Date: Sat, 17 Nov 2001 20:13:07 -0500
Reply-To: TOURBUS-Request@LISTSERV.AOL.COM
Sender: The Internet TourBus - A virtual tour of cyberspace
Comments: Resent-From: crispen@netsquirrel.com
Comments: Originally-From: Patrick Douglas Crispen
From: Patrick Douglas Crispen
Subject: TOURBUS -- 17 NOV 01 -- IE COOKIE PATCH FOR THE PC
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
----------------------------------------------------------------------
TOURBUS Volume 7, Number 33 -- 17 Nov 2001
----------------------------------------------------------------------
_________ ____________ ________ __________ _____________ ___ _
/ | / | | / | \
| READY TO START YOUR HOLIDAY SHOPPING? / | \
|__________|__________/__________|__________|___________/_____| \
/ |----\
| Let Amazing-Bargains.com help you save money! Hundreds of |////|
| coupons for over 100 of the top Online Stores. Keep track |////|
| of current online sales in one convenient place. And don't |////|
| miss our newsletters for Bargain hunters: Daily, Weekly, |////|
| or Hot Alerts. Check out some Amazing Bargains now! |////|
| |////|
| CLICK! |////|
\_______________________________________________________________|____|
/ \ / \ / \
\___/ \___/ T h e I n t e r n e t T o u r B u s \___/
SIX YEARS of Searchable Archives at http://www.TOURBUS.com !!
TODAY'S TOURBUS STOP(S):
IE Cookie Patch for the PC
TODAY'S TOURBUS ADDRESS(ES):
Yep. We've got some.
Howdy, y'all, and greetings from beautiful Irvine, California, a papal
chapel in the Vatican Palace that was erected between 1473 and 1481 by
the architect Giovanni dei Dolci for Pope Sixtus IV. :P
People magazine released its annual "Sexiest Man Alive" issue, and for
some odd reason they chose Pierce "Bond, James Bond" Brosnan instead
of *me*. I don't get it. What does Brosnan have that *I* don't have?
For those of you who answered "a job," I'll have you know that your
fearless bus driver has submitted resumes to the Orange County
branches of Canon, LeadingWay Knowledge Systems, Rand, Ricoh,
Washington Mutual, and ZC Sterling, among others.
And besides, even if I am not People Magazine's sexiest man alive, at
least I still have a shot at winning this year's Heisman Trophy. :P
TOURBUS is made possible by the kind support of our sponsors. PLEASE
take a moment to thank each of our sponsors for keeping our little bus
of Internet happiness on the road week after week.
+------------ *FREE* *FREE* *FREE* INKJET CARTRIDGES! ------------+
Buy 1, Get 1 FREE on all cartridges for your Epson, Canon, HP, or
Lexmark printer! 100% Guaranteed Quality - Secure Ordering - Fast
Service! Free shipping on orders over $25! Call 1-877-290-0687
or visit our web site and check out all our new low prices!
CLICK HERE
+-------------------------------------------------------------------+
+----------------------- XPerience LINUX! ------------------------+
Learn Linux now with Bob Rankin's NO B.S. GUIDE TO LINUX. The
FREE CD with this book has Red Hat Linux, tons of freeware, Apache
web server and cool Linux games. You'll find valuable new job
skills in 350 plain English pages -- no geekspeak or technobabble.
NEWYORK NEWSDAY says: "The most accessible guide to getting started
with Linux... Covers basic knowhow in a lighthearted style." Cover
price is $34.95 but TOURBUS readers get a 20% discount. Order your
copy today and get delivery anywhere in the world. Learn more about
the book, read sample chapters, order online and save $7 now!
CLICK HERE
+-------------------------------------------------------------------+
On with the show ...
--------------------
Cookie Security Hole
--------------------
Last week I showed you a Microsoft security bulletin warning that
A vulnerability exists because it is possible to craft a URL that
can allow sites to gain unauthorized access to user's cookies and
potentially modify the values contained in them. Because some
web sites store sensitive information in a user's cookies, it is
also possible that personal information could be exposed.
This cookie vulnerability exists in versions of Internet Explorer 5.5
and 6.0 for the PC, and possibly in earlier versions of Internet
Explorer for the PC as well. This vulnerability only affects Windows
users who also use Internet Explorer -- in other words, it does *NOT*
affect Mac or Linux users, or PC users who use Netscape instead of IE.
Last week I also promised to give you the URL and installation
directions for Microsoft's patch as soon as it is available.
Well, it's available. You can find the patch for PC versions of IE
5.5 and 6.0 at
>http://www.microsoft.com/windows/ie/downloads/critical/q312461/default.asp
Let's just hope this patch actually *WORKS*. :)
On the "Security Update, November 12, 2001" page, choose your native
language (English, Spanish, Swedish Chef, etc.) from the pull-down
list and click on the grey "Go" button. On the next page, click on
the "Security Update" link for your version of Internet Explorer.
If you don't know what version of IE you have, make sure you have
IE open and then go to Help --> About Internet Explorer.
The patch for IE 5.5 is 580 KB and should take just under three
minutes to download over a 28.8 modem (despite what Microsoft says).
The IE 6 patch is 448 KB and should take just over two minutes to
download over a 28.8 modem.
When you click on the "Security Update" link for your version of IE,
you'll be given the chance of either opening or saving the patch. The
choice is up to you. Remember, though, that if you save the patch to
your computer, you'll have to find that patch after it is downloaded
and then double-click on it for the patch to be applied.
Oh, and by the way, the patch requires you to restart your computer
after it is applied. <*Grumble*>
------------------------------------
What About *EARLIER* Versions of IE?
------------------------------------
If you have an older version of Internet Explorer for the PC -- for
example, IE 5.0 or earlier -- you have a problem. While the cookie
vulnerability may exist in early version of Internet Explorer for the
PC, Microsoft only supports Internet Explorer 5.5 and later.
No patch is available for pre-IE 5.5 versions of Internet Explorer,
and no patch will *ever* be available.
Unfortunately, if you have a pre-IE 5.5 version of Internet Explorer,
this leaves you with only three options:
1. Upgrade to IE 5.5 or later (and apply the patch);
2. Go "kamikaze": ignore the cookie vulnerability and keep using
your old, unpatched version of IE; or
3. Switch to another browser altogether.
Personally, I'd recommend upgrading. IE 6 works fine on both of my
computers -- a Win98 SE desktop and WinME laptop -- and is a *heck* of
a lot more stable than Netscape. You can find out more about
upgrading to IE 6 at
http://www.microsoft.com/windows/ie/default.asp .
If you choose to switch browsers, both Netscape and Opera have new
versions available for download. You can find out more about these
browsers and *MANY* others at
http://browserwatch.internet.com/browsers.html .
-----------------------------
Reactivating Active Scripting
-----------------------------
Last week I also mentioned that a simple way for you to protect your
computer from Microsoft's cookie vulnerability was to temporarily
disable active scripting in Internet Explorer 5.5 or 6.0 until the
patch is available.
What, exactly, is "Active Scripting?" D. Ian Hopper at CNN Interactive
answers that question the best:
When Microsoft uses the term Active Scripting, they're talking
about both JavaScript and VBScript, which stands for Visual Basic
Script. These languages provide interactivity and 'life' to Web
sites, without which they would be about as passive as a printed
page.
JavaScript isn't just used as a gimmick, either. It's used by
almost all major sites -- including CNN Interactive -- for uses
such as navigation, pop-up windows and e-commerce. Disabling
scripting would seriously cripple the site.
JavaScript isn't confined to Internet Explorer 5 ... It's used in
almost all modern browsers as well as across platforms.
[Quote from
http://www.cnn.com/TECH/computing/9911/23/active.scripting/]
So, while disabling active scripting was a good stop-gap measure until
Microsoft released its cookie vulnerability patch, now that the patch
is available it is pretty good idea to turn active scripting back on.
Here's how:
1. Launch Internet Explorer.
2. Go to Tools --> Internet Options.
3. Click on the "Security" tab.
4. Click on the "Custom Level..." button.
5. Scroll all the way down to the "Scripting" section (the
section is second from the bottom and its icon is a scroll in
the shape of the letter "S").
6. Under "Active Scripting," choose "Enable."
7. Under "Scripting of Java applets," also choose "Enable."
8. Click on the "OK" button.
9. Click on the "OK" button again.
That should do it.
------
Errata
------
Two weeks ago I accidentally misspelled both "Abilene" and "Tucson."
I apologize. (It was a *LONG* trip.)
Also, if you had problems accessing the page for the Norton
SystemWorks 2002 Edition offer, please try
http://www.tourbus.com/norton.htm
instead. I've been a *HUGE* fan (and user of) Norton SystemWorks for
as long as I can remember, and I have never seen it priced this
cheaply.
That's it for today. Have a safe and happy weekend, Happy
Thanksgiving to everyone in the states, and we'll talk again next
week.
TODAY'S TOURBUS STOP(S):
IE Cookie Patch
TODAY'S TOURBUS ADDRESS(ES):
Yep. We've got some.
---------------------------------
TODAY'S SOUTHERN WORD OF THE WEEK
---------------------------------
HAHD(verb). To conceal.
Usage: "Uh, oh. Here comes Bubba. Hahd the Moon Pies!"
[Special thanks to Cindy Vela for today's wurd]
You can find all of the old Southern Words of the day at
http://netsquirrel.com/crispen/word.html
=====================[ Tourbus Rider Information ]===================
The Internet Tourbus - U.S. Library of Congress ISSN #1094-2238
Copyright 1995-2001, Crispen & Rankin - All rights reserved
Help the hungry, poor and sick - for free! http://FreeDonation.com
Subscribe, Signoff, Archives, Free Stuff and More at the
Tourbus Website - http://www.TOURBUS.com
=====================================================================
.~~~. ))
(\__/) .' ) )) Patrick Douglas Crispen
/o o \/ .~
{o_, \ { crispen@netsquirrel.com
/ , , ) \ http://www.netsquirrel.com/
`~ '-' \ } )) AOL Instant Messenger: Squirrel2K
_( ( )_.'
'---..{____} Warning: squirrels.
