March 2004

Right now there are a total of 5 different security newsletters from Microsoft. Two for home users and three for geeks, uhh … I mean IT professionals.

If you’re a home user:
* The Microsoft Security Newsletter for Home Users — a bimonthly publication.
* The Microsoft Security Update — a monthly publication.

If you’re an IT type:

* The Microsoft Security Notification Service — a monthly newsletter
* The Microsoft Security Notification Service: Comprehensive Version — same as the one above but it includes modifications to previously published notices.
* The Microsoft Security Newsletter — published monthly

If you have a Microsoft Passport you can sign up for these at the Passport subscription center. If you don’t have a Microsoft Passport you can sign up for one here.

You can also sign up for the Security Notification Service without a Passport. Go here to do that.

Update, March 10, 2004 — Microsoft has revised this, increasing the severity to Critical and removing references to Outlook Today. See the Microsoft Office Security Bulleting for March, 2004

Secunia has published this advisory affecting Outlook 2002 Service Pack 2, a component of Office XP Service Pack 2. Office 2000 SP3, Office XP and Outlook 2002 SP3, Office 2003 and Outlook 2003 are not vulnerable.

In a nutshell, if Outlook Today is your default folder home page in Outlook, you’re exposed. Opening a malicious email or visiting a malicious web site is all that’s required to infect you. At that point your files are exposed. The easiest workaround is to change your default folder. The other alternative is to download and install Office 2000 Service Pack 3.

Can’t recall where I saw this but Topix.net is a new site with local news. You key in your ZIP code and it’ll show stories that are local to you (yes, it knows about Beaver, Oklahoma). Course, it’s also got business, national, international, science, etc.

Mike Langberg is a columnist for the San Jose Mercury News. He has a pretty good article in today’s edition that recommends some ways for you to from having to send change of address messages to your friends when you change ISPs. It’s pretty simple, actually — it all comes down to separating your email address from your ISP. He recommends a couple of services. Listed from cheapest to most expensive, they are Mailblocks, OddPost and eOutlook.

I got a Mailblocks account last year when they launched and it’s pretty good. OddPost is interesting, too, but the one that really catches my attention is eOutlook. This is Outlook on the web. And on top of that familiar interface, they also back up your email.

For my part, I also like Fastmail.fm and Mailshell. My home email account, though, is with a UNIX shell access provider that I’ve been with for probably 10 years. I just can’t seem to break myself away from UNIX as my base system — it gives me a lot of flexibility that you just can’t get (yet) any other way. Having my email on the UNIX account in combination with storing important and related files there gives me access many of the things I need regardless of whether I’m at home or on the road. And having it all on the same server means that I’m not restricted when I’m on a dial-up connection. I can log in to the shell account with a terminal client, do my email, save attachments locally to the UNIX system, edit files and forward them off to others without having to wait for them to download or upload. And when I’m on a speedy connection I can get to everything (including my files) with IMAP or, heck, even run X11 clients on the UNIX system against my laptop — the choice is mine.

Some email providers, like Fastmail, have a file storage option but if you use IMAP you’ve got the same capability (assuming your client and your provider implement the the proper IMAP functions) — just create some new IMAP folders on your provider and drag your files there. What they don’t provide are the rest of the UNIX functionality. Like what? Well, sometimes I’ll come across a site that I just can get to from my laptop. I can traceroute or use the command-line browser Lynx to bring the site up on my shell account. May be too geeky for some of you but I find the additional capabilities worth the money I pay.

Looking for a low-cost shell provider? Check out FreeShell.

From the March 4, 2004 Windows Client Update:

If you’re tired of clicking URLs in email messages or applications only to have the resulting window take over the Microsoft Internet Explorer (IE) browser you’re currently using, try this simple registry edit. It will enable a new browser window to open and won’t affect the current browser window.

1. Launch a registry editor in Windows XP or Windows 2000.
2. Open the HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AllowWindowReuse subkey.
3. Set the subkey’s value of type REG_DWORD to 0.
4. Exit the registry editor.
5. Log off, then log back on to activate the change.

Got this security advisory from Secunia. It seems that the Motorola T720 phone for Cingular Wireless is vulnerable to Denial of Service attacks. Their response: don’t connect the phone to untrusted networks! Uh huh. OK. Is the cellular network untrusted?