[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GEN



PureBytes Links

Trading Reference Links

<x-html><!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<HTML>
<HEAD>

<META content=text/html;charset=iso-8859-1 http-equiv=Content-Type>
<META content='"MSHTML 4.72.3510.1400"' name=GENERATOR>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT color=#000000 size=2>Good Morning RealTraders:</FONT></DIV>
<DIV><FONT color=#000000 size=2></FONT>&nbsp;</DIV>
<DIV><FONT color=#000000 size=2>The following is a Security&nbsp; Bulletin from 
the Microsoft Product Security<BR>Notification Service.<BR><BR>Please do 
not&nbsp; reply to this message,&nbsp; as it was sent&nbsp; from an 
unattended<BR>mailbox.<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
********************************<BR><BR>Microsoft Security Bulletin 
(MS98-016)<BR>-----------------------------------------------------------------<BR>Update 
available for &quot;Dotless IP Address&quot; Issue in<BR>Microsoft Internet 
Explorer 4<BR><BR>Originally Posted: October 23, 1998<BR>Last Revised: October 
23, 1998<BR><BR>Summary<BR>=======<BR>Microsoft has released a patch that fixes 
a vulnerability in the way<BR>Internet Explorer 4 determines what security zone 
a target server is in. By<BR>exploiting this vulnerability, a malicious hacker 
could misrepresent the URL<BR>of their website, causing the site to be treated 
as it if were located on an<BR>intranet by Internet Explorer's Security Zones 
feature.<BR><BR>Microsoft highly recommends that users that have affected 
software installed<BR>on their systems should download and install the available 
patch as soon as<BR>possible.<BR><BR>Issue<BR>=====<BR>The &quot;Dotless IP 
Address&quot; issue involves a vulnerability in Internet Explorer<BR>that could 
allow a malicious hacker to circumvent certain Internet Explorer<BR>security 
safeguards. This vulnerability makes it possible for a malicious<BR>web site 
operator to misrepresent the URL of an Internet web site and make<BR>it appear 
as if the machine is in the user's &quot;Local Intranet Zone&quot;. 
Internet<BR>Explorer has the ability to set security settings differently 
between<BR>different zones. By exploiting this vulnerability, a malicious site 
could<BR>potentially perform actions that had been disabled in the Internet Zone 
or<BR>Restricted Sites Zone, but which are permitted in the Local Intranet 
Zone.<BR><BR>The nature of this vulnerability lies in the way that Internet 
Explorer<BR>evaluates URLs. Internet Explorer interprets a 32-bit number in the 
host<BR>identifier portion of the URL (e.g. <A 
href="http://031713501415";>http://031713501415</A>) as a valid host<BR>name, 
while the IP stack resolves this address to its equivalent dotted IP<BR>format 
(207.46.131.13 in this example). Internet Explorer incorrectly<BR>considers this 
machine to be in the Local Intranet Zone, rather than in the<BR>Internet Zone. 
It would therefore apply the security settings for the Local<BR>Intranet Zone, 
rather than those for the Internet Zone. Depending on the<BR>settings in the 
user's Local Intranet Zone, this could allow the web site to<BR>take actions 
that it ordinarily could not take.<BR><BR>Note: The default configuration for 
both the Internet Zone and the Local<BR>Intranet Zone is &quot;Medium 
Security&quot;. However, there is one difference between<BR>these defaults: the 
Local Intranet Zone enables the automatic use of NTLM<BR>challenge response 
authentication with local intranet machines, while this<BR>option is disabled by 
default when talking with servers in the Internet<BR>Zone. (see the 
&quot;Administrative Workaround&quot; section below for more details 
on<BR>changing these defaults.)<BR><BR>While there have not been any reports of 
customers being adversely affected<BR>by these problems, Microsoft is releasing 
a patch to address any risks posed<BR>by this issue.<BR><BR>Affected Software 
Versions<BR>==========================<BR>- Microsoft Internet Explorer 4.0, 
4.01 and 4.01 SP1 on<BR>&nbsp;&nbsp; Windows NT 4.0, Windows 95<BR>- Microsoft 
Windows 98, with integrated Internet Explorer<BR>- Microsoft Internet Explorer 
4.0 and 4.01 for Windows 3.1<BR>&nbsp;&nbsp; and Windows NT 3.51<BR>- Microsoft 
Internet Explorer 4.01 for UNIX<BR><BR>This vulnerability does not affect 
Internet Explorer 3.<BR>This vulnerability does not affect Internet Explorer 4 
for the Macintosh.<BR><BR>What Microsoft is 
Doing<BR>=======================<BR>On October 23rd Microsoft released a patch 
that fixes the problem. This<BR>patch is available for download from the sites 
listed below.<BR><BR>Microsoft has sent this security bulletin to customers 
subscribing to the<BR>Microsoft Product Security Notification Service (see<BR><A 
href="http://www.microsoft.com/security/bulletin.htm";>http://www.microsoft.com/security/bulletin.htm</A> 
for more information about<BR>this free customer service).<BR><BR>Microsoft has 
published the following Knowledge Base (KB) article on this<BR>issue:<BR><BR>- 
Microsoft Knowledge Base (KB) article Q168617, Update Available<BR>&nbsp;&nbsp; 
for Dotless IP Address Security Issue,<BR>&nbsp;&nbsp; <A 
href="http://support.microsoft.com/support/kb/articles/q168/6/17.asp";>http://support.microsoft.com/support/kb/articles/q168/6/17.asp</A><BR><BR>(Note: 
It might take 24 hours from the original posting of this bulletin for<BR>the KB 
article to be visible in the Web-based Knowledge Base.)<BR><BR>What customers 
should do<BR>========================<BR>Microsoft highly recommends that users 
who have affected software installed<BR>on their systems should download and 
install the available patch as soon as<BR>possible.<BR><BR>Windows 
98<BR>----------<BR>Windows 98 customers can obtain the patch using Windows 
Update. To do this,<BR>launch Windows Update from the Windows Start Menu and 
click &quot;Product<BR>Updates.&quot; When prompted, select 'Yes' to allow 
Windows Update to determine<BR>whether this patch and other updates are needed 
by your computer. If your<BR>computer does need this patch, you will find it 
listed under the &quot;Critical<BR>Updates&quot; section of the 
page.<BR><BR>Internet Explorer 4<BR>-------------------<BR>Customers using 
Internet Explorer 4 can obtain patch information for<BR>specific platforms from 
the Internet Explorer Security web site,<BR><A 
href="http://www.microsoft.com/ie/security/dotless.htm";>http://www.microsoft.com/ie/security/dotless.htm</A><BR><BR>More 
Information<BR>================<BR>Please see the following references for more 
information related to this<BR>issue.<BR><BR>- Microsoft Security Bulletin 
MS98-016, Update available for &quot;Dotless<BR>&nbsp;&nbsp; IP Address&quot; 
Issue in Microsoft Internet Explorer 4, (the Web posted<BR>&nbsp;&nbsp; version 
of this bulletin),<BR>&nbsp;&nbsp; <A 
href="http://www.microsoft.com/security/bulletins/ms98-016.htm";>http://www.microsoft.com/security/bulletins/ms98-016.htm</A><BR>- 
Microsoft Knowledge Base (KB) article Q168617, Update Available 
for<BR>&nbsp;&nbsp; Dotless IP Address Security Issue,<BR>&nbsp;&nbsp; <A 
href="http://support.microsoft.com/support/kb/articles/q168/6/17.asp";>http://support.microsoft.com/support/kb/articles/q168/6/17.asp</A><BR><BR>(Note: 
It might take 24 hours from the original posting of this bulletin for<BR>the KB 
article to be visible in the Web-based Knowledge Base.)<BR><BR>Administrative 
Workaround<BR>=========================<BR>If you are unable to apply the patch, 
you can reduce your risk of being<BR>affected by this problem by adjusting your 
Intranet Zone settings to be the<BR>same as those used by the Internet Zone. To 
do this, perform the following<BR>steps:<BR><BR>1. Click Start, point to 
Settings, and then click Control Panel.<BR>2. Double-click Internet, and then 
click the Security tab.<BR>3. In the Zone box, click local Intranet Zone.<BR>4. 
Modify the local Intranet Zone security level or custom settings<BR>&nbsp;&nbsp; 
to match those in the Internet Zone.<BR>5. Click OK to close the Internet 
Properties sheet.<BR><BR>Note: The default configuration for both the Internet 
Zone and the Local<BR>Intranet Zone is &quot;Medium Security&quot;. However, 
there is one difference between<BR>these defaults: the local Intranet Zone 
enables the automatic use of NTLM<BR>challenge response authentication with 
local Intranet machines, while this<BR>option is disabled by default when 
connecting to servers in the Internet<BR>Zone. If you need to change this 
setting, perform the following steps:<BR><BR>1. Click Start, point to Settings, 
and then click Control Panel.<BR>2. Double-click Internet, and then click the 
Security tab.<BR>3. In the Zone box, click local Intranet Zone.<BR>4. Select the 
level of security that you wish to use under User<BR>&nbsp;&nbsp; Identification 
| Logon.<BR>5. Click OK to close the Security Settings dialog, then click OK 
to<BR>&nbsp;&nbsp; close the Internet 6. Properties sheet.<BR><BR>Obtaining 
Support on this Issue<BR>===============================<BR>This is a supported 
patch for Internet Explorer. If you have problems<BR>installing this patch or 
require technical assistance with this patch,<BR>please contact Microsoft 
Technical Support. For information on contacting<BR>Microsoft Technical Support, 
please see<BR><A 
href="http://support.microsoft.com/support/contact/default.asp";>http://support.microsoft.com/support/contact/default.asp</A><BR><BR>Acknowledgements<BR>================<BR>Microsoft 
was first notified of this issue by PC World in 
Denmark.<BR><BR>Revisions<BR>=========<BR>- October 23, 1998: Bulletin 
Created<BR><BR>For additional security-related information about Microsoft 
products, please<BR>visit <A 
href="http://www.microsoft.com/security";>http://www.microsoft.com/security</A><BR><BR>-----------------------------------------------------------------<BR><BR>THE 
INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED &quot;AS 
IS&quot;<BR>WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, 
EITHER<BR>EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND 
FITNESS<BR>FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR 
ITS<BR>SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, 
INDIRECT,<BR>INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL 
DAMAGES, EVEN<BR>IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF 
THE<BR>POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION 
OR<BR>LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO 
THE<BR>FOREGOING LIMITATION MAY NOT APPLY.<BR><BR><BR>(c) 1998 Microsoft and/or 
its suppliers. All rights reserved.<BR>For Terms of Use see <A 
href="http://support.microsoft.com/support/misc/cpyright.asp";>http://support.microsoft.com/support/misc/cpyright.asp</A>.<BR><BR>&nbsp;&nbsp; 
*******************************************************************<BR>You have 
received&nbsp; this e-mail bulletin as a result&nbsp; of your 
registration<BR>to&nbsp; the&nbsp;&nbsp; Microsoft&nbsp; Product&nbsp; 
Security&nbsp; Notification&nbsp;&nbsp; Service.&nbsp; You&nbsp; 
may<BR>unsubscribe from this e-mail notification&nbsp; service at any time by 
sending<BR>an&nbsp; e-mail&nbsp; to&nbsp; <A 
href="mailto:MICROSOFT_SECURITY-SIGNOFF-REQUEST@xxxxxxxxxxxxxxxxxxxxxx";>MICROSOFT_SECURITY-SIGNOFF-REQUEST@xxxxxxxxxxxxxxxxxxxxxx</A><BR>The 
subject line and message body are not used in processing the request,<BR>and can 
be anything you like.<BR><BR>For&nbsp; more&nbsp; information on&nbsp; the&nbsp; 
Microsoft&nbsp; Security Notification&nbsp; Service<BR>please&nbsp;&nbsp;&nbsp; 
visit&nbsp;&nbsp;&nbsp; <A 
href="http://www.microsoft.com/security/bulletin.htm";>http://www.microsoft.com/security/bulletin.htm</A>.&nbsp;&nbsp;&nbsp; 
For<BR>security-related information&nbsp; about Microsoft products, please&nbsp; 
visit the<BR>Microsoft Security Advisor web site at <A 
href="http://www.microsoft.com/security";>http://www.microsoft.com/security</A>.</FONT></DIV></BODY></HTML>
</x-html>From ???@??? Sat Oct 24 07:20:08 1998
Received: from list.listserver.com (198.68.191.15)
	by mail02.rapidsite.net (RS ver 0.3) with SMTP id 5667
	for <neal@xxxxxxxxxxxxx>; Sat, 24 Oct 1998 09:13:35 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
	by accessone.com (8.8.5/8.8.5/PIH) with SMTP id GAA04212;
	Sat, 24 Oct 1998 06:06:07 -0700 (PDT)
Received: from imo21.mx.aol.com (imo21.mx.aol.com [198.81.17.65])
	by accessone.com (8.8.5/8.8.5/PIH) with ESMTP id GAA03997
	for <realtraders@xxxxxxxxxxxxxx>; Sat, 24 Oct 1998 06:04:30 -0700 (PDT)
Received: from Dmdm790@xxxxxxx
	by imo21.mx.aol.com (IMOv16.10) id ABCEa17823
	 for <realtraders@xxxxxxxxxxxxxx>; Sat, 24 Oct 1998 09:03:23 -0400 (EDT)
Message-Id: <75805c2f.3631d01b@xxxxxxx>
Date: Sat, 24 Oct 1998 09:03:23 EDT
Reply-To: Dmdm790@xxxxxxx
Sender: owner-realtraders@xxxxxxxxxxxxxx
From: Dmdm790@xxxxxxx
To: RealTraders Discussion Group <realtraders@xxxxxxxxxxxxxx>
Subject: Re: who is the best broker for fast daytrade S&P 500 futures trades
Mime-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7bit
X-Mailer: AOL 4.0 for Windows 95 sub 182
X-Listprocessor-Version: 8.1 -- ListProcessor(tm) by CREN
X-Loop-Detect: 1
X-UIDL: de01444084cfcdfe2e167a4f30ab2e40

I like Datek, which is to say I don't know futures.  If that changes I would
research the compilation of broker reviews at:

http://www.thewebinvestor.com/stocks-ratings.html

David