Even being the richest man in the world doesn't stop you
from getting a pie in the face.
"But godliness with contentment is great gain."
1 Timothy 6:6 (NIV).
Danger - MS Programming
Posted 11 April 2000.
A guy named Noah Patton wrote to MacOS Rumors the following regarding
When I.E. 5 came out, I downloaded it and took a look. I decided it
was nothing special, and promptly went back to Netscape 4.7.2 and Eudora
4.2.2. Today, I loaded IE back up and discovered that under Edit ->
Preferences -> Network -> Site Passwords it has been keeping a
complete list of every e-mail account I ever checked, complete with
passwords in some cases, every FTP site I have ever logged into, again
with passwords in some cases. Very Scary!
The worst part is that I never even used IE; I immediately went
back to using Netscape and Eudora.
I am VERY unhappy to have discovered this log, and have already removed
internet explorer 5. I have so far been unable to figure out how to
turn off the logging system, and if I did I'm not sure I would trust
that it was really turned off.
Mac OS Rumors claims to have received over a hundred such reports during
the past week. My oft-repeated advice: Refuse to use any MS products.
MS Dorks At It Again
Posted 15 April 2000.
As concerns at high level are being expressed about how the way Microsoft
is muscling in on streaming video is very similar to the way it worked
the browser market, Microsoft's software is getting them in trouble. AGAIN.
Microsoft said its engineers included a secret back door including
the phrase "Netscape engineers are weenies!" in Web site authoring
software that could allow hackers to gain unauthorized access to potentially
thousands of Web sites.
... Hackers knowing how to exploit the vulnerability could access any
site using FrontPage 98 extensions, Microsoft said. FrontPage, a Web
authoring and site management software package, requires that special
software code--or extensions--be present on the Web site for all features
to be available.
"This is a vulnerability because it allows an author on one Web
site on a shared server to see anything on another server," said
Steve Lipner, manager of Microsoft's Security Response Center.
Microsoft apparently has been shipping software with the vulnerability
for several years, possibly since 1996. Because Microsoft provides FrontPage
98 free with Windows NT 4.0 Server, the software is widely used for
hosting Web sites on the Internet and across corporate intranets.
... access to Web site management files and possibly credit card information
and user passwords.
Although Microsoft is treating the problem "as a serious security
risk," a spokeswoman downplayed its overall effect. "Very
few people are still using FrontPage 98," she said. "Most
people are using FrontPage 2000."
"Yeah, right!" is what my brother said when he read that. (In
a world where more businesses use Windows 95 than 98.)
Mark Bowden, president of BugNet, which supplies software bug fixes,
... disagreed with Microsoft's contention that FrontPage 98 extensions
are no longer widely used. "I've seen so many problems converting
over to FrontPage 2000. It's not seamless," he said.
The password back door is potentially most devastating for companies
that host commercial and consumer Web sites. Hosting providers typically
apply FrontPage extensions individually to hundreds of thousands of
Web sites, meaning the problem could be difficult to clean up.
Software code enabling the back door includes the phrase "Netscape
engineers are weenies!"
"Microsoft has a really ugly situation on (its) hands," said
Gartner Group analyst Michael Gartenberg. "This is a major, major
issue for Microsoft because it's going to hurt their credibility at
a time when they're straining from a credibility perspective."
I believe I've already given a specific warning against using FrontPage
(as well as multiple warning against using any MS products).
This Week's Security Scare
Posted 19 April 2000.
More from CNet:
Microsoft is battling a second security problem in Web management software
used on hundreds of thousands of Web sites around the world.
As reported on Friday, Microsoft acknowledged that rogue software code
containing the phrase "Netscape engineers are weenies!" was
included in its Windows NT operating system and could open up Web sites
to unauthorized access. The nearly five-year-old code also can be used
to crash Web sites running FrontPage 98 server extensions, Microsoft
Now, in a second security notice posted late Friday, Microsoft warned:
"Shortly after publishing the bulletin, we learned of a new, separate
vulnerability that significantly increases the threat to users of these
The new vulnerability potentially exposes hundreds of thousands of
Web sites to denial-of-service attacks, whereby hackers could overrun
the code with data and crash the sites. Because Microsoft distributes
FrontPage 98 for free with the Windows NT 4 server, it is widely used
by companies offering Web hosting services.
"We are treating this as a very serious problem, even though it
is different than what we first thought," said Steve Lipner, manager
of Microsoft's Security Response Center.
"For the past several years it's been apparent that Microsoft's
security development and testing process has been way behind its ability
to put out products," said John Pescatore, a security analyst with
Hmmm. Now how do we spell it again? Aviod... afoid... AVOID all MS products.
Warning: New OS
Posted 19 April 2000.
The big monopoly of Microsoft has apparently withdrawn Windows CE and
replaced it with something they call Pocket PC. Be warned, and avoid
products with Pocket PC in them.
"In hindsight, we realized that our software experience was too
complex, and from a hardware standpoint maybe we didn't have as good
Windows Us Again
Posted 19 April 2000.
Microsoft has decided to include software in its Windows Me operating
system that will allow consumers to hook their PCs into networking software
from two competitors after all, an about-face prompted by customer and
The Redmond, Wash.-based software giant last month decided not to incorporate
a "networking client" for Novell and Banyan networking software
in Windows Me, its upcoming operating system for home PC users. News
of the decision prompted a rash of complaints. The company now has reversed
itself and will put the software back into the OS.
Microsoft's argument was assailed by critics who claimed the distinction
was artificial and would force small and home business users to upgrade
to Windows 2000, which costs about $100 more. In addition, Microsoft's
decision to leave its own proprietary networking client in Windows Me,
while dropping support for its third-party competitors, raised questions
about whether the move was motivated by competitive concerns.
"When users don't like the decisions Microsoft is making on their
behalf, they do have ways of expressing their displeasure," said
Michael Gartenberg, an analyst at Gartner Group, which first reported
the move in a bulletin.
The development of Windows Me has been somewhat tumultuous. Originally
envisioned as the consumer version of Windows NT, Microsoft dramatically
scaled back its focus as part of a decision to extend Windows 98 into
a family of products. The company will release a consumer version of
Windows 2000 within the next five years, Microsoft has said.
"I'm not surprised Microsoft backed down," Gartenberg said.
"They had everything to lose and nothing to gain by dropping it."
Disclaimer: PieGate is not believed to have been instrumental in this
Yet Another Hotmail Bug
Posted 3 May 2000.
There are many other large free email services that don't get in the
news this often.
Microsoft has patched a Hotmail bug that left users of the Web-based
email service vulnerable to a password-stealing trick.
The exploit was the latest in a series devised by bug hunters using
into handing over control of their accounts.
In the example addressed by Hotmail this week, Bulgarian bug hunter
tag. The exploit worked only with Microsoft's Internet Explorer browser.
MS Hotmail Goof
Posted 3 May 2000.
Those who are still masochistic enough to use MS products, do pay special
attention to just what you tell them when you sign up or register.
Microsoft's implementation of a new federal law protecting children's
privacy has cost some Hotmail customers their accounts.
Some Hotmail members found themselves permanently shut out of their
accounts after Microsoft enacted changes to comply with new regulations
that mandate parental consent for Net users under the age of 13.
The Children's Online Privacy Protection Act (COPPA), a federal law
that went into effect Friday, requires Web sites that collect personal
information to get parental consent for visitors under the age of 13.
"With the solution in place, we're finding that a handful of Hotmail
users residing in the U.S. incorrectly provided an age that was less
than 13 when they created their Hotmail account," a Microsoft representative
Microsoft said it warned U.S. customers whose profiles indicated they
were under 13 that they would need to provide parental consent to use
Hotmail after April 21.
But one adult who lost an account claimed no memory of being warned
"I have been a Hotmail user for several years now, and don't think
I ever registered as a user 'under the age of 13," the Hotmail
account holder wrote in an email interview. "But even if I had--who
can remember? They should have given us better notice of how to work
around/verify the info and warned us we would be permanently locked
Microsoft offered no hope for getting those accounts restored
to their original registrants.
"These accounts cannot be reactivated because the users provided
inaccurate information," the Microsoft representative said. "However,
these users can create a new Hotmail account and provide the appropriate
information which will comply with COPPA."
Posted 3 May 2000.
New York state Attorney General Eliot Spitzer:
"It is astonishing to me that Microsoft's two highest executives
continue to ignore the case that the states' and federal governments
have proved in court... And it is astonishing to me that they continue
to present themselves as desiring to empower consumers, when their conduct
shows a clear desire to restrict consumer choice and confine consumers
only to those products that Microsoft wants to produce."
Cookie Jar Ajar
Posted 12 May 2000.
From the Who-Else-Has-Known-About-This? department:
If you're using Microsoft Internet Explorer running on Microsoft Windows,
be aware that your cookie file is readable by any hostile website. Or,
and check it out: "Open
My Macintosh doesn't have any Microsoft software on it.
Open Source, But Not Open
Posted 12 May 2000.
Ted and Jeremy (Samba Boys):
Microsoft, after getting beat up in the press for making propietary
extensions to the Kerberos [security] protocol, has released the specifications
on the web -- but in order to get it, you have to run a Windows .exe
file which forces you agree to a click-through license agreement where
you agree to treat it as a trade secret, before it will give you the
.pdf file. Who would have thought that you could publish a trade secret
on the web?
The critical part of the license states:
b. The Specification is confidential information and a trade secret
of Microsoft. Therefore, you may not disclose the Specification to anyone
else (except as specifically allowed below), and you must take reasonable
security precautions, at least as great as the precautions you take
to protect your own confidential information, to keep the Specification
confidential. If you are an entity, you may disclose the Specification
to your full-time employees on a need to know basis, provided that you
have executed appropriate written agreements with your employees sufficient
to enable you to comply with the terms of this Agreement.
This is course is a very clever way to pretend to distribute the spec,
whilst making it completely impossible to implement in competiting implementations
which implements their propietary protocol extensions -- extensions
to a protocol which was originally published by the Kerberos team as
an Open Standard in the IETF. This completely defeats the IETF's interoperability
goals, and helps Microsoft leverge their desktop monopoly into the server
The one good thing about Microsoft having pulled this dirty trick is
that it makes their propietary intentions about the Windows 2000 PDC
clear as day. I doubt anyone else could come up with a charitable explanation
for what they've done. What a better example of Microsoft's "embrace,
extend, and engulf" business model!