Hello Laporte Report subscribers. I've got a very important security
note for you.

If you use Windows XP your system is vulnerable to a very simple
attack that could let any hacker delete all the files in any
directory by embedding a short invisible command in a web page or
HTML email. I've demonstrated the attack on The Screen Savers and
it's incredibly easy to implement and totally destructive. It's one
of the most serious security flaws I've ever seen.

Microsoft has remained completely silent on this, even though they've
apparently known about it for 11 weeks.The potential for harm is so
great that they and the entire computer security establishment have
kept the hole a secret. It's called "security through obscurity" and,
in my opinion, it's the worst possible way to protect your system.

The short term fix is to delete or rename a file on your system named
uplddrvrinfo.htm. A better long term solution is to install the
Windows XP Service Pack which Microsoft made available yesterday.
It's a fairly big download, over 50 megs on my fully updated system,
but it presumably fixes other security flaws we don't know about.

Steve Gibson has written about this flaw at
http://grc.com/default.htm and it was the subject of a security
bulletin on Bugtraq at
http://online.securityfocus.com/archive/1/287482/2002-08-10/2002-08-
16/0 .

This is one more reason I'm no longer recommending Windows machines
to my family and friends. Microsoft's security model is so severely
flawed that I believe it's impossible for them to make a secure
version of the OS. Use Mac OS X instead. It's not perfect, either,
but it's much less susceptible to this sort of thing.

And if you use XP, please run Windows Update and install SP-1 as soon
as possible. Now that the word's out I expect to see this exploit all
over the place.

Leo