Connection string for web.config. Attaching your uploaded database to a 2005 SQLExpress server without administrator needing to help. Make sure to insert the name of your database in the areas marked in bold.

<connectionStrings>
    <add name="DBNAMEConnStr" connectionString="Data Source=.\SQLExpress;Integrated Security=True;User Instance=True;AttachDBFilename=|DataDirectory|DBNAME.mdf"
providerName="System.Data.SqlClient"/>
        </connectionStrings>

I must post this hack which has come to our attention if for no other reason to save some other administrators some time. First I found the exists of a service called network.exe within System32 though as we all know the name is not important. Look for any unknown service running. Search your regkeys and kill the reference that starts this service.

You will know you have the problem when you cannot click on anything within Enterprise Manager like a database or Logins and go to properties. The error will appear related to xpstar.dll at this point. Well you can copy them from another SQL install or simply run SP4 SQL 2000 again. But this only fixes SQL it does not get to the root of the problem.

The cause is a .bat or .cmd which has been inserted to do the dirty work. Search your system for the offending, in this case it was known as a761.bat but again it can be named anything. So remove the registry entry that tells the bat to run when you logon. Or you have not beat anything yet.

So lets look at the .bat file.

net stop mssqlserver
net stop mssqlserver /Y
DEL C:\Program Files\Microsoft SQL Server\MSSQL\Binn\xplog70.dll
DEL C:\Program Files\Microsoft SQL Server\MSSQL\Binn\odsole70.dll
DEL C:\Program Files\Microsoft SQL Server\MSSQL\Binn\xpstar.dll
del c:\PROGRA~1\MICROS~1\MSSQL\Binn\xplog70.dll
del c:\PROGRA~1\MICROS~1\MSSQL\Binn\xpstar.dll
del c:\PROGRA~1\MICROS~1\MSSQL\Binn\odsole70.dll
net start mssqlserver

So after we are done making sure the bad code has been removed then make sure the files are in place, as I said this can be done either copying them or reinstall SP4 for SQL 2000.

I won't go into how we stop the badguy from returning. That is up to each administrator what method you want to take. I offer this only as a way to get you out of trouble and allow you the time to think about how they did it and how to prevent it.

I recieved a request how do I block my child from going to a specific site. They did not want to load any software or block their childs use. They just wanted stop them from spending hours on MySpace. Well I kind of thought sorry for the kind but it is easy. Just a simple edit to the Host File in this path will make the URL call go right back to the source machine. The example below I added *. so that no matter what the URL of myspace.com they call, it will never leave their local machine. Many kid's would not be fooled by this! However most would just be mad at their parents and give up. This gives the path to where the file is located to edit with notepad and save. It will only trash Myspace.com if you have a list add them.

A critical security vulnerability in an ActiveX control used by Internet Explorer could allow malicious hackers to use Adobe's Reader and Acrobat software to launch PC hijack attacks, according to a warning from Adobe Systems.

The San Jose, Calif., company released a security support advisory with pre-patch workarounds and warned that multiple unpatched flaws could cause software crashes and "potentially allow an attacker to take control of the affected system."

Affected software includes Adobe Reader 7.0.0 through 7.0.8 and Adobe Acrobat Standard and Professional 7.0.0 through 7.0.8 on the Windows platform. The bugs are only triggered when using Internet Explorer. Users of other browsers are not affected.

Adobe said it is working on a comprehensive patch that will ship "soon" and stressed than an upcoming upgrade to the widely used Adobe Reader program is vulnerable to this issue.

Break.com, one of the rising number of Web sites offering user-generated videos to rival the likes of YouTube, said on Sunday it would nearly double the amount of money it pays for video clips to $400.

Back in January 2005, Break.com started paying $50 per video and raised the price to $250 before Sunday's new hike, Chief Executive Officer Keith Richman said.

The money is even better for animated videos which, due to the complexity of their production, will fetch up to $2,000.

Web video payouts and increases like those unveiled by Break.com are being closely watched in the fledgling Internet arena where competitors such as Revver, BlipTV or iFilm are trying to improve content to lure viewers and advertisers.

For the most part, user-generated videos are less than 10 minutes long and show real people talking into their own cameras, dancing, singing or doing stunts. Sites like Google Inc.'s YouTube have not paid people who upload clips.

It appears people still have no ability to know when they are being scammed. It those people we are going to focus on. Since you seem to not know who you are please just read this and of course look at the powerpoint presentation.

Though some useful tips are when you go to a ATM take your cell phone with you. If someone is being overly friendly take plenty of pictures. If the bank is open just go inside. What ever the situation never let your PIN be revealed, NEVER is there a need for a third hand NEVER.

If you have taken plenty of pictures of Mr. friendly trying to help. If you go outside empty handed make sure to take pictures of anyone else out in the open. It will be clear who that person is when Mr. friendly and the other person meetup and leave together. If there is a vehicle take the License number too. Though I doubt once you start clicking the person inside these people are going to feel comfortable enough to drive away. Though you still have the edge since they are assuming you are a chump.

 ATM_THEFTS.pps (557.5 KB)

WD’s RAID Edition hard drives are the world’s most reliable server-class SATA drives in the market. With 1.2 million hours MTBF, 100% duty cycle, 5-year limited warranty, up to 3.0 Gb/s SATA technology, and best-in-class vibration tolerance, WD RE2 drives offer the best combination of superior reliability, high capacity, and optimum performance for enterprise applications. In the $175.00 range it makes this drive one of the best upgrade values world wide. Superior reliability - Designed and manufactured to server-class standards to provide best-in-class enterprise reliability in high duty cycle environments. With 1.2 million hours MTBF at 100% duty cycle, these drives have the highest available reliability rating on a high-capacity drive. High capacity - Up to 500 GB of storage packed with server-class features and low cost-per-gigabyte value. Fast - With a next-generation SATA interface, up to 3.0 Gb/s data transfer rate, native command queuing (NCQ), and 16 MB cache, these drives deliver optimum performance. Low power - Active Power Save™ delivers best-in-class seek mode power consumption through an advanced WD firmware which conserves power in active seek modes without degrading performance. RAID-specific, time-limited error recovery (TLER) - A feature pioneered by WD, significantly reduces drive fallout caused by the extended hard drive error-recovery processes common to desktop drives. Rotary Acceleration Feed Forward (RAFF™) - Provides best-in-class vibration tolerance by optimizing operation and performance when the drives are used in vibration-prone, multidrive systems such as rack-mounted servers or network storage. SecureConnect™ - Provides a 500 percent stronger cable-to-drive connection than first-generation SATA hard drives and cables. Also ensures backward compatibility with legacy SATA cables and backplanes. Note: SecureConnect supports only legacy power and does not allow connection to a SATA power supply. FlexPower™ - Connector technology that accepts power from eitherindustry-standard or new SATA power supplies. 5-year limited warranty

Transcend's 150X SD Cards achieve outstanding data transfer rates, come in a range of capacities and are highly stable and compatible. For high-performance results from your digital devices Transcend's SD Cards are the perfect choice. In the $80.00 range it makes a great gift for anyone on your list.

Features:

Amazing data transfer rates: Up to 150X speeds (22.5MB/sec)

Supports Error Correcting Code (ECC) to detect and correct errors

Supports In System Programming (ISP) to load firmware

Support power down and sleep modes

Mechanical Write Protection Switch requirements

Manufacturer's Lifetime Warranty.

Technical Information:

Size : 32mm x 24mm x 2.1mm (L x W x H)

Op. Voltage : 2.7V~3.6V

Op. Temperature : -25° C(-13° F) to 85° C(185° F)

Durability : 10,000 insertion/removal cycles

Weight : 2g

Just a few years ago Windows users, even responsible Windows users, had good reason to be fearful of the attack that would slip past their defenses or their notice. Things have changed. Nobody should ever be complacent, but a responsible user can be confident that defensive software and good habits will protect them. More interestingly, attacks just aren't what they used to be.

A report by Alexander Gostev, senior virus analyst at Kaspersky Lab, indicates that innovation in malware development is stagnant. There have been no major developments in some time. In fact, there have been no major attacks since the release of Zotob in August 2005.

Zotob, incidentally, targeted mainly Windows 2000 systems and XP SP1 to a lesser degree. What Microsoft has been saying about XP SP2 is true: Users are much safer running XP SP2 than earlier versions of Windows. Their own data from their Malicious Software Removal Tool (Word .doc file) shows as much, and in fact probably understates the matter.

There have been a number of small attacks. Some of them, like the WMF vulnerability, enter in the background of the malware scene and will be with us for a long time. Perhaps the most prominent security term of 2006 was "targeted attack." We had quite a few of them, mostly centered around zero-day vulnerabilities in Microsoft Office. See the Kaspersky report for more interesting details on these vulnerabilities.

The focus on vulnerabilities generally is another point in the report. There is little innovation anymore in malware—except where it involves the exploit of a vulnerability, especially a zero-day exploit. But even these are often less of a threat than they used to be. A few years ago vulnerabilities brought us attacks like Blaster and Sasser, where users could be infected over the Internet while they were asleep. Now the exploit usually involves substantial user action and can often be blocked by anti-virus software

Using Mozilla Firefox's built-in Password Manager to keep track of your browser's passwords? It makes site logins faster but it also could help malicious sites steal your passwords. The bug, which has been known to Mozilla for at least 10 days, remains unpatched and exploits as well as a proof of concept exist in the wild.

"I was shocked today to find an in-the-wild phish that uses nothing more than cross-site forms, and also extracts information from the Password Manger!" Security Researcher Robert Chapin wrote in a November 12th e-mail posted in the bugzilla bug tracking system.

"The underlying method was so obvious that it should have raised multiple warnings," Chapin continued. "There were none at all."

The flaw allows a maliciously crafted page to auto-fill a form with credentials intended for another site. Apparently, there is no warning in Firefox 2.0 or previous versions that the credentials are being pulled for the wrong site and submitted to a third party. Details of the flaw first became public this week. Mozilla developers do not yet have a fix.

"Since this bug is an in-the-wild attack we're not protecting anyone by hiding the details anyway," Mozilla developer Daniel Veditz wrote in a bugzilla entry. "Up to now, browser makes have focused on user convenience and assumed sites with valuable passwords would be well-written. But they have bugs just like we have bugs so we might have to be more defensive." Solutions? Surf carefully.

Or just don't use the feature until a fix comes out. Security outfit (FriST) recommends that users disable the "Remember passwords for sites" feature in the Options menu.

Microsoft Corp. has initiated 97 lawsuits throughout Europe and the Middle East during its eight-month investigation into fraudulent Web pages, with another 32 criminal complaints filed in cooperation with local authorities, the company said Wednesday.

All of the cases are against individuals who attempted to capture the login and password details of users by constructing fraudulent Hotmail and MSN.com sign-in pages, said Jean-Christophe Le Toquin, a Microsoft attorney. A total of 253 sites were investigated, he said. Microsoft's Global Phishing Enforcement program, started in March, aims to curtail fake Web sites built by criminals trying to obtain financial information or passwords by tricking users, so-called "phishing." The company uses its technology to crawl the Internet to find Web pages that look suspicious.

Once a phishing site has been identified, Microsoft either files a criminal complaint or forwards the information to prosecutors, depending on the country’s legal requirements. By country, Turkey led the pack with 50 criminal complaints, followed by 28 in Germany and 11 in France. Legal actions were also filed in the United Arab Emirates, Italy, Morocco, the Netherlands and the U.K.

Microsoft has settled with four phishers, all 16- to 20-year-old males, in France and Norway, Le Toquin said. Each of those pursued in France paid Microsoft $2,564, a fine the company felt is in proportion to their actions, he said.

Many of the fake sites were created by the phishers to trick their peers into divulging their login credentials. The phishers would try to lure their friends to the fake pages through links sent by instant messaging programs. Microsoft said it will continue its investigation, particularly focusing on phishing sites connected with more sophisticated hacking.

An independent vulnerability analyst working as part of the "Month of Kernel Bugs" campaign released the details necessary to attack the hole in OS X on Nov. 22, revealing the manner in which hackers could target the glitch, which affects the way Apple's software handles disk image files.

The researcher, identified only by the screen name "LMH," issued the exploit via a post on the Kernel Fun Web site. "Mac OS X fails to properly handle corrupted image structures, leading to an exploitable denial of service condition," LMH wrote in his latest blog.

"Although it hasn't been checked further, memory corruption is present under certain conditions." The researcher said that the demonstration exploit offered on the site would be unlikely to allow arbitrary code execution if applied by attackers, however, the analyst indicated that the flaw could be taken advantage of by malware writers by targeting the manner in which Cupertino, Calif.-based Apple's Safari browser downloads online image files.

Apple representatives didn't comment on the exploit.

Security researchers at Secunia rated the exploit as "highly critical," the software company's second most severe threat ranking, and said the attack could be used by local users to gain escalated privileges and utilized by malware writers to compromise a vulnerable system.

The Copenhagen, Denmark-based firm specifically said that the vulnerability is caused due to an error in the OS X AppleDiskImageController when the system is handling corrupted image files and can be exploited to cause a memory corruption.

Such an attack could lead to execution of arbitrary code in kernel-mode, Secunia said in a post to its Web site.

I have been asked to provide some MIME for 2003 servers so we thought it was best to provide a fairly complete list.
The following MIME extensions can be added to IIS on Windows 2003

MIME Maps Extension Type

.323 text/h323 .3gp audio/3gpp .3gp video/3gpp .IVF video/x-ivf .Mtx Application/metastream .aaf application/octet-stream .aca application/octet-stream .ace application/x-compressed .acx application/internet-property-stream .aer Application/atmosphere .afm application/octet-stream .ai application/postscript .aif audio/x-aiff .aifc audio/aiff .aiff audio/aiff .application application/x-ms-application .art image/x-jg .as text/plain .asd application/octet-stream .asf video/x-ms-asf .asi application/octet-stream .asm text/plain .asr video/x-ms-asf .asx video/x-ms-asf .au audio/basic .avi video/x-msvideo .axs application/olescript .bas text/plain .bcpio application/x-bcpio .bin application/octet-stream .bmp image/bmp .c text/plain .cab application/octet-stream .cat application/vnd.ms-pki.seccat .cdf application/x-cdf .cfg 3DVista CFG .chm application/octet-stream .class application/x-java-applet .clp application/x-msclip .cmx image/x-cmx .cnf text/plain .co application/x-cult3d-object .cod image/cis-cod .cpio application/x-cpio .cpp text/plain .crd application/x-mscardfile .crl application/pkix-crl .crt application/x-x509-ca-cert .csh application/x-csh .css text/css .csv application/octet-stream .cur application/octet-stream .dcr application/x-director .deploy application/octet-stream .der application/x-x509-ca-cert .dib image/bmp .dir application/x-director .disco text/xml .djv Image/x.djvu .djvu Image/x.djvu .dll application/x-msdownload .dlm text/dlm .dnl application/x-msdownload .doc application/msword .dot application/msword .dsp application/octet-stream .dtd text/xml .dvi application/x-dvi .dwf drawing/x-dwf .dwg image/x-dwg .dwp application/octet-stream .dxr application/x-director .eml message/rfc822 .emz application/octet-stream .eot application/octet-stream .eps application/postscript .etx text/x-setext .evy application/envoy .exe application/octet-stream .fdf application/vnd.fdf .fif application/fractals .fla application/octet-stream .flr x-world/x-vrml .flv application/x-shockwave-flash .gif image/gif .gtar application/x-gtar .gz application/x-gzip .h text/plain .hdf application/x-hdf .hdml text/x-hdml .hhc application/x-oleobject .hhk application/octet-stream .hhp application/octet-stream .hlp application/winhlp .hqx application/mac-binhex40 .hta application/hta .htc text/x-component .htm text/html .html text/html .htt text/webviewhtml .hxt text/html .ico image/x-icon .ics application/octet-stream .ief image/ief .iii application/x-iphone .inf application/octet-stream .ins application/x-internet-signup .ips application/x-ipscript .ipx application/x-ipix .isp application/x-internet-signup .ivr i-world/i-vrml .jad text/vnd.sun.j2me.app-descriptor .jar application/java-archive .java application/octet-stream .jck application/liquidmotion .jcz application/liquidmotion .jfif image/pjpeg .jpb application/octet-stream .jpe image/jpeg .jpeg image/jpeg .jpg image/jpeg .js application/x-javascript .kml Application/vnd.google-earth.kml+xml .kmz Application/vnd.google-earth.kmz .latex application/x-latex .lit application/x-ms-reader .lpk application/octet-stream .lsf video/x-la-asf .lsx video/x-la-asf .lzh application/octet-stream .m13 application/x-msmediaview .m14 application/x-msmediaview .m1v video/mpeg .m3u audio/x-mpegurl .man application/x-troff-man .manifest application/x-ms-manifest .map text/plain .mdb application/x-msaccess .mdp application/octet-stream .me application/x-troff-me .mht message/rfc822 .mhtml message/rfc822 .mid audio/mid .midi audio/mid .mix application/octet-stream .mmf application/x-smaf .mno text/xml .mny application/x-msmoney .mov video/quicktime .movie video/x-sgi-movie .mp2 video/mpeg .mp3 audio/mpeg .mp4 Video/mp4 .mp4 video/mp4 .mpa video/mpeg .mpe video/mpeg .mpeg video/mpeg .mpg video/mpeg .mpp application/vnd.ms-project .mpv2 video/mpeg .ms application/x-troff-ms .msi application/octet-stream .mts Application/metastream .mvb application/x-msmediaview .mw2 Image/x.mw2 .mwx Image/x.mwx

.nc application/x-netcdf .nsc video/x-ms-asf .nws message/rfc822 .ocx application/octet-stream .oda application/oda .ods application/oleobject .odt application/vnd.oasis.opendocument.text .p10 application/pkcs10 .p12 application/x-pkcs12 .p7b application/x-pkcs7-certificates .p7c application/pkcs7-mime .p7m application/pkcs7-mime .p7r application/x-pkcs7-certreqresp .p7s application/pkcs7-signature .pbm image/x-portable-bitmap .pcx application/octet-stream .pcz application/octet-stream .pdf application/pdf .pfb application/octet-stream .pfm application/octet-stream .pfx application/x-pkcs12 .pgm image/x-portable-graymap .pko application/vnd.ms-pki.pko .pma application/x-perfmon .pmc application/x-perfmon .pml application/x-perfmon .pmr application/x-perfmon .pmw application/x-perfmon .png image/png .pnm image/x-portable-anymap .pnz image/png .pot application/vnd.ms-powerpoint .ppm image/x-portable-pixmap .pps application/vnd.ms-powerpoint .ppt application/vnd.ms-powerpoint .prf application/pics-rules .prm application/octet-stream .prx application/octet-stream .ps application/postscript .psd application/octet-stream .psm application/octet-stream .psp application/octet-stream .pub application/x-mspublisher .qt video/quicktime .qtl application/x-quicktimeplayer .qxd application/octet-stream .ra audio/x-pn-realaudio .ram audio/x-pn-realaudio .rar application/octet-stream .ras image/x-cmu-raster .rba 3DVista Audio .rdf application/xml .rf image/vnd.rn-realflash .rgb image/x-rgb .rm application/vnd.rn-realmedia .rmi audio/mid .rmvb application/vnd.rn-realmedia-vbr .roff application/x-troff .rpm audio/x-pn-realaudio-plugin .rtf application/rtf .rtx text/richtext .scd application/x-msschedule .sct text/scriptlet .sea application/octet-stream .setpay application/set-payment-initiation .setreg application/set-registration-initiation .sgml text/sgml .sh application/x-sh .shar application/x-shar .sit application/x-stuffit .ski 3DVista SKI .skz 3DVista SKZ .smd audio/x-smd .smi application/octet-stream .smx audio/x-smd .smz audio/x-smd .snd audio/basic .snp application/octet-stream .spc application/x-pkcs7-certificates .spl application/futuresplash .src application/x-wais-source .ssm application/streamingmedia .sst application/vnd.ms-pki.certstore .stl application/vnd.ms-pki.stl .sv4cpio application/x-sv4cpio .sv4crc application/x-sv4crc .svg image/svg+xml .svg2 image/svg+xml .svgz image/svg+xml .swf application/x-shockwave-flash .t application/x-troff .tar application/x-tar .tcl application/x-tcl .tex application/x-tex .texi application/x-texinfo .texinfo application/x-texinfo .tgz application/x-compressed .thn application/octet-stream .tif image/tiff .tiff image/tiff .toc application/octet-stream .tr application/x-troff .trm application/x-msterminal .tsv text/tab-separated-values .ttf application/octet-stream .txt text/plain .u32 application/octet-stream .uls text/iuls .ustar application/x-ustar .utx Text/xml .vbs text/vbscript .vcf text/x-vcard .vcs text/plain .vdx application/vnd.visio .vml text/xml .vsd application/vnd.visio .vss application/vnd.visio .vst application/vnd.visio .vsw application/vnd.visio .vsx application/vnd.visio .vtx application/vnd.visio .wav audio/wav .wax audio/x-ms-wax .wbmp image/vnd.wap.wbmp .wcm application/vnd.ms-works .wdb application/vnd.ms-works .wks application/vnd.ms-works .wm video/x-ms-wm .wma audio/x-ms-wma .wmd application/x-ms-wmd .wmf application/x-msmetafile .wml text/vnd.wap.wml .wmlc application/vnd.wap.wmlc .wmls text/vnd.wap.wmlscript .wmlsc application/vnd.wap.wmlscriptc .wmp video/x-ms-wmp .wmv video/x-ms-wmv .wmx video/x-ms-wmx .wmz application/x-ms-wmz .wps application/vnd.ms-works .wri application/x-mswrite .wrl x-world/x-vrml .wrz x-world/x-vrml .wsdl text/xml .wvx video/x-ms-wvx .x application/directx .xaf x-world/x-vrml .xbm image/x-xbitmap .xdr text/plain .xla application/vnd.ms-excel .xlc application/vnd.ms-excel .xlm application/vnd.ms-excel .xls application/vnd.ms-excel .xlt application/vnd.ms-excel .xlw application/vnd.ms-excel .xml text/xml .xof x-world/x-vrml .xpm image/x-xpixmap .xsd text/xml .xsf text/xml .xsl text/xml .xslt text/xml .xsn application/octet-stream .xwd image/x-xwindowdump .z application/x-compress .zip application/x-zip-compressed

Vista and Office 2007 have just finished development and are being made available to corporate customers in advance of their January 30 release. But if you know where to look online, you can find both products already.

In the case of Vista, the purported "crack" isn't really a crack to get around the activation process. According to the techie hobbyist site Ars Technica, the hackers replaced components in the final code with bits from from earlier betas of Vista.

This allows the would-be pirate to use a product key that worked with the betas and two release candidates and skip the entire activation process.

In the case of Office 2007, the Enterprise edition has leaked onto the Internet, and because it uses a volume license key, it does not require activation over the Internet.

The free ride won't last long. Microsoft said it was aware of the hacks, and how they were done. "The unauthorized download relies on the use of pre-RTM activation keys that will be blocked using Microsoft's Software Protection Platform. Consequently, these downloads will be of limited use says Microsoft.

Beyond the fact that the hacked software will be shut off, installing it is just crazy, claimed Greg DeMichillie, lead analyst with research firm Directions on Microsoft.

"A whole lot of the versions of Windows XP that show up on download sites aren't just modified to bypass activation. They carry spyware. So you install them and they could immediately turn into zombies or botnets.

He pointed out that it's possible even to install a rootkit despite Vista's vaunted PatchGuard kernel protection. The rootkit can be installed to the files on the installation, which are merely compressed and not installed yet.

The search giant announced that it is entering into a partnership with 176 newspapers in the U.S. to share content and advertising, The New York Times is reporting.

Yahoo will index and tag content from seven major newspaper chains and make the news content from 38 states available on the web. Yahoo will also power local events listings, maps and search technology on the local newspapers' websites. The partnered newspapers will also use Yahoo's advertising platform to sell and host the targeted local ads on their websites. The ads will largely be powered by Yahoo Local.

The newspapers will test the waters by posting their employment classified ads on HotJobs, Yahoo's classified ad site for job listings. That first part of the deal was reported by the Wall Street Journal on Saturday. (the article is behind the WSJ's paywall)

Yahoo's partnership with the newspaper industry comes on the heels of Google's Novemeber 5 announcement that it was allowing AdWords advertisers to purchase printed advertisements in several large-market local newspapers like The New York Times and the Washington Post.

Web sites that publish inflammatory information written by other parties cannot be sued for libel, the California Supreme Court ruled Monday. The ruling in favor of free online expression was a victory for a San Diego woman who was sued by two doctors for posting an allegedly libelous e-mail on two Web sites.

Some of the Internet's biggest names, including Amazon.com, America Online Inc., eBay Inc., Google Inc., Microsoft Corp. and Yahoo Inc. took the defendant's side out of concern that a ruling against her would expose them to liability.

In reversing an appellate court's decision, the state Supreme Court ruled that the Communications Decency Act of 1996 provides broad immunity from defamation lawsuits for people who publish information on the Internet that was gathered from another source.

"The prospect of blanket immunity for those who intentionally redistribute defamatory statements on the Internet has disturbing implications," Associate Justice Carol A. Corrigan wrote in the majority opinion. "Nevertheless ... statutory immunity serves to protect online freedom of expression and to encourage self-regulation, as Congress intended."

Unless Congress revises the existing law, people who claim they were defamed in an Internet posting can only seek damages from the original source of the statement, the court ruled. The case centers on an opinion piece sent via e-mail to Ilena Rosenthal, a woman's health advocate who runs various message boards and promotes alternative medicine.

The scathing missive, written by Tim Bolen, accused Dr. Terry Polevoy, of Canada, of stalking a Canadian radio producer and included various invectives directed at Polevoy and Dr. Stephen Barrett, of Pennsylvania. The two doctors operated Web sites devoted to exposing health frauds.

After Rosenthal posted the piece to two newsgroups, Polevoy and Barrett sued her, Bolen and others for libel. The lawsuit accuses Rosenthal of republishing the information after being warned it was false and defamatory.

AMD is expected to release its 65nm products soon. This transition uses AMD’s new core naming scheme. While AMD has typically named its processor cores after cities, the new naming scheme uses star names. While Stars family processors use the HyperTransport 3.0 protocol, it will be backwards compatible with HyperTransport 1.0 systems.

HyperTransport 3.0 is expected to provide twice the amount of bandwidth between the processor and chipset. It will also allow the processor and internal north bridge to operate at different frequencies as well. With HyperTransport 3.0, the north bridge can operate at 75% of the maximum clock frequency of the processor. AMD roadmaps claim the greater bandwidth of HyperTransport 3.0 is important for PCIe 2.0 and upcoming multi-GPU, integrated graphics and multiprocessor performance.

Stars family processors will use socket AM2+, with the exception of the Agena FX. Nevertheless, Stars family processors will be backwards compatible on socket AM2 motherboards, though performance is sacrificed by falling back to HyperTransport 1.0.

Beginning in Q3’2007 AMD is expected to release its first Stars quad-core processors. The new quad-core processors are based on AMD’s Agena and Agena FX cores. Targeting AMD’s 4x4 platform is the Agena FX core. Agena FX will only be available on Socket 1207+ and offer dual processor functionality. The vanilla Agena core will be available on single processor socket AM2+ platforms.

Agena FX and Agena based processors offer identical features. New to the Agena FX and Agena cores is a shared L3 cache. 2MB of L3 cache will be shared between all four processor cores. The L2 cache will be 2MB as well. Clock frequencies of 2.7 GHz to 2.9 GHz are initially expected. The HyperTransport 3.0 frequency for Agena FX and Agena cores is expected to be clocked at 4000 MHz. Agena FX and Agena core processors will be manufacturing using a 65nm process and carry 125W TDPs. The first Agena FX and Agena based processors are expected to arrive in Q3’2007.

AMD will be releasing new Kuma core dual-core processors in Q3’07 as well. The new Kuma core processors feature HyperTransport 3.0 clocked at 4000 MHz, 1MB of L2 cache and 2MB of shared L3 cache. Kuma processors are expected to arrive in 2.0 GHz to 2.9 GHz frequencies for socket AM2+. TDP for Kuma core processors is expected at 89W and 65W.

Single-core products won’t be left out of the Stars family either. AMD will release single-core Rana and Spica cores towards the end of 2007. Rana core processors will be replacing Orleans and Lima Athlon 64 single-core processors while Spica will be replacing single-core Venice Athlon 64 and Manilla Sempron processors. AMD’s roadmap doesn’t reveal too much on Rana and Spica. Nevertheless, Rana and Spica will feature HyperTransport 3.0 and socket AM2+ compatibility.

Samsung Electronics Co., Ltd., leader in advanced semiconductor technology, today announced that its three solid state disk (SSD) drives have been officially recognized by Microsoft Corporation as fully qualified Windows-compatible peripherals.

After thorough testing by its Windows Hardware Qualification Lab (WHQL), Microsoft has validated that Samsung SSDs meet all of the requirements for storage media in a Windows operating environment.

"Microsoft's certification of Samsung's SSDs provides designers with the added assurance of full compatibility in a demanding Windows environment, with our SSDs adding a strong dose of speed, reliability and power savings." said Jon Kang, senior vice president of Technical Marketing at Samsung Semiconductor.

Samsung's SSDs also markedly enhance system performance. The SSDs have a data read speed of 57MB/s and data write speed of 32MB/s, more than double the performance levels of a 1.8-inch HDD. Moreover, the SSDs provide a performance boost of up to 50 times that of a 1.8 HDD when servicing small, random data "read" requests. Such faster speeds shorten application program operating time as well as system boot time.

When asked about the reliability of NAND-based hard drives, Barnetson had no problem shrugging off fears of write corruption of failure.  "Samsung's solid-state devices have a MTBF of approximately 1 to 2 million hours."  Typical disk-based hard drives have a mean-time between failures of approximately 100,000 to 200,000 hours.  Since there are no moving parts, the only real point of failure is for something to come unsoldered or a problem with the physical bit during a write.

Obviously, write-errors are a huge concern for those who have used flash products in the past.  Only a few years ago the highest-end flash media was only useable for 1,000 or so writes.  At that point the physical bits would "burnout" and could no longer be flipped. Today's single-level cell (SLC, memory that stores one bit per cell) is rated in excess of 100,000 writes before burnout.  Multi-level cell flash, memory that stores multiple bits per cell, is significantly cheaper but even then is still rated at over 10,000 writes before burnout. 

Is 10,000 writes enough?  Absolutely, assures Barnetson.  Samsung memory uses a technique called "wear leveling" to distribute the writes on a media through as many groups of cells as possible. The idea behind wear leveling is that all of the cells have approximately the same amount of writes to them, maximizing the life of the device.  Consider a typical computer that writes 120 megabytes per hour to the hard drive.  On a 32GB solid-state NAND drive, wear leveling would distribute this data over the entire drive -- it would take 267 hours to fill the device once. Even on a multi-cell flash device, at this rate it would take no less than 150 years to burnout all the bits on the SSD.  Single-cell drives are capable of ten times as many writes.

Internet search rivals Google, Yahoo and Microsoft formed an unusual alliance to support a shared standard regarding how websites are pinpointed for their indexes.

The "joint initiative" was intended to make it easier for webmasters, or website creators, to let Internet search engines know what their online pages contained, according to Google was.

Search engines could use the information gathered in the "web crawl" process to better tailor results for their users.

Yahoo and Microsoft announced they would each support Google's "Sitemaps 0.90" protocol instead of using different standards for submissions by webmasters. Sitemaps help webmasters surface content that is typically difficult for crawlers to discover, leading to a more comprehensive search experience for users."

"The launch of Sitemaps is significant because it allows for a single, easy way for websites to provide content and metadata to search engines," said Yahoo Search director of product management Tim Mayer.

A Sitemap is a website file that acts as a marker for search engines to "crawl" certain pages. It allows webmasters to list their online addresses, called "URLs," along with data such as the last time the page was updated. The Sitemaps protocol used by Google has been widely adopted by many Web properties, including sites from the Wikimedia Foundation.

While bulk e-mailers have, in the past, sent unwanted messages from a single server, increasingly the spam emanates from networks of compromised PCs, known as bot nets. The level of junk e-mail has increased almost in lock step with the number of compromised systems used for spam.

What is most alarming is that new clients--Internet addresses that we have never seen before and which could be new infections--have tripled since June," said Hart, who posted a chart tracking the growth on his Web site this week.

Bots and bot nets have rapidly emerged as one of the major threats on the Internet. Tens of thousands of compromised PCs are frequently counted among a single bot net's unwilling members, with some bot nets boasting as many as a million systems. Traditionally, the networks have been used to install adware on victims' machines or level denial-of-service attacks at online companies as part of an extortion scheme.

Now, spammers are frequently counted among the operators or the clients of bot nets. Last May, a spammer only identified as "PharmaMaster" used a bot net to target anti-spam provider Blue Security and its Internet service providers with a massive denial-of-service attack that blocked access to the companies for hours and, in the case of Blue Security, days. Because of the attack, the company exited the anti-spam business.

Many bot herders--as the criminals that infect computers with bot software are named--sell or rent bot nets to others to use, and spammers increasingly seem to be among their customers.

Some Internet users have noticed an indirect effect of the surge in bulk e-mail. Spammers usually put another person's e-mail address in sender's field of the message. Because many spam and antivirus filters send back a rejection message to the sender, the actual owner of the e-mail address will be inundated with replies.

Security researchers that use honey pots--heavily monitored computers that are allowed to be infected by malicious software to spy on the attackers--have also confirmed the connection between bot nets and spam, said Thorsten Holz, a graduate student and the founder of the German Honeynet Project.

In a previous article we pointed at how MS stated to control the port delegation as the link will outline the process.

In IIS6 you can also do this :
http://support.microsoft.com/?id=555022

However it has come to our attention there is another twist which has been observed on a number of machines. Having done this I know first hand on one day I have a machine which can do Passv mode without issue. Then out of the blue the machine suddenly cannot do passive mode and clients who depend on it were left out in the dark, and the complaints come in. I was dealing with a complaint like this where I was sure the lady was going to kill me. Though I must say she is a good person and worked with us till I found the cause of the problem. In most cases it will not end this friendly.

While the edit is working correctly the Windows Firewall/Internet Connection Sharing (ICS) service seems to be the cause the failure. It is supposed to work where after the client issues a passv command, the server responds with one of its transient ports used as the server-side port of the data connection. After a data connection command is issued by the client, the server connects to the client using the port immediately above the client-side port of the control connection.

However the service Windows Firewall/Internet Connection Sharing (ICS) is also involved in the process and has been verified as the part which is blocking the return and thus the passv command will be ignored or denied. I have personally observed that simply restarting the service will resolve the problem. A warning if you are connected via remote desktop, when restarting the service your desktop session might be lost. Though I have personally only noticed a freeze up for a bit and returns to normal.

It is amazing that for whatever reason people just don't get it. JUST DON'T CLICK! Nothing anyone has to sell, give away or try to lure you with via email is worth the risk.

Based on a survey of 5,000 consumers in the United States, Gartner said users are being assaulted with more phishing attacks than ever before and are falling for more of the gimmicks. Yet at the same time, customers are losing less money to the schemes, due to a growing awareness of the online fraud model, as banks and other businesses spoofed in the attacks have put more tools in place to help identify suspicious behavior.

Gartner estimates that 109 million U.S. adults received phishing e-mails during the last 12 months, compared to only 57 million in 2004. An estimated 24.4 million Americans went on to click on phishing e-mails in 2006, up from approximately 11.9 million in 2005. The company said 3.5 million adults gave sensitive information to fraudsters in 2006, compared to only 1.9 million adults last year.

Based on the survey, the average loss per victim has grown from $257 to $1,244 per victim in 2006. Finding a refund for money lost to the schemes has also become harder: Consumers recovered approximately 80 percent of their cash in 2005, but are getting back an average of only 54 percent in 2006.

The analyst said that among the tactics being employed successfully by phishers are efforts that launch and shut down fraudulent Web sites very quickly, so that the attacks become moving targets that are harder to stop using conventional blacklists. The average life span of a phishing site has dropped to roughly 1 hour in 2006, whereas was approximately one week in 2004. Litan said attackers may have already begun to create customized phishing schemes that target specific people, specifically those who appear to have more money than the average Web user.

Microsoft has backed down on its previously-disclosed licensing terms for Vista and will now allow for unlimited installations on a single device. The previous license for Vista marked a change from past operating systems, in that it tied the copy of Vista to the hardware.

The license would allow for one license transfer, from an old computer to a new one, and after that, the customer would have to buy a new copy of Vista. This did not set well among the home PC builder community, who constantly upgrade their computers piece by piece over the years.

"We heard that users wanted more flexibility, and this change should give hardware enthusiasts in particular more latitude to upgrade their PCs or reassign their license to a new PC, while still making clear our intentions to protect our software from piracy," said a Microsoft spokesperson.

The new license agreement now reads "You may uninstall the software and install it on another device for your use. You may not do so to share this license between devices."

Also, Microsoft changed transfer rights to other users, so that a Vista licensee may transfer their license of Windows Vista to another user, provided that they uninstall the original copy and do not keep the original installation.

This was all clarified in a blog posting by Vista product manager Nick White.

"Our intention behind the original terms was genuinely geared toward combating piracy; however, it's become clear to us that those original terms were perceived as adversely affecting an important group of customers: PC and hardware enthusiasts," he wrote.

An FBI investigation of an international ring of phishers that used the Internet to swap stolen IDs and credit cards - including information of customers of a "major financial institution" -- netted 17 hackers in the U.S. and Eastern Europe, federal law enforcement officials said.

Four U.S. arrests were made, along with 13 in Poland, including the alleged ringleader nicknamed "Blindroot." The probe, dubbed "Operation Cardkeeper," began after a "major financial institution" reported numerous phishing attacks between August and October 2004, according to FBI spokesperson Paul Bresson.

According to the FBI office in Richmond, Virginia, the group "compromised" around 50 servers in the area that were then used to launch the attacks. A common tactic of phishers is to take control of systems in order to deliver spam or porn.

The government investigation also revealed an Internet bazaar where identity thieves meet to swap stolen personal data. The forums were used "by both U.S. citizens and foreign nationals to commit financial crimes," according to the FBI.

Although no financial figures were released on how much was lost due to the phishing attacks, "hundreds of thousands of dollars" are saved when stolen financial data is intercepted by the FBI, James E. Finch, assistant director of the agency's Cyber Division said in a statement. "Cyber criminals will no longer be able to hide behind borders to conduct their illicit business," Finch said.

The government said 15 search warrants were issued, including in New York, Georgia, Nebraska, Tennessee, Ohio and Texas. Romania law enforcement are also questioning subjects.

In a significant acknowledgement of the viability of Linux as a desktop OS, Microsoft Corp. today announced a deal with Novell Inc. to support Suse Linux on machines that run Windows.

Microsoft will offer sales support for Suse Linux and also co-develop technologies with Novell to make it easier for users to run both Suse Linux and Microsoft Windows on their computers.

As expected, Microsoft CEO Steve Ballmer announced the news in a San Francisco press conference. As part of the deal, Microsoft also will agree not to assert rights over patents to any software technology that might be incorporated into Suse Linux.

Microsoft has been relenting lately on its tight hold on patents through a program called its Open Specification Promise. Through the program, Microsoft has promised not to take any legal action against developers or companies that want to use specifications for a host of technologies for which it has patents.

The deal between Microsoft and Novell will certainly be a blow for Red Hat Inc., the second in as many weeks. Last week, Oracle Corp. said it would begin selling technical support for Red Hat Linux, a plan that both validates Red Hat Linux while undermining Red Hat's own support and maintenance business. Red Hat is the leading supplier of Linux and the biggest rival for Novell's Suse Linux distribution.

Novell built its business on the back of its NetWare network operating system, but the appearance of Windows NT on the scene as a viable alternative was a primary reason for NetWare's ultimate demise. In recent years, Novell has rebuilt itself into an open-source software company through purchases of companies such as SUSE Linux AG and Ximian.

The deal also will not only pit Microsoft and Novell against Oracle and Red Hat, but also IBM, which was an early supporter of Linux, particularly Red Hat's distribution.

I have been looking all around for different slide show apps. Primarily I have been focusing on Flash specifically Flash 8 but then we all chase the trends. I prefer things in .net and AJAX. So I did a bit of looking around and found this source. The writer has a decent demo of the project, also the source is free. Go here for the source.

AMD has made the east German city of Dresden its manufacturing capital. Except for a small number of chips produced by a Singapore contractor, all of AMD's microprocessors for PCs, laptops, and servers come from two plants there, including one that came on line last year.

In fact, since spinning off a plant in Austin, Tex., last year, AMD no longer mass-produces chips at all in the U.S., though it continues to employ 2,000 people in Austin who work in design, marketing, and other functions. AMD will have invested some $8 billion in Dresden by the end of 2008, making it one of the largest foreign investors in the region and generating an estimated 7,000 jobs directly or indirectly.

For Germans, AMD's Dresden operations provide much-needed affirmation that the nation still projects industrial prowess. Indeed, on Oct. 24, no less than German Chancellor Angela Merkel, an East German herself, came to the famously firebombed city to mark the 10th anniversary of AMD's operations there. "You can all be unbelievably proud of what you've achieved here," she told AMD workers.

Why Dresden? Originally, AMD was attracted by generous subsidies from German and European Union authorities eager to boost employment in the region, which struggled to make the transition to a market economy after the collapse of the Soviet bloc. In addition, Dresden had served as the center of semiconductor technology in the Soviet bloc and offered a large pool of skilled people badly in need of jobs.

After AMD broke ground in 1996, though, it discovered something else: German engineers are unmatched when it comes to mastering the hugely complex and precise task of making semiconductors, which can require 800 manufacturing steps. "Germans are known for engineering aptitude, and we have seen it in action," says Thomas Sonderman, AMD's director of manufacturing systems.

For example, AMD's Dresden team figured out methods to allow new chip designs to go into mass production immediately, rather than first being produced in limited numbers while engineers perfected the manufacturing process. AMD Dresden was also the first to market with so-called dual core chips, which cram more functionality on to a single chip and permit computers to handle more tasks at the same time.

In the semiconductor industry, it's imperative for companies to recoup fast the $3 billion it costs to build a chip plant. "Time to market is the No. 1 priority," says Hans Deppe, general manager of AMD in Dresden. "If I double people's wages but get half the time to market, it pays off." The workers in Dresden also have never organized a worker's council, the usual venue for labor union influence, even though doing so is extremely easy under German labor law.

As AMD grows, Dresden won't remain the only production site. In June the company announced plans to build a $3.2 billion plant in Luther Park in upstate New York. The project, which will receive an estimated $1 billion in grants and other aid from New York State, won't begin production until 2013 at the earliest.

And as AMD builds the New York plant, it plans to send managers and engineers to Dresden for training. Says Sonderman: "The Dresden team will be part of AMD for a long time to come."

ANVSOFT Flash Slide Show Maker is a Flash album creator to make animated photo slide show with SWF file as the output format. It transforms your digital photo collection to Macromedia Flash file format ( SWF ) which you can share your memorial moments with your family or friends on your own homepage or website.

With ANVSOFT Flash Slide Show Maker, you can easily turn a folder full of still images into a stunning Flash slide show with background music and special transition effects .

This Flash slide show software allows you to add nice looking animated slide shows to your website in no time! Get it Here

Apple Computer is offering a firmware update that the company claims will help alleviate random shutdown issues with its MacBook notebooks.

The Cupertino, Calif., computer maker posted the update—MacBook SMC Firmware Update 1.1—on its Web site Oct. 26. The update, according to Apple, will help a MacBook's internal monitoring system and stop the computer from shutting down at random.

"The SMC Update improves the MacBook's internal monitoring system and addresses issues with unexpected shutdowns. This update is recommended for all MacBook systems, including those that received warranty repair," according to the company's posting.

In August, the Web site macbookrandomshutdown.com began calling attention to the fact that several users of MacBooks had experienced problems with their notebooks.

The site is now receiving about 5,000 visitors a day and has totaled 100,000 page views since it launched on Aug. 15, according to site creator Matthew Swanson, who lives in Atlanta. Swanson started the site after his wife bought a new 2GHz MacBook for her business. About a month after the purchase, the MacBook began suffering from what Swanson calls "RSS"—Random Shutdown Syndrome.

After looking at the update, Swanson said he finds it interesting that Apple is offering a firmware update to fix what had been thought to be a hardware problem. The only thing we can think of is the firmware update will allow the MacBook to bypass recognizing there is a physical issue and let the OS continue running without 'randomly shutting down'—so our question is, Does this really fix the underlying problem?

Features 36 pixel shader processors 8 vertex shader processors Up to 256-bit 8 channel GDDR3 memory interface Native PCI Express® x16 bus interface Plug-and-play (native) CrossFire™ Shader Technology Support for Microsoft® DirectX® 9.0 programmable vertex and pixel shaders in hardware. Shader Model 3.0 vertex and pixel shader support: Complete feature set also supported in OpenGL® 2.0 Anti-Aliasing and Anisotropic Filtering 2x/4x/6x Anti-Aliasing modes: Lossless Color Compression (up to 6:1) at all resolutions, up to and including widescreen HDTV 2x/4x/8x/16x Anisotropic Filtering modes: Improved rendering with higher subpixel precision and LOD computation levels 3Dc+™ — Advanced Texture Compression High quality 4:1 compression for normal maps and luminance maps Works with any single-channel or two-channel data format Ring Bus Memory Controller Programmable arbitration logic maximizes memory efficiency, software upgradeable New fully associative texture, color, and Z cache design Hierarchical Z-Buffer with Early Z Test Lossless Z-Buffer Compression (up to 48:1) Fast Z-Buffer Clear Z Cache optimized for real-time shadow rendering Optimized for performance at high display resolutions, up to and including widescreen HDTV Avivo™ Video and Display Engine New advanced video capabilities, including high fidelity gamma, color correction and scaling Dual independent display controllers that support true 30 bits per pixel throughout the display pipe Full symmetry on both heads Each display interface supports display resolutions beyond 2560x1600 Advanced DVI capabilities, including 10-bit, 16-bit HDR output YPrPb component output for direct drive of HDTV displays Seamless integration of pixel shaders with video in real time MPEG1/2/4 decode and encode acceleration: DXVA support All-format DTV/HDTV decoding Adaptive per-pixel de-interlacing and frame rate conversion (temporal filtering) CrossFire™ Multi-GPU technology Four modes of operation: Native CrossFire support simplifies setup by requiring no dedicated slave or master hardware 24-bit CrossFire connection enables high resolutions and refresh rates Supports the broadest range of platforms for both Intel and AMD

Finally, ATI has caught up with NVIDIA. It’s been a long time coming, but with Radeon X1950 Pro, virtually all of our concerns with previous CrossFire implementations are wiped off the slate. All that you need to get Radeon X1950 Pro CrossFire running is a pair of Radeon X1950 Pro cards, a pair of CrossFire connectors that look incredibly similar to NVIDIA’s own SLI connector (albeit a little wider) and a motherboard capable of running CrossFire.