Associated Press

Get AP Mobile for your phone at APnews.com

Microsoft warns of serious computer security hole

Story user rating:

JORDAN ROBERTSON

Published: Today

SAN JOSE, Calif. (AP) – Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn’t fixed yet.

The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software.

It can allow hackers to remotely take control of victims’ machines. The victims don’t need to do anything to get infected except visit a Web site that’s been hacked.

Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail.

The so-called “zero day” vulnerability disclosed by Microsoft affects a part of its software used to play video. The problem arises from the way the software interacts with Internet Explorer, which opens a hole for hackers to tunnel into.

Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft’s Web site, (http://tinyurl.com/kwh8ls) while the company works on a “patch” – or software fix – for the problem.

Microsoft rarely departs from its practice of issuing security updates the second Tuesday of each month. When the Redmond, Wash.-based company does issue security reminders at other times, it’s because the vulnerabilities are very serious.

A recent example was the emergency patch Microsoft issued in October for a vulnerability that criminals exploited to infect millions of PCs with the Conficker worm. While initially feared as an all-powerful doomsday device, that network of infected machines was eventually used for mundane moneymaking schemes like sending spam and pushing fake antivirus software.

___

On the Net:

Microsoft support page:

http://tinyurl.com/kwh8ls

AP Mobile. © 2009 The Associated Press. All Rights Reserved.

via AP News: Microsoft warns of serious computer security hole.

Most people happily go about their web page surfing, left clicking on links as they go, just accepting that the link will either open in a new window, a new tab, or replace the page they are currently on, but never knowing what it will do until it’s clicked. If the last one occurs, and you weren’t ready to leave that page, you’re stuck hitting the back button to return to the page you were on but then you lose the page you linked to. A vicious cycle occurs.

Did you know that if you right click on the link, instead of left clicking, you can choose to open it in a new tab or new window yourself? That comes in real handy if you are doing research and want to keep different pages/tabs open.

Additionally, depending on which browser you are using, you will find other options under the right click menu. For example, you can copy the link, bookmark it, save it, WOT it, email it, etc.

Microsoft has warned users of Windows XP Service Pack 3 of an issue that can lead to digital pictures becoming corrupted. According to Microsoft, the problem is limited to XP SP3. Microsoft has explained that when using Windows Picture or Fax Viewer to manage TIFF images, in the eventuality that a specific picture is rotated either clockwise or counterclockwise, that document will become corrupted.

A hotfix is available for this specific issue, but affected customers will have to contact Microsoft here (http://support.microsoft.com/kb/970922)  in order to get it. “This problem only occurs to a TIFF document that is compressed in CCITT Group 3 format with 2D encoding. This problem does not occur if the TIFF document is set to read-only.

via Windows XP SP3 Can Corrupt TIFF Images – A hotfix is available from Microsoft – Softpedia.

I’ve been reading recently that on some computers Microsoft’s updates are happening automatically, even though the user has  set the update settings to download but notify before updating, or even set to check for updates but not download or install without prompting.  Microsoft has mentioned on their blog “Update Notifications and Install-at-Shutdown Behavior” that they “are investigating the reports and trying to clarify with the community exactly what people are experiencing.” They then go on to clarify how the update notifications work.

As I’ve written in the past, certain updates cause more harm than good on some computers so the ability and choose which updates to install and when is important. Certain updates could conflict with programs or hardware and cause computer instability.

A more comprehensive article from windowssecrets.com on this issue can be found here. In this article, it is mentioned that “One theory to explain the forced installs is that the large number of patches Microsoft released on June 9 overwhelmed the Redmond company’s download servers…The extra demand may have caused some downloads to be incomplete. Incomplete downloads are known to disable the notification icon and possibly the approval dialog that’s supposed to appear during shutdown.”

Something to be aware of if your computer has been giving you problems over the past couple of weeks, it may be because of some unwanted updates.

My monthly technology newsletter, the 11th issue, is available – http://tinyurl.com/macuv5. Additional issues can be found at my website, www.askbillfirst.com

Just a reminder that following tragic events, there are some who will try to take advantage of our curiosity and will send emails with subjects referencing those events and claim to have links to pictures, videos or special news stories. Beware that most of those links will actually lead to you downloading malware; trojans, viruses, etc. For example: Michael Jackson Video and Harry Potter and the Half Blood Prince.

If you receive such emails, delete them right away. To find out information about the event, go directly to news sites such as: msn.com, news.yahoo.com, news.google.com, cbsnews.com, abcnews.go.com, cnn.com.

Filling out online forms these days is often times an invitation for disaster. Most of the form is okay, until you get to the part where you’re asked for your email address. Depending on the site, once you fill in that field, you’re setting yourself up for spam, even though the site says it protects your privacy.

That’s where a disposable email address comes in handy. Yahoo Mail Plus, $19.99/year, offers what it calls “AddressGuard“. “It lets you create disposable email addresses to use whenever you don’t want to give out your real Yahoo! Mail address, but when you do think you’ll probably want to receive what this source sends you—a receipt, or an invoice, or some other valid communication. Yahoo! AddressGuard directs messages sent to these addresses into your Inbox so you can see them.

You can create many alternate addresses and access them all from your Yahoo! Mail Plus account. If any of your disposable addresses starts getting spam, you can just delete that address.

If you don’t have, or don’t want to have a Yahoo! address, Anonymizer Nyms, $19.99/yr, is a tool that allows you to create and destroy alias email addresses in an instant. Anonymizer Nyms shields your real email address by allowing you to create a unique Nyms (disposable, email alias) every time you need to provide an email address or send an anonymous email. Anonymizer Nyms allows you to send email anonymously since Nyms email aliases can’t be linked to you. One click turns a Nyms alias address off to stop spam instantly.
You can use a different Nyms alias for every site you visit or correspondent you email.
All emails from your Nyms account are delivered to your real email account. You can set your Nyms addresses to auto-expire after a period of time you choose. (Taken from www.anonymizer.com)

Google mail doesn’t offer disposable addresses per se, but there is a way to set up aliases and filter the mail. There’s a great article on it here.

To sum up, a disposable email address is great when you want to sign up for something online, or when you need to give your email address to someone, and you want the ability to delete that address if it starts getting hit with a lot of spam. The email sent to the disposable address will be delivered to your regular email address but will identified as from the alias email so you’ll know which address is getting spammed. You protect your main email address and have the ability to control spam, by deleting the alias/disposable address when it starts to get hit.

With the most recent patches and updates from Microsoft, I received a lot of questions on which ones are safe to install and which ones should be avoided. I wrote about this last year and will revisit that post below.

Microsoft introduced the concept of Patch Tuesday a few years ago. The idea is that security patches are accumulated over a period of one month, and then dispatched all at once on the second Tuesday of the month. Windows Update is a service that provides updates for the operating system and its installed components. Microsoft Update is an optional feature that can be enabled to provide updates for other Microsoft software installed on a Windows computer, such as Office. These updates can come anytime throughout the month.

If your computer is setup to automatically download and install updates, you will get any and all updates and patches, both good and bad. By default, the automatic settings will check for updates at 3:00 in the morning, every morning. If you turn your computer off at night, it never has a chance to check for updates so if you want to keep the automatic settings, you should change the settings to a time when you know the computer will be on. To change the settings, open the Control Panel and double click on Security Center. At the bottom, you can choose to manage settings for Automatic Updates.

My recommendation is to change the setting to the second option, which is to download the updates but let me choose when to install them. What happens then is that the updates will download and there will be a yellow shield down on the right by the clock. When I double click on it, I will have the option for an “Express Install” or a “Custom Install”. I always choose the custom install. That choice lets me pick which updates and patches to install.

I will always install security patches and program patches, but I never install new service packs when they’re first available. I’ll uncheck those and install the rest. I’ll continue to uncheck them until I know they are safe to install.

Just to be clear, when I see that shield, I will always check what’s downloaded and install what’s appropriate. The bad guys out there wait for the patches to come out also so they can create programs that hit all computers that aren’t patched. Lately, that attack will come the day that the patches are released so it is very important to install them.

Every so often, you will get a notice from another program, such as Adobe, that it has an update available. Should you install those as well? I’d say yes, since virus writers look for holes in most of the popular programs that people will have on their computers and will attack those programs as well.

I know it’s a hassle to do these updates, but do them since it’s more of a hassle cleaning an infected computer.

NOTE: One other important matter; create a system restore point before doing any updates. That way, if an update messes up the computer, you’ll be able to restore it to the point just before you did the updates. For instructions on creating a restore point in Vista, click here, For XP, click here. You can download a great document from Microsoft for securing your Vista computer here.

WASHINGTON (AFP) -

Blurry vision and wrist pain are among the well-known health perils of computer use, but a study released on Tuesday shows a rise in previously overlooked injuries due to computer equipment falling over.

Researchers found a 732-percent rise in “acute computer-related injuries” from 1994 through 2006, double the 309-percent increase in household computer ownership over the period, according to a study in the July issue of the American Journal of Preventive Medicine.

Young children are particularly at risk, it said.

Data from the National Electronic Injury Surveillance System database showed that over 78,000 such injuries, including large numbers of head injuries due to toppling computer monitors, were treated in US emergency rooms in the 13-year period.

Children under five had the highest injury rate, with the most common cause being tripping or falling, according to researchers from Nationwide Children’s Hospital in Columbus, Ohio. Older children under 10 and seniors over age 60 also had elevated injury rates.

More than nine in 10 injuries occurred in the home, the Journal reported.

“Future research on acute computer-related injuries is needed as this ubiquitous product becomes more intertwined in our everyday lives,” Lara McKenzie of the hospital’s Center for Injury Research and Policy said in a statement.

Monitor-related injuries surged in the first years of the study, from 11.6 percent of cases in 1994 to a peak of 37.1 percent in 2003. By 2006 the figure had dropped to 25.1 percent, as heavier cathode ray tube monitors were steadily replaced with lighter and easier-to-lift liquid crystal display monitors.

via Computer injuries on rise, youths most at risk: study by AFP: Yahoo! Tech.

The other day, I was sitting with a friend who had her laptop on. I noticed that the fan was going non-stop and it was making quite a bit of noise.

Knowing that desktops and laptops both suck up dust and dirt, I knew that that was most likely causing the problem, making it to run loud and hot. I also knew that if it continued that way, it was only a matter of time before the machine would start overheating and locking up.

Fortunately, this is very easy to fix. What is needed is a small screwdriver and a can of compressed air, which you can pick up at Radio Shack or electronics store.

What I did was to turn off the laptop, unplug the power cord, turn it over, and remove the battery. On some laptops,  there may be an access panel on the bottom close to an air vent on the side or back of the laptop. Unscrew the panel and remove it. You should see the fan right underneath.

Now it’s time to blow out the dust.  Hit the fan in short bursts from lots of different angles, making sure to blow most frequently in the direction of the air vent. If there isn’t a panel, spray through the air vents.

After blowing a fairly substantial amount of dust out of the laptop, I replaced the panel and battery and powered up the system.  If your laptop is more than a year or two old, it’s probably overdue for a similar cleaning.