I have heard alot of talk about open source development and how great all this php stuff is. I am sorry but I really do not understand how any serious code writer would prefer a scripting environment over a proper application development environment. Just watch a few of the only line videos. Afterward, understanding what you can get for free here should make you understand that this scripting approach with no ability to protect the code you spend that much time on seems logical.

Visual Web Developer Express 2005    Visual Web Developer 2005 Feature Tour

SQL Server Express 2005 edition    SQL Server Express Online Demo

Is the web unistall of Sony DRM leaving the system more open due to the Active X object needed to get it removed? Honestly I cannot understand how a company can do this without legal people doing something.

Matti Nikki of Finland was the first to figure out just what the uninstaller was doing. It seems the uninstaller puts an ActiveX control called CodeSupport on the target machine even before the uninstall URL can be obtained.

The control is marked "safe for scripting" and remains this way on the machine even after the uninstall process is concluded.

What this means is that any remote user can use the methods of this control to do anything. Here's the list of methods that Muzzy found:

GenerateRequestPacket
ExecuteCode (can crash browser)
Uninstall
RebootMachine (exploitable; Muzzy has a demo that may make the
situation worse)
GetProgress
OnLoaded
InitializeDiscScan
GetNumberOfDiscs
IsDRMServerValid
GetAlbumArtist
GetAlbumName
GetMaxBurnCount
GetCurrentBurnCount
GenerateIncrementPacket
IsContentOwnerValid
DoIncrement
GetInstalledSoftwareVersion
IsXCPDiscPresent
InstallUpdate (possibly exploitable, downloads given a URL)
GetInstallProgress
GetCompletionStatus
IsXCPDiscPresentAsLong
IsAdministrator

It was at this point that Ed Felten and Alex Halderman of Princeton got involved on their Freedom to Tinker Weblog. They realized that the CodeSupport control would allow any Web page to download, install and run any code it wants to on your computer, since Code Support doesn't verify that it is only working with the uninstaller code it was supposed to deal with.

Halderman and Felten have written exploits (that they are not making public) to verify that this can occur. While Sony has replaced the Web-based installer with a downloadable .exe file, it remains unclear at this point (given the company's track record) whether the new installer is safe to use.

There is a simple way suggested by Halderman and Felten to remove the CodeSupport component from Windows if you have been affected.

From the Start Menu, choose Run, and then type the following (between the brackets without typing the brackets) into the box that appears.
[cmd /k del "%windir%\downloaded program files\codesupport.*"]

That should delete all files associated with control. Please understand that you do this at your own risk, since your security settings may not prevent the software from being installed again.

Everyone knows GoDaddy is pushing the multiple year domain registration:

Google recently filed United States Patent Application 20050071741. As part of that patent application, Google made apparent its efforts to wipe out search engine spam, stating:

‘Valuable (legitimate) domains are often paid for several years in advance, while doorway (illegitimate) domains rarely are used for more than a year. Therefore, the date when a domain expires in the future can be used as a factor in predicting the legitimacy of a domain and, thus, the documents associated therewith.”

Domains registered for longer periods give the indication, true or not, that their owner is legitimate. Google uses a domain’s length of registration when indexing and ranking a Web site for inclusion in their organic search results.

So to prove to everyone that your site is the real deal, register for more than one year and increase your chances of boosting your search ranking on Google.

I have read the doc beginning to end and honestly this is some of the driest garbage since my last RFC reading. The new GoDaddy sales technique, is one of the smartest examples of marketing seen from registars in some time. Then I have been around long enough to remember when longer domain names came out in 1999. That spawned a mad rush for hyphenated domain names that to me never really paid off for people. But a lot of domain names were sold.

What is described in the patent looks like a "method" rather than a new Google's algorythm add-on. As the patent's title implies, it's about a method to retrieve informations filtering them on an historical basis. "Google" name NEVER appears in patent contents. It seems spammers registers domains for just one year, often providing false admin and contact details. Domains registered for more that one year may get a higher score. The Patent does not refer to any historical data related to domain age: it seems to focus on domain expiration rather than domain creation. Therefore if your domain is 5 years old, and this would mean you're serious about it, you could even be penalized because you renew it yearly. When we all know that either or both can be collected at the same time.

While Information retrieval based on historical data is (or may be) a great method to leave spammers out of the door, there are some indicators Google actually uses to catch spammer sites.

1. Multiple domains with the same contents. Not uncommon to see many similar websites ranking high for certain keywords then disappear from index after a certain period of time (usually one month)
2. Google's ABUSE service. Based on users' input. Users can report a website they suspect it's spamming the search engine to Google abuse service. The website will be investigated (by a human) and, if it's caught on some spamming activities is banned.
3. Keyword Stuffing. Pages that present same keyword repeated over and over usually rank high for a short period of time then disappear from index. Keyword Stuffing infact is considered the most annoying spam practice.
4. Don't forget the so-called Sandbox effect (read about it on Google Sandbox effect)

Closing: I would have to question Godaddy scare tactics as a method for sales though it is proven to be effective. Logic would say Google would not use any single method like this to pollute a algorythm they have worked so hard to develope. If someone is registering a fresh domain name for the first time, it might be in their best interest to do so for more than one year. Or untill a history is established. Though logic would also say the same, to those search spam people after all the gain is great and the investment small.

The sharp rise in rootkit detections on Windows machines is a direct result of adware/spyware vendors using sophisticated techniques to hide processes and prevent uninstall, according to anti-virus vendor F-Secure Corp.

F-Secure the Finnish company, which ships an anti-rootkit scanner in its security suite, has identified ContextPlus, Inc., makers of the Apropos and PeopleOnPage adware programs, as the company responsible for a large number of stealth rootkit infections.

F-Secure chief incident officer Mikko Hypponen said the company's BlackLight technology has discovered the use of "very advanced rootkit technologies" in Apropos, a spyware program that collects users' browsing habits and system information and reports back to the ContextPlus servers.

Like the typical spyware application, Apropos uses the data to serve targeted pop-up advertisements while the user is surfing the Web. Unlike the average worm or bot that use rootkit technologies to avoid detection, Hypponen said the rootkit features built into Apropos aren't being used to hide the existence of the program on the machine.

They're using a very sophisticated kernel-mode rootkit that allows the program to hide files, directories, registry keys and processes. The rootkit fitted into Apropos is implemented by a kernel-mode driver that starts automatically early in the boot process. When the files and registry keys have been hidden, no user-mode process is allowed to access them.

A new malicious worm squirming through America Online Inc.'s AIM network has the ability to carry on an instant messaging conversation with potential victims.

Researchers at IMLogic Inc.'s Threat Center spotted the new threat and warned that virus writers are continuing to push the social engineering envelope to trick computer users into downloading nasty malware programs.

The newest worm, identified as IM.Myspace04.AIM, is coded to chat and persuade the victim to click on a malicious URL embedded in the IM message. If the first attempt at infection is unsuccessful and the victim replies to doubt the legitimacy of the link being sent, the worm replies with the following message: "lol no its not its a virus."

Like other IM worms spreading over AOL's instant messaging network, the bot uses an infected user's buddy list to propagate itself, carrying on a conversation with new victims without the infected user's knowledge.

"This sophisticated bot attack is programmed such that infected users cannot see the messages the worm is sending on their behalf. When recipients of the malicious message reply to the infected user, the bot running on the infected machine sends follow-up messages," IMlogic said in an advisory.

On 12-4-2005 I reported this flaw in IE and it seems that Google has adjusted their code to adjust for the IE Flaw.

Google Inc. has made an "adjustment" to its Google Desktop application to protect users from an unpatched design flaw in Microsoft Corp.'s Internet Explorer browser. "We have made an adjustment to the product to help protect users," said Google spokesperson Sonya Boralv. She declined to provide details on the extent of the Google Desktop modifications.

Boralv said users aren't required to take any action to get protected because the changes were made "on our end" to block the remote access attack vector.

New York Stock Exchange members Tuesday voted overwhelmingly in favor of its deal to buy electronic trading company Archipelago Holdings Inc., the Big Board said, which will turn the 213-year-old Exchange into a for-profit, publicly traded company and give it clout to compete with nimble electronic rivals.

The deal creates NYSE Group Inc., which will begin on the Big Board under the symbol and is valued at $9.6 billion at current prices.

Support from members has been given a large boost by a huge run-up in NYSE seat prices, currently trading at a record $4 million. NYSE members will take home $300,000 for each seat and will share 70 percent of the shares in the new company.

A bug in Microsoft Corp.'s Internet Explorer Web browser gives phishers a way to scan the hard drives of Google Desktop users, according to an Israeli hacker. Because of a flaw in the way Internet Explorer processes Web pages, a malicious Web site could use the attack to steal sensitive information such as credit card numbers or passwords from the hard drives of its visitors.

"Google Desktop users who use IE are currently completely exposed," hacker Matan Gillon said via e-mail. "An experienced attacker can covertly harvest their hard drives for sensitive information such as passwords and credit card numbers. Since Google also indexes e-mails which can be read in the Web interface itself, it's also possible to access them using this attack."  Full Article

Microsoft Corp. said Friday that some people who use its Hotmail and MSN e-mail services are not receiving e-mail sent from Comcast Corp. accounts and other Internet service providers.

Brooke Richardson, a group product manager with Microsoft's MSN online division, said the problem appears to be due to an increase in e-mail volumes, which it is attributed in part to the Sober Internet worm.

She said the high volumes are causing e-mail to either be delayed or not make it to MSN and Hotmail users at all.

Richardson said the problem began earlier this week. She would not name the other Internet service providers besides Comcast whose users were encountering the same problem. She also couldn't say when the problem would be fixed.

Comcast spokeswoman Jennifer Khoury said the problem is only affecting Comcast e-mail being sent to the MSN and Hotmail accounts, and that other e-mail is getting to recipients without delay. She said the company is working with Microsoft to resolve the problem.

Sharks aren't that bad!       Run the reel

Steven Hogg has some funny videos here. Under Scottish Funny Video Clips.

The source of the video is unknown but since someone went through this much work I thought it was worth making it available for everyone to see. Run the Reel

Starting with Windows 2003 Server, Microsoft security requires that all file types the server is going to host be registered with the server via MIME types. If you have recently migrated from an earlier server to a 2003 platform, you may notice your tours do not work until these MIME types are added to the server's configuration.

The MIME type info is as follows:
file extension=.ips   application/x-ipscript
file extension=.ipx   application/x-ipix

   AOL Releases Standalone Security App

This should give any knowledgable person a warm fuzzy feeling. As I was reading the news feed on this one today I was so excited I wanted to get some of this. NOT! Here is the article. This group of people actually astound me with their approach. A company which until recently did not offer anything but their proprietary mail server. They have never followed the RFC's with their own mail servers with omitting the abuse and postmaster mail accounts which is a requirement clearly defined.  Yet they think they can dictate to the world how everyone else should run their mail servers. Requiring a reverse look up is absolutely stupid. Most mail servers put a weight associated to reverse lookup and goes against determining what is spam. To do this simply blocks huge numbers of valid emails and honestly they have no easy way for their users to get the problem corrected.

Here is just what any rejected sender has to do to be whitelisted. AOL sender needs to do for a whitelist. AOL® Postmaster Hotline at 1-888-212-5537 I offer this number so everyone can give them a call with how stupid they really are to do this.

However, it seems to me if they had a proper mail server their users could have white list access themself. After all we are certainly familar with third level mail server software. We have to make sure these features are there for our clients. The artilce I refer to in this post has some great comments from other people about AOL and honestly is one of the many you can find world wide. I am focusing this post on email. I know how stupidly they do that! Heaven only knows what will be broken letting these people control your machines security. Given the vast number of unexperienced users they have, I am sure it is better than nothing. Afterall if they were knowledgable would they even consider AOL an option? I think that anyone who hires a company who thinks they can dictate standards to the world, gets exactly what they are paying for. Hopefully their clients will become so isolated on that island called AOL, that they decide rightly to simply leave.

I have had several people ask me just how am I going to replace QuickTime? If I decide to remove something from my system as with QuickTime and there is no solution I do without. Personally I feel no QuickTime Movie is worth leaving this third level plugin threat in ones machine that could allow someone to take it over without being patched.

A friend Baz Peracha recommended I check out this product, which simply adds the codecs to Media Player. I have refused for some time to install Real Audio due to the problems it has created in the past. This actually works as a great free cure to all these issues.

With the K-Lite Codec Pack you should be able to play all the popular movie formats and even some rare formats. This package is mainly for power users and people who do their own encodings.

K-Lite Codec Pack is a collection of codecs and related tools. The K-Lite Codec Pack is designed as a user-friendly solution for playing all your movie files.  Get it here

FlyakiteOSX 2.0

Anti-Spam Filter is now freeware! For Outlook or Outlook Express

SpamLiquidator's free Anti-Spam Filter is an innovative self-learning spam filtering system, offering you spam protection without deleting the important correspondence. The software maintains its own collaborative spam-tracking database, which uses the signatures of spam messages. It is different from other anti spam programs in the way that you're not the only one to "teach" it, but all of our project users contribute to it.

Upon studying many spam detection algorithms, we have come to a conclusion that only a human being is truly a hundred percent capable of discriminating spam against regular messages. Even the most complex algorithms make mistakes, and can either pass the spam through ("false negative") or, much worse, delete an important letter. They call it "false positive". The only way of generating a real spam killer is uniting all of our efforts.

How does it work? Aside from initial filters provided by our program and created by our developers, Anti-Spam Filter presents a claim submission practice, in case you have got some spam coming through. The process is ultimately simplified - to report spam and make a filtering rule created you just have to make two mouse-clicks.

The development of the Spam Liquidator project has begun in September 2002. As of February 20 2003, the project has been open to public via Internet. Our software functions are regularly being updated and supplemented. We are open for all suggestions and propositions. "Get it here"

Recently my own anti-virus software attacked an removed a .dll within the installed path of QuickTime Player. This caused me a good deal of concern. I assumed at first that the anti-virus software was being over zealous. Today I was trying to remove the QuickTime Player and thought I would simply uninstall and reinstall a new version. This is where we all start laughing out loud.

Well no big deal I thought, just go trash all the keys. I had no idea just how many keys were assoicated to this software. Go Apple! So after about an half hour of trashing the keys I decided I would look into the problem before I reinstall. I was abit taken in by the topic I was exploring here. Seems when it comes to Apple everyone acts like no negative comments can be made. Personally I have the solution to this problem. Remove it untill apple decides to get it right. I am quickly reminded of the Sony Deal. Are companies actually no longer responsible for setting people up to Remote Code Execution?

eEye Security has posted these short bits on their site. EEYEB-20051031 | EEYEB-20051117a | EEYEB-20051117b

Researchers at eEye Digital Security have taken a bite out of two popular Apple Computer Inc. products, flagging two critical vulnerabilities in the iTunes and QuickTime applications.

The flaws, which put millions of Windows users at risk of code execution attacks, remain unpatched.

Steve Manzuik, security product manager on eEye's research team, said the newest version of iTunes, which was released by Apple earlier this month, contains the vulnerability.

eEye, of Aliso Viejo, Calif., has posted two brief notices on its Web page for upcoming advisories warning that the flaws carry a "high risk" label. "Full Article"

E Ink® Imaging Film is a simple ink sheet component that can be integrated into a device to create a high resolution display with all of the unique attributes of electronic ink: long battery life, a wide viewing angle and a paper-like reading experience. While current devices using E Ink® Imaging Film have rigid backplane electronics, the Imaging Film itself is plastic and can be flexed and rolled, combining the complete look and feel of a paper document. Once electronics manufacturers are able to mass produce flexible backplanes, E Ink® Imaging Film will bring the E Ink founders' vision of a flexible newspaper with the versatility of digital control and wireless update to life. Learn More

gumstix products

Products that enable – dream, design, build using gumstix basix and connex platforms!

In keeping with the theme between now and Christmas Holiday season. It's time the System Administrator gets rewarded for their thankless job. The admin for deadtroll.com did this.

So see the movie here!

Expect more spam. Lots more. It's a recurring theme seemingly as inevitable as Christmas carols and fruitcake, as internetnews.com has reported in 2002, 2003 and 2004.

Security experts at anti-spam and anti-virus vendor AppRiver expect the volume of spam to double during the holidays. The irritating messages accounted for 81 percent of all e-mails its customers saw in August. But spammers pull out all the stops for the holiday deluge, with good reason.

One of the trends AppRiver officials see with spam is that while many of the offers feature the generic replica watches, weight loss pills and the like, spammers are including name brand items to give the e-mails a hint of legitimacy.

The expected spam surge also likely coincides with the recent rash of viruses spreading throughout the Internet.

The Federal Bureau of Investigation (FBI) released an advisory Tuesday warning consumers of e-mail purportedly coming from the agency but are in fact spoofed e-mails (define)containing a variant of the Sober virus.

The spoof claims the FBI has tracked the user's IP address to a number of illegal Web sites and tells them to open an attachment containing what the e-mail states are a list of questions to answer.

A new initiative set up to dispel confusion over virus-naming, the Common Malware Enumeration (CME), was launched on Wednesday Oct.7 2005. It has been a long time coming but finally there is a way to find a common name.

The problem is, when you get a virus sample and you have 15 minutes to get something going. 'You have to name it, work out how to handle it and then kick it back out ... Now every piece of malware will end up with just 18 names and a number.'

The industry group, backed by a string of global security companies, aims to provide a common name for high profile threats in the hope that customers will be able to protect their computers from malware attacks more effectively.

The need for a more uniform approach to virus-naming has been a long-standing issue for users. Many have grown increasingly frustrated with different anti-virus vendors relying on different naming conventions to refer to particular threats.

Companies signed up to the CME will work to apply the same identifier to each piece of malware discovered by the group. It will use identifiers that will follow the format of CME-N, where N is a unique series of numerical digits. The name will be adopted by the anti-virus vendors, which can then be used in products and websites. Link Here

Search engine darling Google Inc. has issued a patch to cover a range of potentially dangerous security flaws in the enterprise-facing Google Mini search appliance.

The company's patch was issued after researchers at the Metasploit Project pinpointed several bugs that can be exploited by malicious hackers to conduct cross-site scripting, file discovery and service enumeration attackers.

Metasploit creator H.D. Moore warned in an advisory that the most serious bug can lead to arbitrary command execution.

Security alerts aggregator Secunia Inc. rates the flaws as "highly critical."

According to Moore, Google's patch and advisory were only released to businesses that pay about $3,000 for the pizza box-sized appliance.

A spokesperson for Google said the company learned of the issue several months ago and quickly made a patch available to all enterprise customers. "No customers have reported any effect related to this issue," he added.

Metasploit's Moore said the flaw was discovered in a feature that allows customization of the Google Mini's search interface through XSLT (Extensible Stylesheet Language Transformations) style sheets. He explained that certain versions of the appliance allow a remote URL to be supplied as the path to the XSLT style sheet, and warned that the feature can be abused to perform malicious hacking attacks.

The computer security research organization's report reveals that cyber criminals have shifted targets. Over the past five years, most hackers went after operating systems and Internet services like Web servers and E-mail servers. In 2005, they took aim at software applications.

The applications under fire span a variety of operating systems. They include enterprise backup software, anti-virus software, PHP applications, database software, peer-to-peer file sharing software, DNS software, media player software, IM software, and Internet browsers.

The second major finding of the report is that vulnerabilities in network operating systems such Cisco’s Internetwork Operating System (IOS), which powers most of the routers and switches on the Internet, represent a significant threat.

"The bottom line is that security has been set back nearly six years in the past 18 months," Alan Paller, director of research for the SANS Institute, wrote in an E-mail. "Six years ago, attackers targeted operating systems and the operating system vendors didn't do automated patching. In the intervening years, automated patching protected everyone from government to grandma. Now the attackers are targeting popular applications, and the vendors of those applications do not do automated patching."

Security experts credit Microsoft's efforts to improve its software with forcing hackers to look for lower hanging fruit. Part of the reason we're seeing a more of the attacks go against things other than the Windows operating system is that the Windows operating system has gotten better.

Full Article

The new facet can be found at www.live.com, which Microsoft uses to deliver some of its software products. The Live.com Web site debuted about three weeks ago.

At Live.com, Microsoft now supplies e-mail and instant messaging features for any Internet domain (addresses used to network computers).

Analysts felt Microsoft is also trying to fend off challenges from Google Inc. and other competitors that have already adopted the same "live" view on software.

But it means a departure from Microsoft's historical way of offering services: licensing the applications to computer manufacturers or selling them to consumers on disks.

Has the time come where people really think their own machines and applications are best managed by someone else? I still remember people scoffing at Larry Ellison when he made statments about network applications years ago. Have the weaknesses of the OS and browser created yet another market? Was it a case where MS could take on Oracle and Sun easily. When the word Google is spoke they seem to respond in turn.