Saturday, November 15, 2003

15 Seconds : Implementing Paging and XSLT Extensions Using XSLT in .NET - Part 1:
"When you have to display a large number of records, the common practice is to use data paging so the information can be presented in a more user-friendly manner. There are many solutions one can use to implement such a system, and each of them has its own advantages and disadvantages. One of the excellent ways of implementing this solution is using XML and XSL.…
One of the main benefits of XML is that it separates data from the presentation. By combining XML data with an XSL Transformation (XSLT) stylesheet, you can dynamically transform the XML data and present the information in any format you want. "


http://www.15seconds.com/issue/031105.htm
Digital Web Magazine - Features: User Interface Design for Web Applications
It’s a Different World from Web Site Design

This article could be also be titled “Things I Wish I'd Known Before Designing My Latest Web-Based Application.”

http://www.digital-web.com/features/feature_2003-11.shtml

Friday, November 14, 2003

New Windows Worm on the Way?:
"The cycle began Tuesday when Microsoft Corp. released its monthly passel of patches, including one for a flaw in the Workstation service in Windows 2000 and XP. A successful exploitation would give the attacker complete control of the compromised PC, Microsoft said.."

Less than 24 hours after Microsoft issued the fix, two members of the BugTraq security mailing list posted exploit code for the vulnerability. The author of one of the exploits said the code had been tested only on a Windows 2000 machine with Service Pack 4 installed and the FAT32 file system running. The other exploit is designed for machines running Windows XP. However, experts said it would take little effort to adapt the code for other Windows machines.

And, more importantly, the Workstation vulnerability appears to be a prime candidate for a worm."


http://www.eweek.com/article2/0,4149,1382096,00.asp?kc=EWNWS111403DTX1K0000599
News: Wireless dilemma: Security isn't cool:
"Wireless communication has dramatically changed the way people work and interact. Unfortunately, the wireless era also continues to be plagued by insufficient security, and both corporations and users are being put at risk."

http://zdnet.com.com/2100-1107_2-5105460.html
Evaluating the wireless networking options - TechUpdate - ZDNet:
"Now that wireless networking has been around for several years and is starting to mature, companies have a variety of wireless networking standards and products to choose from. There are long-distance products used to send data between buildings miles away and then there are the shorter range products that typically provide wireless networking services within an office building or a warehouse. Both of these areas have a lot of different products and standards available, and there is no way that I could discuss them all within one article. However, since Wi-Fi is the dominant wireless networking technology at the moment, I want to discuss the various Wi-Fi options available and how to choose between them. "

http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2914510,00.html
Wireless Toolkit - NOW - TechUpdate - ZDNet:
"Wireless Networks Toolkit - Now
Keep up on the latest wireless trends and products
Extend your network range
Support your wireless network "


http://techupdate.zdnet.com/networking_upgrades/wireless_now.html?tag=tu.nu.toplink5
News: Spam spike signals more junk e-mail:
"An e-mail security firm has warned that spammers may be increasing their assault on Web users, after detecting a rise in the amount of unsolicited junk messages sent across the Internet.

FrontBridge, which provides outsourced e-mail filtering services for companies, said this week that it detected a 15 percent increase in spam between the 14th and 18th October--which it believes is a sign that organized spammers are ratcheting up their activities.

'Users who until this point had remained spam-free are now reporting multiple messages per day,' said Craig Whitney, FrontBridge's European director. 'This latest jump in the volume of spam being generated just adds to the load that enterprises have to manage every day,' Whitney added. "


http://zdnet.com.com/2100-1105_2-5105526.html?tag=adnews
Under Attack!:
"The largest virus outbreak in history hit millions of computers around the world this past August. Even before Microsoft Corp. and millions of victims could find a way to cope with the Blaster worm and a spate of imitators and mutations, Sobig began to live up to its name—with a vengeance.

Headline-making malware—viruses, worms, and Trojan horses—have managed to find a surprising number of unprotected PCs, despite the computer industry and media repeatedly urging people to use antivirus and firewall software. Some of the computers Sobig attacked had outdated antivirus software installed or none at all. A May 2003 study for the National Cyber Security Alliance conducted by America Online concluded that 62 percent of broadband consumers were not running up-to-date antivirus (AV) software.

But AV software alone isn't enough these days: You need a firewall, too, and privacy controls and spam filtering can further protect you. The AOL study also showed that 67 percent of broadband consumers did not have properly configured firewalls.

All manner of malware has been spreading via friendly e-mails and—more irritating—through mail no one wants in the first place—spam. Using the latest method of infection, worms send themselves out to the Internet from infected systems. Where do the worms end up? They end up in machines without firewalls or AV software. Worms either include a tiny e-mail server to send themselves out—usually with a spoofed sender address obtained from address lists—or search for unprotected shared network drives where they can unload themselves.

Once malware hits your PC, the damage can take many forms. A true virus attaches itself to a file and replicates itself when you launch the file. A Trojan horse hides on your system to do its damage, which may involve sending private data to its creator. One particularly obnoxious type of Trojan horse is a dialer, which uses your modem to call a pay number, sticking you with the bill.

A worm will often send mail to everyone on your e-mail address lists or propagate itself on shared network drives. Even viruses that don't destroy your data can wreak havoc by slowing Internet service to a crawl or hogging system resources.

Some people couldn't care less about malware and Internet security, claiming they have nothing personal or valuable stored on their hard drives. But such attitudes actually contribute to the larger problem, as these people let their machines become overrun by malware. Although you may notice only a slowdown in performance of your unprotected PC, you could actually be helping to cause massive damage on the Internet: Many viruses take part in launching denial-of-service attacks on prominent Web sites. Silently, unprotected systems in homes and offices are doing the bidding of malware that works alone or is controlled remotely by its miscreant authors, attacking other sites and systems in the process.…"

http://www.pcmag.com/article2/0,4149,1373605,00.asp

Thursday, November 13, 2003

O'Reilly Network Weblogs: PTO Director Orders Re-Exam for '906 Patent:
"In what could be good news for the Web, the Director of the US Patent and Trademark Office has ordered a re-examination of the '906 patent, which was the subject of a patent infringement lawsuit this summer brought by Eolas against Microsoft.

Issued in 1998 to Michael Doyle of Eolas Technologies, the patent (#5,838,906) covers the ability to embed and control applications (or objects) in a web browser. Doyle succeeded in obtaining a $500M judgement against Microsoft. In the aftermath, Microsoft said that changes to the browser were necessary to work around paying royalties on the patent, and that these changes would impact developers who create and maintain web pages. Many believe that the patent would also affect other technologies such as Flash and Java as well, which are launched from a browser. "



http://www.oreillynet.com/lpt/wlg/3969
Holes Found in Online Job Search Privacy:
"Some career Web sites, recruitment services and automated job-application kiosks offer flimsy privacy protections and might even violate employment and credit laws, a report released Tuesday asserts."

Many job sites still let too much information from resumes posted online get into the hands of third parties through online "cookies" that monitor Web surfing, according to the report, led by Pam Dixon, formerly of the University of Denver's Privacy Foundation and now head of her own group, the World Privacy Forum.

The report also faults self-service job application computers commonly used by chain stores. It says they almost always demand social security numbers and perform background checks on applicants without clearly stating who will see the information.

Dixon is urging job seekers to demand more stringent privacy protections. She also wants the Federal Trade Commission and the Equal Employment Opportunity Commission to look more closely at how job sites and recruitment services handle information.

"Technology is in such a place right now where it really is at odds with Title 7," the employment-discrimination section of the Civil Rights Act, Dixon said. "I don't want to see that eroded at all."

Other prominent Internet watchdogs also participated in the investigation, including members of the Electronic Privacy Information Center and the Privacy Rights Clearinghouse.

The report says that even people who don't hunt for jobs online should be aware that many resumes, no matter how they are submitted, are processed through vast databases.

For example, Eliyon Technologies Corp., a private company in Cambridge, Mass., has a file of 16 million executives that it sells to headhunters, employers and companies seeking leads for sales pitches. Eliyon's Web site says its customers include IBM Corp., Microsoft Corp. and Time Warner Inc.

Eliyon's advanced software mines information about people from Web sites, press releases, Securities and Exchange Commission filings and other public sources. Dixon said she was surprised at the level of detail in an Eliyon search about her sister. Though the sister is not a public figure, the names of her children and husband were listed.

Dixon alleged that Eliyon has no clear method for people to correct or remove erroneous data. That makes it "an end-run around the Fair Credit Reporting Act," which requires that consumers be able to examine adverse information maintained about them in commercial files, she said.…

http://www.eweek.com/article2/0,4149,1379992,00.asp?kc=EWNWS111203DTX1K0000599
Microsoft Issues Security Patches:
"Hardest hit in this month's batch of patches is IE, which contains five newly discovered vulnerabilities. Three of the flaws are related to the cross-domain security model in the browser. This mechanism is meant to prevent windows in different domains from sharing information. However, these weaknesses allow an attacker to run script in the browser's My Computer zone, which typically does not carry the same level of security as the Internet zone might."

In order to exploit this flaw, the attacker would either need to entice the user into visiting a malicious Web site or opening an HTML mail message containing the attack code. This would let the attacker access data from other Web sites that the user has visited and read files on the user's machine, Microsoft said in its bulletin.

Another flaw in IE concerns the manner in which the browser passes zone data to XML objects. Like the other three vulnerabilities, this one also can be exploited via Web sites and HTML mail messages. However, the attack also requires that users agree to download an HTML file, which would let the attacker read local files on the user's machine, if he knows the exact location of the files.

The final weakness in IE affects drag-and-drop operations during dynamic HTML events. If a user clicked on a link supplied by an attacker, the attacker could save a file on a user's machine in an arbitrary location. All of these flaws affect IE 5.01, 5.5 and 6, including IE 6, Service Pack 1.

The batch of patches also addresses a buffer overrun flaw in Windows 2000 and XP that could allow an attacker to run arbitrary code on remote machines. The vulnerability is in the Workstation service in Windows and a successful exploitation would give the attacker complete control of the compromised PC, Microsoft said.

Windows XP users who have installed the patch for MS03-043 are already protected against this vulnerability, but all Windows 2000 users would still need to apply this latest patch.…

The patches are at Microsoft's Security and Privacy Page.
http://www.microsoft.com/security/

http://www.eweek.com/article2/0,4149,1379656,00.asp?kc=EWNWS111203DTX1K0000599

Wednesday, November 12, 2003

Mimail Can Capture Keystrokes:
"Top 10 E-Mail Viruses as Reported by MessageLabs
These are the latest threats as of Monday Nov 10, 2003 as listed by MessageLabs:
  • W32/Swen.A-mm

  • W32/Dumaru.A-mm

  • W32/Sobig.F-mm

  • W32/Klez.H-mm

  • W32/Mimail.A-mm

  • W32/Mimail.C-mm

  • W32/Mimail.E-mm

  • W32/Holar.L-mm

  • W32/Yaha.P-mm

  • W32/Yaha.E-mm

For MessageLabs's complete list of email viruses, click here."


http://www.messagelabs.com/viruseye/threats/

http://www.pcmag.com/print_article/0,3048,a=111807,00.asp
Messaging and Collaboration News, Product Reviews, Trends and Analysis:
"More IM technology is enterprise-ready, but security and other issues still loom large."

http://www.eweek.com/category2/0,4148,1237933,00.asp
154036 - How to Disable Active Content in Internet Explorer:
"This article lists troubleshooting steps to help you troubleshoot problems with active content such as ActiveX scripts, ActiveX controls, and Java programs in Internet Explorer. "

Configure Internet Explorer so that it does not run Active scripts automatically:

Configure Internet Explorer so that it does not automatically use items that show active content, such as vertical marquees or animations.

Verify that Internet Explorer's internal Java Just-In-Time (JIT) compiler is disabled:

Configure Internet Explorer so that it does not run Java programs automatically.

While most active content contained in Web pages is safe, some Web pages contain active content that can potentially cause security problems on your computer. For example, an ActiveX control that runs automatically when you load a particular Web page might damage your data or cause your computer to become infected with a virus. Internet Explorer uses safety levels for active content to help prevent this situation from occurring.…

http://support.microsoft.com/default.aspx?scid=kb;en-us;154036

Tuesday, November 11, 2003

AntiSpam: Up Close and Personal:
"A feature of Norton AntiSpam is its log of statistics. Here are my spam statistics since I began using the software on September 25, 2003, through Sunday November 9, 2003. Let's call that 44 days."

  • E-mail scanned: 14,737 messages

  • Average (over the 44 days): 335 per day

  • Sent e-mail: 781 messages

  • Valid e-mail: 6,023 messages(40.87%)

  • Mail correctly identified: 5,996 messages (99.55%)

  • >Spam: 8,714 messages (59.13%)

  • Spam correctly identified: 8,103 messages (92.99%)



The most stunning number in this list is the sheer quantity of mail I receive. Something is clearly wrong with me—I must make a note to get myself an actual life (actually, a lot of it is security mailing lists that I don't read thoroughly). Maybe this weekend.

Still, it looks like I had 27 false positives (0.45% of valid mail), and that sounds like what I remember from my use of the product. NAS counts false positives when I manually scan the Spam folder in Outlook and mark non-spam messages with the "This is not Spam" button. Conversely, when I mark a message in the Inbox with the "This is Spam" button, it gets tracked as a false negative. The difference between the "Spam" and "Spam correctly identified" results totaled 611 messages or a hair over 7 percent of spam.

Now, I'm pretty happy with the ability of the product to find spam and reaching 93 percent is pretty good. At the same time, my instincts are that the 0.45 percent figure for false positives seems like a small number.

But those 27 false positives over 43 days may be non-trivial. This figure tells me I still should check the Spam folder periodically, and even relatively often, because if I don't I'll be intimidated by the amount of mail in it.

I was also struck by the fact that the statistics page reported that the last Antispam update was released on 8/29/2003. If they can go a month and a half without an update (and yes, I do run LiveUpdate frequently), Symantec can't be following the spam business the way they follow the virus business.…

One more bit of perspective on the amount of spam I receive. It's actually a lot more than that 59 percent figure presented by Norton. Some of my e-mail accounts are already filtered at the servers. Note the difference in the handling of three addresses of mine that are filtered through FrontBridge's server-based spam filtering. In the last month, that product found 523 spam messages and only one of them was a false positive.

Perhaps the answer is to switch to Outlook 2003. The numbers showed that it had not a single false positive, although it found far less spam. Oh well, the products get better, but the decisions we have to make continue to get harder.

http://www.eweek.com/article2/0,4149,1378794,00.asp?kc=EWNWS111103DTX1K0000599
Internet Tax Ban Stops Dead in Senate:
"A push to permanently ban taxes on Internet access came to an abrupt halt in the Senate on Friday amid concern that state and local governments could lose millions in taxes from phones, music and movies that are migrating to the Internet."

State and local governments collect more than $20 billion every year on telecommunications and fear the permanent ban will wipe out a large part of that revenue. A core group of senators pressing for a permanent end to taxes on Internet access said those fears are unfounded.

"All the bill says is you cannot discriminate against electronic commerce, and not one state has come forward and given an example of how they have been hurt by their inability to discriminate against electronic commerce," said Sen. Ron Wyden, D-Ore.

An analysis by the Congressional Budget Office said the bill could hit state and local governments in three ways. About 10 states that imposed a tax on Internet access charges before the original ban, and who were permitted to keep collecting those taxes, would lose $80 million to $120 million each year.

http://www.eweek.com/article2/0,4149,1376712,00.asp
Google Unveils Web-Searching Software:
"Internet search engine Google has unveiled free software that lets people search the Web quickly—without launching a Web browser.

Google Deskbar, released Thursday, appears as a search box in the Windows toolbar. After the search words are entered, a resizable mini-viewer pops up with the results. Users can jump to the site within the mini-viewer or launch their browser."


Beyond Google's main search, the box can be set to search Google non-U.S. sites, Google News, Google Images and others. There are options to find stock quotes, movie reviews, word definitions and synonyms. Users can add custom sites to search, too.

The software, which is about 400 kilobytes, requires a PC with Windows XP or Windows 2000, at least Internet Explorer 5.5 and an Internet connection. Windows 95, 98 and ME are not supported. Google Deskbar also does not run on Macintosh or Linux computers.

http://www.eweek.com/article2/0,4149,1376294,00.asp
Carriers Unprepared for Wireless Number Portability Deadline:
"Number portability is drawing near, but because many wireless carriers aren't ready for the flood of customers looking to make the switch, experts advise waiting to change contracts."

In fact, customers should wait until at least March before trying to change carriers, according to a new study from Mobile Competency Inc., a consultancy in Providence, R.I.

The study focused on six major carriers, all of which have established WNP (wireless number portability) call centers: Verizon Wireless Inc., Sprint, Nextel Communications Inc., T-Mobile USA Inc. and Cingular Wireless Inc. Of these, only Verizon, Sprint, Nextel and Cingular have call centers designed for enterprise ports. And only Sprint and Nextel have published enterprise WNP guidelines.

The study also found that only two carriers are prepared for porting from wire line to wireless: Verizon, which stands to gain wireless business from its own wire-line customers, and Nextel, which has no wire-line business.

As of last week, none of the top six carriers had completed carrier-to-enterprise service-level agreements nor had any completed intercarrier testing with the other five carriers to make sure that porting would work smoothly. While the FCC has issued loose guidelines that say a port should take no more than 2.5 hours, there is no penalty for carriers that don't meet that time limit.

http://www.eweek.com/article2/0,4149,1376512,00.asp
Microsoft: Virtual PC Will Run Linux:
"Carla Huffman, Microsoft's product manager for the Virtual PC, told eWEEK that the software will be available by the end of the year, through Microsoft's existing retail and volume licensing channels, for an estimated retail price of $129, $100 less than the Connectix price of $229.

'We have not removed any technical features that supported other non-Microsoft operating systems. So there is no negative impact to customers to running non-Microsoft operating systems on Virtual PC,' she said.

The confusion around the product has been around official Microsoft product support services, Huffman said, adding that Microsoft is treating the use of Linux the same way it treats the use of any third-party application on a Windows operating system. "


http://www.eweek.com/article2/0,4149,1378286,00.asp
Symantec Security Response - Trojan.Androv:
"Trojan.Androv is a Trojan horse that emails system information to an address in Russia.

This Trojan has reportedly been distributed through IRC. It may be found as the file, %System%\Komunist.exe or %System%\Msuser32.exe."


Type: Trojan Horse
Infection Length: 6K

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x

http://securityresponse.symantec.com/avcenter/venc/data/trojan.androv.html
Troubleshooting Windows XP, Tweaks and Fixes for Windows XP:
"Registry Edits for Windows XP: 'Tweaks and Tips' "

How to run scheduled tasks without a password
If you're using XP Home, the easiest way to make this change is to download the VBScript file from Kelly's Korner. See line 67 at:

http://www.kellys-korner-xp.com/xp_tweaks.htm

Monday, November 10, 2003

Critical Issues:
"Security Bulletins include information about security issues provided by the Microsoft Security Notification Service. Critical Problem Alerts include non-security based issues."

http://support.microsoft.com/default.aspx?scid=FH;[LN];cpa&sd=vap&fr=0
In defense of Microsoft:
"In late September 2003, the Computer and Communications Industry Association (CCIA) in Washington issued a new report that detailed its 'findings' on the state of Internet security. The panel of experts who authored the paper agreed that the Internet security problems faced by corporations, consumers, and government users could not be solved unless these groups made a concerted effort to move away from Microsoft Windows and other Microsoft products. In their opinion, the lack of diversity in computing platforms has made it easy for virus writers and hackers to target systems based on the Windows platform."

With an estimated 90 percent of the world’s desktop PCs running on Windows and a significant share of the enterprise server market as well, Microsoft invites these attacks and, according to the report, doesn’t have the capacity to stop them. So, Mr. or Ms. CIO, is it time to dump Microsoft and move to a radically different computing platform?

Who is the CCIA?
Before you start ripping out your Windows desktops, I think it’s important to consider the source of the information. The CCIA is comprised of a group of Microsoft competitors in the enterprise server and communications market segments, including Sun, Oracle, and IBM. This is the same group that lobbied Washington politicians until it got the DOJ to take Microsoft to court for its monopolistic practices. After nine years of wrangling, what did the DOJ find? Some aggressive marketing and product development practices on Microsoft’s part. What did the taxpayers get for their money from the DOJ investigation? Nothing. What consumers got from Microsoft is exactly what CCIA members don’t want you to have—broadly accessible, affordable, enterprise technology.

Why does the CCIA fear Microsoft?
The CCIA doesn’t want Microsoft to have the same effect on server and middleware software that it did on the desktop. What frustrates me the most about CCIA's propaganda is that many of these "experts" weren’t around in the days before Windows became so popular. They never had to manually configure printer drivers for each piece of software installed on a PC or tweak network settings just to get the PC to talk to crude ARCNet or Ethernet networks. With Windows, Microsoft ushered in an era of innovation by allowing software developers to focus on their products and not have to worry about whether the infrastructure was there for it to run on. The increase in PC sales also drove down the price and led to even more advancements in desktop software development.

Microsoft may not be the most innovative company in the world, but it recognized early on that innovation that languished in a lab was worthless. Innovation needed a standard desktop OS where everyone could take advantage of it and flourish. And here’s the ultimate irony: Even the most die-hard Linux supporters will have to admit that without Microsoft driving down the overall cost of the computing platform, they would not have an inexpensive platform on which to drive Linux. But it’s that same economic equation that has the CCIA worried.

Server software
The CCIA is afraid that Microsoft would do to them what its distribution engine did to Apple, Digital Research (remember Gem?), and others on the desktop. The Microsoft modus operandi is pretty simple and predictable: provide software that's aggressively priced and performs acceptably for the 80 percent of the market that finds the performance available with current microprocessor technology. With Windows 2000, Windows 2003, and enterprise products like SQL Server 2000, the assault on the server has already begun.…

Don't get the CCIA "virus"
Clearly, Microsoft needs to continue with its efforts to make the Windows platform less vulnerable to virus attacks. But companies also have to be willing to pay to defend their assets. First, they have to realize that products like Windows 95, Windows 98, and even Windows NT were designed for a moderately connected world. When a company refuses to either provide adequate protection at the firewall or upgrade to a modern, defensible operating system, they’re getting what they deserve. Current Microsoft operating systems like Windows 2000, Windows 2003, and Windows XP can be updated automatically—even using a corporate approval and scheduling process—if configured properly.

http://www.ccianet.org/press/03/0924.pdf

http://www.ccianet.org/index.php3

http://techrepublic.com.com/5102-6296-5088222.html

Sunday, November 09, 2003

the information hiding homepage -- digital watermarking & steganography :
"Until recently, information hiding techniques received very much less attention from the research community and from industry than cryptography, but this has changed rapidly over the last decade."

The first academic conference on the subject was organised in 1996. It was followed by several other conferences focussing on information hiding as well as watermarking. The fifth international workshop on information hiding was held in Noordwijkerhout (pronounce node-why-cur-how-t) in October 2002.

The main driving force is concern over protecting copyright; as audio, video and other works become available in digital form, it may be that the ease with which perfect copies can be made will lead to large-scale unauthorised copying which will undermine the music, film, book and software publishing industries. There has therefore been significant recent research into ‘watermarking’ (hidden copyright messages) and ‘fingerprinting’ (hidden serial numbers or a set of characteristics that tend to distinguish an object from other similar objects); the idea is that the latter can be used to detect copyright violators and the former to prosecute them.

But there are many other other applications of increasing interest to both the academic and business communities, including anonymous communications, covert channels in computer systems, detection of hidden information, steganography, etc.

http://www.petitcolas.net/fabien/steganography/index.html
Why Am I Getting All This Spam?:
"Every day, millions of people receive dozens of unsolicited commercial e-mails (UCE), known popularly as 'spam.' Some users see spam as a minor annoyance, while others are so overwhelmed with spam that they are forced to switch e-mail addresses. This has led many Internet users to wonder: How did these people get my e-mail address? "

In the summer of 2002, CDT embarked on a project to attempt to determine the source of spam. To do so, we set up hundreds of different e-mail addresses, used them for a single purpose, and then waited six months to see what kind of mail those addresses were receiving. It should come as no surprise to most e-mail users that many of the addresses CDT created for this study attracted spam, but it is very interesting to see the different ways that e-mail addresses attracted spam -- and the different volumes -- depending on where the e-mail addresses were used.

The results offer Internet users insights about what online behavior results in the most spam. The results also debunk some of the myths about spam.

Major Findings
  • Our analysis indicated that e-mail addresses posted on Web sites or in newsgroups attract the most spam.
    • Web Sites - CDT received the most e-mails when an address was placed visibly on a public Web site. Spammers use software harvesting programs such as robots or spiders to record e-mail addresses listed on Web sites, including both personal Web pages and institutional (corporate or non-profit) Web pages.
    • CDT tested two methods of obstructing address harvesting:

      • Replacing characters in an e-mail address with human-readable equivalents, e.g. "example@domain.com" was written "example at domain dot com;" and
      • Replacing characters in an e-mail address with HTML equivalents.
        E-mail addresses posted to Web sites using these conventions did not receive any spam.


    • USENET newsgroups -- Newsgroups can expose to spammers the e-mail address of every person who posts to the newsgroup. Newsgroup postings, on average, generated less spam than posting an e-mail address on a high-traffic web site. In our study, we discovered that most newsgroup-related spam is sent to the address in the message header, even if other e-mail addresses are included in the text of the posting.

  • For the most part, companies that offered users a choice about receiving commercial e-mails respected that choice. Most of the major Web sites to which we provided e-mail addresses respected the privacy choices we made -- when a choice was made available to us.
  • Some spam is generated through attacks on mail servers, methods that don't rely on the collection of e-mail addresses at all. In "brute force" attacks and "dictionary" attacks, spam programs send spam to every possible combination of letters at a domain, or to common names and words. While these attacks can be blocked, some spam is likely to get through. In many cases, spam generated by these attacks will be directed to shorter e-mail address (like bob@domain.com) before it is directed to longer addresses (like bobwilliams@domain.com).


http://www.cdt.org/speech/spam/030319spamreport.shtml
Bruce Eckel's MindView, Inc: Free Electronic Book: Thinking in Java, 3rd Edition:
"Free Electronic Book: Thinking in Java, 3rd Edition"

This highly acclaimed online book is intended to provide a thorough introduction to the Java programming language. Spanning sixteen chapters plus appendices, Thinking in Java should be sufficient for all but the most advanced or obscure topics. The book covers the basics of objects, coding style, error handling, the Java input/output system, creating graphical user interfaces, and much more. The full text can be downloaded as a compressed file with additional source code to be used as examples and experimented with. Other electronic books written by the same author are also available on this site and cover C++, Python, and more. [CL]

From The NSDL Scout Report for Math, Engineering, & Technology, Copyright Internet Scout Project 1994-2003. http://www.scout.wisc.edu/

http://www.mindview.net/Books/TIJ/
Miscellaneous Mathematical Utilities:
"This page contains links to several mathematical utilities. More will be added as I write them. The algorithms underlying these utilities come from the BLAS, EISPACK, and LINPACK collection of subprograms, written by some of the brightest mathematicians and computer scientists (I have cited sources when I found them). Those subprograms incorporate excellent basic algorithms and programming techniques to optimize the routines for speed and accuracy. "

Because these utilities are written in Javascript, make sure Javascript is enabled in your Internet browser.

http://www.akiti.ca/Mathfxns.html
Honeypot - Frequently Asked Questions:
"The purpose of this page is to answer the most commonly asked questions concerning honeypot technologies, including what is a honeypot, what's its value, how do they work, and what are the different types. Most of this information was obtained from the honeypot mailling list"

What is a honeypot?
A honeypot is a security resource who's value lies in being probed, attacked, or compromised. Unlike firewalls or IDS sensors, honeypots are something you want the bad guys to interact with. To learn more about what honeypots are all about, you may want to start with the paper Honeypots: Definitions and Values.

How do honeypots work?
Conceptually, honeypots are very simple. They are a resource that has no production value, it has no authorized activity. Whenever there is any interaction with a honeypot, this is most likely malicious activity.

What is the value of a honeypot, what can it do for me?
Honeypots are unique, they don't solve a specific problem. Instead, they are a highly flexible tool with many different applications to security. It all depends on what you want to achieve. Some honeypots can be used to help prevent attacks, others can be used to detect attacks, while other honeypots can be used for information gathering and research.

What are the advantages of a honeypot?
Honeypots have several powerful advantages. They include:

Small data sets: Honeypots collect small amount of data, but almost all of this data is real attakcs or unauthorized activity. Instead of dealing with 5,000 alerts and 10GB of logs every day, you may only get 30 alerts with your honeypots and 1MB of logs every day. Since honeypots collect only malicious activity, it makes it much easier to analyze and react to the information they collect.

Reduced false positives: With most detection technologies (such as IDS sensors) a large percentage of your alerts are false warnings, making it very difficult to figure out what is a real attack. With honepyots, almost everything you detect or capture is an attack or unauthozied activity, vastly reducing false positives.

False negatives: Unlike most technologies, its very easy for honeypots to detect and records attacks or behavior never seen before in the wild.

Cost effective: Honeypots only interact with malicious activity, you do not need high preformance resources. Most honeypots can easily run on an old Pentium computer with 128 MB of Ram.

Simplicty: Honeypots are very simple, there are no advance algorithims to develop, nor any rulebases to maintaing.

http://www.tracking-hackers.com/misc/faq.html