Criminals have been able to hack into computer systems via the Internet and cut power to several cities, a U.S. CIA analyst said. Speaking at a conference of security professionals on Wednesday Jan 16 2008, CIA analyst Tom Donahue disclosed the recently declassified attacks while offering few specifics on what actually went wrong.

Criminals have launched online attacks that disrupted power equipment in several regions outside of the U.S., he said, without identifying the countries affected. The goal of the attacks was extortion, he said.

"We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands," he said in a statement posted to the Web on Friday by the conference's organizers, the SANS Institute. "In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."

One conference attendee said the disclosure came as news to many of the government and industry security professionals in attendance. "It appeared that there were a lot of people who didn't know this already," said the attendee, who asked not to be identified because he is not authorized to speak with the press.

He confirmed SANS' report of the talk. "There were apparently a couple of incidents where extortionists cut off power to several cities using some sort of attack on the power grid, and it does not appear to be a physical attack," he said.

Hacking the power grid made front-page headlines in September when CNN aired a video showing an Idaho National Laboratory demonstration of a software attack on the computer system used to control a power generator. In the demonstration, the smoking generator was rendered inoperable. The U.S. is taking steps to lock down the computers that manage its power systems, however.

On Thursday, the Federal Energy Regulatory Commission (FERC) approved new mandatory standards designed to improve cybersecurity.

Part 2 Spam E-Mail Fitering:

At this point to show the magnitude of spam we are eliminating. The screen shot is at the last step in the MTA, it is a fair sampling of how much is being eliminated even at this last step in the process after going through three levels above this. So while the numbers indicate a fair amount of spam before delivery to the mail domain. The screen shot is only one of our end point mail servers and is only a 46 hour sampling.

What is becoming hard to comprehend is the vast number of viruses. We have three different companies anti-virus scanners ahead of the end point mail server and you can see that the number still being eliminated at this the fourth level.  We have found that no single bit of anti-virus software on its own is acceptable. We use Avast, Symantec, Nod32, and Clam-D and find similar numbers at each level of the process. For the experts these scanners are not on the same machines in the MTA hub they are all passing through separate layers of the mail processing. 

At the bottom of the graph you can see how well grey-listing works with 956,710 senders being blocked in a 46 hour period. While 40,710 valid senders were approved.

At this layer we are very confident that spam high is garbage and is directed to the bit bucket. Spam Medium is simply stamped in the subject so the end user is assured not to lose anything even remotely questionable. The domain admin can change our default settings and chose to leave this in a junk folder on the server if they want another layer of filtering.

However our MTA MX hub already allow quarantine for 14 days for questionable emails so this layer is really the last or shake out layer before mail delivery. We are using the best technologies on available to protect our enterprise clients email and offer the best possible service level available at any cost. Yet we include this with every account hosted with us. If you are looking for $3.95 month hosting you will not find it. However, if you want serious enterprise level mail filtering you will certainly find we are committed to preventing spam from reaching your in-box. 

The war on spam wears on and a question from one of our users sparked this blog post. "What makes your spam filtering so dam great"?

Many hosts install spam assassin perhaps a bit of clam-av virus filtering and call it done. Maybe they enable grey-listing and then brag about the service level.

Now comes, the end user who understands almost nothing about any of this. They accept the market hype and take it as the gospel. They want to know nothing, they just do not want the spam filling up their in boxes. They feel this is something which should just happen. Which is why many hosts & ISP's just install spam assassin and say you have e-mail filtering. 

Yet other hosts & ISP's have this idea that just buying a Barracuda Firewall is the answer. After all someone told them Barracuda makes the best mail filtering device available. So booyah they are an instant expert. The success of the Barracuda firewall product, and the continual increase in spam are probably the reasons for an increase in email backscatter. Sadly, too many Barracuda Spam Firewall customers still enable auto-replies for spams that get blocked. This is not necessarily the fault of Barracuda firewall, but more of the administrators do not understand the impact of their actions. 

Most people send a limited number of messages to people who they have a relationship with. Spammers however send millions of messages to people who they have no relationship with. A real email message will keep retrying if the server isn't ready and will generally play by they rules. Spammers will try to circumvent the rules to try to deliver as many messages to as many people as possible. They try the back door before they try the front door and if the back door rejects them they move on. This is why grey-listing is important and blocks much of this behavior since most spam is not sent out using RFC compliant MTAs; the spamming software will not try again later.

While grey-listing is important, it like spam assassin can only answer part of the mail filtering scheme. Understand that the war on spam is waged against people who make their living off making it to your in-box. This typically makes no standard canned code or device on its own merit enough to prevent the well armed spammer from be successful.

To make matters worse many desktops around the world are nothing more than the instruments of spammers with mal-ware being inserted turning their machines into zombies, Sophos estimates half a million zombie PCs are operating worldwide. Given this conservative estimate of the volume of these zombie machines, it only seems logical that a desktop user cannot continue to assume that these things are all on the administrators who handle their mail.

The point of the article is why our mail filtering is better than other providers. Our intent is to offer a truly flexible efficient package, which supports features like MailScanner Spam Assassin, Razor, DCC, Pyzor, Grey-listing and Dynamic Bayesian indexing from our pool. We believe that putting as many features as possible directly in the hands of the domain email administrator is the right approach to take and we stand by that.

While we are focused on the windows platform for our mail servers due to the fact that SmarterMail is one of the best email server packages available. We also understand that Linux servers are currently better suited to the tools available for mail filtering. We work day and night to provide the best mix, while capitalizing on the strengths of each and ignoring any weakness each platform might have. Our email filtering is performed by collection of clustered servers with a single purpose, filtering the unwanted email while still allowing the valid email to quickly transit the MTA.

Email and Alias Forwarding!

Why is it being blocked to AOL and ComCast Accounts?

The Problem defined below is the same for Comcast and AOL!

1. You setup an auto forwarder from your domain to your AOL email account (you@yourdomain.com -> you@aol.com).
2. Your customers send emails to you@yourdomain.com and the emails gets forwarded to you@aol.com
3. One day you receive some spam at you@yourdomain.com, which was auto forwarded directly to you@aol.com.
4. You open your you@aol.com mail box and see the spam, so click to Mark it as SPAM and add it to your AOL spam filter .
5. AOL's spam filter does not register the originator of the email as the spammer - instead, it registers the last place the email came from as the spammer. And in this case and the last place the email came from is our email server which hosts you@yourdomain.com.
6. AOL will then blacklist the entire mail server, so that no one can send email to any AOL email accounts.

You need to login to your email admin and go through your email accounts and take off any forwarding that forwards email to AOL or Comcast account. Also check to make sure your email Alias is not forwarding to AOL or ComCast email account.

It is stated to be an inconvenience by many users. The fact that this means you only need to add another account in your mail client (i.e.) Outlook, Outlook Express, or whatever client you use. If your mail client does not support checking multiple accounts you should have quit using it long ago.

Our blocking is necessary in order to protect all of our valuable customers from being blacklisted by AOL by the action of one or two users who think that blocking spam using Comcast or AOL filtering is the right approach. Though the concept is unproductive by using that mark as spam button, they are only shooting off their own foot, and any legitimate mail that server may be sending.

AOL & ComCast certainly does nothing to investigate the source of the spam and would rather shut down a server than take a minute to check it out. It's unfortunate but is in everyone's best interests.

Greylisting is a new weapon to use against spam in this great war being waged upon it. With this new shielding method, by which you may block out huge amounts of spam, you are sure to please your email clients!

In name, as well as operation, greylisting is related to whitelisting and blacklisting. What happen is that each time a given mailbox receives an email from an unknown contact (ip), that mail is rejected with a "try again later"-message (This happens at the SMTP layer and is transparent to the end user). This, in the short run, means that all mail gets delayed at least until the sender tries again - but this is where spam loses out! Most spam is not sent out using RFC compliant MTAs; the spamming software will not try again later. {More}

Evan Harris
Greylisting FAQ (Texas A&M University)
Greycasting: a distributed heavy duty greylisting implementation
The Next Step in the Spam Control War: Greylisting

The term "backscatter" is also used to describe a side-effect of email spam, viruses and worms. In this context, an alternate, more distinguishing term ("outscatter") is also used, since the traffic isn't directed to the original destination, but to a third party instead. Since a 2002 Klez variant, a large proportion of malignant email is sent with a forged sender address, but some mail servers do not take this into account. They generate bounce messages for spam or viruses - which of course go to an innocent party.

Since these messages were not solicited by the recipients, are substantially similar to each other, and are delivered in bulk quantities, they themselves can qualify as unsolicited bulk email or spam. As such, systems that generate e-mail backscatter can end up being listed on various DNSBLs and be in violation of ISPs Terms-of-Service for being abusive.

Due to controversial aspects of its design, the stock (unpatched) qmail mailserver is more likely than most to produce such bounces. For instance, qmail's "wildcard" delivery mechanism and security design prevents it from rejecting messages during SMTP transactions. When email addressed to nonexistent recipients can't be rejected at the SMTP connection, the only alternative is to auto-reply to the sender address, which causes email backscatter if the sender address is valid and forged.

• Postfix - backscatter page
• SpamLinks - Backscatter
• RFC 3834: Recommendations for Automatic Responses to Electronic Mail.
• Moronic Mail Autoresponders (A FAQ From Hell)
• Why are auto responders bad?
• A DNSBL of Backscatter sources.
• Dontbouncespam.org Why you shouldn't bounce spam

SWsoft announced it has acquired WebHost Automation Ltd., maker of the Helm control panel and billing software for Windows with nearly 1.5 million end users worldwide. WebHost Automation is based in Bristol, U.K.

The acquisition adds more Windows platform expertise to SWsoft, a Microsoft Gold Certified Partner, and strengthens its position as a provider of Windows-based automation software solutions.

"By integrating Helm into the SWsoft family of automation and virtualization solutions and partners through our Open Fusion initiative, Helm customers will be able to take advantage of a wider array of solutions and new business opportunities such as software as a service (SaaS)," said Serguei Beloussov, CEO of SWsoft.

For SWsoft, the acquisition adds a significant worldwide customer base, including strong positions in the U.K. and South America. It also extends the reach of independent software vendors (ISVs) who package their software using the Application Packaging Standard (APS) to more end users who can take advantage of their software solutions. Helm customers benefit from an increased range of automation solutions from SWsoft.  Full Article

The IE team has been very hard at work on IE 8 for the past several months and they hit a huge milestone last Friday evening. The IE dev team checked in a bunch of code that included several new features implemented in the core rendering engine that enable IE to pass the ACID 2 test! This is great news for web developers: IE 8 is going to be our most standards compliant browser to date. Passing ACID 2 is really a combined side effect of all the new features that have been developed for IE 8.

In this interview, I sit down with IE GM Dean Hachamovitch and Architect Chris Wilson to discuss this milestone and dig into compliance in general, lessons learned from IE 7 and discuss the IE team's ultimate goal of de facto interoperability. Of course, no Channel 9 interview is complete without meeting some of the devs who actually write technology so we take a walk from Dean's office to super developer Alex Mogilevsky's office to discuss what's been done to provide IE with the core rendering features that enable IE 8 to pass the ACID 2 test. We also chat with CSS guru Markus Mielke who was instrumental in identifying and planning the feature set required to pass ACID 2. Learn More at channel9

Microsoft Corp. posted a tool to its download site today that will block automatic installations of several upcoming service packs, including Vista Service Pack 1 and Windows XP SP3.

The download includes three versions of the tool -- an executable, a script and a group policy template -- that prevents the service packs from reaching PCs via Windows Update, Microsoft's default update service.

The tool blocks Windows Vista SP1, Windows XP SP3 and Windows Server 2003 SP2 for varying lengths of time. Vista SP1 and XP SP3 can be blocked for as long as 12 months after the service packs are released in final form, while the Server 2003 SP2 blocker bars the download only through March 2008.

The Windows Service Pack Blocker Tool Kit can be downloaded from the Microsoft Web site.

By an overwhelming margin -- 409 to 2 -- the U.S. House of Representatives passed new legislation on Thursday aimed at making the Internet safer for children. The Securing Adolescents From Exploitation-Online (SAFE) Act was sponsored by Texas Democrat Nick Lampson, one of the founding members of the House Missing and Exploited Children's Caucus.

Among other things, the legislation imposes significant fines on Internet service providers (ISPs) that fail to report evidence of child exploitation to the National Center for Missing and Exploited Children. According to a press release from Rep. Lampson's office, ISPs would be fined $150,000 per incident per day for first offenses, and $300,000 per incident per day for second and succeeding offenses.

"We are not trying to make these (Internet providers) spies on what they put out there," Lampson said in the statement, "but there are plenty of ways information can be gleaned from what you see on the Internet and if that is illegal, we want it reported to law enforcement."

The requirements of the legislation, if it takes effect, could impose significant regulatory burdens on affected sites. In addition to reporting possible violations to NCMEC, ISPs and covered sites would be required to preserve the images themselves (normally itself a violation of federal law), as well as preserving information about when the images were accessed and any available information about the individual who downloaded them.

As it is currently drafted, the legislation applies not merely to photographs of minors engaged in sexual activity (which is clearly child pornography), but also more subjective material, including photographs of minors in provocative poses and sexually explicit cartoon drawings depicting minors. Many question whether ISPs should be put in the uncomfortable position of determining whether borderline material should be reported, much of which may not even be criminal.

Some developers write SQL amazingly fast. Do you want to know their secret? It's SQL Prompt. This is a must-have tool for all T-SQL developers.

SQL Prompt automates the retrieval of database object names, syntax and snippets as you write, intelligently offering only appropriate code choices. In addition to displaying the object creation-SQL script, SQL Prompt is highly customizable so you can make it perform exactly the way you want.

Using SQL Prompt will improve your productivity and dramatically reduce your time at the keyboard. See the animation below displaying a typical scripting event and how much effort and time SQL Prompt can save you.  Download and Learn More!

Microsoft said Monday that a flaw in the way its Windows operating system looks up other computers on the Internet has resurfaced and could expose some customers to online attacks. Security Advisory

The flaw primarily affects corporate users outside of the U.S. It could theoretically be exploited by attackers to silently redirect a victim to a malicious Web site.

Microsoft originally patched this flaw in 1999, but it was rediscovered recently in later versions of Windows and was then publicized at a recent hacker conference in New Zealand. "This is a variation of that previously reported vulnerability that manifests when certain client side settings are made," said Mike Reavey, a group manager at Microsoft's Security Response Center.

The bug has to do with the way Windows systems look for DNS (Directory Name Service) information under certain configurations.

Any version of Windows could theoretically be affected by the flaw, but Microsoft issued an advisory Monday explaining which Windows configurations are at risk and offering some possible workarounds for customers. The company said it is working to release a security patch for the problem.

• Customers who do not have a primary DNS suffix configured on their system are not affected by this vulnerability. In most cases, home users that are not members of a domain have no primary DNS suffix configured. Connection-specific DNS suffixes may be provided by some Internet Service Providers (ISPs), and these configurations are not affected by this vulnerability.
 
• Customers whose DNS domain name is registered as a second-level domain (SLD) below a top-level domain (TLD) are not affected by this vulnerability. Customers whose DNS suffixes reflect this registration would not be affected by this vulnerability. An example of a customer who is not affected is contoso.com or fabrikam.gov, where “contoso” and “fabrikam” are customer registered SLDs under their respective “.com” and “.gov” TLDs.
 
• Customers who have specified a proxy server via DHCP server settings or DNS are not affected by this vulnerability.
 
• Customers who have a trusted WPAD server in their organization are not affected by this vulnerability. (See the Workaround section for specific steps in creating a WPAD.DAT file on a WPAD server.)
 
• Customers who have manually specified a proxy server in Internet Explorer are not at risk from this vulnerability when using Internet Explorer.
 
• Customers who have disabled 'Automatically Detect Settings' in Internet Explorer are not at risk from this vulnerability when using Internet Explorer.
 

Using 'Normal' or active mode FTP, a client begins a session by sending a request to communicate through TCP port 21, the port that is conventionally assigned for this use at the FTP server. This communication is known as the Control Channel connection.

Using "normal" FTP communication, the client requestor also includes in the same PORT command packet on the Control Channel a second port number that is to be used when data is to be exchanged; the port-to-port exchange for data is known as the Data Channel. The FTP server then initiates the exchange from its own port 20 to whatever port was designated by the client. However, because the server-initiated communication is no longer controlled by the client and can't be correlated by a firewall to the initial request, the potential exists for uninvited data to arrive from anywhere posing as a normal FTP transfer.

Using passive FTP, a PASV command is sent instead of a PORT command. Instead of specifying a port that the server can send to, the PASV command asks the server to specify a port it wishes to use for the Data Channel connection. The server replies on the Control Channel with the port number which the client then uses to initiate an exchange on the Data Channel. The server will thus always be responding to client-initiated requests on the Data Channel and the firewall can coorelate these.

Defined:

Active FTP :
     command : client >1023 -> server 21
     data    : client >1023 <- server 20

Passive FTP :
     command : client >1023 -> server 21
     data    : client >1023 -> server >1023

One of several new features in Windows Live Messenger 9.0 will have a new security feature to report users who send unsolicited messages, known as SPIM (spam over IM).

After compiling a list of IM contacts, hackers try to trick users into clicking links. Those links can often launch an unwanted installation of spyware or other malware via a browser vulnerability or other security hole.

Liveside published other new details of Messenger 9.0 on Wednesday but then deleted the post on Thursday. It wasn't entirely clear why the site decided to delete the post, but it could be retrieved via Google's cache.

We received many questions about SQL 2005 Express though number 1 is always DTSwizard is gone! Well no not really it is harder to understand than in SQL 2000 as the gui is simply not as straight forward.

If you look at your files this path C:\Program Files\Microsoft SQL Server\90\DTS should be present.

If you do not have this path you may need SQLServer2005_DTS.msi If you try this as I did it appeared to do nothing at all. I checked to make sure that I had IIS running on the desktop and installed that. Still no luck, so some searching offered another link which did the trick. SQLEXPR_TOOLKIT.EXE After you install this then run the DTS.MSI again. Just go to C:\Program Files\Microsoft SQL Server\90\DTS\Binn\DTSWizard.exe

You should then see a very friendly wizard that really is not that different from SQL 2000.

Advanced Micro Devices will launch an unlocked "Black" edition of its Phenom processor later this quarter, and the company disclosed the approximate pricing of Phenom chips the company will launch in the first quarter of 2008.

In an email, an AMD representative confirmed that the 2.6-GHz AMD Phenom 9900 will be launched in the first quarter 2008 at under $350 in 1,000-unit lots. A 2.4-GHz 9700, which has already begun appearing on e-tailer sites for preorders, will be priced below $300, in the same quantity.

AMD did not disclose the price of the 2.3-GHz "Black" Phenom that it plans to release this quarter.

AMD has struggled to regain its performance lead against Intel that it enjoyed during the heyday of the Athlon X2. The discrepancy between price, performance, and the revenue needed to fund future generations of products have left some to speculate if the company is doomed.

Topping the P35 Express won't be easy, but Intel has a few tricks up its sleeve with the X38. Chief among them is next-gen PCI Express 2.0 connectivity—a first for desktop chipsets—with enough lanes for dual-x16 CrossFire configurations. As is customary for its high-end chipsets, Intel has also rolled out memory controller optimizations that promise faster performance and support for higher DDR3 memory speeds.

To find out whether these perks are enough to elevate the X38 Express over its blue-collar P35 sibling, we've run the first X38 boards from Asus and Gigabyte through a relentless series of memory controller, application, and peripheral performance tests. Read on to see how the X38 fares and what you can expect from the first wave of motherboards based on this new chipset. Full Article Here

The Maximus Extreme also adopts the Intel X38/ICH9R chipset and supports cutting-edge DDR3 dual channel memory and CrossFire Technology - making it the Overclocker and Gamer´s first and best choice.

- Intel® Quad-core CPU Ready
- Intel® Core™2 Extreme / Core™2 Duo Ready
- Intel® X38/ICH9R
- Dual-channel DDR3 1800(O.C.)/1600(O.C.)/1333/1066
- Fusion Block System
- Crosslinx
- Extreme Tweaker
- SupremeFX II
- LCD Poster
- CPU Level Up

LGA 775
45 nm CPU ready
Intel® X38 Express
FSB 1600
Dual DDR2 1066/800
PCI-E X16
SATA 3G RAID
PCI-E GbE
IEEE1394
7.1 CH HD Audio
SilentOTES™
µGuru™ Tech
RoHS Compliancy

Solid State Capacitors - For Best Stability
New Generation Digital PWM - Cool and statble
Onboard On/Off & Reset Buttons
External CCMOS Button
Extendor Silent Dual Pipe Cooling
2 x eSATA - Fast & fiexible
PCI-E 2.0 with CrossFire

 
     Intel® X38 + ICH9R Chipset
Supports Intel® Core 2™ multi-core and upcoming 45nm processors
Support for 1600 MHz FSB.
Dual DDR3 1600 memory with Intel® XMP , featuring faster speeds and performance tuning.
High quality CPU power module with Ferrite Core Chokes, Lower RDS (on) MOSFETs and Lower ESR Solid Capacitors.
Re-engineered Thermal Design featuring All Copper Silent-Pipe and Crazy Cool.
Japanese manufactured SMD All Solid Capacitor motherboard design.
Supports CrossFire™ with Dual PCI-E 2.0 x16 graphics for extreme gaming performance.
Features SATA 3Gb/s with Quad eSATA 2 interface .
ALC889A with DTS Connect enables high quality Full Rate Lossless Audio and support for both Blu-ray and HD DVD.
Quad BIOS for an extended level of protection.
Quad-Triple Phase Power Design for ultimate system stability.
Dual Gigabit Ethernet LAN with Teaming functionality.
Certified for Microsoft VISTA™ systems.

The notorious Russian Business Network has suddenly picked up from its St. Petersburg digs and diversified, spreading its unwholesome activity to new chunks of IP addresses, with RBN-like activity almost immediately appearing on newly registered blocks of Chinese and Taiwanese IP addresses, according to security company Trend Micro.

The Internet presence for the RBN—a Russian ISP that's infamous for hosting shady and criminal businesses—blinked off at about 7 p.m. PST on Nov. 6, security researchers at Trend Micro reported the following day. The RBN's IP addresses can no longer be reached, since the routing for them no longer exists as of Nov. 8. In a posting, Trend Micro's Feike Hacquebord conjectured that the RBN's upstream providers may have yanked Internet connectivity services temporarily or even permanently.

Trend Micro has noticed RBN-like activity on blocks of IP addresses that were registered in China and other locations shortly before the RBN closed down the routes to its St. Petersburg addresses.

Full Article

Microsoft's emphasis on improvements to security features in Windows Vista may have undermined business adoption of the OS, as many business and enterprise customers are still holding off on upgrading to the OS nearly a year after its release to them.

Microsoft spent a good deal of time and money to ensure Vista's security after Windows XP and applications running on it proved susceptible to devastating worms like Blaster, Slammer and MyDoom. Though Microsoft released Windows XP Service Pack 2 to remedy some vulnerabilities, the company decided that security would be a top priority for the next major Windows release, said George Stathakopoulos, general manager of Microsoft's Response and Product Centers.

Microsoft made a crucial mistake in pushing and marketing something that many feel should be an inherent part of an operating system. Seems to be telling customers a feature of the OS was not right in a previous version and promoting that it's been improved in the new one. Full article

Breach Security, Inc., a leader in web application firewalls, announced today that the Breach Security WebDefend(TM) web application firewall has earned certification by ICSA Labs, an independent division of Verizon. WebDefend is one of the first web application firewall products to achieve this distinction.

On the open source end of the scale we have a project named ModSecurity. According to the Mod Security website (http://www.modsecurity.org), ModSecurity is an open source intrusion detection and prevention engine for web applications. Operating as an Apache Web server module, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.

The current version of ModSecurity is 1.7.6 with the 1.8 release slated for April 2004. You can grab the latest copy from http://www.modsecurity.org/download/index.html.  Ivan Ristic: is also involved with the Open Web Application Security Project and the Web Application Security Consortium. These are two organizations with similar goals - to increase awareness of web application security issues - but different ideas how to get there.

Since antivirus software must open and inspect data in hundreds, if not thousands, of file formats. One bug in the software that does this can lead to a serious security breach.The flaws found affect every major antivirus vendor, and many of them could allow attackers to run unauthorized code on a victim's system.

People think that putting one AV engine after another is somehow defense in depth. They think that if one engine doesn't catch the worm, the other will catch it! Actually you haven't decreased your attack surface; you've increased it because every AV engine has bugs.

Between 2002 and 2005, nearly half of the vulnerabilities that were discovered in antivirus software were remotely exploitable, meaning that attackers could launch their attacks from anywhere on the Internet. Today that percentage maybe closer to 80 percent.

Full Article

Once in awhile someone will disconnect from RDT and max out the number of connections. What do you do about this reboot the machine has been the rapid answer. Here is a little trick I picked up.

cmd

A distributor of online video content has filed a complaint with the U.S. Federal Communications Commission, asking the agency to stop broadband providers from blocking or slowing P-to-P traffic.

The petition filed by Vuze, which uses the BitTorrent P-to-P (peer-to-peer) protocol to distribute Web content, asks the FCC to set rules for network management by ISPs (Internet service providers). Vuze's filing late Wednesday follows reports last month that cable broadband provider Comcast slows some P-to-P traffic, including BitTorrent.

Earlier this week, a Comcast customer in California filed a lawsuit against the company, saying the provider has caused several Web-based programs to suffer performance problems. In late October, Public Knowledge and other members of the Open Internet Coalition filed a complaint about the alleged Comcast blocking with the FCC.

Vuze, based in Palo Alto, California, distributes video in partnership with movie studios and television networks including the BBC, Showtime and PBS. It also distributes PC games, music videos, and audio files. Company officials say the Vuze client has been installed by customers more than 12 million times since the company, formerly called Azureus, rebranded itself in January.

Windows NT/2000 does not come with a command-line 'kill' utility. You can get one in the Windows NT or Win2K Resource Kit, but the kit's utility can only terminate processes on the local computer. PsKill is a kill utility that not only does what the Resource Kit's version does, but can also kill processes on remote systems. You don't even have to install a client on the target computer to use PsKill to terminate a remote process.

Running PsKill with a process ID directs it to kill the process of that ID on the local computer. If you specify a process name PsKill will kill all processes that have that name.

usage: pskill [- ] [-t] [\\computer [-u username] [-p password]] <process name | process id>

Download here

SYMPTOMS
In Microsoft Windows Server 2003 and in Microsoft Windows XP, a program that uses the QueryPerformanceCounter function to query system time may perform poorly. For example, if you run the ping command at the command prompt, you may receive low or incorrect latency values.

Note This problem occurs on computers that are running an x64-based version of Windows or an x86-based (32-bit) version of Windows.

RESOLUTION
To resolve this problem, update the BIOS on the computer. Or, modify the Boot.ini file to use the /usepmtimer switch. To do this, follow these steps: 1. Log on to the computer by using an account that has administrative credentials.
2. Click Start, click Run, type notepad c:\boot.ini, and then click OK. 
3. In the Boot.ini file, a line that starts with "default" is located in the "[boot loader]" section. This line specifies the location of the default operating system. The line may appear as follows:
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
In the "[operating systems]" section, locate the line for the operating system that corresponds to the "default" line. For example, if the computer is running Microsoft Windows Server 2003, Enterprise x64 Edition, the line should resemble the following:
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows Server 2003 Enterprise x64 Edition" /fastdetect /NoExecute=OptIn
4. At the end of the line, add a space, and then type /usepmtimer. The line should now resemble the following.
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows Server 2003 Enterprise x64 Edition" /fastdetect /NoExecute=OptIn /usepmtimer
5. Save the file, and then exit Notepad.
6. Restart the computer.

The following is a sample Boot.ini file for a system that contains the /usepmtimer switch.
[boot loader]
timeout=0
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows Server 2003 Enterprise x64 Edition" /fastdetect /NoExecute=OptIn /usepmtimer

MS KB articles

http://support.microsoft.com/kb/833721    http://support.microsoft.com/kb/895980/

Phoenix Technologies Ltd., the world’s leading BIOS provider, has unveiled a new head turning product called HyperSpace.  No, it is not a new warp drive to allow Han Solo to break his record setting spice run from Kessel to Corellia. It is a virtualization product that claims to provide a faster, more secure, and battery efficient alternative to Microsoft Windows. 

HyperSpace is a layer of BIOS embedded software that makes it possible to instantly run applications independently of Windows.  These “instant-on” applications will be truncated versions of open-source programs and that are available before, during, and after Windows boot up and shut down.

Phoenix is targeting the portable PC market and seeks to capitalize on what critics say are the major faults of Windows: its size, speed, inefficiency, and poor security.  HyperSpace allows users to bypass the boot up process and instantly access their favorite applications, such as internet browsers, media players, word processors, and the like. It also promises to conserve battery life since Vista is notoriously power intensive. 

HyperSpace will add value to PC vendors by allowing them to remotely trouble shoot and restore customers’ computers.  It also promises to deliver a layer of embedded security that is stronger than the current standards. 

The product is based on a form of virtualization, called a hypervisor, that allows a machine to simultaneously run multiple operating systems.   Phoenix calls this HyperCore, and it is essentially a paired down hypervisor that uses a Zoned Virtual Machine Monitor (ZVMM) to run their core applications along side Windows.  Since HyperSpace is written into the BIOS firmware, its code is essentially secret and more secure argues Woody Hobbs, Phoenix CEO, in an interview with ComputerWorld. 

In the same conversation, Hobbs said Phoenix Technologies is working with unnamed PC vendors to make HyperSpace enabled computers available by the second quarter of 2008.  Phoenix has partnered with both Intel and AMD to take advantage of their processors’ built-in virtualization capabilities.  HyperSpace will be compatible with Intel’s Core 2 Duo, vPro, and Centrino processors.

Comcast Corp. acknowledged "delaying" some subscriber Internet traffic, but said any roadblocks it puts up are temporary and intended to improve surfing for other users.

The statement was a response to an Associated Press report last week that detailed how the nation's largest cable company was interfering with file sharing by some of its Internet subscribers. The AP also found that Comcast's computers masqueraded as those of its users to interrupt file-sharing connections.

Internet watchdog groups denounced Comcast's actions, calling it an example of the kind of abuse that could be curbed with so-called "Net Neutrality" legislation. It would require Internet providers to treat all traffic equally — as has largely been the case historically.

Comcast has repeatedly denied blocking any Internet application, including "peer-to-peer" file-sharing programs like BitTorrent, which the AP used in its nationwide tests.

On Tuesday, Mitch Bowling, senior vice president of Comcast Online Services, added a nuance to that statement, saying that while Comcast may block initial connection attempts between two computers, it eventually lets the traffic through if the computers keep trying.