Step by Step Tutorials (Feb 3)
Accessibility training documentation for Office applications and Windows OS
Download: Step by Step Tutorials
Cumulative Security Update for Internet Explorer (Feb 2)
Who should read this document: Customers who are using Microsoft® Internet Explorer
Impact of vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
View + Download: Security Bulletin MS04-004
Gates backs e-mail stamp in war on spam (Feb 2)
Should people have to buy electronic stamps to send e-mail?
Some Internet experts have long suggested that the rising tide of junk e-mail, or spam, would turn into a trickle if senders had to pay even as little as a penny for each message they sent. Such an amount might be minor for legitimate commerce and communications, but it could destroy businesses that send a million offers in hopes that 10 people will respond. The idea has been dismissed both as impractical and against the free spirit of the Internet.
Now, though, the idea of e-mail postage is getting a second look from the owners of the two largest e-mail systems in the world: Microsoft and Yahoo.
Ten days ago, Bill Gates, Microsoft’s chairman, told the World Economic Forum in Davos, Switzerland, that spam would not be a problem in two years, in part because of systems that would require people to pay money to send e-mail. Yahoo, meanwhile, is quietly evaluating an e-mail postage plan being developed by Goodmail, a Silicon Valley start-up company.
“The fundamental problem with spam is there is not enough friction in sending e-mail,” said Brad Garlinghouse, Yahoo’s manager for communications products.
The company is intrigued by the idea of postage, Garlinghouse said, because it would force mailers to send only those offers a significant number of people might accept. “All of a sudden, spammers can’t behave without regard for the Internet providers’ or end users’ interests,” he said.
View full article: Gates backs e-mail stamp in war on spam
Microsoft Content Management Server 2002 Connector for SharePoint Technologies (Feb 2)
Microsoft® Content Management Server 2002 Connector for SharePoint™ Technologies enables you to integrate Microsoft Office® SharePoint Portal Server 2003 and Windows® SharePoint Services 2.0 technologies with Microsoft Content Management Server (MCMS) 2002 to create an end-to-end solution for document publishing.
MCMS Connector for SharePoint Technologies is designed primarily for businesses that are already using or intend to use SharePoint Technologies and MCMS 2002.
Exchange 2003 Deployment Guide (Feb 1)
This book provides installation and deployment information for intermediate and advanced administrators planning to deploy Exchange Server 2003.
Download: Exchange 2003 Deployment Guide (version 1.1)
Waiting For MyDoom’s Sunday Punch (Jan 31)
his Sunday, as American football fans await the Super Bowl broadcast, a slow-motion, digital wave will be building on the Internet, a result of the recent MyDoom worm attack. Following the worm’s dissection by security analysts, the world knows a distributed denial-of-service attack is coming, but there’s little that can be done to stop it.
Here’s how Sunday’s distributed denial-of-service attack will proceed: At midnight of the international date line the Windows computers infected by the MyDoom.A and MyDoom.B worms will begin to send large numbers of Web requests to the Web site of The SCO Group, the Lindon, Utah-based Unix vendor; the wave will begin in the far east and move westward around the world. Such a large quantity of requests will overwhelm SCO’s Web server, making the site unavailable.
On February 3, a similar attack will form against Microsoft from computers infected with MyDoom.B. However, major antivirus vendors reported that the infection rate for MyDoom.B was much less than the earlier worm, which it is believed infected hundreds of thousands of systems.
Australia joins global spam battle (Jan 31)
Two Australian government agencies have joined an international campaign aimed at persuading companies to close open relays and proxies, in a bid to reduce the amount of spam.
The Australian Competition and Consumer Commission (ACCC) and the Australian Communications Authority (ACA) are taking part in an international campaign to educate companies about the need to close open relays and proxies.
The campaign is headed by the US Federal Trade Commission (FTC), with 36 agencies from 26 countries taking part. Dubbed ‘Operation secure your server’, the aim is to persuade organisations to close open relays and proxies to reduce the amount of unsolicited commercial email.
“As part of the initiative, the participating agencies have identified tens of thousands of owners or operators of potentially open relay or open proxy servers around the world and are sending letters urging them to protect themselves from becoming unwitting sources of spam,” according to an ACCC statement.
View full article: Australia joins global spam battle
Microsoft Online Seminars: Microsoft Exchange (Jan 31)
See how to maximize your business potential with Microsoft solutions. Seminars are learning resources designed to meet the needs of developers, IT professionals, and business decision makers.
19991118OWAKB1: The Microsoft Exchange 2000 Web Client: Microsoft Outlook Web Access
20000511ExchangeKM1: Microsoft Exchange 2000 Conferencing Server: Enabling “Knowledge Workers Without Limits”
20000518ExchangeccMailGD1: Upgrading from cc:Mail to Microsoft Exchange 2000 Server
20000518Groupwise: Migrating from GroupWise to Microsoft Exchange Server 2000
20001121mec1400: Advanced Microsoft Active Directory Integration
20001128mec4333: Building a Group Calendaring Web Application
20001205mec1200: Deploying Microsoft Exchange 2000: A Practical Overview for Upgrading Exchange 5.5
20001205mec1302: Deploying Microsoft Exchange 2000: Upgrading from Exchange 5.5 (Part 2)
20010109exchma: Making the Decision to Migrate to Microsoft Exchange 2000
MyDoom Lessons: Failures of Education, Antivirus Vendors (Jan 30)
The sorry truth is that people fall very easily for social engineering attacks. The problem has nothing at all to do with Windows; if end-users were running Linux or anything else, it’s clear that any e-mail message could persuade them into following whatever steps were necessary to compromise their systems.
User education has proved a failure. Sure, it’s better to have educated users than uneducated ones, and it’s worth continuing to try to drill the details, if only to give individuals a chance to protect themselves.
However, IT managers must assume that their clients are dumber than dirt about this antivirus stuff and will run whatever executable code strangers send them.
Worse, one vendor told me today that whenever one of these attacks happens a number of people intentionally run the virus—knowing it’s a virus—just to see what happens. This must be the digital equivalent of a kid wondering what happens when her or she puts their fingers in an electrical socket.
View full article: MyDoom Lessons: Failures of Education, Antivirus Vendors
Access 2000 Sample: Report Topics (Jan 30)
The Access 2000 Sample: Report Topics database contains sample reports that demonstrate how to perform a variety of reporting tasks, including:
Creating a Top 10 report
Printing a constant number of lines per group
Shading every other detail line in a report
Download: Access 2000 Sample: Report Topics
Windows SharePoint Services 2003 Software Development Kit (SDK) (Jan 30)
The SDK contains conceptual overviews, programming tasks, and references to guide you in developing solutions based on Windows SharePoint Services as a platform. The SDK includes information about the following technologies:
Web Part Framework Create, package, and deploy Web Parts on SharePoint sites.
Server-side object model Work with individual lists and sites or manage an entire Windows SharePoint Services deployment.
Web services Use default Web services, or create custom Web services, to interact with Windows SharePoint Services from external applications.
Collaborative Application Markup Language (CAML) Customize the schemas that define lists and sites, define queries for use with members of the object model or Web services, and specify parameters for use with methods in Remote Procedure Call (RPC) protocol.
RPC protocol and other protocols Post requests from client applications to the server in order to access or modify data.
Client-side APIs Use ActiveX controls to launch applications on the client or to provide other features that enhance Windows SharePoint Services.
This update of the SDK includes new documentation for the Web Part Page Services Component (WPSC), which is a client-side somponent that adds dynamic capabilities to your Web Part Page by providing Web Part discovery, notification, and state management services used by Web Parts and Windows SharePoint Services RPC methods.
Exchange Server 2003 RPC over HTTP Deployment Scenarios (Jan 30)
Microsoft® Exchange Server 2003 and Microsoft Office Outlook® 2003, combined with Windows Server™ 2003, support the use of RPC over HTTP to access Exchange servers. Using the Microsoft Windows RPC over HTTP feature to enable your users to connect to their Exchange mailbox eliminates the need for remote office users to use a virtual private network (VPN) to connect to their Exchange servers. Users running Outlook 2003 on client computers can connect directly to an Exchange server within a corporate environment from the Internet.
Office Update Inventory Tool Version 2.0 (Jan 30)
The Office Update Inventory Tool version 2.0 enables administrators to check one or more computers in their organization for the status of Microsoft Office 2000, Office XP, and Office 2003 updates.
Download: Office Update Inventory Tool Version 2.0
Microsoft Offers $250,000 Reward for Information Leading to Conviction of MyDoom.B Perpetrators (Jan 30)
Reward Is Third From Microsoft Reward Fund to Support Worldwide Law Enforcement Efforts Against Malicious Code Distributors
REDMOND, Wash. — Jan. 29, 2004 — Microsoft Corp. today announced that it will pay a $250,000 (U.S.) reward for information resulting in the arrest and conviction of those responsible for unleashing the MyDoom.B worm. MyDoom.B, detected yesterday, is a variant of the earlier released MyDoom.A worm, also known as the Novarg worm, which has spread quickly infecting computers around the world. The release of this B variant triggered the first alert from the newly formed Department of Homeland Security’s cyber alert system yesterday.
Characteristics of MyDoom.B
Characteristics of the B variant of MyDoom include these:
Infects the computers of unsuspecting consumers and automatically sends infecting e-mail to their e-mail contacts
Blocks access to anti-virus vendor Web sites and www.microsoft.com
Leaves a “backdoor” into infected computers, allowing any hacker to modify the existing worm without the user’s knowledge
Is designed to launch an attack against www.microsoft.com next month
“This worm is a criminal attack,” said Brad Smith, senior vice president and general counsel at Microsoft. “Its intent is to disrupt computer users, but also to keep them from getting to anti-virus locations and other sites that could help them. Microsoft wants to help the authorities catch this criminal.”
Residents of any country are eligible for the reward, according to the laws of that country, because Internet viruses affect the Internet community worldwide.
Partnership Program With Law Enforcement
Representatives of three law enforcement agencies, the Federal Bureau of Investigation (FBI), the U. S. Secret Service and Interpol, joined Microsoft to unveil the company’s $5 million reward program in November. All three agencies have engaged Microsoft in their investigations of this most recent worm.
Individuals with information about the MyDoom worm or any other worms or viruses should contact the following international law enforcement agencies:
International/Interpol via the Interpol National Central Bureau in any of Interpol’s 181 member countries or at http://www.interpol.int/
FBI or Secret Service via any local field office
The Internet Crime Complaint Center (IC3) at http://www.ic3.gov
View full Press Release: Microsoft Offers $250,000 Reward for Information Leading to Conviction of MyDoom.B Perpetrators
Microsoft Sets Office Service Pack 1 Timing; Watch For InfoPath Improvements (Jan 29)
Microsoft this week acknowledged that Office 2003 Service Pack 1 is in the works but gave no details beyond an expected late June launch date.
Original plans called for Service Pack 1 (SP1) to include fairly substantial enhancements and even new features for the InfoPath and OneNote components of the Office System lineup (see story). InfoPath enables a user’s desktop applications–Word or Excel, for example–to tap into back-end data via XML links. OneNote is a note-taking application that accepts penned or inked input.
For InfoPath, Microsoft wants to enable users to “ink” in input into fields and make it easier to route the created forms around, sources close to the company said.
“It will be easier to e-mail the form around. Before, it had to be deployed on a Web server as a URL, and, if I didn’t have InfoPath myself, I couldn’t see it. They’re working to open that up,” said one source.
Also on the wish list: better workflow using the BizTalk 2004 integration server and better editing and layout tools, sources close to the company said.
View full article: Microsoft Sets Office Service Pack 1 Timing; Watch For InfoPath Improvements