****************
NorthNet News
Issue 36
****************
MARCH WINNER - The winner of NorthNet's Three Free Months Contest for the month of
March was Steve Kennison of Lowville.
The random drawing is held on the last day of each month and all residential NorthNet customers
are eligible.
ACCESS WHILE TRAVELING - Will you be traveling out of the North Country for business or
pleasure? MaGlobe can provide you with Internet access wherever you go, with local dialing from
locations in USA, Canada, Europe, Australia, Asia and Africa for as little as $1.98 per hour.
It works like a pre-paid phone card: you purchase so many hours
of use and MaGlobe gives you access to the Internet from thousands of
locations all over the world. Once on the Internet you can do whatever
you do from home; no other Internet service provider is required.
There is no setup or monthly charge.
Check MaGlobe (http://www.maglobe.com) for details.
MIME - Microsoft has released a security bulletin
http://www.microsoft.com/technet/security/bulletin/ms01-020.asp
entitled "Incorrect MIME Header Can Cause IE to Execute E-mail Attachment."
We urge everyone who uses Internet Explorer 5 to install this patch.
EML files are MIME multipart files that IE 5 will parse. There is a vulnerability allowing arbitrary
code execution using this kind of file. This vulnerability could allow a hostile page or e-mail to
perform any action on your computer. The vulnerability affects IE 5, IE 5.5 over all windows
platforms.
What's a MIME type?
MIME is an acronym for Multipurpose Internet Mail Extensions. Its a widely used Internet standard
for encoding binary files as e-mail attachments. When an e-mail contains a binary attachment, it must
specify what type of file the attachment is, so the mail program can interpret it correctly.
In the case of this vulnerability, IE doesn't correctly handle certain types of fairly unusual MIME
types. If an attacker created an e-mail message containing an executable attachment, and specified
that it was one of these MIME types, IE would execute the attachment rather than prompting the
user.
What would this vulnerability enable an attacker to do?
If an attacker created an e-mail that exploits this vulnerability, she could use it in an attempt to run
the executable attachment on another user's computer. She could try to do this through either of two
scenarios. First, she could host the HTML mail on her web site, and try to persuade the user to visit
it. Second, she could send the email directly to the user.
What kind of actions could the attachment take if it ran?
The attachment would be able to take any action that the user himself could take, including
reformatting the hard drive.
COMPUTER COURSES - Jim Crowley, of Crowley Computers in Ogdensburg, will be teaching
Introduction to FrontPage 2000. This class will teach you how to develop and maintain your own
web site. Also being taught is Introduction to Excel 2000. This is a class for those who desire to
learn how to create a spreadsheet and present data from a spreadsheet.
Classes begin April 17 for Excel 2000 and April 19 for FrontPage 2000. If you would like to
register for either class you may call Crowley Computers at 394-7008 or go to their web site at
www.crowleycomputers.com
If you have any ideas for future classes you would like to see, please drop them an email at
jerry@crowleycomputers.com
YOUR COMMENTS - We receive comments from you, our customers, on a regular basis. Here
is one of the most recent remarks:
"I just wanted to let you know what an easy time I had signing up for your service. My previous
server is having a TERRIBLE time lately with access and customer support. I take classes on-line
and could not be patient any longer. (This has been happening for almost a month, they couldn't give
me an answer as to how much longer it may go on.) I called your company and the operator was
super answering my questions and discussing concerns. She signed me up right away and assisted
me in getting my software fast. She definitely has people and phone skills. I
think I am going to like this company. Thanks again - here is to a long relationship."
Lori G., Malone
