Toledo PC Users’ Group

A Forum for Personal-Computer Users — August, 2008

August Program:

Monday, August 4, 2008 at 7:30 PM, UAW-Local-14 Hall, Jackman & Northover (between Laskey & Alexis Rd), Toledo, Ohio.

In This Issue ...

TPCUG Data
From the Prez
Minutes
Treasurer’s Report
Membership Expirations
Computer-Investing-Group Meeting
TOLTBBS Information

TPCUG’s Website:
http://www.toledopcug.net

Coming Meeting: Monday,
September 8, October 6, November 3, December 1.

The Toledo PC Users’ Group
P.O. Box 13085
Toledo, OH 43613

Officers
President: Floyd Miller
Vice-President: Rick Snyder
Treasurer: Steve Tryc
Secretary: Sándor Halász

Standing Committees
Computer Shows: Steve Tryc
Librarian: Open
Membership: Halász Sándor
Programs: Lester Miller
Public Relations: Lavern & Eugene Curtis
Complaint Dept.: Helen Waite

SIG Leaders
Internet SIG: Jim Bell ............ 419-877-1109

Statement of Intent: The Toledo PC Users’ Group is a not-for-profit corporation, formed to provide a forum for the exchange of ideas and information regarding the use and enjoyment of personal computers.

Affiliations: TPCUG is a member of APCUG (Association of Personal Computer User Groups), which provided the APCUG logo.

Meetings: Meetings are generally held the first Monday of each month, at UAW-Local-14-Hall, 5411 Jackman Rd., Toledo, OH. In the event of emergency, members may be reached during meetings at a pay phone in the hall, 419-473-9571.
Visitors are always welcome at monthly meetings!
Executive-Board meetings are generally held after the regular monthly meetings.

Membership: Dues are $25. per year. To obtain an application, call any officer or member.

Moving? Notify the Membership Chair to redirect your newsletters.

Copyright 2008: The Toledo PC Users’ Group, the publisher of this newsletter, is a not-for-profit organization. Although it asserts a copyright for the newsletter, permission is granted to reprint this publication in whole or in part for any noncommercial use, with credits acknowledged.

Newsletter Deadline is the 15th of each month. All members are encouraged to contribute articles and reviews for this newsletter. Submissions may be made by email to the editor.

Advertizing: Business cards (2”×3½”) will be run in three issues for $5. Commercial ads: $10 for ¼ page; $20 for ½ page; $30 for ¾ page; $40 for full page. Larger ads are run in two issues from a graphics format, JPEG or GIF or … Members may place free ads for the sale of computer-related personal items on a space-available basis. Contact editor for details.

Production Notes: This newsletter was compiled with Microsoft Word 6 for Windows, Open Office 1.1.5, Brief, and Notepad.

TPCUG Mailing List: If you have e-mail, keep in touch with club doings by subscribing to the TPCUG mailing list.

The President's message: a bug in DNS, the name-to-address mapping system

We share the following information which will enable you to check your computer's vulnerability. Note the test site is in the midst of the text below—a bit past halfway down.

Internet flaw could let hackers take over the Web

Computer-industry heavyweights are hustling to fix a flaw in the foundation of the Internet that would let hackers control traffic on the World-Wide Web.

Major software and hardware makers worked in secret for months to create a software patch released on Tuesday to repair the problem, which is in the way computers are routed to webpage addresses.

You'd have the Internet, but it wouldn't be the Internet you expect. (Hackers) would control everything.

The flaw would be a boon for phishing cons that involve leading people to imitation webpages of businesses such as bank or credit-card companies to trick them into disclosing account numbers, passwords, and other information.

Attackers could use the vulnerability to route Internet users wherever they wanted, whatever website address is typed into a webbrowser.

On Tuesday the US Computer-Emergency–Readiness Team (CERT), a joint government–private-sector security partnership, issued a warning to underscore the serious of so-called DNS cache-poisoning attacks the vulnerability could allow.

An attacker with the ability to conduct a successful cache-poisoning attack can cause a nameserver's clients to contact the incorrect, and possibly malicious, hosts for particular services, CERT said.

Consequently, web traffic, email, and other important network data can be redirected to systems under the attacker's control.

People should be concerned but they should not be panicking, Kaminsky said. We have bought you as much time as possible to test and apply the patch. Something of this scale has not happened before.

Kaminsky built a webpage where people can find out whether their computers have the DNS vulnerability.

I found it completely by accident, Kaminsky said. I was looking at something that had nothing to do with security. This one issue affected not just Microsoft and Cisco, but everybody.

A lot of people really stepped up and showed how collaboration can protect customers.

Automated updating should protect most personal computers. Microsoft released the patch in a software-update package Tuesday.

A push is on to make sure company networks and Internet-service providers make certain their computer servers are impervious to web-traffic hijackings using the DNS attack.

The patch can't be reverse-engineered by hackers interested in figuring out how to take advantage of the flaw, technical details of which are being kept secret for a month to give companies time to update computers.

We are seeing a massive multi-vendor patch for the entire addressing scheme for the internet—the kind of a flaw that would let someone trying to go to Google.com be directed to wherever an attacker wanted.

Hackers using the vulnerability to attack company computer networks would also be able to capture email and other business data.

We have long since learned that we need to protect out computers from all the nasty things that are out there in cyberspace to attack them. This provides that additional check.

We hope to see more people at the group meetings. The more we have the more we can share, although sometimes it might seem as if we are pooling our ignorances. At least it might introduce the topic of consideration which we can mull over in our minds and subconsciouses, that in an moment when it is not expected out pops the answer.

Your Prez., Floyd L. Miller

Cache-poisoning

For domain-name translation there are authoritative sources, say Network Solutions or Verisign, for these are registrars (and see InterNIC). Their IP-addresses are well known, as needful, for if one seeks domain-name translation one cannot seek it for the translater, too. Likewise, when one hooks up with an ISP, in one s computer one enters its domain-name servers s IP addresses.

But if all translations were carried out only by these authoritative sources, the traffic to them would be too great. Therefore, their help only sometimes is sought, and most translation is carried out at each ISP s DSN, which is not authoritative. That is, from time to time, varyind with each domain name, the DSN forgets its translation and seeks one from the authoritative source. Each local store is called a cache, a word in other computer contexts also used, always for a temporary or not authoritative store used for lessening communication cost.

If an intruder can poke into that cache and change the local translation ere it expires, then he can make the ISP s users do as he pleases. This, maybe, is cache-poisoning.

Minutes

The meeting at 17:42 was called to order by F. Miller. pres.

The minutes were accepted, R Snyder asking why the new membership secretary s name was not in the minutes.

The balance stands at $1340.42, as in the newsletter. S. Tryc said that the hall and the postoffice-box rent are due. The treazurer s report was accepted.

F. Miller said he meant to have something about security, but picked accounting instead (with amortization table in mind), and got something from the public library. In the coming month the topic will be security, this month Excel. (Ballogg and Halász said that one can generate an amortization table in Excel or Open Office or the rest if one knows the formulas—and these have also relevant functions.)

There was no old bizness.

New bizness:

S. Tryc brought up the club s coming insolvency. Snyder suggested meeting at Sanger, but Tryc said that that is good only for three meetings in a row. Ballogg asks whether that is the whole library s policy, or whether it by branch varies. In Point Place there is a hall where if the club met on Tuesday or Thursday she could meet for free. F. Miller said that surely the Asbury church would allow the meeting for a utility donation. Ballogg asked about the other expenses, the post-office box and the APCUG membership. Halász supports both, but says that he, also the newsletter editor, is not registered at APCUG and cannot make use of the to member clubs generally allowed articles. F. Miller asks about the commitment to the union hall; Tryc and Ballogg answer that it is only by calendar month, $25 each, but Tryc for less writing pays a half year at once, and for the post-office box for a year, although committed only for a half year. Snyder asked about the checking-account expense. Tryc answers that that is not important, for it is for a book of checks (required by the bank upon changing TPCUG s account to commercial) that surely will last the club more years. F. Miller points out that there is no outstanding motion. Halász suggests a cheaper meeting hall, but Tryc points out the convenience of keeping all the club s gear, projector and such, at the meeting hall. Snyder says maibe the convenience costs too much. Tryc points out also that the club s use of TBBS remains for free: how much longer?

At 20:9 the meeting was adjourned; L. Miller played a DVD about Excel s conditional formatting.

Respectfully submitted by Sándor Halász, secretary.

Treasurer’s Report

Balance Ending 6/15/08 $1014.29

Income, check rebate $39.85

Expense $0.0

Balance Ending 7/15/08 $1054.14

Steve Tryc, treasurer

Expired & Expiring Memberships

January:
1690 Fowler

July:
1689 Mack

Computer Investing Group

Northwest Buckeye Chapter or Under ▾ Chapter Events choose Ohio - Northwest Buckeye Chapter

Comparison of Classic, Toolkit, & Stock Analyst

August 2, Saturday, 2-4 pm; Heatherdowns Public Library, 3265 Glanzman, Toledo, OH. Free, all welcome, and no reservation needed.

We will be demonstrating and comparing the three software packages to do a Stock Study Guide according to BetterInvesting principles. These are Classic, Investor's Toolkit, and Stock Analyst. Come to find which bests suits your needs and pocketbook.

We will use the August Stock to Study in BetterInvesting Magazine as an example. Please bring your magazine, if you have one. Also, if you wish, do your own Stock Selection Guide (SSG) at home and bring the file on a flash drive or your printed version to share.

The library has free Wi-Fi if you would like to bring your laptop.

For more information, contact Donna Bardis, or at 419-517-3279.

An amortization table

If to a spreadsheet program one in column A enters the following left column, the numbers on the right show.
700 700
=1+7.5%/12 1.01
27000 27000
=A3*A$2-A$1 26468.75
=A4*A$2-A$1 25934.18
=A5*A$2-A$1 25396.27
=A6*A$2-A$1 24854.99
=A7*A$2-A$1 24310.34
=A8*A$2-A$1 23762.28
=A9*A$2-A$1 23210.79
=A10*A$2-A$1 22655.86