From: | normtaka@webtv.net (NormTakahashi97P/M Classic 2.5.7print) | |
Date: | Wed, Feb 20, 2002, 11:55pm | |
To: | tomeegirl@webtv.net (Donna) | |
Cc: | Maximoto@webtv.net, chetcope@aol.com, vgi2000@yahoo.com, lminor7@yahoo.com, furler@furler.net, crazedwriter@webtv.net, mojo-ris-in@houston.rr.com, mchestney@bwr.eastlink.ca, floralone@webtv.net, BeeBee59@sg23.com | |
Subject: | Re: Donna`s PC Problem!! |
Hi Donna,
I found the article that I had read quickly (not having a PC running MS IM), but I had logged the link....
Upon rereading it now, I'm not sure if that kid was making use of this particular loophole....
Sounds like he was embedding some script in his IM messages that triggered 'new windows" to be displayed.
A relatively new aggravation is something called a 'pop-under' - a
cousin of the 'pop-up' window.
The insidiious nature of a 'pop-under' window is that they will persist on your screen even after you close the window that they "came through".
You have to plow through, one by one, closing each window....
Does that sound more like what you experienced??
----------------------------------------------
----------------------------------------------
2.2/11
Instant Messaging Planet: News: MSN Messenger Security Hole Found
http://www.instantmessagingplanet.com/news/article/0,,2811_972241,00.html
http://www.instantmessagingplanet.com/news/print/0,,2811_972241,00.html
----------------------------------------------
..... text of article .....
Instant Messaging Planet
MSN Messenger Security Hole Found
By Bob Woods
UPDATE: A newly discovered security bug in MSN Messenger and Windows
XP's Windows Messenger that can make available a user's personal
information to malicious Web site owners is in the process of being
killed by Microsoft Corp. (NASDAQ:MSFT).
A Microsoft spokesperson said in an interview that the company will issue a patch to fix the bug sometime "early this week. Users of MSN Messenger and Windows Messenger who want to protect themselves in the meantime can go to this Web page for additional information.
The spokesperson also said Microsoft has not received any reports of customers being exploited by the hole.
In a posting last week to SecurityFocus' BugTraq e-mail list, programmer Richard Burton said that the display name of a person using these programs can be obtained by a Web site that uses JavaScript.
"For users who have a sensible and accurate display name, this should be considered a privacy issue," although people not using display names will have their e-mail addresses revealed, Burton wrote.
A list of the user's contacts can be obtained by using the hole, he also said.
Web sites hosted on some domains, like microsoft.com, hotmail.com and hotmail.msn.com, can also use the same technique to access the e-mail address of the user, along with the e-mail addresses of all their contacts, Burton said. "This could be used by Microsoft to track users on their sites, which many would consider to be a privacy issue."
Other domains can be allowed access to a user's e-mail addresses with a single registry entry, he also said. The entry could be made by installed spyware/adware, which sometimes occurs without a user's knowledge via the execution of a copy of shareware. "Once there you have the potential to give your e-mail address to any site that requests it and places it in a cookie," Burton wrote.
On his Web site, Burton is quick to point out that the risks aren't that great, because many people don't set accurate display names, and employing the exploit is not easy to do.
Burton added that he has set up a simple demonstration of the problem. When MSN Messenger is open, the demo will show a user's name and the names of all of her contacts. If the registry entry given is used, it will also show your e-mail address and the addresses of all your contacts.
The news of the security bug comes just weeks after Microsoft announced a new focus on security, as company Chairman and Chief Software Architect Bill Gates told employees that they must now make security in Microsoft's products their first priority.
Microsoft even went as far as hiring an outside security expert to help implement that goal. The company brought on Scott Charney, a principal for PricewaterhouseCoopers' Cybercrime Prevention and Response Practice, to serve as the company's chief security strategist, replacing Howard Schmidt, who left the company after he was tapped by the Bush administration as electronic security advisor.
Charney has been charged with developing strategies to enhance the security of Microsoft's products, services and infrastructures.
Bob Woods is the managing editor of InstantMessagingPlanet.com. February 11, 2002
EarthWeb is a division of INT Media Group, Incorporated.
Copyright 2002 INT Media Group, Incorporated
All Rights Reserved.
----------------------------------------------
Norm
ps: memory is so cheap nowadays, the more the better.
256Mb up to 512Mb will permit your system to run at its best throughput rated speed.
The transfer rate of the other installed devices then become the possible causes of 'congestion'.
Hard disk drives are different as to 'access/seek time' - dependent upon the rotation RPM, bandwidth of the data bus for I/O transfer to the CPU, and the physical design of the drives.
Drives with just single platters (like a vinyl LP record) will perform slowly, because the read/write heads will be 'thrashing' in and out to access the data sectors.
The heads are mounted at the end of actuators that look like tongs - both sides of the platter are used to store the data.....
Drives having multiple platters - stacked - can access data much faster, and if the actuators are positioned seperately (like at 3 6 9 12 of a clock), they can operate independently while the stack rotates.
A big improvement is performance can be attained by having more than one hard drive device. Multiple drives were a SUPER time saver for my IBM puter at our business.
For optimum results, data files should be located so that high activity files are on seperate drives, when they are needed to be working together.
Example: Customer Master, Item Master, Order Detail, Credit-Accounts
Receivable .... if each were on one of 4 drives - the processing of
Order Entry, printing of Shipping Orders, and Invoice Processing all are
optimized.
On a PC, you can control location of data by specifying the drive 'designation' (a, b, c, d, etc) and by the use of multiple PARTITIONS for each drive.
Well, I hope I'm not overwhelming you....
I'll try to dig up some performance and 'tweaking' tips for you. Since you're new to PCs and what does what, you should try to start with the fundamentals and get an idea of the 'big picture' of how the hardware and software play their part in the overall execution of processing the 'tasks'.
Meanwhile, I just added the links to my outdated Reference Library pages.... see the Navigator page.
I haven't updated the RefLib data since I got 'erased' last 3/17/01....
NORM's RACKET - Navigator
https://normtaka.tripod.com/0NormsRacket.htm
Norm
Delivered-To: | normtaka@mailsorter-bryant.bryant.webtv.net | |
From: | tomeegirl@webtv.net (Donna) | |
Date: | Wed, Feb 20, 2002, 9:14pm (PST+2) | |
To: | normtaka@webtv.net (NormTakahashi97P/M Classic 2.5.7print) | |
Cc: | Maximoto@webtv.net | |
Subject: | Re: Fwd: Donna`s P C Problem!! |
Hi Norm yes there is a loop hole and BeeBee told me to go to microsoft and download the security patch which I have done tonight. My resources were down to 24% but back up to 90% after I powered off last night. The kid was flooding my IM with messages and kept opening up more windows on me is why it took my resources down so much. I do have him blocked on my IM now and believe me he will not get added again on my WebTV or PC.
I really need to get more memory. But Mojo seems to think it is enough for me. He also thinks my modem is bad and is sending me a new one to install.
Rich I want to Thank You for all of your help. Just being able to talk to someone at the time helped calm my nerves. If there is ever anything I can do for you please let me know.