Uncategorized

Not much to say about this article other than it’s a good, basic intro to PHP.

I wouldn’t do anything about these yet. Only one is an OS bug (the first one). 2 are Office specific, 1 is Microsoft Access and one is in Visual Basic. Note that the 2003 version of Office seems to be unaffected. Don’t do any patching yet … let’s let them age. I’ll let you know when it’s time to do something. I would make sure I know who’s me any Word documents and make sure the content’s important if I’m going to open it. Basically, I’m just going to try to reduce the number of documents
I open that haven’t been under my control. I don’t think virus scanners will necessarily be able to help us on these.

The end-user bulletins are pretty helpful.

MS03-034 – 824105 – NetBIOS Information Disclosure vulnerability. Technical security bulletin. End-user technical bulletin.

MS03-035 – 827653 – Flaw in Microsoft Word Could Enable Macros to Run Automatically. Does not seem to affect Office 2003. Technical security bulletin. End-user technical bulletin.

MS03-036 – 827103 – Buffer Overrun in WordPerfect Converter Could Allow Code Execution. Does not seem to affect Office 2003. Technical security bulletin. End-user technical bulletin.

MS03-037 – 822715 – Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution. Does not seem to affect Office 2003. Technical security bulletin. End-user technical bulletin.

MS03-038 – 827104 – Unchecked buffer in Microsoft Access Snapshot Viewer Could Allow Code Execution. Microsoft Access only. Office 2003 version seems to be unaffected. Technical security bulletin. End-user technical bulletin.

Quoted from the Sept. 2 edition of WinXPNews:

Make your XP System as Secure as the NSA’s

The National Security Agency has released a set of guidelines for configuring Windows XP Pro securely. These guidelines are used by government agencies to secure their machines, but you can download them and peruse their recommendations. The guidelines apply to Professional Edition only, and primarily to machines that belong to a Windows 2000 domain (although some of the info is also relevant to standalone computers), so this document is most helpful to those who support business networks. The download gets you a 141 page PDF document along with some .inf files that can be used if you’re really brave. Even if your computer isn’t a domain member, you’ll find a lot of helpful background information about how XP security works in this document, but be sure to read it carefully and follow instructions exactly if you decide to make any of the changes recommended:
http://www.winxpnews.com/rd/rd.cfm?id=030902SE-NSA_Secure

Don’t recall where I heard about this but my new favorite universal IM client (i.e. able to connect to most, if not all, IM services like Yahoo!, MSN, ICQ, AIM, etc.) is Miranda. It’s another open source effort with forums for support. Its forte is plug-ins. More than just skins, you can download plug-ins to provide what most other clients include in their basic functionality (like user status tooltips). The basic download comes with support for AIM, ICQ, IRC, Jabber and MSN; if you want support for Yahoo (you guessed it!) you download a plug-in.

Documentation’s sparse but it’s a good, free client and it’s under active development. To get started, download:

* the client — currently version 0.3.1 at about 600K
* the Yahoo! protocol if you’re a Yahoo! user.
* Smiley-Add to add support for familiar, protocol-specific smileys.
* MultiWindow — trust me, you’ll want this.
* Oli’s Yahoo Smileys for a good set of smileys that look like the original ones

From their FAQ:

Eclipse is an open source software development project dedicated to providing a robust, full-featured, commercial-quality, industry platform for the development of highly integrated tools.

Today’s Lockergnome Windows Daily pointed me to this article on tek-tips.com describing one possible solution for the problem. Down near the end of the article it tells you what registry keys to delete. I’ve only checked this out on one of my machines but the ftp and http keys were present and I’ve deleted them.

This fix (or this one for Windows 2003 Server) for the “ohmygawd” security issue detailed in TechNet article MS03-032 (MSKB 822925) apparently breaks applications that run on an IIS installation that also has ASP.NET 1.0 installed. Fortunately there’s a workaround, detailed here which deletes and recreates the ASP.NET account. According to the ASP.NET web page, the problem only affects Windows XP Professional installations.

Couple of NBs:

* the TechNet article listed above contains a lot of extra information about the original flaw and the fix.
* this is a cumulative IE patch so it fixes several other problems and should bring your version of Internet Explorer up-to-date.

FreePublicProxies is just what the name implies: a list of free public proxy servers. Some of them I wouldn’t trust (you wanna use an anonymous proxy server that’s accessible only by IP address?) but there’s also a list of top free proxies. Perfect when you want to surf secretly.

bCheck over at ArsWare.org (the same group of folks that brought you CoolMon) has a bunch of neat, free tools available! Hoekey is a hotkey tool, Purrint lets you configure your Print Screen key and wherzit will sohw hidden windows. These things are all small (wherzit is only 4K) and dang useful.

I’ve just finished uninstalling the last of the client-based RSS readers: FeedDemon. I haven’t used anything other than Bloglines for a couple of weeks now and there’s really no reason to clog up my hard disk with software that I’m not gonna use.

Don’t let me down, Mark! 🙂