[MikesWhatsNews] MWN #576 HackFix
- From: "Mike" <mikebike@xxxxxxxxx>
- To: mikeswhatsnews@xxxxxxxxxxxxx
- Date: Tue, 22 Oct 2002 14:24:25 -0700
My apologies to everyone, this one just came back to me.
I'm resending it now. Mike
MikesWhatsNews, 18, 10, 2002
in today's issue #576
Microsoft Security Bulletin MS02-059
HackFix Updates
2 ESP Experiment
3 FolderBox
4 Uncover Windows XP Product Key
5 How Ringtones Work
6 JBMail v3.1
7 AIDA32
8 CCC PINs
9 Stubborn Icons
10 Halloween Horror Tetris Game
11 Keyboard Navigation in XP
____________________________________________________________
NOTE: Any time you see the " ++ ", it means there is more
of the article, or story, on the linked site. Mike
____________________________________________________________
There is a complete archive of past MikesWhatsNews newsletters
available to members on the Yahoo page, it is searchable by word
or issue #. Here is the address direct to the messages;
http://groups.yahoo.com/group/MikesWhatsNews/messages
and; //www.freelists.org/archives/mikeswhatsnews/
____________________________________________________________
Microsoft Security Bulletin MS02-059
http://www.microsoft.com/technet/security/bulletin/MS02-059.asp
Flaw in Word Fields and Excel External Updates Could Lead to Information
Disclosure (Q330008)
Originally posted: Oct 16, 2002
Summary
Who should read this bulletin: Customers using Microsoft® Word or
Microsoft® Excel.
Impact of vulnerability: Information Disclosure
Maximum Severity Rating: Moderate
Recommendation: Customers using Word or Excel should apply the patches.
Affected Software:
Download locations for this patch
Microsoft Word 2002:
http://office.microsoft.com/downloads/2002/wrd1005.aspx
Microsoft Word 2000:
http://office.microsoft.com/downloads/2000/wrd0902.aspx
Word 97/Word 98(J):
Information on receiving Word 97 & Word 98(J) support is available at:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q330080
Word X for Macintosh:
http://www.microsoft.com/mac/download/security.asp
Word 2001 for Macintosh:
http://www.microsoft.com/mac/download/security.asp
Word 98 for Macintosh:
http://www.microsoft.com/mac/download/security.asp
Excel 2002:
http://office.microsoft.com/downloads/2002/exc1003.aspx
Technical description:
Word and Excel provide a mechanism through which data from one document can
be inserted to and updated in another document. This mechanism, known as
field codes in Word and external updates in Excel, can be automated to
reduce the amount of manual effort required by a user. An example of the use
of Word field codes could be the automatic insertion of a standard
disclaimer paragraph in a legal document. An example of the use of external
updates in Excel could be the automatic updating of a chart in one
spreadsheet using data in a different spreadsheet.
A vulnerability exists because it is possible to maliciously use field codes
and external updates to steal information from a user without the user being
aware. Certain events can trigger field code and external update to be
updated, such as saving a document or by the user manually updating the
links. Normally the user would be aware of these updates occurring, however
a specially crafted field code or external update can be used to trigger an
update without any indication to the user. This could enable an attacker to
create a document that, when opened, would update itself to include the
contents of a file from the user's local computer.
In order for an attacker to take advantage of this vulnerability, the
attacker would need to perform the following steps:
- Craft a Word or Excel document that exploits the vulnerability
- Deliver it to the user, via email or some other method
- Entice the user to open the document
- Return the document to the attacker. (Microsoft is aware of one case in
which it would not be necessary for the user to do this. There is one
method through which the attacker's document could post information directly
to a web site, but it would only allow the first line of the file to be
sent)
Mitigating factors:
- The attacker would need to know the location of the file that he or she
wanted to steal. If the correct filename were not presented, the attack
would fail and an invalid field error message would be present in the
document.
- The user could always view the field codes or external updates. The field
codes or external updates used in the attack can be revealed, as they are
only hidden to prevent cluttering the document when it is being viewed or
edited. A method of checking documents for additional undesired information
is described in the Frequently Asked Questions below.
- Although the attacker could take some steps to obscure the stolen
information, the attacker would leave a clear audit trail. Since the field
codes or external updates can be viewed, even if an attack is successful,
the attacker would leave clear evidence in the document in the form of the
stolen information and the malicious field codes used. This evidence could
be used by law enforcement agencies if required
- The vulnerability would not enable the attacker to delete, modify or add
any files to the user's local system.
- In virtually all circumstances, the attacker would need to entice the user
into returning the document. No information would be revealed unless the
user returned the document to the attacker.
++
____________________________________________________________
HackFix updates, thanks to Christy;
staff@xxxxxxxxxxx
Http://www.hackfix.org
This weeks Virus Pattern Updates (10/17/2002)
All Software listed Alphabetically by Company name as some
companies manufacture more then one product.
Aladdin Knowledge Systems
Esafe Desktop/Gateway/Enterprise
Last Updated Oct 14/2002
To update your software
Visit: http://www.esafe.com/esafe/downloads/virusig.asp
Or
From the Esafe folder in your Start Menu select Download Updates
~~~~~
AlWil Software
Avast Antivirus
Last Updated Oct 17/2002
To update your software:
Visit: http://www.avast.com/latest.htm
Or
Right click on the AVAST icon in the system tray, Select iAVS Update,
AVAST will check for updates and download the appropriate files as needed.
~~~~~
Command Software Systems
Command antivirus/Fprot
Last Updated Oct 17/2002
To update your software
Visit: http://www.complex.is/f-prot/Download.html (F-Prot)
http://www.commandcom.com/downloads/virus_definition_updates.html (Command)
Or
Open Command antivirus click Update Deffiles
~~~~~
Computer Associates
E-Trust
Last updated Oct 17/2002
To update your software
http://support.cai.com/Download/virussig.html
Or
From the Respective folder in your Start Menu select Autodownload
For Vet Anti virus
http://www.vet.com.au/html/software/update.html
Be sure to have your Customer ID and your registered email address
handy for verification.
**Note**
We knew this time would come eventually, that Computer Associates would
not continue to support/update the older program
https://www2.my-etrust.com/services/ipe_support??
~~~~~~
GeCad Software
Rav (Reliable AntiVirus)
Last Updated: Oct 17/2002
To update your software:
Visit: http://www.ravantivirus.com/pages/dldupdate.php?type=Daily
Or
Open Rav and select Rav Update from the toolbar
~~~~~
Grisoft Inc.
AVG
Last updated Oct 16/2002
To update your software
Visit: http://www.grisoft.com/html/us_updt.php
Or
Open AVG and click Virus Database to check for updates
Or
Open AVG control centre and click Update Manager/update now
**Note: To help speed up AVG updates you can set your program to use
an alternate download site.
Open AVG control centre->update manager->download from server. The
drop downbox should have listed www.grisoft.com (default) and
www.grisoft.cz. (be sure to select "apply" when done to save the changes)
The default site is most often used so can at times become temporarily
unavailable. By using the secondary site (www.grisoft.cz) helps to ease
the server and makes your update go quicker as most don't use it!
~~~~~
Kaspersky
Kaspersky Anti-Virus (formerly AVP)
Last updated Oct 11/2002
To update your software
Visit: http://www.kasperskylabs.com/updates.asp
Or
Open AVP from the top toolbar click Tools-> Update virus definition
Or
From the Kaspersky folder in your Start Menu select AVP updater
*Note* Avp now has available a cumulative update and a
daily update with the daily being any important items they
feel shouldn't wait till the next cumulative update. Our
dates here are based on the most recent Major update.
**Note: Improved update accessiblity. To ease the update web traffic
Kaspersky labs has additional servers for autoupdating. The program
defaults to use one server but can be altered to check a variety of
servers. Select Kaspersky updater, select update via the internet to
open the drop down box(es) select "location" Check the box labeled
"Use alternate locations from the list" select next and next to update.
This option should stay selected after the first time. This helps
Kaspersky lighten the load for updates and helps you obtain updates
easier.
~~~~~
Network Associates
Mcafee
Last updated Oct 16/2002
To update your software
For Mcafee Visit
http://www.nai.com/naicommon/download/dats/superdat.asp
(for Virus and Engine updates)
http://www.nai.com/naicommon/download/dats/mcafee_4x.asp
(for Just virus pattern updates)
For Drsolomn (Product no longer available for new users however
updates still available for current users): Go to the following
Internet site: http://download.mcafee.com/updates/4x.asp
IMPORTANT: When you get to this site you may notice that it refers
to VirusScan. This update is not only for VirusScan. It also works
with Dr.Solomon's.
Or
Open your respective software virus scan scheduler, double click
Auto update, click Run Now to do a manual live update, or click
Schedule to set up a timed live update.
~~~~~
Norman Data Defence
Norman Virus Control
Last updated Oct 10/2002
To update your software
Visit: http://www.norman.com/downloads.shtml#definition_files_updates
Be sure to have your Valid Username and password handy for verification.
Or
From the Norman folder in your Start Menu select Internet Update
**Note Norman Virus Control web updates are only for version prior to
5.0. Norman 5.0 can only be updated via the update in the program itself.
Thunderbyte Anti Virus
Current Version: This product is no longer being supported.
http://www.norman.com/tbav.shtml
~~~~~
Softwin
BitDefender (Previously known as AVX - AntiVirus eXpert as of Nov 06/01)
Last Updated Oct 11/2002
To update your software
Visit: http://www.bitdefender.com/html/updates.php
Or
Open BitDefender select Protection Options->live upgrade
Or
From the BitDefender folder in your Start Menu select Bitdefender Live
Press Release on the software change
http://www.bitdefender.com/press/ref1.php
~~~~~
Sophos
Sophos Anti Virus
Last IDE available Oct 17/2002
To obtain the latest IDE files
Visit: http://www.sophos.com/downloads/ide/
**Note: Sophos does not update as other products do. They update
the Engine/software once a month (or so) to include all the previous
IDE files. New IDE files are available with new virus threats and must
be downloaded individually until the next software update is available.
Our update dates reflect the most recent available IDE file.
~~~~~
Symantec
Nortons AntiVirus
Last updated Oct 17/2002
To update your software
Visit: http://www.symantec.com/avcenter/defs.download.html select
your language -> product from the list
Or
Open Nortons software and click the "live update" button
Or
>From the Nortons folder in your Start Menu select LiveUpdate -
Norton Antivirus
~~~~~
Trend Micro
PcCillin
Last updated Oct 15/2002
To update your software
Visit: http://www.antivirus.com/download/pattern.asp
Be sure to have your Registration number handy for verification
Or
Open PcCillin click Update then click Update Now (or Update later
to Schedule a timed update)
~~~~~~~~~
If there is an Anti Virus program that is Not listed here that
you would like to see added to the weekly updates list Please
feel free to let us know.
Remember Your anti virus software is only as good as the user...
If you don't keep it updated it won't provide you with maximum
protection.
This weekly Update will be sent every Thursday on or after
6pm (eastern) to keep you up to date on virus pattern updates
available. Virus patterns are checked for most recent update
date as of 6pm Thursdays.
~~~~
~ Hackfix Project Staff
staff@xxxxxxxxxxx
Http://www.hackfix.org
3017 St Clair Ave #176
Burlington, Ontario
L7R 3L7
____________________________________________________________
2
ESP Experiment - Cliff Pickover
http://sprott.physics.wisc.edu/pickover/esp.html
Let me repeat. I am conducting an experiment.
There are six small cards below. Do not select your card by clicking on it.
Instead, please say the name of your card out loud so that you remember it.
++
Thanks to; Bill
***MfM*** This is amazing!
____________________________________________________________
3
FolderBox 1.10 ~ Free
http://www.baxbex.com/products.html
Win 9X / ME / 2000 / XP
Enhance your Windows- and Internet Explorer!
FolderBox displays additional folders in the lower part of Explorer, which
enables your to display the contents of two folders at once.
You can set-up and configure up to five FolderBoxes over the tab sheets of
the FolderBox extension.
Additional drives and folders are now just a mouse click away.
Get it! Enjoy it! It's free for use at home!
____________________________________________________________
4
Uncover Windows XP Product Key -
http://www.webtree.ca/windowsxp/tips_fixes.htm
If you have more than one system running XP you have obviously purchased
more than one copy of the Operating System. However you may have forgotten
which Product Key you used for which system. It happens. I have 5 systems
and have had all three running XP at times. As you know XP does not store
the Product Key in a recognizable format in the registry as Windows 9x/Me
does.
The app ViewKeyXP is your salvation.
Thanks to; Woody's Windows XP
Email to join : WinXP@xxxxxxxxxxxxxxx
____________________________________________________________
5
How Ringtones Work -
http://www.howstuffworks.com/ringtone.htm
If the clothes make the man, then the ringtone makes the
telecommunicator. Find out how a cell phone produces a tune and
how you can download (or even create) your own.
From; How Stuff Works
____________________________________________________________
6
JBMail v3.1 ~ free
http://www.pc-tools.net/win32/trialware/jbmail.html
Small, stable, security-conscious POP3 mail client
Designed for speedy access to multiple mailboxes; great for cleaning mail
JBMail is an Internet e-mail client that supports the POP3 and SMTP
protocols for receiving and sending mail, respectively. Unlike other e-mail
clients, JBMail is compact and designed specifically to give quick access to
multiple mailboxes with minimal setup. All mail is manipulated directly on
the mail server and no mail is stored on disk, resulting in extremely fast
access with minimal configuration. The software itself is very small, and
you can easily carry an installation with you on floppy disk.
Because of its unique design, JBMail allows mail to be previewed or deleted
without ever being downloaded. It's great for cleaning up mailboxes (if you
get lots of junk mail or spam), quickly skimming through multiple accounts
"unobtrusively", and accessing mail while traveling. It has all of the
capabilities you would expect from a large mail client, including powerful
junk mail filtering, attachment support, and address books. Take a look at
the features to see why JBMail is attracting so much attention from
businesses and computer experts.
System requirements:
JBMail runs on Windows 95, Windows 98, Windows ME, Windows NT 4.0, Windows
2000, and Windows XP. It has also been tested under Virtual PC on MacOS.
++
From; pc-tools
____________________________________________________________
7
AIDA32 Diagnostic program ~ free
http://www.aida32.hu/aida-features.php?bit=32
AIDA32 is a professional system information, diagnostics and benchmarking
program running on Win32 platforms. It extracts details of all components of
the PC. It can display information on the screen, print it, or save it to
file in various formats like HTML, CSV or XML. For corporate users, AIDA32
offers command-line switches, network audit and audit statistics, remote
system information and network management.
++
***MfM*** These are great free diagnostic programs easy to use and install
____________________________________________________________
8
'Christy's Computer Corner'
thanks to Christy;
http://www.1stpick.org
PINs
http://www.mirekw.com/winfreeware/pins.html
Freeware
any 32-bit Windows (including XP)
PINs is a free feature-rich Windows program for safe and
comfortable storing of any secure information like passwords,
accounts and PINs. PINs uses a secure 448 bit Blowfish algorithm
to ensure the data are
not crackable. The password used for securing access to stored
data is not saved anywhere.
PINs runs under any 32-bit Windows. It does not require
installation, drivers or system files that can mess up your
system.
~~~~~~~~
9
Stubborn icons
If you have one of those annoying programs that continually stick
icons on your desktop regardless of how many times you attempt to
delete it, there is help. Go to the registry editor (regedit.exe)
and navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explo
rer\Desktop\NameSpace\.
Now, this gets a little tricky. In this location, you will find
some really long, bizarre, technobabble names that are impossible
to pronounce. This is where you need to be.Click on each one of
the keys to see if you can find one that has a description of
what you're looking for. If you can't find it, then right-click
one of the keys, select rename, and copy the value. Don't
actually change the name.
Now, go to the top of the Regedit menu and click on My Computer.
This puts you at the top of the registry. Now, select the Edit
menu and click Find, then paste the value into this space and do
a search. You should find the value amongst a bunch of other
weird names. Dig around and see if you can identify what it's
used for. Remember, you're looking for a value that matches the
icon's name. If you can't find what you are looking for, then
start over with the next value under NameSpace.
When you find the one that shares the name of the icon you hate,
then delete this value from where we originally searched the
registry under NameSpace. You can also export the registry value
if you think you might want it back.
Note: Always make a backup copy of the registry before making any
changes.
Was this forwarded to you ?
Get your own subscription here:
<1stpickPCtips-request@xxxxxxxxxxxxx?Subject=subscribe>
____________________________________________________________
10
Halloween Horror Tetris Game
http://www.freehalloweenscreensavers.com/horrortetris.htm
A fun Halloween-themed Tetris clone arcade game that featured spooky,
rendered 3D games pieces, falling against a scary background. (For
Windows.)
From; The Web in 60 Seconds newsletter
AAANetworkNewsletter-subscribe@xxxxxxxxxx
____________________________________________________________
11
Mike's Friday Tip ~ Keyboard Navigation in XP
If you have started using Windows XP after using an earlier
version of Windows, you may find one of Win 9X features unavailable.
In the earlier versions you could use underlined letters in menu
items to start the shortcut by holding the Alt key while pressing
the underlined letter.
To do this in XP you need to restore the feature.
Right click the desktop>
Click on 'Properties'> 'Appearance' tab> 'Effects' button.
Remove the check in 'Hide Underlined Letters for Keyboard Navigation Until I
Press the Alt Key'.
Now you can use the 'Windows key' ( the one with the Windows flag on it )
and the underlined letter to start the action.
____________________________________________________________
Antivirus software is a good choice to scan your system for possible viruses,
however no virus scanner is 100% effective as manufactures cannot keep up with
the rapid change of viruses that happens daily.
Be sure to update yours regularly.
http://www.hackfix.org/software/antivirus.html
______________________________________________________________________
Please feel free, to offer constructive criticism, as that will help me keep it
interesting.
I also welcome any submissions about new products, web pages, or articles of
interest.
All submissions posted in MWN will be given proper credit.
"MikesWhatsNews" believes in giving credit where credit is due but at times
deadlines and information that is very important to readers we accidentally
misspost an item.
If you believe something to be miscredited, or you know the author of one of
the articles which we have posted as 'unknown', please do let us know so we can
correct the information where applicable.
Many times in a article you may see a click here for more information, or to go
to a link, these often will not work, as the original information, was taken
from a page with HTML links. This is when you will want to go to the webpage
indicated in the article, ++ ,for 'the rest of the story'
***MfM*** indicates that I am adding my own information to a particular
article.
`~*~*~*~*~*~`
Mike ~It's a good day if I learned something new.
You can read a sample of my newsletter on my web page http://www.mwn.ca
My virus pages ~ http://virusinfo.hackfix.org
mytech@xxxxxxxxxxx
~*~*~*~*~
Was this forwarded to you? Want to subscribe? Send an email
to mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe.
For a complete list of email commands for our list send an email
to ecartis@xxxxxxxxxxxxx with a subject line of "info mikeswhatsnews" without
the quotes.
If you wish to unsubscribe from our list send an email to
mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=unsubscribe
To contact the list moderators send an email to
mikeswhatsnews-moderators@xxxxxxxxxxxxx
~*~*~*~*~
Other related posts:
- » [MikesWhatsNews] MWN #576 HackFix
