Date: Sun, 1 Apr 2001 04:39:28 +0000
Reply-To: TOURBUS-Request@LISTSERV.AOL.COM
Sender: The Internet TourBus - A virtual tour of cyberspace
From: Bob Rankin
Subject: TOURBUS - 31 MAR 01 - IE SECURITY PATCHES / WIN UPDATE CORPORATE
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
----------------------------------------------------------------------
TOURBUS Volume 6, Number 69 -- 31 March 2001
----------------------------------------------------------------------
_________ ____________ ________ _______________________ __
/ | / | | / | \
| N-E-V-E-R M-I-S-S A C-A-L-L / | \
|__________|__________/__________|__________|___________/_____| \
/ |----\
| Get premium VOICEMAIL service from eVoice and get your calls |////|
| answered while you're online, on the phone, out of town, or |////|
| whatever. Then retrieve your messages from ANYWHERE... via |////|
| the web, phone (toll-free) or by email. Sign up now, your |////|
| first month is FREE! Great for individuals & small biz. |////|
| |////|
| |////|
| Get eVoice - Click Here |////|
\_______________________________________________________________|____|
/ \ / \ / \
\___/ \___/ T h e I n t e r n e t T o u r B u s \___/
FIVE YEARS of Searchable Archives at http://www.TOURBUS.com !!
TODAY'S TOURBUS STOP(S):
IE Security Patches / Windows Update Corporate Site / PPT
TODAY'S TOURBUS ADDRESS(ES):
http://www.microsoft.com/windows/ie/download/default.htm
http://corporate.windowsupdate.microsoft.com/
http://www.bama.ua.edu/~squirrel/steal_my_inservice.zip
http://www.satirewire.com/news/0103/outlook.shtml
Howdy, y'all, and greetings once again from the beautiful city of
Tuscaloosa, Alabama, found by Dr. Robert Ballard on September 1, 1985,
lying upright in two pieces on the ocean floor at a depth of about
13,000 feet. :P
TOURBUS is made possible by the kind support of our sponsors. PLEASE
take a moment to visit today's sponsors to thank them for keeping
TOURBUS on the road.
+--------------- FREE 14oz SCENTED JAR CANDLES -------------------+
Buy 1 at $4.99 and GET 1 FREE while supplies last! Come check
out our other Buy 1 Get 1 Free offers available right now.
Win $100 in candles & candle accessories in our FREE Door Prize
drawing. You can enter daily for more chances to WIN! All of our
products carry a 100% money back guarantee! Lots of SALE ITEMS!
CLICK HERE
+-----------------------------------------------------------------+
On with the show ...
--------------------------------------------
Microsoft Internet Explorer Security Patches
--------------------------------------------
Blah blah blah Microsoft Internet Explorer blah blah blah security
problems blah blah blah download the patches blah blah blah get on
with your life. :P
Seriously, though, our friends at Microsoft have recently found a
couple of security problems with the PC versions of Internet Explorer
5.0 and 5.5. How can you tell if your version of Internet Explorer is
affected? Easy. Just launch Internet Explorer and then go to Help
--> About Internet Explorer. If your version number is 5 or higher,
your browser is affected and you'll need to download and install some
patches.
So what are these "security problems?" Well, the first one (for which
you need to download and install Microsoft's "Security Update, April
2, 2001" to fix) has to do with a fraudulent digital certificate:
... VeriSign, Inc., a major certificate authority, has informed
Microsoft that in January 2001 it erroneously issued two digital
certificates to an individual who fraudulently claimed to be a
Microsoft employee. These certificates could be used to
digitally sign programs (including ActiveX controls and Word
macros) using the name "Microsoft Corporation".
Programs signed using these certificates would not be able to run
automatically or bypass any normal security restrictions.
However, the warning dialogue that appears before such programs
could run would claim that they had been digitally signed by
Microsoft. Clearly, this would be a significant aid in
persuading a user to run the program ...
[ http://www.microsoft.com/technet/security/bulletin/MS01-017.asp ]
The second security problem (for which you need to download and
install Microsoft's "Security Update, March 29, 2001" to fix), has to
do with the fact that
... [b]ecause HTML e-mails are simply web pages, IE can render
them and open binary attachments in a way that is appropriate to
their MIME types. However, a flaw exists in the type of
processing that is specified for certain unusual MIME types. If
an attacker created an HTML e-mail containing an executable
attachment, then modified the MIME header information to specify
that the attachment was one of the unusual MIME types that IE
handles incorrectly, IE would launch the attachment automatically
when it rendered the e-mail.
An attacker could use this vulnerability in either of two
scenarios. She could host an affected HTML e-mail on a web site
and try to persuade another user to visit it, at which point
script on a web page could open the mail and initiate the
executable. Alternatively, she could send the HTML mail directly
to the user. In either case, the executable attachment, if it
ran, would be limited only by user's permissions on the system.
Before you panic, though, remember that Microsoft has released patches
that fix both of these problems. All you have to do is download and
install the patches.
I guess you can always run Windows Update and hope that Microsoft will
automatically install the patches for you. However, if you're like me
and get a chuckle out of that 'please wait while we DON'T send your
personal information to Bill Gates' message that pops up every time
you run Windows Update, check out
http://www.microsoft.com/windows/ie/download/default.htm .
This is a Windows Update page specifically for Internet Explorer and
it shows every critical and recommended update for IE from the past 11
months, including both the "Security Update, April 2, 2001" and the
"Security Update, March 29, 2001" that we talked about a couple
moments ago.
Downloading the updates couldn't be simpler. Just go to the Windows
Update for Internet Explorer page, click on the update in which you
are interested, and you are taken to page that tells you more about
that particular update. On that page, click on the blue "Download
Now" button, and then follow the on-screen instructions to either run
the update directly from Microsoft or to save the update onto your
hard drive so that you can run it at a later time.
That's it. Happy updating. :)
-----------------------------
Windows Update Corporate Site
-----------------------------
As long as we are talking about critical updates, do you know about
Microsoft's Windows Update Corporate Site at
http://corporate.windowsupdate.microsoft.com/ ?
The Corporate Site is a companion to the regular Windows Update we've
all visited in the past [to access Windows Update, a free tool that
automatically scans your PC for security holes and out-of-date Windows
drivers, go to Start --> Settings --> Windows Update or, in IE, go to
Tools --> Windows Update.] The Windows Update Corporate site was
created so that information technology professionals can download the
latest Microsoft software and driver updates without having to run
Windows Update on *EVERY* computer on their network. The Corporate
Site is also a GREAT resource for anyone who would like to have backup
copies of Microsoft's critical updates just in case you have to
reinstall Windows.
Remember, the regular Windows Update [Start --> Settings --> Windows
Update] is for anyone who wants to automatically update their Windows
operating system with the latest critical updates. The Windows Update
Corporate Site is for IT professionals and cyber gurus who have
already run Windows Update and who want to download an additional copy
of Microsoft's critical update files for their archives.
It is going to take you a minute or two to completely understand how
to use Microsoft's Windows Update Corporate Site, but it really isn't
all that hard. To find ALL of the critical updates for your
particular operating system,
1. Go to the Windows Update Corporate Site
2. Click on "Product Updates" on the left side of the page. This
takes you to a page that details the three steps in
downloading product updates ("search, select, and download.")
3. Click on "Search." This takes you to a search page where you
get to choose between software updates and driver updates.
4. Click on "Software Updates." This opens a second, more
detailed search page.
5. Scroll down the page and choose your operating system, select
"Critical and Security Updates," select the language of your
operating system (English, Finnish, etc.), and then click on
the powder blue "Next" button. This takes you to a page that
shows you ALL of the critical and security updates for your
operating system.
6. Put a checkmark in the boxes next to the updates you would
like to download, and then click on the grey "Next" arrow at
the top of the page.
7. This takes you to a really cool download page where you choose
the destination for your download straight from your browser
(a neat trick). Choose your destination and then click on the
blue "Download Now" button at the top of the page. This will
cause Microsoft's End User License Agreement to appear.
8. Click on "Yes."
That's it. The files will automatically be downloaded to your
Computer, and you can then install the updates whenever you want.
-----------------------
Another PowerPoint File
-----------------------
I just finished another PowerPoint presentation that you are welcome
to take:
Steal My In-Service -- Crispen's Beginner's Guide to the PC and
the Net
Will getting more RAM speed up your Internet connection? What's
the difference between a cable modem and a DSL line? Which is
better: AOL or an ISP? If you don't know the answer to these
questions, or if you are looking for a really cool in-service
that you can "creatively acquire" and present as your own, this
session is for you. Join Patrick Crispen as he explains how your
PC is like a kitchen, how your cable modem can be like Main
Street at 5 PM, and a bunch of other things about your computer
and the Internet that you NEED to know but that no one will
explain to you in English.
You can download the presentation for free from
http://www.bama.ua.edu/~squirrel/steal_my_inservice.zip .
The file is 1.37 Mb, so it should take 6 minutes and 39 seconds to
download over a 28.8 modem, 3 minutes and 23 seconds to download over
a 56 K modem, and 7 seconds to download over a 1.5 Mb cable modem. :P
Enjoy.
-------------
A Quick Funny
-------------
I'm stealing this last item from Fred Langa's LangaList
[http://www.langa.com/], so whatever you do, DON'T TELL FRED! :P
The folks at Satire Wire posted, and Mr. Langa recently reposted, one
of the funniest things I have read in a LONG time:
FOOT-AND-MOUTH BELIEVED TO BE FIRST VIRUS
UNABLE TO SPREAD THROUGH MICROSOFT OUTLOOK
Researchers Shocked to Finally Find Virus That Email App Doesn't
Like
Atlanta, Ga. (SatireWire.com) Scientists at the Centers for
Disease Control and Symantec's AntiVirus Research Center today
confirmed that foot-and-mouth disease cannot be spread by
Microsoft's Outlook email application, believed to be the first
time the program has ever failed to propagate a major virus.
"Frankly, we've never heard of a virus that couldn't spread
through Microsoft Outlook, so our findings were, to say the least,
unexpected," said Clive Sarnow, director of the CDC's infectious
disease unit ...
To read Satire Wire's entire article, hop on over to
http://www.satirewire.com/news/0103/outlook.shtml .
That's it for today. Have a safe and happy weekend, and we'll talk
again soon. :)
TODAY'S TOURBUS STOP(S):
IE Security Patches / Windows Update Corporate Site / PPT
TODAY'S TOURBUS ADDRESS(ES):
http://www.microsoft.com/windows/ie/download/default.htm
http://corporate.windowsupdate.microsoft.com/
http://www.bama.ua.edu/~squirrel/steal_my_inservice.zip
http://www.satirewire.com/news/0103/outlook.shtml
---------------------------------
TODAY'S SOUTHERN WORD OF THE WEEK
---------------------------------
CAY-UN (Noun). A metallic food container.
SPAY-UM (Noun?). A processed meat product with the shelf life of gravel.
Usage: "Bubba, fetch me another cay-un of spay-um."
[Special thanks to Bruce Ball for today's wurd]
You can find all of the old Southern Words of the day at
http://netsquirrel.com/crispen/word.html
=====================[ Tourbus Rider Information ]===================
The Internet Tourbus - U.S. Library of Congress ISSN #1094-2238
Copyright 1995-2001, Crispen & Rankin - All rights reserved
Help the hungry, poor and sick - for free! http://FreeDonation.com
Subscribe, Signoff, Archives, Free Stuff and More at the
Tourbus Website - http://www.TOURBUS.com
=====================================================================
.~~~. ))
(\__/) .' ) )) Patrick Douglas Crispen
/o o \/ .~
{o_, \ { crispen@netsquirrel.com
/ , , ) \ http://www.netsquirrel.com/
`~ '-' \ } )) AOL Instant Messenger: Squirrel2K
_( ( )_.'
'---..{____} Warning: squirrels.
