Tutorials - HTML - Domain Names - Email - Web Hosting - Ecommerce - Business Plans - Affiliates - Home Business
Affordable Health Insurance - Web Business Software - About Us - Contact Us - Privacy - Links

Microsoft Windows XP Security Vulnerability Patch UPnP

Thousands of small business webmasters briefly lose their domain names at expiration, due to a simple lack of understanding about the roles of three key players in the drama: domain name registrars, web hosts and internet service providers. Fortunately for most, they learn quickly how to save their web site from oblivion by using the 30 day redemption period for expired domain names enforced by ICANN. One simple solution is to extend domain registration for the maximum ten years. The other solution is to treat domain registrar data as the critical business element it is.

Search the WHOIS database to see who your Registrar is on your business domain! Transfer your domain name to take advantage of our lower prices.

I Can't Remember Where I Purchased My Domain Name!

It wasn't until my third client had called asking how to regain control of her domain name that I realized that it was a common problem for small business webmasters to forget where they had registered their domains. WHOIS my registrar? Why didn't I get an email about renewal? Why did my site stop working today?

People rarely realize how important it is to keep their domain registrar notified of changes to their email address and and other contact information. The registrar will send renewal notifications to the email address last on file. For most domain owners, the only time they think about contacting a registrar is the day they reserve their domain name. If they move to a new city and get a new internet service provider, it doesn't occur to them that the old email address will change and that meeans that the registrar can no longer contact them through the previous address, or phone or fax as each of them change and we rarely notify the controller of our domain of those changes.

Sometimes the first indication a business owner will have that there is a problem is the day their web site stops working. If they failed to notify their domain registrar of changed email address, they may never have received their domain renewal notice. Since many registrars honor a 30 day "redemption period" allowing expired domains to be redeemed, it may be possible to save the registration within 30 days following expiration by contacting registrars during 30 day domain redemption periods.

The following URL leads to the Internet Corporation for Assigned Names and Numbers (AKA ICANN) discussing the grace period and redemption period rules it enforces.


300X300 Ad Space Left Side
Microsoft Windows XP Security Vulnerability Patch UPnP

Copyright (C) Richard Lowe Jr. and Claudia Arevalo-Lowe, 1999-2001.
Article Title: Windows XP Safe and Secure?
Author: Richard Lowe, Jr.
Contact Author: articles@internet-tips.net
Web Address: http://www.internet-tips.net
Autoresponder Address: article-287@internet-tips.net

Microsoft has come under fire lately because of their habit of releasing software which has serious flaws, most especially problems with security. Unfortunately the criticism is justified and verges on the criminal: flaws (implementation bugs as well as just plain silly design decisions) have resulted in literally tens of billions of dollars in damage and losses worldwide.

Don't believe me? Think of all of the viruses that have devastated not hundreds, not thousands, not even millions, but tens of millions of systems. All of these viruses are allowed to "breed" (spread) because of one of the silliest, misguided, downright stupidest decisions ever made by a major corporation. This was the addition of email scripting - without that incredibly powerful and almost totally unused (and many would argue not necessary) feature viruses could not spread in a matter of days or even hours. Since when does anyone need to script their email program anyway? I've never heard of a single person or corporation using this feature legitimately.

On top of this kind of issue (and there are several others), Microsoft's products tend to have blatant bugs - problems in programs which should have been caught by adequate design, testing and quality assurance. The most famous of these is probably the series of bugs that led to Nimda and Code Red. Again, millions of systems were damaged and countless millions of man hours were wasted in efforts to eradicate these issues.

The firestorm that landed on Microsoft as a direct result of these and other problems and issues was fantastic to behold. Naturally Microsoft responded, trying desperately to reduce the impact on their business. They claimed the problems were with administrators who did not apply patches, with people reporting problems too early (thus giving hackers information before fixes were complete) and any number of other problems. It seemed that everyone except for Microsoft was doing the wrong thing - of course, the mighty Microsoft could do no wrong.

In spite of what the left side of their face was saying, Microsoft did introduce some changes. They announced a new security service to help keep systems locked down and system administrators happy. Automatic security patch downloads were added to Windows XP and, I'm sure, dozens of other changes happened.

With the release of Windows XP, Microsoft was adamant that they had tested it from top to bottom. The software giant even claimed it had written a special program to check for the nastiest kind of software problem - buffer overflows. You see, a buffer overflow is one of the most common ways for a hacker to break the security of a system. It does this by writing some code beyond the end of where it is supposed to write it. The code is then executed in privileged mode to give the hacker entrance to the system.

Well, a short time ago Microsoft released a patch to Windows XP to fix exactly this problem. It seems there is a buffer overflow problem in the UPnP service. What the heck is UPnP, you ask? That's a good question.

UPnP is a special plug-and-play service. What is plug-and-play? Well, when you install a new device on Windows XP it automatically detects it and configures it for you. Plug-and-play is a very nice feature, and it works very well in Windows XP.

On the other hand, UPnP is a special kind of plug-and-play. This looks for printers and other devices added on the network (wired and wireless). It's actually a pretty cool idea. Now, when someone adds a printer to the network you must configure it on each and every workstation. With UPnP the configuration is totally automatic.

However, UPnP is very, very new and there is almost no real support for it with any devices. So UPnP is more or less not used, and it is certainly not needed by home computer users. By shipping Windows XP with the product Microsoft was solving the classic "which came first, the chicken or the egg" problem. They had to send out support for these devices in order to convince vendors to start providing them.

But Microsoft made one big mistake - when you install Windows XP, this unused service is turned on! What that means is everyone who has ever installed Windows XP is running this service.

And the service has a bug - a huge bug, the kind of bug that if it hit your windshield would smash the car and cause it to explode in flames, killing all of the passengers and the driver.

The problem is very bad, and Microsoft has released a patch to fix it. But the story gets even more interesting.

The National Infrastructure Protection Center released an advisory stating that everyone who is not using this service should disable it. This is an incredible statement from this agency. What they are implying is the UPnP service problem directly puts the United States computer infrastructure at risk (that's what this agency protects)! That's a big thing for them to be saying.

What are they afraid of? That hackers and perhaps hostile governments can use the bug to their advantage. You see, special programs called Zombies can be installed on Windows XP machines with this problem, and Zombies can be used to launch distributed denial of service attacks on computers throughout the world.

In fact, I'll bet you heard about the denial of service attack performed by the Code Red worm recently against the Whitehouse (the attack failed, if you remember). That's exactly what this agency is afraid of and what they are trying to prevent.

So the next time you are thinking about giving all of your credit card data to a site which uses Microsoft Passport, think about this article. Do you want to trust all of your confidential data to a company which cannot keep it secure? Just think about it, read some more, and make the rational decision.

For more information, check out the following articles.

Microsoft Security Bulletin MS01-059
http://www.microsoft.com/technet/treeview/default.asp?url= /technet/security/bulletin/MS01-059.asp

eEye Digital Security http://www.eeye.com/html/Research/Advisories/AD20011220.html

NIPC ADVISORY 01-030.2 Universal Plug and Play Vulnerabilities http://www.nipc.gov/warnings/advisories/2001/01-030-2.htm

To see a list of article available for reprint, you can send an email to:
mailto:article-list@internet-tips.net?subject=send_article_list or visit
Richard Lowe Jr. is the webmaster of Internet Tips And Secrets at http://www.internet-tips.net - Visit our website any time to read over 1,000 complete FREE articles about how to improve your internet profits, enjoyment and knowledge.


HTML Tutorial | CGI tutorial | Email Tutorial |
Spam Tutorial | Cookies Tutorial | Privacy Tutorial | Windows Tutorial | DreamWeaver Tutorial | Domain Name Tutorial | Business Plan Tutorial | Search Position Tutorial | Online Advertising Tutorial | Ecommerce Essentials Tutorial


Check to see if YOUR Domain Name is available by typing it into the search box directly below (choose from .com, .net, .org, .info, biz and .us domains). There is no charge to check availability of domains, but if you decide to purchase your domain name now, our pricing starts at only $7.95 - The lowest price you'll find for single year registrations! Compare our prices here! or you can Search the WHOIS database to see who owns any domain! If you want to transfer to take advantage of our lower prices, transfer your domain name.


Web WebSite101.com