Welcome to the Mar 14, 2010 issue of
CompuNerds.Net-News

(To subscribe, please click here.)
 

TODAY'S TOPIC: DON'T PRESS F1 (OR OTHER KEYS)
Share |
CompuNerds.Net home page

Recently an article appeared on TechRepublic's IT Security website: Microsoft warns: Don't press F1. "What's with Microsoft, anyway? Why are they getting super-paranoid about this thing?" - you may ask, "the F1 key simply shows the 'Help' screen for a program!" Well, yes and no. In this case, if you're using Internet Explorer and your operating system is Windows 2000, Windows XP, and Windows Server 2003, a vulnerability may be exposed relating to "the way VBScript interacts with Windows Help Files when using Internet Explorer" leading to remote execution of code, says Microsoft.

Yes, it's true that pressing the F1 key should display the "Help" screen in Internet Explorer or Firefox - or most other well-known programs, for that matter. And in this case, a "remote execution of code" is certainly a risk, although rather remote (pardon the pun). But the F1 key displaying the "Help" screen isn't hard-wired into any program, nor will pressing Alt+F4 always end a program: all of the "standard" Function-key responses are merely a set of widely agreed upon coding conventions that programmers are supposed to observe. A programmer could make any key-press do just about anything he wants it to do.

He finally did it!For this reason, when you're surfing the Internet and a little pop-up window appears with a message something like this -

      "Do you want to exit this website?
      Press 'Yes' to exit, or 'Cancel' to remain here."

- don't respond by pressing either the 'Yes' or 'Cancel' or any button! Don't even press the red 'x' in the upper-right corner of the pop-up window! Simply close the current tab in your browser or close the whole browser by pressing the red 'x' in its upper-right corner. If that doesn't work, start Task Manager and kill the browser. Do this because those 'Yes', 'Esc', 'Cancel,' or other buttons don't have to mean what they appear to mean. Pressing that 'Esc' key could let the program "escape" with your personal information! When surfing the Internet or using any new program you've just installed, regardless of whether your computer is a Mac or a PC, any key-press could launch malicious code. So be sure you visit only trustworthy websites and run only trustworthy programs. And if you see a strange or suspicious pop-up, get your browser out of that website pronto!


THOUGHT FOR THE DAY
"Don't criticize a man until you've walked a mile in his moccasins"
...because then you're a mile away and you have his shoes!


And yes, Microsoft does tend to get rather paranoid about security issues. Being the "big kid on the block," Microsoft is a target for being called a thoughtless bully. It's the old "David vs. Goliath" mentality, where we "boo and hiss" the big, ugly giant, and cheer for the little kid he's pushing around. We used to cheer for Google, until that company grew to be a Goliath like Microsoft, so now we "boo and hiss" both of them. And of course, both Google's and Microsoft's "deep pockets" are targets for class-action lawsuits that claim a buch of people's rights were infringed upon. So these companies have to be extra careful.

Several years ago I developed a complete software system using Microsoft 'Help' files that could pass data back and forth between my 'Help' modules. Well, apparently I wasn't the only programmer who discovered how to do this, because after a few years Microsoft decided this was a "security vulnerability" - bad guys could somehow get your personal information using 'Help' files - so the nice folks at Microsoft dumbed-down their 'Help' system... and my software stopped working!


Click on Online PC Support for worldwide PC service   &   Offsite Backup Services for securing your files!

As a follow-up to the lead story in our last issue of CN.Net-News, "Don't Reinstall Windows," I referred to the very first step in our AA 12-Step Rehabilitation Plan that explains why you should have a separate admin account and how to set it up. The third step in that article tells why and how to have a password vault. You should do these two steps together, and I suggest to my clients that they use a similar password for their admin account and their password vault. Why? Because then you won't forget your admin account password. If you're anything like me, you have several different passwords for various websites, so you'll be entering the master password into your password vault every day. That way you won't forget your admin password. But if it's exactly the same password, a computer maintenance person could get at all your website passwords in your password vault. So make them similar, but not exactly the same.

By the way, I've recently begun a new advertising campaign: http://www.CompuNerds.Net/rotator.html - each time you go to this link, it runs a JavaScript randomizer that launches one of several webpages on our non-profit website. Try clicking on it a few times! It shocks the Internet surfers by the "cognitive dissonance" (it doesn't match what they expect to see), resulting in a fairly good CTR (Click-Through-Rate) to my business website and requests for my e-Books.


According to an article that was just published today, Google is '99.9 percent' sure to shutter Google.cn - its Chinese Internet search operations, that is. But Google's sales, software development, and research operations in China would remain intact. Both sides, the Chinese government and Google, are trying to sieze the "moral high ground" - Google by claiming it will not continue providing Chinese intelligence services information about political dissidents, and the Chinese government by stating that companies wishing to do business in China must observe Chinese law, regardless of their own internal ethical standards. Both sides, however, are already seriously morally compromised, and it seems are trying to save face by feigning morality.


The goal of our CN.Net-News is to share information that we think you'll find helpful as you wrestle with that little monster on your desk, your computer. And we aim to present this information from a Christian worldview. Thanks for your time!

Yours truly,

"Dr. Bob the CompuNerd"

RobertD HoskEN
See the "nerd" in my name? (It helps if you're a little dyslexic!)
<><
Visit our website: CompuNerds.Net
And check out: Quality website hosting and email

(Feel free to forward our CN.Net-News to a few friends (but don't spam!
Our privacy policy: We will never sell, rent or give your email address to anyone else. Period.
If you don't want to receive it any more, press 'Reply' and type 'unsubscribe' in the Subject line. Thanks!)