|
Please visit the LangaList Home Page Please note: Older issues may contain information that is now out of date. How To
Subscribe and Unsubscribe is at the end of this
note. Mailing List Trouble? See
http://www.langa.com/help.htm Please recommend the LangaList to a friend! (And maybe win $10,000 !) An easier-to read formatted
HTML version of this newsletter is available The
LangaList 2002-10-24 Please visit our sponsors and help keep the LangaList S.E. free!
--- ( Your Clicks On Ad Links Help Keep The LangaList Free! ) ---
--------------( the above is an advertisement )--------------
1) More On Word/Excel's "Hidden Fields"Yow, what a hot potato! Our coverage of "hidden fields" inside Microsoft Office documents (all versions of Word from 1997 onward, and Excel 2002) has generated a ton of reader comment and email. To put the following comments in context, please click over to http://www.informationweek.com/story/IWK20021017S0016 to see what all the fuss is about: There, I'll show you the two major forms of attack that can use hidden fields, and also show you how to prevent these attacks from succeeding. But not everyone agrees:
There's some truth in that for sure, but all I can do is try to protect my own readers. <g> That's one of the reasons why online security is such a dominant topic in this newsletter: There's *lots* we all can do to make ourselves safe. Of course, whether we actually do or not is another thing--- but the tools are there for the using. All we have to do to is use 'em.
Thanks, Mike. You're right: I should have specified that Shift-F9 requires that you've highlighted the place where the code is: The Alt-F9 approach is a better place to start looking for hidden fields. What's your take? Are hidden fields a huge risk, or are the simple methods I suggest at http://www.informationweek.com/story/IWK20021017S0016 enough? Check out the article, and then follow the link on the last page to the discussion area. See you there! Click to email this item to a
friend 2) New Intrusive Ad TypeYou may have seen the news: A company is selling a tool that makes it easy
for aggressive advertisers to open a new kind of browser-less popup ad on your
PC--- an ad that can appear whenever you're online, whether or not you're viewing
a web site. (See
http://www.cnn.com/2002/TECH/internet/10/21/pop.upspam.ap/index.html or But, in a way roughly analogous to the "hidden field" problem above, this new intrusive advertising is a problem only if you let it be: It's not hard to block these ads completely. The ads use a normally-valid function of Windows Messenger, which is part of the OS (not to be confused with "MSN Messenger," the IM/Chat toy). Messenger is a tool that normally allows, say, a business' network administrator to broadcast a message to everyone on a LAN; the message might be something like "Server going down for maintenance in 5 minutes. Please log off." Some other legitimate tools and services may also use Messenger to display information, too. The problem arises when people who have no use for Messenger leave it enabled; and/or when people who need Messenger leave it set up so that it can be accessed from random locations on the Internet. If you don't need Messenger at all, just disable it. It's not hard: The guy selling the tools for Messenger-based advertising actually provides pretty good instructions at http://www.directadvertiser.com/optout.html , or you can dive into the deep end of the pool with the tech discussion at http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html ) If you do need Messenger (or if you don't know if you need it or not), you can use your desktop firewall to prevent Messenger from being accessed by external Internet sites. This way, Messenger can work locally for messages generated on your own system or from "trusted" PCs on your LAN, but not for messages generated from unknown PCs or external Internet sites. Some firewalls let you block Messenger by name; that's the easiest way. But if not, all firewalls should let you block the ports that Messenger normally uses: Port 135 (TCP/UDP) and--- less commonly, for a related but slightly different form of messaging--- ports 137 and 139. (Deep-geek explanations: see http://mynetwatchman.com/kb/security/articles/popupspam/index.htm and http://mynetwatchman.com/kb/security/articles/popupspam/netsend.htm ) Either way, by disabling Messenger altogether or by preventing it from connecting to or from the Internet, *you* control what Messenger can and cannot do on your system, and that's the way it should be. Click to email this item to a
friend 3) Check Your Browser's "Cipher Strength"Reader Jane Forrest had a problem logging onto secure servers, such as those used for online purchases. These servers normally work with your browser to encrypt the data sent over the secure connection, but it wasn't working for Jane--- she wasn't being allowed to connect to secure servers at all. We wrote back and forth a bit, and she eventually tracked down the problem to scrambled files that disabled her browser's ability to encrypt data.
Good for you, Jane! <g> Cipher-strength problems can be subtle: Even if you can connect to secure servers, it's still worth checking your browser's cipher strength because some older browsers use only 40- or 56-bit encryption, which is relatively weak and therefore more vulnerable to hacking. Most current browsers use 128-bit encryption, which gives reasonable protection for routine transactions with secure sites. In IE, you easily can see what your current cipher strength is by clicking on Help/About and seeing what it says. The page at http://www.cyberwatch911.org/reporting/ciphercheck.html contains information for checking the cipher strength in other browsers and versions, too; or see http://www.google.com/search?q=check+cipher+strength . Click to email this item to a
friend --- ( Your Clicks On Ad Links Help Keep The LangaList Free! ) ---
--------------( the above is an advertisement )-------------- -4) Sygate Firewall Caveats
Thanks, Rich. All firewalls have their own oddities and quirks, mostly as a result of the software designers trying to guess which features most users will want to use most often. When you have a choice of several products that provide the same core functions, deciding which is best for you is often a matter of seeing which one most closely matches your own workstyle and preferences. That was the basis of my lack of enthusiasm for Norton Personal Firewall 2003, for example ( http://www.langa.com/newsletters/2002/2002-10-17.htm#1 ): The firewall works, but it buries some functions that I think are important, and overemphasizes other features that I think are relatively insignificant. Even through the firewall works, it's not a good fit for me. The "act as server" issue is somewhat similar: Sygate Personal Firewall initially treats client and server rights as one item: It assumes that if you say it's OK for an app to connect, then it's OK to connect either as a client or as a server. In contrast, Zone Alarm initially treats client and server accesses as separate issues: You have to give separate permission for each type of access. There are trade-offs either way: ZA's defaults make the server-rights issue obvious, but at the expense of making you step through additional prompts. SPF's defaults minimize the prompts you have to deal with initially, but at the expense of not making the server-rights option obvious. To deny server rights in Sygate, you have to open the SPF main window, click Applications, then select any listed program, then click Advanced, and uncheck "Act As Server." By using the pull-down pick-list in "Name of Application," you then can also adjust any other or all of your Internet-enabled apps to act as a server or not, without having to go back to the main window. SPF's approach takes three extra clicks compared to ZA's method, but Sygate's method is much easier than Norton's elaborate 11-step process for setting server rights, which drags you through window after window after window. Once again, the firewalls all do the same basic thing, but in very different ways. Which approach feels "right" for you will depend on whether or not you agree with the software designer's decisions about the relative importance of different features. BTW, if you use Sygate Personal Firewall, this site has lots more third-party info on making the most of that firewall: http://personal.atl.bellsouth.net/i/k/ikpe/ Click to email this item to a
friend 5) Online Histories Of Computing
Thanks, Fred. I can't quite make out the exact model of the 1960's-era behemoth in that photo, but it's a safe bet my son's X-box has many times its computing power. Heck, there are probably PDA wristwatches with that much power now! I bet there's also a story behind the hand-lettered "No Go" sign stuck atop the console, too... Fred's page also pointed to another site I'd seen many years ago, but had forgotten: The "Chronology of Personal Computers" from 1947 to 1977 ( http://www.islandnet.com/~kpolsson/comphist/ ). Seeing that sent me to the search engines for these
online histories, which cover later years: Some interesting clicks in there! Click to email this item to a
friend 6) PR Budget = $0.00Long-time readers know this newsletter is a one-person, private project of mine: It's not part of some publishing empire's stable of publications. There's no budget, staff or facility to handle outreach and promotions. The newsletter depends on word of mouth to grow. And that's where you come in: Each issue, I try to offer you useful, interesting and amusing factoids to help you with your hardware, software, and time online. Can you take just a minute to help me out in return? If you think the LangaList is a worthwhile read, just use the following link to recommend the LangaList to a friend. Your friend just may find a new source of useful information; I just may gain a new subscriber; and you just may win $10,000 for your trouble (full details also available via this "Recommend It" link): http://www.langa.com/recommend.htm#1. The "Recommend-It" service is an ad-based site (you’ll see banners and such). The advantages to you of using the Recommend-It service are that you can win $10,000 and that you can add a personal message to your LangaList recommendation. But if you’d rather use the tried-and-true, ad-free recommendation form, you’ll find it at: http://www.langa.com/recommend.htm#2 . That option gives you a shot at winning a no-strings $30 Gift Certificate for any item at Amazon.Com--- books, software, hardware, kitchenware, toys, and more. Either way, thank you for helping to spread the word about the LangaList! Click to email this item to a
friend 7) Convert Setup Floppies To CD?
Wow--- 4.3! That's practically a fossil! <g> But I'll admit I've sometimes run into the same thing with very old software--- a floppy-based copy of Window 95 from a relative's ancient PC for example, or a pile of separate floppy-based setup disks for the mongrel collection of network cards I have in my office. No matter how you end up with them, a pile of floppies is a hassle. They're unwieldy and slow to use, and inferior as a long-term storage medium: Dust, dirt, and stray magnetic fields can render them useless. Putting old floppies on a CD avoids much of that hassle, and it's not hard to do. Usually, you can just set up the CD with a subfolder for each floppy (i.e. name the subfolders something like disk1, disk2, disk3, etc.). Then you simply copy each floppy's contents to the like-named folder on the CD (floppy #1's contents to the subfolder named "disk1," for example). Be sure you copy everything from each floppy-- including hidden and system files--- to the target subfolder. You may need to hang on to the master setup disk (usually floppy #1 in a set) as the software may be keyed to it, requiring it to be run from, say, the A: drive to start the setup. But once the setup starts, you can point the installer at the appropriate folders on the CD, and the software should install just fine--- and much faster than if it were on floppies. Click to email this item to a
friend 8) They Loaded The CodeDo you have a home page or website? (It doesn't matter what size.) Please click over to http://www.langa.com/code.htm , and maybe you can join the hundreds and hundreds of LangaList readers who have "Loaded the Code!" (If you've already "Loaded The Code" and are wondering if your site will appear here or on the Langa.Com web site, please see http://www.langa.com/link.txt ) Speaking of which: Here's another eclectic sample of reader sites--- some professional, some very personal: View A Randomly-Chosen Reader Site Manually Browse All Posted-to-Date Sites Starting At WinPatrol (free software For Windows 95, 98, ME, 2000, NT and XP) Faux Historical Documents Underdog Crew Sarasota Boat Rental Mississippi Isshin-Ryu Karate Jim Brooks Tunes The La Quinta Class of 1977 Castle's Moat Skeptical Review Online 1965 Jaguar Mark X Classic Saloon Car CAKnet PODQ (visually, um, challenging) Click to email this item to a
friend --- ( Your Clicks On Ad Links Help Keep The LangaList Free! ) ---
--------------( the above is an advertisement )-------------- 9) New Boot Floppies for XP SP1
Thanks, Bill! If you think you might ever need floppy-based access to your XP SP1-based system, it'd be a good idea to grab the appropriate files; full instructions are also available from the above links. Click to email this item to a
friend 10) Just For GrinsChrisS writes:
Click to email this item to a
friend --- ( Your Clicks On Ad Links Help Keep The LangaList Free! ) ---
--------------( the above is an advertisement )------------- ---11) Plus! Edition Highlights:
Today's LangaList Plus! Edition contains all ten items above, plus about 30% more content including: Excellent, reader-suggested tools and techniques for further speeding up apps--- especially older ones--- on Win2K and XP; a free tool that monitors Win98 in real-time, alerting you to subtle glitches as they occur; and a hugely popular and offline (local) dictionary you can download and use for free! Hey, the Plus! edition is only a buck a month; what are you waiting for? <g> Full info: http://www.langa.com/plus.htm Click to email this item to a
friend See you next issue! Best, An easier-to read formatted HTML version is available in the "Current Issue" section of http://www.langa.com. (The HTML version of each issue normally is available by 9AM EST [UT-5] of the issue date.) All past LangaList issues are also available at the Langa.Com site. UNSUBSCRIBE: From the same email account you
used to sign up with), send an email to SUBSCRIBE (it's free!): Create and send a new email to CHANGE ADDRESS? LIST TROUBLE? HAVE QUESTIONS? OTHER PROBLEM? NEED HELP? See http://www.langa.com/help.htm This newsletter is SPAM PROOF and requires two levels of subscriber confirmation
before delivery begins: See
http://www.langa.com/info.htm |
|
Please visit the LangaList Home Page |