All web applications make extensive use of the HTTP protocol (or HTTPS for secure sites). Even simple web pages require the use of multiple HTTP requests to download HTML, graphics and javascript. The ability to view the HTTP interaction between the browser and web site is crucial to these areas of web development:

• Trouble shooting
• Performance tuning
• Verifying that a site is secure and does not expose sensitive information

Seven reasons to use HttpWatch rather than other HTTP monitoring tools:

1. Easy to Use - start logging after just a couple of mouse clicks in Internet Explorer. No other proxies, debuggers or network sniffers have to be configured
2. Productive - quickly see cookies, headers, POST data and query strings without having to manually decode raw HTTP packets
3. Robust - reliably log thousands of HTTP transactions for hours or days while tracking down intermittent problems
4. Accurate - HttpWatch has minimal impact on the normal interaction of Internet Explorer with a web site. No extra network hops are added, allowing you to measure real world HTTP performance
5. Flexible - HttpWatch only requires client-side installation and will work with any server side technology that renders HTTP pages in Internet Explorer. No special server-side permissions or configurations are required - ideal for use against production servers on the Internet or Intranet
6. Comprehensive - works with HTTP compression, redirection, SSL encryption & NTLM authentication. A complete automation interface provides access to recorded data and allows HttpWatch to be controlled from most popular programming languages.
7. Professional Support -  updates and bug fixes are provided free of charge on our website and technical support is available by email, phone or fax.

Download it here

This is a very simple method to redirect a single IIS entry to multiple FQDN's. You can add as many as you wish just repeat Elseif code. Place this as the default document and you are set.

<%
Dim srvrname
srvrname= lcase(Request.servervariables("SERVER_NAME"))
if srvrname="www.domainname.com" or srvrname="domainname.com" then
 Response.Redirect "default.htm"%>
<%Elseif srvrname="www.domain2.com" or srvrname="domain2.com" then
  Response.Redirect "/domain2/default.asp"%>
<%end if%>

IIS Redirect
In internet services manager, right click on the file or folder you wish to redirect
Select the radio titled "a redirection to a URL".
Enter the redirection page
Check "The exact url entered above" and the "A permanent redirection for this resource"
Click on 'Apply'

ColdFusion Redirect
<.cfheader statuscode="301" statustext="Moved permanently">
<.cfheader name="Location" value="http://www.new-url.com">

PHP Redirect
<?
Header( "HTTP/1.1 301 Moved Permanently" );
Header( "Location: http://www.new-url.com" );
?>

ASP Redirect
<%@ Language=VBScript %>
<%
Response.Status="301 Moved Permanently";
Response.AddHeader("Location","http://www.new-url.com/");
%>

ASP .NET Redirect
<script runat="server">
private void Page_Load(object sender, System.EventArgs e)
{
Response.Status = "301 Moved Permanently";
Response.AddHeader("Location","http://www.new-url.com");
}
</script>

JSP (Java) Redirect
<%
response.setStatus(301);
response.setHeader( "Location", "http://www.new-url.com/" );
response.setHeader( "Connection", "close" );
%>

CGI PERL Redirect
$q = new CGI;
print $q->redirect("http://www.new-url.com/");

Ruby on Rails Redirect
def old_action
headers["Status"] = "301 Moved Permanently"
redirect_to "http://www.new-url.com/"
end

University of Missouri officials said campus computer technicians confirmed a breach of a database last week by a user or users whose Internet accounts were traced to China and Australia.

The hacker accessed personal information of 22,396 University of Missouri-Columbia students or alumni who also worked at one of the system's four campuses in St. Louis, Kansas City, Rolla or Columbia in 2004.

The hacker obtained the information through a Web page used to make queries about the status of trouble reports to the university's computer help desk, which is based in Columbia. The information had been compiled for a report, but the data had not been removed from the computer system.

In January, a hacker obtained the Social Security numbers of 1,220 university researchers, as well as personal passwords of as many as 2,500 people who used an online grant application system.

The university is contacting people affected by the latest breach and providing instructions on how to monitor their credit reports and other financial records for suspicious activity, officials said.

Symantec Corp. researchers Friday warned of an in-the-wild Trojan horse that poses as a Windows activation program to dupe users into entering credit card information in an attempt to reanimate their machines.

Dubbed Kardphisher, the Trojan is nothing much technically, reported Takashi Katsuki, a Symantec researcher. But its author has "obviously taken great pains to make it appear legitimate."

Once the Trojan's installed, it throws up an official-looking screen that claims the user's copy of Windows was activated by someone else. "To help reduce software piracy, please re-activate your copy of Windows now," the screen reads. "We will ask you for your billing details, but your credit card will NOT be charged."

Selecting "No," said Katsuki, shuts down the PC. "Yes," meanwhile, takes the user to a second screen where he or she is asked to enter her name and credit card information, which is then transmitted to the hacker's server. "This Trojan teaches us all a good lesson," added Katsuki. "Trust no one."

Software maker Microsoft Corp. asked search engine operator Yahoo Inc. to re-enter formal negotiations for an acquisition that could be worth $50 billion, the New York Post reported on Friday.

At the time The search and advertising industry could change drastically over the next year if Microsoft has its way with Yahoo. In the last several weeks, it was well publicized that Microsoft and Google went head on in a bidding war for Internet advertising giant DoubleClick. Eventually, Google won and settled with DoubleClick for roughly $3.1 billion -- a sum that had analysts questioning Microsoft's true motives.

of the acquisition, Microsoft had roughly $25 billion of available cash in its bank; more than double that of Google's $11.9 billion. Observing these figures, it was odd to see Microsoft back out of a deal it could easily win. "The best side to be on in a bidding war is the losing side," said legendary Wall Street tycoon Warren Buffet. Buffet is implying that the loser in a bidding war has forced the winner to over-pay for something.

Today, Forbes is reporting that Microsoft is in negotiations with Yahoo for a possible acquisition that could be worth $50 billion. According to the report, Microsoft is feeling greater pressure to compete in the online advertising space. Just recently, Yahoo announced its acquisition of online advertising firm Right Media for $680 million. While this is far from Google's $3.1 billion expense on DoubleClick, it does indicate that Yahoo is already quite a force in online advertising.

Another sticking point for Microsoft is the fact that both Google and Yahoo are ahead of the game when it comes to search. Microsoft has been playing catch up to Google and Yahoo with MSN Search, but having Yahoo under its belt would surely set the company onto a different playing field altogether.

Despite an impending deal with Yahoo, Microsoft hasn’t taken its eyes completely off the Google – DoubleClick deal. Microsoft is loudly voicing its opinion against the deal and has asked regulators to carefully monitor the acquisition.

AMD prepares its Phenom FX, Phenom X4 and Phenom X2 lineups for launch

AMD is preparing the launch of its next-generation K10-derivedStars-family single, dual and quad-core processors. The next-generation Stars-family splits into three different brand names – Phenom, Athlon and Sempron. Ringing in the flagship are three Agena FX-based AMD Phenom FX processors. AMD has yet to confirm clock speeds for the three models; however, the latest roadmap reveals ballparks for the processors.

The top-end AMD Phenom FX processor clocks in the 2.4-2.6 GHz speed range. Slotting below the top-end Phenom FX is a 2.2-2.4 GHz model. These two models occupy AMD’s upcoming Socket 1207+ and current Socket 1207 Quad FX platforms. AMD also has a Phenom FX for single-processor customers as well, clocked at 2.4-2.6 GHz.

AMD further differentiates its Phenom FX processors with different Hyper Transport 3.0 clock speeds. The flagship 2.4-2.6 GHz model features a 3.6 GHz HT 3.0 clock speed while the two 2.2-2.4 GHz models have a lower 3.2 GHz HT 3.0 clock. All three models share the same 4x512KB L2 cache and 2MB L3 cache configuration. AMD has yet to determine the TDP of its Phenom FX processors.

Catering towards high-end user are two Socket AM2+ AMD Phenom X4 processors. AMD remains undecided on its model numbers; however, clock speeds on the Agena-based Phenom X4 processors are set. The two AMD Phenom X4 processors clock in at 2.4 GHz and 2.2 GHz. These models share the same 4x512KB L2 cache and 2MB L3 cache configuration as the Phenom FX processors.

HT 3.0 speeds differ on the two models, the 2.4 GHz features a 3.6 GHz HT 3.0 speed while the 2.2 GHz model features a 3.2 GHz HT 3.0 speed. AMD rates the Phenom X4 processors with 89W TDPs. AMD plans to start taking orders for its Phenom FX and Phenom X4 processors in Q3’2007. "Road Map and full article"

Cold fusion, the ability to generate nuclear power at room temperatures, has proven to be a highly elusive feat. In fact, it is considered by many experts to be a mere pipe dream -- a potentially unlimited source of clean energy that remains tantalizing,  but so far unattainable.

However, a recently published academic paper from the Navy's Space and Naval Warfare Systems Center (Spawar) in San Diego throws cold water on skeptics of cold fusion. Appearing in the respected journal Naturwissenschaften, which counts Albert Einstein among its distinguished authors, the article claims that Spawar scientists Stanislaw Szpak and Pamela Mosier-Boss have achieved a low energy nuclear reaction (LERN) that can be replicated and verified by the scientific community.

Cold fusion has gotten the cold shoulder from serious nuclear physicists since 1989, when Stanley Pons and Martin Fleischmann were unable to substantiate their sensational claims that deuterium nuclei could be forced to fuse and release excess energy at room temperature. Spawar researchers apparently kept the faith, however, and continued to refine the procedure by experimenting with new fusionable materials.

Szpak and Boss now claim to have succeeded at last by coating a thin wire with palladium and deuterium, then subjected it to magnetic and electric fields. The researchers have offered plastic films called CR-39 detectors as evidence that charged particles have emerging from their reaction experiments.

The Spawar method shows promise, particularly in terms of being easily reproduced and verified by other institutions. Such verification is essential to widespread acceptance of the apparent breakthrough, an important precursor to scientists receiving the necessary funding to fuel additional research in the field.

An external computer hard drive containing the personal, bank and payroll information of up to 100,000 former and current Transportation Security Administration (TSA) employees was reportedly stolen from a human resources office in Crystal City, VA.  The Federal Bureau of Investigation and U.S. Secret Service are now helping the TSA investigate the theft -- FBI is conducting the investigation, with the Secret Service conducting a "forensic review of equipment and facilities."

The TSA learned about the missing hard drive sometime Thursday, but the agency informed possibly affected employees Friday evening -- a delay which has upset some employees.  TSA spokesperson Ellen Howe reassured agency employees by stating the TSA was "not trying to stall."

"TSA has no evidence that an unauthorized individual is using your personal information, but we bring this incident to your attention so that you can be alert to signs of any possible misuse of your identity," said Kip Hawley, TSA Administrator.

The TSA is unaware if the hard drive has left its premises.  The hard drive contained sensitive information on employees who worked for the TSA from January 2002 until August 2005.  The agency employs almost 50,000 people and is the agency responsible for securing transportation systems in the country, including airports and railroads.

Letters were sent out to all affected employees promising one year of credit monitoring services.

Online video network Joost landed programming deals with Turner Broadcasting System Inc., Sony Pictures Television and Hasbro Inc., as it prepares to launch to the public later this month.

The service, founded by the creators of Internet phone service Skype and file-sharing service Kazaa, aims to be for the Internet what cable television is to living rooms by offering feature-length, higher-quality videos.

Joost differs from the snack-sized fare of video clips uploaded by users of top online video service, Google Inc.'s YouTube, which streams some 100 million videos over the Web on a daily basis.

"There's a huge hunger for long-form, high-quality online entertainment content," Yvette Alberdingk Thijm, executive vice president of content strategy at Joost, said.

Turner, a division of the world's largest media company Time Warner Inc., will offer Joost shows from news network CNN and Adult Swim.

Sony Pictures Television, a unit of electronics maker Sony Corp., will offer vintage shows from its archives including episodes of "Charlie's Angels," "Spiderman," "Starsky & Hutch" and "NewsRadio."

The announcement of more programming partners comes a day after Google responded to a $1 billion lawsuit brought on by Viacom Inc., charging the company with willfully infringing on its copyrights.

Google Inc. and MySQL AB are close to finalizing a deal that could find the open-source database vendor incorporating powerful features created by the search giant into future versions of the popular database.

On Monday, Google publicly released the source code for several custom features it had built in-house to enhance the performance and reliability of its search engine. The add-ons were released via the General Public License (GPL).

Google’s announcement, done without MySQL and on the eve of MySQL’s annual worldwide conference in Santa Clara, Calif., appeared to be a subtle attempt to put pressure on MySQL to add the features to the official version of the software, something the company has until recently been loath to do.

Since then, sources say Google has signed a Contributor License Agreement (CLA), a key legal document required by MySQL to accept source code from outside companies or developers and port it to its popular database, reportedly used in 11 million servers worldwide.

Google is widely believed to be the largest MySQL user in the world, with hundreds or even thousands of MySQL servers running in data centers around the world.

What remains to be worked out are the exact features that Google will transfer to MySQL and the compensation MySQL will offer in return, which could range from symbolic gifts such as T-shirts to monies up to hundreds of thousands of dollars, said Steve Curry, a MySQL spokesman. Curry declined to confirm the status of the deal.

Read More

Around $1.7 billion of unpaid VAT did not appear on a U.K. Revenue and Customs debt case management system because of a failure to transfer data from the main VAT computer system, legislators have been told.

Edward Leigh, chair of the powerful Commons public accounts committee, highlighted a series of problems with major government IT projects in a parliamentary debate on the committee's inquiries

He told MPs: "We found that not all information on VAT debt recorded on the main VAT computer system had been transferred to the so-called trader register.

"That may appear to be an obscure point, but it meant that some $1.7 billion of debt failed to appear on the debt case management system. That is hardly a first-rate example of financial management by a department that should be at the forefront of such matters."

Leigh cited evidence given to the committee earlier this month by Ian Taylor, a past president of the Chartered Institute of Purchasing and Supply who is now director of the center for procurement performance at the Department for Education and Skills.

Taylor had told the PAC "that in his view, public sector people are every bit as skilled as those in the private sector, but the information systems in the public sector are so bad that no private sector firm could afford to put up with them. They would simply go out of business," Leigh said.

The committee chair added: "They do not provide the data that public sector leaders need to manage effectively or to develop robust strategies for delivery."

Leigh also hit back at the government after it attempted to deflect criticism of the NHS's $23.4 billion IT program by claiming that a damning PAC report was based on "out of date" findings by the National Audit Office.

The PAC warned that the NHS scheme was unlikely to deliver significant benefits, unless there was a fundamental change in the rate of progress on the 10-year project. 

The committee chair told MPs he had spoken to Sir John Bourn, head of the NAO, to put a timescale on the auditors' promised -- and unprecedented -- second examination of the project. "Following my encouragement, we are to have another NAO report on the NHS computer in the next year so that we can have an update to check whether all the excellent recommendations of the NAO and the PAC... are being carried out."

Responding to the debate -- which also touched on the IT fiasco at the Rural Payments Agency that is estimated to have cost $940 million -- Treasury minister John Healy gave an indication that the government might reconsider its hardline stance against making public the findings of Office of Government Commerce "gateway reviews" of major IT schemes.

Microsoft Corp. is posting the final beta and first publicly available and feature-complete version of Windows Server "Longhorn," marking the final time the product will be available for testing and feedback before the long-awaited server update is available later this year.

Microsoft is making downloads of Longhorn Beta 3 available from the company's Web site, said Ward Ralston, senior technical product manager for the software. It's the first time that anyone who is interested can get their hands on the product, which has been in private beta release only until now.

It is also the first time users can get a look at the new scripting and command-line technology, Microsoft PowerShell, in the Longhorn server, he said. The technology, which allows administrators to more easily automate tasks across Windows servers on a network, was previously available as a separate add-on, but it will be built directly into Longhorn and is making its first appearance in a test version of the product.

Customers also can get a first look in Beta 3 at two new Longhorn features -- a new always-on firewall in Server Manager and an installation option called Server Core.

Server Manager in Longhorn is designed to keep the server firewall up 100% of the time, which means server administrators will have to unlock the firewall using the Server Manager console when they want to install components, he said. This allows administrators to install components needed for certain server roles, leaving anything extraneous out of the system.

The server also will intelligently know what dependencies and restraints the roles will have once installed, and it will configure the server automatically to run most effectively in those scenarios, Ralston added.

Server Core is a minimal installation option for Windows Server that installs only components for eight server roles -- out of a possible 18 -- on the server and automatically configures them for the most reliable performance. This limits the amount of code that needs to run on the server and should decrease the time needed for and the number of updates because the server will only need to be rebooted for updates related only to those roles, Ralston said.

Longhorn is due for final release sometime in the second half of the year, a time frame that was revised several times.

Legislation that would lift an online gambling ban imposed by Congress last year was introduced on Thursday by the chairman of the House Financial Services Committee.

Calling the Internet gambling prohibition "imprudently adopted," Democratic Rep. Barney Frank of Massachusetts outlined a bill to make it legal again for banks and credit card companies to make payments to online gambling sites.

"The fundamental issue here is a matter of individual freedom," Frank told a news conference, adding his committee would hold a hearing on the matter in June.

The bill includes provisions for licensing and regulating online gambling companies to protect against underage gambling, compulsive gambling, money-laundering and fraud.

But Frank conceded, "The votes aren't there to change it right away" and he listed only 11 co-sponsors in the 435-member House for lifting the ban.

Frank said his proposal could face opposition from religious conservatives, and from some liberals who find gambling "tacky." However, he also said the ban imposed by Congress had awakened many voters to the issue and predicted support for the bill could grow.

An anti-spam organization filed a federal lawsuit Thursday targeting so-called spam harvesters, who facilitate the mass distribution of junk e-mail by trolling the Internet and collecting millions of e-mail addresses.

The lawsuit was filed in U.S. District Court in Alexandria by a Utah company called Unspam Technologies Inc. The company runs a Web site called Project Honey Pot dedicated to tracking spam harvesters worldwide.

Project Honey Pot has collected thousands of Internet addresses that it has linked to spam harvesters, but it so far has been unable to link those addresses to an actual person.

The lawsuit names a variety of John Does as defendants, and the plaintiffs hope that the legal process will allow them to track the actual people who are harvesting the e-mail addresses, said lead attorney Jon Praed with the Arlington-based Internet Law Group.

Collecting e-mail addresses is not by itself illegal, but Praed said the plaintiffs will be able to link the harvesting to spam e-mails, which are illegal under federal and state laws. Those laws allow individuals who receive unwanted spam to seek civil damages.

Praed said legitimate businesses are afraid to post e-mail addresses on their Web sites for fear that automated Web crawlers will find the addresses, record them and sell them to spammers who will inundate them with junk e-mail.

Praed said the lawsuit will "focus on the worst of the worst," using information that Project Honey Pot has already collected and analyzed.

If you thought the Core micro architecture was a vast change from the Netburst Pentium 4 range, just wait until you get a look at what Nehalem has in store! With AMD ramping up the game as it seeds Fusion and other technologies to integrate more into the CPU core, we all wondered how Intel was going to react.

While the expressed details are still to be confirmed, we have learned that there are a lot of changes in store for Intel's upcoming platform, and that perhaps the ideas and methods adopted by the green camp weren’t so bad after all.

Firstly Nehalem will arrive in Q208 and is being designed from the ground up on the 45nm process. Intel has confirmed it will contain a variant of Hyper-Threading technology previously seen on the Pentium 4 CPUs, although it won’t be a hacked on addition in response to expected poor IPC and long pipeline, like it was in the Netburst days. SMT (Simultaneous Multithreading) is being optimised to make use of the many cores and shared cache in a way that “intelligently” uses the available resources.

Intel is aiming to have a scalable performance and core structure including 8+ cores with 16+ threads running. What gets very interesting is that Intel describes Nehalem as having a Multi-Level shared cache architecture, without specifically denouncing something along the lines of the L3-shared cache that AMD’s next generation Barcelona will have.

Integrated memory controller... on an Intel?

Say goodbye to the northbridge, because Nehalem will integrate the memory controller into the CPU core. Intel is finally ready to do what AMD has been doing for years with the K8 architecture - incorporate an on-die memory controller, to lower memory access latencies, reduce power consumption of the whole platform and make designing future motherboards far easier.

This could be be a marketing nightmare for Intel’s PR and the green camp is going to be rolling around the floor in fits of glee at this news, but respect to Intel for ultimately biting the bullet and making the right choice. That said, Intel was in a similar situation when it created the Pentium M and had to convince the market the MHz wasn’t the only performance rating that mattered after years of preaching the contrary – and that turned out to be one of the most successful moves for Intel in recent history.

By combining the architectural power of Core with an incredibly low latency memory controller and some super bandwidth DDR3 we should see massive gains in multi-core applications that are now suddenly freed of the northbridge front side bus (FSB) limitation.

Traditionally, Intel CPUs in a multi-core scenario had to queue and wait for the northbridge to serve commands to the memory, with the scenario getting progressively worse as the latency increases in every CPU you add.

A hacker managed to break into a Mac and win a $10,000 prize as part of a contest started at the CanSecWest security conference in Vancouver.

In winning the contest, he exposed a hole in Safari, Apple Inc.s browser. "Currently, every copy of OS X out there now is vulnerable to this," said Sean Comeau, one of the organizers of CanSecWest.

The conference organizers decided to offer the contest in part to draw attention to possible security shortcomings in Macs. "You see a lot of people running OS X saying it's so secure and frankly Microsoft is putting more work into security than Apple has," said Dragos Ruiu, the principal organizer of security conferences including CanSecWest.

Initially, contestants were invited to try to access one of two Macs through a wireless access point while the Macs had no programs running. No attackers managed to do so, and so conference organizers allowed participants to try to get in through the browser by sending URLs via e-mail.

Dino Di Zovie, who lives in New York, sent along a URL that exposed the hole. Since the contest was only open to attendees in Vancouver, he sent it to a friend who was at the conference and forwarded it on.

The URL opened a blank page but exposed a vulnerability in input handling in Safari, Comeau said. An attacker could use the vulnerability in a number of ways, but Di Zovie used it to open a back door that gave him access to anything on the computer, Comeau said. The vulnerability won't be published. 3Com Corp.'s TippingPoint division, which put up the cash prize, will handle disclosing it to Apple.

The prize for the contest was originally one of the Macs. But on Thursday evening, TippingPoint put up the cash award, which may have spurred a wider interest in the contest.

One reason Macs haven't been much of a target for hackers is that there are fewer to attack, said Terri Forslof, manager of security response for TippingPoint. "It's an incentive issue. The Mac is not as widely deployed of a platform as say Windows," she said. In this case, the cash may have provided motivation.

Vertical Computer Systems Inc. is suing Microsoft Corp. for patent infringement related to Microsoft's .Net framework for building Windows-based software.

Vertical filed suit April 18 in a U.S. District Court in Texas alleging that Microsoft has infringed on its Patent No. 6,826,744, for a "system and method for generating web sites in an arbitrary object framework."

The patent is for Vertical's SiteFlash technology, which utilizes XML (Extensible Markup Language) to create a component-based structure to build and efficiently operate Web sites, according to the company's Web site. A Vertical spokesman could not be reached for comment.

The complaint says Microsoft is still infringing on the patent despite Vertical having put Microsoft on notice about it on Feb. 7. Vertical is asking for a jury trial.

Vertical, based in Fort Worth, Texas, describes itself as a global Web services provider. It went public in 2000 but is not listed on a major stock exchange.

The Social Security numbers of 63,000 people who received Agriculture Department grants have been posted on a government Web site since 1996, but they were taken down last week. Free credit monitoring is being offered to those affected.

The Agriculture data that included Social Security numbers were removed from the Web on April 13 and similar data from 32 other agencies were taken down April 17 as a precaution, said Agriculture spokeswoman Terri Teuber.

A review has determined that none of the other 32 agencies had a similar problem, said Sean Kevelighan, spokesman for the Office of Management and Budget.

"There is no evidence that this information has been misused," Teuber added. "However, due to the potential that this information was downloaded prior to being removed, USDA will provide the additional monitoring service."

The breach was discovered by Marsha Bergmeier, president of Mohr Family Farms in Fairmount, Ill. "I was Googling my farm name at 11 p.m. when I couldn't sleep," she said in a telephone interview, and details of her land loan came up in the second listing of the Google search, a private Web site that reposted the government data.

The next morning, April 13, she contacted the Agriculture Department, her congressman, Rep. Tim Johnson, the private Web site and the Census Bureau and was surprised by how quickly they removed the personal information.

"If somebody downloaded it, it's still out there in the world," she said. "That will never be a private number again."

We recently spent quite a long time before deciding on our filtering solution. We required a number of things that it appears the big boys do not seem to understand.  Like the biggest and simpliest we have stated time and time again. If your email solution does not offer you a method of white-listing just leave!  We have stated this many times with AOL! Comcast and now even ATT have joined the list of "LAME" ISP's who simply do not understand the importance of this simple requirement for their users.

Anyone who seeks a new provider should ask! Do you use BrightMail or GoodMail? You should ask if they can offer another alternative? These propreitary applications have some issues which ComCast has reported as a glitch, give me a break, this is simply not the problem.

Server response to MAIL FROM:

550-64.4.207.8 blocked by ldap:ou=rblmx,dc=comcast,dc=net 550 Blocked for abuse. Please send blacklist removal requests to blacklist_comcastnet@cable.comcast.com - Be sure to include your mail server IP ADDRESS.

Great Article and Frustating ISP comments about ComCast.

Have some Fun here.

The point here is simple when big companies throw large dollars at a solution without alternative methods of adjustment for their clients, they are making a serious blunder.

The Database Publishing Wizard enables the deployment of SQL Server 2005 databases (both schema and data) into a shared hosting environment on either a SQL Server 2000 or 2005 server.

The tool supports two modes of deployment:

1. It generates a single SQL script file which can be used to recreate a database when the only connectivity to a server is through a web-based control panel with a script execution window.
2. It connects to a web service provided by your hoster and directly creates objects on a specified hosted database

The Database Publishing Wizard provide both a graphical and a command-line interface. In addition, it can integrate directly into Visual Studio 2005 or Visual Web Developer 2005.   "Get it here"

Security professionals said the bell has tolled for the WEP protocol, which is used as a default intrusion-prevention system for IEEE 802.11 wireless LAN Wi-Fi devices.

The troubled protocol suffered its first blow in 2001, when a flaw was revealed in the WEP protocol's RC4 key scheduling algorithm, which allowed radio sniffer programs to extract and inject wireless data packets from and into the network where statistical analyzers, known as WEP crackers, can recover the encryption key to unscramble the data. However, the WEP security key required about 4 million packets to be intercepted for it to be calculated. Now, security experts in Germany have claimed that they can outfox the beleaguered protocol in three seconds, down from the previous best of about five minutes, which kept up with changing security keys.

The experts said they can extract a 104-bit WEP key from intercepted data using a 1.7-GHz Pentium M processor so much faster that the process could be performed in real time by someone walking through an office. Bank of Queensland IT security manager Grant Slender agreed that the WEP protocol is lax and said he would not trust anything built on it.

"We don't use wireless technology, and we wouldn't rely on any form of built-in encryption; we would treat it akin to an untrusted Internet connection," Slender said. "We wouldn't put the same applications over wireless as we would for a cable connection because the wireless security standards have been compromised," he said. "It's simply easier for us to consider the WEP protocol untrusted."

Full Article

JavaScript coding errors and Web developers who are inexperienced at working with emerging programming techniques represent serious threats to the security of many Internet sites and the people who visit them, according to malware researchers.

Speaking at the ongoing ShmooCon hacker convention on March 24, Billy Hoffman, lead research engineer at Atlanta-based software maker SPI Dynamics, detailed what he views as an epidemic problem in today's online world. SPI markets penetration testing tools used by businesses to ferret out security issues from their online sites and applications.

The proposed threat is centered on the prevalence of JavaScript errors and insecure use of so-called Web services programming languages such as AJAX -- which combines asynchronous JavaScript with XML -- in many popular Web sites and applications.

In addition to opening holes in Web applications, Hoffman illustrated how JavaScript and AJAX-based tools can be used by hackers to find new vulnerabilities online, and build XSS (cross-site scripting) attacks that can move from one online domain to another, which he cited as a relatively cutting-edge malware development.

"In the last two years, we've seen JavaScript go from stealing cookies to doing key-logging, screen-scraping and all sorts of phishing attacks," Hoffman said. "JavaScript used to be something that was more annoying than anything, but now it's being used in port scanning, to create self-propagating malware and to steal browser histories."

The researcher, who said that JavaScript vulnerabilities are present in sites maintained by everyone from well-known online retailers to large financial services companies, demonstrated a proof-of-concept exploit based on a JavaScript flaw on CNN.com, and how it could be used to manipulate content on the news site's pages. The issue was reported in security forums several months ago, and sent to CNN by researchers, but it still hasn't been fixed.

Malicious-code writers are using the same techniques to create cross-site scripting threats -- malware attacks that inject code into end users' browsers via holes in legitimate sites -- to mislead consumers into handing over their passwords and giving hackers access to their personal information, according to the researcher.

PayPal and MySpace.com are among the major Web properties that have been targeted by major JavaScript-based XSS attacks in recent months. More Here

Almost 70 percent of all electronic mail from Asia is "spam", or unsolicited advertisements, an anti-virus firm said Friday.

The Philippines had the worst record with spam making up 88 percent of all emails, Symantec Corp. said in excerpts of its Internet Threat Security Report released here.

The average percentage of emails sent from the Asia-Pacific region that were spam was 69 percent, the report added.

Although the Philippines had the highest proportion of spam, China was the largest source of spam by sheer volume, the report said.

Thirty-seven percent of all spam detected from Asia-Pacific originated from China.

Symantec said in a statement that it could not provide the total number of e-mails monitored but that the results was based on data from over two million "decoy accounts" attracting email from 20 different countries.

A federal judge dealt a blow to Vonage Holdings Corp. that sent its stock reeling on Friday, when he agreed to bar the company from using Internet phone call technology patented by Verizon Communications Inc.

Vonage said it was confident its customers would not experience service interruptions, but investors sent its shares down nearly 26 percent.

U.S. District Judge Claude Hilton said he would delay signing the order for two weeks to give Vonage time to try to convince him to stay the injunction while it appeals the entire patent infringement case. "I will sign the injunction at the time I rule on the stay," Hilton said at a hearing.

Hilton agreed with Verizon that it would suffer irreparable harm if he allowed continued infringement of the Voice-over-Internet Protocol (VoIP) technologies that allow consumers to make calls over the Internet.

He rejected arguments by Vonage that the harm to Verizon, the No. 2 U.S. telephone company, was outweighed by other factors, including the public interest.

"I don't think it's going to kill Vonage," said Albert Lin, an analyst at American Technology Research. But he said the legal costs and management distractions were disruptive.

Another Trojan horse is spreading through the Internet telephone network of Skype Ltd.

The malicious code, known as both Warezov and Stration, is similar to an earlier version detected in February, but with a new URL (uniform resource locator) and a new version of the malicious code, according to an alert posted Thursday by Websense Inc.

Websense warns Skype users to watch for the message "Check up this," with a URL containing a hyperlink.

The code itself isn't self-propogating but when it runs, the URL is sent to everyone on the user's contact list.

When users click on the link, they are redirected to a site that is hosting a file named file_01.exe. Users are then prompted to run the file and if they do, several other files are downloaded and run. The downloaded files are other versions of the Waresov/Stration malicious code.

However, that server doesn't appear to be operating, according to Websense.

It's the early 21st Century, the United States is the reigning capital of computer attacks, hackers have become international crime rings, and you can buy a stolen credit card number for as little as $1 or a complete identity for $14.

This might read like near-future science fiction, but it's reality, according to a new security report released Monday by Symantec, covering the last six months of 2006.

The Internet Security Threat Report, issued twice yearly by the computer security firm, paints a grim picture. "Attackers are now refining their methods and consolidating their assets to create global networks that support coordinated criminal activity," the report stated.

While a recent report from McAfee showed that Internet domains from Romania, Russia, and the tiny island of Tokelau were among the riskiest in relative terms, the Symantec report found that the U.S. is the source of about 31 percent of all malicious computer activity, beating China (7 percent) and Germany (7 percent).

As for servers used for buying or selling stolen personal information, 51 percent were located in the U.S.

In most areas profiled in the report, the situation has gotten worse. Nearly 30 percent more computers are part of botnets than the previous six months. Trojans can take over a computer without the user knowing it, turning it into a zombie machine used for pumping out spam, launching denial-of-service attacks, or participating in other nefarious activities at the behest of the remote hackers.

On a given day in the period the report covered, there were an average of about 64,000 active bot computers, with China having the highest number.

If you thought you're seeing more and more junk mail, you're right. Spam makes up an astounding 59 percent of all email traffic, the report said, an increase of 5 percent over the first half of the year.

Intel privately shared parts of its roadmap for memory technologies through 2008. Intel’s progress on phase-change memory, PCM or PRAM, will soon be sampled to customers with mass production possible before the end of the year.

Phase-change memory is positioned as a replacement for flash memory, as it has non-volatile characteristics, but is faster and can be scaled to smaller dimensions. Flash memory cells can degrade and become unreliable after as few as 10,000 writes, but PCM is much more resilient at more than 100 million write cycles. For these reasons, Intel believes that phase-change memory could one day replace DRAM.

“The phase-change memory gets pretty close to Nirvana,” said Ed Doller, CTO of Intel’s flash memory group. “It will start to displace some of the RAM in the system.”

For its implementation of phase-change memory, Intel has since 2000 licensed technology from Ovonyx Inc.. The Ovonyx technology uses the properties of chalcogenide glass, the same material found in CD-RW and DVD-RW, which can be switched between crystalline and amorphous states for binary functions.

Every potential PCRAM memory maker thus far licenses Ovonyx technology. According to Ovonyx’s Web site, the first licensee of the technology was Lockheed Martin in 1999, with Intel and STMicroelectronics in the following year. Four years after that, Nanochip signed an agreement.  Elpida and Samsung were the next two in 2005, and Qimonda marks the latest with a signing this year.

Mozilla has issued another minor update to its Firefox 2.0 web browser. New for Firefox 2.0.0.3 is a single security fix that patches up a hole in the browser’s FTP PASV functionality. A malicious web page hosted on a specially-coded FTP server could use this feature to perform a rudimentary port-scan of machines inside the firewall of the victim.

Mozilla says that by itself this causes no harm, but information about an internal network may be useful to an attacker should there be other vulnerabilities present on the network. Also new in 2.0.0.3 are fixes to improve Web site compatibility.

The last time the Firefox was updated was less than a month ago when 2.0.0.2 was released to address issues with AutoComplete, how the "Save" dialog box displays for known file extensions, a bug where a mouse's scroll wheel would stop working, two memory leaks and a number of security-related concerns.

Firefox users can download 2.0.0.3 from Mozilla's homepage or use the auto update function within the browser.

PayPal has been dying! This has got the attention of the media. Which gets more attention from the general public. Which gets more attention of the media. Eventually it'll get the attention of law enforcement. With Enron and MCI going down, people realize again that just because you are a big publicly traded business doesn't mean you are honest. (FAR FROM IT!)

In addition, we've been getting interview requests from additional media. It started with Forbes several months ago. But as each of them pick up the story, so will 10 more. We now have reached "critical mass." We are too big to ignore anymore. So now the media has to pay attention. Now is the time to strike back harder than ever. Not with truck bombs or pipe wielding thugs but with our keyboards, telephones, and pens.

There are options here is but one.