Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : BUG ALERT -- Ignore unavailable to you. Want to Upgrade?

To: Milk who wrote (3)	10/21/1998 3:12:00 PM
From: Cheeky Kid	Respond to of 24

October 20, 1998 New Internet Explorer Security Hole Discovered in Denmark POSTERS ON a Danish newsgroup have discovered a new security hole in Microsoft Internet Explorer. Microsoft has confirmed the potential security breach, dubbed the "Look Ma, No Dots" bug. "The bug makes it possible to circumvent the higher security levels that can be set in Internet Explorer for Internet sites (as opposed to intranet sites) by a simple calculation based on the site's IP address," according to Jakob Paikin, one of the bug's Danish discoverers. While Internet addresses are normally expressed their DNS form of recognizable words (e.g., www.bugnet.com), every named URL address on the Web can be translated to a numerical IP addresses. Normally IP addresses are displayed as four numbers separated by dots (e.g., 207.158.205.117). A site can be accessed by either the name or the IP address. So for example both bugnet.com and 207.158.205.117 display the main BugNet free page. But every IP address can also be recalculated to a single number. Here's how. Multiply the first part by 2563, multiply the second by 2562, multiply the third by 256, multiply the fourth by 1 -- and now add all the values together. Recalculating the address for BugNet in this manner yields 3483290997. And in fact, clicking http://3483290997 will take you to the same BugNet page (unless you're using a proxy server, in which case you'll get a "page not found" error). Try it. THE PROBLEM for Internet Explorer 4 comes from the fact that Microsoft's browser assumes that any address not containing dots is an intranet address, and applies security accordingly. "Since intranet security is often set lower than for Internet sites the user may -- unknowingly -- allow an Internet site to operate at an intranet security level," according to Paikin. The bug poses a problem in the following scenario: 1.The user has set a lower security level for the intranet Security Zone. 2.The user accesses a website that contains a "malicious" ActiveX component or Java applet). 3.The malicious website is accessed via a link that uses the compressed format like http://3483290997. It is worth noting that the user would have to modify IE4's default intranet Security Zone settings to be affected. Also, many corporate users with access to both the Internet and an intranet are served by proxy servers, which would block the hole, according to Bob Minor of CyberMill in St. Louis. A Microsoft spokesman in Denmark told PC World Denmark that "our developers are currently working to address this issue. In the meantime, users can protect themselves by returning their intranet zone to the default settings, and if prompted to download content from the Internet, it is important for users to use safe computing practices." The problem apparently affects only Internet Explorer 4 for Windows. Netscape and Internet Explorer on the Mac are not affected. -- Bruce Brown www.bugnet.com

To: Milk who wrote (3)	10/26/1998 2:58:00 PM
From: Cheeky Kid	Respond to of 24

Heard on the Net -- Win NT Service Packs -- Spawn of the Devil? SERVICE PACKS ARE supposed to bring relief, casting out the demons that sometimes reside in your software. But experience with the two latest service packs for Windows NT 4.0, Service Pack 2 and Service Pack 3, may have led people to see whether their spell-checker contains Mephistopheles.* For those of you who haven't made their acquaintance yet, Service Packs are interim releases for software,usually a bundle of bug fixes and new drivers. Since Windows NT has been touted as the robust, reliable operating system for mission-critical systems, Microsoft has been diligent about releasing the fixes. The current version of NT, 4.0, saw Service Pack 2 in January, and Service Pack 3 in May. Each of them contained over 100 bug fixes. They also contained a few unpleasant surprises, much as Linda Blair had for the unlucky priests in "The Exorcist." Service Pack 2 hadn't been out long before screams of anguish could be heard coming from places like microsoft.public.windowsnt.misc. If you installed SP2 on a system that had anti-virus software running, anytime you accessed your CD-ROM or floppy drive your system would crash. "How could something like this be missed during beta testing?" was the lament of the poor souls. Also vexing for SP2 was a problem that affected remote access services. And to add insult to injury, some of the distribution files that you could download from the Microsoft FTP site were corrupted, and if you attempted to install SP2 to other machines over a network, the installation would be corrupted. Hot fixes for these bugs were all rushed to release. After the groundswell of criticism, Microsoft promised that more extensive testing would be done of the next release,Service Pack 3. There won't be as many problems with this one. Well, the pack came out in mid-May, and here is what is being said: developers who use Visual Basic 5 report major problems after installing the Service Pack. On BugNet's InfoWorld forum, one user recounts that a Microsoft Support technician told him over the phone to remove the Service Pack because of incompatibility issues between the two. According to Creative Labs, SP3 may have inadvertently used some older drivers for some of their cards, temporarily disabling them. Some tape drives were no longer recognized after SP3 was installed. Problems saving to a folder shared with a Windows 95 computer were reported. Problems using SPX to communicate with a database on a Microsoft SQL server. Problems with Internet Explorer 3.02 loading Java applets if colors are set to TrueColor. These are bugs that weren't there prior to the installation of SP3, so we can presume that they were caused by it. And while there was nothing as crippling as the anti-virus problem, SP3 was certainly not sinless. Note that, contrary to many rumors about Microsoft's business practices (the old saying "The job's not done till Lotus doesn't run" comes to mind) many of the affected programs belong to Microsoft. And, to be fair, people who install a Service Pack successfully and see their problems disappear rarely post on the news group merely to join the choir singing the praises of SP2 or SP3. Most stories that touch on the subject of good and evil end with a moral, leaving something to reinforce the lessons you've just learned. This one ends with three, in regard to service packs: If it's not broke, don't fix it. Don't be the first to install a service pack. Let others do the dirty work. Keep reading BugNet to keep track of all the bugs in future service packs. -- By Bruce Kratofil bugnet.com

To: Milk who wrote (3)	11/9/1998 3:24:00 PM
From: Cheeky Kid	Read Replies (1) \| Respond to of 24

MS Explorer 4 Crash Bug (Win 95, Win 98, Win NT) anfyjava.com WARNING: Here you can test the bug on your system, at your own risk: in no event the author of the applet or its suppliers will be liable for any lost revenue, profit, or for direct, special, indirect, consequential, incidental or punitive damages how ever caused and regardless of theory of liability, even if the author have been advised of the possibility, in 99% of cases, of such damages. DON'T FORGET TO READ THE WARNING BEFORE YOU TEST, BECAUSE WINDOWS WILL CRASH.