========================
                         Support Alert
                    ========================
                    www.techsupportalert.com
 
                 Your pointer to the very best
                  tech information on the Web
 
                  Issue 86 - 20th October 2002
 
    Support Alert is a 100% subscription-only newsletter.
 Instructions how to un-subscribe are at the end of each issue.
 
                      <<<<<<<<<>>>>>>>>

Quote of the Week

"Not everything you look at is something."

Wittgenstein

                      <<<<<<<<<>>>>>>>>
 

FROM THE EDITOR

It's happened to you. It's happened to me.

Indeed, it's happened to every computer user.

It's the awful sinking feeling you get when you realize that you
really should have answered "no" to that question on the
computer screen rather than "yes".

And the funny thing is that you only ever seem to realize it
exactly 1 microsecond after hitting the return key.

So that's how I overwrote the current issue of this newsletter
with another document.

Now, in the world of computers, accidentally deleting a document
is not a worry. Almost always it can be recovered.

But overwriting a document is big trouble. As soon as I did it I
was facing the real prospect of two weeks work down the gurgler.

And you, gentle readers, were facing a missing issue.

But sometimes you can get lucky.

Already installed on my computer awaiting review, were two data
recovery products from Runtime Software: GetDataBack for NTFS
and DiskExplorer for NTFS.

The fact that they were already installed was significant. If
you are trying to recover data, installing a new program is the
last thing you want to do as you are likely to overwrite the
very information you are trying to get back.

I tried DiskExplorer first. DiskExplorer is a sophisticated disk
editor that, amongst many other things, allows you search your
drive for text. I just fed DiskExplorer a phrase from the
missing text to search for and it scanned my hard drive disk for
that text, sector by sector.  Nine minutes latter it had found a
copy of the missing text in the Windows paging file.

Recovery was a snack. In fact I got back virtually 100% of the
overwritten file. And that file folks, is what you are reading
right now.

As I said, sometimes you can get lucky.

DiskExplorer is not for the technically unitiated but then
again, either is data recovery. I haven't compared this product
to it's competitors in the marketplace but I can say that it did
exactly what was required of it.

Full featured 30 trial versions for both NTFS and FAT file
systems are available at:
http://www.runtime.org/
 

Gizmo Richards
mailto:editor@techsupportalert.com

PS In this issue I'm trying a new way to get around the problem of email
clients wrapping long URLs. I'm trialling a free service from
Cyberconnexions that shortens URLs and also gives me statistics on how
many times a link is clicked by readers. This should give me instant
feedback on what items you liked.

One downside is that if the Cyberconnexions server is down, none of the
links in this issue will work. To guard against that possibility, I've
uploaded a copy of this newsletter with the original, long URLs to my
website and you can access it by clicking here:

http:///www.techsupportalert.com/issues/issue86.htm
                   <<<<<<<<<<<<<<<>>>>>>>>>>>>>
 
IN THIS ISSUE
 
1. TOP TECH SITES
 - Serve Yourself a Server
 - Free Database Driven Web Service
 - Fishing for Chips
 - The Virtual Made Real
 - Inter-networking Explained
 - Avoid Google's Spying Eyes
 - Disk Speed Vs Disk Noise
 - The Top 20 Computer Security Risks
 
2. UTILITIES
 - Better Solution to Universal Instant Messaging
 - Locate Required DLLs
 - New MailWasher
 - Linux for Your XBox
 - Speed Up KaZaa
 - Visual Perl
 - Locate Windows Key

3. BUGS, SERVICE RELEASES AND PATCHES
 - New Cumulative SQL Server Patch (Q316333)
 - New MS Word and Excel Vulnerability (Q330008)
 - Another Windows XP Help and Support Centre Flaw (Q328940)
 - Trojan Horse in Distributed Version of Sendmail Source
 - Serious Outlook Express Vulnerability (Q328676)
 - Widespread ZIP Unpacking Vulnerability
 - Flaw in Windows ZIP Decompression (Q329048)

4. OTHER USEFUL STUFF
 - Cheapest Memory I Can Remember
 - The Best PC Backup Solution Yet?
 - New Form of Spam
 - Bluetooth Risk for Portable Devices
 - The Ultimate Computer Chair
 - Blue Screen of Death for Your TV?
 - Wire Free, Hands Free
 - Work on the Dark Side
 - Don't Worry, Be Happy
 - Freebie of the Week
 
             <<<<<<<<<<<<<<<>>>>>>>>>>>>>

1. TOP TECH SITES
=================

Serve Yourself a Server
Looking for a new server?  At this site you can plug in your
requirements and they will give you a comparative analysis of
the options.
http://www.serverwatch.com/stypes/compare/

Free Database Driven Web Service
This is different. It's a free service where you can create a
web site that uses a database for the data displayed on the
site. Site creation is either through a form or using a custom
language. Using forms, I built a site where each database record
was an item in this newsletter. The whole exercise took 10
minutes. But the real power of this service is that you can
assign rights to multiple users to update the database. I can
see many uses for this both commercially and personally. Sure
you can achieve the same result using other systems but the ease
of site creation combined with the fact that it's free, makes
this idea a winner.
http://baseportal.com

Fishing for Chips
If you've ever needed to identify what a board does just from
its IC chips then you'll find this site invaluable. It allows
you identify chip function, pin-outs and other data just by
entering the chip ID number.
http://www.embeddedlinks.com/chipdir/

The Virtual Made Real
Ever wondered what the Internet actually looks like?  Well the
Atlas of Cyberspaces will show you dozens of visualisations of
cables, satellites, traffic, demography and more.
http://www.cybergeography.org/atlas/atlas.html
http://cyberconnexions.com/ct/t.php?l=680

Inter-networking Explained
This site is a goldmine of inter-networking information.
http://www.cisco.com/univercd/cc/td/doc/cisintwk/index.htm
 

Avoid Google's Spying Eyes
Google may be my favourite search engine but that doesn't stop
me feeling uncomfortable about the amount of information it
collects about me including my search terms, my IP number,
search time stamp and a unique cookie ID. If you prefer a little
more anonymity, try accessing Google through this proxy.
http://www.google-watch.org/cgi-bin/proxy.htm
 

Disk Speed Vs Disk Noise
If you are like me, you want your drives to run both fast and
quiet.  This survey compares drives on both dimensions.
http://www.hardwareanalysis.com/content/article/1540/

The Top 20 Computer Security Risks
Working together, the FBI, the SANS Institute and the NIPC have
put together a consensus list of the 20 most critical Internet
security vulnerabilities.
http://www.sans.org/top20/#index

Know some great tech sites? Send them in to
mailto:editor@techsupportalert.com
 
 2. UTILITIES
=============

Better Solution to Universal Instant Messaging
Trillian has for some time, been the instant messaging client of
choice for serious IM users. Its  ability to handle all the
major formats including ICQ, MSN, AIM & Yahoo plus the fact that
it's free, has proved a winning combination.  A new "Pro"
version has now been released and users have been raving about
the improvements. The downside is that the Pro version costs $25
though the basic version is still available for nix.
http://www.ceruleanstudios.com/trillian/index.html

Locate Required DLLs
This free utility can be a lifesaver. It identifies all the DLL
and OCX  support files required to operate any Windows 32 bit
executable file.
http://www.linos-software.com/
 

New MailWasher
Version 2.0 beta of our favourite email previewer is now
available and features Hot Mail support, speed improvements and
SMTP authorization. Everyone who uses this free product,
absolutely loves it. I suspect you will too, so go get it.
http://www.mailwasher.net/

Linux for Your XBox
Yes, it's available now, though you'll need a mod chip plus a
USB keyboard and mouse to make it work.
http://sourceforge.net/project/showfiles.php?group_id=54192

Speed Up KaZaa
Fans of the KaZaa file sharing program might like to try out
KaZooM Accelerator 1.0. It's free and according to my neighbour
Fraser, produces useful improvements in both speed and search
results. I find the idea of a product that improves the way you
can download potential trojans more bizarre rather than KaZaa.
http://download.com.com/3000-2166-10156946.html?tag=list

Mozilla 1.2 Beta Released
Mozilla, the free open source browser is going from strength to
strength. The latest version is faster than ever as it now
utilizes link prefetching. Other new features include operating
system theme recognition and after-the-fact mail filtering.
http://www.mozilla.org

Visual Perl
This is development environment plug-in for Visual Studio .NET
and features  a syntax-aware editor and a fully integrated
debugger. Because it is fully integrated with the Visual Studio
.NET framework, all the familiar features are available
including support for SCC-compliant source control, a class
browser, and project management. A version is also available for
Python. Get the free 21 day trial here:
http://www.activestate.com/Products/Visual_Perl/

Locate Windows Key
If you have more than one PC you'll soon run into the problem of
identifying the Windows product key for individual machines.
This free utility recovers the key from the registry.
http://www.magicaljellybean.com/keyfinder.html

Got some favourite utilities? Why not share the news? Send
your top picks to mailto:editor@techsupportalert.com
 
 
3. BUGS, SERVICE RELEASES AND PATCHES
=====================================

New Cumulative SQL Server Patch (Q316333)
If you are running  SQL Server 7.0, SQL Server 2000, MSDE 1.0 or
MSDE 2000 you should install this new patch which includes all
fixes covered by previous patches plus a fix for a new
vulnerability. The latter could allow an attacker who is able to
authenticate to a SQL server, to delete, insert or update all
the web tasks created by other users. In addition, the attacker
could run already created web tasks in the context of the
creator of the web task.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-061.asp

New MS Word and Excel Vulnerability (Q330008)
Microsoft has issued a moderate level advisory relating to a
flaw in most versions of Word since Word 97 and in Excel 2002
which makes it is possible to maliciously use field codes and
external updates to steal information from a user without the
user being aware.  Get the patch here:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-059.asp

Another Windows XP Help and Support Centre Flaw (Q328940)
This is a new advisory and should not be confused with Q323255 I
mentioned last issue. This one makes use of a special file used
by the Help centre to anonymously upload hardware information.
An attacker, operating through HTML mail or a web site, could
use this file to delete a file on the user's computer.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-060.asp

Trojan Horse in Distributed Version of Sendmail Source
CERT have an issued an advisory that intruders have compromised
the source code of the widely used Sendmail package by including
a trojan horse. The compromise appears to have taken place on
September 28 and would effect copies downloaded by FTP until
October 6. CERT notes "It is important to understand that the
compromise is to the system that is used to build the Sendmail
software and not to the systems that run the Sendmail daemon.
Because the compromised system creates a tunnel to the intruder-
controlled system, the intruder may have a path through network
access controls."  Verification signatures and recovery
procedures are available here:
http://www.cert.org/advisories/CA-2002-28.html

Serious Outlook Express Vulnerability (Q328676)
Microsoft have announced yet another buffer over-run problem,
this time with Outlook Express 5.5 and 6.0. The problem is
related to S/MIME parsing and could enable system compromise.
Versions 5.5 and 6.0 are definitely affected and possibly
earlier versions as well. A patch is available at the link below
but you won't need it if you have already installed either the
Internet Explorer SP1 or Windows XP SP1 released last month.
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS02-058.asp

Widespread ZIP Unpacking Vulnerability
Security firm Rapid7 have issued an advisory outlining a flaw in
the way the software from numerous vendors, including Microsoft
and Apple, unpacks ZIP files with long file names. The flaw
could allow programs to crash, behave unpredictably or create an
opportunity for arbitrary code execution. Microsoft have issued
a patch (see below) but other products including Lotus Notes and
the ZIP algorithms of some virus scanners may be still be
vulnerable. The later is of some concern as viruses embedded in
suitably named email ZIP attachments may not be detected. WinZIP
8.x, WinRAR and zlib are not vulnerable. Contact your software
vendor for possible patches.
http://www.rapid7.com/advisories/R7-0004.txt
 

Flaw in Windows ZIP Decompression (Q329048)
Microsoft has issued an advisory applicable to Windows 98+, ME
and XP. All these products allow ZIP archives to be treated as
folders. However two flaws in the code could allow an attacker
to run code of choice or place a file in any known directory
such as the Windows system folder. A patch is available here:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-054.asp
 

4. OTHER USEFUL STUFF
=====================

Cheapest Memory I Can Remember
Buy.com is currently selling Viking 512MB PC133 memory modules
for $44.97 with free shipping. At that price you have no excuse
for having less than 512MB on your PC. Better still, install
1024MB and disable system caching so your operating system is
memory resident. You'll really notice the speed improvement.
http://www.buy.com/retail/product.asp?sku=10330917

The Best PC Backup Solution Yet?
Disk drive maker Maxtor, has announced a simple backup solution
called "OneTouch" for their new Personal Storage 5000 range of
external drives.  Literally all you have to do is press a button
and all your PC based files are automatically backed up to the
external drive. Connection to your PC is via USB 2.0/1.1 or
Firewire. Prices are competitive and range from $399 for a 250GB
unit down to $199 for 80GB.  A very neat solution.
http://www.maxtordirect.com/
 

New Form of Spam
This is nasty. Advertisers have started to make use of the
Windows Messenger Service to deliver Spam ads to your PC. The
Messenger Service is a feature intended to be used to warn
network users of possible problems or issues. However spammers
have found a way to make it deliver unwanted pop-up ads. If you
don't use the Messenger Service, I suggest you turn it off now
as an anti-spamming measure. Instructions here:
http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html
 

Bluetooth Risk for Portable Devices
ZDNet is running an article about PDA Bluetooth risk exposure.
They quote security expert Magnus Nylsun "I have stood at the
RSA booth in conferences, with my phone paging for other
devices, and watched other people's devices show up ... many
devices simply allowed access without demanding a 'pairing' code
and would have allowed (me) to examine the personal data of
passers-by, or even to make calls with their phones."
http://zdnet.com.com/2100-1105-961558.html

The Ultimate Computer Chair
Always wanted to fly First Class? Now you can everyday, while
using your PC.
http://www.robotics.com/chair

Blue Screen of Death for Your TV?
PCs and media are converging fast. MP3s kicked it off, CDR
picked up the ball and recordable DVD will land the goal. Mark
my word, within two or three years your entire music collection
will be held on your hard drive as will your recorded TV.
Microsoft is hopping on board big time. To get a glimpse of
what's happening, check out this article by David Pogue.
http://www.nytimes.com/2002/10/10/technology/circuits/10stat.html?8cir

Wire Free, Hands Free
Connect your Bluetooth enabled cell phone automatically to the
hands-free set in your car set by using this Bluetooth based box.
http://www.uniwill.com.tw/bluetooth/products/b090s1.html

Work on the Dark Side
I've waited for this product for years and now it's finally
arrived. Eluminx are selling a really cool electro-luminescent
keyboard that allows you to work in the dark. At $99.95, it's
not cheap but I'm buying one anyway.
http://www.eluminx.com/store/homepage.asp

Don't Worry, Be Happy
The PC World site has an EXTREMELY useful guide to solving some
of the worst PC annoyances. The very first item alone justifies
a visit. It shows how you how, when filing in web forms, you can
prevent all your entered data being blanked out if you need to
hit the "back" button on your browser. The article features many
other equally useful tips to overcome common peeves. They missed
one though - how to overcome PC World's annoying habit of
splitting Web articles over dozens of tiny pages ;>)
http://www.pcworld.com/features/article/0,aid,103763,tk,dnWknd,00.asp

How Cheap Can You Get?
Yet again I've updated the popular "Cheapest Inkjet Cartridges"
section of our website with new suppliers suggested by
readers. I've also moved the information to it's own site where
it is more easily accessible. Some real cheapies here, so if you
need some refills, check out the updated reviews.
http://www.inkjet-printer-cartridges.org

Freebie of the Week
I've never understood why people fork out their hard-earned for
commercial utility programs when often there are freeware
products that do exactly the same thing.  Take for example
PassUnleash, a terrific freeware product that will reveal your
Windows passwords hidden underneath all those asterisks. It
works like a charm yet you can pay up $49 for an (un-named)
product that does exactly the same thing a little more clumsily.
http://www.soft-central.net/passunleash.php?PHPSESSID=bb08bad1e89a043b13c231f1b95a4bcf/

Got some top sites and services to suggest? Send them in
to mailto:editor@techsupportalert.com

<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>

 
The Small Print
===============
 
Do Yourself a Favour Department
Support Alert is free. If you like Support Alert, some of your
friends and colleagues will too. Why not forward them this issue
right now? It's in your interest as the more readers we have,
the more suggestions we get and the better product for all.  To
subscribe, all they have to do is send a blank email from their
email account to: supportalert-subscribe@webelists.com
 
To unsubscribe from this newsletter, send a blank email to
supportalert-unsubscribe@webelists.com or to the address shown
at the bottom of this page.
 
To change your delivery email address go to
http://www.webelists.com/cgi/lyris.pl?enter=supportalert
Enter your old email address. No password is needed. You can
then change your subscription email address directly.
 
For lots more free IT newsletters see
http://www.freetechmail.org/infobase.asp?TPubId=79
 
(c) Copyright TechSupportAlert.com 2002