E-MAIL TIP

If you use the Netscape Communicator 4.x e-mail application, Eudora Pro Email 4.x, or Microsoft's Outlook Express 4.x or Outlook 98 you should be aware of some current security problems and their fixes.

Those of you who use Pine can relax and skip to this month's Internet Tip.

NETSCAPE According to Netscape's Security Update, Netscape has confirmed that the Long Filename Mail vulnerability affects the mail and news components of Communicator for the following versions and platforms: Netscape Communicator 4.0 through 4.05 on Windows 3.1, 95, 98, and NT platforms Netscape Communicator 4.5 Preview Release 1 on Windows 95, 98, and NT platforms. Netscape believes that the following mail and news component versions are NOT affected: Netscape Communicator 4.0 through 4.05 on Macintosh and Unix platforms Netscape Communicator 4.5 Preview Release 1 on Macintosh and Unix platforms Netscape Navigator 2.x and 3.x on all platforms. In Netscape, "the Long Filename Mail vulnerability could allow an e-mail or newsgroup message with an attachment that has a very long filename to execute malicious code on your computer. Netscape defines a long filename as one which has "200 or more characters (this may appear as an attachment link that extends beyond the window width)." The Long Filename Mail vulnerability can cause one or more of the following to occur when you select the File menu while viewing a message that has an attachment with a long filename: Communicator may quit unexpectedly. Selecting the File menu may cause malicious code to be executed on your computer. Netscape is not aware of any users who have been affected by a malicious message. In order for the malicious code to cause problems, you must select the File menu while viewing the message. Netscape is testing a fix for Communicator 4.0x for Windows 3.1, 95, 98, and NT and expects to release it in the next two weeks. Check the Netscape Security Notes page for details on where to download the fix for this vulnerability. Until a patch is available, Netscape suggests that the way to avoid the vulnerability is to "configure Communicator to always view attachments as links, rather than display them inline. To do so, select the appropriate command on the View menu."

MICROSOFT According to the Microsoft Security Advisor Microsoft Security Bulletin (MS98-008), there is a "security vulnerability" that affects the way Microsoft e-mail clients handle file attachments with extremely long file names. These very long filenames do not normally occur in mail or news messages, and must be intentionally created by someone with malicious intent. A skilled hacker could use this malicious e-mail message to run arbitrary computer code contained in the long string." Software versions affected: Outlook 98 on Windows® 95, Windows 98 and Microsoft Windows NT® 4.0 Outlook Express 4.0, 4.01 (including 4.01 with Service Pack 1) on Windows 95, Windows 98 and Windows NT 4.0 Outlook Express 4.01 on Solaris Outlook Express 4.01 on the Macintosh. Software versions NOT affected: Outlook 97 Outlook Express 4.01 for Microsoft Windows 3.1 and Windows NT 3.51 This vulnerability can cause one of the following to occur when attempting to download, open or view an mail or news message in Microsoft Outlook 98 or Microsoft Outlook Express 4.x: An error message similar to the following may be displayed: "This program has performed an illegal operation and will be shut down. If the problem persists, contact the program vendor." When Outlook 98 attempts to download a mail or news message with a file attachment that has a filename greater than a certain length, Outlook could terminate unexpectedly. The user does not have to open the message or attachment in order for this to occur. When the user attempts to open an attachment in Outlook Express mail or news client, the client software could terminate unexpectedly. Microsoft has published patches for Outlook 98 and Outlook Express 4.x that fix the vulnerability and a variant of the original vulnerability, and "highly recommends that customers download and apply" the appropriate patches. If you use Outlook 98 for Windows 95, Windows 98 or Windows NT 4.0 you should download the updated Outlook 98 patch from Office Update. If you are using Outlook Express 4.0 that comes with Internet Explorer 4.0 on Windows 95, Windows 98 or Windows NT 4.0, you must first upgrade to Internet Explorer 4.01 SP1 at the Internet Explorer Products Download page, then install the Outlook Express updated patch from the Internet Explorer Security web site. Windows 98 customers can also get the updated Outlook Express patch using the Windows Update feature of Windows 98. For more information, visit the Windows Update. In addition, Microsoft offers a free e-mail notification service to distribute information about the security of Microsoft products. Anyone can subscribe to the service, and can unsubscribe at any time. To subscribe, simply send an e-mail message to microsoft_security-subscribe-request@announce.microsoft.com, with both the subject line and text area blank.

EUDORA According to the Eudora Pro Security Alert there is "a potential security risk" that exists in Eudora Pro Email 4.0 for Windows and Eudora Pro Email 4.0.1 for Windows. The problem does NOT affect Eudora Pro 4.0 for Macintosh Eudora Pro Email 4.1 for Windows. any version of Eudora Light or versions of Eudora Pro prior to 4.0. The Eudora Security Alert explains that, "This risk involves the ability for users to include hostile applets or scripts in an e-mail message. The offending code has the potential to allow a person to attach to an e-mail message an executable program, as is possible with any e-mail program, while 'hiding' the name of the attachment as a URL in the e-mail message. A user could then potentially click on that URL and launch the e-mail attachment." In order to protect yourself from this security risk, you can immediately solve this problem by disabling the Microsoft viewer in Eudora's options; you can go to Qualcomm's web site to download the fix for the problem, which is in the form of a "patch." This patch is a free upgrade to all existing users of Eudora Pro Email 4.0 and Eudora Pro CommCenter 4.0.

And if you've made it this far, you deserve some comic relief from this Email Virus Alert joke.

INTERNET TIP

If you use the Internet you're sure to need search engines to pinpoint the information you need. Search engines have a variety of ways for you to refine and control your searches. Some of them have menus to choose from, and others require you to use operators (+ or -, or "and" & "or"), as part of your search strategy.

Power Searching For Anyone offers outlines showing which search engines use different operators, which ones provide "wildcard" searching (a great way to search if you don’t know the spelling of a word), and the various ways search engines define proximity (for some "near" means within 10 words of each other, and for others it means within 2 words.)

And for a window into What People Search For you can "peek" at real searches being performed on popular search engines (don't worry--it's anonymous). This is a good way to assure yourself that search engines won't replace trained library staff.

WINDOWS 95 TIP

Do you have a "rescue disk" for Windows 95? It's a good idea to have one on hand in case a glitch prevents your computer from booting up. Just follow Tracy's directions at Create a Rescue Disk to give yourself some pc "insurance" and peace of mind.

USEFUL URL O' THE MONTH

BookBrowser had its genesis as a list of book titles taped to the counter of the circulation desk at the Monroe County Public Library in Bloomington, Indiana. "The list became a stack of stapled pages - soon filled a small notebook - quickly grew to two large ring binders - and finally found itself on the Internet, where it continues to expand at an incredible rate."

Thanks the core staff of two librarians and one book reviewer, along with reader contributions and suggestions, BookBrowser has grown into a huge resource. Each suggestion is researched before making it onto the lists. "We use online library catalogs, reference books, the books themselves, or correspondence with the author to verify our information. As librarians we have great reverence for bibliographic reference resources and as readers we appreciate accurate and current information."

As BookBrowser is "designed to help avid readers locate new books to read," the lists are grouped into these categories:

• Series & Sequels (divided into seven genres)
• If You Like... Try... ("One good book leads to another")
• Place & Time (titles arranged by location or era; includes a section on The Titanic)
• Best of ... (award winners in six genres)

FUN URL O' THE MONTH

Librarians In The Movies: An Annotated Filmography lists "over 300 Hollywood (and a few foreign) productions that in some significant or memorable way include a library or librarian."

Listing roles ranging from the "hair in a bun" stereotype to the "fiery small town librarian who fights censorship and suppression of free speech by refusing to expurgate a book on communism" (Bette Davis in "Storm Center"), Martin Raish has created a database chronicling the portrayal of librarians in film.

Raish also provides a list of Actors/Actresses Who Have Portrayed Librarians. You may be surprised to know that these actors have all played a reel librarian: Catherine Deneuve, Adrienne Barbeau, Ned Beatty, Whoopi Goldberg, Jason Robards, Carole Lombard, Goldie Hawn and Tim Robbins.

If you're looking for a video in which the reel librarians at work are represented as more than as more than "book stackers and book caretakers", The Librarian Stereotype and the Movies recommends "Hammett", "Storm Center", and "The Wicker Man".

RECIPE O' THE MONTH

is Chocolate Zucchini Bread.

And if you need more zucchini recipes try the Searchable Online Archive of Recipes (SOAR) for 954 more zucchini concoctions (it's that time of year!)

back to the Ides Archive

home