Yahoo Fixes Another Buffer Overflow Vulnerability in Messenger

Severity: Medium

30 August, 2007

Summary:

Late yesterday, Yahoo released an update that fixes a security vulnerability affecting any version of Yahoo! Messenger installed before August 29, 2007. By enticing a Yahoo! Messenger user into visiting a malicious Web page, an attacker can exploit this new flaw to execute code on that user’s computer, and possibly gain full control of it. If you use Yahoo! Messenger in your network, or suspect that your users have installed it, either remove it or install the latest version.

Exposure:

Yahoo! Messenger is one of the many Instant Messaging applications that allow users to send real-time, pop-up messages to each other over the Internet. Instant Messaging is popular enough that your users might have installed the Yahoo! Messenger client on a company computer whether or not your policy authorizes it.

Yesterday, Yahoo released an advisory describing a buffer overflow vulnerability in an ActiveX control that ships with all previous versions of Yahoo! Messenger. The buffer overflow flaw lies specifically in the ActiveX control called YVerInfo.dll. By tricking one of your Yahoo! Messenger users into visiting a maliciously crafted Web page, an attacker could exploit this flaw to execute code on your user’s computer, with your user’s privileges. If the user has local administrative privileges, the attacker could gain total control of the user’s machine.

If you read WatchGuard Wire, you may remember our post about a similar vulnerability in Yahoo! Messenger, caused by a flaw in a webcam ActiveX control. Yahoo fixed that flaw as well, last week. By installing this Yahoo! Messenger update, you fix both this new vulnerability and that older one.

Solution Path:

Even if your organization does not officially endorse the use of unsecured Instant Messaging, employees sometimes persist in trying to sneak Instant Messaging software onto company machines. If you suspect some of your users have installed Yahoo! Messenger, consider forwarding a warning about this vulnerability to all the users on your network. If your company policy does call for the use of Instant Messaging, you should download and install the latest version of Yahoo! Messenger (8.1.0.419).

For All Users:

This attack travels as normal-looking HTTP traffic, which you need to allow so your network users can access the World Wide Web. Therefore, installing the Yahoo update is your best solution.

Status:

Yahoo has released an update to fix this vulnerability.

References:

• August 29th Yahoo! Messenger Security Advisory
• August 21st Yahoo! Messenger Security Advisory
• WatchGuard Wire Yahoo! Messenger Post

Secunia’s Yahoo! Messenger Security Advisory

4 ways to use Windows Vista at home

Friendly, useful features make this operating system a must-have for home users

By S. E. Slack, author and technology expert

Related Links • Watch Windows Vista demos

I’ve been using Windows Vista for several months now, first testing it and then writing my book, Breakthrough Windows Vista. Now I’m running the final version on my computer. The first thing you’ll notice about Windows Vista is the new Aero interface. It’s more polished than previous versions of Windows, and it also makes it easier to focus on your work. But aside from the user interface, there are several cool new features that my family and I use regularly. Once more people start using it on a widespread basis, there will be others like me saying, “Wow. An operating system can do this?”

Windows Vista can help you do a lot of things—new tools to help you organize, store, and edit your music and photographs are just two examples of how you can use the new operating system. In this article, though, we’ll discuss four ways that my family and I have already started to take advantage of Windows Vista at home.

On This Page

Stay in touch with Windows Sidebar

Stay in touch with Windows Sidebar

If you have ever wished for a place on your desktop to organize and manage all the information you need, your wish has come true. Windows Vista offers the Windows Sidebar, a vertical bar on your desktop that holds information such as weather, news headlines, a calendar, and all sorts of other things that can be added. On my Windows Sidebar, I have a notepad to make notes to myself, a small calendar so I can see the date, local weather so I know whether or not to bring the dog in from the cold, a clock to tell me when it’s time to stop working, and a newsfeed so I can stay in the loop with the outside world. Having exactly the information that I want and need at a glance saves me a lot of time. I don’t have to search in multiple areas to find it, because it’s already there.

The Windows Sidebar can be customized to meet your needs, and can stay behind of or in front of open programs on your desktop.

Windows Sidebar uses gadgets to provide this information. A right-click on Windows Sidebar lets you add gadgets from an online gadget gallery, where you can also add other things such as a slide show, stock ticker, or contacts book. You can add a gadget for almost anything you can think of—radio stations, wind speed, feng shui, you name it. You just decide on the gadgets that you want to display and the information automatically updates as long as you’re connected to the Internet.

Top of page

Find what you need with Instant Search

Despite all the cool things in Windows Vista, the new Instant Search feature may just be my favorite. It’s really a new approach to accessing programs, documents, accessories, e-mail, and system tools on your computer—plus searching the Internet.

To access this feature, click the Start button. You’ll see the Instant Search box at the bottom of the dialog box. To search your computer for a file or program, just type the name or part of the name. Almost instantly, the dialog box will fill with anything that matches that name—and the matches will be grouped for you into Programs, Files, and Communications. (Other groupings can appear depending on the search involved.) The figure below shows a search for the word “snag”; you can see how the search function grouped all its findings for me.

Instant Search instantly locates items on your computer and network, plus lets you conduct Internet searches.

Another useful aspect of Instant Search is its ability to do Internet searches without the use of a browser. Just type the word or phrase you’re seeking on the Internet into the box, and select the Search the Internet option just above the Instant Search box. A browser will open with results from the Microsoft Live Search engine. The results of your search will appear on the page just as if you had accessed the Internet through a browser.

Top of page

Get organized with the multi-person Windows Calendar

If you have anyone else in your life to keep track of, Windows Calendar is going to be right up your alley. This calendar is built in to Windows Vista and has automated integration features that make it truly easy for multiple people to use. It works like any other calendar program from Microsoft (you can create appointments, tasks, reminders, etc.), but the integration aspect allows you to create multiple calendars that can show you appointments and tasks side by side in one view.

Each person in your family creates a calendar and chooses a color code for it. If, for example, you want to compare calendars to see who can pick up your son from football practice, you can select the individual calendars you want to see. Like in the image below, each of those calendars appear in one simple view. The color coding shows you who is doing what at a particular time. You can launch Windows Calendar from the Instant Search box by typing “Calendar.”

Windows Calendar can integrate multiple calendars into one view for you.

Top of page

Keep an eye on your kids with Parental Controls

Worried about how much time your kids spend on the computer or the Internet? Nervous about the type of games and programs that they download? Rest easy: Windows Vista Parental Controls let you set limits on how long your children can access the Internet, the number of hours they can spend on the computer in general, and which games they can play or programs they can run. This feature even gives you activity reports so you can see at a glance which Web sites your kids have visited, as well as which files they have downloaded off the Internet.

You can turn on these controls by opening Parental Controls through the Instant Search box. Select the user that you want to apply the controls to, and the window shown in the figure below will appear. In a point-and-click manner, you select the restrictions that you want. Your child can always request permission to access a blocked item, by the way, but you have the final approval.

Parental Controls can help you control what your child sees and uses on the Internet, as well as limit time spent on the computer.

Windows Vista truly does offer a lot to home users. I’ve found myself using more features in this operating system than I have with any other. Give a try—you’ll be pleasantly surprised at how easy and intuitive it is to use.

---

S.E. Slack S. E. Slack specializes in simplifying complex topics so the masses can both understand and apply difficult concepts. She is a co-author of Breakthrough Windows Vista: Find Your Favorite Features and Discover the Possibilities. She is currently writing CNET Do-It-Yourself Digital Home Office Projects. She has written five other books.

8 timesaving tips for Windows Vista and the 2007 Microsoft Office release

No matter what your computer experience, when you start using new versions of the software you most depend on, it can take some time to discover favorite new features and timesavers. So, think of this article as a shortcut to some great new shortcuts.

While no single article could possibly include them all, each of the tips that follow either does more than I expected at first glance or simplifies something I need to do regularly.

On This Page

Find whatever you need, when you need it

Find whatever you need, when you need it

You need to find information in a document you recently reviewed, but don’t recall the document name or location. Or, perhaps that information was actually in an e-mail message or on a Web site you recently visited. Windows Vista Instant Search doesn’t care where your information is. Like a loyal bloodhound, Instant Search will find almost anything you seek.

Just type one or more keywords in the search box at the bottom of the Start menu and then click the magnifying glass icon that appears beside the box. Within seconds, the closest matches for your search appear right in the Start menu, categorized by type of content. For example, in the image that follows, notice that the results for my keyword webcasts include Web sites I’ve recently visited, some documents, and several e-mail messages. If you don’t see what you need in those immediate results, click See All Results to see all relevant files, Web pages, e-mail messages, and e-mail attachments. Or, to search the Internet for your keywords, click Search the Internet and Windows Vista takes you directly to Web search results for your keywords on Live.com (Windows Live Search, formerly MSN Search).

Get more tips for working with search options in Windows Vista.

Top of page

View and copy document content without opening the document

Need to check some figures on one of several sheets in a Microsoft Office Excel 2007 workbook or copy some content from a Microsoft Office Word 2007 document? Don’t spend extra time opening the program and then opening your document. Windows Explorer in Windows Vista offers a new Preview pane that enables you to view all parts of your document, and even copy content, directly from Windows Explorer. Notice, for example, the data selected in the preview of a sample Excel workbook in the image that follows.

To open the Preview pane, on the Start menu click Computer to open a Windows Explorer window, or press Windows+E. On the Windows Explorer toolbar, click Organize, point to Layout, and then click Preview. Note that once the Preview pane is open, you can drag the left edge of the pane to reduce or increase its size.

Learn more about the available options for viewing files and folders with Windows Vista.

Top of page

Restore previous file versions

You’re revising an important document and realize that the content you deleted an hour ago is information you still need. Are you out of luck? Do you have to recreate it? If you’re running Windows Vista Ultimate or Business editions, you could be in luck. These editions of Windows Vista include a shadow copy feature that enables you to access or restore previously saved versions of a document.

To see if a shadow copy exists for your document, do the following in Windows Explorer:

1.	Right-click the document and then click Properties. (Note that you can also access Properties from the Organize button on the Windows Explorer toolbar.)

Get answers to frequently asked questions about working with the Previous Versions capability in Windows Vista.

Top of page

Find files more easily with new sort and filter options

If you’re like most computer users, including myself, you may often save documents and other files to the same folders, so that you have a tremendous amount of files in a single location. Windows Vista has a number of new tools to help you organize and locate folder content more easily, but my favorite is the set of new sort and filter options you get for any folder.

When you open a folder in a Windows Explorer, point to any column heading (such as Name or Date Modified) and you’ll see a dropdown arrow. Click that arrow for a pop-up menu of options including the ability to sort, filter, group, and stack the files. For example, take a look at the options available for the Date Modified fields shown in the following image.

Get more tips for finding files easily with Windows Vista.

Top of page

Browse folders quickly and easily

In addition to pop-up menu options for Windows Explorer column headings, Windows Explorer in Windows Vista categorizes the file path for you in the Address Bar, so that you can easily find your way to or from any folder on your system.

As you see in the image that follows, just click the dropdown arrow beside any folder name in the file path to access a list of available subfolders.

To access or copy the full path name in traditional format, just click the empty space in the address bar to the right of the last folder in the path. When you click, the full path name will appear, selected, as you see in the next image.

Top of page

See your formatting before it happens

If you’re already using the 2007 Office release, you know that Windows Vista does not have an exclusive on cool, new features. One of my favorite new timesaving tools in the 2007 Office release is Live Preview.

Just point to an entry in most formatting galleries across Word, Excel, and PowerPoint to automatically see what that selection will look like applied to your document. For example, point to a document theme in the Themes gallery (available on the Page Layout tab in Word or Excel, or the Design tab in PowerPoint) to see how applicable theme colors, fonts, and effects will look applied to your active document. Or, select a SmartArt diagram and then point to an entry in the SmartArt Styles gallery to see how that style will look applied to your diagram.

With Live Preview, you no longer have to apply formatting to see how it will look in your document. Just point to entries until you see the one you like, and then click once and you’re done.

Top of page

Mix and match your formatting across Office 2007 programs

In previous versions of Microsoft Office, you could copy Word styles from one document to another, copy colors from one Excel workbook to another, or copy masters from one PowerPoint presentation to another. But, what if you wanted to use the same formatting that’s in your Word document in a related PowerPoint presentation or Excel workbook? You’d need to recreate that formatting, of course.

The 2007 Office release introduces Document Themes, which enable you to apply coordinated sets of colors, fonts, and graphic effects to an entire Word, Excel, or PowerPoint document with just a click. The same themes (including custom themes you create) are available in all three programs, so that you can easily coordinate all of your documents. What’s more, you can apply a theme from any existing 2007 release Word, Excel, or PowerPoint document to any other document in any of the three programs.

To do this, on the Page Layout tab in Word or Excel, or the Design tab in PowerPoint, click Themes and then click Browse for Themes as you see here.

The Choose Theme or Themed Document dialog box will open, where you can select any Word, Excel, or PowerPoint file, as well as any theme file, to apply its theme to your active document.

To learn more about working with document themes, click here.

Top of page

Don’t be afraid to dive in: what you find might amaze you

Getting up to speed on a new version of a software program can be daunting in the midst of your everyday deadlines. But, as you use Windows Vista and the 2007 Office release, don’t be afraid to explore new features. So many new timesavers and additional capabilities exist that you’re bound to find your own new favorites and perhaps open up some surprising new possibilities. For a few examples, check out the 2007 Office release features that follow.

•	Excel: Convert a data range to an Excel table in just two clicks and get a myriad of new tools for working with data, such as the ability to add a formula to an entire column of data in one step. Click here to learn about working with the new Excel tables feature.
•	Word: Build a document more quickly than you may have ever imagined. Just click to insert a complete formatted cover page, header, or table of contents. Using the new Document Building Blocks capability, you can build a document using pre-created pieces of content, including custom content that you can save and reuse. Click here to learn about working with document building blocks.
•	PowerPoint: Using the new PowerPoint Photo Album feature, you select your photos and your preferred layout, and PowerPoint automatically creates the album for you. Click here to learn about working with photo albums.

---

Stephanie Krieger Stephanie Krieger is a Microsoft Office System MVP as well as author of the books Advanced Microsoft Office Documents 2007 Edition Inside Out (February 2007) and Microsoft Office Document Designer. As a professional document consultant, she has helped many global companies develop enterprise solutions for Microsoft Office and taught numerous professionals to build great documents by understanding how the Office programs “think.” Stephanie writes regularly for several Microsoft Web pages and frequently delivers Microsoft webcasts. Visit her blog, arouet.net, for Microsoft Office tips as well as information about new and upcoming publications and webcasts.

WatchGuard Releases Firebox X Edge e-Series 8.6

WatchGuard is pleased to announce the availability of Firebox X Edge e-Series system software 8.6, the latest version of software available for Edge e-Series appliances. Edge 8.6 provides broadened security, greater interoperability and flexibility and wider network visibility. Several enhancements and bug fixes were also implemented (see the release notes for details). We strongly recommend that all customers download and install this release to upgrade their Edge e-Series appliance.

What’s new with Edge e-Series 8.6

Broadened Security

• Security for internal email servers with SMTP proxy support
• Enhanced wireless security zones and WPA2 support
• MAC address lockdown
• Custom proxy configuration
• IKE support with AES encryption for IPSec tunnels

Greater Interoperability and Flexibility

• VPN failover
• WAN failover with serial modem support
• Enhanced QoS support
• Secure remote access with PPTP
• Third party certificate-based authentication

Wider Network Visibility

• Rich historical reporting for Security Services – Web UI
• Rich historical reporting for Security Services and network events – WSM
• SNMP monitoring support

Does this release pertain to me?

The Firebox X Edge e-Series 8.6 software will only work with Firebox X Edge e-Series models. It will not operate (and cannot be installed) on other Firebox X Edge models, SOHO 6, S6, or SOHO models.

Upgrade Path

There is a specific upgrade path that needs to be followed for installing this release. Please use the following chart to determine your upgrade path:

If you are currently running:	Install in this order:
Edge e-Series v8.0	Edge e-Series v8.0.1 -> 8.0.3 -> 8.6
Edge e-Series v8.0.3	Edge e-Series v8.6
Edge e-Series v8.5	Edge e-Series v8.6
Edge e-Series v8.5.1	Edge e-Series v8.6

 Please refer to the system status page of your Edge e-Series device to determine which version of software you currently have installed.

How do I get this release?

Firebox X Edge e-Series owners who have a current LiveSecurity Service subscription can obtain this update without additional charge by downloading it from the Software Downloads Web page. Be sure to read the accompanying release notes for the complete list of bug fixes, as well as installation instructions, limitations, and known issues. If you need support, please enter a support incident online or call our support staff directly. (When you contact Technical Support, please have your registered Product Serial Number, LiveSecurity Key, or Partner ID available.)

TechSoup Stock New Product Alert – August 2007

This month, I am excited to announce the new Atlas Business Solutions donation program at TechSoup Stock. Their two human resource software products, Staff Manager and ScheduleAnywhere, make managing and scheduling your organization’s employees and volunteers easier. This new program can help managers in your organization reduce costs, save time, and streamline your operations. Please read on to learn more about this program’s product donations and eligibility requirements.

 

Two educational software products are now available through TechSoup Stock: Microsoft Encarta Premium 2008 and Microsoft Student with Encarta Premium 2008. Two more recent additions from Microsoft are the Core User and Device CAL suites, which each provide access to four key Microsoft servers in one convenient suite.

 

Our featured product this month is UltraKey 5.0, which teaches keyboarding skills to help your organization become more productive or to support your training programs. Finally, I would like to highlight some of the many community forums on TechSoup that can help answer your technology questions.

 

============================================

INTRODUCING THE ATLAS BUSINESS SOLUTIONS DONATION PROGRAM ============================================

Atlas Business Solutions, Inc. (ABS) is pleased to partner with TechSoup Stock to offer two donated software products that can help your nonprofit organization more effectively manage its employees and volunteers. This partnership enables TechSoup Stock to offer software supporting human resources for the first time.

 

Founded in 1991, ABS is a leading developer of easy-to-use business management software and was recognized as one of Software Magazine’s top 500 software companies for three consecutive years. ABS solutions have helped thousands of organizations large and small reduce costs, save time, and streamline business processes.

 

The following ABS software is now available through TechSoup

Stock:

 

STAFF MANAGER

Staff Manager can help your organization save time, reduce paperwork, and eliminate the need for paper filing systems.

Managers and human resource professionals can store and retrieve HR information such as performance evaluations, wages, and important documents easily and securely. You can also create custom employee letters using Microsoft Word and populate them with information from Staff Manager.

 

* Learn more about Staff Manager and place your donation

request:

http://ga0.org/ct/4dLRaAn1WElf/

 

SCHEDULEANYWHERE

ScheduleAnywhere makes it possible for managers to schedule employees and volunteers from any computer with a Web browser.

The software can help you save time by easily scheduling multiple employees in one step and save money by seeing whether too few or too many employees are scheduled at a given time.

Managers, employees, and volunteers can also view and print schedules online, helping to keep your team coordinated.

 

A one-year subscription to ScheduleAnywhere is available through TechSoup Stock for an administrative fee of $35 or $55 (as compared to retail values ranging from $914 – $1589), depending on the number of people being scheduled. Learn more and place your donation request:

 

* ScheduleAnywhere for up to 250 workers:

http://ga0.org/ct/XpLRaAn1WEl4/

 

* ScheduleAnywhere for more than 250 workers:

http://ga0.org/ct/41LRaAn1WElr/

 

ELIGIBILITY

* U.S. 501(c)(3) nonprofits, Canadian charitable and nonprofit organizations, and non-501(c)(3) libraries in the U.S. and Canada. For details on eligibility requirements, visit http://ga0.org/ct/f7LRaAn1WElI/

 

============================================

UPDATED MICROSOFT ENCARTA PREMIUM AVAILABLE ============================================

Microsoft Encarta Premium 2008 is a multimedia reference library that provides accurate, up-to-date information on a wide variety of educational subjects. Special features include the Encarta search bar, available even when Encarta is closed, providing quick access to content from both Encarta and the Web. Also, Encarta’s Web Companion automatically pulls up information from Encarta alongside Internet search results.

 

Microsoft Encarta Premium 2008 is available through TechSoup Stock for an administrative fee of $3 (as compared to a retail value of $50). Learn more and place your donation request (DVD

version):

 

* Nonprofits:

http://ga0.org/ct/4pLRaAn1WEl5/

 

* Public libraries:

http://ga0.org/ct/rdLRaAn1WElg/

 

ELIGIBILITY

* U.S. 501(c)(3) nonprofits and Canadian charitable and nonprofit organizations; U.S. and Canadian public libraries. For details on eligibility requirements, visit http://ga0.org/ct/fdLRaAn1WElW/

 

============================================

NEW — MICROSOFT STUDENT WITH ENCARTA

============================================

Microsoft Student with Encarta Premium 2008 is a comprehensive, subject-specific resource designed to help middle- and high-school students complete high-quality homework assignments and projects in less time. Student is a suite of learning tools including Microsoft Math, Learning Essentials, Encarta Premium 2008, foreign language tools, and book summaries. When you conduct a Web search, Student 2008 conveniently displays content from the Web and the encyclopedia side-by-side.

 

Microsoft Student with Encarta Premium 2008 is available through TechSoup Stock for an administrative fee of $2 (as compared to a retail value of $50). Learn more and place your donation request (DVD version):

 

* Nonprofits:

http://ga0.org/ct/r1LRaAn1WElt/

 

* Public libraries:

http://ga0.org/ct/r7LRaAn1WElb/

 

ELIGIBILITY

* U.S. 501(c)(3) nonprofits and Canadian charitable and nonprofit organizations; U.S. and Canadian public libraries. For details on eligibility requirements, visit http://ga0.org/ct/fdLRaAn1WElW/

 

============================================

NEW MICROSOFT CLIENT ACCESS LICENSE SUITES ============================================

The Microsoft Core User and Device CAL suites are now available through TechSoup Stock, each for an administrative fee of $10 (compared to a retail value of $250 each). Each Core CAL suite is a set of client access licenses providing access for one user or one device to: Windows Server, Exchange Server Standard, SharePoint Server Standard Edition, and Systems Management Server 2003.

 

Your organization can now conveniently provide one user or one device access to these four key Microsoft server technologies by requesting the suite rather than requesting the CALs individually.

 

Learn more and place your donation request:

 

* Microsoft Core User CAL suite:

http://ga0.org/ct/f1LRaAn1WElO/

 

* Microsoft Core Device CAL suite:

http://ga0.org/ct/rpLRaAn1WEl6/

 

ELIGIBILITY

* U.S. 501(c)(3) nonprofits and Canadian charitable and nonprofit organizations. For details on eligibility requirements, visit http://ga0.org/ct/fdLRaAn1WElW/

 

============================================

FEATURED PRODUCT: ULTRAKEY TYPING INSTRUCTION ============================================

UltraKey 5.0 teaches touch typing and safe keyboarding using voice, 3-D animation, video, and virtual reality features to enhance learning and enjoyment. UltraKey provides many options that adapt to a broad range of age groups and special needs and includes Spanish language support.

 

Nonprofits may be able to use UltraKey in many ways — to improve office productivity, support training programs, or for other projects involving computer education. This award-winning product is available for an administrative fee of $15 (compared to a retail value of $150), thanks to a donation from Bytes of Learning.

 

Learn more about UltraKey 5.0 and place your donation request:

http://ga0.org/ct/47LRaAn1WElv/

 

============================================

LEARN, SHARE, DISCUSS — TECHSOUP COMMUNITY FORUMS ============================================

Got a software or hardware question? Puzzling over a network problem? Visit our TechSoup community forums to ask your questions and receive help from other community members.

 

* Software:

http://ga0.org/ct/BpLRaAn1WEld/

 

* Hardware:

http://ga0.org/ct/XdLRaAn1WElB/

 

* Networks:

http://ga0.org/ct/X1LRaAn1WElc/

 

============================================

TELL A FRIEND

============================================

As a nonprofit helping other nonprofits get the technology they need, TechSoup Stock depends on your referrals to reach organizations that might not know about our service. I encourage you to take a moment and forward this email to nonprofits and public libraries you know that could benefit from access to these products and savings. Since 2002, TechSoup Stock has helped over 50,000 nonprofits and public libraries take advantage of product donations.

 

============================================

QUESTIONS?

============================================

If you have questions about our donation programs that were not addressed by this email or the program pages on our Web site, please feel free to contact our Customer Service Department via email at newproducts@techsoup.org or call us at 1-800-659-3579, extension 700. TechSoup Stock Customer Service is available Monday – Friday, from 8 a.m. to 5 p.m. Pacific time. In addition, you can get answers to your questions at our online Email and Answer Center at http://ga0.org/ct/X7LRaAn1WElX/.

 

Sincerely,

 

Rebecca Masisak

Co-CEO, CompuMentor/TechSoup

http://www.techsoup.org/stock

http://www.techsoup.org/stock/libraries (libraries start here)

5 power tools for students

Your kids can do a great job with even the toughest school projects with just a computer running Windows Vista and the right information resources. Research no longer requires a trip to the neighborhood library because a whole world of information—and the tools to put it all together—are right at home on your family computer.

Here are five homework power tools that can turn your children’s ho-hum project into A+ work:

•	Microsoft Student with Encarta Premium 2008
•	Microsoft Encarta 2008
•	Microsoft Office PowerPoint 2007
•	Microsoft Office OneNote 2007
•	Microsoft Office Online Clip Art

These five tools working together will truly enrich your student’s study experience.

Related Links • Download the free Education Pack for Tablet PC

Microsoft Student with Encarta Premium 2008
If your middle- or high-school student is looking for just one resource to help them save time and complete high-quality homework, Microsoft Student is it. It includes tools to help students find information faster, improve their study skills, and complete their projects.

In addition to 2-D and 3-D four-color graphing capabilities, for example, one great resource in Microsoft Student is Learning Essentials. It provides templates, tools, and tutorials in Microsoft Office applications such as Microsoft Office Word, PowerPoint, and Excel. Students will have a great place to start with a variety subjects and assignments, from history reports and essays to physics projects and chemistry labs.

Microsoft Student also includes a full version of Microsoft Encarta Premium 2008.

Top of page

Microsoft Encarta 2008
Microsoft Encarta 2008 has information on almost anything you can imagine. It contains:

•	Reference Tools including thousands of articles by experts in a wide variety of fields, an Interactive World Atlas, Thesaurus, and Dictionary
•	Search functions that make finding relevant information easy include the Encarta Search Bar and thousands of Web Links to sites that have been pre-selected by Encarta editors
•	Multimedia features including videos, photos, and more to satisfy the curiosity of every member of the family

You can get Microsoft Encarta in:

•	Microsoft Encarta Premium 2008
•	MSN Encarta Premium

With all that knowledge, Microsoft Encarta 2008 will help your student move backward and forward in time, around the world, and inside living organisms.

Top of page

Microsoft Office PowerPoint 2007
Microsoft Office PowerPoint 2007 can help your kids put all the information they gather together into a dazzling presentation.

An easy-to-use but sophisticated program, PowerPoint 2007 includes dozens of ready-made templates but also allows students to design their own look and feel. Your students can simply plug in their information, choose the slide transitions they want, and give their presentations in the classroom.

Tip: You can learn more about PowerPoint 2007 by viewing one of the online demos on the Microsoft Office Online Web site.

Top of page

Microsoft Office OneNote 2007
For students and educators who gather and interpret data from multiple sources, collaborate with peers, juggle classes, meetings, social activities, and more, Microsoft Office OneNote 2007 is a note-taking program that makes it easy to take, organize, manage, and reuse notes more productively.

Unlike paper systems or word processing applications, OneNote 2007 combines the ability to capture typed and handwritten text, diagrams, Web page content, and audio notes in one place with the flexibility to organize and reuse them any way you want. There are many ways OneNote 2007 can help your kids in their studies—they can use it to record lectures, create outlines, and take notes when they do research online.

Top of page

Microsoft Office Online Clip Art
No presentation would be complete without some kind of art—a photo, drawing, cartoon, or media clip.

Your students can use the clip art in PowerPoint 2007, and they can get free access to more than 150,000 pieces of art, photos, sounds, and animation on the Microsoft Office Online Clip Art and Media site.

To download free clip art, your kids just:

1.	Go to the Clip Art and Media site.

The site copies the art to the computer, and your student can plug it into their presentation or print it with their report.

Each of these tools makes it easy for your student to research and create school projects. But even more importantly, these homework power tools can open your children’s minds to a world of curiosity, ideas, inspiration, and creativity.

Windows Reboots Triggered Skype Glitch

FRANKFURT, Germany – A two-day outage that left millions of Skype users unable to use the popular Internet phone service was caused by an abnormally high number of restarts after people had downloaded a Windows security update, the company said Monday.

The worldwide outage, which began on Thursday and ended on Saturday, left millions of Skype users unable to log on to make phone calls or send instant messages.

Luxembourg-based Skype Ltd., part of online auction giant eBay Inc. (nasdaq: EBAY – news - people ), has more than 220 million users in total but typically has 5 million to 6 million users online at any given time. In January, Skype reported that it had counted 9 million users online at one time.

In an update to users on Skype’s Heartbeat blog, employee Villu Arak said the disruption was not because of hackers or any other malicious activity.

Instead, he said that the disruption “was triggered by a massive restart of our users’ computers across the globe within a very short timeframe as they re-booted after receiving a routine set of patches through Windows Update,” Arak wrote.

Microsoft Corp. (nasdaq: MSFT – news - people ) released its monthly patches last Tuesday, and many computers are set to automatically download and install them. Installation requires a computer restart.

“The high number of restarts affected Skype’s network resources. This caused a flood of log-in requests, which, combined with the lack of peer-to-peer network resources, prompted a chain reaction that had a critical impact,” Arak wrote.

Arak did not blame Microsoft for the troubles and said the outage ultimately rested with Skype. Arak said Skype’s network normally has an ability to heal itself in such cases, but a previously unknown glitch in Skype’s software prevented that from occurring quickly enough.

In a statement, Microsoft described its patch as routine and reiterated that the disruption resulted from a bug in Skype software.

Users from Vietnam to Brazil to Germany to the United States had complained they could not log on and make phone calls or send instant messages.

The outage was a critical moment for the company, founded in 2003 by Niklas Zennstrom and Janus (nyse: JNS – news - people ) Friis, and was the first major outage since October 2005 when its service was down only for a few hours.

“This disruption was unprecedented in terms of its impact and scope,” Arak wrote. “We would like to point out that very few technologies or communications networks today are guaranteed to operate without interruptions.”

10 Things Your Apple Won’t Tell You

1. “It’s good to be king — but my reign may be coming to an end.”
Since launching the iPod in 2001, Apple has been the undisputed leader in digital music players, owning 90 percent of the market. What has set the iPod apart is not only its hip, user-friendly design, but also its companion iTunes music store, the first online audio megamart, offering an ever-expanding catalog of songs for purchase at the click of a mouse. This two-pronged approach has given Apple a huge lead over competitors; so far the company has sold over 40 million iPods and more than a billion songs on iTunes. But the iPod’s days at the top may be numbered.At issue is Apple’s proprietary format, which makes the iPod incompatible with other digital-music technology. According to Chris Crotty, senior analyst for consumer electronics at iSuppli, such closed systems either move toward compatibility or get surpassed by the competition. Think of AOL’s early bid to set up its own online world — highly successful, until the bigger and better Internet rendered it obsolete. Apple is similarly positioned and could end up painting itself into a corner, just as it did with Macintosh. “Over time the market prefers open systems,” Crotty says.

2. “Customer service is a privilege, not a right.”
Customer Service isn’t what it used to be. According to Ross Rubin, analyst at the NPD Group, companies across the board are pushing “more self-service” to cut costs. But even so, he says, Apple is “pretty aggressive in terms of the consumer electronics industry.” IPod buyers, for example, get just one call to customer service during the first 90 days of ownership; each one after that costs $49. (If you want more phone time, the AppleCare Protection Plan costs $59, offers unlimited calls for two years and doubles the one-year warranty.)

MORE ON PERSONAL FINANCE FROM SMARTMONEY.COM

Making the Most of Student Discounts
Is Auto Slump a Boon for Car Buyers?
How to Get Free Stuff With Little Effort

So where to turn for free help with your sputtering iPod? You can always visit an Apple Store — if you happen to live near one and don’t mind the wait. But the Web is the real motherlode of information. For starters, Apple’s site offers tons of troubleshooting advice and some quick-and-dirty DIYs. But for more-complex problems, the company has, in effect, outsourced customer service — to its own customers. Sites like iLounge.com and iPoding.com offer tutorials and bulletin boards where users answer one another’s questions and explain tricky repairs. And you get to come back as many times as you want.

3. “If you drop me, I’m toast.”
You’ve seen the ads — hip, young people exuberantly dancing with iPod in hand. But the reality is, the device is delicate. Apple’s edgy designs “tend to be more attractive, but also more fragile” than other players, says industry analyst Rob Enderle.

At the heart of many iPods is a tiny hard drive that can stop working if it’s dropped or even knocked around. (Just imagine boogying down the sidewalk with your laptop.) But it’s not only the hard drive that needs careful handling — the screens on these players have been a source of trouble as well. Apple admits some of its Nano iPod screens were faulty, causing them to crack and scratch too easily, but claims the problem affected “less than 1 percent.” Patrick Destvet, a New York City psychologist, says it isn’t just a Nano problem; the color screen on his new 30-gigabyte video iPod was scratched up after a month, making it hard to see anything on the device. “Coming from Apple, I didn’t expect this,” Destvet says.

To protect your iPod, invest in a padded case. Apple sells a $99 leather shell; other good covers include Incase’s neoprene sleeves and Speck Products’ rubberized cases. Visit www.applestore.com for the best selection.

4. “You say ‘backup’; we say ‘copyright infringement.’”
Apple makes it very easy to load your iPod with music — iTunes software is free to anybody who wants it. But once you’ve filled your player with as many as 15,000 songs, it’s not so easy to get them off again. Because of copyright issues, Apple doesn’t let you move music from your iPod to another computer or other electronic devices, even though it would be legal to do so. This measure was taken to appease the music companies. “A lot of people are quick to point the finger, but it’s not Apple that is necessarily driving the restrictions,” Crotty says. “Not that they mind” — since such controlsallow Apple to stymie the competition.

Fortunately, there are ways to circumvent Apple’s roadblock through third-party software, which allows you to move music from your iPod back to any computer. Among the many options, both Mac and PC users can download PodUtil (about $20) from www.kennettnet.co.uk, while PC users can save a few bucks with PodPlus ($15), available at www.ipodsoft.com. After downloading the software, you’ll be asked to plug in your iPod so the software can pull the music from your player and save it in your iTunes folder.

5. “My battery life is pathetic.”
The new iPod boasts a robust battery life of 20 hours. But if you look at the fine print, Apple admits on its Web site that “battery life and number of charge cycles vary by use and settings.” The company also warns consumers that you can recharge a battery only so many times before it must be replaced. According to The Rough Guide to iPods, the magic number is 500, depending on use. And you’ll know it’s coming — after 400 charges, your iPod’s battery will hold only about 80 percent of its capacity.

For a few years Apple simply refused to recognize the problem and recommended that users buy a new player if the battery died. Only after a public outcry — and a class-action lawsuit — did the company develop a battery-replacement program. Now you can send back your ailing iPod and get another for $59, plus $6.95 shipping. Most likely, you’ll receive a comparable used or refurbished unit.

Better to extend the life of the battery you have. Do this by regularly updating your iPod’s software. Check Apple’s Web site for the latest version; you can download a free upgrade there. And don’t charge your iPod in its case, where it can overheat and diminish the battery’s capacity.

6. “I’m destroying your hearing.”
A major selling point of digital music players is that you can tune out the world around you for hours at a time. But as you crank up your iPod to drown out ambient noise, you could be damaging your ears. According to a study by the American Speech-Language-Hearing Association, at full volume an iPod can generate up to 120 decibels, equal to the sound of a jet plane taking off. At that level you’ll begin sustaining permanent hearing loss or tinnitus after just five to 10 minutes. The issue is serious enough that Apple recently introduced software that allows you to cap the volume of your iPod, or your child’s iPod (available for free download at the Apple Web site).

“Noise-induced hearing loss is easy to ignore until it’s too late,” says Pam Mason, an audiologist at the ASLHA. Extended listening at 80 to 85 decibels is safe, according to Mason. Roughly speaking, that means you should turn it down if you can’t hear someone talking normally three feet away from you or if the people around you can hear your music. It also helps to invest in a good pair of noise-canceling or noise-isolating earphones. Both types block out ambient sound so you needn’t jack up the volume as high.

7. “I’m out of date before I’m out of the box.”
Last fall small-business owner Peter Quinones wanted to replace his iPod but kept hearing Apple was about to come out with an improved model. “I was in a holding pattern,” the Miami resident says. “You don’t want to buy something and find out a week later there’s a new product.” So Quinones waited six months, then bought a video iPod instead of the Nano he’d been considering. His new player worked with the cradle in his Mercedes; the Nano wouldn’t have.

MORE ON PERSONAL FINANCE FROM SMARTMONEY.COM

Antiques Go Modern
Making the Most of Student Discounts
Is Auto Slump a Boon for Car Buyers?

 

All consumer tech companies have shortened their product cycles, adding innovative new features to maintain their competitive edge. But with the iPod, Apple seems to be churning out new versions at an unprecedented rate: In just the past 14 months, the company has introduced 12 models. By contrast, the first 14 iPod models were rolled out over the course of three years.

“It can be a nuisance for some consumers,” says Susan Kevorkian, an analyst at IDC, since some of the older accessories, such as speakers or docks, aren’t necessarily compatible with the newer models. Fortunately, Apple has now standardized the docks for the iPod, meaning future models should still work with the one you buy today.

8. “I’ve sparked a crime wave.”
You know a product is popular when it becomes a favorite target of thieves. In New York City, an increase in crime on the subways has been blamed on the iPod, as folks sporting the telltale white earphones are being ripped off in record numbers. And sadly, 15-year-old Christopher Rose was killed last summer in Brooklyn when he refused to hand over an iPod to a mugger.

But iPod crime isn’t isolated to urban areas. A number of college and high school campuses have experienced a rash of thefts, leading some schools to ban the device. Keith Bromery, spokesperson for the Broward County school board in Florida, says that district recently restricted the use of iPods and other electronic devices, citing theft and peer pressure to own these items as distractions to learning.

Kevin H. Watson, spokesperson for the Law Enforcement Alliance of America, says the iPod is a favorite among thieves because “it’s easy to conceal, it has turnover value on the street and people are willing to buy one on the black market.” Not to mention, they’re easy to spot: “The white headphones are a giveaway,” he says, “just like flashing a fancy watch.” He recommends other earphones and not using your iPod in dicey areas.

9. “We’ll nickel-and-dime you any chance we get.”
The first quarter of this year was a record-breaker for Apple: The company reported new highs for both revenue ($5.75 billion) and earnings ($565 million). Yet even with these impressive financial stats, the company continues to pile on extra fees for owning and maintaining an iPod.

We’re not talking about the burgeoning iPod accessories market, such as stylish cases and portable speaker systems. No, Apple has begun charging for standard equipment it once included with the cost of the player. Why? “It keeps retail prices down and drives sales volume,” Kevorkian says. Early iPod models shipped with a wall charger and a dock. These “extras” will now cost you $29 and $39, respectively. Want to connect your video iPod to a TV? You’ll have to buy a cord separately, for $19.

Adding insult to injury, should your iPod conk out after the warranty expires, you could end up paying more to get it fixed than it would cost to buy a new one — repairs on a Nano, for example, run a standard $189 plus shipping, while new in the box, it’s as little as $150.

10. “Once you go iPod, you’re locked in for life.”
One of the reasons Apple has been able to dominate the digital music player market until now is that while the iPod can play songs from a variety of sources, music bought online at the iTunes store can be used only on an iPod. That’s because the company developed its own format for songs, called Protected AAC, instead of using the widely compatible MP3. Crotty points out that while basic AAC is an open format, the digital rights management software Apple lays over it — called, ahem, “Fair Play” — renders it incompatible with other players. No other company is legally allowed to make a device that can play songs in Apple’s format.

The company claims AAC has many advantages over MP3, but the format also serves as the lock on the iPod’s closed door — which could lead to its downfall. “They’ve set themselves up as Apple and the iPod versus the rest of the MP3 market,” Crotty says. “Customers may get upset that they can’t move their purchased music.” The tide is already turning in Europe, which, he adds, “doesn’t accept a closed system as a business practice”: The French government is considering a law that would force Apple to allow music on the iTunes store to work on competitors’ players.

Windows Media Player Flaw Lets Attackers “Skin” You

Severity: Medium

14 August, 2007

Summary:

Today, Microsoft released a bulletin describing two security vulnerabilities affecting Windows Media Player. By enticing one of your users into viewing a maliciously crafted skin file for Windows Media Player, an attacker could execute code on your user’s computer, potentially gaining complete control of it. If your users listen to or view media via Windows Media Player, you should download, test, and deploy the appropriate Microsoft patches as quickly as possible.

Exposure:

Windows Media Player (WMP) is the popular multimedia playback application that ships with Windows. WMP supports the use of skins, sets of scripts, art, media, and text files that create a new appearance for the media player.

In a bulletin released today as part of Patch Day, Microsoft describes two vulnerabilities that affect WMP 7, 9, 10, and 11. Though the vulnerabilities differ technically, they both involve WMP skin files, and have the same scope and impact. If an attacker can entice one of your users into viewing a maliciously crafted WMP skin, he could exploit either flaw to execute code on your user’s system, with your user’s privileges. If that user had local administrative privileges, the attacker gains complete control of that user’s machine.

MIcrosoft’s bulletin contradicts itself about whether an attack requires the victim merely to view the skin, or if the user must open and install the skin for the attack to work. WMP prompts users before allowing them to view skins. So this sort of attack requires user interaction to succeed, which is probably why Microsoft only gave it an “Important” severity rating. However, we often see attackers attaching their malware to desirable applications in order to entice victims, and users often click “OK” without thinking. Attackers could easily inject their malicious code into a popular or cool skin, which might lure one of your users into viewing it. We recommend that you patch this flaw as soon as you can.

Solution Path

Microsoft has released patches correcting these Windows Media Player vulnerabilities. You should download, test, and deploy the appropriate patches as soon as possible.

• Windows Media Player 7.1
  • 2000
• Windows Media Player 9
  • 2000
  • XP
• Windows Media Player 10
  • XP
  • XP x64
  • Server 2003
  • Server 2003 x64
• Windows Media Player 11
  • XP
  • XP x64
  • Vista
  • Vista x64

For All WatchGuard Users:

You can mitigate the risk of these vulnerabilities by configuring your WatchGuard Firebox to block WMP skins (.WMD and .WMZ files) using its SMTP and HTTP proxies. Keep in mind, blocking skin files will prevent your users from downloading any WMP skins, whether legitimate or malicious. For most organizations, media player skins are not needed to accomplish the corporate mission, so you should apply the patches.

If you want to block .WMD and WMZ files, follow the links below for instructions:

• Firebox X Edge running 8.5
  • POP3 Proxy
  • HTTP Proxy

• Firebox III and X Core running WFS
  • SMTP Proxy
  • HTTP Proxy
  • Online Training Proxy Module

• Firebox X Core and X Peak running Fireware Pro
  • SMTP Proxy
  • HTTP Proxy

• Vclass
  • SMTP Proxy. You’ll have to create or adjust a custom proxy action based on SMTP-Incoming in order to strip .WMD and .WMZ files. If you have created your own Proxy Action based on SMTP-Incoming, you can edit it so that it blocks these files. In the Vcontroller software, click the Proxies button and double-click your custom proxy action. Under the Content Checking tab, change “Category” to Attachment Filename and click either the Add to Top or Insert After button (only one or the other will display). Next, type “WMD_files” as the new rule’s name, and choose Pattern Match. Next to Pattern Match, type “*.WMD” and select Strip as the Action. Repeat these steps for .WMZ files as well. Now you can apply this new Proxy Action to your SMTP rule to ensure your Firebox blocks .WMD and .WMZ files.
  • HTTP Proxy. You’ll have to create or adjust a custom proxy action based on HTTP-Outgoing in order to strip .WMD and .WMZ files. If you have created your own Proxy Action based on HTTP-Outgoing, you can edit it so that it blocks these files. In the Vcontroller software, click the Proxies button and double-click your custom proxy action. Under the Request General tab, change “Category” to URL Paths and click on Add. Next, type “WMD_files” as the new rule’s name, and choose Pattern Match. Next to Pattern Match, type “*.WMD” and select Strip as the Action. Repeat these steps for .WMZ files as well. Now you can apply this new Proxy Action to your HTTP rule to ensure your Firebox blocks .WMD and .WMZ files.

Status:

Microsoft has released patches for Windows Media Player, correcting these issues.

References:

• Microsoft Security Bulletin MS07-047

Critical MS Excel Vulnerability Affects PC and Mac

Severity: High

14 August, 2007

Summary:

Today, Microsoft released a security bulletin describing a vulnerability affecting Excel for Windows and Mac. If an attacker can entice one of your users into opening a maliciously-crafted Excel document, he can execute code on your user’s machine, possibly gaining complete control of it. If your company uses vulnerable versions of Microsoft Office or Excel, you should download, test and deploy Microsoft’s patches as soon as possible.

Exposure:

Microsoft’s security bulletin describes a new flaw affecting Microsoft Excel 2000, XP, and 2003 for Windows; and Excel 2004 for Mac. Excel doesn’t properly validate a particular index value in an Excel Workspace. Opening a specially crafted Excel worksheet could trigger this flaw and cause memory corruption vulnerability.

By enticing one of your users into opening a such a maliciously crafted Excel document, an attacker could exploit this flaw to execute code on your user’s system, with your user’s privileges. If your user has local administrative privileges, an attacker would gain complete control of his or her computer. To get your user to open the booby-trapped Excel file, the attacker might host it on a web site or send it via e-mail.

Solution Path

Microsoft has released patches correcting this Excel vulnerability. You should download, test, and deploy the appropriate patches as soon as possible.

• Windows
  • Excel 2003 for Office 2003
    • Excel Viewer 2003
  • Excel XP for Office 2002
  • Excel 2000 for Office 2000
• Mac
  • Excel 2004 for Office 2004 for Mac

This vulnerability does not affect 2007 Office System

For All WatchGuard Users:

While you can configure some of WatchGuard’s Firebox models to block Excel (.XLS) documents, most organizations need to allow these file types in order to conduct business. Blocking them could bring your business to a halt. Therefore, the patches are your best recourse.

However, if you still want to block .XLS files, follow the links below for instructions:

• Firebox X Edge running 8.5
  • POP3 Proxy
  • HTTP Proxy

• Firebox III and X Core running WFS
  • SMTP Proxy
  • HTTP Proxy
  • Online Training Proxy Module

• Firebox X Core and X Peak running Fireware Pro
  • SMTP Proxy
  • HTTP Proxy

• Vclass
  • SMTP Proxy. You’ll have to create or adjust a custom proxy action based on SMTP-Incoming in order to strip .XLS files. If you have created your own Proxy Action based on SMTP-Incoming, you can edit it so that it blocks these files. In the Vcontroller software, click the Proxies button and double-click your custom proxy action. Under the Content Checking tab, change “Category” to Attachment Filename and click either the Add to Top or Insert After button (only one or the other will display). Next, type “XLS_files” as the new rule’s name, and choose Pattern Match. Next to Pattern Match, type “*.XLS” and select Strip as the Action. Now you can apply this new Proxy Action to your SMTP rule to ensure your Firebox blocks .XLS files.
  • HTTP Proxy. You’ll have to create or adjust a custom proxy action based on HTTP-Outgoing in order to strip .XLS files. If you have created your own Proxy Action based on HTTP-Outgoing, you can edit it so that it blocks these files. In the Vcontroller software, click the Proxies button and double-click your custom proxy action. Under the Request General tab, change “Category” to URL Paths and click on Add. Next, type “XLS_files” as the new rule’s name, and choose Pattern Match. Next to Pattern Match, type “*.XLS” and select Strip as the Action. Now you can apply this new Proxy Action to your HTTP rule to ensure your Firebox blocks .XLS files.

Status:

Microsoft has released patches correcting these issues.

References:

• Microsoft Security Bulletin MS07-044