How To Subscribe
and Unsubscribe is at the end of this note. Mailing List Trouble? See http://www.langa.com/help.txt
Questions about the advertisers? See the end of
this note. Please also see legal notices at the end of
this note.
Want an easier-to read formatted HTML version? See http://www.langa.com/whats_new.htm (The HTML version of each issue normally is available by 9AM EST [GMT-5] of the issue date.)
Please recommend the LangaList to a friend! (And maybe win $10,000!)
The LangaList
21-Feb-00
A Free Email Newsletter from Fred
Langa
That Helps You Get More From Your Hardware,
Software, and Time Online
1) Alert! Security Problem For Internet Explorer
Java applets---little programs that run on your PC or inside your browser---are meant to be safe: They actually run inside a carefully-restricted safe area of your system. Inside this safe "sandbox" (yes, it's really called that!) the Java apps have severe limits on what they can do. This thus help ensure that a rogue Java applet won't be able to wreak havoc on your PC.
But much of the inherent safety depends on how well the sandbox is constructed---and it turns out there's a subtle flaw in the sandbox distributed as part of Internet Explorer 4 and 5. Microsoft says this flaw:
...could allow a Java applet to operate outside the bounds set by the sandbox. A malicious user could write a Java applet that could read - but not change, delete or add - files from the computer of a person who visited his site or read web content from inside an intranet if the malicious site is visited by a computer from within that intranet.
There are patches to plug the holes in the sandbox, but you have to use the patch that's right for your Java software version. So your first step is to determine which version you're already running:
- Open a command window (aka
"DOS Box"): Click Start/Run then type "COMMAND" on the input
line and hit enter. (On NT and Win2K, it's Start/Run/CMD and then hit enter.)
- When the command window
opens, type "JVIEW" and hit the enter key.
- Your version will be shown at the right of the topmost line. It will have a format like "5.00.xxxx", where the "xxxx" is the build number. For example, if the version number is 5.00.3229, you have build number 3229.
If your build number is 2000-2444 OR 3000-3190 OR 3229-3234 then you have the flaw. If JVIEW shows you some other number not in the ranges above, you're OK.
If you have the flaw, grab the appropriate patch:
- 2000 series builds: http://www.microsoft.com/java/vm/dl_vmsp2.htm
- 3100 series builds: http://www.microsoft.com/java/vm/dl_vm32.htm
- 3200 series builds: http://www.microsoft.com/java/vm/dl_vm40.htm
Click to
email this item to a friend
http://www.langa.com/sendit.htm
return to top of page
--------------(
Please Visit This LangaList Sponsor!) ------------
--------------(
the above is an advertisement )--------------
"Cookies" (those tiny
text files that some sites create on your system) generally are very, very safe.
For example, by design, only the site that creates a cookie normally can read
that cookie. But DoubleClick---the huge
ad-banner company--- has overcome that limitation through social engineering:
They're paying 10 large web sites for user data. If you go to one of these sites
and make a purchase or enter any private information, DoubleClick now has a way
to get that data, and to link it to what should have been the anonymous cookies
generated by your visits to any of the 1500 or so web sites in the DoubleClick
network. In other words, DoubleClick is
using human intervention to overcome the privacy protection that's built into
Cookie technology. Reader Chuck Quenzler was the
first to alert me to this, and he sent along an address for more info, including
how to opt out of DoubleClick's profiling, and more: http://www.cdt.org/action/doubleclick.shtml Even so, I have to admit I wasn't
sure what to make of all this at first, but then reader Gary G. Taylor sent me
this link: http://167.240.254.37/AGWebSite/press_release/pr10164.htm It's a notice from the Michigan
Attorney general, and it says in part: February 17, 2000 Attorney General
Jennifer M. Granholm today announced that she has initiated legal proceedings
against DoubleClick, Inc., the world's largest Internet advertising business,
and two web sites that it owns and controls, IAF.net and NetDeals.com. There's a problem with this
release because cookies are not "electronic surveillance files." By
themselves, they're harmless, static text files, and actually are highly useful.
The problem is not with the cookies, but with their abuse--- when DoubleClick
works around the cookies' inherent safety and anonymity, for example. Still, it's clear something bad
is going on here---Check it out for yourself! Click to
email this item to a friend This one's called the "Image
Source Redirect Vulnerability." Microsoft says this problem
"could allow a malicious web site operator to read - but not add, change or
delete -certain types of files on the computer of a visiting user." It affects Internet Explorer 4.0,
4.01, 5 and 5.01. Microsoft
explains it this way: When a web server
navigates a window from one domain into another one, the IE security model
checks the server's permissions on the new page. However, it is possible for a
web server to open a browser window to a client-local file, then navigate the
window to a page that is in the web site's domain in such a way that the data in
the client-local file is accessible to the new window. The data would only be
accessible to the new window for a very brief period, but the result is that it
could be possible for a malicious web site operator to view files on the
computer of a visiting user. The web site operator would need to know (or guess)
the name and location of the file, and could only view file types that can be
opened in a browser window. So it's not a horrible flaw, but
still is one that should be fixed. You can grab the patch either at http://windowsupdate.microsoft.com
or at More info? See http://www.microsoft.com/technet/security/bulletin/fq00-009.asp
. Click to
email this item to a friend -------------(
Please Visit This LangaList Sponsor!) ------------
--------------(
the above is an advertisement )--------------
Reader Jose Castro asks: I was wondering if there
is any way to share a modem. I am not talking about sharing a modem to connect
to the internet, but sharing a modem the same way you share a printer or a
directory. Why does windows does not allow sharing of this kind? A modem is just
like a printer. Why would anybody need this? In my case I have 2 computers at
home with a modem each. One modem is been used to connect to the Internet. The
other one is never use. If I want to send a fax or connect to a bbs (not
accessible through the Internet) I have to log off my computer or use the other
computer. It will be nice if I can share the other modem. I will setup my fax
software so that it uses the modem from the other computer. Then my wife and I
can be surfing the web while I am sending or receiving a fax. Faxing is a special case, and
some fax software does indeed let you share a fax modem; in effect, it treats
the fax like a printer. If you're connected on a LAN, other PCs can
"print" to the shared fax. The fax is available to any PC on the LAN,
although it can only connect to one number at a time, and only serve one PC at a
time. Basic phone connections are point
to point: Sending a fax, for example, establishes an electrical connection
between just the sending and receiving fax machines, period. Nothing else is on
that connection. Same with the BBS connection. The endpoints of the
communication are defined by the physical connection. On the Internet, you can get
around the point-to-point limitation: The Internet breaks your data into
packets, putting the source and destination address on each packet (sort of like
an envelope) and using intelligent "routers" to shuffle the data to
where it needs to go. But for this to work, the hardware at both ends has to
understand the addressing and routing schemes--- and in fact, everything on the
system must have a unique IP (internet protocol) address. The endpoints of an
internet connection are defined logically, not physically. There are ways to physically
share modems (standard and fax) in a limited way through the addition of a small
router. For example, the Protec company makes a whole line of modem-sharing
devices: http://www.protec.ca/index.asp
. Some require a LAN, but some
don't: You can, for example, connect a modem to one of the Protec boxes, and
then connect three or four PCs to the sharing device: each PC then thinks it
"owns" the modem, and all can use the same connection simultaneously. But there's no way to make one
standard modem be able to make two separate outbound calls to two different
numbers at the same time. (Say, to call your ISP and to send a fax at the same
time.) The closest you can get to that is with specialized "voice over
data" modems, or through DSL and similar services, which allow limited
kinds of simultaneous multiple calls. Click to
email this item to a friend In the last issue, I told you
about Arachnophilia, a very slick free HTML editor. (See http://www.langa.com/newsletters/2000/feb-17-00.htm#4
) Reader "Lance" adds
this: Thought your readers
would find the following useful. http://members.tripod.com/servais/toolbars.htm It's a free add-on to
Arachnophilia with lots of pre-made code to make design easier. Thanks, Lance. There are other good, FREE
editors out there, too: Reader "BC" writes: Hi, Fred, I enjoy the
newsletter very much and always read it top to bottom. After reading about the
recently recommended HTML editors I thought I'd let you know about an excellent,
free WYSIWYG HTML editor named IMS Web Dwarf. Here's a list of some features
from the website- "Features 1. WYSIWYG drag and drop
editor with pixel level positioning. http://www.virtualmechanics.com/IMSDwarf.htm This is a great editor
if you don't know how to handcode but still want to make a slick looking page. Many readers also wrote in about
the next item; Mark Kantrowitz was the first: After reading about
Robert Mundy's HTML editor, I thought your readers would be interested in a
really good web development program I found while searching for an HTML editor.
The amazing thing about this commercial quality program is that it is freeware
(not shareware). The program is called, 1st Page 2000, by Evrsoft ( http://www.evrsoft.com
). I haven't figured out why it is free. Here are some of its
attributes - 450+ Javascripts/VBScripts Thanks to all who wrote in! Click to
email this item to a friend If you think the
LangaList is a worthwhile read, just use the following link to recommend the
LangaList to a friend. Your friend just may find a new source of useful
information; I just may gain a new subscriber; and you just may win $10,000(!)
for your trouble (full details also available via this link): http://www.langa.com/recommend.htm#1 Or, win a copy of
"Poor Richard's E-Mail Publishing: Creating Newsletters, Bulletins,
Discussion Groups and Other Powerful Communications Tools." This book has
been described as "An excellent, straightforward manual on email
publishing, banner ads, driving traffic and especially ethics." (Full
details also available via this link): http://www.langa.com/recommend.htm#2 Either way, thank
you, and good luck! Click to
email this item to a friend -------------(
Please Visit This LangaList Sponsor!) ------------
Promote
your product or service --------------(
the above is an advertisement )--------------
Ken Tager offers this: "Squawks" are
problems noted by U. S. Air Force pilots and left for maintenance crews to fix
before the next flight. Here are some actual maintenance complaints logged by
those Air Force pilots and the replies from the maintenance crews. (P) = Problem
(complaint) (P) Evidence of leak on
right main landing gear. (P) DME volume
unbelievably loud. (P) Autopilot in
altitude hold mode produces a 200fpm descent. (P) IFF inoperative. (P) Friction locks cause
throttle levers to stick. (P) Number three engine
missing. (P) Aircraft handles
funny. (P) Left inside main
tire almost needs replacement. (P) Test flight OK,
except auto land very rough. (P) # 2 propeller
seeping prop fluid. (P) Something loose in
cockpit. (P) Dead bugs on
windshield. (P) Target Radar hums. Click to
email this item to a friend See you next issue! Best, (Please recommend
the LangaList to a friend! (And maybe win $10,000!) An easier-to read formatted HTML version is
available in the "what's new" section of http://www.langa.com.
(The HTML version of each issue normally is available by 9AM EST [GMT-5] of the
issue date.) All past LangaList issues are also available via the same link. Why are you getting this newsletter? There are
only two ways to get on the list (direct email request or via the WinMag mail
list signup page) so if you're getting this newsletter; your name came to me
through one of those channels. SUBSCRIBE (it's free!): Send email to subscribe-langalist@lyris.dundee.net About
the advertisers: Langa Consulting LLC will never knowingly accept
advertising for a fraudulent product, company or service. However, Langa Consulting LLC makes no implied or explicit warranty, recommendation or endorsement
of or for the products, companies or services mentioned in the ads. Disclaimer:
The tips and other information given in the newsletter are researched and are
believed to be accurate, but we cannot and do not guarantee that all the
information here will work on all systems, for all users, all the time. All
information herein is offered as-is and without warranty of any kind. Neither
Langa Consulting LLC, nor its employees nor contributors are responsible for any
loss, injury, or damage, direct or consequential, resulting from application of
any information presented here. This newsletter is a free service of Langa Consulting LLC and is Copyright © 2000 Langa Consulting LLC. All rights reserved.2)
DoubleClick Invades Privacy?
In a Notice of Intended Action filed today, Granholm alleges that DoubleClick
has violated the Michigan Consumer Protection Act and other laws by failing to
disclose to Internet users that DoubleClick is systematically implanting
electronic "cookies," or electronic surveillance files, on the hard
drives of users' computers without their knowledge or consent. According to
Granholm, DoubleClick is then compiling personal user profiles on consumers
which, potentially, can be linked directly to a consumer's name, home address
and e-mail account. DoubleClick has collected 100 million consumer profiles
according to news reports....
http://www.langa.com/sendit.htm
return to top of page3)
And Another IE Security Problem
http://www.microsoft.com/windows/ie/security/patch5.asp
http://www.langa.com/sendit.htm
return to top of page4)
Modem Sharing
http://www.langa.com/sendit.htm
return to top of page5)
More FREE Editors
2. Alignment Toolbar with group control, centering and Z Axis assignment.
3. A Layout Guide with Snap Grid option.
3. Text editor for HTML, Rich Text and Titles.
4. FTP publisher with Gather Option."
- DHTML Zone with re-usable DHTML scripts
- Full support for SSI, CGI, Perl, Cold Fusion, ASP.
- Javascript Rollover Images
- Javascript/VBScript Object Tree
- HTML Source Compressor - Reduce webpage file size
- Flash 4/Shockwave/Java/ActiveX Support
- 6 Common Javascript Wizards
- Includes over 20+ cgi/perl/htmlscripts from Matt's Script Archive with
complete instructions on usage.
- Calculate Image sizes (height/width)
- Drag-drop from Explorer
- Source Code Formatter
- Instant Tag Help anywhere, anytime.
- Complete Web Building Reference
- Spell Checker
- Thesaurus Checker
http://www.langa.com/sendit.htm
return to top of page6)
Don’t Make Me Beg! 8-)
http://www.langa.com/sendit.htm
return to top of page
to almost 100,000 readers,
and lock in today's low ad rates through June 30!
see http://www.langa.com/ratecard.htm7)
Just For Grins
(S) = Solution (reply)
(S) Evidence removed.
(S) Volume set to more believable level.
(S) Cannot reproduce problems on ground.
(S) IFF always inoperative in OFF mode.
(S) That's what they're there for.
(S) Engine found on right wing after brief search.
(S) Aircraft warned to straighten up, "fly right," and be serious.
(S) Almost replaced left inside main tire.
(S) Auto land not installed on this aircraft.
(S) #2 propeller seepage normal 1, #3, and #4 propellers lack normal seepage.
(S) Something tightened in cockpit.
(S) Live bugs on order.
(S) Reprogrammed Target Radar with the words.
http://www.langa.com/sendit.htm
return to top of page
Fred
(fred@langa.com)
UNSUBSCRIBE: Send email to unsubscribe-langalist@lyris.dundee.net
LIST TROUBLE? HAVE QUESTIONS? NEED HELP? See http://www.langa.com/help.txt