If there are any topics you would like to see discussed in the future or if you have any comments, please contact me at JoeT@HighCaliber.com
Bullet Points
New Windows Vulnerabilities Discovered
Microsoft released three new critical updates on November 11th. It
would be a good idea to run Windows Update sometime
soon on all of your workstations and servers if you haven't already
done so. To do this:
Run Internet Explorer
Click Tools
Click Windows Update
Click Scan for Updates and then get all of the Critical
Updates and Service Packs. [You can ignore the Windows files and
driver updates.]
Microsoft releases critical updates on the second Tuesday of each month, but
it is still a good idea to run Windows Update once a week just to be safe.
Remember that you need to keep running Windows Update until you get a message
that says "There are no critical updates at this time."
In addition, you might want to run Office Update as well. Office Update checks
to see if there are any critical updates or service packs available for of
Microsoft Word, Excel, Outlook, PowerPoint, etc. Be advised that some of the
updates may require you to put your Microsoft Office installation disk into your
CD-ROM drive just to make sure that you actually own Office and didn't "borrow" it.
Find the CD you used to install Microsoft Office. (Don't put it into your CD-ROM
drive until the update tels you to.) Then, either click on the Office Update
link at the top of the Windows Update page or click the link below:
Click the Check for Updates link at the top of the page. The rest
is self-explanatory. You will have to run Office Update a couple
of times before you get all of the updates.
Creating a File Association When Opening a File
As you probably know, Windows figures out the program to use to access a given data file based on
the three letter extension that appears after the dot in a file name. For example, if the file
name ends in .XLS, Windows will launch Microsoft Excel to open that file.
There are times when you don't agree with the application that Windows has associated with a
certain file extension and you find yourself always wanting to open that type of file with a
different application. For example, by default your .jpg files open with the Windows Picture
and Fax Viewer, but you've installed Paint Shop Pro and you prefer to open .jpg files with it
so you can do sophisticated editing. Here's how to change an association:
Use Windows Explorer to navigate to the file
Instead of double clicking on it, right click on it.
Select Open with from the menu.
A list of applications that can be used to open the file is displayed. If
you do not want to permanently change the application associated with this file type, simply
select the program you would like to use.
If you want to permanently change the default program used to open that file type,
select Choose Program at the bottom of the list.
Under Programs, scroll down until you find the application you want to use and click it.
Check the box that says Always use the selected program to open this kind of file.
Click OK.
From now on, when you double click that file type, it will open with the program you selected.
Troubleshooting Windows Shutdown Problems
We have all had these problems at one time or another. You go to shut
your computer down the proper way and the darn thing just won't shut down.
Although improper shutdowns can sometimes to horrible things to the
Registry, you can normally just hit the power button even though your
screen still says "Please wait while Windows shuts down..."
If you would like to troubleshoot this problem, here are some resources:
I am sure you have noticed that MS Internet Explorer often drops down a list box containing
prior entries you may have made on a web-based input form. This feature is called Autofill.
You have probably also noticed that sometimes nonsense entries wind up in these drop down
lists, probably because you mistyped something in the past. To delete erroneous entries
in these lists, simply move your cursor to them and press the Delete key.
Deleting ALL Autofill Entries
What if you don't like the autofill feature and you want to clear all the entries and make
Internet Explorer stop storing them? Here's how:
Run Internet Explorer
Click Tools
Click Internet Options.
Click the Content tab.
Under Personal Information, click the AutoComplete button.
Click the Clear Forms button to get rid of all stored entries.
If you also want to clear all saved passwords, click the Clear Passwords button.
Under Use AutoComplete for, uncheck all three boxes (Web addresses, Forms,
and User names and passwords on forms) to make IE stop storing AutoComplete information.
Using the On-screen Keyboard
Although it is rare, there may be times where your keyboard stops functioning or is
not connected and unavailable. Windows XP has an on-screen keyboard that you can "type" on by clicking the
keys with your mouse. To use it:
Click Start
Click All Programs
Click Accessories
Click Accessibility
Click On-screen keyboard
If your regular keyboard is still working and you want to open the on-screen keyboard, another way to do
it is by clicking Start, Run and then typing osk
Renaming a List of Files
There are times when you may want to rename a group of to the same more meaningful name, with
perhaps numbers to differentiate them. This often happens when you upload pictures taken
with a digital camera. Each picture is usually stored in a separate file and given some
meaningless name. To rename a list of files:
Run Windows Explorer (right click on Start and select Explore)
Navigate to the folder where the files to be renamed are stored.
Highlight all of them, either by holding down CTRL while you click each file you want to
rename or by clicking the first in the list, holding down SHIFT, and then clicking the last in
the list to highlight all those in between.
Right click the highlighted list
Select Rename.
Type the new name. All the files you selected will have this filename, with numbers appended in parentheses.
Web Searching Techniques
This site has great information on web searching techniques:
To change the folder that MS Word defaults to when you are saving a new document:
In Word, Click Tools
Click Options
Click File Locations
Select Documents
Click Modify.
Browse to a new folder in the Look in field
Click OK
Moving Data and Settings to a New Computer (Win XP)
Moving data and settings from one computer to another running Windows XP is fairly straightforward
when you use XP's Files and Settings Transfer Wizard. Not only can you
transfer your data and settings from another XP computer, you can even move them
from a Windows 9x/ME, NT or 2000 machine to your new system. You will need your Windows XP
installation CD to do this on a non-XP computer.
Run the Transfer Wizard on your old computer. If it runs XP, here's how to access the wizard:
Click Start
Click All Programs
Click Accessories
Click System Tools
Click File and Settings Transfer Wizard.
On other systems, run Setup from the CD and in the Setup menu, choose
Perform Additional Tasks and then on the next page, choose Transfer files and settings.
The easiest way to do this is if you have a home network to which both computers are connected.
But if you don't, you can use a direct cable connection (connecting the two computers with a
serial port cable), high capacity removable media, or save the data to the hard disk and burn
it onto a CD if you have a CD writer. The wizard walks you through the steps.
Next, you run the Transfer Wizard on the new computer:
Click Start
Click All Programs
Click Accessories
Click System Tools
Click File and Settings Transfer Wizard.
Again, you'll be walked through the steps to import your settings and data.
From the Unsolicited Commercial E-mail Research Six Month Report
Center for Democracy & Technology
March 2003
Summary
Every day, millions of people receive dozens of unsolicited commercial e-mails (UCE), known popularly as "spam." Some users see spam as a minor annoyance, while others are so overwhelmed with spam that they are forced to switch e-mail addresses. This has led many Internet users to wonder: How did these people get my e-mail address?
In the summer of 2002, CDT embarked on a project to attempt to determine the source of spam. To do so, we set up hundreds of different e-mail addresses, used them for a single purpose, and then waited six months to see what kind of mail those addresses were receiving. It should come as no surprise to most e-mail users that many of the addresses CDT created for this study attracted spam, but it is very interesting to see the different ways that e-mail addresses attracted spam -- and the different volumes -- depending on where the e-mail addresses were used.
The results offer Internet users insights about what online behavior results in the most spam. The results also debunk some of the myths about spam.
Major Findings
· Our analysis indicated that e-mail addresses posted on Web sites or in newsgroups attract the most spam.
o Web Sites - CDT received the most e-mails when an address was placed visibly on a public Web site. Spammers use software harvesting programs such as robots or spiders to record e-mail addresses listed on Web sites, including both personal Web pages and institutional (corporate or non-profit) Web pages.
CDT tested two methods of obstructing address harvesting:
§ Replacing characters in an e-mail address with human-readable equivalents, e.g. "example@domain.com" was written "example at domain dot com;" and
§ Replacing characters in an e-mail address with HTML equivalents.
E-mail addresses posted to Web sites using these conventions did not receive any spam.
o USENET newsgroups -- Newsgroups can expose to spammers the e-mail address of every person who posts to the newsgroup. Newsgroup postings, on average, generated less spam than posting an e-mail address on a high-traffic web site. In our study, we discovered that most newsgroup-related spam is sent to the address in the message header, even if other e-mail addresses are included in the text of the posting.
· For the most part, companies that offered users a choice about receiving commercial e-mails respected that choice. Most of the major Web sites to which we provided e-mail addresses respected the privacy choices we made -- when a choice was made available to us.
· Some spam is generated through attacks on mail servers, methods that don't rely on the collection of e-mail addresses at all. In "brute force" attacks and "dictionary" attacks, spam programs send spam to every possible combination of letters at a domain, or to common names and words. While these attacks can be blocked, some spam is likely to get through. In many cases, spam generated by these attacks will be directed to shorter e-mail address (like bob@domain.com) before it is directed to longer addresses (like bobwilliams@domain.com).
Tips for Avoiding Spam
Currently there is no foolproof way to prevent spam. Based on our research, we recommend that Internet users try the following methods to prevent spam:
· Disguise e-mail addresses posted in a public electronic place.
CDT received the most spam just by placing an e-mail address at the bottom of a webpage.
Spammers "harvest" these addresses with computer programs that collect and process addresses
and add them to spam mailing lists. If a user must post his/her e-mail address in a public
place, it is useful to disguise the address through simple means such as replacing "example@domain.com"
with "example at domain dot com" or other variations such as the HTML numeric equivalent, in
which "example@domain.com" could be written "example@d omain.com."
Opt out of member directories that may place your e-mail address online. If your employer
places your e-mail address online, ask the Webmaster to make sure it is disguised in some way.
· Read carefully when filling out online forms requesting your e-mail address, and exercise your choice.
If you don't want to receive e-mail from a Web site operator, don't give them your e-mail address unless they offer the option of declining to receive e-mail and you exercise that option. If you are asked for your e-mail address in an online setting such as a form, make sure you pay attention to any options discussing how the address will be used. Pay attention to check boxes that request the right to send you e-mails or share your e-mail address with partners. Read the privacy policies of Web sites. If you suspect that a Web site has violated its privacy policy, you can report it to your state attorney general or the Federal Trade Commission.
· Use multiple e-mail addresses.
When using an unfamiliar Web site or posting to a newsgroup, establish an e-mail address for that specific purpose. Alternatively, instead of just using one or two e-mail addresses, you can use "disposable e-mail addresses," which consolidate e-mail in a single location but allow you to immediately shut off any address that is attracting spam. By recording which disposable address was used at which web site, one can track what sites are causing spam. Many Web sites are now providing free e-mail accounts. A search in Google Directory for "disposable e-mail addresses" provides a list of e-mail providers designed for one-time use e-mails.
· Use a filter.
Many ISPs (including High Caliber) and free e-mail services now offer spam filtering. While filters are not perfect, they can cut down tremendously the amount of spam a user receives.
· Short e-mail addresses are easy to guess, and may receive more spam.
At least one spammer tried to guess the e-mail addresses used in this study by sending mail to short and common addresses. E-mail addresses composed of short names and initials like bob@ or tse@, or basic combinations like smithj@ or toms@ will probably receive more spam. E-mail addresses need not be incomprehensible, but a user with a common or short name may want to modify or add to it in some way in his or her e-mail address.
