Microsoft Baseline Security Analyzer (MBSA) version 1.2.1 is available

“This article contains information about the Microsoft Baseline Security Analyzer tool (MBSA). This tool centrally scans Windows-based computers for common security misconfigurations and generates individual security reports for each computer that it scans. MBSA runs on computers that run Windows Server 2003, Windows 2000, and Windows XP. MBSA can scan for security vulnerabilities on computers that run Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003. MBSA scans for common security misconfigurations in Windows, Internet Information Services (IIS), SQL Server, Internet Explorer, and Microsoft Office. MBSA also scans for missing security updates in Windows, IIS, SQL Server, Internet Explorer, Windows Media Player, Exchange Server, Microsoft Data Access Components (MDAC), Microsoft XML (MSXML), Microsoft virtual machine (VM), Content Management Server, Commerce Server, BizTalk Server, Host Integration Server, and Office (local scans only). A graphical user interface (GUI) and command-line interface are available in version 1.2.1.

MBSA version 1.1 replaced the stand-alone HFNetChk tool and fully exposes all HFNetChk switches in the MBSA command-line interface (Mbsacli.exe). For additional information about MBSA, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/tools/mbsahome.mspx

Download Information

English, French, German, and Japanese versions of MBSA are available from the Microsoft Download Center. Visit the following the MBSA Web page for direct links to download these versions:

http://www.microsoft.com/technet/security/tools/mbsahome.mspx#XSLTsection124121120120

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. ”
‘’…
http://support.microsoft.com/default.aspx?scid=kb;en-us;320454

Back up, Edit, and Restore the Registry in Windows XP

“SUMMARY

Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

NoteThe registry in 64-bit versions of Windows XP and Windows Server 2003 is divided into 32-bit and 64-bit subkeys. Many of the 32-bit subkeys have the same names as their 64-bit counterparts, and vice versa. The default 64-bit version of Registry Editor that is included with 64-bit versions of Windows XP and Windows Server 2003 displays the 32-bit subkeys in the following registry subkey, or "hive":

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node

For additional information about how to view the registry on 64-bit versions of Windows, click the following article number to view the article in the Microsoft Knowledge Base:

305097 How to view the system registry by using 64-bit versions of Windows

REFERENCES

314837 How to manage remote access to the registry

310595 Description of HKEY_CURRENT_USER registry subkeys

310593 Description of the RunOnceEx registry key

307545 How to recover from a corrupted registry that prevents Windows XP from starting

286422 How to back up and restore a Windows Server 2003 cluster

104169 Files that are automatically skipped by the backup program (NTBackup.exe) during the backup and restore processes

310426 How to use the Windows XP and Windows Server 2003 Registry Editor features ”

For a Microsoft Windows 2000 version of this article, see 322755.
For a Microsoft Windows NT 4.0 version of this article, see 323170.

For a Microsoft Windows 95, 98, and Millennium Edition version of this article, see 322754.

http://support.microsoft.com/kb/322756

The six dumbest ways to secure a wireless LAN

by ZDNet's George Ou

“ For the last three years, I've been meaning to put to rest once and for all the urban legends and myths on wireless LAN security. Every time I write an article or blog on wireless LAN security, someone has to come along and regurgitate one of these myths. If that weren't bad enough, many "so called" security experts propagated these myths through speaking engagements and publications and many continue to this day. Many wireless LAN equipment makers continue to recommend many of these schemes to this day. One would think that the fact that none of these schemes made it in to the official IEEE 802.11i security standard would give a clue to their effectiveness, but time and time again ...”

http://blogs.zdnet.com/Ou/index.php?p=43

Mozilla fixes risky Firefox flaw

By Robert Lemos, CNET News.com

“The Mozilla Foundation issued a patch for a major security flaw in its Firefox browser on Wednesday and advised people to update their software.

The problem is caused by a buffer overflow in legacy Netscape code still included in the browser for animating GIF images, Chris Hofmann, director of engineering for Mozilla, said. Similar memory problems have affected Mozilla's browsers and Microsoft's Internet Explorer in the past. A malicious attacker could exploit them by creating carefully crafted image files that, when viewed by a victim in a browser, execute a program and compromise the system.

The flaw was discovered by Internet Security Systems, a network protection company, and patched before the public learned of the issue, Hofmann said.

"We are staying ahead and being proactive in fixing the code," he said. "The deciding factor, in this case, was the potential for this: It's a little easier for hackers to turn it into an exploit that could be dangerous."

The Mozilla Foundation released version 1.02 of Firefox on Wednesday to fix the problem and asked that all users to download and apply the patch.

Recently published data has prompted questions about the security of Firefox. Security technology provider Symantec said in this week's Internet Threat Report that during the second half of last year, 21 vulnerabilities affected Mozilla browsers and 13 flaws affected Internet Explorer.

However, only seven of the flaws in Firefox were considered "highly severe," compared with nine in Internet Explorer.”

http://news.zdnet.com/2100-1009_22-5632148.html?tag=nl.e589

Father of Word and Excel shoots for three-peat with Intentional Software

by ZDNet's David Berlind
“ Father of Word and Excel shoots for three-peat with Intentional Software

-- Like the blockbuster movie producer or director who works behind the scenes but whose celebrity is often confined to Hollywood insiders, Dr. Charles Simonyi is a giant among giants here at PC Forum in Scottsdale, Ariz. If you strike up a conversation with the easily approachable, mild-mannered, Hungarian-born software legend and passers-by such as Jeff Bezos (founder of Amazon.com) or Tim O'Reilly detect that Simonyi is even slightly engaged, they'll stop and tune-in.After leaving Xerox PARC, Simonyi joined Microsoft in 1981 and fathered two of the three biggest franchises in Microsoft's history -- Word and Excel. After a storied 21-year tenure with the Redmond, Wash.-based company, Simonyi is looking for a three-peat. But this time, it's not with Microsoft....
Trackback URL for this post: http://blogs.zdnet.com/BTL/wp-trackback.php/1190 ”

http://blogs.zdnet.com/BTL/index.php?p=1190&tag=nl.e539

“Description of the undiscovered tips about Excel

•	Join text in multiple columns
•	Set the print area
•	Exclude duplicate items in a list
•	Multiply text values by 1 to change text to numbers
•	Use the Text Import Wizard to change text to numbers
•	Sort decimal numbers in an outline
•	Use a data form to add records to a list
•	Enter the current date or time
•	View the arguments in a formula
•	Enter the same text or formula in a range of cells
•	Link a text box to data in a cell
•	Link a picture to a cell range
•	Troubleshoot a long formula
•	View a graphical map of a defined name
•	Fill blank cells in a column with contents from a previous cell
•	Switch from a relative reference to an absolute reference
•	Use the OFFSET function to modify data in cells that are inserted
•	Use the Advanced Filter command
•	Use conditional sums to total data
•	Use conditional sums to count data
•	Use the INDEX function and the MATCH function to look up data
•	Drag the fill handle to create a number series
•	Automatically fill data
•	Use the VLOOKUP function with unsorted data
•	Return every third number
•	Round to the nearest penny
•	Install and use Microsoft Excel Help
•	Do not open and save directly from a floppy disk
•	Use one keystroke to create a new chart or worksheet
•	Set up multiple print areas on the same worksheet”

http://support.microsoft.com/default.aspx?scid=kb;en-us;843504

They should call it "Boys Wreck Ignition"

By Alfred Ingram

Remember when ‘touch tone terror’ first entered our lives?

In all innocence we called a bank, or a pharmacy, or, most likely, the dtmf (dual tone multi frequency)-ing phone company itself, got a menu of choices too long to remember, started over and became even more confused the second time around.

Remember finally giving up in total frustration, perhaps even paying a charge we just knew was wrong?

Well they've fouled it up beyond all “wreck ignition,” again.

SBC has managed to do the barely possible, crossbreed help desk hell with touch tone hell, add a not ready for public technical capability, and give birth to voice recognition that has a hard time recognizing standard english.

Anyway, that's what I discovered when I had both a dead router and a bad DSL line and had to contact SBCYahoo for service at my State Representative's office.

Of course, now that I, along with the rest of the industrializedworld, am used to punching the keypad for menu selections, I wasn't able to do so.

The first day a total waste because SBC couldn't identify the state representative as a DSL customer. I'd say the number of the phone I was calling from (whatever happened to caller id?) and the machine consistently read back a number I'd never given it, finally driving me to hang up to try again the next day.

On day two I decided to call on from the half of the line (DSL splits a standard line) that wasn't hooked to the router and wound up talking to someone with an Indian accent who “insisted” that his name was “Matt.” That's when I discovered that I had a bad router, a bad line, and a help desk on another continent. After checking the line “Matt” told me they'd known of the problem for a week, but, apparently, doing anything about it called for someone on this side of the planet.

“Matt” arranged for SBC to call the next day at eleven, (so somone here in the United States could analyse the problem) so of course no one called. When I called to find out why, they claimed to be waiting for my call. “Matt” from India was not available to verify or deny either side of this foul up.…

more coming soon…