 |
| | |
Brian's Buzz on Windows has changed its name to the Windows
Secrets Newsletter. Get the latest high-tech tricks with a free
subscription. Click here to subscribe
|
|
|
 |
|
|
|
SEPTEMBER 4, 2003 - Issue 13
You can't trust that From line
The continuing rampage of the SoBig virus, the most widespread e-mail virus
in history, has already resulted in more than
100 million bogus
messages being sent around the world, according to security experts. SoBig,
like many viruses, reads through people's e-mail address books. It then inserts
random addresses into the From line of each outgoing message to make it appear
to be coming from a person that it's not.
I was horrified when I realized that PC users might receive bogus e-mail
messages that appeared to be sent from me. Because I'm in so
many people's address books, at the height of the attack I myself was receiving
more than 500 copies of SoBig messages a day. I easily filtered these
out without harm, but I could see that one of my BrianLivingston.com addresses
had received a virus that had supposedly been sent from one
of my own BriansBuzz.com addresses! (It hadn't been.)
If you ever receive a virus or a piece of spam that claims to have been
sent from one of my addresses, please don't assume it had anything
to do with me. My privacy guarantee assures you that I'll never sell, trade,
or give away your address or use it for any
purpose other than sending newsletter updates. But I can't stop viruses from
impersonating my address or anyone else's. To my readers' credit, no one has
ever written to accuse me of sending this junk, even though (by chance) many,
many people must have seen my return address on a bogus message.
I appreciate your understanding, if this ever happens to you.
--Brian Livingston
TOP STORY - info you need to make Windows work
IE security patch breaks ASP.NET on XP
By Brian Livingston
This isn't the first time that a Microsoft patch has needed a patch.
And it won't be the last time, either. Fortunately, it's not the most
horrible or widespread "son-of-a-patch" I've ever seen. But it affects
enough people that you may want to listen up.
I reported in the August 21 issue of Brian's Buzz that Microsoft had
released two new fixes that I strongly recommended you install.
One update corrects a security flaw in Internet Explorer 5 and 6,
while the other closes a hole in Windows Me, 2000, and XP.
(This particular report was in the newsletter's
paid version.) The downloads are
MS03-032 /
822925 and
MS03-033 /
823718, respectively.
Warnings about these two updates were drowned out by the wailing and gnashing
of teeth caused by the Blaster worm, the SoBig virus, and other highly
publicized nightmares last month. But I want to emphasize to you the
importance of installing the latest two fixes. The IE hole is rated
"critical" by Microsoft, and the other flaw - while merely rated "important" -
demands your attention because it affects so many versions of Windows.
Unfortunately, installing the IE patch (i.e., MS03-032) wipes out some flavors
of Microsoft's ASP.NET environment running on Windows XP Professional.
If this problem affects you, any processes that touch ASP.NET applications
on Internet Information Server running locally on an XP Pro machine fail with
the message, "Server Application Unavailable."
The configuration of Microsoft software that is affected is:
• Windows XP Professional; and
• Its built-in IIS Web server running locally; and
• .Net Framework version 1.0.
A configuration is not affected if any one of the following is true:
• Windows 2000 or Windows Server 2003;
or
• Windows XP Home; or
• IIS Web server running remotely; or
• .Net Framework version 1.1 or higher.
At press time, Microsoft was furiously trying to develop a fix that
would correct MS03-032's impact on .Net. By the time you read this,
the Redmond company may have already posted a corrected patch.
|
|
SPONSORED LINKS
Price Watch
Powered by Amazon.com. Prices fluctuate daily.
Top 10 Bestselling Windows Registry Books This Week
1.
Microsoft Windows XP Registry Guide,
Sep 2002, List: $39.99, Price: $27.99
2.
Managing Windows 2000 Registry,
Aug 2000, List: $39.95, Price: $27.97
3.
Mastering Windows XP Registry,
May 2002, List: $49.99, Price: $34.99
4.
Windows 98 Registry Handbook,
Dec 1998, List: $19.99, Price: $13.99
5.
Windows XP Registry: A Complete Guide to Customizing and Optimizing Windows XP,
Dec 2001, List: $39.95, Price: $27.97
6.
Windows 2000 Registry Little Black Book,
Jul 2002, List: $29.99, Price: $20.99
7.
Windows 2000 Registry for Dummies,
Dec 1999, List: $24.99, Price: $24.99
8.
Windows .NET Server 2003 Registry,
Apr 2003, List: $39.95, Price: $27.97
9.
Microsoft Windows 2000 Registry Handbook,
Jun 2000, List: $39.99, Price: $27.99
10.
Windows 2000 Registry,
May 2000, List: $44.99, Price: $31.49
Search Amazon.com
Advertise in Brian's Buzz
Circulation: over 45,000. Cost per 1000: $5 per 50 words.
Text-only ads get results.
Contact us now
|
|
|
|
Whether or not that's already happened, Microsoft has provided a simple
workaround that eliminates the bonking. If you have any machines that
might be affected, first read the
ASP.NET FAQ.
Second, read the ASP.NET
forum thread for more details. Then run the workaround described in
the FAQ, which involves a small command file.
I'd like to acknowledge Gary Visser, who was the first reader to implore
me to show both the MS bulletin number and the Knowledge Base
number in my reports, as I've done a few paragraphs above. He and other
readers correctly point out that both the Windows Update Installation
History and the Add/Remove Programs applet display the KB number
(for example, 822925), but not the bulletin number (such as MS03-032).
This makes it hard to know at a glance whether or not
a particular patch is running on a machine. I'll do my best to include
both numbers when Microsoft has two such interrelated documents.
Sheesh, cleaning up after Microsoft is fun, isn't it?
THIS WEEK'S HOT TIPS - news of the world of Windows
Windows updates get freaky with AmphetaDesk
AmphetaDesk is
a popular RSS (Really Simple Syndication) application
that brings together "news feeds" from Web sites and blogs selected
by the user.
Brian's Buzz reader Steven Davidson, an AmphetaDesk fan, found
that the application mysteriously stopped working after he installed several
Microsoft updates:
-
"Access to localhost (127.0.0.1) is broken
on Windows 2000 SP4 and Windows XP Pro after the latest Winupdate-prescribed
updates. ... I just installed IIS [Internet Information Server] and now
it's working, so that will do for now."
AmphetaDesk collects news feeds by using a localhost port at IP address
127.0.0.1:8888. Davidson's reported behavior (especially the fact that
installing IIS fixed his problem) seemed very strange. So I contacted
Morbus Iff, the developer of AmphetaDesk, whose real name is
Kevin Hemenway,
the co-author of the new book,
Mac OS X Hacks. What he's figured out poses a challenge
to Windows pros. I hope my readers can shed some light on it:
-
"About three months ago, I got a flurry of reports that AmphetaDesk
had stopped working in IE, with complaints that people were being
denied outright. I get a similar report about once a week.
"Solutions I've found that have worked partially for different people:
• Use a different browser (this would rule out
the claim of a localhost issue, unless it's something specific within IE).
• Use your static IP address for your Net
connection (63.173.138.175:8888 instead of 127.0.0.1:8888, for example).
• One guy, who tried the above two and was desperate,
installed IIS. The minute he did this, AmphetaDesk started working
again (which furthers the localhost theory).
"I've not come across anyone smart enough to check the built-in [XP] firewall
settings, and not having XP myself, I don't know how to instruct people to."
Any readers out there game enough to solve this one? If I print your
solution, I'll send you a gift certificate for a book, CD, or DVD of your
choice. To send me a tip about this or any other subject, visit
WindowsSecrets.com/contact.
RECOMMENDED READING - my book reviews of tech topics
Windows XP Hacks: a new take on Microsoft's OS
Another winner in O'Reilly's "hacks" series, Windows XP Hacks brings
you 100 bite-sized tricks, each with the wit and wisdom of Preston Gralla.
The author, a PC Magazine and Computerworld columnist who
previously brought us
The Complete Idiot's Guide to Internet Privacy and Security,
now updates us on XP with tips on everything from changing unchangeable icons
to stopping pop-up windows. Not the most technical book, but a lot of fun
for people who like to get under the hood.
More info
Microsoft Project Server 2002: preventing future runaways
Is your programming project destined to become a runaway - an effort that
can't be completed successfully no matter how many dollars are thrown at
it? Gary Chavetz's new book is intended to prevent that by helping you
plan well from the beginning. Microsoft knows that development
projects can easily go off the tracks. "Seventy-four percent of all IT
projects fail, come in over budget, or run past their original deadlines,"
is how Microsoft Project general manager Chris Capossela puts it. Project
Server 2002 was architected to let all team members update their assignments
using a Web browser, not MS Project itself. Microsoft Project MVP Chavetz,
in a manual-replacing volume that just came out on July 29, tries to
teach you how to harness this flexibility in ways that can keep you
from becoming a statistic.
More info
THE TRUSECURE REVERSAL - to err is human, to patch divine
Windows 2000 SP4 co-exists fine with MS03-026, TruSecure now says
In the August 21 issue of
Brian's Buzz, I printed a paragraph based on a security alert by the
TruSecure Corporation, a usually reliable source of computer advisories. The
alert involved what would happen if a Windows 2000 machine with Service
Pack 3 machine was upgraded to SP4. If Microsoft's critical
MS03-026 patch (KB
823980)
had been applied to SP3 to protect against worms such as Blaster, TruSecure had
said, installing SP4 would undo the protection provided by the patch.
After that newsletter was sent out, Russ Cooper, the editor of NTBugtraq
and the author of the original TruSecure alert, wrote to me saying,
"See the attached e-mail, we were wrong."
The attachment said, in part:
-
"The testing that was used to come up with this statement was wrong.
I did the testing, so I know it was wrong. Last week, I rechecked this
and found my mistake. ...
"TruSecure Corporation originally believed that Windows 2000 machines which
were at SP3, then patched with MS03-026, and then updated to SP4, would
become vulnerable to the attacks against RPC/DCOM (e.g., Blaster).
Subsequent testing proved this not to be the case. Systems patched in this
method will retain the MS03-026 patch after applying SP4 and do not need
to re-apply the patch."
The day after my newsletter had gone out, I sent to all subscribers a
short, plain-text update that reported TruSecure's change. A couple
of readers subsequently expressed to me their opinion that the reversal had
damaged the credibility of TruSecure, but I disagree. In a fast-changing and
confusing situation, any news source can make an error. What's most
important is that the originator correct the mistake as quickly as
possible, which TruSecure did.
My privacy guarantee (shown at the bottom of this newsletter) allows me to
send out newsletter updates in between my regular issues, but I rarely do. The
one on August 22 was my first in seven months of publication. I believe the
importance of the TruSecure change warranted the extra e-mails. Numerous
readers volunteered comments suggesting that they agree:
-
"So many try to cover up mistakes and misunderstandings. Your integrity
is refreshing." --Lawrence D. Wilson
-
"Professional IT people don't need newsletters or information providers
that get bits wrong and try to slip it by without saying anything because
they are afraid it will hurt sales or subscriptions. We need newsletters
that take their best shots and tell it like it is and try to be as timely
as possible. If in the course of that, a bit here or there happens not
to be clear, or even wrong or whatever, they come out with the
correction/update clearly explained and labeled as such and then go on to
the next story. That's how you build a loyal readership and a
reputation for fairness, accuracy, and speed, which (in that order) are
the things you want to foster - trust me on this one."
--Greg Hecht
-
"I commend you for the high level of integrity shown by quickly alerting
your readers to this change. I am sure it will save hours of work for
those that were previously misinformed." --Roger Silva
I suppose I should let sleeping dogs lie and end it right there.
But to keep my readers fully informed, I feel compelled
to report to you that yet another "gotcha" involving Windows 2000 SP4
has been found by subscriber Matthew Evans:
-
"In response to upgrading Win2K SP3 to SP4 and losing the RPC patch from
Microsoft, I agree with your newsletter update, it does not affect it.
On a side note, though, I have experienced that when removing SP4 to
downgrade back to SP3, the patch is removed and must be reinstalled."
I consider this to be an unverified anecdote, but I'm passing it along to you
because the RPC patch is a very important one and there's an easy way for you
to check on its status. In Windows 2000 SP4, use the Add/Remove Software applet
to see whether patch 823980 has been installed. If so, and if you then
uninstall SP4, you should check the applet to determine whether 823980 is
still present. If not, then the problem that affected Evans' enterprise
affects yours, too, and you should re-apply 823980 to remain protected.
WINDOWS GIZMOS - my product reviews of new stuff
Keep those USB devices close at hand with the FlexUSB
I've been looking for one of these, and someone is finally making it!
The Ideative FlexUSB plugs into any USB port and turns your USB device
(pocket drive, MP3 player, etc.) at any angle up to 90 degrees so it
doesn't stick straight out from your laptop. You can actually plug in
those rigid USB connectors and use them on an airline tray table without
poking your fellow passenger in the next seat. It's about $13 (street)
and is just about as small as such a goodie can get. Works with both
USB 1.1 and 2.0 ports, too.
More info
Zip 4 feet of cabling down to less than 4 inches
If you're tired of carrying around all kinds of bulky cables that get tangled
up in your briefcase or laptop bag, you need to know about Zip-Linq. A company
called Cables Unlimited makes these clever units - "the reel solution to cable
clutter" - with flat, skinny wire that retracts back into tiny, packable rolls.
The Cat 5,
RJ45 cable (pictured at left), suitable for 10/100 Mbps Ethernet
speeds in offices and hotel rooms, stretches to 4 feet in length but then
retracts to a little knot that's just under 4 inches. Other models contain
cables for
modems (RJ11),
Firewire (IEEE 1394),
USB,
iPAQ,
Palm, and a unit that charges your
cell phone off your USB port.
Street prices range from $9 for a USB cable to $20 for a charger.
No more cable spaghetti!
More info
FORWARDING INSTRUCTIONS - news gains value when it's shared
Please share this information with your colleagues
You're encouraged to refer your friends and colleagues to this free
newsletter. Because most e-mail programs don't correctly display a formatted
message that's been forwarded, simply call people's attention to
the permanent Web address of this issue:
BriansBuzz.com/w/030904.
HERE'S A TIP - you'll get a better newsletter if you choose the paid version
You're reading the free version of Brian's Buzz on Windows
Subscribers to the paid version receive additional information in each issue.
Some of the extras this week are:
- A severe threat from audio files.
A new patch is freely available, but the target software isn't Microsoft
for once, so most people haven't heard about it.
- The latest bulletins from Redmond. I point out problems
affecting Windows 2000 and 2003 Server, XP, and Outlook 2002 and 2003.
- Numerous issues are arising with Windows 2000 SP4.
The ones I've written about previously now seem like just the tip of the
iceberg.
- Personal service. As always, if your paid newsletter bounces
because of a faulty ISP or mail-server junk filter, I promise to make at least
one attempt to contact you and give you tips on correcting whatever is deleting
mail that you requested.
If you make a contribution before September 17, 2003,
you'll be sent the full, paid version of this week's newsletter.
To upgrade to the paid version, please visit
WindowsSecrets.com/upgrade.
Thanks in advance.
WACKY WEB WEEK - playing for you the Internet's greatest bits
This site will give you a galloping good time
Reader Steve Hausman nominates today's Wacky Web Week site as "a really
clever use of Flash technology." He's absolutely right. Let the page
download for a bit until you see four horses standing in front of a wooden
fence. When the horses' eyes start blinking, click each one in turn with
your mouse. I didn't know horses could sing in rounds! (This plays
through your speakers, so turn them down if you don't want snoopy
co-workers in every nearby cubicle to come looking for the source of
the singing.)
More info
Don't download online casino advertisements
The Wacky Web Week site that was featured in my
July 24 issue - a parody of
IE's well-known "404 error page" - was good for a laugh. But the site
apparently belongs to a link-exchange advertising network that I
wasn't aware of. Reader Larry Unger
says that when he visited the page and then closed his browser window,
a new window opened that advertised an online casino, and it attempted to
begin downloading software known as Reefsurf. He canceled the process
harmlessly, but wondered why I hadn't mentioned this irritating behavior in my
review. Either the site hadn't had that feature when I visited it, or
the pop-up window was frozen in its tracks by WebWasher, a free utility that
I'll write about in a future issue.
|
|
|
|
|
| |
|
|
|
 | |