Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Pastimes : Computer Learning -- Ignore unavailable to you. Want to Upgrade?

To: wily who wrote (4700)	7/27/1999 12:39:00 AM
From: mr.mark	Respond to of 110648

from an email i received today... "IE5 Weirdness #1: The FavIcon Mystery (and Security Hole) Reader Brian Dillree was the first of several readers to ask a question about an increasingly common practice: Fred, I'm hoping you can help me on this one.It has me and a couple other people stumped. How do some websites insert their own icon into ie5 internet shorcuts? If you don't know what I mean, go to deja.com (for example) and create a shortcut to it either on your desktop or right in the ie5 toolbar and the standard ie5 icon is replaced with the deja.com icon. How is this possible?? Thanx in advance Brian Dillree If a web designer creates a special icon for a web page, makes it 16x16 pixels in size, uses 16 colors, and names it "favicon.ico," then when you either put that page on your favorites list or create a shortcut on your desktop, IE5 will use the "favicon" icon in place of the standard dog- eared web page IE5 icon. Lots of web sites are doing this now as a way to customize their look and to help make their pages stand out from the crowd. But there can be a problem: As Microsoft puts it, "A specially-malformed icon could overrun the buffer and be used to run arbitrary code on the user's computer." By which they mean someone could hack your system and run whatever software they wanted. About 60 days ago, Microsoft released a patch for this "vulnerability;" If you've been keeping up with all your updates and fixes, you probably already have this one. But if not--- check out microsoft.com But there's another snag: It's theoretically possible for a web site to track which IP address is calling for the favicon.ico. This isn't exactly a gaping security hole, but it is at least theoretically possible for a site owner to figure out which IP addresses are bookmarking his or her site. It would be somewhat easier for the site to build a log of your bookmarks if you let the site set a cookie, or if you registered upon entry. I mention low-risk security hole this in the interests of completeness, but I also have to say I think the odds of anyone going to that amount of hassle just to see if you bookmarked a page on their site are quite remote. And even if they did know what you bookmarked from their site, so what? Note that there's no way for a favicon to be used to snoop your other bookmarks, or to see what you bookmark on other sites. So this is a mostly theoretical problem--- and a tiny one at that. But the "malformed favicon" issue is more real--- grab the patch, if you haven't already."

To: wily who wrote (4700)	7/27/1999 12:41:00 AM
From: mr.mark	Respond to of 110648

more from same email... "IE5 Weirdness #2: Bogus "AutoComplete/AutoFill" Entries A lot of people have been bugged by Internet Explorer 5's "AutoComplete/AutoFill" feature (which appeared in a more limited form in IE4). The AutoComplete feature opens a little text box as you type a URL or fill out a web form, and suggests possible matches from past entries you've made. Trouble is, it remembers your mistakes too. I filled out a form once using fred@langa.cpm instead of fred@langa.com, but IE5 remembered my error forever, offering the bogus ".cpm" version of my email address every time I tried to enter my real address. And I know I'm not alone---I've gotten a lot of mail asking how to clear out bogus entries. Take this note from reader John Quist: Hi Fred! Great job, love your letters and website. But I have a question, is there anyway to clean out the history on the searches on IE5? And the AutoFill feature has some undesirable places and things trapped in it. I've cleaned out the history folder and set it to expire after 1 day, and I've cleaned out the Temporary Files. But nothing I've tried will clean out the searches that were done in the past.. Any suggestions? A thoroughly happy subscriber.--- John Turns out it's easy. To clear out bad form entries: 1. In IE5, click to Tools/Internet Options/Content/AutoComplete. 2. You have two choices. You can "Clear Forms" or "Clear Passwords." This is a good thing because the bogus entries are unlikely to be valid name/password combinations; you can clear out the garbage without deleting any saved passwords. For bad web addresses, it's very similar: 1. Click to Tools/Internet Options/General 2. Click Clear History If all you want to do is clear out one or two bad entries, it's even easier: When you see an AutoComplete entry you wish wasn't on your list, click on the bogus item and then press the DELETE key."

To: wily who wrote (4700)	7/27/1999 12:44:00 AM
From: mr.mark	Read Replies (2) \| Respond to of 110648

"Just For Grins: More Tech Support stories sent in from various readers--- and they're all supposedly true! Tech: "I need you to right-click on the Open Desktop." Customer: "Ok." Tech: "Did you get a pop-up menu?" Customer: "No." Tech: "Ok. Right click again. Do you see a pop-up menu?" Customer: "No." Tech: "Ok, sir. Can you tell me what you have done up until this point?" Customer: "Sure, you told me to write 'click' so I wrote click.'" ======== Customer: "I received the software update you sent, but I am still getting the same error message." Tech: "Did you install the update?" Customer: "No. Oh, am I supposed to install it to get it to work?" ======== Tech Support: "Ok, in the bottom left hand side of the screen, can you see the 'OK' button displayed?" Customer: "Wow ! How can you see my screen from there?" ======== Customer: "I'm having trouble installing Microsoft Word." Tech: "Tell me what you've done." Customer: "I typed 'A:SETUP'." Tech: "Ma'am, remove the disk and tell me what it says." Customer: "It says '[PC manufacturer] Restore and Recovery disk.'" Tech: "Insert the MS Word setup disk." Customer: "What?" Tech: "Did you buy MS word?" Customer: "No . . . ." ======== One woman called Dell's toll-free line to ask how to install the batteries in her laptop. When told that the directions were on the first page of the manual the woman replied angrily, "I just paid $2,000 for this damn thing, and I'm not going to read the book." ======== Customer: "Uhh...I need help unpacking my new PC." Tech Support: "What exactly is the problem?" Customer: "I can't open the box." Tech Support: "Well, I'd remove the tape holding the box closed and go from there." Customer: "Uhhhh...ok, thanks..." "