If your software garbles this newsletter, read this issue at WindowsSecrets.com.
| || |
YOUR NEWSLETTER PREFERENCES Change
Delivery address: firstname.lastname@example.org
Alternate address: email@example.com
Locale: Canada L3B 5N5
Reader number: 32451-65148
Paid sub expires: 2009-11-08
Windows Secrets Newsletter • Issue 175 • 2008-11-13 • Circulation: over 400,000
Table of contents
TOP STORY: How to maintain XP after Microsoft ends support
WACKY WEB WEEK: Keanu has encountered an error and must restart
LANGALIST PLUS: Can keyloggers go undetected by security apps?
PC TUNE-UP: Wireless networks at risk from WPA breach
PATCH WATCH: Critical Windows hole patched after seven years
How to maintain XP after Microsoft ends support
By Stuart J. Johnston
Microsoft CEO Steve Ballmer said recently that it's OK with him if you want to stick with Windows XP until Windows 7 is available late next year.
XP lovers may still be able to buy a new PC with that operating system installed for another year or so, but unfortunately, Microsoft plans to end most free support for the OS within months.
On that date — Apr. 14, 2009 — millions of PC users, some of whom bought their systems less than a year earlier, will be left in the lurch. These users will have to pay Microsoft for Windows XP support, although downloading critical security patches is expected to remain free of charge.
The end of support is planned despite the fact that consumers can still buy a new PC that runs XP rather than Vista, which was released nearly two years ago. It's ironic that no less a personage than Microsoft chief Ballmer tells users that staying with XP until Windows 7 ships late next year is a viable option.
What's a poor Windows XP user to do?
Third-party vendors pledge XP compatibility
Ballmer has said repeatedly over the past 10 to 15 years that the stiffest competition a new version of Windows confronts in the marketplace is the previous version of Windows. If the previous version is "good enough," then a lot of people won't buy the upgrade. XP just may prove Ballmer right.
According to a study by Gartner, there will be more than 1 billion computers in use worldwide by the end of 2008. The vast majority of them run Windows XP.
In fact, according to an analysis by Web analytics firm Net Applications, some 68 percent of the client computers in use around the world use XP. The OS's closest challenger — Vista — represents just over 19 percent of the worldwide PC market. If these stats are accurate, there are nearly 700 million copies of XP on the planet.
While Vista has been picking up steam in recent months, it has a long way to go to catch up with its older, more mature sibling. Even if Microsoft redoubles its efforts to market Vista, it's unlikely the newer version could pass XP in installed numbers by late 2009, which is when Microsoft officials hint that Windows 7 will be available.
Anyone who uses XP — whether on a new machine or an early-2000s model — has to wonder whether new hardware and software will continue to support the old OS.
The answer is a qualified "yes."
XP's huge installed base helps to ensure that hardware and software companies are continuing to support their existing XP users while also making sure their new products will work with the OS. Every one of several third-party hardware and software firms I checked with claims its new products will be compatible with both Vista and XP.
For now, anyway, losing the support of third-party vendors is far from the biggest threat facing anyone who sticks with XP. The bigger problem is Microsoft's impending free-support cutoff date for the OS.
XP's support has been extended once before
Microsoft's policy is to support each version of its operating system for 10 years. For the first five years, users get "mainstream" support, which combines free help and fee-based services. This is in addition to the standard patches and hotfixes that Microsoft periodically releases.
The second five-year period constitutes "extended" support. During this time, users must pay for support, aside from critical patches that continue to be offered by the company for free.
XP will reach the end of mainstream support on Apr. 14, 2009, despite the fact that Service Pack 3 for XP was released just last spring. (XP first shipped in late 2001, so the end of its mainstream support is coming more than two years later than is typical — a testament to XP's popularity.)
After April 2009, XP moves into the extended-support period, which is expected to last through Apr. 8, 2014.
Under extended support, if you encounter problems installing a security patch or other critical fix, tech support will help you free of charge. Any other help from Microsoft tech support, however, will be on a pay-per-incident basis. Microsoft currently charges $59 per incident for help with operating-system problems.
If you bought a new PC with XP preinstalled, it's important to note that you must contact your PC maker for all support. Microsoft has assembled a list of phone numbers and support sites for major PC vendors.
Even though Microsoft has cut off retail sales of XP, the company will continue to allow PC vendors to sell XP Professional on new systems at least through the end of January 2009.
Today, that's usually done by opting for the vendor's "downgrade" license, which lets the buyer choose between Vista and XP Pro.
For example, Dell Computer says it will sell systems with XP as a downgrade option through 2009 and possibly longer.
There are plenty of XP resources out there
Of course, you aren't stuck with Microsoft when it comes to your XP support options. If you're looking for an XP device driver, and you're not having much luck with the vendors' sites, try browsing through the posts at various PC community forums.
Forums are great places to post questions and (hopefully) receive answers from other users who have experienced the same problems and found solutions. Microsoft's XP newsgroups are a good place to start.
Other useful XP support sites include the TechArena community, BoardReader, and AllExperts.
You'll find all types of XP support from the members of PC user groups, many of which offer live, in-person meetings where participants exchange tips and solutions. Listings for Microsoft user groups are available at the Microsoft Mindshare site.
These are by no means all the support options available to XP users, but they provide a starting point to help you keep XP alive and well until something better comes along — whether another flavor of Windows or something completely different.
WACKY WEB WEEK
Keanu has encountered an error and must restart
PLEASE ENJOY YOUR PAID NEWSLETTER
You're reading our paid version
The following sections provide you with content that doesn't appear in the free version of this newsletter. Please don't forward your paid version to others. (Forwarding the e-mail newsletter to people who didn't request it subjects us to spam complaints.) Instead, we'd love you to share the free version of this content by suggesting that people visit this issue's permanent Web address, shown below. A complete index at the bottom of the Web page provides you with hyperlinks to any article you'd like to recommend.
The address of this issue is http://WindowsSecrets.com/comp/081113
Can keyloggers go undetected by security apps?
Hardware keyloggers may be sniff-proof
U.S. courts have pretty consistently ruled that employers have a right to monitor everything that's done on their business PCs. By the same token, parents probably have a similar legal right to oversee their minor children's activities.
That leads to a question by Alexandre Marson, who wants to deploy keyloggers but is having a problem preventing his antivirus software from repeatedly displaying warning messages:
Software running on a system can always be detected by one means or another. Even if a particular piece of software currently evades detection, odds are it will be discovered soon enough.
Hardware's a different matter. There are keylogger dongles that cannot be detected by any normal security program because the dongles exist separately and independently from the PC's other hardware and software.
A keylogging dongle sits in-line between the keyboard and the system you want to monitor: you plug the keyboard into the dongle and the dongle into the PC.
Like a tiny vampire, the dongle powers itself by using a minuscule bit of electricity passing through the keyboard cable. The device records all the keystrokes as they occur and stores the information in its internal flash memory.
Because the dongle is self-contained and doesn't interact with the PC or its operating system, the device simply cannot be detected by standard security software.
A typical, cheap (U.S. $50-$100) keylogging dongle comes with up to 2MB of memory, which is room enough to store 2 million keystrokes. (By some estimates, that's about a year's worth of "average" typing.)
With the most covert type of keylogging dongle, whoever's doing the snooping has to remove the dongle periodically, dump its contents to another PC, clear the dongle's memory, and then put it back to capture the next batch of keystrokes.
The only sure way to discover a typical keylogging dongle is to look for it with your own eyes: if there's a short length of extra hardware inserted between the normal keyboard plug and the PC, it just might be a dongle. (I'm wondering how many Windows Secrets readers are on their hands and knees right now, looking for dongles sticking out the backs of their PCs.)
Keylogging hardware can also be built into the plug on the end of a keyboard cable or placed inside the keyboard itself. Or you can install custom keylogging hardware inside the PC's case. Hidden hardware keyloggers such as these are invisible to all but the most thorough and skillful inspections.
How you feel about keyloggers may depend on whether you picture yourself as the snooper or the snoopee. Either way, if someone really wants to snoop without being detected, the only real limits are the snooper's budget and risk tolerance.
Of course, there are huge ethical issues with all this. In some legitimate (i.e., forensic) instances, covert keylogging may be necessary, but circumstances such as these are rare. To me, capturing an unsuspecting person's keyboard activity is a very hostile act; at the very least, it's a breach of trust and privacy. And in some cases, logging keystrokes may even be a crime.
Playing with keyloggers is playing with fire. Be careful.
The first backup's always the hardest
Bill Hoffman is setting out to make his first backup:
To learn about the version of backup in your copy of Windows, click Start, Help and Support. Type the word backup into the search box at the top of the window and press Enter. The Help system will deliver comprehensive information on using the specific version of backup available to you.
Ideally, your first backup should include every file stored in the partition where Windows resides. If that's too much data for your backup medium to handle, make copies of your own files and programs, concentrating on those that you couldn't easily recover, reinstall, or recreate from other sources.
After using Windows' backup tool for a while, you may find that the program is not suited to your backup needs or preferences. You can then try any of the myriad third-party backup tools out there. Ian "Gizmo" Richards offers a complete look at your backup options — including free and low-cost backup software and services — in his Sept. 18 column.
Almost any backup is better than no backup, so the exact way you back up your files is less important than simply doing it. Find a backup tool you're comfortable with, and then use it!
Some PCs have Explorers out the wazoo
P.J. Roberts had some questions after reading about problems with XP's "other" Explorer, explorer.exe, in my Nov. 6 column:
The first file you list is the same explorer.exe version that I'm running: a 1010KB file with a date of "4-13-08." The files in the folders whose names begin with C:Windows\$NT are versions of the file that were installed by various Windows updates and service packs.
By the way, although most systems use C:\Windows as the home folder for Windows system files, some PCs that were upgraded from an older version of Windows use C:\WINNT instead. I haven't seen a WINNT installation in years, but they're out there. (Thanks to reader Michael Jennings for pointing this out.)
The explorer.exe file in the PreFetch folder isn't really the file itself but rather a pointer to the file so Windows can locate and load explorer.exe before it's even asked for (it's "prefetched"). And the folder with "mig" as part of the name is from a past software migration (or major update).
In short, you're OK, P.J.
Incomplete install leaves ghost in the machine
When a software setup failed for Philip Lidden, he was left with a half-finished installation that was neither alive nor dead. And it just wouldn't go away:
The CleanUp Utility was originally designed for use with botched Microsoft Office installations, but it's actually more generic than Microsoft lets on. In fact, it can sometimes correct installation problems with non-Office software, as long as the half-there program's original setup ran from a Windows Installer package.
You can identify these packages because they usually have an .msi file extension. ("Msi" stands for "Microsoft Installer.") Full details and a download link for the Windows Installer CleanUp Utility can be found in Knowledge Base article 290301. With luck, you'll have that bad install killed off in a matter of minutes!
Fred Langa is editor-at-large of the Windows Secrets Newsletter. He was formerly editor of Byte Magazine (1987–91), editorial director of CMP Media (1991–97), and editor of the LangaList e-mail newsletter from its origin in 1997 until its merger with Windows Secrets in November 2006.
Wireless networks at risk from WPA breach
Researchers break old Wi-Fi encryption protocol
Your wireless network may be overdue for a security upgrade. Wi-Fi access points secured with the old WPA standard are now easy pickings for network snoops, according to researchers who've found a way to overcome WPA's encryption protocol.
This isn't the first time the security of wireless networks has come into question. When it was discovered several years ago that cracking Wi-Fi's original Wireless Equivalent Protection (WEP) security standard was incredibly easy, vendors quickly released products that supported the stronger WPA protocol.
WPA supports both TKIP (Temporal Key Integrity Protocol) and AES-CCMP (Advanced Encryption Standard, Counter Mode/CBC MAC Protocol). TKIP is essentially a modified rendition of WEP, but AES offers much stronger protection than either WEP or TKIP.
German researchers Martin Beck and Erik Tews recently found a way to crack TKIP under certain conditions. Their methodology involves what is called a chopchop attack, which attempts to decrypt packets byte by byte.
The technique "chops" a byte off the packet, manipulates the packet in some way, and then sends the packet back to the wireless access point. If the access point broadcasts the packet, the decryption was successful.
As it turns out, TKIP is vulnerable to this attack, which is how new cracking tools such as aircrack-ng break encryption.
Chopchop attacks operate much like the programs that were used to crack WEP security, although they require some extra work. TKIP differs from WEP in that TKIP performs integrity checks via Message Integrity Code (MIC). To crack TKIP, the MIC must also be decoded.
Once the chopchop method breaks the MIC, the cracking tool needs to figure out what IP address is encoded in the packet. This must be done slowly — once every 60 seconds — to avoid causing the access point to reissue new keys. Using this technique, a typical WPA network can be breached in fewer than 20 minutes, and some can be cracked in only 12 minutes.
If your network uses WPA with TKIP, your access point is not secure. If your wireless router can't be upgraded to WPA2, either switch your current WPA configuration to AES-CCMP (if possible) or buy an access point that supports the tougher WPA2 encryption standard.
A third option, somewhat less secure than the previous two, is to adjust the TKIP settings in your WPA router. Since chopchop attacks attempt to decrypt live packets, it stands to reason that changing your encryption keys more frequently will decrease the chance of having your encryption cracked.
Reduce your TKIP key refresh rate to a smaller time interval. That way, the keys change faster than an attacker can guess them. According to Beck and Tews, you should set your TKIP key refresh to no more than 120 seconds.
If you're interested in the nitty-gritty details, download a copy of the researchers' whitepaper (in PDF format).
Thousands of DNS servers are still vulnerable
Back in July, an alert circulating the Internet addressed serious problems with DNS server software that could allow bad guys to poison the servers' cache. In such cases, phishing, malware propagation, data interception, and other attacks become possible. The problem relates to poor source-port randomization, which could allow an attacker to inject data into the server.
By now, all DNS servers should be patched. Unfortunately, this doesn't seem to be the case. According to a recent survey conducted by the Measurement Factory on behalf of Infoblox, 10% of DNS servers are still vulnerable to attack.
The company scanned more than 68,000 DNS servers to check a variety of parameters and configuration types. When the smoke cleared, 75% of those servers earned a "great" rating in terms of source-port randomization. Only 0.7% had a "good" rating, and 10% (about 6,800 servers) were rated as "poor."
That's way too many vulnerable DNS servers. Regardless of what software it runs, make absolutely sure that any DNS server you use is up-to-date. This also applies to hardware platforms such as wireless routers and firewalls. If you can't get your hands on the required DNS updates, consider dumping that platform and replacing it with a product from another vendor.
To test the DNS server your workstation is currently using, use the Test My DNS button at the site of the Domain Name System Operations, Analysis, and Research Center (DNS-OARC).
Windows Secrets contributing editor Ryan Russell wrote more about this kind of test in his July 17 Perimeter Scan column.
Don't wait to update your copy of Adobe Reader
I'll wager you've got Adobe Reader installed on the system you're using right now — and on just about every other PC you use. If you haven't updated the program this week, do so right away.
Numerous vulnerabilities were reported recently, and at least two working exploits are spreading quickly around the Internet. These exploits could allow someone to install a Trojan or run other code on your computer.
The vulnerabilities affect Adobe Reader version 8.1.2 and earlier. Upgrade to either version 8.1.3 or version 9, as described on Adobe's download page.
Don't rely on your anti-malware software to protect you from this security hole. According to a report posted Nov. 7 on the Internet Storm Center, not a single antivirus product was able to detect the latest attack variant.
Program lets you whitelist apps on a network
A couple of weeks ago, I helped a company bolster its anti-malware defenses. None of the security tools that the company had in place could prevent a PC from running nonapproved applications.
As with most types of protection, the firm's defenses were all at the network border. If any malware slipped past that border, cleaning up the resulting damage could be quite expensive.
The ideal solution is to prevent all software from operating on the network unless explicitly authorized to do so. The program that fit the bill for me is Faronics Anti-Executable, which lets you create a whitelist of applications that are allowed to run. Any program that's not on the list is blocked.
With the Faronics utility in place, malware that makes it past your frontline defense has a slim chance of launching and wreaking havoc on your network.
Anti-Executable is available in a standard version (U.S. $45 per system) and an enterprise version (from $55 per system). The enterprise version adds such useful features as interoperability with Active Directory, centralized whitelist deployment, and whitelist activation scheduling.
Check out the utility's complete list of features at the Faronics site.
Mark Joseph Edwards is a senior contributing editor of Windows IT Pro Magazine and regularly writes for its Security Matters blog. He's a network engineer, freelance writer, and the author of Internet Security with Windows NT.
Critical Windows hole patched after seven years
This fix has been a long time coming
Topping the list of November patches is MS08-068 (957097), which Microsoft labels "Important" but I consider critical. Even though it affects only Windows servers and networked Windows PCs, I recommend that all Windows systems apply this patch.
The issue has actually been around since 2001 and impacts all PCs with file and printer sharing enabled. As Christopher Budd explains in a Microsoft Security Response Center blog posting, the company didn't think the problem with the Server Message Block (SMB) protocol could be fixed without requiring that all network applications be rewritten.
For years, security experts have used SMB relay attacks — which attempt to execute code on the affected systems remotely — to test network defenses. While you need to be an authenticated member of a network to exploit this vulnerability, a disgruntled employee who does so could cause serious damage.
Many network-security pros were surprised that this hole was finally patched after all these years. On the Patch Management (PM) listserve, Eric Schultze of PM vendor Shavlik and network engineer Edward Ziots of the Lifespan Organization call this a critical issue that you should patch against as soon as possible.
XML patches released for Windows and Office
When does one security patch equal seven? When it's an XML patch!
XML is a building-block component used by many applications. Microsoft installs it in Windows' core as well as in Office applications. Knowledge Base article 269238 lists all the XML versions Microsoft has released and some applications that use specific XML versions.
That's why you may be offered not one, not two, but five or more patches addressing this matter. On one Windows XP machine I tested, for example, the XML patch involved five of the following six downloads:
The patch for XML version 4 can be a bit troublesome for Vista and Server 2008 users, as documented in KB 954430. If you also install either the fix for Windows Server 2008 described in KB 956697 or the patch for Vista covered in KB 938371 at the same time as this XML patch, you may need to restart the system twice.
These patches were first offered to Server 2008 and Vista users months ago. If you patch regularly, you shouldn't encounter this double-reboot problem.
For more information, see MS08-069.
PCs running 32-bit Vista do need 64-bit download
In my Oct. 30 Top Story, I recommended that you hold back on installing the patch described in KB 957200 because the article describing the patch had not yet been posted. When the article finally was available, it left me scratching my head.
The patch is intended to ensure that Customer Experience reporting works properly on 64-bit Vista. So why was I being offered the patch for my 32-bit Vista machines?
The answer lies in some shared code base between the 32-bit and 64-bit Vista platforms. I applied the application compatibility patch to my 32-bit and 64-bit PCs with no problems.
Few exploits seen following out-of-cycle release
My thanks to all of you who went the extra mile in patching your systems last month. I reported in a Windows Secrets news update on Oct. 24 that a threat for which Microsoft had released an emergency patch — outside the company's usual Patch Tuesday schedule — threatened to spread quickly across the Internet.
The Microsoft Security Resource Center reports having seen only a few targeted attacks attempting to exploit the hole. More importantly, there have been no widespread worms attempting to leverage the vulnerability.
It also appears that folks had a relatively easy time installing the fix described in MS08-067 (958644). Very few issues were reported, especially considering the vast number of people who had to apply this patch.
To everyone who heeded my call to patch immediately, thank you very much.
Oops! Antivirus vendor AVG prevents booting up
On the heels of the company's earlier slip-up — which I described in the Oct. 30 Top Story — AVG's antivirus software is causing problems for Dutch, French, Italian, Portuguese, and Spanish customers by flagging a key Windows file as a virus and blocking computers from booting.
Windows Secrets contributing editor Woody Leonhard has some further details about the problem. He explains that AVG flags an essential Windows file, user32.dll, as a Trojan. If you agree to Heal or Move to Virus Vault, your computer then shows a Blue Screen of Death (BSoD). Subsequent attempts to reboot either end in BSODs or in endless rebooting cycles. But if you don't "heal" the file, your computer should be OK.
AVG posted a fix on its support site (enter 1575 in the Search in FAQ box to locate the specific download). Follow the instructions on the AVG site to get your broken PC back into working condition.
Adobe Reader and Flash are targeted for attack
In this week's PC Tune-Up column, Mark Edwards discusses recent attacks on vulnerable versions of Adobe Reader. This gives me the opportunity to remind you that it's time to make your monthly visit to the Secunia Vulnerability Scanning service. Either scan your system online or load up the service's monthly scanning tool to ensure that all your third-party applications are up-to-date.
After I upgraded to Adobe Flash Player 10, some sites failed to work until I downloaded and installed a second update. Flash was recently patched, according to Adobe security bulletin APSB08-20, and on several of my test systems, this update apparently fixed a problem I was having with certain sites not offering me videos.
If you use Flash Player 9.0.124, either upgrade to version 10 or to the patched version 9.0.151. In my opinion, the easiest way to patch your Flash Player is to run Secunia's vulnerability scanner and see what other apps you need to update.
Office 2007 help files get updates of their own
If you use Microsoft Office 2007, you'll notice seven patches in this month's fix-a-thon that update the help systems in various Office programs:
• Excel 2007 (described in KB 957242)
• OneNote 2007 (957245)
• Outlook 2007 (957246)
• PowerPoint 2007 (957247)
• Publisher 2007 (957249)
• Word 2007 (957252)
• Script Editor (957253)
Apparently, Office users need a lot of help. The good news is that these patches don't require a reboot, so if you decide to install them, you won't need to stop and restart your system.
E-mail bug hits Windows Mobile 6.1 phones
Every phone that runs Windows Mobile version 6 and later has a copy of the Windows Update application. However, I've yet to see a patch being offered for Windows Mobile 6 phones.
If your device runs Windows Mobile 6.1, you should be offered an update, because there's a bug that corrupts your primary e-mail settings whenever you use an alternative SMTP e-mail server. That's a bit annoying, to say the least. The Outlook Mobile Team blog has the full details on the patch.
You'll need to use Microsoft's ActiveSync to install the patch on your phone.
Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She's also a partner in a California CPA firm.
Use these permalinks to share info with friends
We love it when you include the links shown below in e-mails to your friends. This is better than forwarding your copy of our e-mail newsletter. (When our newsletter is forwarded, some recipients click "report as spam" and corporate filters start blocking our e-mails.)
The following link includes all articles this week: http://WindowsSecrets.com/comp/081113
Free content posted on Nov. 13, 2008:
You get all of the following in our paid content:
The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets resulted from the merger of several publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.
Publisher: WindowsSecrets.com LLC, Attn: #120 Editor, 1700 7th Ave., Suite 116, Seattle, WA 98101-1323 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).
Editorial Director: Brian Livingston. Senior Editor: Ian Richards. Editor-at-Large: Fred Langa. Technical Editor: Dennis O'Reilly. Associate Editors: Scott Dunn, Stuart J. Johnston. Program Director: Tony Johnston. Program Manager: Ryan Biesemeyer. Web Developer: Damian Wadley. Editorial Assistant: Katy Abby. Copyeditor: Roberta Scholz. Chief Marketing Officer: Jake Ludington. Contributing Editors: Susan Bradley, Mark Joseph Edwards, Woody Leonhard, Ryan Russell, Scott Spanbauer, Becky Waring.
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners.
YOUR SUBSCRIPTION PREFERENCES (change your preferences):
Delivery address: firstname.lastname@example.org
Alternate address: email@example.com
ZIP or postal code: L3B 5N5
Reader number: 32451-65148
Your paid sub expires: 2009-11-08 at 12:01 a.m. Pacific Time.
You'll receive a renewal notice approximately four weeks prior to that date.
Bounce count: 0
Your bounce count is the number of times your server has bounced a newsletter back to us since the last time you visited your preferences page. We cannot send newsletters to you after your bounce count reaches 3, due to ISP policies. If your bounce count is higher than 0 or blank, please visit your preferences page. This automatically resets your bounce count to 0.
To change your preferences: Please visit your preferences page.
To access all past paid issues: Please visit our past paid issues page.
To resend a missed newsletter to yourself: If your mail server filtered out a newsletter, you can resend the current week's issue to yourself. To do so, visit your preferences page and use the Resend link.
To get subscription help by e-mail (fastest method): Visit our contact page. Subscription help by facsimile: 206-282-6312 (fax). Emergency subscription help by phone: 206-282-2536 (24 hours).
HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.
WE GUARANTEE YOUR PRIVACY:
1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
HOW TO UNSUBSCRIBE: To unsubscribe firstname.lastname@example.org from the Windows Secrets Newsletter,