Welcome to The Funny/Alerts Newsletter. Last weekend I spent some time finishing up the Hot August Nights '02 picture gallery and it's FINALLY ready for your perusal! Also, I was doing some research for St. Gabriel's (a nont-for-profit Renaissance group. We host their site on our web server) when I came across a great story that demonstrates chivalry today and why it's NOT dead.
It just amazes me to hear some of the excuses that young people will come up with in. It seems like there's a belief system in place these days that says "All I need is a good enough reason and I'm off the hook." In essence this is an avoidance of responsibility by shifting blame. This is immaturity at best and cowardice at worst.
My son, Josh, would have been right at home if he'd been born in the medieval days of knights, dragons and "ladies in distress." He feels strongly about being a good person and doing the "right thing", such as protecting his fellow humans from those who'd harm or take advantage of them. This explains why he's a 911 operator in LA and why he's working so hard to get on the force. He's chivalrous.
As Scott Farrell says, "From the Ten Commandments of the Bible, to The Eight-fold Path of Zen, to All I Really Need To Know I Learned In Kindergarten, people throughout history have searched for a way to define and quantify admirable behavior. The code of chivalry is, at its heart, simply a handbook for good conduct. But chivalry was not a mandate from the powerful to the downtrodden, nor a directive from the chosen unto the masses. It was a set of limitations which the strong and mighty placed upon themselves with the realization that setting a good example sends a message which is far more powerful than any words on paper."
Next week I'll publish the CODE OF CHIVALRY (or, as Renaissance people call it, THE OLD CODE) that knights used to follow.

Co-Conspirator To Make The World A Better Place

http://www.thepeers.com/ [click the link for "Hot August Nights '02" - DP]


BIG MOUTH: A radio talk show in San Antonio, Texas, asked callers to describe the "biggest lie" they've ever told. "John" called in to describe how he defrauded his insurance company by arranging to have his pickup truck stolen, netting him $7,000 cash and a new truck. The show was more popular than "John" realized: an FBI agent was listening to the details he gave, including when the scheme went down. The agent searched theft reports filed with the local police and quickly narrowed "John's" identity to Humberto Perez, 31. Perez faces up to five years in federal prison if he's convicted of two felony fraud charges. (San Antonio Express-News) ...Perez's defense: the show was his "15 minutes of frame."

BIG MISTAKE: The Crown Casino in Melbourne, Australia, was robbed of "a substantial six-figure sum." Not only did security cameras record the whole thing, but the man robbed a cashier in a special room that was only open to members who have passed a 100-point identity check and use a personal key card to enter. Casino officials turned his membership info over to the police. "We're not dealing with Albert Einstein," a casino spokesman said. (The Melbourne Age) ...No, Einstein didn't gamble since he was smart enough to understand the odds.

BIG DEAL: Rolf Eden, 72, a disco owner in Berlin, Germany, has offered to leave his 250,000 Euro (US$244,000) estate to the last woman that has sex with him. "I put it all in my last will and testament: the last woman who sleeps with me gets all the money," he says. "First a lot of fun with a beautiful woman, then wild sex, a final orgasm -- and it will all end with a heart attack and then I'm gone." He says "applicants" should hurry up because of his advanced age. "It could end very soon. Maybe even tomorrow." (Reuters) ...Proof that money doesn't necessarily buy a guy a better come-on line.

SKIRTING THE ISSUE: When new management took over at the Howmet Corp. jet engine part factory in Whitehall, Mich., they instituted a no-shorts dress code for the factory, which doesn't have air conditioning. The men pointed out female workers were allowed to wear skirts, but the company wouldn't budge -- so several men now wear skirts. "It's very hot and the skirts are cooler," says Ron Buckhalter, 55, a 33-year company veteran. The biggest problem seems to be that "We're getting a lot of flack from the girls for not being color coordinated," says Ron Bailey, 49. Well, that and "We try not to stop off anywhere after work," Buckhalter says. "We've gotten strange looks." (Muskegon Chronicle) ...20th Century: The boys share beer and tall tales after work. 21st Century: The boys giggle over the best way to shave their legs.

HAS ANYONE SEEN FIFI LATELY? "X-ray Confirms Snake Swallowed Dog" -- AP headline

AND THE TIDE SLOWLY TURNS! One of my pet issues, "Zero Tolerance", has taken a back seat for a few months -- school has been out! But there has been some action on the ZT front. The Chicago Sun-Times reports that an unnamed 9-year-old boy who was expelled in Sauk Village, Ill., for accidentally taking two razor blades to school has won his case to be allowed back to class. Cook County Circuit Court Judge Aaron Jaffe ordered the Community Consolidated School District 168 to let the boy return to his school, tutor him to catch him up to his classmates, and consider rethinking its zero tolerance policy "which permits school officials to prescribe the harshest of mandatory punishments with virtual complete disregard for a student's due process rights and case-specific circumstances of alleged misconduct." Judge Jaffe adds the "school administration had made the school environment, with its extremely strict policies and punishments, a place of unnecessary fear and discipline." ... What's next? Gag Orders for all the teachers?

Microsoft Word, Outlook vulnerabilities identified
by Paul Roberts

Vulnerabilities have been identified in two widely-used Microsoft Corp. products, Microsoft Word and Outlook Express.

In Microsoft Word's case, an attacker could steal data from a victim's hard disk, according to alerts posted on the Bugtraq Web site weeks ago and acknowledged by Microsoft on Friday.

It would work like this: The attacker creates a Word 97 document and embeds hidden fields, such as the "IncludeText" field, in it. The attacker then e-mails the malicious document to the intended victim. When the victim opens the document, the fields retrieve data from the hard disk. The attacker would then receive the stolen data in the document when the victim e-mails it back to him.

In order to exploit this vulnerability, an attacker would have to know the names and the locations of the victim's files containing the information he wanted to steal. The hidden fields would look for data in specific files, and not do a general scan of the hard disk. Because of this complexity, Microsoft and most security experts qualified their warnings concerning the vulnerability by noting that the potential threat of being attacked using fields is limited.

"We believe there are some important mitigating factors," said Lynn Terwoerds, Security Program Manager at Microsoft, referring to the difficulty of exploiting the vulnerability. "A successful attack, in which several best practices and mitigating factors are not applied, could potentially allow a malicious user to view the contents of a targeted file."

A long-standing feature of Microsoft Word, fields allow users to create documents with information that can be automatically updated or changed without requiring action by the author, such as dates and page numbers.

Fields can easily be hidden in documents -- buried in the header or footer region and formatted with invisible text, for example. Once hidden in the body of a document, security experts warn, fields can easily and silently access text and graphics on a user's hard drive. The vulnerability was shown to exist in Microsoft Word 97, but could not be duplicated in Word 2000 or Word 2002, according to statements posted on the Bugtraq Web page.

And even with the seeming difficulty of exploiting the vulnerability, some security experts warn, the widespread use of Microsoft Word increases the likelihood of successful attacks.

"The fact that you have all these organizations using Microsoft Office products as their main communications tools, and the fact that you have (files) in standard predictable places with standard predictable names puts those things at risk," said Sean Smith, Assistant Professor of Computer Science at Dartmouth College, who has studied the use of fields in Word documents to construct attacks.

Microsoft's popular Outlook Express e-mail program was named in another advisory issued Thursday by Beyond Security Ltd., a computer security consulting company based in Israel.

By taking advantage of a standard Outlook Express feature that enables users to automatically break up large outgoing e-mails into two or more smaller files, technicians at Beyond Security were able to sneak viruses past many common Simple Mail Transport Protocol (SMTP) content filtering engines, which organizations use to weed out viruses and other attacks from incoming e-mail.

The problem lies not with Microsoft's e-mail program, experts say, so much as with the filtering engines from third parties that failed to detect the ruse.

"Outlook Express is the only program that's doing stuff right. This is a documented feature," said Aviram Jenik, CEO of Beyond Security, citing the Internet Engineering Task Force (IETF) standards documentation that calls for such fragmenting of e-mail messages. "(SMTP filtering) products are supposed to be able to filter these messages."

Many popular filtering programs did not, however. Among the products that released patches to eliminate the vulnerability was Trend Micro Inc.'s InterScan VirusWall. The vulnerability of many other e-mail scanning programs to SMTP fragmenting was not clear.

Trend Micro could not be reached for comment.

Some products, including Symantec Corp.'s Norton AntiVirus for Gateways were not affected because their software already blocked or contained options that allow administrators to block multipart e-mail messages.

"This is a default option (of Norton AntiVirus) and has been (in the product) for a significant amount of time," said Vincent Weafer, Senior Director of Symantec Security Response at Cupertino, California-based Symantec.

But that approach may have its own limitations when it is used as the sole means of preventing attacks, experts warn.

"That's a (solution) that's just crying out for another vulnerability to surface," said Jenik. "These programs should assemble the message and check its content before rejecting it."

Besides, Jenik added, e-mail fragmenting has its place, even in a world where more and more people enjoy high bandwidth Internet connections.

"We've all probably had e-mails rejected by a server because they were too large. I've personally had to manually fragment messages into smaller chunks, so if Outlook does it for me, great."

Merchant: FBI probes major credit card scam

The CEO of a Los Angeles-based novelty company, Spitfire Ventures Inc., said the FBI is investigating a major credit card scam involving 140,000 fraudulent credit card transactions at the company's Web site, TalkingTP.com.

Spitfire's CEO, Paul Hynek, said he was told by the company's credit card processor, Online Data Corp. in Westchester, Ill., that the scam may have affected as many as 25 other companies. But Online Data President John Rante said he believes only 15 to 20 merchants were affected and that a total of 100,000 fraudulent credit card transactions were involved.

The FBI couldn't be reached for comment.

According to Hynek, Online Data approved more than 60,000 of the false charges, worth $5.07 each, on Sept. 12. Online Data is a reseller of Mountain View, Calif.-based VeriSign Inc.'s credit card payment gateway services, which actually performed the authorizations.

Although about $300,000 in charges were approved by VeriSign, the company stopped the transactions before they were completed, so no money was ever transferred to Spitfire, according to Hynek. However, the authorizations let the thieves know that those credit cards were valid.

As soon as Online Data became aware of the problem, Rante said, the company worked closely with VeriSign to notify the credit card companies, which then deactivated the cards. Rante said the credit card companies are cooperating with federal authorities investigating the fraud.

If the scam hadn't been detected, Hynek said, thousands of dollars in fraudulent charges could have been racked up before card holders became aware of any problem.

Spitfire, whose products include a talking toilet paper holder, learned of the scam when customers who noticed false charges on their accounts began calling the company, Hynek said.

Hynek, Rante and VeriSign spokesman Tom Galvin all said they believe thieves most likely got the credit card numbers by cracking the passwords of the affected merchants.

But Dan Clements, a credit fraud expert at Malibu, Calif.-based CardCops.com, disagreed.

"The real story here hasn't been told yet," he said. "Since they had 140,000 cards, they probably have a lot more."

Clements said he believes the crooks may have exploited a hole in the customer database of a large Internet merchant that didn't properly secure its Web site.

According to Clements, during their investigations, the credit card companies involved will pull information on the accounts of some of the affected card holders looking for common denominators. 

"Say, if Amazon.com showed up on all their statements, then that's most likely where the credit cards came from," he said. "These numbers were not randomly generated. This was not a crap shoot." 

[refer to The Funny/Alert Newsletter #010521 for info on protecting your cc - DP]

No Such Thing As "Chivalry Blues"
by Scott Farrell

Have you ever had one of those days? The kind of days where nothing goes right and the world itself seems to be out to get you?

Of course you have - we've all had them. The question is: How do you deal with them? Sure, you can get a quart of your favorite ice cream, lock the front door, put on your most comfy bathrobe and watch TV until your lucky stars come back into proper alignment. But maybe you don't have to be at the mercy of fate ...

Last week I had one of those days myself. My computer ate the file I was working on, I couldn't find an important phone number I'd written in a "safe place," my checkbook wouldn't balance, I spilled a cup of coffee on the carpet and a traffic jam made me late for an important appointment. By the time lunch hour rolled around, I was in a world-class bad mood, and all I wanted was for someone to put their arms around me and say, "poor baby" for about 12 hours. Either that, or to whack somebody and make them feel even worse than I did.

Instead, however, I had to get to the bank to make a deposit before I started bouncing checks due to my own poor accounting skills. So, grumbling, cursing and fuming, I went in and straightened out my finances (after standing in line for 25 minutes). As I was walking back to my truck, wondering where I could find something small, fuzzy and helpless to kick, I heard a small voice.

"Excuse me, sir? Do you have jump cables?"

Distracted from my self-pitying funk, I looked to my left and saw, two parking spaces away, the littlest little old lady I'd ever seen standing beside the biggest Cadillac I could possibly imagine. The image would have been laughable had the woman not looked so desperate. "My car won't start. Can you help?"

Of course I would help. I got the jumper cables out of my truck toolbox, lifted the hood of her car, connected our batteries and told her to turn the key. The result: Nothing - not even a "click." I'm certainly not an automotive expert, but I could tell something was wrong with the electrical system. I told her I'd call a tow truck for her (she didn't have a cell phone of her own) and she gave me her Auto Club card number. Within 10 minutes the tow truck arrived, and, satisfied that the little old lady was in good hands, I drove away to start my afternoon business.

Now, don't get me wrong - I'm not patting myself on the back here. I have no doubt that every person reading this would have done exactly the same thing I did. But as I pulled away, I realized that the melancholy fog I'd been wallowing in all morning had lifted. At that moment, I remembered that chivalry changes the lives of everyone it comes in contact with. When you perform an act of chivalry, you not only help someone in need, you also give yourself the gift of self-respect, dignity and honor. Being someone's "knight in shining armor" is the best way I know of to overcome bad luck, banish self-pitying thoughts and chase away a case of the blues.


Sites for searchers

Put in my vote for GOOGLE.com as the most accurate. I think that everyone, by now, knows that I love their PageRank technology as a measure of authority! PageRank performs an objective measurement of the importance of web pages and is calculated by solving an equation of 500 million variables and more than 2 billion terms. Goggle does not count links; instead PageRank uses the vast link structure of the web as an organizational tool. In essence, Goggle interprets a link from Page A to Page B as a "vote" by Page A for Page B. Goggle assesses a page's importance by the "votes" it receives.

Goggle also analyzes the pages that cast the votes. Votes cast by pages that are themselves "important" weigh more heavily and help to make other pages important. Important, high-quality pages receive a higher PageRank and are ordered or ranked higher in the results. Goggle's technology uses the collective intelligence of the web to determine a page's importance. Goggle does not use editors or its own employees to judge a page's importance.

Also, don't forget about ASK JEEVES, the second largest pure search engine according to Nielsen// NetRatings. Here's a list of the "Top advancing searches for the week ending September 13, 2002" from JEEVES IQ: INTERESTING QUERIES:

1.September 11th
2.Tom Daschle
3.Yom Kippur
4.College football scores
6.Pictures of the twin towers
7.M. Night Shyamalan
8.Jewish holidays
9.Heath Ledger
10.Halloween costumes

If you're in need of dictionary look-up tools, you can turn to the DICTIONARY.com. Not only can you look through the English dictionary and thesaurus, but you'll also find some periodicals, newspapers, Daily crosswords and word search puzzles and WORD OF THE DAY (which you can get in your email). They also have foreign language dictionaries and translation tools!

Lastly, I would humbly offer up The Spider's Apprentice: How to Use Web Search Engines, as a great, unbiased source for someone who wants to learn more about how search engines work, or how to make them work more efficiently for you. 


Update: Sun pushes free StarOffice for schools, adds languages
Joris Evers

Sun Microsystems Inc. plans to give away its StarOffice 6.0 product to schools around the world and increase the number of languages the software supports in an effort to steal market share from rival Microsoft Corp., a Sun executive said Tuesday.

Sun has been promoting StarOffice 6.0 as a low- cost alternative to Microsoft's Office. StarOffice offers features similar to Microsoft Office and has a nearly identical user interface.

Sun companies in many countries are in talks with local education authorities, such as ministries of education, to get the software into schools and universities. Educational customers will get the software for free, said Frank Bell, marketing director for Sun Netherlands BV. If the customers want many CD-ROMs, those can be provided at cost, he said.

"This is a worldwide program. Sun companies around the world are working to get it going," he said. A Sun vice president for the educational market, Kim Jones, will visit several European countries next week to officially donate StarOffice, Bell said.

The special StarOffice offer for the educational market was first announced in May when Sun launched StarOffice as a commercial product, but the offer has not been effectuated until now to coincide with school calendars, said Bell.

Sun companies in Norway, Poland and The Netherlands are working on localized versions of StarOffice, said Bell. The software is available now in English, German, French, Italian, Spanish, Swedish, Chinese, Japanese and Korean. Other local versions may follow, according to Bell.

StarOffice typically is available in stores and offered to schools in a country if the local language is supported, Bell said. Through the expanded availability of StarOffice, Sun hopes to reach the enterprise user, the most lucrative market for the vendor, he said.

"Microsoft has heavily promoted use of (Microsoft) Office with home and educational users and from there Office grew into the enterprise. That is what we are doing now as well, through the retail channel on one side and through the educational market on the other," explained Bell.

StarOffice retails for $75.95 per copy and each copy can be used on up to five PCs. Microsoft Office XP Standard is listed at $479, and each copy can be used on only one PC. A boxed version of Office XP Standard for students and teachers is listed at $149.

Microsoft does offer special pricing for schools. School administrators can deploy Office for as little as $24 per desktop per year in the U.S. through the software maker's School Agreement program, a Microsoft spokeswoman said.

"Microsoft tries to be very responsive to the needs of the education community and has designed its pricing plans accordingly," she said.

Schools and corporate users alike have cried foul over Microsoft's licensing policies. A revamped Microsoft licensing scheme, which analysts and users have said makes Microsoft software more expensive for most, has increased interest in alternatives for Microsoft Office, one of Microsoft's most profitable products.

[list prices: StarOffice 6.0 - $76; StarOffice 5.2 - $37; OpenOffice - free d/l]



Have no fear of evil people. What you should be aware are evil friends. Why? Because evil people can destroy only your body, they cannot destroy your mind. An evil friend can destroy both.