E Ink® Imaging Film is a simple ink sheet component that can be integrated into a device to create a high resolution display with all of the unique attributes of electronic ink: long battery life, a wide viewing angle and a paper-like reading experience. While current devices using E Ink® Imaging Film have rigid backplane electronics, the Imaging Film itself is plastic and can be flexed and rolled, combining the complete look and feel of a paper document. Once electronics manufacturers are able to mass produce flexible backplanes, E Ink® Imaging Film will bring the E Ink founders' vision of a flexible newspaper with the versatility of digital control and wireless update to life. Learn More

gumstix products

Products that enable – dream, design, build using gumstix basix and connex platforms!

In keeping with the theme between now and Christmas Holiday season. It's time the System Administrator gets rewarded for their thankless job. The admin for deadtroll.com did this.

So see the movie here!

Expect more spam. Lots more. It's a recurring theme seemingly as inevitable as Christmas carols and fruitcake, as internetnews.com has reported in 2002, 2003 and 2004.

Security experts at anti-spam and anti-virus vendor AppRiver expect the volume of spam to double during the holidays. The irritating messages accounted for 81 percent of all e-mails its customers saw in August. But spammers pull out all the stops for the holiday deluge, with good reason.

One of the trends AppRiver officials see with spam is that while many of the offers feature the generic replica watches, weight loss pills and the like, spammers are including name brand items to give the e-mails a hint of legitimacy.

The expected spam surge also likely coincides with the recent rash of viruses spreading throughout the Internet.

The Federal Bureau of Investigation (FBI) released an advisory Tuesday warning consumers of e-mail purportedly coming from the agency but are in fact spoofed e-mails (define)containing a variant of the Sober virus.

The spoof claims the FBI has tracked the user's IP address to a number of illegal Web sites and tells them to open an attachment containing what the e-mail states are a list of questions to answer.

A new initiative set up to dispel confusion over virus-naming, the Common Malware Enumeration (CME), was launched on Wednesday Oct.7 2005. It has been a long time coming but finally there is a way to find a common name.

The problem is, when you get a virus sample and you have 15 minutes to get something going. 'You have to name it, work out how to handle it and then kick it back out ... Now every piece of malware will end up with just 18 names and a number.'

The industry group, backed by a string of global security companies, aims to provide a common name for high profile threats in the hope that customers will be able to protect their computers from malware attacks more effectively.

The need for a more uniform approach to virus-naming has been a long-standing issue for users. Many have grown increasingly frustrated with different anti-virus vendors relying on different naming conventions to refer to particular threats.

Companies signed up to the CME will work to apply the same identifier to each piece of malware discovered by the group. It will use identifiers that will follow the format of CME-N, where N is a unique series of numerical digits. The name will be adopted by the anti-virus vendors, which can then be used in products and websites. Link Here

Search engine darling Google Inc. has issued a patch to cover a range of potentially dangerous security flaws in the enterprise-facing Google Mini search appliance.

The company's patch was issued after researchers at the Metasploit Project pinpointed several bugs that can be exploited by malicious hackers to conduct cross-site scripting, file discovery and service enumeration attackers.

Metasploit creator H.D. Moore warned in an advisory that the most serious bug can lead to arbitrary command execution.

Security alerts aggregator Secunia Inc. rates the flaws as "highly critical."

According to Moore, Google's patch and advisory were only released to businesses that pay about $3,000 for the pizza box-sized appliance.

A spokesperson for Google said the company learned of the issue several months ago and quickly made a patch available to all enterprise customers. "No customers have reported any effect related to this issue," he added.

Metasploit's Moore said the flaw was discovered in a feature that allows customization of the Google Mini's search interface through XSLT (Extensible Stylesheet Language Transformations) style sheets. He explained that certain versions of the appliance allow a remote URL to be supplied as the path to the XSLT style sheet, and warned that the feature can be abused to perform malicious hacking attacks.

The computer security research organization's report reveals that cyber criminals have shifted targets. Over the past five years, most hackers went after operating systems and Internet services like Web servers and E-mail servers. In 2005, they took aim at software applications.

The applications under fire span a variety of operating systems. They include enterprise backup software, anti-virus software, PHP applications, database software, peer-to-peer file sharing software, DNS software, media player software, IM software, and Internet browsers.

The second major finding of the report is that vulnerabilities in network operating systems such Cisco’s Internetwork Operating System (IOS), which powers most of the routers and switches on the Internet, represent a significant threat.

"The bottom line is that security has been set back nearly six years in the past 18 months," Alan Paller, director of research for the SANS Institute, wrote in an E-mail. "Six years ago, attackers targeted operating systems and the operating system vendors didn't do automated patching. In the intervening years, automated patching protected everyone from government to grandma. Now the attackers are targeting popular applications, and the vendors of those applications do not do automated patching."

Security experts credit Microsoft's efforts to improve its software with forcing hackers to look for lower hanging fruit. Part of the reason we're seeing a more of the attacks go against things other than the Windows operating system is that the Windows operating system has gotten better.

Full Article

The new facet can be found at www.live.com, which Microsoft uses to deliver some of its software products. The Live.com Web site debuted about three weeks ago.

At Live.com, Microsoft now supplies e-mail and instant messaging features for any Internet domain (addresses used to network computers).

Analysts felt Microsoft is also trying to fend off challenges from Google Inc. and other competitors that have already adopted the same "live" view on software.

But it means a departure from Microsoft's historical way of offering services: licensing the applications to computer manufacturers or selling them to consumers on disks.

Has the time come where people really think their own machines and applications are best managed by someone else? I still remember people scoffing at Larry Ellison when he made statments about network applications years ago. Have the weaknesses of the OS and browser created yet another market? Was it a case where MS could take on Oracle and Sun easily. When the word Google is spoke they seem to respond in turn. 

 Please note that the $100 laptops—not yet in production—will not be available for sale. The laptops will only be distributed to schools directly through large government initiatives.

The MIT Media Lab has launched a new research initiative to develop a $100 laptop—a technology that could revolutionize how we educate the world's children. To achieve this goal, a new, non-profit association, One Laptop per Child (OLPC), has been created. The initiative was first announced by Nicholas Negroponte, Lab chairman and co-founder, at the World Economic Forum at Davos, Switzerland in January 2005.

Learn More

Trust SONY ?

On Oct. 31, Mark Russinovich broke the story in his blog: Sony BMG Music Entertainment distributed a copy-protection scheme with music CDs that secretly installed a rootkit on computers. This software tool is run without your knowledge or consent -- if it's loaded on your computer with a CD, a hacker can gain and maintain access to your system and you wouldn't know it.

The Sony code modifies Windows so you can't tell it's there, a process called "cloaking" in the hacker world. It acts as spyware, surreptitiously sending information about you to Sony. And it can't be removed; trying to get rid of it damages Windows.

This story was picked up by other blogs (including mine), followed by the computer press. Finally, the mainstream media took it up.

The outcry was so great that on Nov. 11, Sony announced it was temporarily halting production of that copy-protection scheme. That still wasn't enough -- on Nov. 14 the company announced it was pulling copy-protected CDs from store shelves and offered to replace customers' infected CDs for free.

Full story here.

The new Google Base (beta) service means you can add all types of information that they will host and make searchable online. Describe any item you wish to post with attributes, which will help people find it when searching Google Base, which may also be included in the main Google search index and other Google products like Froogle and Google Local.

Its free and all types of online and offline information and images are accepted. Interesting items already posted include non-profit organisations and recipes for tikka masala.

Google have also set out guidelines for what is prohibited such as product endorsing, gambling, illegal goods and hacking.

For more information visit: http://base.google.com/base/default

Why are you clicking on attachments still???? Do you just like pain or what?

Both Kaspersky Lab and Symantec have detected worm variants. Kaspersky noted three variants of E-mail-Worm.Win32.Sober, which Symantec identified as W32.Sober.S@mm.

The variants are modifications of the same program, according to Kaspersky. A "large number of samples" of the variants have been intercepted in e-mail traffic, indicating that the worms are spreading by spam containing infected messages, Kaspersky said in a statement. The variants arrive as an attachment to infected messages.

The messages might not have a subject line or text, but can be identified by the attachment name. The attachment names thus far identified are: Exceltab-packed_list.exe; Liste.zip; Reg-List-Dat_Packer2.exe; reg_text.zip; Word-Text.zip; Word-Text_packedList.exe; Word-Text_packedList.zip.

The worm activates only if a computer user clicks on the attachment, which causes a false error message, "WinZip Self-Extractor. WinZip_Data_Module is missing ~Error," to pop up, Kaspersky said. The worm variants copy themselves to the Windows system directory and then register the files to the system Registry so that the worm launches every time Windows is rebooted.

The Sunnyvale, Calif., chip maker is aiming to roll out a quad-core-capable processor family during 2007 and switch to an all-new processor architecture later this decade.

The quad-capable family will result in a wide range of four core processors, including offerings for desktops, notebooks and one for servers that can fit into machines with as many as 32 processors.

AMD aims to use its ability to step up on processor cores in 2007, along with its move to a new processor architecture around 2008 or 2009 as a means to meet its goals of maintaining what it sees as a technical lead over Intel Corp., its larger rival, while fostering a grow rate that's at least two-times the market average, company executives said in a meeting for analysts on Tuesday.

AMD hopes to use its Opteron chip's recent wins in rack-mount servers to gain more acceptance in areas such as blade servers, corporate desktops and business notebooks, over time, executives explained at the meeting.

Poor Skype. They started out last week with the best of intentions, releasing what they called an independent security evaluation of their VOIP product, and ended up with egg on their virtual faces as high risk security vulnerabilities came to light.

Skype, based in Luxembourg, has positioned its VOIP product as superior to any one else's in the field because the voice data is encrypted. Since Skype hasn't made its encryption scheme public, this has led to some questions on just how secure it is (and how much of a Calera backdoor was built in.) The author of the report, Tom Berson of Anagram Labs, is well respected in the security field and would seem to be a good choice to author such a reassuring effort.

Of course, to make matters worse, vulnerabilities in the code showed up at the same time as the report's release. Skype says that the vulnerabilities affect Skype software for Windows, Mac OS X, Linux and Pocket PC. Skype goes on to say, "Skype can be made to execute arbitrary code through a buffer overflow when Skype is called upon to handle malformed URLs that are in Skype-specific URI types callto:// and skype://." Also, Skype could launch malicious code "during importation of a VCARD that is in a specific non-standard format."  "Full Article"

DRAM output continuing to grow, oversupply in the DDR and DDR2 segments will continue over the upcoming months, and the effects on memory price trends in both the contract and spot markets.

InSpectrum noted that the output ramp from both Taiwan and US makers were fairly stable in October, while a Germany-based memory maker reported output growth from its partners. Japan and Korea based vendors, in the meantime, continue to report escalating output.

Contract prices in the second quarter of November should drop further as some PC OEMs may receive special offers from memory makers. Heavy trading may expose traders to dramatic price drops, of up to 5% in single day, InSpectrum predicted.

This video series is designed specifically for individuals who are interested in learning the basics of how to create applications using Visual Basic 2005 Express Edition and Visual C# 2005 Express Edition. This includes over 10 hours of video-based instruction that walks from creating your first "Hello World" application to a fully functioning RSS Reader application. Learn how to write your first application today!!

For more information on software development with Visual Basic Express Edition or Visual C# Express Edition, you may be interested in these "Go Here"

Also the Visual Studio 2005 Express Edition Forums are very helpful. Link to the QuickStart.

Digital media delivery firm RealNetworks Inc. late Thursday shipped a major security update for its RealPlayer software to patch a pair of remote code execution vulnerabilities.

The security holes, which were reported to RealNetworks more than four months ago, could be exploited by malicious hackers to take complete control over a vulnerable machine.

According to eEye Digital Security, the company that discovered the bugs, the most serious flaw exists in the first data packet contained in a Real Media file.

By specially crafting a malformed ".rm" movie file, a direct stack overwrite is triggered, and reliable code execution is possible.

Affected software include RealPlayer 8, RealPlayer 10, RealOne Player v1, RealOne Player v2, RealPlayer Enterprise (Windows): RealPlayer 10 (Mac); RealPlayer 10 and Helix Player (Linux).

During October, 49.8 percent of the personal computers sold by retail stores in the United States contained an AMD processor, while 48.5 percent held a chip from Intel Corp., a report by Current Analysis Inc. shows. The San Diego, Calif., firm tracks sales at retail stores such as Best Buy.

Although it's not the first time AMD has surpassed Intel in one category or another at retail—AMD edged out Intel in desktops during September, for example, Current Analysis said—the October figures appear to show AMD riding a wave.

The Sunnyvale, Calif., company's retail market share surged from around 20 percent in June to almost 40 percent in July. Intel, meanwhile, saw its monthly numbers drop from near 80 percent in June to about 60 percent in July.

"Intel had no real low-end desktop offering in October. So it lost a lot of sales there," said Matt Sargent, the firm's director of research. Meanwhile, "The [Intel] Pentium 4 wasn't price competitive with [AMD's] Athlon 64. Those factors combined to submerge Intel in October."

NPD Group, which also measures retail sales, has spotted a similar trend for AMD and Intel. During September, the last month the firm has data for, AMD had 47.6 percent of desktops, while Intel had 46.9 percent, NPD figures show. But the situation reversed itself in notebooks, where Intel garnered 68.9 percent sales, while AMD had 21.7 percent.

A 301 permanent redirect is the redirection method recommended by the major search engines. Using a 301 redirect you are in effect telling the search engines the page has moved and to update their index. It also has the nice side benefit of redirecting the benefit of inbound links to the new page.

Implementing a 301 permanent redirect is different depending on the operating system and/or programming language you are using on your server:

IIS Redirect
In internet services manager, right click on /old-file.htm
Select the radio titled "a redirection to a URL".
Enter the redirection page.
Check "The exact url entered above" and the "A permanent redirection for this resource"
Click on 'Apply'
Apache Redirect
Create a file called .htaccess in your root directory and add the following line:

Redirect 301 /current.htm http://www.domainname.com/blabla.htm
ColdFusion Redirect
Edit the file /current.htm and put the following code:

<cfheader statuscode="301" statustext="Moved permanently">
<cfheader name="Location" value="http://www.domainname.com/blabla.htm">

PHP Redirect
Edit the file /current.htm and put the following code:

<?php
Header( "HTTP/1.1 301 Moved Permanently" );
Header( "Location: http://www.domainname.com/blabla.htm" );
?>
ASP Redirect
Edit the file /current.htm and put the following code:

<%@ Language=VBScript %>
<%
Response.Status="301 Moved Permanently"
Response.AddHeader "Location", " http://www.domainname.com/blabla.htm"
%>
ASP .NET Redirect
Edit the file /current.htm and put the following code:

<script runat="server">
private void Page_Load(object sender, System.EventArgs e) {
Response.Status = "301 Moved Permanently";
Response.AddHeader("Location","http://www.domainname.com/blabla.htm");
}
</script>
HTML Redirect
Edit the file /current.htm and put the following code:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Your Page Title</title>
<meta http-equiv="REFRESH" content="0;url=http://www.domainname.com/blabla.htm">
</HEAD>
<BODY>Optional page text here.

Ira Winkler: Author of "Spies among us" wrote a opinion article which should make you concerned. When you read this, it almost sounds like the plot of a cheesy science fiction novel, where some evil uberhacker is seeking world domination, while a good uberhacker applies all his super brain power to save the world. Sadly, this isn't science fiction, and we don't typically have uberhackers on our side.

Talk of these hacks is going on within the intelligence and defense communities in the U.S. and around the world. The attacks were even given a code name, Titan Rain, within the U.S. government. The attackers appear to be targeting systems with military and secret information of any type. They are also targeting the related technologies. "Full Article"

Two new versions of a virus first reported in May are staging renewed attacks against computers in Russia, encrypting files and then extorting money from victims to decode the files.

After an infection, the Russian-language instructions let victims know how many of their files have been encrypted. Translated, the warning says, "If you want to get these damn files in the decrypted format" then write to the e-mail address given. The message goes on to say, "P.S. And be thankful that they were not completely erased!"

The viruses, called JuNy.A and JuNy.B, search for more than 100 file types by extension, according to a warning issued by Websense Inc. The renewed attack was first reported on a weblog published by Kaspersky Lab Ltd.

It's suspected that the virus enters a computer after a user visits a certain Web site and then exploits a vulnerability. Another theory is the virus is activated after a user runs some type of executable code containing the virus. In the last couple of years, however, virus writers have moved away from writing malicious code simply to display their skills and are increasingly trying to make money. 

Trend offers some removal information. Troj_Juny.A Troj_Juny.B

FXP T@gging is a method for taking over a piece of a Windows server that is open to the Internet. Hackers create a directory on the drive whose name has characters that confuse the Windows operating system. James R. Twine discovered the problem in the most unpleasant way, but the discovery led to a solution, which is now available as shareware or enterprise software.

If you try to delete the directory or files in the normal manner, the OS will tell you you're trying to delete a file that cannot exist because its file name is illegal. You have to work against the OS to delete the hackers' files.

The point to remember here is that this illegal traffic can gobble up a lot of bandwidth. If a hacker put these files on your server, you want to get rid of them. Twine has produced a piece of software to make deleting them easier.

He says he became interested in the problem by accident. He was testing an unrelated piece of software on a friend's server. He had the friend open FTP access, and it was tagged in less than a week.

Deleting the files is time consuming and frustrating. Sometimes, after working against the OS to delete the files, you have to reboot it frequently. In any case, Twine says that the process requires using several different methods.

In order to avoid this time consuming process, he wrote software that goes directly into the OS. He calls it Delete FXP Files because the people who tag servers call themselves FXP groups.

fxp = File eXchange Protocol it's sending files from one ftp to the other, because usually it's a lot faster than upping it manual, with your own connection. It can be used also to make a server send files to another server (hint hint).

Timing their effort to coincide with national Cyber Security Awareness Month and Halloween, the U.S. Federal Trade Commission (FTC), Consumer Action and Microsoft are urging consumers to protect themselves from the threat of zombies, computers that are infected with malicious code so they can be controlled remotely by other people for illegal purposes.

"The only way to slow the spread of zombies and other online threats is by going after them as resolutely and in as many ways as possible," says Tim Cranton, director of Microsoft's Internet Safety Enforcement programs.

Microsoft maintains more than 130,000 MSN Hotmail "trap" accounts to investigate patterns within spam. These accounts catch e-mail sent by spammers to potential e-mail addresses. But, as all spam investigators quickly learn, investigating spam after it's delivered is like tracing an unwanted letter with an illegible (or fake) return address. Most spammers protect their identities by sending mail through zombies or using other masquerading tricks, making it fruitless to trace spammers based on the name listed in the "From" line in the e-mail's header.

But Microsoft's zombie investigation gave the company new insight into how it, as a technology developer and e-mail provider, can fight spam and zombies, as well as how to fight the creators of zombies in court.
"By inserting ourselves in the spammers' path and looking upstream, we have been able to see things we have never been able to see before," Cranton says.

Specifically, Microsoft was able to uncover the IP addresses of the computers that were sending spamming requests to the quarantined zombie, along with the addresses of the Web sites advertised in the spam.
To prove these spamming requests were not isolated examples, Microsoft compared the Web sites advertised in the quarantined zombie's spam to those listed in spam in the MSN Hotmail trap accounts.

Cranton says the researchers found numerous identical matches, and were able to determine that approximately 13 distinct spamming operations either helped create or exploit the zombie code placed on the quarantined computer.

These spammers, who are currently unidentified, are named as "John Doe" defendants in the civil lawsuit Microsoft filed in state court in King County, Wash., on Aug. 17. Filing a "John Doe" lawsuit allows Microsoft to use legal discovery tools – such as third-party subpoenas – to help learn the defendants' true identities.

A rootkit being spread through AOL's popular instant messaging client and AOL chat rooms.

Bundled within the previously identified W32/Sdbot-ADD worm, the lockx.exe rootkit file is installed when users click on the file link within the IM window. Though neither the worm nor the rootkit file are new, it appears to be the worm's first foray into the AIM (AOL's Instant Messenger) network. What's more troubling is that rootkits haven't previously been spread via IM.

Attackers can automatically pass the worm along to users on the Buddy List. Additionally, the rootkit can shut down anti-virus software, alter the users' search page, run CPU usage to 100 percent and automatically download unwanted programs such as 180Solutions, Zango, MaxSearch and others.