========================
                       Support Alert
                  ========================
                  www.techsupportalert.com

 
               Your pointer to the very best
            tech support information on the Web.
 
                 Issue 81 - 1st August 2002
 
Welcome to Support Alert, the email newsletter that points
you to the best technical support resources on the Internet.
 
Support Alert is free. If you like it, why not share the
good news and email a copy to a friend or work colleague
Right now?
 
                      <<<<<<<<<>>>>>>>>

 
FROM THE EDITOR
 
One of the most important news items of the last month has
been largely ignored by the I.T. press.
 
It's the release of an extremely important set of security
standards by CIS, the Center for Internet Security.
 
"So what" you say "who wants another set of standards".
 
Well, what makes the CIS announcement so important is the
practical nature of the standards and the fact that CIS has
backed them up with free benchmarking tools so that
you can actually evaluate your compliance with the
standards.
 
CIS itself is a formidable grouping of more than 170
industry heavies whose members include DoD, the SANS
Institute, Visa, IIA, the US Treasury, Chevron, Intel,
Lucent, Shell and Stanford University just to name a few.
 
The security standards produced are based on international
best practice.
 
Sources used in compiling the CIS standards include
existing standards from CIS members, governmental agencies,
large corporations, security groups and potential users.
 
Benchmarks that have so far been released include Windows
NT, Windows 2000, Linux, Solaris with more to follow.
 
The downloadable benchmarks include tick lists of tasks to
enhance your system security, plus software tools that will
test out your systems for potential problems. The later
includes a scoring program to allow you to assess
compliance.
 
So at last we have industry best security standards that
are practical, have supporting programs for implementation
including benchmarking software.
 
And it's all available for free.
 
Now to me, that's the most important news I've heard for
some time.
 
Full details, are available from the CIS website at
http://www.cisecurity.org/
 
Gizmo Richards
editor@techsupportalert.com
 
               <<<<<<<<<<<<<<<>>>>>>>>>>>>>

 
IN THIS ISSUE
 
1. TOP TECH SITES
 - Safe Hex Guide
 - CD Drive Info Repository
 - Wow your Girlfriend with your Subnetting Skills
 - Computer Security Test Sites
 - Preventing Credit Card Fraud
 - Windows 2K/XP Keyboard Shortcuts
 
2. UTILITIES
 - Secure ZIP Files
 - System File Checker
 - Share Outlook Folders between Users
 - Global File Rename
 - Free Anonymous Surfing Service
 - Changing Browser Proxy Settings Easily
 - Iconize Anything to Taskbar
 - Stolen Laptops Phone Home
 
3. BUGS, SERVICE RELEASES AND PATCHES
 - Windows 2000 SP3 Available but not yet Released!
 - New MS SQL Server Security Advisories
 - Unix CDE Vulnerability
 - Serious Security Flaw in PHP
 - New SpamNet Version
 
4. OTHER USEFUL STUFF
 - Email Confirmation
 - Paranoia Lubricant
 - Internet Powered Remote Control
 - GuruNet Reborn
 - Python Squeezes Perl
 
5. TECH SUPPORT RESOURCES
 - Bandwidth Control by Web Management
 - How to Create Office XP Smart Tags
 - Cheapest Inkjet Cartridges Yet
 
          <<<<<<<<<<<<<<<>>>>>>>>>>>>>

 
1. TOP TECH SITES
=================
 
Safe Hex Guide
The first and most important step in avoiding getting
infected by a virus or trojan is to practise safe hex. This
guide is exceptionally clear and straight forward. Follow
the rules and you'll avoid VD - Virus Debilitation ;>)
http://www.claymania.com/safe-hex.html
 
CD Drive Info Repository
If you are having hardware or software problems with your
CD-R or R/W drives or simply looking to purchase, then this
site is an excellent resource. It also has a lot of
material about the latest CD copy protection schemes.
http://www.cdfreaks.com/
 
Wow your Girlfriend with your Subnetting Skills
Thanks to subscriber Mark Fuchs, who suggested this
useful site that has a whole series of free tutorials on
TCP and subnetting in particular.
http://www.learntosubnet.com/
 
Computer Security Test Sites
This site features a comprehensive set of links to other
web sites that allow you to test the security of your
computer. If you really want to give your PC a thorough
security workout, head straight here:
http://lists.gpick.com/pages.asp?page=Security_Test_Sites&SID=K44425606727600

Preventing Credit Card Fraud
Anyone doing business online is aware that credit card
fraud is a far more serious issue for the merchant than the
consumer. This subscription site provides an array of tools
to help merchants reduce fraud including a list of over
15,000 web mail accounts linked to fraudulent use.
http://www.antifraud.com/

Windows 2K/XP Keyboard Shortcuts
Keyboard shortcuts can really improve your productivity.
Here's one of the most complete listings I've seen and it
prints out neatly as well.
http://labmice.net/articles/keyboard.htm

Know some great tech sites? Send them in to
editor@techsupportalert.com
 
 
2. UTILITIES
============
 
Secure ZIP Files
A lot of people like to secure their confidential
information using password protected ZIP files created by
WinZIP. The bad news is that WinZIP encryption is
relatively weak and can be broken. PKZIP 5.0 is a real
alternative, as it uses DES 168-bit encryption, is twice as
fast zipping files and has a slick GUI interface as well.
Remember though, that if you send DES encrypted ZIP files,
the recipient will need PKZIP as well.
http://www.pkware.com/aboutus/news/pr_20020716.html

System File Checker
If you are having consistent Windows systems problems you
might like to check out this utility before you go through
the agony of a Windows re-install. System Sentry checks
all the system files to see if they corrupt or have been
overwritten with an older version and will also restore the
correct file if so requested. Versions for Win 9X and
NT/2000/XP are available.
http://www.easydesksoftware.com/sentry.htm

Share Outlook Folders between Users
A common problem with Outlook in a small to medium office
environment is that it's difficult for a group of people to
share the Contacts, Journal or indeed, any Outlook folder,
unless they have MS Exchange Server installed. Workgroup
Folders for Outlook overcomes this by allowing concurrent
reading and writing rights with several users into a
central Outlook .pst file. This is a much needed product
and my initial impressions have been favourable though the
English translation of the German manual is hard going.
http://www.workgroupfolders.com

Global File Rename
Lupas Rename 2000 is a small Windows utility that globally
renames all the files in a directory and its
subdirectories. It can convert names to upper/lower case,
change the case of the first letter, add text, left crop,
right crop and just about anything else you can think of.
And unlike DOS based utilities, it will work on hidden
files as well. Add in a nice GUI interface, an undo
feature, full preview of changes and the fact that it's
free and you have a utility that should be in every toolkit.
http://www.geocities.com/lupas2000/zips/lupasrename.zip

Free Anonymous Surfing Service
There are lots of reasons folks have for wanting to
surf anonymously, ranging from simple paranoia to possibly
being murdered by a malevolent foreign government. Whatever
the reasons, commercial services that offer anonymity are
doing real well. However one of the best services, JAP, is
totally free and it's level of secrecy is better than
many commercial systems. However expect your surfing to
slow down as you'll be relayed through a chain of servers.
You'll also need to change your browser settings to work
through a proxy.
http://anon.inf.tu-dresden.de/index_en.html

Changing Browser Proxy Settings Easily
Speaking of proxy settings, here's a nifty little
shareware utility called SetProxy that allows you to select
between different sets of browser proxy settings (or no
proxy) with a single mouse click. Works faultlessly and I
recommended it highly. There's a free trial version here:
http://downloads-zdnet.com.com/3000-2353-8181601.html?tag=lst-0-1

Iconize Anything to Taskbar
Haven't you often wished that you had a taskbar tray icon
for some of your favourite programs so that you could start
them without ploughing through layers of menus. Well here's
an answer - "The Wonderful Icon". It will create a taskbar
tray icon for any program and do a whole lot else besides.
And it's totally free.
http://longwood.cs.ucf.edu/~heimburg/software.html

Stolen Laptops Phone Home
The statistical likelihood of your new laptop being stolen
is about 1 in 14. If you want to improve your chances of
getting it back you might like to consider this tamper
proof software that will secretly email you the new owners
phone number, email address and IP. There are free
evaluation versions available for Windows and Mac and the
once off cost for purchase and lifetime monitoring is
$29.95. Neat.
http://www.pcphonehome.com

Got some favorite utilities? Why not share the news? Send
your top picks to editor@techsupportalert.com
 
 
3. BUGS, SERVICE RELEASES AND PATCHES
=====================================
 
Windows 2000 SP3 Available but not yet Released!
After many delays SP3 is apparently out with the 124MB
download available from the Microsoft site at the address
below. The official announcement, including CD
availability, has yet to be made (07/31/2002). According to
Jim Cullinan, Windows lead product manager, SP3 includes
all previously released security fixes, plus new fixes
discovered from the new MS security initiative.
http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/w2ksp3.exe

  
New MS SQL Server Security Advisories
Five SQL Server 2000 advisories from MS in one day, the
most serious of which could allow your companies SQL
database to be taken over by a hostile attacker. The
bulletins are MS02-035 through to MS02-039. Full details
and patches are available at the MS security site.
http://www.microsoft.com/security/

Unix CDE Vulnerability
CERT has issued an advisory about two vulnerabilities
discovered in the Common Desktop Environment (CDE) ToolTalk
RPC database. The first vulnerability could be used by a
remote attacker to delete arbitrary files, cause a denial
of service, or possibly execute arbitrary code or commands.
The second vulnerability could allow a local attacker to
overwrite arbitrary files with contents of the attacker's
choice. CDE is an integrated graphical user interface that
runs on UNIX and Linux operating systems and is a common
inclusion in many distributions including IBM, Sun,
Caldera and HP. For fixes, contact your vendor.
http://www.cert.org/advisories/CA-2002-20.html

Serious Security Flaw in PHP
The PHP group has announced a serious security flaw in PHP
v 4.2.0 and 4.2.1. An intruder may be able to execute
arbitrary code with the privileges of the web server. This
vulnerability may be exploited to compromise the web server
and, under certain conditions, to gain privileged access. A
product upgrade that overcomes the problem v4.2.2 is now
available and should be installed immediately by all users
of affected versions.
http://www.php.net/release_4_2_2.php

New SpamNet Version
We've had lots of positive email from subscribers about
their experiences with SpamNet, the Outlook Spam filter ad-
in that we featured last issue. However a few people have
had problems running it on their machines. The good news is
there a new release available from the site. A server side
version is planned for release in the Fall.
http://www.cloudmark.com 
 
4. OTHER USEFUL STUFF
=====================
 
Email Confirmation
Like to know if those unanswered emails you send are
actually being read by the recipient?. Find out now with
this free webmail service.
http://www.postofficer.com/p/
 
Paranoia Lubricant
If you are not yet paranoid about web privacy then this
Russian site may well help you out. It shows just how much
information about you and your computer is available when
you surf, particularly when you have JavaScript and cookies
enabled on your browser.
http://www.leader.ru/secure/who.html
 
Internet Powered Remote Control
Imagine a single remote control for all the devices in your
office or home that is programmed by downloading the codes
from an Internet database via USB. Throw in a totally
lateral way of making each item operate then add
generous helpings of high usability, great looks and street
cred plus. The result; the $199 Harmony Remote. Cool beyond
words.
http://www.easyzapper.com/Harmony/Home.asp
 
GuruNet Reborn
Remember GuruNet, the innovative web service that allowed
you to ALT click on any word or phrase and discover its
meaning? Well it's now been updated, renamed to Atomica
and it's free.
http://www.atomica.com/solutions_products_pc.html
 
Python Squeezes Perl
Is Perl going the way of the Dinosaurs? Lots of hip coders
swear by Python. This free on-line Python tutor has been
getting their hearty approval.
http://www.ibiblio.org/obp/thinkCSpy/

 
Got some top sites and services to suggest? Send them in
to editor@techsupportalert
 
 
5. TECH SUPPORT RESOURCES
==========================
We've lost our sponsors, International Technology
Publishing, but here are a couple of the most
popular articles that we've run in the past. I have
to say that it's going to be tough finding material
of this quality elsewhere, but I'm looking. Suggestions
welcome.
 
Bandwidth Control by Web Management
Running out of network bandwidth? Before you order more,
think about how much of your current allocation is being
wasted on access to unnecessary sites.
http://www.pcsupportadvisor.com/search/m1314.htm
 
How to Create Office XP Smart Tags
By creating your own Office XP Smart Tags you can improve
your end-users' communication and productivity.
http://www.pcsupportadvisor.com/search/t1179.htm

Cheapest Inkjet Cartridges Yet
I've just updated the popular "Cheapest Inkjet Cartridges"
section of our website with some new suppliers suggested by
readers. Some real cheapies here, so if you need some
refills, check out the updated reviews.
http://www.techsupportalert.com/cheap_inkjet_cartridges.htm
 
 
<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>
 
The Small Print
===============
 
Support Alert is free. If you like Support Alert, some of
your friends and colleagues probably will too. Why not
forward them this issue right now? It's in you interest as
the more readers we have, the more suggestions we get and
the better product for all.
 
To subscribe, all they have to do is send a blank email
from their email account to:
supportalert-subscribe@webelists.com
 
To unsubscribe from this newsletter, send a blank email
to supportalert-unsubscribe@webelists.com or to the address
shown at the bottom of this page.
 
To change your delivery email address go to
http://www.webelists.com/cgi/lyris.pl?enter=supportalert
Enter your old email address. No password is needed. You
can then change your subscription email address directly.
 
For lots more free IT newsletters see
http://www.freetechmail.org/infobase.asp?TPubId=79
 
(c) Copyright TechSupportAlert.com 2002