You'll find over 300 free catalogs at the Catalogs Resources Center. Use this free service to quickly locate the catalogs that have the products you want. You may select your catalogs by category, or simply search by entering a catalog name, product or brand. There's no obligation and there's no charge for using the Catalog Request Center.

Windows-Help.NET Newsletter04 Sep. 1999, Vol 2 No. 35

 Microsoft Hotmail "open" to all !!!

by Arie Slob

Dear Windows-Help.NET Subscriber,

This week started off with a bang when it became apparent that all of Microsoft Hotmail accounts were open for anyone to read. Since there are somewhere between 40-50 million Hotmail accounts, this made for the biggest security breach of all time.

It all started when a Swedish newspaper Expressen (in Swedish) published the work of a programmer who wrote a simple piece of code to circumvent Hotmail's password verification. When people saw this code, they realised how easy it was to access any Hotmail account. Dozens of Web pages (example) sprung up to take advantage of the security hole.

Early statements from a Microsoft spokesmen declared that you needed "specific knowledge of advanced Web development languages" to break into Hotmail via this route. Well, the code is actually so simple that it was in use on dozens of Web sites in no time. This is the basic code:

To use this hole, you just had to replace username in the above code with the actual Hotmail username for the account you wanted to access.

Microsoft took the Hotmail servers off-line for a few hours on Monday, and fixed the security hole.

It has been quite a hectic time for Microsoft, with other reported security issues. First there was the Microsoft Office 97 vulnerability (a vulnerability in Jet, which turned out to be present in Office 2000 as well, contrary to earlier Microsoft claims). Then we got the "Virtual Machine Sandbox" Vulnerability (a Java VM vulnerability), the "Scriptlet.typlib/Eyedog" Vulnerability (an ActiveX vulnerability), while the last one was the "Fragmented IGMP Packet" Vulnerability.

Microsoft Windows 2000: More Delays

Microsoft has released a weekly interim build (Build 2114) of W2K. Release Candidate 2 (RC2) was scheduled for release on September 1, but is now set for a September 15th release. This pushes back the whole schedule by 15 days, and RC3, which was slated for an early October release, is now scheduled for October 27th.

As things are now, it looks like Windows 2000 will go RTM (Release To Manufacturing) on November 15th. This will mean that Windows 2000 will not be on store shelves untill late January or early February.

In recent weeks there were rumours that Windows 2000 might drop multi monitor support in the final version. It was claimed by an article in PC Week that Microsoft was going to eliminate this feature, but Microsoft responded by announcing that Windows 2000 will include multi-monitor support upon release.

Special Offer from the InfiniSource Software Store

VirusScan Classic 4.03
VirusScan Classic 4.03
The Only Anti-Virus That Protects You From All Computer Threats! Stop Viruses Before They Stop You!
FREE after rebate!


Last week's question was about the screen size of your monitor. Here are the results:

    The screen size of your monitor:

  • <14" :     2%
  • 14"   :     3%
  • 15"   :   16%
  • 17"   :   49%
  • >17" :   28%

  • 39% expect to upgrade their monitor in less than 3 years
  • 40% expect this to happen between 3 and 5 years
  • 19% expect their monitors to last over 5 years

This week's QuickPoll: What do you think of Microsoft's security record? Participate in the QuickPoll... you'll find it on the Windows 98 Tips home page.

MotherBoard Monitor 4.10
MotherBoard Monitor will try to access one or more of the following chips: LM, WinBond, Asus, ADM, MAX, FMS, THMC on your motherboard and will try to provide you with information about your motherboard's temperature, voltages, fan speeds and cpu temperature.

Download [1.35MB]
Web site

Windows 98 Tip
Improving Performance
Although Windows 98, when running on an identical setup as Windows 95, outperforms the latter, there are still a few "tweaks" to improve the performance of Windows 98.


Customize your Windows 95/98 with Tweaking Toolbox for Windows.

Computer Software-Games List

Computer Software-Games
Enter E-mail address

Subscribers will receive occasional email announcements of special offers.
More lists.

Windows 2000 First Look Part IV: Intellimirror & The Active Directory Overview

Recommend this Newsletter to a Friend!

Ask your Windows 95 / 98 / NT questions here!

  Microsoft Security

Patch Available for "Fragmented IGMP Packet" Vulnerability

Microsoft has released a patch that eliminates a vulnerability in the TCP/IP stack implementations of Microsoft® Windows® 95, Windows 98 and Windows NT® 4.0. Fragmented IGMP packets can cause a variety of problems in Windows 95 and 98, up to and including causing the machine to crash. Windows NT 4.0 contains the same vulnerability, but other system mechanisms make a successful attack much more difficult.

Affected Software Versions

  • Microsoft Windows 95
  • Microsoft Windows 98
  • Microsoft Windows 98 Second Edition
  • Microsoft Windows NT Workstation 4.0
  • Microsoft Windows NT Server 4.0
  • Microsoft Windows NT Server 4.0, Enterprise Edition
  • Microsoft Windows NT Server 4.0, Terminal Server Edition

More information

Patch Available for "Scriptlet.typlib/Eyedog" Vulnerability

Microsoft has released a patch that eliminates security vulnerabilities in two ActiveX controls. The net effect of the vulnerabilities is that a web page could take unauthorized action against a person who visited it. Specifically, the web page would be able to do anything on the computer that the user could do.

Affected Software Versions

  • Microsoft® Internet Explorer 4.0 and 5.0

More information

  Web site updates

These pages were added/updated in the past week. Information on previously updated/added pages is available on the What's New? page for 1 month.
Updated: Microsoft Knowledge Base Articles dealing with Internet Connection Sharing
Added: Microsoft Security: Patch Available for "Fragmented IGMP Packet" Vulnerability
Added: First Look at Professional 2000; Part IV: Intellimirror & The Active Directory Overview
Added: Microsoft Security: Patch Available for "Scriptlet.typlib/Eyedog" Vulnerability

Windows 95
Updated: Internet Explorer 4 Tips: Security Patches

Windows 98
Updated: Problems Accessing Windows Update
Updated: Internet Explorer 4 Tips: Security Patches
Updated: Internet Explorer 5 Tips: Security Patches

Advertising, Back Issues, unsubscribing etc.