We support Microsoft .NET Framework 2.0 & 1.1, all versions of Access, SQL 2000, SQL 7.0, SQL 2005 Express, SOAP, FrontPage 2002, 2003, Visual Studio 2005, Index Server, XML, UDDI, & Mobile device support. We also offer great third party tools like SmarterMail, Merak Mail, SmarterStats, PHP, Perl, MySql, DeepMetrix Livestats XSP 8.0.   We support Microsoft .NET Framework 2.0 & 1.1, all versions of Access, SQL 2000, SQL 7.0, SQL 2005 Express, SOAP, FrontPage 2002, 2003, Visual Studio 2005, Index Server, XML, UDDI, & Mobile device support. We also offer great third party tools like SmarterMail, Merak Mail, SmarterStats, PHP, Perl, MySql, DeepMetrix Livestats XSP 8.0.
 Friday, November 07, 2008

It has come to our attention that once again Phishing and malware injection has reached an alarming rate.

Sorry, we were not able to deliver postal package you sent on October the 19th in time because the recipient address is not correct.
Please print out the invoice copy attached and collect the package at our office.
If you do not receive package in ten days you will have to pay 6$ per day.

Your UPS

It is clear to most of us, that UPS would never send you an email with a zip file in it. But then not everyone is experienced and this is the problem. If you have not sent anything via UPS delete stuff like this if you have then go to UPS tracking do not open zip files which have an .exe in them then be silly enough to click them. The best rule is if you do not come from a valid source just delete it.

11/7/2008 7:56:42 AM (Pacific Standard Time, UTC-08:00)  #    Disclaimer  |   | 
 Monday, September 29, 2008

We typically refuse to get political on this blog; Since many of the out right lies have become the standard let's just look at the current crisis, and you determine who is lieing. The fact is that both Democrats and Republicans are responsible. They are responsible because everyone of them is guilty of taking this money but there is no doubt at all that the Democrats took much more money and their envolvment goes to the core.

Yet in the campaign the democrats are now claiming to be completely innocent! One should question having any of these people representing we the people of America. We can say we do not want more taxes like it or not we will get them. We can say that we do not want our country to become socialist! 

Chrisopher Dodd should never open his mouth and point fingers. One should ask how on earth he even retains his position?

While we are on that topic Before becoming Treasury Secretary, Henry M.Paulson was Chairman and Chief Executive Officer of Goldman Sachs since the firm’s initial public offering in 1999. He joined Goldman Sachs. Since it has now been exposed that Goldman Sachs has a 20 billion dollar exposure! Should one should give this man a check for 700 billion to manage!

Please how about getting fired, or resign and at very least turn his duties over to the assitant. To listen to this drivel about what they did not know, and when they did know it is nothinig more than lies. 

Face it all of congress and senate should be fired! None of these people have the American people's interest at heart. I keep waiting for someone to show the American people some level of justice.


9/29/2008 10:10:02 AM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 
 Thursday, September 11, 2008

Obama sex video? Hardly. It's spyware spreading via e-mail

Don't believe everything you read on the Internet: Democratic presidential candidate Barack Obama isn't a terrorist...or a porn star.

A malicious spam e-mail is spreading that claims to have a link to a sex video of Obama but is instead spyware that steals sensitive data from the computer, security firm Sophos warned on Wednesday.

The subject line says "Obama sex video!!!" and the e-mail appears to come from "infonews@obama.com, Graham Cluley, senior technology consultant at Sophos, says on his blog.

Clicking on the link downloads an executable file that plays an amateur porn video, but Obama is not in it.

Meanwhile, behind the scenes a Trojan horse known as Mal/Hupig-D is installed. The Trojan targets Windows machines and steals passwords and bank account data, Cluley said.

Is it the work of the Republicans? Probably not; it has the trademark bad grammar and excessive punctuation of traditional phishing attempts, many of which originate outside English-speaking countries.

9/11/2008 7:34:19 AM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 
 Sunday, August 31, 2008

The European Court of Human Rights has refused U.K. hacker Gary McKinnon's appeal against demands for his extradition to the U.S.

McKinnon stands accused of breaking into computers belonging to NASA and the U.S. military, and had appealed against his extradition under Article 3 of the European Convention on Human Rights. He had claimed that the conditions of detention he would face if convicted in the U.S. would breach a European prohibition on inhumane or degrading treatment.

The court said Thursday it had refused his appeal, and will not prevent his extradition. The court had previously ordered that his extradition be delayed until midnight Friday while it considered his request.

It was in 2002 that a U.S. court first indicted McKinnon for the offenses, committed in 2001, although he was not arrested by U.K. police until 2005. The U.K. government first approved his extradition in 2006.

McKinnon has never visited the U.S., and the offenses of which McKinnon is accused were committed in the U.K., his lawyers at Kaim Todner LLP said.

"We maintain that any prosecution of our client ought therefore to be carried out by the appropriate British authorities," the London law firm said. "U.K. citizens are at the mercy of the ever-increasing tendency of overseas prosecutors to extend their jurisdiction to crimes allegedly committed in this country."

The message is clear -- if you hack into computers you have to realize that the legal consequences could be severe. Others should take note of McKinnon's predicament!

8/31/2008 7:49:47 PM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 

On Oct. 1, ComCast cable company will update its user agreement to say that users will be allowed 250 gigabytes of traffic per month, the company announced on its Web site.

Comcast floated the idea of a 250 gigabyte cap in May and mentioned then that it might charge users $15 for every 10 gigabytes they go over, but the overage fee was missing in Thursday's announcement.

Curbing the top users is necessary to keep the network fast and responsive for other users, Comcast has said.

Comcast stressed that the bandwidth cap is far above the median monthly usage of its customers, which 2 to 3 gigabytes.

Very few subscribers use more than 250 gigabytes, it said. A user could download 125 standard-definition movies, about four per day, before hitting the limit.

The cap is also above those of some other ISPs. Cox Communications' monthly caps vary from 5 gigabytes to 75 gigabytes depending the subscriber's plan. Time Warner Cable Inc. is testing caps between 5 gigabytes and 40 gigabytes in one market. Frontier Communications Co., a phone company, plans to start charging extra for use of more than 5 gigabytes per month.

8/31/2008 7:31:53 PM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 

EGroupware is a free enterprise ready groupware software for your network. It enables you to manage contacts, appointments, todos and many more for your whole business.

EGroupware is a groupware server. It comes with a native web-interface which allowes to access your data from any platform all over the planet. Moreover you also have the choice to access the EGroupware server with your favorite groupware client (Kontact, Evolution, Outlook) and also with your mobile or PDA via SyncML.

EGroupware is international. At the time, it supports more than 25 languages including rtl support.

EGroupware is platform independent. The server runs on Linux, Mac, Windows and many more other operating systems. On the client side, all you need is a internetbrowser such as Firefox, Konqueror, Internet Explorer and many more.

8/31/2008 4:52:59 PM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 
 Wednesday, August 27, 2008

Massive capacity - WD RE3 Enterprise SATA drives are available in capacities up to 1 TB.
Dual processor - Twice the processing power results in a 20% performance improvement over the previous generation.
StableTrac™ - The motor shaft is secured at both ends to reduce system-induced vibration and stabilize platters for accurate tracking during read and write operations.
RAFF™ - Our fourth generation RAFF technology includes sophisticated electronics to monitor the drive and correct both linear and rotational vibration in real time for up to a 60% performance improvement in high vibration environments over the previous generation of drives.
IntelliSeek™ - Calculates optimum seek speeds to lower power consumption, noise, and vibration.
Multi-axis shock sensor - Automatically detects the subtlest shock events and compensates to protect the data.
RAID-specific, time-limited error recovery (TLER) - Prevents drive fallout caused by the extended hard drive error-recovery processes common to desktop drives.
Third generation dynamic fly height - Each read-write head’s fly height is adjusted in real time for optimum reliability.
NoTouch™ ramp load technology - The recording head never touches the disk media ensuring significantly less wear to the recording head and media as well as better drive protection in transit.
Perpendicular Magnetic Recording (PMR) - WD RE3 drives utilize PMR technology to achieve even greater areal density, reliability, and design margin.

8/27/2008 8:20:27 AM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 
 Tuesday, August 12, 2008

The Internet remains vulnerable to exploits of a critical security flaw in the Domain Name System, a Russian programmer demonstrated last week. Writing on his blog on Friday, Evgeniy Polyakov posted that he had succeeded in getting patched DNS software to return an incorrect location in less than 10 hours.

Researchers who spearheaded an international push to get internet service providers and other large organizations to patch the flaw said they weren't terribly concerned about the exploit code. That's because Polyakov's attack took 10 hours to carry out using two machines connected directly to the targeted DNS server via a gigabit ethernet link.

"That's a little different then spending 10 seconds over the internet," to carry out an attack, said Dan Kaminsky, the researcher who first warned of the DNS cache poisoning vulnerability.

The original attack works by flooding a DNS server with thousands of requests for domains with slightly different variations, 1.google.com, 2.google.com, 3.google.com and so forth. That allows attackers to gain a secret transaction number needed to trick other computers into updating their records with IP addresses that lead to rogue websites.

So a word to the big players of world: You dodged a bullet in surviving the Kaminsky bug without issue, but next time you may not be as lucky.
Creating a real fix won't be easy, but it's essential.

8/12/2008 9:45:41 AM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 

Yahoo! says it won't target you… to your face. On Aug. 8, the Internet giant announced that it will allow users to opt out of behavioral targeting on its site. But in fact, that change only affects behaviorally targeted ads that users see. The company will still collect information on the Web sites visited by unique computers, it just won't serve ads to individual users based on the info.

"This isn't rejecting cookies outright, you are just preferring not to see the ads," says Anne Toth, Yahoo's head of privacy and vice-president of policy.

So Yahoo (YHOO) will still know that you looked up Fannie Mae's stock on Yahoo Finance and then checked out foreclosed homes on Yahoo's real estate site. It just won't serve you a mortgage ad based on that info when you're checking e-mail. It will also still serve ads to you based on your location and the content of the page that you are on.

Toth says Yahoo must keep the information to report accurate financials on advertising click-through rates and visitors. It probably also wants to tell advertisers about the kind of people who visit certain pages, in aggregate, to sell more expensive advertising. Behavioral targeting can more than triple the price of some ads.

Congressional Pressure
The move came in response to congressional action. On Aug. 1, the House Energy & Commerce Committee sent a letter to 33 companies, including AT&T (ATT), Comcast (CMCSA), Google (GOOG), Microsoft (MSFT), and Yahoo, opening an inquiry into their practices for collecting and using data to target ads to consumers based on what they do online.

Behavioral targeting is different from other kinds of targeting, such as search targeting or geotargeting, which uses IP addresses or Zip Codes that people provide when they sign up for a site. Behavioral targeting works by tracking surfers as they move around the Web. Companies then apply sophisticated algorithms to that past behavior to decide what kinds of ads to show the people they're tracking.

8/12/2008 9:32:12 AM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 
 Friday, August 08, 2008

While many of the apps in Apple's (AAPL) iPhone App Store are useful, some are utter crap. And the latest, spotted by John Gruber, is an insult to all the well-meaning developers that Apple made wait/are still waiting to get into the iPhone developer program.

Behold: "I Am Rich," a $999.99 app from Armin Heinrich, which just displays a red gem on the phone's screen -- nothing else.

"The red icon on your iPhone or iPod touch always reminds you (and others when you show it to them) that you were rich enough to afford this," the app's information page says in iTunes. "It's a work of art with no hidden function at all."

The upside for Apple: $300, or 30%, of all purchases. The downside: Good luck enforcing that "all sales final" policy on this scam.

Read a full article here don't miss the comments they are always top notch.

8/8/2008 5:46:25 PM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 

Expectations ran running high before Wednesday morning as Kaminsky, director of penetration testing for IOActive, had revealed little about his DNS vulnerability up till then. That didn't stop others from trying to figure it out. But that actually helped Kaminsky in the end; it meant during his speech, he was able to skip the what and go directly to the why.

Security researchers always thought it was hard to poison DNS records, but Kaminsky said to think of the process as a race, with a good guy and bad guy each trying to get a secret number transaction ID. "You can get there first," he said, "but you can't cross finish line unless you have the secret number."

The question is why would someone bother? Well, Kaminsky talked about how deeply embedded DNS is in our lives. Kaminsky said there are three ages in computer hacking. The first was attacking servers (for example FTP and Telnet). The second was attacking the browsers (for example Javascript and ActiveX). We're now about to enter the third age, where attacking Everything Else is possible.

We know that if we type a name.com into a browser, the DNS resolves it to its numerical address. But what we don't realize is that same process occurs when we send e-mail or when we log onto a Web site. These also require DNS lookup.

Kaminsky then detailed how various security methods on the Web can be defeated if one owns the DNS. For example, if a site wants to establish a Trust Authority Certificate with the Certificate Authorities, they use e-mail to confirm the identity of the requester. He also said that it's possible to poison Google Analytics and even Google AdSense, which also rely on DNS lookup.

Prior to the patch, the bad guy had a 1 in 65,000 chance of getting it because the transaction ID is based, in part, on the port number used. With the patch, the chances decrease to 1 in 2,147,483,648. Kaminsky said it's not perfect, but it's a good enough start

8/8/2008 8:00:53 AM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 
 Thursday, August 07, 2008

The DNS vulnerability in the Internet's design is allowing criminals to silently redirect traffic to Web sites under their control. The problem is being fixed, but its extent remains unknown and many people are still at risk.

The bug's existence was revealed nearly a month ago. Since then, criminals have pulled off at least one successful attack, directing some AT&T Inc. Internet customers in Texas to a fake Google site. The phony page was accompanied by three programs that automatically clicked on ads, with the profits for those clicks flowing back to the hackers.

There are likely worse scams happening that haven't been discovered or publicly disclosed by Internet service providers. "You can bet that the (Internet providers) are going to stay tightlipped about any attacks on their networks," said HD Moore, a security researcher.

The AT&T attack probably would have stayed quiet had it not affected the Internet service of Austin, Texas-based BreakingPoint Systems Inc., which makes machines for testing networking equipment and has Moore as its labs director. He disclosed the incident in hopes it would help uncover more breaches.

The underlying flaw is in the Domain Name System (DNS), a network of millions of servers that translate words typed into Web browsers into numerical codes that computers can understand.

What this means is that a computer user in say, San Francisco, might type http://www.yahoo.com and head straight to the real Yahoo site, while at the same moment, a user in New York — whose traffic is routed through different DNS servers — might type that same Web address and end up on a phony duplicate site.

Looking for secure dns services? SOADNS.com

8/7/2008 8:37:56 AM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 

How do I read the results table?

The scatterplots are provided as an additional safety check. Even if the tests show that the server passes, the values may still be easy to predict. If so, the graph may show patterns that are easy for human eyes to recognize. If you see an obvious pattern in either of the images, your DNS server has a poor or nonexistant source of randomness.

Based on the results, a DNS server is vulnerable if:
The query source ports or the query IDs from a given server match or are easily predictable. Matching query source ports make it easier to spoof results to the DNS server, poisoning its cache. Matching query IDs are usually an indication of a misconfigured DNS server, while changing query IDs that are predictable also make DNS cache poisoning easier.


A server that is subtly vulnerable is making an attempt to randomize or otherwise change its source port and query IDs, but it appears that the source it uses for random numbers is weak or predictable. Fixing this problem will most likely require patching the operating system the DNS server is running on. If the server is under your control, please apply any security patches it has available. If the server is not under your control, contact the owner and inform them of the issue, or switch to a different DNS provider, such as SOADNS.

8/7/2008 8:15:43 AM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 
 Monday, August 04, 2008

Today, we're flooded with information. It's an information overload and we're not capable of handling it," said Eran Belinsky, an IBM project leader. "This would relieve us from the anxiousness or need to try to remember everything. And there's the issue of trouble with recollection. [It's like] your index is broken. You know you know something, but you can't get there. This could help people having trouble with their memory reconstruct their memories.

This week, the company unveiled software that uses images, sounds and text recorded on everyday mobile devices to help people recall names, faces, conversations and events. Dubbed Pensieve, the software organizes bits of collected information, stores them and then helps the user extract them later on.

IBM's project is akin to one that Gordon Bell and other scientists at Microsoft Research have been working on for the past nine years. Bell, a longtime veteran of the IT industry and now principal researcher at Microsoft's research arm, is developing a way for people to remember different aspects of their lives.

Bell's project, called MyLifeBits, has him supplementing his own memory by collecting as much information as he can about his life. He's trying to store a lifetime on his Dell laptop. Collecting telephone conversations, music, lectures, books he's written and read and photographs he's incessantly taken, Bell is amassing a great database of his life.

8/4/2008 7:24:58 AM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 
 Sunday, August 03, 2008

Investors holding nearly 76 percent of Yahoo's 1.38 billion shares gave solid votes in favor of all nine current directors, in what represents an endorsement of their tough stance with Microsoft Corp in talks on a merger or partial sale.

Executives and board members tried to soothe dissenting investors, insisting Yahoo had been serious in the Microsoft talks and that it had good prospects in the next three years.

Seeking to counter attempts by some to blame Yang for talks collapsing, Chairman Roy Bostock said Yahoo's board "called the shots" when discussing Microsoft's proposals, including a $47.5 billion bid and attempts to buy Yahoo's Web search business.

Bostock said he could not understand why the software maker withdrew its bid. "There was never a compelling offer put on the table," he said. A Microsoft spokesman disputed Bostock's version of events, saying "Yahoo is attempting to rewrite history yet again."

Yahoo shares slipped 9 cents on Friday to $19.80, not far above the $19.18 that they fetched the day before Microsoft made its interest public on February 1. Microsoft's last offer for the company would have valued Yahoo at $33 per share.

8/3/2008 4:17:09 PM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 
 Thursday, July 31, 2008

Microsoft announced that it intends to acquire DATAllegro, provider of breakthrough data warehouse appliances. The acquisition will extend the capabilities of Microsoft’s mission-critical data platform, making it easier and more cost effective for customers of all sizes to manage and glean insight from the ever expanding amount of data generated by and for businesses, employees and consumers.

“DATAllegro is a tremendously innovative company that has started to redefine the data warehouse market,” said Ted Kummert, corporate vice president of the Data and Storage Platform Division at Microsoft. “Microsoft SQL Server 2008 delivers enterprise-class capabilities in business intelligence and data warehousing and the addition of the DATAllegro team and their technology will take our data platform to the highest scale of data warehousing.”

“Integrating DATAllegro’s non-proprietary hardware platform and flexible software architecture into Microsoft SQL Server will provide customers with the strongest offering in the market,” said Stuart Frost, CEO of DATAllegro. “We are excited to join forces with Microsoft and continue the innovation this company was founded on.”

Unlike most data warehouse appliance vendors targeting the 1-25 terabyte range, DATAllegro has specialized in large volume, high performance data warehouses.  DATAllegro’s data warehouse appliance installations boast some of the largest data volume capacities in the industry – up to hundreds of terabytes on a single system. DATAllegro clients span such markets as retail, telecommunications and manufacturing. 

In addition to offering large capacities, DATAllegro’s patent-pending technology is designed for complex workloads including high concurrency and mixed queries. DATAllegro is one of the few data warehouse appliances built on a non-proprietary hardware platform including Dell and Bull servers and EMC storage. This flexible architecture makes it ideally suited to integrate with SQL Server.

This will no doubt position Microsoft to leapfrog Oracle at the high end of the database market.

7/31/2008 6:32:06 AM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 
 Sunday, July 27, 2008

As MS discovers its once huge following of web code writers leaving for easier free open source approaches. They have of course tried to recapture some of its base by offering things in the past like Iron Python and now they are doing the same with Iron Ruby.

While at Redmond few can actually point out the benefits of running these things the framework verses just simply tossing a Linux box up with a free CentOS distro, and just running it native with the only real cost being the hardware investment.

The approach always seems to be at MS we can fit a round peg in a square hole just as long as the radius is small enough.

This is not to say that the .net platform is by itself somehow flawed. But rather that MS has focused on the enterprise at a time when many small web business applications simply do not have the budgets that MS seeks. This really reminds me of a replay that IBM once saw as a solution to their loss of market share. Lets not forget the PC was invented by IBM and the open hardware standards of almost every PC was created by them.

It really seems MS has forgot how to compete. Perhaps a replay of the late 1990s and the fight with Netscape in both the browser wars, and web servers, was waged and MS won hands down. How did they do it? Simple they gave away a browser Netscape tried to sell, and gave away a web server, that then Netscape tried to sell.

Enough of this and on to the great news of MS and Iron Ruby. While it might be a bit late at least they are trying, and we have to give them points for that.

7/27/2008 10:12:45 AM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 

A majority of members of the Federal Communications Commission have cast votes in favor of punishing Comcast Corp. for blocking subscribers' Internet traffic, an agency official said Friday. Comcast, the nation's largest cable company, was accused of violating agency principles that guarantee customers open access to the Internet.

Three commissioners have voted in favor of an order reaching agreement with the finding, enough for a majority on the five-member commission. But the decision will not be final until all five members have cast their votes. The commission is scheduled to take up the issue at its Aug. 1 meeting.

The potentially precedent-setting move stems from a complaint against Comcast that the company had blocked Internet traffic among users of a certain type of "file sharing" software that allows them to exchange large amounts of data.

The text of the order is not public. But Martin has said it will not include a fine. He also said it will require Comcast to stop its practice of blocking; provide details to the commission on the extent and manner in which the practice has been used; and to disclose to consumers details on future plans for managing its network going forward.

"I continue to believe that is imperative that all consumers have unfettered access to the Internet," Martin said in a statement released early Saturday morning. "I am pleased that a majority has agreed that the Commission both has the authority to and in fact will stop broadband service providers when they block or interfere with subscribers' access."

The FCC approved a policy statement in September 2005 that outlined a set of principles meant to ensure that broadband networks are "widely deployed, open, affordable and accessible to all consumers."

The principles, however, are "subject to reasonable network management."

Comcast spokeswoman Sena Fitzmaurice in a statement released Friday night said the company's network management practices are "reasonable, wholly consistent with industry practices and that we did not block access to Web sites or online applications, including peer-to-peer services."

The action is the first test of the agency's network neutrality principles. Members of both the House and Senate have sponsored network neutrality bills, but they have never come close to becoming law.  Full Article

7/27/2008 9:39:43 AM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 
 Tuesday, July 15, 2008

Yang advised Yahoo's employees to brace for even more turbulence during the next few weeks, predicting that Microsoft may make more buyout proposals as Icahn ridicules the board.

I know Yang is alot smarter than me but really it seems like he missed some serious economic class somewhere. How low does the share of stock have to go before the current board gets the point. MS plays hardball there is no doubt about this. But really let's say that MS no longer has any interest in Yahoo. What is the plan then Yang? What does the stock shares have to drop to and then what is the real plan?

MS has already said that the last offer of $33.00 with the current share price of $21.19 even the $30.00 per share offer is more than fair. Yet this was called Microsoft's "ludicrous" offer in its own shareholder letter, which underscored the Silicon Valley company's determination to fend off Icahn's attempted coup.

If the shareholds are really what Yang has said was his interest anyone who can add or subtract should question this claim. Personally anyone who has had to deal with Yahoo mail can tell that the company is on the ropes. You cannot lay off this many people and think the company can continue to grow. I have personally had people ask; How could Yahoo go broke? I can only assume they have never watched a take over happen.

I won't even go into the clear Anti Trust issues associated to Yahoo and Google working together as a solution to the problem.

This is the most current Yahoo article though the positions are weak. Icahn likely will get the board replaced and we will all wait until the August 1 shareholders vote.

7/15/2008 8:24:47 AM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 
 Friday, July 11, 2008

While it is clear that Dan Kaminsky did report a flaw without any method to verify or reproduce the flaw. I have to ask what exactly would others do in the same situation? I will only say this; if the flaw is in fact the same one that Thomas Ptacek claims related to the 16 bit session id and has been around for years. Then given time this too will be known and Dan Kaminsky is setting himself up for a rather unpleasant period. Though honestly there is nothing Dan Kaminsky has to gain by simply doing the right thing. Each of us are faced with these types of decisions in our lives! Piling on as a critic without any details seems totally unproductive.

According to DNS expert Paul Vixie, one of the few people who has been given a detailed briefing on Kaminsky's finding, the exploit is different from the issue reported three years ago by SANS. While Kaminsky's flaw is in the same area, "it's a different problem," said Vixie, who is president of the Internet Systems Consortium, the maker of the most widely used DNS server software on the Internet.

By day's end, Kaminsky had even turned his most vocal critic, Matasano's Ptacek, who issued a retraction on this blog after Kaminsky explained the details of his research over the telephone. "He has the goods," Ptacek said afterward. While the attack builds on previous DNS research, it makes cache-poisoning attacks extremely easy to pull off. "He's pretty much taken it to point and click to an extent that we didn't see coming."

Kaminsky's remaining critics will have to wait until his Aug. 7 Black Hat presentation to know for sure.

7/11/2008 6:50:27 AM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 
 Thursday, July 10, 2008

I admit I personally have never been a huge fan of Opera. However, Opera 9.5 is the best I have seen.

New Features:

New browser engine
Quick Find
Download Manager with BitTorrent
Opera Link
Mouse Gestures
Tabs and Sessions
Zoom and Fit to width
Content blocking
Quick and customizable Web search
Stay safe with new Fraud Protection and EV
Opera Dragonfly

Get it Now

7/10/2008 7:34:08 AM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 
 Wednesday, July 09, 2008

This video is extremely well done and can help change the email mindset which seems to overwhelm most people.

7/9/2008 6:50:03 AM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 
 Tuesday, July 08, 2008

7/8/2008 1:53:37 PM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 

7/8/2008 1:49:15 PM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 

7/8/2008 1:42:27 PM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 

7/8/2008 1:29:16 PM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 

7/8/2008 1:23:28 PM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   | 
 Saturday, June 28, 2008

Recently there has been a rash of SQL injection due to the approach of the thugs who honestly have nothing better to do with their time. In the first code writer wanted the attempt to appear as if it really just worked and moved on. In the second the writers actually used a Response.Write warning. Though the code writers in the second clearly have more targeted regular expression, and is more focused to current attacks. We offer these code snippets which work, and have offered to others to save time.

'Function IllegalChars to guard against SQL injection
Function IllegalChars(sInput)
'Declare variables
Dim sBadChars, iCounter
'Set IllegalChars to False
'Create an array of illegal characters and words
sBadChars=array("select", "drop", ";", "--", "insert", "delete", "xp_", _
"#", "%", "&", "'", "(", ")", "/", "\", ":", ";", "<", ">", "=", "[", "]", "?", "`", "|")
'Loop through array sBadChars using our counter & UBound function
For iCounter = 0 to uBound(sBadChars)
'Use Function Instr to check presence of illegal character in our variable
If Instr(sInput,sBadChars(iCounter))>0 Then
End If
End function

(Author: Aalia Wayfare)

In example 2:

I put this function in place on every public page...

array_split_item = Array("-", ";", "/*", "*/", "@@", "@", "char", "nchar", "varchar", "nvarchar", "alter", "begin", "cast", "create", "cursor", "declare", "delete", "drop", "end", "exec", "execute", "fetch", "insert", "kill", "open", "select", "sys", "sysobjects", "syscolumns", "table", "update", "<script", "/script>", "'")

for each item in Request.QueryString
   for array_counter = lbound(array_split_item) to ubound(array_split_item)
      item_postion1 = InStr(lcase(Request(item)),array_split_item(array_counter))
         if item_postion1 > 0  then
           Response.Write("Command cannot be executed.")
         end if

(Authors: Nick Jensen & Steve Kluskens)

6/28/2008 7:15:17 AM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |   |