========================
                         Support Alert
                    ========================
                    www.techsupportalert.com

                 Your pointer to the very best
                  tech information on the Web
 
                  Issue 85 - 4th October 2002
 
    Support Alert is a 100% subscription-only newsletter.
 Instructions how to un-subscribe are at the end of each issue.
 
                      <<<<<<<<<>>>>>>>>

Quote of the Week

"AVP must die!"

Cry of exasperation from the hacker "FreeLoader", about the
effectiveness of Kaspersky AntiVirus Pro. From the readme file
that comes with the Lamer's Death Trojan program.
 
                      <<<<<<<<<>>>>>>>>
 

FROM THE EDITOR

It's official. This will be the last issue of Support Alert
Newsletter.

The last issue in English that is.

All future issues will be written in SpamSpeak. Or more accurately
Sp*mSpeak.

Sp*mSpeak is the official new language of Internet newsletters.
All newsletters that actually get read, that is. The rest will
simply get gobbled up by corporate sp*m filters before they reach
their legitimate readers.

(Sp*mSpeak is thought to be the creation of the mysterious Black
Hole Alliance. Who?  Click this link to find more:
http://www.techsupportalert.com/blackhole.htm)

Sp*mSpeak is easy. Just cross out an offensive vowel and
replace it with an *.  So sex becomes s*x and hack becomes h*ck.

There's even an official Sp*mSpeak pronunciation guide. Because
the missing vowel can only be guessed, it should be pronounced
as the neutral vowel "er". So sex is pronounced "serx", virus
as "ver-us" and spam, well ... you get the drift.

New Zealanders will immediately feel at home with Sp*mSpeak and
indeed will feel complimented on the fact that the rest of the
world has finally chosen to speak as they do.

Minor problems with the spoken form may arise. Some may confuse
Sp*mSpeak itself with a radical new movement for the rights of
the unborn.  Shrink wrapped boxes of Sp*m Assassin may be
mistakenly filed in the contraceptive section of drug stores.

But alas, all this is but a small price to pay to have your
email actually delivered.

Such, my friends, is progress.
 

Gizmo Richards
mailto:editor@techsupportalert.com

PS I'm off this week to Japan so the next issue will be a little
late. Patience is a virtue ;>)

              <<<<<<<<<<<<<<<>>>>>>>>>>>>>
 

IN THIS ISSUE
 
1. TOP TECH SITES
 - Decode Event IDs
 - HTML Email Paranoia Lubricant
 - Outlook Express Tips
 - For ASPiring Programmers
 - New Pay Per Incident Tech Support Service
 - Spice Up Your Java
 - Browser Security Check-up
 
2. UTILITIES
 - Do I Smell Ether?
 - Tying Down Your WLAN
 - Task Manager on Steroids
 - Corporate PC Data Protection No 1- Theft
 - Corporate PC Data Protection No 2- Prying Eyes
 - Make Your XP System Fly
 - Interrogate Your Video Card and Driver
 
3. BUGS, SERVICE RELEASES AND PATCHES
 - Four New Security Alerts from Microsoft
 - The Real BugBear - Failure to Implement Updates
 - Microsoft Windows 2000/XP PPTP Vulnerability
 - New FrontPage Server Extensions Flaw
 - Serious Windows Java Flaw
 - Microsoft Leaves Some Java Flaws Unfixed
 - Cryptographic Flaw in RDP Protocol

4. OTHER USEFUL STUFF
 - Honey for Hackers
 - P2P in a Corporate Environment
 - Watch PC Recorded Video on Your TV
 - WHAM BAM KAZAA for the Record Industry
 - Wide-Fi
 - Laptop Hard Drive Backup
 - The Sailer Went to MSC Sea Sea
 - Munged Mail Multiplies
 - Duh ... What's Munging?
 - Freebie of the Week
 
             <<<<<<<<<<<<<<<>>>>>>>>>>>>>

Note: Some items in this issue refer to sites with very long URLs.
To avoid wrapping problems, a short form of the address that
looks like www.tinyurl.com/xxxx is also provided.

              <<<<<<<<<<<<<<<>>>>>>>>>>>>>

1. TOP TECH SITES
=================

Decode Event IDs
Windows Events Logs are a great troubleshooting resource but
decoding those Event IDs can be tedious. This free site makes it
way easier.
http://www.eventid.net/

HTML Email Paranoia Lubricant
If you are not yet paranoid about HTML email, then here's a
crash course to help you along. GFI, the well known vendor of
security software is offering a free test of your system's
defences against email exploits. My Norton Anti-virus 2002
picked up only 3 exploits out of 15! Thankfully Outlook 2002 and
the latest Explorer objected to many of the exploits missed by
NAV. Enough got through all defences to leave me a worried man.
http://www.gfi.com/emailsecuritytest/

Outlook Express Tips
At this site Jim Pickering has sifted through hundreds of
Microsoft Knowledge Base articles related to Outlook Express and
categorized them under simple headings like "How to" and "Cannot
do."  A very useful Outlook Express resource. Recommended.
http://home.attbi.com/~jimpickering/

For ASPiring Programmers
Whether you are already into ASP or just starting out, this site
is a terrific resource.
http://www.4guysfromrolla.com/

New Pay Per Incident Tech Support Service
OnCall4U is a new Web based PC support service for end-users.
The fee is a fixed $35 per incident and there is a 100% money
back guarantee if the problem is not fixed.
http://www.oncall4u.com/

Spice Up Your Java
MS may not approve but JavaGuru is an island of Java excellence.
If you are into Java, make this your first port of call.
http://www.jguru.com/

Browser Security Check-up
Give your browser a thorough security work-out for free at this
useful site.
http://browsercheck.qualys.com/
 

Know some great tech sites? Send them in to
mailto:editor@techsupportalert.com
 
 2. UTILITIES
=============

Do I Smell Ether?
Last week I needed a sniffer to analyse an Ethernet performance
problem. I used Ethereal and it worked a treat.  I can't
describe it any better than they have on their own web site:
"Ethereal is a free network protocol analyser for Unix and
Windows that allows you to examine data from a live network or
from a capture file on disk. You can interactively browse the
capture data, viewing summary and detail information for each
packet. Ethereal has several powerful features, including a rich
display filter language and the ability to view the
reconstructed stream of a TCP session."  Amen.
http://www.ethereal.com/

Tying Down Your WLAN
Scanning for potential rogue access points for your WLAN should
be an ongoing task for network administrators. One helpful tool
that you might like to check out is AiroPeek a specialist
802.11a/b packet analyser.  Amongst other things it will allow
you to fully decode and decrypt an encrypted packet with your
WEP key. It also features powerful diagnostic capabilities so
it's a great troubleshooting tool as well.  Works with notebooks
for mobile use. At $1495 it's hardly cheap but there is a
downloadable trial (7.5MB).
http://www.airopeek.com

Task Manager on Steroids
WinTasks Pro is a shareware replacement for the Windows Task
Manager.  Both programs are process viewers but that's where the
comparison stops. WinTasks gives you much more information and
much more control. For example it flags system processes, tells
you when the process started, the location of the executable
that launched it and the DLLs associated with the process. It
also allows you to change the priority of the process. It
includes a powerful and extremely useful scripting language that
allows you take complete control of the process environment. The
list of features goes on and on. Worth $47? For support staff,
system administrators and technically oriented power users, you
bet. But it's currently on sale at $29.95 and at that price it's
a steal.
http://www.liutilities.com/products/wintaskspro/

Corporate PC Data Protection No 1- Theft
If you have one or more PCs running commercially sensitive
applications or holding confidential data then you might like to
check out Com-Guard Pro.  It's a combination hardware/software
package designed to detect and prevent physical theft or
tampering. At $149, it could be a prudent investment for
sensitive applications.
http://www.com-guard.com/sensor_card_buss.asp

Corporate PC Data Protection No 2- Prying Eyes
Xyloc uses a transmitter/receiver system to lock your PC while
you are temporarily absent. The small transmitter is worn by the
user and when the user moves more than 50 feet away from their
PC, the keyboard and screen are automatically locked. When the
user goes back to their computer, it automatically unlocks. I
can see lots of uses for this product, most notably for
consultants to protect their notebooks while working in client's
offices. A single user model with USB interface costs $179.
http://www.ensuretech.com/products/solo/solo.html

Make Your XP System Fly
XPTuneup is a shareware program that allows you to apply
various tricks to speed up your XP system.  Think of it as a
shell which allows you implement all those tips and tips you see
at XP sites like allocating a higher priority to certain tasks
or fiddling round with caching parameters.  The nice thing is
that it makes it really easy to try these things without
fiddling with the registry and equally easy to undo them if
necessary. I improved my system performance quite noticeably in a
couple of areas that were annoying me.  You can download a full
featured, trial version from here:
http://www.xptuneup.com/xptuneup_downloads.htm

Interrogate Your Video Card and Driver
XPBench is a simple, free utility that tells you which Windows
XP features are supported by your video card/driver combination.
You may be surprised to find that, without the right drivers,
some high flying 3D cards can be very average performers in 2D.
http://www.stardock.com/products/xpbench/

Got some favourite utilities? Why not share the news? Send
your top picks to mailto:editor@techsupportalert.com
 
 
3. BUGS, SERVICE RELEASES AND PATCHES
=====================================

Four New Security Alerts from Microsoft
I had just finalized this issue when four new security alerts
were announced by Microsoft. Here's the list:
* Flaw in Services for Unix 3.0 Interix SDK Could Allow Code
  Execution (Q329209)
* Cumulative Patch for SQL Server (Q316333)
* Unchecked Buffer in Windows Help Facility Could Enable Code
  Execution (Q323255)
* Unchecked Buffer in File Decompression Functions Could Lead
   to Code Execution (Q329048)
Full details here:
http://tinyurl.com/1s2v
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/default.asp

The Real BugBear - Failure to Implement Updates
While the media is ranting about BugBear, the new mass mailing
worm that is spreading like wildfire, it is worth reflecting on
The fact that it can only infect PCs that have not implemented
the Internet Explorer 5 MIME Header patch.  That patch, from memory,
came out about 18 months ago and has also been incorporated in
subsequent cumulative patches. A sad comment on state of most PCs.
Now I know what they mean by post-viral depression!
http://tinyurl.com/1pwh
http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear@mm.html

Microsoft Windows 2000/XP PPTP Vulnerability
The security firm Psion have issued an advisory stating that the
Microsoft PPTP Service in Windows 2000 and XP for use with VPN
applications contains a remotely exploitable pre-authentication
buffer overflow. Attackers may be able to overwrite the kernel
or exploit the weakness to mount a DoS attack. Client too may be
vulnerable, particularly DSL users which use PPTP to connect to
their modem. Microsoft have stated "This is top priority ....we
are proceeding with all due speed."  Meantime a find partial work-
around here:
http://www.phion.com/adv/index.html

New FrontPage Server Extensions Flaw
Microsoft have warned of a critical vulnerability in it's
FrontPage Extensions 2000/2002 software. With the 2000 version,
the attacker could use the weakness to initiate a DoS attack
while in the 2002 version  an attacker could take control of the
server.  Get the patches here:
http://tinyurl.com/1qpw
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02053.asp

Serious Windows Java Flaw
Microsoft has released a critical level advisory Wednesday night
warning all Windows users of a serious flaw in it's Java Virtual
Machine that could enable an attacker to gain complete control
over a user's system. All builds of the Microsoft VM up to and
including build 5.0.3805 are affected. More details including
patches are available here:
http://tinyurl.com/1jgo
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02052.asp

Microsoft Leaves Some Java Flaws Unfixed
This site claims that several known flaws in Microsoft's Java VM
remain unfixed by the above patch leaving users vulnerable to
malicious Java Applets which could gain control over their PCs.
Full details here:
http://www.solutions.fi/index.cgi/news_2002_09_23?lang=eng

Cryptographic Flaw in RDP Protocol
Yet another advisory from Microsoft though this one is rated
only moderate. It applies to administrators of Windows 2000
terminal servers and Windows XP users who have enabled Remote
Desktop. An attacker could use the flaw to gain access to
confidential information or for a DoS attack. Get the patch here:
http://tinyurl.com/1k0f
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02051.asp

 
4. OTHER USEFUL STUFF
=====================

Honey for Hackers
Honeypots have become popular tools for attracting and
deflecting hackers. Honeynets are a particular kind of Honeypot
designed to learn more about the enemy. Learn more about HNets from
this excellent free paper, one of many, at this valuable
resource site. While you are there check out the interesting
articles on script kiddies. Fascinating stuff.
http://project.honeynet.org/papers/

P2P in a Corporate Environment
Instant messaging between employees may be the just the first of
many potential P2P applications in organizations. This article
will bring you up-to-date with developments.
http://www.cioinsight.com/article2/0,3959,1517,00.asp

Watch PC Recorded Video on Your TV
Last year Snapstream released their excellent Personal Video
Station which allowed you to digitally record TV on your PC hard
drive. Now Broadq have announced their $49.95 QCast Tuner
software package which allows you to watch your recorded
sessions on TV via your Sony PS2. New gizmos from Intel, due at
Christmas, will allow you to go straight to any TV in your house
or office via Wi-Fi.
http://www.snapstream.com/
http://www.broadq.com/qcast.html

WHAM BAM KAZAA for the Record Industry
Version 2.0 of the popular P2P Client KaZaa has been released
with a raft of new features including a user file rating system
designed to defend against alleged efforts of the record
industry and others to pollute P2P databases with corrupted
files. Nice way to weed out trojans too.  If you are into P2P
you should get this. And of course, a "lite" version, free from
adware and spyware is already available from "other" parties.
http://downloads-zdnet.com.com/3000-2166-10049974.html
http://www.k-lite.tk

Wide-Fi
CNet is carrying an interesting item about Proxim, the industry
leading Wi-Fi hardware. Proxim is now producing a device that
extends the range of the 802.11b networks up to 12 miles. Prices
range from $2000 to $6000.
http://tinyurl.com/1qpy
http://news.com.com/2100-1033-959924.html?tag=dd.ne.dtx.nl-sty.0

Laptop Hard Drive Backup
Laptops are more vulnerable to drive failure because, unlike
desktops, they are regularly moved or jarred while the drive is
spinning. ABS Plus is an interesting solution that allows you
backup the entire drive to an external 2.5 inch drive via the
PCMCIA slot or FireWire/USB ports.  Corrupted files can be
directly restored from the backup disk while total drive failure
is handled by a physical swap of disks. It's a neat solution and
I'll give you a full report in a later issue. If any of you are
using the product please let me know your experiences.
http://www.cmsproducts.com/product_absplus_win.htm

The Sailer Went to MSC Sea Sea
At this site they offer 10 day cruises in the Caribbean which
include up to 40 hours of MS or Cisco certification training.
Now all you have to do is convince your boss that it's in the
company interest for you to attend.
http://www.geekcruises.com/

Munged Mail Multiplies
I've received a number of emails recently with munged return
addresses.  This may be a simple consequences of the senders
failing to change their email settings after a UseNet post or it
may be a misguided anti-spam defence.  Munging is fine in it's
place but the latter use is doubtful. Check here to see why.
http://www.interhack.net/pubs/munging-harmful/
http://mindprod.com/jglossmung.html

Duh ... What's Munging?
Address Munging is the time-honoured UseNet practice of altering
your email address so that it can still be understood by a human
yet is meaningless junk to a robot trying to harvest your
address. You'll find some standard munging techniques here:
http://tinyurl.com/1qq0
http://www.cs.uu.nl/wais/html/na-dir/net-abuse-faq/munging-address.html

Freebie of the Week
I don't know about you, but I find the "new" Office XP Clipboard
underwhelming.  That's a pity because I'm a heavy duty clipboard
user.  There are various solutions around but I'm pretty taken
with NoteTab Light.  This is really a notepad replacement but
has a nifty feature where everything you copy to the ClipBoard
goes into the currently opened NoteTab text document. I know it
sounds kind of weird but this approach really works. And you get
a great notepad replacement as well. Try it, it's free.
http://www.notetab.ch/
 

Got some top sites and services to suggest? Send them in
to mailto:editor@techsupportalert.com

<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>

 
The Small Print
===============
 
Do Yourself a Favour Department
Support Alert is free. If you like Support Alert, some of your
friends and colleagues will too. Why not forward them this issue
right now? It's in your interest as the more readers we have,
the more suggestions we get and the better product for all.  To
subscribe, all they have to do is send a blank email from their
email account to: supportalert-subscribe@webelists.com
 
To unsubscribe from this newsletter, send a blank email to
supportalert-unsubscribe@webelists.com or to the address shown
at the bottom of this page.
 
To change your delivery email address go to
http://www.webelists.com/cgi/lyris.pl?enter=supportalert
Enter your old email address. No password is needed. You can
then change your subscription email address directly.
 
For lots more free IT newsletters see
http://www.freetechmail.org/infobase.asp?TPubId=79
 
(c) Copyright TechSupportAlert.com 2002