Internet Happenings - September 14, 2001

Friday Sep 14th 2001 by Jon Yiesla

This is the second of a series of articles from Jon Yiesla that presents information about what is happening around the internet. This week, Jon talks about VMWare, a change to Microsoft Internet Explorer, vulnerabilites in wireless networks, the Code Blue virus, and more.

VMWare Beta 3.0 available

VMWare is one of my favorite programs. For those who don't know what it is, let me tell you. VMWare allows you to have access to multiple operating systems on one PC without having to dual or triple boot the machine. Your base OS should be something like Windows NT, Windows 2000, or Linux. You install the VMWare application like any other. When you start it up, it creates a directory on your system to store its files, and then opens a window and it "boots" up a virtual PC. This thing looks and feels and sounds just like a PC starting up; there's even a BIOS message. So now you can "boot" this virtual PC with a floppy or a CD and install your other OS just as though you were working with a bare machine. You can install several OS's this way and then "boot" between them all while in Windows or Linux. The system works pretty well and is a quick way to play with other operating systems of setups without having to have multiple machines around. The thing does have a pretty hefty hardware requirement and I dont know that I would use it to play some of the super-duper games that are out today. Check them out at http://www.vmware com/.

Also, late breaking news... VMWare has a new customer, Microsoft. It appears that MS is starting to hand out the VMWare software to sales people to simplify their demonstration of different versions of MS software.

Wireless Networking not as Secure as You Think

Wireless networking is a thing whose time has come. It is relatively cheap, easy to set up and works pretty well. Most people thing that the 802.11 standard is pretty secure; it's not. WEP (Wired Equivalent Privacy) is supposed to provide this protection. However, recently a program called AirSnort appeared on the Internet. Basically this program can passively monitor the wireless network signal and over time figure out the WEP key that is used to protect the network; that is assuming that the administrator even bothered setting up WEP. But, you say, wireless doesn't really travel that far. Well, yes it does. Although you might not be able to pick up the signal very far with your laptop and its wireless NIC, the signal is there. Using some simple and inexpensive antenna technology along with some very available and free or cheap software, it is possible to sniff out a wireless network from some distance and get a DHCP assigned IP and actually surf that company's network. Scary isnt it?

How can you protect yourself? Well, first enable WEP. It's better than nothing. Then treat that wireless LAN as a publicly accessible network and do what you would do if you were running a public kiosk or something similar.

On a possible bright note, both Microsoft and Cisco have thrown themselves into this thing and hope to come up with some new authentication and certificate technologies that will make wireless LANs more secure.

WPA just got "better"

We have all heard about the coming of Windows Product Activation with Windows XP. Many users are upset at this prospect. And they have screamed loudly to MS. Well, it seems that MS has listened a little. MS has made two significant changes to WPA. First, it is being reported that PCs that are purchased with XP preinstalled will not have to activate or reactivate the OS. The OS is being tied to the BIOS only so unless you fool with the BIOS, you can change whatever you like on the box. Of course I don't know what this means if you flash your BIOS and I would assume that a motherboard transplant would cause you to have to call MS. The second change that is being reported is that for those who do have to activate the product, XP is being tied to 10 hardware components and you can change up to six of them without having to reactivate the product.

Secure your Exchange Server

Here are some tips on securing your Exchange Server:

No More Page Not Found

Yes we've all fingered the keys wrong when typing in a web address or two. Then we get the Page Not Found screen. Well, Microsoft has decided to help out of this predicament. In newer versions of the browser that have received an update to the Auto Search function, now IE will take us to a search engine that will offer possible corrected versions of what we really wanted to search for. And the search engine is... you guessed it MSN search. Surprisingly as of this writing, there haven't been too many words about this from their competitors.

Listen to the music

While your putting in those long hours coding your next major project, it might be nice to have some tunes to listen to. You could crank up your CD player or get an MP3 library set up. Or you could listen to many of the Internet radio sites that are available. Give these sites a try:,,, or

FormMail vulnerability

The FormMail script, written by Matt Wright, is used by Webmasters to aid them in constructing web forms that will send mail to a particular address. Well, it appears that early versions of this script, written in Perl, have bugs that spammers can make use of. The spammers can use these bugs to basically take over the script and use it to send mail to anyone. Spammers are now using tools to probe email servers looking for earlier versions of the script so that they can make use of it. You will notice an unwanted GET /cgi-bin/ in your log file with a user specified email address. If you see this then you are being probed. It is easy to plug this hole, merely upgrade to the latest version of the script. Get it at

Zone Alarm and XP OK

In case you were wondering, Zone Labs Zone Alarm firewall is fine with Windows XP as long as you are running version 2.6.231.

Code Blue on its way

A new virus out of China called Code Blue is on its way. However, it appears to be spreading slower than Code Red. As with Code Red, it is an Internet worm that attacks unpatched IIS servers. Fortunately, the virus exploits a weakness that has been in IIS for about a year and if you patched your IIS server with the latest Code Red patch, you should be fine.

# # #

Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved