It has come to our attention that once again Phishing and malware injection has reached an alarming rate.

Sample:
Sorry, we were not able to deliver postal package you sent on October the 19th in time because the recipient address is not correct.
Please print out the invoice copy attached and collect the package at our office.
If you do not receive package in ten days you will have to pay 6$ per day.

Your UPS

It is clear to most of us, that UPS would never send you an email with a zip file in it. But then not everyone is experienced and this is the problem. If you have not sent anything via UPS delete stuff like this if you have then go to UPS tracking do not open zip files which have an .exe in them then be silly enough to click them. The best rule is if you do not come from a valid source just delete it.

We typically refuse to get political on this blog; Since many of the out right lies have become the standard let's just look at the current crisis, and you determine who is lieing. The fact is that both Democrats and Republicans are responsible. They are responsible because everyone of them is guilty of taking this money but there is no doubt at all that the Democrats took much more money and their envolvment goes to the core.

Yet in the campaign the democrats are now claiming to be completely innocent! One should question having any of these people representing we the people of America. We can say we do not want more taxes like it or not we will get them. We can say that we do not want our country to become socialist! 

Chrisopher Dodd should never open his mouth and point fingers. One should ask how on earth he even retains his position?

While we are on that topic Before becoming Treasury Secretary, Henry M.Paulson was Chairman and Chief Executive Officer of Goldman Sachs since the firm’s initial public offering in 1999. He joined Goldman Sachs. Since it has now been exposed that Goldman Sachs has a 20 billion dollar exposure! Should one should give this man a check for 700 billion to manage!

Please how about getting fired, or resign and at very least turn his duties over to the assitant. To listen to this drivel about what they did not know, and when they did know it is nothinig more than lies. 

Face it all of congress and senate should be fired! None of these people have the American people's interest at heart. I keep waiting for someone to show the American people some level of justice.

Worldnetdaily:

Obama sex video? Hardly. It's spyware spreading via e-mail

Don't believe everything you read on the Internet: Democratic presidential candidate Barack Obama isn't a terrorist...or a porn star.

A malicious spam e-mail is spreading that claims to have a link to a sex video of Obama but is instead spyware that steals sensitive data from the computer, security firm Sophos warned on Wednesday.

The subject line says "Obama sex video!!!" and the e-mail appears to come from "infonews@obama.com, Graham Cluley, senior technology consultant at Sophos, says on his blog.

Clicking on the link downloads an executable file that plays an amateur porn video, but Obama is not in it.

Meanwhile, behind the scenes a Trojan horse known as Mal/Hupig-D is installed. The Trojan targets Windows machines and steals passwords and bank account data, Cluley said.

Is it the work of the Republicans? Probably not; it has the trademark bad grammar and excessive punctuation of traditional phishing attempts, many of which originate outside English-speaking countries.

The European Court of Human Rights has refused U.K. hacker Gary McKinnon's appeal against demands for his extradition to the U.S.

McKinnon stands accused of breaking into computers belonging to NASA and the U.S. military, and had appealed against his extradition under Article 3 of the European Convention on Human Rights. He had claimed that the conditions of detention he would face if convicted in the U.S. would breach a European prohibition on inhumane or degrading treatment.

The court said Thursday it had refused his appeal, and will not prevent his extradition. The court had previously ordered that his extradition be delayed until midnight Friday while it considered his request.

It was in 2002 that a U.S. court first indicted McKinnon for the offenses, committed in 2001, although he was not arrested by U.K. police until 2005. The U.K. government first approved his extradition in 2006.

McKinnon has never visited the U.S., and the offenses of which McKinnon is accused were committed in the U.K., his lawyers at Kaim Todner LLP said.

"We maintain that any prosecution of our client ought therefore to be carried out by the appropriate British authorities," the London law firm said. "U.K. citizens are at the mercy of the ever-increasing tendency of overseas prosecutors to extend their jurisdiction to crimes allegedly committed in this country."

The message is clear -- if you hack into computers you have to realize that the legal consequences could be severe. Others should take note of McKinnon's predicament!

On Oct. 1, ComCast cable company will update its user agreement to say that users will be allowed 250 gigabytes of traffic per month, the company announced on its Web site.

Comcast floated the idea of a 250 gigabyte cap in May and mentioned then that it might charge users $15 for every 10 gigabytes they go over, but the overage fee was missing in Thursday's announcement.

Curbing the top users is necessary to keep the network fast and responsive for other users, Comcast has said.

Comcast stressed that the bandwidth cap is far above the median monthly usage of its customers, which 2 to 3 gigabytes.

Very few subscribers use more than 250 gigabytes, it said. A user could download 125 standard-definition movies, about four per day, before hitting the limit.

The cap is also above those of some other ISPs. Cox Communications' monthly caps vary from 5 gigabytes to 75 gigabytes depending the subscriber's plan. Time Warner Cable Inc. is testing caps between 5 gigabytes and 40 gigabytes in one market. Frontier Communications Co., a phone company, plans to start charging extra for use of more than 5 gigabytes per month.

EGroupware is a free enterprise ready groupware software for your network. It enables you to manage contacts, appointments, todos and many more for your whole business.

EGroupware is a groupware server. It comes with a native web-interface which allowes to access your data from any platform all over the planet. Moreover you also have the choice to access the EGroupware server with your favorite groupware client (Kontact, Evolution, Outlook) and also with your mobile or PDA via SyncML.

EGroupware is international. At the time, it supports more than 25 languages including rtl support.

EGroupware is platform independent. The server runs on Linux, Mac, Windows and many more other operating systems. On the client side, all you need is a internetbrowser such as Firefox, Konqueror, Internet Explorer and many more.

Massive capacity - WD RE3 Enterprise SATA drives are available in capacities up to 1 TB.
Dual processor - Twice the processing power results in a 20% performance improvement over the previous generation.
StableTrac™ - The motor shaft is secured at both ends to reduce system-induced vibration and stabilize platters for accurate tracking during read and write operations.
RAFF™ - Our fourth generation RAFF technology includes sophisticated electronics to monitor the drive and correct both linear and rotational vibration in real time for up to a 60% performance improvement in high vibration environments over the previous generation of drives.
IntelliSeek™ - Calculates optimum seek speeds to lower power consumption, noise, and vibration.
Multi-axis shock sensor - Automatically detects the subtlest shock events and compensates to protect the data.
RAID-specific, time-limited error recovery (TLER) - Prevents drive fallout caused by the extended hard drive error-recovery processes common to desktop drives.
Third generation dynamic fly height - Each read-write head’s fly height is adjusted in real time for optimum reliability.
NoTouch™ ramp load technology - The recording head never touches the disk media ensuring significantly less wear to the recording head and media as well as better drive protection in transit.
Perpendicular Magnetic Recording (PMR) - WD RE3 drives utilize PMR technology to achieve even greater areal density, reliability, and design margin.

The Internet remains vulnerable to exploits of a critical security flaw in the Domain Name System, a Russian programmer demonstrated last week. Writing on his blog on Friday, Evgeniy Polyakov posted that he had succeeded in getting patched DNS software to return an incorrect location in less than 10 hours.

Researchers who spearheaded an international push to get internet service providers and other large organizations to patch the flaw said they weren't terribly concerned about the exploit code. That's because Polyakov's attack took 10 hours to carry out using two machines connected directly to the targeted DNS server via a gigabit ethernet link.

"That's a little different then spending 10 seconds over the internet," to carry out an attack, said Dan Kaminsky, the researcher who first warned of the DNS cache poisoning vulnerability.

The original attack works by flooding a DNS server with thousands of requests for domains with slightly different variations, 1.google.com, 2.google.com, 3.google.com and so forth. That allows attackers to gain a secret transaction number needed to trick other computers into updating their records with IP addresses that lead to rogue websites.

So a word to the big players of world: You dodged a bullet in surviving the Kaminsky bug without issue, but next time you may not be as lucky.
Creating a real fix won't be easy, but it's essential.

Yahoo! says it won't target you… to your face. On Aug. 8, the Internet giant announced that it will allow users to opt out of behavioral targeting on its site. But in fact, that change only affects behaviorally targeted ads that users see. The company will still collect information on the Web sites visited by unique computers, it just won't serve ads to individual users based on the info.

"This isn't rejecting cookies outright, you are just preferring not to see the ads," says Anne Toth, Yahoo's head of privacy and vice-president of policy.

So Yahoo (YHOO) will still know that you looked up Fannie Mae's stock on Yahoo Finance and then checked out foreclosed homes on Yahoo's real estate site. It just won't serve you a mortgage ad based on that info when you're checking e-mail. It will also still serve ads to you based on your location and the content of the page that you are on.

Toth says Yahoo must keep the information to report accurate financials on advertising click-through rates and visitors. It probably also wants to tell advertisers about the kind of people who visit certain pages, in aggregate, to sell more expensive advertising. Behavioral targeting can more than triple the price of some ads.

Congressional Pressure
The move came in response to congressional action. On Aug. 1, the House Energy & Commerce Committee sent a letter to 33 companies, including AT&T (ATT), Comcast (CMCSA), Google (GOOG), Microsoft (MSFT), and Yahoo, opening an inquiry into their practices for collecting and using data to target ads to consumers based on what they do online.

Behavioral targeting is different from other kinds of targeting, such as search targeting or geotargeting, which uses IP addresses or Zip Codes that people provide when they sign up for a site. Behavioral targeting works by tracking surfers as they move around the Web. Companies then apply sophisticated algorithms to that past behavior to decide what kinds of ads to show the people they're tracking.

While many of the apps in Apple's (AAPL) iPhone App Store are useful, some are utter crap. And the latest, spotted by John Gruber, is an insult to all the well-meaning developers that Apple made wait/are still waiting to get into the iPhone developer program.

Behold: "I Am Rich," a $999.99 app from Armin Heinrich, which just displays a red gem on the phone's screen -- nothing else.

"The red icon on your iPhone or iPod touch always reminds you (and others when you show it to them) that you were rich enough to afford this," the app's information page says in iTunes. "It's a work of art with no hidden function at all."

The upside for Apple: $300, or 30%, of all purchases. The downside: Good luck enforcing that "all sales final" policy on this scam.

Read a full article here don't miss the comments they are always top notch.

Expectations ran running high before Wednesday morning as Kaminsky, director of penetration testing for IOActive, had revealed little about his DNS vulnerability up till then. That didn't stop others from trying to figure it out. But that actually helped Kaminsky in the end; it meant during his speech, he was able to skip the what and go directly to the why.

Security researchers always thought it was hard to poison DNS records, but Kaminsky said to think of the process as a race, with a good guy and bad guy each trying to get a secret number transaction ID. "You can get there first," he said, "but you can't cross finish line unless you have the secret number."

The question is why would someone bother? Well, Kaminsky talked about how deeply embedded DNS is in our lives. Kaminsky said there are three ages in computer hacking. The first was attacking servers (for example FTP and Telnet). The second was attacking the browsers (for example Javascript and ActiveX). We're now about to enter the third age, where attacking Everything Else is possible.

We know that if we type a name.com into a browser, the DNS resolves it to its numerical address. But what we don't realize is that same process occurs when we send e-mail or when we log onto a Web site. These also require DNS lookup.

Kaminsky then detailed how various security methods on the Web can be defeated if one owns the DNS. For example, if a site wants to establish a Trust Authority Certificate with the Certificate Authorities, they use e-mail to confirm the identity of the requester. He also said that it's possible to poison Google Analytics and even Google AdSense, which also rely on DNS lookup.

Prior to the patch, the bad guy had a 1 in 65,000 chance of getting it because the transaction ID is based, in part, on the port number used. With the patch, the chances decrease to 1 in 2,147,483,648. Kaminsky said it's not perfect, but it's a good enough start

The DNS vulnerability in the Internet's design is allowing criminals to silently redirect traffic to Web sites under their control. The problem is being fixed, but its extent remains unknown and many people are still at risk.

The bug's existence was revealed nearly a month ago. Since then, criminals have pulled off at least one successful attack, directing some AT&T Inc. Internet customers in Texas to a fake Google site. The phony page was accompanied by three programs that automatically clicked on ads, with the profits for those clicks flowing back to the hackers.

There are likely worse scams happening that haven't been discovered or publicly disclosed by Internet service providers. "You can bet that the (Internet providers) are going to stay tightlipped about any attacks on their networks," said HD Moore, a security researcher.

The AT&T attack probably would have stayed quiet had it not affected the Internet service of Austin, Texas-based BreakingPoint Systems Inc., which makes machines for testing networking equipment and has Moore as its labs director. He disclosed the incident in hopes it would help uncover more breaches.

The underlying flaw is in the Domain Name System (DNS), a network of millions of servers that translate words typed into Web browsers into numerical codes that computers can understand.

What this means is that a computer user in say, San Francisco, might type http://www.yahoo.com and head straight to the real Yahoo site, while at the same moment, a user in New York — whose traffic is routed through different DNS servers — might type that same Web address and end up on a phony duplicate site.

Looking for secure dns services? SOADNS.com

How do I read the results table?

Scatterplots:
The scatterplots are provided as an additional safety check. Even if the tests show that the server passes, the values may still be easy to predict. If so, the graph may show patterns that are easy for human eyes to recognize. If you see an obvious pattern in either of the images, your DNS server has a poor or nonexistant source of randomness.

Based on the results, a DNS server is vulnerable if:
The query source ports or the query IDs from a given server match or are easily predictable. Matching query source ports make it easier to spoof results to the DNS server, poisoning its cache. Matching query IDs are usually an indication of a misconfigured DNS server, while changing query IDs that are predictable also make DNS cache poisoning easier.

^*Vulnerability:

A server that is subtly vulnerable is making an attempt to randomize or otherwise change its source port and query IDs, but it appears that the source it uses for random numbers is weak or predictable. Fixing this problem will most likely require patching the operating system the DNS server is running on. If the server is under your control, please apply any security patches it has available. If the server is not under your control, contact the owner and inform them of the issue, or switch to a different DNS provider, such as SOADNS.