|
PureBytes Links
Trading Reference Links
|
<x-html><!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<HTML>
<HEAD>
<META content=text/html;charset=iso-8859-1 http-equiv=Content-Type>
<META content='"MSHTML 4.72.3510.1400"' name=GENERATOR>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT color=#000000 size=2>Good Morning RealTraders:</FONT></DIV>
<DIV><FONT color=#000000 size=2></FONT> </DIV>
<DIV><FONT color=#000000 size=2>The following is a Security Bulletin from
the Microsoft Product Security<BR>Notification Service.<BR><BR>Please do
not reply to this message, as it was sent from an
unattended<BR>mailbox.<BR>
********************************<BR><BR>Microsoft Security Bulletin
(MS98-016)<BR>-----------------------------------------------------------------<BR>Update
available for "Dotless IP Address" Issue in<BR>Microsoft Internet
Explorer 4<BR><BR>Originally Posted: October 23, 1998<BR>Last Revised: October
23, 1998<BR><BR>Summary<BR>=======<BR>Microsoft has released a patch that fixes
a vulnerability in the way<BR>Internet Explorer 4 determines what security zone
a target server is in. By<BR>exploiting this vulnerability, a malicious hacker
could misrepresent the URL<BR>of their website, causing the site to be treated
as it if were located on an<BR>intranet by Internet Explorer's Security Zones
feature.<BR><BR>Microsoft highly recommends that users that have affected
software installed<BR>on their systems should download and install the available
patch as soon as<BR>possible.<BR><BR>Issue<BR>=====<BR>The "Dotless IP
Address" issue involves a vulnerability in Internet Explorer<BR>that could
allow a malicious hacker to circumvent certain Internet Explorer<BR>security
safeguards. This vulnerability makes it possible for a malicious<BR>web site
operator to misrepresent the URL of an Internet web site and make<BR>it appear
as if the machine is in the user's "Local Intranet Zone".
Internet<BR>Explorer has the ability to set security settings differently
between<BR>different zones. By exploiting this vulnerability, a malicious site
could<BR>potentially perform actions that had been disabled in the Internet Zone
or<BR>Restricted Sites Zone, but which are permitted in the Local Intranet
Zone.<BR><BR>The nature of this vulnerability lies in the way that Internet
Explorer<BR>evaluates URLs. Internet Explorer interprets a 32-bit number in the
host<BR>identifier portion of the URL (e.g. <A
href="http://031713501415";>http://031713501415</A>) as a valid host<BR>name,
while the IP stack resolves this address to its equivalent dotted IP<BR>format
(207.46.131.13 in this example). Internet Explorer incorrectly<BR>considers this
machine to be in the Local Intranet Zone, rather than in the<BR>Internet Zone.
It would therefore apply the security settings for the Local<BR>Intranet Zone,
rather than those for the Internet Zone. Depending on the<BR>settings in the
user's Local Intranet Zone, this could allow the web site to<BR>take actions
that it ordinarily could not take.<BR><BR>Note: The default configuration for
both the Internet Zone and the Local<BR>Intranet Zone is "Medium
Security". However, there is one difference between<BR>these defaults: the
Local Intranet Zone enables the automatic use of NTLM<BR>challenge response
authentication with local intranet machines, while this<BR>option is disabled by
default when talking with servers in the Internet<BR>Zone. (see the
"Administrative Workaround" section below for more details
on<BR>changing these defaults.)<BR><BR>While there have not been any reports of
customers being adversely affected<BR>by these problems, Microsoft is releasing
a patch to address any risks posed<BR>by this issue.<BR><BR>Affected Software
Versions<BR>==========================<BR>- Microsoft Internet Explorer 4.0,
4.01 and 4.01 SP1 on<BR> Windows NT 4.0, Windows 95<BR>- Microsoft
Windows 98, with integrated Internet Explorer<BR>- Microsoft Internet Explorer
4.0 and 4.01 for Windows 3.1<BR> and Windows NT 3.51<BR>- Microsoft
Internet Explorer 4.01 for UNIX<BR><BR>This vulnerability does not affect
Internet Explorer 3.<BR>This vulnerability does not affect Internet Explorer 4
for the Macintosh.<BR><BR>What Microsoft is
Doing<BR>=======================<BR>On October 23rd Microsoft released a patch
that fixes the problem. This<BR>patch is available for download from the sites
listed below.<BR><BR>Microsoft has sent this security bulletin to customers
subscribing to the<BR>Microsoft Product Security Notification Service (see<BR><A
href="http://www.microsoft.com/security/bulletin.htm";>http://www.microsoft.com/security/bulletin.htm</A>
for more information about<BR>this free customer service).<BR><BR>Microsoft has
published the following Knowledge Base (KB) article on this<BR>issue:<BR><BR>-
Microsoft Knowledge Base (KB) article Q168617, Update Available<BR>
for Dotless IP Address Security Issue,<BR> <A
href="http://support.microsoft.com/support/kb/articles/q168/6/17.asp";>http://support.microsoft.com/support/kb/articles/q168/6/17.asp</A><BR><BR>(Note:
It might take 24 hours from the original posting of this bulletin for<BR>the KB
article to be visible in the Web-based Knowledge Base.)<BR><BR>What customers
should do<BR>========================<BR>Microsoft highly recommends that users
who have affected software installed<BR>on their systems should download and
install the available patch as soon as<BR>possible.<BR><BR>Windows
98<BR>----------<BR>Windows 98 customers can obtain the patch using Windows
Update. To do this,<BR>launch Windows Update from the Windows Start Menu and
click "Product<BR>Updates." When prompted, select 'Yes' to allow
Windows Update to determine<BR>whether this patch and other updates are needed
by your computer. If your<BR>computer does need this patch, you will find it
listed under the "Critical<BR>Updates" section of the
page.<BR><BR>Internet Explorer 4<BR>-------------------<BR>Customers using
Internet Explorer 4 can obtain patch information for<BR>specific platforms from
the Internet Explorer Security web site,<BR><A
href="http://www.microsoft.com/ie/security/dotless.htm";>http://www.microsoft.com/ie/security/dotless.htm</A><BR><BR>More
Information<BR>================<BR>Please see the following references for more
information related to this<BR>issue.<BR><BR>- Microsoft Security Bulletin
MS98-016, Update available for "Dotless<BR> IP Address"
Issue in Microsoft Internet Explorer 4, (the Web posted<BR> version
of this bulletin),<BR> <A
href="http://www.microsoft.com/security/bulletins/ms98-016.htm";>http://www.microsoft.com/security/bulletins/ms98-016.htm</A><BR>-
Microsoft Knowledge Base (KB) article Q168617, Update Available
for<BR> Dotless IP Address Security Issue,<BR> <A
href="http://support.microsoft.com/support/kb/articles/q168/6/17.asp";>http://support.microsoft.com/support/kb/articles/q168/6/17.asp</A><BR><BR>(Note:
It might take 24 hours from the original posting of this bulletin for<BR>the KB
article to be visible in the Web-based Knowledge Base.)<BR><BR>Administrative
Workaround<BR>=========================<BR>If you are unable to apply the patch,
you can reduce your risk of being<BR>affected by this problem by adjusting your
Intranet Zone settings to be the<BR>same as those used by the Internet Zone. To
do this, perform the following<BR>steps:<BR><BR>1. Click Start, point to
Settings, and then click Control Panel.<BR>2. Double-click Internet, and then
click the Security tab.<BR>3. In the Zone box, click local Intranet Zone.<BR>4.
Modify the local Intranet Zone security level or custom settings<BR>
to match those in the Internet Zone.<BR>5. Click OK to close the Internet
Properties sheet.<BR><BR>Note: The default configuration for both the Internet
Zone and the Local<BR>Intranet Zone is "Medium Security". However,
there is one difference between<BR>these defaults: the local Intranet Zone
enables the automatic use of NTLM<BR>challenge response authentication with
local Intranet machines, while this<BR>option is disabled by default when
connecting to servers in the Internet<BR>Zone. If you need to change this
setting, perform the following steps:<BR><BR>1. Click Start, point to Settings,
and then click Control Panel.<BR>2. Double-click Internet, and then click the
Security tab.<BR>3. In the Zone box, click local Intranet Zone.<BR>4. Select the
level of security that you wish to use under User<BR> Identification
| Logon.<BR>5. Click OK to close the Security Settings dialog, then click OK
to<BR> close the Internet 6. Properties sheet.<BR><BR>Obtaining
Support on this Issue<BR>===============================<BR>This is a supported
patch for Internet Explorer. If you have problems<BR>installing this patch or
require technical assistance with this patch,<BR>please contact Microsoft
Technical Support. For information on contacting<BR>Microsoft Technical Support,
please see<BR><A
href="http://support.microsoft.com/support/contact/default.asp";>http://support.microsoft.com/support/contact/default.asp</A><BR><BR>Acknowledgements<BR>================<BR>Microsoft
was first notified of this issue by PC World in
Denmark.<BR><BR>Revisions<BR>=========<BR>- October 23, 1998: Bulletin
Created<BR><BR>For additional security-related information about Microsoft
products, please<BR>visit <A
href="http://www.microsoft.com/security";>http://www.microsoft.com/security</A><BR><BR>-----------------------------------------------------------------<BR><BR>THE
INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS
IS"<BR>WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES,
EITHER<BR>EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND
FITNESS<BR>FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR
ITS<BR>SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT,
INDIRECT,<BR>INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN<BR>IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF
THE<BR>POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR<BR>LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO
THE<BR>FOREGOING LIMITATION MAY NOT APPLY.<BR><BR><BR>(c) 1998 Microsoft and/or
its suppliers. All rights reserved.<BR>For Terms of Use see <A
href="http://support.microsoft.com/support/misc/cpyright.asp";>http://support.microsoft.com/support/misc/cpyright.asp</A>.<BR><BR>
*******************************************************************<BR>You have
received this e-mail bulletin as a result of your
registration<BR>to the Microsoft Product
Security Notification Service. You
may<BR>unsubscribe from this e-mail notification service at any time by
sending<BR>an e-mail to <A
href="mailto:MICROSOFT_SECURITY-SIGNOFF-REQUEST@xxxxxxxxxxxxxxxxxxxxxx";>MICROSOFT_SECURITY-SIGNOFF-REQUEST@xxxxxxxxxxxxxxxxxxxxxx</A><BR>The
subject line and message body are not used in processing the request,<BR>and can
be anything you like.<BR><BR>For more information on the
Microsoft Security Notification Service<BR>please
visit <A
href="http://www.microsoft.com/security/bulletin.htm";>http://www.microsoft.com/security/bulletin.htm</A>.
For<BR>security-related information about Microsoft products, please
visit the<BR>Microsoft Security Advisor web site at <A
href="http://www.microsoft.com/security";>http://www.microsoft.com/security</A>.</FONT></DIV></BODY></HTML>
</x-html>From ???@??? Sat Oct 24 07:20:08 1998
Received: from list.listserver.com (198.68.191.15)
by mail02.rapidsite.net (RS ver 0.3) with SMTP id 5667
for <neal@xxxxxxxxxxxxx>; Sat, 24 Oct 1998 09:13:35 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
by accessone.com (8.8.5/8.8.5/PIH) with SMTP id GAA04212;
Sat, 24 Oct 1998 06:06:07 -0700 (PDT)
Received: from imo21.mx.aol.com (imo21.mx.aol.com [198.81.17.65])
by accessone.com (8.8.5/8.8.5/PIH) with ESMTP id GAA03997
for <realtraders@xxxxxxxxxxxxxx>; Sat, 24 Oct 1998 06:04:30 -0700 (PDT)
Received: from Dmdm790@xxxxxxx
by imo21.mx.aol.com (IMOv16.10) id ABCEa17823
for <realtraders@xxxxxxxxxxxxxx>; Sat, 24 Oct 1998 09:03:23 -0400 (EDT)
Message-Id: <75805c2f.3631d01b@xxxxxxx>
Date: Sat, 24 Oct 1998 09:03:23 EDT
Reply-To: Dmdm790@xxxxxxx
Sender: owner-realtraders@xxxxxxxxxxxxxx
From: Dmdm790@xxxxxxx
To: RealTraders Discussion Group <realtraders@xxxxxxxxxxxxxx>
Subject: Re: who is the best broker for fast daytrade S&P 500 futures trades
Mime-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7bit
X-Mailer: AOL 4.0 for Windows 95 sub 182
X-Listprocessor-Version: 8.1 -- ListProcessor(tm) by CREN
X-Loop-Detect: 1
X-UIDL: de01444084cfcdfe2e167a4f30ab2e40
I like Datek, which is to say I don't know futures. If that changes I would
research the compilation of broker reviews at:
http://www.thewebinvestor.com/stocks-ratings.html
David
|