Be aware of somethings that are being said

Crooks, Michael A. (mikeac@smart1.net)
Wed, 21 May 1997 08:52:06 -0400

Date: Wed, 21 May 1997 08:52:06 -0400
From: mikeac@smart1.net (Crooks, Michael A.)
To: java-security@web2.javasoft.com
Subject: Be aware of somethings that are being said

*** Microsoft =AE Site Builder Network ***
In this issue:
NEWS & ANNOUNCEMENTS
? MICROSOFT RESPONDS TO JAVA SECURITY ISSUES BY POSTING
FIX
? ANNOUNCING NEW SITE BUILDER NETWORK DISCUSSION GROUPS
? SITE BUILDER WORKSHOP ADDS DYNAMIC HTML AREA

MEMBERSHIP DOWNLOADS AND NEWS SPOTLIGHT
? EDGEWORX OFFER TO SITE BUILDER MEMBERS
? WEBMEN TALKING IS NOW BIWEEKLY
? LIMITED TIME ONLY - AWARD-WINNING JAVA AUTHORING TOOL
? EG SOFTOWARE=92S WEBTRENDS WEB SERVER LOG FILE ANALYZER
? HIT LIST PROFESSIONAL 3.0 - TRIAL VERSION

PLEASE NOTE: Email format restrictions may not allow a URL to fit on one
line. Thus, when you click the URL line in the email message, you may
get a browser error (e.g., non-existent link). If the URL does not
seem to work, please make certain you select, copy, then paste the
entire link address into your browser=92s target address field. Thank
you.

NEWS & ANNOUNCEMENTS
MICROSOFT RESPONDS TO JAVA SECURITY ISSUES BY POSTING FIX Researchers at
the University of Washington recently notified Microsoft and other
vendors of several dozen anomalies in Java virtual machines that could
potentially result in Java applets causing a system crash and/or loss of
data. Microsoft today announced the immediate availability of an
updated version of the Microsoft virtual machine for Java that addresses
the issues raised by the University of Washington.
The researchers with the Kimera Project in the Department of Computer
Science and Engineering at the University of Washington have an
automatic validation technology that allows them to quickly identify
potential bugs in commercial Java implementations. Their tests
uncovered a variety of Java anomalies, including 17 which affect the
Microsoft virtual machine and 24 which affect Sun Microsystem=92s virtual
machine.
The anomalies are in the bytecode =93verifier=94, which enforces the
security of the Java sandbox. There have been no known attacks that
exploit these anomalies, but they could potentially allow a malicious
application to get access outside the sandbox. More information is
available on the University of Washington=92s Kimera Project website at
http://www.washington.edu/newsroom/news/k051997.html.
The updated version of the Microsoft virtual machine is available to all
users of Internet Explorer, Internet Information Server and Visual J++
from http://www.microsoft.com/java. All users and developers are
encouraged to download the new version of the virtual machine. The
updated version will also be distributed with all future releases of
Microsoft products containing the virtual machine.
ANNOUNCING NEW SITE BUILDER NETWORK DISCUSSION GROUPS
Because the Site Builder=92s Exchange discussion group has been so busy
lately, we=92ve decided to divide it into focused discussion groups. The
Site Builder Network Forum offers ongoing discussions on following
topics:
Internet Explorer/HTML, Java/Visual J++, Active Server Pages and Web and
Graphic Design. Check out this cool members-only benefit provided by The
Cobb Group accessible through the Level 1 lounge. Not a member? It=92s
time to sign up!
SITE BUILDER WORKSHOP ADDS DYNAMIC HTML AREA
Site Builder Workshop has added a whole new section just for information
on Dynamic HTML at http://www.microsoft.com/workshop/author/dhtml/.
This powerful new technology in Internet Explorer unchains HTML
authors=97and their Web pages=97and makes interactive components easy to
build. Microsoft=92s Dynamic HTML technology gives authors creative
control so they can manipulate any page element and change styles,
positioning, and content at any time=97not only when the page is loaded.
MEMBERSHIP DOWNLOADS AND NEWS SPOTLIGHT
EDGEWORX OFFER TO SITE BUILDER MEMBERS Antares is offering all Site
Builder members the opportunity to purchase the EdgeworX Developer
Edition at the exceptional promotional price of $99 (vs. $399 List
Price). This promotional price will be available on a purchase of
EdgeworX Developer Edition made through May 31, 1997. This offer is
made exclusively to Site Builder members.
? This special promotional price is available only through a link on the
EdgeworX download area of the Site Builder Network site.
? Purchasers will be required to provide their SBN Membership to claim
the discount.
? It is not necessary to download evaluation copy of EdgeworX Developer
Edition to take advantage of this promotion.

Take advantage of this special offer and learn why everyone is talking
about EdgeworX. For example:
=93With the tight integration of VBA and DCOM support as part of the
EdgeworX product, any of the 3 million Visual Basic developers will be
able to quickly create web applications using a familiar object-based
design environment.=94 - Tom Button, Director of the developer tools
division at Microsoft.
=93EdgeworX from Antares Alliance Makes VB Programmers into Web Experts.=94
- Michael Goulde, Seybold.
EdgeworX is a VBA and DCOM based object-oriented development and
execution framework for creating dynamic Web applications. Based on
Microsoft=92s Visual Basic for Applications (VBA), EdgeworX provides a
comprehensive library of DCOM-enabled ActiveX objects, which enable
developers to quickly and easily build dynamic, interactive Web
applications. Download your evaluation copy today.
WEBMEN TALKING IS NOW BIWEEKLY
Our popular Site Builder Network Magazine question-and-answer column,
Web Men Talking, will double in frequency, from monthly to biweekly! If
you aren=92t one of the 10,000 people who read the column every week, you
are missing out! Check out
http://www.microsoft.com/sitebuilder/columnists/default asp.
LIMITED TIME ONLY - AWARD-WINNING JAVA AUTHORING TOOL
Jamba is a Java authoring tool for web content creators
and graphic designers who want to take advantage of
Java=92s ability to add animation and interactive
navigation to static HTML pages. Jamba offers a non-
programming environment using a point & click interface
that creates feature-rich Java applets that run across
all major web browsers and all platforms. Unlike
Macromedia=92s Shockwave and other tools that use a plug-
in strategy, Jamba applets do not require the browser to
first download and install or updated large plug-ins
before the applet can be viewed. Download the 30-day
trial version for one week only! Go to
http://www.microsoft.com/sbnmember/download/download.asp

E.G. SOFTWARE=92S WEB TRENDS WEB SERVER LOG FILE ANALYZER
? TRIAL VERSION
WebTrends is the fastest, most popular Web server log
file analyzer on the market, and the only product to
provide real-time analysis and reporting for IIS and
other Web servers. Go to
http://www.microsoft.com/sbnmember/download/download.asp
HIT LIST PROFESSIONAL 3.0 - TRIAL VERSION
Get to know the who, what, when, where, and why of your
Web-site traffic. Hit List Professional 3.0 by
Marketwave provides sophisticated analysis of your Web-
site traffic and visitor usage=97think of it as =91Caller
ID=92 for your Web site. Until June 9, 1997, SBN members
can buy Hit List Professional 3.0 for 50% off the retail
price! Go to
http://www.microsoft.com/sbnmember/download/download.asp

To increase or decrease the frequency of e-mail or postal mail you
receive from Site Builder Network, please go to
http://www.microsoft.com/sbnmember/apply/apply.asp and click =93Change
Your Membership.=94 You will find check boxes, which will allow you to
choose the frequency ofmail you wish to receive (including none). To
cancel your SBN membership, please put =93Cancel my Membership=94 in the
subject heading and e-mail back to SBN@microsoft.com.