The Mozilla Foundation has released a new version of its Firefox browser that fixes two critical security bugs in the software that were reported over the past week.

The most widely reported flaw concerns the International Domain Name (IDN) feature that Mozilla products use to process Web pages that do not use the Latin alphabet (see "Security flaw targets Firefox, Linux users").

Links pointing to a host with a long name composed entirely of dashes could be crafted so that earlier versions of Firefox would execute arbitrary code of an attacker's choosing. That means an attacker theoretically could use the flaw to take control of a user's machine by launching a buffer overflow attack.

Firefox 1.0.7, released this morning, also fixes a critical flaw in the way the Mozilla software handles Unix and Linux shell commands that could allow attackers to run unauthorized software on some systems, said Chris Beard, head of products with Mozilla Corp.

All Firefox users are encouraged to download the new release, which also contains a number of minor changes designed to make the browser more stable and secure.

The plan calls for a reorganization of Microsoft into three large divisions led by individual presidents, each reporting to Steve Ballmer, Microsoft's chief executive.

•  Jeff Raikes will head up the company's Business division, which will house Microsoft's Information Worker group (which includes its Office product line), and its Business Solutions packaged applications group.

•  Kevin Johnson and Jim Allchin will be co-presidents of the Platform Products and Services division, which will comprise Windows Client, Server and Tools and the MSN division. Microsoft said Allchin will hold that new position until he retires, once the company ships Windows Vista at the end of next year.

•  Robbie Bach will be president of the Entertainment and Devices division, which will oversee games and mobile device development.

The huge reorganization is designed to streamline the company's decision-making process and improve product development, Ballmer said in a statement.

In the past several months, some insiders and former employees have said that Microsoft has become too bureaucratic and process-driven to compete with nimbler competitors such as Google.

"Our goal in making these changes is to enable Microsoft to achieve greater agility in managing the incredible growth ahead and executing our software-based services strategy," Ballmer wrote in an e-mail sent to employees on Tuesday.

Security researchers at Panda Software say they have discovered a new worm that generates a spoofed version of Google, the Web's most popular search engine.

The company's PandaLabs unit reported late Friday that it had identified a worm it has labeled as P2Load.A that creates a fake Google site, and launches adware on infected computers.

The security software maker, which is based in Bilbao, Spain, said that the attack spreads via peer-to-peer, or P2P, computer networks, specifically the Shareaza and Imesh programs.

Panda said that the P2Load.A threat copies itself onto the shared directory of the P2P software as an executable file named after a Star Wars-themed video game, Knights of the Old Republic 2, and lures end users into launching the virus on their machines using a faked error message. Once the virus has been sprung, it immediately modifies the computer's start page, launches the adware and spoofs Google.

As part of its delivery function, the P2Load.A attack modifies an infected computer's Hosts file so that when an unsuspecting user attempts to call up the search engine, they are instead diverted to the mocked-up version of the site, which Panda said was hosted somewhere in Germany. The fraudulent page appears as an exact copy of Google and supports all 17 languages that the search site is offered in. The virus has also been designed to redirect people who mistype Google's URL into their browsers, and will pop up if someone mistakenly types wwwgoogle.com, www.gogle.com, or www.googel.com.

-- Symantec observed that denial-of-service attacks grew from an average of 119 per day to 927 per day during the first half of 2005 -- a 680% increase over the previous reporting period. The most frequently targeted industry was education, followed by small business and financial services.

-- The time between the disclosure of a vulnerability and the release of associated exploit code decreased from 6.4 days to 6.0 days. In addition, an average of 54 days elapsed between the appearance of a vulnerability and the release of an associated patch by the affected vendor. This means that, on average, 48 days elapsed between the release of an exploit and the release of an associated patch; during this time, systems are either vulnerable or administrators are forced to create their own workarounds to protect against exploitation.

-- During the first half of 2005, Symantec documented 1,862 new vulnerabilities -- the highest number ever recorded in the Internet Security Threat Report. 97% of these vulnerabilities were classified as moderate or high in severity, and 59% of all vulnerabilities were found in Web application technologies, marking an increase of 59% over the previous reporting period and a 109% increase over the first six months of 2004.

-- A growing number of Win32 viruses and worm variants were also reported during the first half of 2005. Symantec documented 10,866 new Win32 virus and worm variants, an increase of 48% over the previous reporting period and 142% over the first half of 2004.

-- Adware, spyware, and spam continue to propogate, according to the report. Eight of the top 10 adware programs were installed through Web browsers. Of the top 10 adware programs reported, five hijacked browsers. Six of the top 10 spyware programs were bundled with other programs and six were installed through Web browsers. Symantec also observed that spam made up 61% of all e-mail traffic and that 51% of all spam received worldwide originated in the United States.

-- An analysis of future and emerging trends concluded that an increase in the number of attacks and threats directed at wireless networks is likely. In addition, Voice over Internet protocol (VoIP) threats are expected to emerge as more enterprises merge their data and voice networks.  "Full Article"

Mac users are "operating under a false sense of security," according to Symantec Corp., and Firefox users will have to recognize that the popular open-source Web browser is currently a greater security risk than Microsoft Corp.'s Internet Explorer.

Symantec's latest Internet Security Threat Report, published today, found evidence that attackers are beginning to organize for attacks on the Mac operating system. Researchers also found that over the past six months, nearly twice as many vulnerabilities surfaced in Mozilla browsers as in Explorer.

"It is now clear that the Mac OS is increasingly becoming a target for the malicious activity, contrary to popular belief that the Mac OS is immune to traditional security concerns," the report said.  "Full Article"

Apple CEO Steve Jobs vowed Tuesday to repel "greedy" record companies' demands for higher music download prices, warning that any such move would encourage piracy.

Jobs, speaking before the opening of the Apple Expo in Paris, said some music majors were pushing for an increase in prices on Apple's online iTunes Music Store.

Apple's co-founder and CEO said record companies already earn more profit from songs sold through iTunes — cutting out costs of manufacturing, marketing and returns — than from those sold on CD.

"So if they want to raise the prices it just means they're getting a little greedy," he said.

As their contracts with Apple come up for renewal, music companies are seeking to improve their take from sales through the U.S. iTunes site, which charges 99 cents per song. Prices are typically higher in Europe, Japan and other regions.

 Password Safe

Password Safe is a tool that allows you to have a different password for all the different programs and websites that you deal with, without actually having to remember all those usernames and passwords. Password Safe runs on PCs under Windows (95/98/NT/2000/XP). An older (but fully functional) version is available for PocketPC. Linux/Unix clones that use the same database format have also been written (see Related Projects).   "Latest version" 

Originally created by Bruce Schneier's Counterpane Labs, Password Safe has opened it's source, and development and maintenance has been handed off to Jim Russell. Currently, the PasswordSafe Open Source project is being administered by Rony Shapiro.

Microsoft is compelled to offer an Ajax solution, said analyst John Rymer, vice president of application development and infrastructure at Forrester Research Inc.

"It fills a gap within their development environment. They didn't address Ajax at all," Rymer said. "I think a lot of people are overestimating Ajax, how valuable it's going to be. But a lot of people are using it, and Microsoft just had no answer."

He added that Ajax is just scripting. Although flexible and easy, it is difficult to maintain applications written with scripts because of a lack of structure, he said. "It's not a silver bullet."  "Full Article" "More Here"

A "social" Web browser, called Flock, has been created to meet the needs of a new generation of web users who want to edit, comment on and share web content, rather than just peruse it.

Of course this is a double edge sword; While I assume it matters little to someones blog. The concept is certainly not for commercial web sites. It is clear the web should support more methods of direct interaction. "New Scientist" 

The Redmond, Wash., software company instituted a new policy for all developers that bans functions using the DES, MD4, MD5 and, in some cases, the SHA1 encryption algorithm, which is becoming "creaky at the edges," said Michael Howard, senior security program manager at the company, Howard said.

MD4 and MD5 are instances of the Message Digest algorithm that was developed at MIT in the early 1990s and uses a cryptographic hash function to verify the integrity of data. "Eweek article"

While Bruce Schneier, and other experts in the field outlined the end of MD5.  It appears that MS is at least listening to some degree. Though one would think they would be on the edge at least they are not ignoring this. Seems that scraping SHA1 is also in their best interest as well.

The next and more serious question is what about all the exsisting use, that is in production. Is the problem so serious that we cannot get beyond it? As I have stated I am certainly no crypto expert. It seems a fair question, and is some cause for concern.

Google chief executive Eric Schmidt said few of the company's recent hires have been as significant as Cerf, widely regarded as one of the internet's creators because of his seminal work developing the network's essential communications protocols, TCP/IP, at Stanford University in the 1970s.

"He is one of the most important people alive today," said Schmidt, who has been friends with Cerf for more than 20 years. "Vint has put his heart and soul into making the internet happen. I know he is going to jump right in here and start shoveling out new ideas for Google."

When he starts work at Google on Oct. 3, Cerf's official title will be "chief Internet evangelist," but he is determined to be more than a figurehead or detached visionary.

"What I have done in the past is not going to be important at Google," Cerf said, "What's important at Google is what you are doing today and what you going to do tomorrow. That's the metric I will be measured by."

Cerf will remain chairman of the Internet Corporation for Assigned Names and Numbers, the oversight agency for internet domain names.

He also will continue as a visiting scientist at NASA's Jet Propulsion Laboratory, where he has been focusing on a very Google-like project — trying to figure out a way to connect the internet to outer space. He said working at Google is "really my dream job."

Oracle Corp. announced Tuesday that it is shipping Oracle Database 10g Release 2 on the Windows platform.

The move gives the company's Windows-based customers the ability to tap into enhancements made to the version, specifically in the areas of grid computing, performance, scalability and security.

"This announcement is one in a long line of those we've already made that show our commitment to the Windows platform and its users," said Willie Hardie, Oracle senior director of product management.

Oracle has served customers on Microsoft Corp. platforms since 1985, and in May 2004, the company joined the Microsoft Visual Studio Industry Partner program to offer better integration between Oracle Database and Visual Studio .Net 2003.

Hardie added that the release will allow developers to tap into core functionality that's designed to increase scalability and management at an affordable cost.

Oracle Database 10g Release 2 incorporates new features geared toward Windows developers, such as extensions for .Net, which include stored procedures. The feature allows developers to use the .Net language they prefer, which Oracle believes will reduce the time needed to build and deploy its database applications.

Windows customers will also be able to tap into Release 2's regular features, including automatic storage management, transparent data encryption, real application clusters and support for the W3C XML query standard.

Google UnSafeSearch

NEW YORK (MarketWatch) -- Oracle Corp. Monday agreed to acquire Siebel Systems Inc. for $3.61 billion in cash and stock, putting to rest long-running speculation on Wall Street about Siebel's future.

eBay Inc. (EBAY)(www.ebay.com) has agreed to acquire Luxembourg-based Skype Technologies SA, the global Internet communications company, for approximately $2.6 billion in up-front cash and eBay stock, plus potential performance-based consideration. The acquisition will strengthen eBay's global marketplace and payments platform, while opening several new lines of business and creating significant new monetization opportunities for the company. The deal also represents a major opportunity for Skype to advance its leadership in Internet voice communications and offer people worldwide new ways to communicate in a global online era. Skype, eBay and PayPal will create an unparalleled ecommerce and communications engine for buyers and sellers around the world.

"Communications is at the heart of ecommerce and community," said Meg Whitman, President and Chief Executive Officer of eBay. "By combining the two leading ecommerce franchises, eBay and PayPal, with the leader in Internet voice communications, we will create an extraordinarily powerful environment for business on the Net."

Founded in 2002 by Niklas Zennstrom and Janus Friis, Skype offers high-quality voice communications to anyone with an Internet connection anywhere in the world. The Skype software is easy to download and install, and enables free calls between Skype users online. Skype's premium services provide low-cost connectivity to traditional fixed and mobile telephones. Skype's software also offers a robust set of features, including voicemail, instant messaging, call forwarding and conference calling. Upcoming product innovations include Skype video, expressive content such as avatars, and customized toolbars for Outlook and Internet Explorer.

If you are looking for a simple FREE web service to use in your asp code to validate and Email address when someone signs up to your mailing list. Check out the script and article here.

    ' Name: A+ Email Verification
    ' Description:Will call a webservice that will verify an
    ' email address down to server level. 
    ' This service is provided for FREE! No costs involved.
    ' Try it out! By: TinyQuote
    '
    ' Inputs:email address
    ' Returns:A code that tells how good the address is
    '
    ' Assumes:This calls a web service that is free to use 
    ' if you only check 1000 or less addresses
    '
    ' Side Effects:Must have MSXML3.0 installed from MSDN 
    ' on the server you are using ASP on.
    '
    ' This code is copyrighted 

    <HTML>
    <%@LANGUAGE="VBScript"%>
    <%
    Dim email
    Dim status
    Dim emaildata
    if Request.Form.Count > 0 Then
    	' Requires Microsoft XML SDK 3.0 available at msdn.microsoft.com.
    	' fill data
    	email = Request.Form("email")
    	
    	' Call Webservice at CDYNE
    	 Dim oXMLHTTP
    	 
    	 ' Call the web service To Get an XML document
    	 Set oXMLHTTP = server.CreateObject("Msxml2.ServerXMLHTTP")
    	 oXMLHTTP.Open "POST", _
    	"http://ws.cdyne.com/emailverify/ev.asmx/VerifyEmail", _
    	False
    	 oXMLHTTP.setRequestHeader "Content-Type", _
    	 "application/x-www-form-urlencoded"
    	 oXMLHTTP.send "email=" & server.URLEncode(email) 
    	 Response.Write oxmlhttp.status
    	 if oXMLHTTP.Status = 200 Then
    		 Dim oDOM
    		 Set oDOM = oXMLHTTP.responseXML
    		 Dim oNL
    		 Dim oCN
    		 Dim oCC
    		 Set oNL = oDOM.getElementsByTagName("ReturnIndicator")
    		 For Each oCN In oNL
    		 For Each oCC In oCN.childNodes
    		Select Case LCase(oCC.nodeName)
    		 Case "responsetext"
    		emaildata = emaildata & "CodeTxt: " & occ.text & "<BR>"
    		 Case "responsecode"
    		emaildata = emaildata & "Code: " & occ.text & "<BR>"
    		End Select
    		 Next
    		 Next
    		 if status = "" Then status = "OK"
    		 Set oCC = Nothing
    		 Set oCN = Nothing
    		 Set oNL = Nothing
    		 Set oDOM = Nothing
    		 
    		 
    		 
    	 
    	 Else
    	 Status = "Service Unavailable. Try again later"
    	 End if
    	 Set oXMLHTTP = Nothing
    	
    End if
    %>
    <HEAD>
    <BODY><FORM method="POST" action="">
    <P>Email Address Checker<BR>
    <INPUT type="text" name="email" size="40" value="<%=email%>"></P><%=status %>
    <P><INPUT type="submit" value="Check Email" name="B1"></P>
    <P><%=emaildata%></P>
    </FORM></BODY>
    </HTML>

Today a friend ask me; How do  I do a complete NSLookup? I said just go to LogicalPackets and get the answer. He said no I want to do it in command prompt. Since this is a question I am asked from time to time, I thought it better to just post it to the blog so I can just say look at the blog.

So as you can see the command is: nslookup -type=any domainname.com

Lets use this example of anchor text:

You run a web design site, and that you want it to rank high with the search engines for the search term "web design". If you had 100 links pointing to your homepage, and the anchor text of all of them said "click here". This wouldn't tell the search engines a whole lot about your site. The search engines will not give you a good ranking.

However, if instead of "click here", the anchor text on those links said "web design", the search engines would easily conclude that your site is an authority on web design, and will give your site a high ranking.

Adding a bullet can give you yet another kick in position.  "Web Design" Doing this you can add image alt tag to the link as well as anchor text.

Example of Anchor Text:
<a href="http://blog.activeservers.com/SEO/" title="Internet SEO Articles">Articles</a>

See More From "Tumbleweed Communcations"

Typically, a Directory Harvest attack will target a specific domain with emails to many millions of combinations of email address at that domain, such as: adamsmith@domain.com; adam.smith@domain.com, adam_smith@domain.com, smitha@domain.com etc. Often the domain owner is targeted either for malicious reasons specific to that organisation, or because the business type of the domain owner is incorrectly identified by the attacker. 

One of the best things you can do is removing the catch all account. It is one of the best ways to avoid these types of attacks. If you use an alias correctly these types of attacks only refuse the email. Though it does little to reduce the traffic that might be clogging your mail system it certainly reduces the number of deliverable emails.

These are two good articles. Dark-Traffic  Dark-Mail Rising

Consultant Ben Edelman faulted Yahoo for not letting its advertisers know where their ads might end up.

"We know people pay very high pay-per-click fees when they think they're getting traffic from Yahoo, because advertisers think Yahoo users are more valuable," Edelman told internetnews.com. "Whatever their value actually is, advertisers who are buying the stuff should be told what they're getting."

Adware is free ad-supported software that users can download at no charge. But in his blog, Edelman documented how the software is installed without clear notification.

The bug isn't itself a vulnerability, Microsoft said in an advisory last week, since it can't be used to invade a system. It is, rather, an "unexpected behavior" that an attacker could use to cover up malicious activity, Microsoft said.

The company issued a patch for the problem, available only to authenticated Windows users.

The flaw is in the way Windows Firewall displays exception entries, which are created by administrators to allow incoming network connections. If an exception is created in the registry, it won't be displayed in the Windows Firewall user interface, meaning users might not be able to spot the exception entry.

It's unlikely that such a registry entry would be created under ordinary circumstances, and a user couldn't create one without administrator privileges, Microsoft said.

"It is more likely that an attacker who has already compromised the system would create such malformed registry entries with intent to confuse a user," Microsoft said in the advisory.

Learn about RSS and how to programmatically create an RSS file for your FrontPage 2003 Web site. The download that accompanies this article contains a VBA project and an XSLT file that you can use to generate and display RSS feeds.

If you have a Web site that contains content that you frequently update, such as articles or stories, you may want an RSS feed to help your customers keep up with your updates. This article explains the XML behind RSS and provides a Microsoft Office FrontPage 2003 Visual Basic for Applications (VBA) project that you can use to programmatically generate an RSS feed for your FrontPage Web site.

"Full Article Here"

While blogs arguably make up the majority of RSS content, many news sites also syndicate content via RSS—for example, Search Engine Watch is available via RSS feeds.

But RSS feeds are increasingly being used for other types of content. For example, you can get RSS feeds with weather forecasts, company news and financial information, package tracking and lots of others. Even the venerable Yahoo Directory is available now through RSS feeds.

Although there are literally millions of feeds available, finding those that are appealing and relevant to you isn't always easy. The major search engines are all dabbling with feed search, but none offer a robust service as yet. And while there are a number of smaller, specialized blog and feed search engines, their lack of resources and the problem of blog and feed spam means their search results are often useless. So finding relevant feeds, at least for the time-being, often remains a hit-or-miss affair.

"Full article here"

Google penalizes page rank when content is duplicated by other sites

Have your rankings slipped? It is possible that your page contents have been duplicated causing a duplicate content penalty. Google doesn't want multiple copies of the same content. So they will devalue all but one of the copies of the content based on the age of the page.

It has been a chore to check for duplicated content. This chore is easier now - www.copyscape.com. Just by entering the URL of the page you want to check, Copyscape will return a list of pages in the Google index that contain text also present on your site.

Hitachi Global Storage Technologies Inc. has started shipping a higher-capacity version of its Microdrive 1-in. hard disk drive and has made improvements to its 1.8-in. Travelstar drives, the company said Friday.

The drives are commonly used in portable consumer electronics devices such as digital music players. Products featuring the drives with increased capacity could be available before the end of the year, San Jose-based Hitachi said.

The company's current highest-capacity Microdrive is a 6GB model, and the new drives will be available in capacities of 6GB and 8GB. In the case of the 8GB drive, the extra space is enough for about 500 more average-size MP3 songs. In addition to the capacity boost offered by one of the new drives, they have several improvements over existing models: Size has been reduced by around 20%, and power consumption has been cut by 40%, the company said.

Justice Murray Wilcox of Australia's Federal Court ruled largely in favor of music labels, including Universal, Sony, Warner and Festival Mushroom, which had argued that the Kazaa software--owned by Australian-based Sharman Networks--was used to undertake copyright infringement on a massive scale. The labels had also targeted United States-based Altnet, which provides a search technology for Kazaa and is a close partner of Sharman.

Wilcox also ordered respondents Sharman Networks, LEF Interactive, Sharman CEO Nicole Hemming, Altnet and Brilliant Digital Entertainment boss Kevin Bermeister to pay 90 percent of the music industry's court costs.

The judge dismissed the music industry's claims the Kazaa parties had contravened Australia's Trade Practices Act and engaged in conspiracy, as well as dismissing as "overstated" the industry's allegation that Kazaa's managers were engaged in copyright-infringing behaviour themselves. "The more realistic claim is that the respondents authorized users to infringe the applicants' copyright in their sound recordings," he said.

Kazaa can remain in operation, Wilcox said, if the software maker meets either of two conditions. First, "non-optional key-word filter technology" would need to be included in current versions of the software received by new users and in future versions of the software and if "maximum pressure" was exerted on existing users to upgrade to a new version containing the technology. The other option was that the Altnet search software--called TopSearch--be restricted to providing lists of non-copyright-infringing works.