain your cyber sanity...

1) Stay away from Internet Explorer for a while.

   Rest assured that a HUGE amount of attention is being given to this issue
   right now, both inside and outside of Microsoft.  If there are any lurking
   IE bugs, chances are pretty good they'll be found and fixed within a few
   weeks.  "Netscape NOW!" is more than a catchy slogan - it's good advice
   for the short term.

   If you think I'm being a tad harsh, or you can't be bothered to download
   Netscape, so be it.  Apply the Explorer patches and take your chances.

2) Stay away from ActiveX and Java.

   Sure, this is cool technology - but there are few practical uses, it
   takes a long time to download the applets, and it carries a risk.  Let
   this technology mature for a year or so before you gamble on it.  Trust
   me, you won't be missing a lot.

   You can turn off ActiveX and Java in Explorer by clicking on
   View-Options-Security and then unchecking the appropriate boxes there.
   In Netscape, the place to go is Options-Network-Languages to disable
   Java.  Note that JavaScript is safe and quite useful, so don't turn
   that feature off.

   That said, I wouldn't be nervous about temporarily enabling ActiveX or
   Java if something really cool beckons at a site you feel is worthy of
   trust.  It's your call.

3) Visit an absolutely silly web site.

   A little perspective, folks...  The web is a lot of fun, and when you
   pop in to a site like "Caffe Lardo" you just feel better about it all.

   The Caffe Lardo Expresso Bar and Bakery is a great menu spoof but it
   requires that you visit the restroom before viewing.  It's that funny!

See you next time!  --Bob

Special Note: To users of AOL, Juno and others who are wondering
about that funny-looking jumble at the top of each TOURBUS posting...
It's a BUS!  TOURBUS is meant to be viewed with a monospace font like
Courier or Fixedsys.  Try changing your fonts for viewing or printing
and you'll see what you've been missing.  (Unfortunately AOL users
can't do much about it.  If you know of any tricks to force the use
of mono fonts, please let me know.)

 Archives: On the Web at
 Advertising: Send e-mail to for details.
       -->  "Doctor Bob's Painless Guide To The Internet"  <--
     Send e-mail to w/ Subject: SEND BOOKINFO
   or browse reviews & sample chapters at
                   Newsday says "Buy it for Mom!"

     TOURBUS - (c) Copyright 1995-97, Patrick Crispen and Bob Rankin
  All rights reserved.  Redistribution is allowed only with permission.
      Send this copy to 3 friends and tell them to get on the Bus!

, viruses, hoaxes, urban legends, search engines, cookies, cool sites
TOURBUS Site Search