From bobrankin@MHV.NET Tue Mar 11 01:16:00 1997 Date: Tue, 11 Mar 1997 01:05:27 -0500 From: Bob RankinTo: TOURBUS@LISTSERV.AOL.COM Subject: TOURBUS - 11 Mar 1997 - IE Bugs and Caffe Lardo /~~~~~~~~~|~~~~~~~~~~~~/~~~~~~~~|~~~~~~~~~~|~~~~~~~~~~~~~/~~~|~\ | "Why | Surf When / You Can | Ride The | Bus?" / | \ |__________|__________/__________|__________|___________/ | \ / /______|----\ | Visit the TOURBUS website to see the Archives, |//////| | | FAQ, and Subscription Information! |//////| | | http://www.TOURBUS.com |//////| | | |//////| | ~~~/~~~\~~/~~~\~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/~~~\~~~~ \___/ \___/ T h e I n t e r n e t T o u r B u s \___/ TODAY'S TOURBUS TOPIC: More Explorer Bugs & Caffe Lardo Last Thursday, Patrick mentioned that a serious flaw in Microsoft's Internet Explorer web browser had been discovered. This security hole made it possible for deviant web page authors to do nasty things to your hard drive if you use the Windows 95 or NT operating system. +--------- Free Discussion Digest on Internet Advertising ------------+ I-Advertising is a new moderated discussion digest that focuses on Internet Advertising, Marketing and Online Commerce. To SUBSCRIBE, mailto:majordomo@databack.com with: SUBSCRIBE I-ADVERTISING in the BODY of your message. It's a great free resource. +--------- ( http://www.exposure-usa.com/i-advertising/ )-------------+ Although Microsoft posted a fix the very next day, that was not the end of the story. Two MORE serious security holes were discovered in the Explorer browser by researchers at the University of Maryland and MIT. And again, both could enable malicious web site operators to swipe files from your hard drive or even delete files and folders. To their credit, Microsoft pumped their programmers full of Mountain Dew and Twinkies and they plugged these holes as well. The embarrassed software giant has posted a software patch that fixes all three security holes. You can download this patch and find instructions for updating your Explorer program here: http://www.microsoft.com/ie/security/update.htm If you run MS Internet Explorer on Windows 95 or NT 4.0, you should do this right away. If you run Explorer on Windows 3.1 or the Mac, you are not affected. Users of Netscape and other web browsers are safe as well. Note: If you are using AOL Version 3 AND you run Windows 95 (or Windows NT 4.0) then you ARE affected by the Explorer bug because this version of AOL uses Explorer as the browser. IS THE EXPLORER NIGHMARE OVER? ------------------------------ Maybe. But many security experts point out that the Explorer bugs are a direct result of this browser's tight coupling with the Windows operating system, so there may be other nasty surprises as yet uncovered. Adding fuel to the fire is the discovery of a security hole in Microsoft's ActiveX code just before this recent spate of Explorer bug reports. ActiveX is a technology similar to Java which allows a web browser to download and execute mini-programs called applets. Both Java and ActiveX have been criticized for having the potential to expose a user's hard drive to harm or theft of data. (See the TOURBUS issue "Java and Jumping Frogs - August 6, 1996" for some background.) DADDY, I'M SCARED. ------------------ So what's a web surfer to do? First step, don't panic - the web is still a safe place. Here are a few steps you can take to keep your precious data safe from prying eyes and maintain your cyber sanity... 1) Stay away from Internet Explorer for a while. Rest assured that a HUGE amount of attention is being given to this issue right now, both inside and outside of Microsoft. If there are any lurking IE bugs, chances are pretty good they'll be found and fixed within a few weeks. "Netscape NOW!" is more than a catchy slogan - it's good advice for the short term. If you think I'm being a tad harsh, or you can't be bothered to download Netscape, so be it. Apply the Explorer patches and take your chances. 2) Stay away from ActiveX and Java. Sure, this is cool technology - but there are few practical uses, it takes a long time to download the applets, and it carries a risk. Let this technology mature for a year or so before you gamble on it. Trust me, you won't be missing a lot. You can turn off ActiveX and Java in Explorer by clicking on View-Options-Security and then unchecking the appropriate boxes there. In Netscape, the place to go is Options-Network-Languages to disable Java. Note that JavaScript is safe and quite useful, so don't turn that feature off. That said, I wouldn't be nervous about temporarily enabling ActiveX or Java if something really cool beckons at a site you feel is worthy of trust. It's your call. 3) Visit an absolutely silly web site. A little perspective, folks... The web is a lot of fun, and when you pop in to a site like "Caffe Lardo" you just feel better about it all. http://www.cs.washington.edu/homes/adam/clark/lardo The Caffe Lardo Expresso Bar and Bakery is a great menu spoof but it requires that you visit the restroom before viewing. It's that funny! See you next time! --Bob Special Note: To users of AOL, Juno and others who are wondering about that funny-looking jumble at the top of each TOURBUS posting... It's a BUS! TOURBUS is meant to be viewed with a monospace font like Courier or Fixedsys. Try changing your fonts for viewing or printing and you'll see what you've been missing. (Unfortunately AOL users can't do much about it. If you know of any tricks to force the use of mono fonts, please let me know.) ======================================================================== Join : Send SUBSCRIBE TOURBUS Your Name to LISTSERV@LISTSERV.AOL.COM Leave : Send SIGNOFF TOURBUS to LISTSERV@LISTSERV.AOL.COM Archives: On the Web at http://www.TOURBUS.com Advertising: Send e-mail to BobRankin@MHV.net for details. =----------------------------------------------------------------------= --> "Doctor Bob's Painless Guide To The Internet" <-- Send e-mail to BobRankin@MHV.net w/ Subject: SEND BOOKINFO or browse reviews & sample chapters at http://biz.mhv.net/drbob Newsday says "Buy it for Mom!" ======================================================================== TOURBUS - (c) Copyright 1995-97, Patrick Crispen and Bob Rankin All rights reserved. Redistribution is allowed only with permission. Send this copy to 3 friends and tell them to get on the Bus!
|
|