The LangaList 14-Jul-99 A Free Email Newsletter from Fred Langa About BrowserTune, HotSpots, Columns, Tips & Tricks, and Other Activities In This Issue: Do You Leave Your Email Unlocked (Probable answer: Yes!) Electrifying Response Don't Fall For This Hoax! More on the Microsoft Office 2000 Bad CD Problems And More on the "Out Of Disk Space" Error Another IE5 Bug, er, Feature, er, Bug Book o' The Week Don't Make Me Beg! 8-) Just For Grins More! Do You Leave Your Email Unlocked? (Probable Answer: Yes!) It's ridiculously easy to spoof email. At the simplest level, many users are unaware how easy it is to alter the "From:" and "Reply To:" fields in an outbound email. As a result, it's child's play to send someone an email that will look (to a casual or inexperienced eye) like an email from, say, their boss, a co-worker, or a spouse. The potential for mischief or outright fraud is enormous. It's not much harder to hack some mail servers: Spammers do it all the time, and the hacker "warez" boards are full of tools that will help the unscrupulous find poorly-guarded mail servers that they can exploit. But is also very, very easy to use digital certificates and/or simple encryption to validate email messages or to protect them from prying eyes. For example, Netscape Messenger and Microsoft's Outlook and Outlook Express both support the S/MIME (Secure Multipurpose Internet Mail Extensions) standard and both can use digital certificates that can verify the identity of email senders and receivers, and help keep your email contents private. (Check the Help files of your email client for more info. Or for Netscape digital-signing info, see http://home.netscape.com/security/basics/email.html. For Microsoft digital-signing info, see http://support.microsoft.com/support/kb/articles/q168/7/26.asp ) But almost no one uses them. I'm probably not typical because I get somewhere around 800 total emails a day (thank goodness for autoresponders!). But consider the percentage: of those 800-some emails, only perhaps a dozen or so, max, are digitally signed. I can't ever recall having gotten an encrypted email, and I've been using email since around 1980. I think there are five main reasons why people don't use the security tools built into many mail clients, and that's the focus of this weeks InformationWeek LangaLetter, which goes live starting midday today (Wednesday 14-Jul-99). I also offer a modest challenge to mail client vendors---and suggest a way perhaps one of them could leap to the head of the class. 8-) Do you or your business use digital certificates or encryption for email? Why or why not? Would you use one if it were free, and part of your basic email application? What do you think it will take to foster general acceptance and use of digital certificates? Join in the discussion at http://www.informationweek.com/langaletter ! -----------Please Visit This LangaList Sponsor!------------ The Thrills! The Excitement! The Anticipation! The Payoff! Golden Palace Online Casino: The most authentic gaming action on the Web. Play for FUN or WIN REAL $$$! 28 Games! 24/7 Customer Service! It's time to let the Web work for you! Click Here to WIN BIG: http://www.goldenpalace.com/?T99708200106SPM00 *Caution* This link provides hours of fun and excitement. ----------------------------------------------------------- Electrifying Response! Monday's Special Report "Zap! You're Dead!" has brought in a ton of great reader comment and email. Example: Did you know that turning your equipment off during a storm is almost a meaningless gesture? While turning your PC off will protect you from losing power in the middle of an operation, it does not protect you much at all from major surges. That's because a lightning strike that can jump a typical 10-15,000 feet through empty air from the cloud to the ground isn't going to slow down for the 1/8th of an inch air gap inside a power switch: It'll blow through the switch almost as easily as if it were on. Come get the gory details of my electrifying experience (I finally got my phone back!), tap into the special information resources the WinMag editors have pulled together for you, and then join in the discussion at http://bbs.winmag.com/columns/archives/071199/monday/column.asp?frames=yes Don't Fall For This Hoax! Frequent contributor Dennis Regele had a justifiable scare last week: He was visiting a Russian web site and. well, let's let him tell the story in his own words: dear fred, it's been a while since i wrote to you, i know you're busy but i didn't know who to turn to with this. the other night i was surfing some russian newspapers on the web when i came upon a listing for a radio station in st. petersburg. the site had several frames an one said " we know who you are " since i have my security set to medium, and no info other than a secondary email address listed in my browser(IE 5.0), i thought yea, sure you do. well it went on to list my ip address, domain and data about my browser. well that's not to hard to get. BUT at the bottom is said, "We also well know contents of your computer and we can quietly up to him reach." [They mean: "We know, and can quietly access, the contents of your computer."] then there was a button above which said " do not trust ? " [They mean: "You don't believe us?"] i thought sure, pressed the button and the contents of my hard drive appeared on the screen! Well after the initial shock i thought how did they get into my hd so i used the edit key in the files menu and saved it. next i went off line and used my anti-virus software to check for any viruses, then went through my hard drive to find and eliminate any files from that site (other than the one i copied of the page itself.) again every thing was clean. My question is a) how do they do this, and B) how can i protect against it. if you can shed any light on this for me i'd really appreciate it. i hope someone else can be spared the hassle of this kind of .... thanks in advance, Dennis Regele I visited the site ( http://www.freelines.ru/cgi-bin/know.pl?e ) and I could instantly see why Dennis was disturbed. The "do not trust?" (i.e. "you don't believe us?") button does indeed put the entire contents of your hard drive right there in the browser window. It's startling! But it turns out just to be a clever and harmless prank, or hoax. The button simply issues a local "file://c:/" command to your browser, which then locally (and harmlessly) displays your hard drive contents. You can accomplish the same thing a lot less mysteriously simply by typing file://c:/ in the address bar of your browser. Try it! That's all the button on that page does---it just locally commands your browser to show you your own local drive contents. Nothing is sent over the wire; the Russians never see the results (the display of your hard drive contents) on their end. In other words, it's a hoax: They're just pulling our chains. 8-) Cute hack, though! More on the Microsoft Office 2000 Bad CD Problems Wow, the story last issue ( http://www.langa.com/newsletters/Jul-12-99.htm#warning ) about problems installing O2K really touched a nerve! Many were along the lines of this one, from reader Roy Giddens, Jr.: Boy did you hit the nail on the head about the Disc 2 problems, but two days late to save me a huge chunk of time, $35 to Microsoft and one whole lot of aggravation. My little 'ol error was "2336" and believe me of the four Microsoft "engineers" I talked to not a single one of them knew what in the world it was. Briefly it was simply a matter that in my case the "Clip Files" on Disc 2 would not load from my CD ROM (a brand new Hi-Val 50X). After reading your newsletter last night I tried it from the CD drive on another machine on my network and voila - not a single problem. The last engineer I talked to Sunday night alluded to such a possibility but didn't commit himself. Oh well I've got a nice new clean install of Windows 98 Second Edition and most of my programs back up and running now. Lot's of work because of some flaky cd's!!! I thoroughly enjoy your newsletter and seldom fail to get something of use from its weekly information. Not too many publications, print or otherwise, can claim that in my estimation. Thanks, Roy! Other readers offered answers, as in this note from Tony Molina: Hi Fred! Yes, I know about some problems people may encounter during or after setup of the Office 2000. Microsoft has been working since the release of Office 2000 and the first bugs were reported. People should visit http://www.microsoft.com/office/ (the Microsoft Office Updates Web Site) and download the fixes needed. Not everybody requires to get those fixes, patches, updates, upgrades, whatever you may want to call them. Also there are several new add-ons. Thanks, Tony--- that page should be on every Office user's bookmark/favorites list! Finally, from the "so you think you have problems" file, reader Dan Arnold shares this gem: Fred, I just read your column about O2K disk 2. I just received Microsoft Office 2000 Developer yesterday as a gift for passing a beta certification exam. My problem is slightly different than the one you describe. I have no disk 2. Instead, I have two copies of disk 1. Both disks are labeled and have contents reflecting disk 1. Perhaps this is the initial response to the bad disk 2's? Heheheh. Probably not, Dan. But it does seem to indicate that Microsoft's CD manufacturing is having a bad month! And More on the "Out Of Disk Space" Error In the last issue of the LangaList, we discussed a weird "out of disk space" error that can strike while installing new software, even if your hard drive contains tons of free space. ( http://www.langa.com/newsletters/Jul-12-99.htm#ie5) I suggested a Scandisk and a Defrag as one solution. Other readers report they've worked around the problem, with a full uninstall then reinstall of the offending software package. Still others said they'd run into the same thing when using a virtual hard drive as a kind of cache---such as the one that came as part of MacAffee Office: If you try to install to the virtual drive, you may run out of space there. All these may be true (and I believe they are) but there's more, and this week, Microsoft posted a general fix for this problem that's specific to IE 4.01, but which might (I'm guessing here) apply to other, similar problems too. Microsoft says: The problem can occur due to the way the value for free space on your hard disk is calculated. Information about the amount of free space on your hard disk is stored in a dword value in the registry. If this amount exceeds 4 gigabytes (GB) of free disk space, the amount over 4 GB is moved into another dword value, and it is this new value that Setup examines to verify the amount of free space on your hard disk. For example, if this new dword value is 50 MB (because the amount over 4 GB is 50 MB), but Setup requires 100 MB, Setup incorrectly interprets the amount of free space on your hard disk to be 50 MB, and then generates the error message listed earlier in this article. Note that this problem can occur with large hard disks where the amount of free space on your hard disk is slightly above a multiple of 4 GB. For example, this problem can occur if you have 4.05 GB free, 8.05 GB free, 12.05 GB free, and so on. RESOLUTION To work around this problem, reduce the amount of free space on your hard disk to be slightly below a multiple of 4 GB, or increase the amount of free space on your hard disk to be at least 100 MB above a multiple of 4 GB. To which I say: Doh! That is not a resolution---that's a workaround. But if you want the full scoop, see http://support.microsoft.com/support/kb/articles/q189/7/87.asp Another IE5 Bug, er, Feature, er, Bug Reader "GreyStar" sends in this IE5 Bug Report: Try this! Bring up IE 5 and enter a URL with a userid and password. (It doesn't have to be a real id or even a real site for this test.) Make use there are upper and lower case letters in the id and password, like this: http://MiXed:CaSe@www.nosuchsite.com IE will fold the id, but not the password, to lower case! This will, of course, cause authentication to fail if the id does in fact contain upper case characters. I called this in to Microsoft. I actually got a response.: The article :Cannot Log On to Web Site Requiring Case-Sensitive User Name can be accessed at this location: http://SUPPORT.MICROSOFT.COM/SUPPORT/KB/ARTICLES/Q228/9/14.asp I didn't find this when I searched the Knowledge Base, but that's not incredibly surprising. Nice detective work, GreyStar. I hadn't heard of that bug. Thanks! Book o' The Week I'm co-chairing a "track" of related sessions and panels on Windows 2000 for Fall Comdex this year. Comdex is a beast--- it's North America's largest trade show of any kind, and is among the largest trade shows in the world. Part three-ring circus, part hi-howaya-schmooze-fest, part geek nirvana, it's a week of discussions, announcements and product demos in the overpriced setting of Las Vegas. (Rooms typically cost $300/night there during Comdex week, when 200,000 computer-industry people descend on the desert like, well, locusts.) It's my pleasure to have Jerry Honeycutt on several of my panels. He's written 20+ books, including a brand new one called "Introducing Microsoft Windows 2000 Professional" for Microsoft Press. It's probably the best single primer I've seen on the subject, and covers a lot of ground in its 400+ pages. Basically, if you're even thinking of using W2K, this book can help you. The official blurb says this: "This book offers an advance look at Windows 2000 ("NT 5.0") system deployment issues-- with unique information delivered in cooperation with Microsoft. The information will help IT implementers understand Windows NT Workstation capabilities in relation to the Windows NT 5.0 network operating system and in comparison with Windows 98." As of this writing, Amazon is offering a $5.00 (about 20%) discount via the link below; you'll pay $23.99 instead of the list $29.00. But I have no control over Amazon's pricing; their discounts come and go at their choice, so click the link below for current pricing info---you will automatically get the best price available! Pricing, Book Reviews and Order Info: http://www.amazon.com/exec/obidos/ASIN/0735606625/langacom And if you're looking for summer reading (OK, OK--- somewhat geekish summer reading!) some other books I especially recommend are listed at: http://www.langa.com/book.htm. ---------------- your ad here? ----------------------- It's more affordable than you think! See http://www.langa.com/rate_card.html ------------------------------------------------------- Don't Make Me Beg! 8-) Do you know one other person who might find this newsletter interesting or useful? Click on over to http://www.langa.com/recommend.htm to see just how easy it is to send them a free copy, in your name. Thanks! Just For Grins: This issue is getting too long, so I'll close with just a quick thought for the day: Age doesn't always bring wisdom. Sometimes age comes alone. See you next issue! Best, Fred ( fred@langa.com )