If your software garbles this newsletter, read this issue at WindowsSecrets.com.
 | YOUR NEWSLETTER PREFERENCES Change Delivery address: cpedley.kill-that-computer@blogger.com Alternate address: cgpedley@gmail.com Locale: Canada L3B 5N5 Reader number: 35034-18272 |
|
| Windows Secrets NEWS UPDATE • Issue 178a • 2008-12-17 • Circulation: over 400,000 |
| Table of contents INTRODUCTION: Give your friends secrets as holiday gifts TOP STORY: Microsoft patches IE, but Firefox is still safer |
| INTRODUCTION Give your friends secrets as free holiday gifts  By Brian Livingston In celebration of the holiday season, we're letting you send all of your friends the paid version of the Windows Secrets Newsletter absolutely free for the next three full months. The other writers here say I'm crazy, but with the global economic slowdown we're in, I want to spread a little cheer and let you treat as many people as you like. Here's how our holiday giveaway works:
Just the satisfaction of knowing you gave something of value to people you care about. That's the true spirit of the holiday season. This crazy idea is a one-time thing. We may never repeat it. It's just a spur-of-the-moment response to the economic times we're living in. I hope you'll enjoy giving this away as much as I've enjoyed ignoring everyone who told me it would never work. Please have a happy and safe holiday season. Special news update for MS patch; no paid version We're bringing you today a special report by Windows Secrets contributing editor Mark Edwards on a crucial Microsoft patch for Internet Explorer. The security threat that this patch is designed to correct has already affected millions of people. Our next regularly scheduled newsletters will be published on Dec. 18 and Jan. 8. We skip publication during the last two weeks of December, so there won't be any newsletters on Dec. 25 or Jan. 1. News updates have no paid content, and all subscribers receive the same short message. Brian Livingston is editorial director of WindowsSecrets.com and co-author of Windows Vista Secrets and 10 other books. |
| TOP STORY Microsoft patches IE, but Firefox is still safer  By Mark Joseph Edwards Microsoft recently announced that a special, out-of-cycle patch would be released on Dec. 17 for Internet Explorer's latest security vulnerability, the so-called XML exploit. If you'd like to avoid similar weaknesses that are certain to be discovered in IE in the future, the simple solution is to use a different browser, such as Firefox, with a few easy customizations that allow you to switch to Microsoft's browser only for sites that absolutely require IE. If you haven't yet patched IE to protect against the XML exploit, visit Microsoft's December 2008 security advisory. This Web page, which began as an announcement of the Redmond company's planned patch, changes automatically to information about installing the patch as soon as the fix is released. WS contributing editor Susan Bradley reported on the dangerous zero-day exploit in her Dec. 11 Patch Watch column (paid content). The security hole affects many different builds of IE 5, 6, and 7 as well as the beta version of IE 8. Every recent version of Microsoft's operating system is potentially affected: Windows 2000, XP, Vista, Server 2003, and Server 2008. The Redmond software giant acknowledged on Dec. 16 that more than two million Windows users had already become infected via the IE flaw, according to an article by the Press Association. How many more people will get hit before the patch is widely distributed is anyone's guess. Microsoft published a security advisory on Dec. 10, listing nine potential workarounds, before the patch became available. Many people, myself included, felt that the explanation did a poor job of clarifying which combination of fixes a particular user should implement. The company's Security Vulnerability Research and Defense blog attempted to clarify matters on Dec. 12. But the information there still left most people wondering how to determine the best combination of workarounds for their systems. IE zero-day flaws cry out for switch to Firefox There's no easy way to secure IE against similar flaws that will inevitably be discovered and used by hackers to their advantage in the future. For this reason — and in response to pleas for help by many Windows Secrets readers — here's my recommendation on the best way to surf the Web more securely:
The point is that thousands of sites became carriers within days. (The Press Association quotes Trend Micro as saying more than 10,000 sites were compromised by Dec. 16.) If you use a URL filtering system or block list, you should add the sites cited by Shadowserver to prevent access — at least until all your machines are patched or a specific site is proved to be clean. Mark Joseph Edwards is a senior contributing editor of Windows IT Pro Magazine and regularly writes for its Security Matters blog. He's a network engineer, freelance writer, and the author of Internet Security with Windows NT. |
| PERMALINKS Use these permalinks to share info with friends We love it when you include the links shown below in e-mails to your friends. This is better than forwarding your copy of our e-mail newsletter. (When our newsletter is forwarded, some recipients click "report as spam" and corporate filters start blocking our e-mails.) The following link includes all articles this week: http://WindowsSecrets.com/comp/081117 Free content posted on Dec. 17, 2008:
|
| YOUR SUBSCRIPTION The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets resulted from the merger of several publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008. Publisher: WindowsSecrets.com LLC, Attn: #120 Editor, 1700 7th Ave., Suite 116, Seattle, WA 98101-1323 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine). Editorial Director: Brian Livingston. Senior Editor: Ian Richards. Editor-at-Large: Fred Langa. Technical Editor: Dennis O'Reilly. Associate Editors: Scott Dunn, Stuart J. Johnston. Program Director: Tony Johnston. Program Manager: Ryan Biesemeyer. Web Developer: Damian Wadley. Editorial Assistant: Katy Abby. Copyeditor: Roberta Scholz. Chief Marketing Officer: Jake Ludington. Contributing Editors: Susan Bradley, Mark Joseph Edwards, Woody Leonhard, Ryan Russell, Scott Spanbauer, Becky Waring. Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners. YOUR SUBSCRIPTION PREFERENCES (change your preferences): Delivery address: cpedley.kill-that-computer@blogger.com Alternate address: cgpedley@gmail.com Country: Canada ZIP or postal code: L3B 5N5 Reader number: 35034-18272 Bounce count: 0 Your bounce count is the number of times your server has bounced a newsletter back to us since the last time you visited your preferences page. We cannot send newsletters to you after your bounce count reaches 3, due to ISP policies. If your bounce count is higher than 0 or blank, please visit your preferences page. This automatically resets your bounce count to 0. To change your preferences: Please visit your preferences page. To access all past issues: Please visit our past issues page. To upgrade your free subscription to paid: Please visit our upgrade page. To resend a missed newsletter to yourself: If your mail server filtered out a newsletter, you can resend the current week's issue to yourself. To do so, visit your preferences page and use the Resend link. To get subscription help by e-mail (fastest method): Visit our contact page. Subscription help by facsimile: 206-282-6312 (fax). Emergency subscription help by phone: 206-282-2536 (24 hours). HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page. WE GUARANTEE YOUR PRIVACY: 1. We will never sell, rent, or give away your address to any outside party, ever. 2. We will never send you any unrequested e-mail, besides newsletter updates. 3. All unsubscribe requests are honored immediately, period. Privacy policy HOW TO UNSUBSCRIBE: To unsubscribe cpedley.kill-that-computer@blogger.com from the Windows Secrets Newsletter,
|
No comments:
Post a Comment
Thanks for understanding that we need to prevent the nasties.