SAN FRANCISCO (08/28/2000) - Lotus Notes users, watch your backs. In yet another security scare, experts found a flaw in Lotus Notes that would allow a devious imposter to have access to your e-mail box. The interloper could not only send e-mail in your name but authorize others to access your Notes databases. At press time, Lotus Development Corp. was still working on the problem (for updates, check www.lotus.com/security). For a closer look at the weakness, visit www.pcworld.com/oct2000/sabotage.
Meanwhile, Microsoft Corp. hasn't been immune to security threats either. The latest problems affect Outlook and Outlook Express. The most serious bug could give an e-mail virus exceptionally easy access to your PC. Two other security breaches could let a hacker read your e-mail--or other files on your PC--remotely. You won't even know if someone's doing it.
Virus Unleashed: No Clicks Required
With viruses like "I Love You" and Melissa, recipients had to open file attachments before the attackers could do their damage. The flaw in Outlook and Outlook Express is even more dangerous because you don't have to click on an attachment--or even read the e-mail--to activate the nasty code. After you free it by checking your e-mail, the virus might crash your e-mail program, give the hacker access to your files, or even reformat your hard disk. Outlook Express versions 4.0 through 5.01, as well as Outlook 97 through Outlook 2000, are vulnerable.
The other bugs give hackers access to your computer through an HTML e-mail--an e-mail that contains a Web graphic in the body of the message. Most such messages are harmless. One security hole, however, would allow a snoop to read over your shoulder; this problem affects Outlook Express only. Another trick would enable hackers to look at certain types of files on your computer. This second flaw involves both Outlook and Outlook Express, versions 4.0 through 5.1. Microsoft fixes all three security problems with its patch at www.microsoft.com/windows/ie/download/critical/patch9.htm. For installation help, visit www.microsoft.com/technet/security/bulletin/MS00-046.asp.
IE Chomps Cookies
Near the top of my list of sneaky Internet practices are third-party cookies.
Unlike regular cookies--the byte-size data files that Web sites place on your hard drive to identify you the next time you visit--third-party cookies are usually created by invasive advertisers. These cookies enable advertising networks such as DoubleClick to compile detailed profiles of your online behavior.
Microsoft is working on a patch for Internet Explorer 5.5 that will ask for your permission before it lets third-party sites plant such cookies. By the time you read this, the fix should be available at www.microsoft.com/windows/ie. Once the patch is in place, each time a third party tries to place a cookie, a dialog box will appear, asking for your permission. For the lowdown on how cookies operate, check out www.pcworld.com/apr00/cookies.
Microsoft Ships Windows 2000 Service Pack 1First, the good news: Windows 2000 SP1 fixes several dozen bugs, including one that can damage Word or Excel files when you save them in a Web format. You can get the download at www.microsoft.com/windows2000/downloads/recommended/sp1/default.asp. The bad news: SP1 poses problems with two popular firewall programs--Zone Labs' ZoneAlarm and Network ICE's BlackICE Defender. Both companies have raced to fix the problem that SP1 causes. To get the update for ZoneAlarm, go to www.zonelabs.com/download_patch.htm; for the BlackICE Defender patch, visit www.networkice.com/html/blackice_defender_update.html.
You can find files from this article at www.fileworld.com/magazine. Stuart J.
Johnston is a journalist and tech columnist based in Bellevue, Washington.
Found a hardware or software bug? Tell us about it via e-mail at firstname.lastname@example.org.
Hack Attack on Office 2000
Microsoft has released a fix that addresses security vulnerabilities with Excel 2000, PowerPoint 2000 (from the Office 2000 family), and PowerPoint 97. Excel 2000 and PowerPoint 2000 users can get the patch at officeupdate.microsoft. com/2000/downloaddetails/Addinsec.htm; PowerPoint 97 users can obtain the fix at officeupdate. microsoft.com/downloaddetails/PPt97sec.htm.
Pink Palm Problem
Some Palm IIIc owners may feel they're seeing the world through a rose-colored display. Palm Inc. reports that a manufacturing problem with the screen's bulb causes the pinkish tint. To request a replacement, contact Palm Customer Care at 888/956-7256 or hop to www.palm.com/support/repair.html.