Are you sure you still want to use Microsoft's Internet Explorer?

Microsoft is working on a fix to another Internet Explorer vulnerability, but it's not available yet and now is a good time to make sure that your antivirus software is up to speed.

The exploit uses fake porn websites to infect computers. "Fake porn?" Well, the porn is probably real enough, but the operators are fakes. Real porn site operators want their customers to come back. Fake porn site operators only want to infect their visitors' browsers.

According to Panda Labs' Patrick Hinojosa, the infection mechanism starts when users visit a series of web pages with adult content. The page redirects users to a second page that contains the exploit used to install the first malware, called keks.exe.

Once this application is installed, it downloads and runs a second file called all.exe. These applications reset the browser's security level and enable other malware.

When the process succeeds, it will install several files, including Adware/PicsPlace, an applet that continuously opens pornographic pages and installs malicious cookies. These applications give their creators financial returns by virtue of click-through rates. It will also occasionally download a file with other URLs and additional malware.

Microsoft has not yet released a patch that closes the hole to this vulnerability. The only solution is using a browser such as Firefox or Opera or ensuring that your antivirus software is current.

The exploit takes advantage of a JavaScript windows remote code execution vulnerability in Internet Explorer that was detected on November 21. It affects all current versions of Windows, including Windows XP with Service Pack 2.

How does a website know who I am?

Here's a question I received recently: "I was on-line today to order a magazine gift subscription for a friend. After a quick Yahoo search, I chose one of the low price dealers to save myself $12 off the regular price. This is the first time I have ever ordered a subscription via the internet and the first time for this particular company. After I clicked the place order button, I was quite surprised to discover that they had already filled in my name and address. How??? Is there a setting I forgot to check when setting up my DSL account? I have the free Zone Alarm firewall. If I paid for the ZoneAlarm Pro, would that block my information?" The good news is that this is probably not a security issue. Most browsers have an auto-fill function and there are several third-party applications that do the same thing.

For example, if you use Microsoft's Internet Explorer and you've signed up for Microsoft's Passport, all of that information is stored on your computer and is made available to websites that use more or less standard names for the various fields in their forms.

There are privacy programs from Zone Labs and others that block the transmission of "sensitive" information. You need to tell these applications what information you want to protect and this information is, of course, stored on your computer. It is certainly encrypted, but it's also still vulnerable.

In general, I wouldn't be too concerned about a form auto-filling with your personal information. Until you submit the form, it's only on your computer.

I enjoy your show on Sunday mornings. The next time you are talking about spam and the programs to stop it from entering your inbox, could you also discuss if this works for spam that comes to your actual e-mail address. I must have done business with a company and unknowingly gave them permission to sell the e-mail address I have through Yahoo. One day I didn't receive any spam, the next day the inbox was overflowing. Some companies do pay attention to the unsubscribe button, but a few just won't go away. Thankfully, this account hasn't been spammed yet.

The first rule of spam is never, ever to respond to the "remove me" options. If the sender is a spammer, responding only says "This address is active and is being read." There are legitimate e-mailers who allow you to opt out of receiving their messages, but these are always mailers who offered you the option to sign up in the first place. For example, PC Magazine and Technology Corner both have e-mail lists. If you signed up for one of these, the "opt out" link is legitimate. Sites that offer "OEM" software or such are run by crooks who care only about the number of people who open, read, and respond to their messages.

I recommend free applications such as Kier's K9 and paid services such as GoodbyeSpam because they're effective.

Cleaning up your HTML

The hypertext mark-up language (HTML) is what runs the Web. Most browsers are forgiving when the HTML is wrong. Capitalization hasn't been important. Forgetting to close a tag hasn't been a big deal. Nesting tags incorrectly hasn't caused problems. That will be changing as the Web moves toward more standards-based presentation. If you look at the Technology Corner website's HTML, you'll see "XHTML 1.0 Transitional" at the top. This means that I'm working toward making the pages XHTML compliant, but that I don't want browsers that enforce XHTML standards to throw a hissy fit if I get something wrong. Tools such as CSE's HTML Validator will be increasingly important as we move toward real standards.

As you can see, I haven't exactly reached perfection yet. This is how the page you're looking at validated when I started. The first error (a doubled "type" label) was in the Dreamweaver template, so fixing that fixed a lot of pages.

The second error indicates a problem that's the result of a workaround for antique browsers. Several years ago, it was important to put scripts and cascading style sheet styles inside HTML comment marker so that the older browsers wouldn't print them. Browsers are now at versions 6, 7, or 8 and anyone who is still using a version 2 browser already knows that nothing works right. So I've pulled the comment markers.

The error on line 28 (above) suggests that an "alt" tag is required with images. This is important for blind and limited-vision visitors who use screen readers. All images should include text that the reader can read. I've fixed that in the Dreamweaver template, but I haven't fixed it on individual pages. (Sorry!) The template contains several images, so I fixed them all. Additional corrections in the template fixed even more problems.

In fact, all of the errors in this page were in the template, so when I got them fixed, the page validated without error.

Correcting the problems in the Dreamweaver template corrected errors in approximately 50 HTML pages on the website, but I've just added 3 images (above) to this page. Dreamweaver, by default, doesn't insist on an "alt" tag for images, but I've now added them and the page still validates without error.

Why is this important?

It's important because it's the right thing to do. Not good enough? Doing the right thing for the sake of doing the right thing isn't enough for a lot of people. How about doing the right thing because eventually (at some nebulous time in the future) pages that don't abide by the appropriate standards will be terminated with extreme prejudice by standards-reliant browsers.

Regardless of which reason you choose, the CSE HTML Validator will help you do the right thing.

Technology corner rating for CSE HTML VALIDATOR

9 CATS: Using CSE HTML Validator is like having a stern mentor at your elbow. When you make a mistake, you'll be told about it. And you'll be encouraged to fix it. When you get a page that validates, you'll hear a little victory music. Visit the website for more information.

How the Technology Corner rating system works.

The right way to handle a planned service disruption

I've been known to complain about my Internet service provider. In fact, I've complained so much that the Internet service provider stopped advertising on WTVN Radio and I'm not supposed to mention the provider by name, even when they do something exactly right. So I won't mention them by name, but I'll tell you what they did right.

I'm writing this on December 1. When I clicked a link that someone had sent me, my Internet service provider opened a special website page before it allowed me to visit the page the link referenced. The special page included this message:

Dear Internet Service Provider I cannot mention: Thank you. I'll probably be asleep during the maintenance window, but it's good to know that you're thinking a week ahead. I'm only sorry that I can't say who you are. But I can say, "Wow! This is the right way to do it!"

Nerdly News

Firefox is 1.5

The open-source browser Firefox has a new version. You want it, but you don't. Should you download it or wait? This is still, as it has been for a year or more, my default browser. Unfortunately, the latest version breaks about half of the (many) extensions I've installed.

There's little doubt that most of the people who write extensions for Firefox will update them to work with the 1.5 version, but I have to wonder why the Mozilla organization can't coordinate the process a little better. The current version has been available in "release candidate" version for quite some time, so why haven't the extension writers updated their code?

Yeah, I know, it's a "free" browser and open-source developers work on their own time. Most of the important extensions -- the ones I depend on -- have already been updated. And it's difficult to complain about delays when the application is provided for free and without obligation. But still ....

If you're someone who is greatly distressed when updates break existing functions, I recommend that you wait a while to get the latest version of Firefox. On the other hand, if you'd like to see what the Mozilla folks have been up to (and there are some useful new functions) go ahead and download the latest version now ... click here.

No FBI query by e-mail

Trojan-infected messages have been more than 15% of all e-mail traffic this week. A lot of them say that they’re from an FBI (or sometimes a CIA) address. Don't believe it.

The message is usually along these lines: “We have logged your IP-address on more than 30 illegal Websites. Important: Please answer our questions! The list of questions are attached.”

There are several clues that this is not a valid message. First, the FBI doesn’t conduct investigations by e-mail. Second, there’s that pesky grammatical error in the final sentence (“the list are attached.”) A message from the FBI would not be likely to contain such an error.

According to the FBI, “The FBI does not conduct business this way.” If you open the attachment, your computer will be infected with yet another variant of the W32.Sober virus.

It doesn't take a genius to figure out that the message shown above is not from the CIA. First of all, the CIA is prohibited by federal law from surveiling US citizens. Whether that is, in fact, the case today or not is open to question, but no US citizen will receive an e-mail message of this nature from the CIA. Second, federal agents (whether FBI or CIA) rarely use exclamation points. Third, neither agency would conduct an investigation by sending a Zip file with questions. And fourth, any such question would not come from the "office of public affairs".

Additionally, I would suggest that most federal agents are smart enough to know that sentences should begin with capitalized words ("we have logged ...") and most federal agents probably wouldn't use "++++" in their sig files.

More proof? If the FBI or CIA sent me a message, it probably wouldn't come from and "admin" account and would probably be sent to an actual address -- not "address3623", which doesn't exist. In other words, the people who create these messages may make a lot of stupid mistakes, but that doesn't mean that you have to be stupid, too.

Open the message and what happens?

According to the Computer Emergency Readiness Team, this version of Sober will do the following:

• Modify the system registry to prevent Windows XP’s built-in firewall from starting.
• Attempt to harvest e-mail addresses from a configurable list of file extensions.
• Utilize its own SMTP engine to send itself to the harvested e-mail addresses.
• Modify the hosts file to prevent the computer from accessing certain security and commercial web sites.
• Attempt to terminate a number of running processes, some of which are security related.
• Open a backdoor on the system that allows the attacker to communicate remotely with the system via IRC. This may allow the attacker to upload and execute arbitrary code on the infected machine.

Why do people open these messages?

Many of the mailing lists I participate in have had warning messages about this virus, but why? A west coast high-tech company I’m familiar with even had to remind all employees “There are emails coming in that have .zip files attached (example: question_list.zip). If you are not expecting a zip file, DO NOT OPEN. If you have opened any attachment that you were not expecting, disconnect from the network (unplug the blue, green, white Ethernet cable from the back of your machine) and call x---- for further assistance.”

No high-tech company should ever have to tell its employees something this basic. I’ll go further: No company should have to send out a message like this.

If people would simply be sufficiently attentive and intelligent not to open any unexpected attachment without first confirming with the sender that it was sent intentionally, no virus would ever spread beyond the office of the crook who wrote it.

But even a cursory examination of most virus-laden messages should raise alarms: If the message’s to field doesn’t contain your address, the message should be suspect. Any misspelling or poor grammar should raise warning flags. If the message that claims to be from your best friend doesn’t sound like your best friend wrote it, take a few moments to confirm that the message is really from your best friend.

In other words, it’s not rocket science. Skepticism is good and if more people were skeptical about messages that land in their e-mail in-boxes, companies would have a lot less trouble with viruses.

Let us know what you think. Write to:
Bill Blinn --bill.blinn@610tech.net
Joe Bradley --joe.bradley@610tech.net

Have a question? Ask it and you might pick up a prize for stumping the chump. Send your question to bill.blinn@610tech.net. And ... good luck!

Subscribe to the weekly Technology Corner Update

It's easy! Just click this link and fill out the form.

Privacy Guarantee:

I HATE SPAM and will not sell, rent, loan, auction, trade, or do anything else with your e-mail address. Period.

Joe

(Photo by Sally)

Bill

(Photo by Scampi)

As if you didn't already get enough weather on the radio!

If you do not see a Weather Underground banner above and you use ad-blocking software, please set your application to allow images from "www.wunderground.com" to appear.

Annoying legal disclaimer
My attorney says I really need to say this: The Technology Corner website is for informational purposes only. Neither Joe nor I assume any responsibility for its accuracy, although we do our best. The information is subject to change without notice. Any actions you take based on information from the radio program or from this website are entirely at your own risk. Products and services are mentioned for informational purposes only and their various trademarks and service marks are the property of their respective owners. Technology Corner cannot provide technical support for products or services mentioned on the air or on the website.

Copyright 2005 by William F. Blinn. All rights reserved.

Other sites you may find interesting or useful or just plain strange: Website design • Cats • Copyediting-L • Kaydee, the artist • Cookies (read the warning) • Stupid Texas images • Who uses Ventura Publisher? • Central Ohio Traffic Net (amateur radio) • Ventura Summit 2002 photos