- Bare Bones Software
- Microsoft
- MacSpeech
- Fetch Softworks
- VMware
- Mark/Space, Inc.
- Web Crossing
- CS Odessa
- Circus Ponies
- Readers Like You!
Stylin' a Word Comment Balloon
If you work with Word's Comment feature, you may find that the comment-balloon text is too small to work with, or you may just want some variety. To modify the style, choose Format > Style. From the List pop-up menu, choose All Styles. Select Balloon Text from the Style list. Modify the style as you like, and then click Apply. I like Arial Narrow, 12 point.
Written by Tonya Engst
Recent TidBITS Talk Discussions
- How Safari 3.2's Anti-Phishing Does, and Doesn't, Work (1 message)
- Comparing Five iPhone File Transfer Apps (5 messages)
- iPhone Saves Weary Road Warrior (1 message)
- Improving the HTML Accessibility of Our Cart (4 messages)
| Security Issue with Email Attachments
A recent CIAC security advisory identifies a potentially dangerous flaw involving email clients processing MIME attachments with unusually long file names (more than 200 characters). The problem, primarily affecting Windows versions of Microsoft Outlook, Outlook Express, and Netscape Messenger, could cause a buffer overflow which could crash the email client or (apparently) cause code to be executed on the client's system, even if the user does not attempt to open the attachment or even the message itself. Microsoft and Netscape have both issued security advisories for their products, along with patches for the Windows versions of their software.
Historically, the primary way to take advantage of a buffer overflow is to craft the precise binary data that will get past the target program's bounds checking, then somehow cause that data to be executed as if it were code. No information is available about how that might happen with an email client; however, it's extremely likely that code would have to be platform or processor-specific. So, a Macintosh would probably be immune to any message designed to exploit this problem on an Intel-based machine. It's important to note that, to date, there are no known instances of this code-execution vulnerability being exploited. (However, there's nothing new about email programs crashing while processing badly formatted messages.)
Qualcomm confirms that current versions of Eudora Pro and Light for Macintosh and Windows are not susceptible to this problem; according to Netscape, no Macintosh versions of Netscape mail software are compromised. As of this writing, the only Macintosh email client reported to be vulnerable is Microsoft Outlook Express, version 4.0 and version 4.0.1 with build numbers less than 297 (choose About Outlook Express from the Apple menu to see the build number of your program.) Microsoft says a patch for the Mac version of Outlook Express will be available 30-Jul-98.
WebCrossing Neighbors Creates Private Social NetworksCreate a complete social network with your company or group's
own look. Scalable, extensible and extremely customizable.
Take a guided tour today <http://www.webcrossing.com/tour>