Microsoft Patches Three IE Security Holes

Microsoft issued fixes for three major security flaws in Microsoft Internet Explorer (IE) yesterday. The fixes include a relatively well-known "phishing" (URL-spoofing) vulnerability that appears in all standards-compliant browsers and could let attackers silently redirect users to malicious Web sites. Microsoft made the updates available outside of its usual monthly schedule for critical security fixes because the company felt they were important enough to release immediately. Since the company moved to the new schedule, Microsoft has said that it would occasionally do so when necessary.

"Due to the nature of this vulnerability and feedback from customers, we felt like there was enough of a risk to release the fixes early," Mike Reavey, a security program manager for Microsoft's Security Response Center, noted. "We did this in response to the particular nature of the URL-spoofing issue. And also there was a lot of customer feedback about this. While we like to maintain a predictable schedule, with this particular issue we released it as soon as it was ready."

Although the phishing vulnerability and one of the other vulnerabilities fixed this week are rated important, the remaining security fix is rated critical. The nonphishing patches involve flaws that could let attackers take control of Windows systems. All three fixes apply to IE 5.01 and later running on Windows Server 2003; Windows XP; Windows 2000; Windows NT Server 4.0, Terminal Server Edition (WTS); and NT 4.0. Microsoft has issued one critical patch that addresses all three vulnerabilities. Most Windows users can get the patch through Windows Update or automatically through Automatic Updates. For more information, visit the Microsoft Web site.

http://www.microsoft.com/security/security_bulletins/20040202_windows.asp

Microsoft releases metadata removal tool

A year ago, 10 Downing Street published a dossier on Iraq's security and intelligence organisations. It was cited by none other than Colin Powell in his address to the United Nations. Then a lecturer in politics at Cambridge University discovered that much of the 19-page document was copied from three different articles, one written by a graduate student.

 

How did he know? In the document there was a listing of the last 10 edits of the document, showing the names of the people who worked on the file. These logs are normally hidden and cannot be viewed directly in Word.

 

MS Word is notorious for containing private information in file headers, but not any longer. Microsoft has quietly released a tool to scrub leaky metadata from documents edited with its software. The Remove Hidden Data Add-In will permanently remove hidden and collaboration data, such as change tracking and comments, from MS Word, MS Excel, and MS PowerPoint files. For Windows XP/Office 2003 only, we should add. ® [The Register]

Kudo’s to British Airways

Got this from Dhammika (EC), any links to prove its authenticity?

 

Scene took place on a BA flight between Johannesburg and London.

A white woman, about 50 years old, was seated next to a black man. Obviously disturbed by this, she called the air Hostess. "Madam, what is the matter," the hostess asked.

"You obviously do not see it then?" she responded. "You placed me next to a black man. I do not agree to sit next to someone from such a repugnant group. Give me an alternative seat." "Be calm please," the hostess replied. "Almost all the places on this flight are taken. I will go to see if another place is available.

"The Hostess went away and then came back a few minutes later. "Madam, just as I thought, there are no other available seats in the economy class. I spoke to the captain and he informed me that there is also no seat in the business class. All the same, we still have one place in the first class.

"Before the woman could say anything, the hostess continued. "It is not usual for our company to permit someone from the economy class to sit in the first class. However, given the circumstances, the captain feels that it would be scandalous to make someone sit next to someone sooooo disgusting".

She turned to the black guy, and said, "Therefore, Sir, if you would like to, please collect your hand luggage, a seat awaits you in first class."

At that moment, the other passengers who were shocked by what they had just witnessed stood up and applauded.

This is a true story.

Egg says they see a Longhorn/Smart Client future

Warning. This is going to be the future guys!

News.com: U.K. bank sees browserless future.

The smart client--in this case, an operating system that incorporates browser functions--is likely to involve Longhorn, Microsoft's next version of the Windows operating system, said Llube, who provided a demonstration for the audience at the conference.

Update: Ken Brubaker writes a blog post titled "Slippery Smart Client Slope" where he points to the PowerPoint from the session, among other things.


[The Scobleizer -- Geek Aggregator]

Russia Scoffs at U.S. Mars Plans

The head of Russia's space program describes the sudden shift in U.S. space exploration planning as unrealistic and dismisses it as election-year posturing by President Bush. [Read more]

Reporting Services

Get the SQL Server 2000 Reporting Services download from the Microsoft Download Center. If you own a SQL Server 2000 license then you are eligible to order a free copy of Reporting Services.

Some cool stuff listed by Mike Diehl includes:

<![if !supportLists]> -         <![endif]> importing Access reports.

<![if !supportLists]> -         <![endif]> scheduled execution of reports

<![if !supportLists]> -         <![endif]> subscriptions to reports

<![if !supportLists]> -         <![endif]> various output types: html, xml, pdf, text, rtf, xls

<![if !supportLists]> -         <![endif]> Visual Studio IDE integration

<![if !supportLists]> -         <![endif]> XML report definition format (patent pending? :) )

<![if !supportLists]> -         <![endif]> web service/soap api

Try the SQL Server 2000 Reporting Services trial software to see why Reporting Services is the simplest way for enterprise organizations to deliver real-time business information to employees. Download or order the SQL Server 2000 120-day trial software today.
[Microsoft Download Center]

.NET 101

It may have taken Microsoft years, but the company finally has put together a reasonably clear primer on .Net. Remember that for several years after announcing .Net, people were still scratching their heads trying to figure out exactly what the initiative was. This new introduction, posted on Saturday (here), is a pretty straightforward explanation of what is .Net.


[Microsoft Monitor]

Ctrl-Alt-Del inventor makes final reboot

David Bradley, one of the 'dirty dozen' engineers who created the original IBM PC at Boca Raton, Florida, is to retire this week after 29 years with the company.

Bradley's accomplishments are numerous - he wrote the BIOS code for the original PC and rose to become architecture manager at the PC group. But David's claim to fame is that he devised the most famous - and probably most used - three key combination in computer history: Ctrl-Alt-Del.

Bradley chose the Delete key because it was far away from the two modifiers that were necessary to create the deadly interrupt, he explained last year. At first IBM wasn't going to tell customers about the handy sequence, but technical writers and developers found it useful, and word got out.

"I may have invented control-alt-delete, but Bill Gates made it really famous," he told a gathering at the twentieth anniversary of the PC.

This comment brought boundless laughter from the PC loving crowd. Bill Gates did not even crack a smile.

[The Register]

ASP.NET Applications without Web Projects

I’ve spent countless hours trying to get ASP.Net Web Projects setup on different machines. This article based on references prepared by Fritz Onion shows you how to develop ASP.NET applications without Web Projects. A must read for any ASP.NET web developer.