Solar graphic                  ©










Valid HTML 4.0!

Passwords like TREBOR
Yep, that's a bad one because it is easy to crack according to Robert Shimonski.   His article is a useful guide to selecting good passwords and avoiding bad ones. He also has information concerning what happens when you forget the password for your personal computer.

Security Patch for Internet Explorer
Patch posted August 22, 2002
Microsoft has issued a cumulative patch for six new security vulnerabilities. This patch fixes these problems and takes care of previously detected vulnerabilities. The update is a 2.41 MB file for Internet Explorer 6.0.

Security Vulnerability for Windows Media Player
If you have Windows Media Player installed on your system, you should be aware of Microsoft Security Bulletin MS01-029.  A patch is available for Windows Media Player 6.4 and Media Player 7 should be upgraded to Media Player 7.1.

Netscape Navigator Security Flaw
CERT has issued Advisory CA-2000-05 concerning Netscape SSL sessions. Systems running Navigator 4.72, 4.61, 4.07 and other versions less than 4.72 are affected. This is an important flaw that compromises internet transactions requiring secure connections.

There are some ways around this problem:
(1) You could download Netscape v 7.02. Before downloading, check to see whether you will get 128-bit encryption. The Netscape browser is also available on a CD ROM.
(2) You can manually make sure you have a secure connection by double-clicking on the lock icon in your browser each time you visit an SSL-protected site.
(3) Never use Netscape for an SSL transaction. This is a simple solution for lazy people like myself.

April 20, 2003

Cross-Site Scripting vulnerability
This security issue is described at this Microsoft Technet site even though the problem is not the result of a bug in software from Microsoft or from other vendors.
These are some of the simpler procedures that can be used to avoid this problem:
Do not click hyperlinks in e-mail messages, even if the message appears to be from a trusted source.
Do not click hyperlinks in newsgroup postings.
If browsing a questionable site, type Web addresses directly into your browser instead of clicking on a hyperlink.
Do not use interactive forms on a site you might not trust.
There is one more drastic measure that could increase your security. This involves disabling all scripting languages in your web broswser. The CERT® Coordination Center shows the steps you can take to do this.
Before carrying out this procedure, remember that you will most likely end up with a browser that has none of the interactive features that you have come to rely on. You will then find that is necessary to return to the Medium security option for Internet Explorer.
In the event that your machine has been subject to a cross-site scripting attack, you will probably want to see Microsoft's recommendations for recovering from the attack.