If you have a popular file-sharing program called KaZaA on your computer and suddenly start seeing yellow links to obvious ads on some of your favorite Web sites, this is because a cunning piece of software called TopText was automatically installed on your computer along with KaZaA. Many Web site owners are upset with this alteration of their content. But there is an opt-out procedure (albeit a somewhat cumbersome one) you can use to keep TopText links from being added to your site, according to the company that markets TopText.

mansoft was one of several to send us a followup to last week's story about the massive MSIE/Outlook security hole. He points us to this Wired news article: "Your computer may not be protected against a recently discovered and dangerous security hole -- despite all claims to the contrary from Microsoft." Ack! If you tried the patch and got the message, "This update does not need to be installed on this system," you may need to upgrade your IE and re-patch. I'm amazed at how poorly this has been handled. I'll be even more amazed if there is no fallout. If Melissa or ILOVEYOU had been able to install backdoors as they spread, that would have really, really sucked. Update: 04/03 04:24 PM GMT by J : According to this Wired story, Microsoft was given six weeks of silence to prepare and issue the patch.

Visit an attacker's webpage using Microsoft's browser on Microsoft's operating system, and the attacker can execute arbitrary code on your system with your full privileges. Oh, and thanks to Microsoft innovation - you may remember this from the trial - the browser is integrated with the OS, so reading email from an attacker (opening attachments not necessary) also gives them full access to your machine. MSIE 5.5 is vulnerable, and MSIE 5.01 is vulnerable unless you've installed Internet Explorer 5.01 Service Pack 2. Read the security bulletin and download the patches. Discovery props to Kriptopolis.

Mozilla's latest milestone, M17, arrived today(ish); early adopters, go thou and download. And while you're waiting, check out this summary of the state of the art of PNG written by Greg Roelofs. PNG is ready for prime time in its Mozilla incarnation (though there are a few outstanding issues). Imminent takeover of the net predicted. Film at 11. Update later by J: OK, so M17 isn't available yet. Mea culpa; Greg and I misread a planning page. Here are Greg's comments/corrections to clear up the matter.

If you're using Microsoft Internet Explorer running on Microsoft Windows, turn off Javascript now. Your cookie file is readable by any hostile website. Or, if you'd like to see the security hole in action, leave Javascript on and check it out: "Open Cookie Jar." (read more)

No cookies with offsite GIFs: that's the privacy solution implemented by IDcide (take a moment to register the pun, OK, there ya go). Here's technical background on offsite cookies; here's the CNNstory; here's the software FAQ (it's only available for Windows/MSIE). If you're not sure why offsite cookies matter, you must read this. And, not to rain on IDcide's revenue model -- their product does other stuff too -- but why isn't offsite cookie rejection built into all browsers? Anyone from Mozilla want to talk about this?

As soon as Judge Jackson's decision was available for download (from this mirror site, among others), I was on the phone with Washington DC attorney Don Weightman, who often serves as the informal "Slashdot legal interpreter" on federal law, especially for antitrust and regulatory matters. Click below for a transcript of the phone conversation Don and I had as we read the decision together. Don makes some great points!

Greg Roelofs, author of PNG: The Definitive Guide, has written a feature on the PNG graphic format. The format has many technical advantages, yet it still isn't gaining acceptance. Personally, I just want a real alpha channel on web pages (well, and anti-aliased fonts, but lets cross one bridge at a time), Anyway, read what Greg has to say on the subject of PNG:

Intrepid reviewer Rick Franchuk has returned with another review, this time of the JavaScript Sourcebook. Yes, in full living text, read about how organization can sink or make a book. And, maybe, you can learn how to the mouseover as well. So, click below to read Rick's incisive review.

This is fairly sizable. Michael McLagan, better known to most readers as the brave soul responsible for Linux.org has written a response to the criticism he has recieved lately about the web site. I feel Linux.org is an important resource and Michael is working hard to do a good job. I think it's important that we work together to make sure that Linux.org is all it should be. I guess the first step is to hit the link below and read what he has to say, and talk about it.

Well Bootnet has posted an article about MSIE5... the funny thing is that their "Proof" is an httpd log entry frome tide11.microsoft.com formatted like IE5 most likely will. See Those strings are really easy to change (as proven by the zany stuff that you guys put into my agent logs each week). Will someone mail me a perl script or something that sets HTTP_USER_AGENT = "Mozilla/4.0 (compatible; MSIE 6.66; Windows NT 6.66)" and does a GET off bootnet? If we each ran it once, we won't hurt their server at all and they'll notice the new browsers in the log files and maybe report wide scale beta testing has begun on IE6.66 and NT 6.66. Shhh... don't tell them *grin*. All kidding aside, BootNet is a Neato-Site(tm) and definately worth a regular gander. Thanks to Xces for letting me know.

Update:A few notes, Slashdot has recieved dozens of hits from tide*.microsoft.com in the last few weeks. Read whatever you want into that. Second, this script was sent to us by Vivek that will fake an agent. run it with an address, port and an agent string (like the one above) as parameters. Lynx users can set it already.