Friday, May 28, 2004

Security Watch Letter: Dangerous Bobax Worm Hits System Files

Security Watch Letter: Dangerous Bobax Worm Hits System Files:
"Since Sasser opened the door, we've seen over a half a dozen new names, and several versions of each-- Cycle, Gaobot, Bobax, Korgo, Kibuv, and Sdbot. Gaobot and Wallon worms also attempt to exploit Windows vulnerabilities from earlier security bulletins. However, the most prolific threats are still the e-mail viruses Netsky.P, Bagel.X, and Dumaru. Sasser.B is also still at the top of the active infector lists, even though Microsoft reports that the number downloads of the MS04-011 update (which could block a Sasser infection) is four times the amount of previous ones. If you haven't updated and haven't gotten Sasser, you're lucky. Update now."

Our top threat of the week is the Bobax.D worm. The fourth in the family, Bobaxuses the same LSASS vulnerability that the Sasser family did. It hasn't had a Sasser-sized impact, but it has the potential (if Sasser doesn't infect the un-patched systems first). Bobax is a little more dangerous than Sasser, as it deletes and changes system files, and sets up an open e-mail relay to send spam from a victim's machine. It even checks the speed of the victim's connection, presumably to cherry-pick the best spam-sending systems.

http://www.pcmag.com/article2/0,1759,1600125,00.asp

Borland to make software development kits available for .Net services, designed by eBay and PayPal, to Delphi developers

Borland to distribute tool kits for eBay, PayPal - News - ZDNet:
"Borland Software will provide developers access to development tools for creating Web services applications for eBay and PayPal.

Through a joint distribution agreement announced Wednesday, Borland will make software development kits designed by eBay and PayPal available to Delphi developers for creating .Net services. These applications will allow developers to access the eBay marketplace and PayPal's online payment services, the companies said.

eBay and PayPal had enhanced their Web services offerings to attract enterprise customers and Web services developers earlier this year. Thousands of developers have already created customized applications using these tools. Web services technology allows developers to more easily link computers, software and networks through standard interfaces."

http://zdnet.com.com/2100-1104_2-5220867.html

CSS & Design Tips from Builder.Com

CSS & Design Dev Tips - Dev Tips Library:
"CSS & Design Dev Tips"

http://builder.com.com/1200-6388-5220010.html?tag=e601

Thursday, May 27, 2004

A patch issued by Apple Computer last week failed to fix the underlying problem

Mac OS fix fails to plug security hole - News - ZDNet:
"A security hole still threatens Mac OS X users after a patch issued by Apple Computer last week failed to fix the underlying problem, security experts said on Tuesday.

The security issue could allow an attacker to transfer and then run a malicious program on a Mac, if the Mac's user can be enticed to go to a fake Web page on which the program has been placed. "

http://zdnet.com.com/2100-1105_2-5220285.html

Microsoft will now guarantee a minimum of 10 years of support

Microsoft pledges longer support for products - News - ZDNet:
"Speaking at TechEd, the software giant's annual conference for information technology administrators, Andy Lees, vice president of the company's server and tools business, said Microsoft will now guarantee a minimum of 10 years of support for all business and developer products.

Microsoft currently cuts off its most basic level of support after eight years. The company has been widely criticized for dropping support for older products that are still widely used, including versions of the Windows operating system. "

Lees said the new policy would provide more reliability for corporate customers. "From the time of shipment, you can guarantee a much more predictable level of support," he said.

http://zdnet.com.com/2100-1104_2-5220041.html

Wednesday, May 26, 2004

Ulead Launches Partnership with Neptune.com with VideoStudio 8 Summertime Video Editing Contest

Summertime Video Editing Contest:
"With Ulead's recent launch of VideoStudio 8, its flagship consumer video editing software, Ulead partnered with Neptune to incorporate an upload feature that lets users immediately post edited movies to a personal Neptune.com Mediashare site for instant playback. To complement the launch of VideoStudio 8, Ulead and Neptune has announced the VideoStudio 8 'Summertime Video Editing Contest' where VideoStudio 8 users and trial users are invited to upload their best movies to their Mediashare account (http://ulead.neptune.com). Ulead and Neptune will continue to collaborate in developing integrated products, hosting digital media contests, and joint marketing activities.

Winners of the VideoStudio 8 'Summertime Video Contest' can receive thousands of dollars in prizes. First place will receive a Special Edition NVIDIA Editing System; second place a Pioneer DVR-A07XL 8X speed DVD recordner with Ulead DVD Workshop 2, Ulead's EMedia Editor's Choice-winning DVD authoring software; and third place an Audio-Technica Pro Microphone Set (3 and 1) designed for camcorders. In addition to these prizes, each winner along with nine honorable mentions will receive three subscriptions to Neptune.com MediaShare with 1GB each of storage."

http://www.emedialive.com/Newsletters/EMediaXtra.aspx?NewsletterID=162#1

Dual-Layer DVD Burner Reviewed

Sony DRU-700A Dual-Layer DVD Burner:
"DVD burners have dropped rapidly in price over the past twelve months, while performance has steadily increased. Such is the march of technology, and having the capability to burn DVDs has been a boon for amateur videographers. But one fly has remained in the ointment: dual layer DVDs. Until recently, all DVD recordable drives on the market could only burn to a single layer disc, which limits capacity to 4.7GB.

Last fall, the DVD RW Alliance finalized its spec for DVD R DL. The 'DL' stands for 'dual layer.' Currently, only DVD R DL support is available, but dual layer DVD-R drives will likely appear later in the year."

http://www.extremetech.com/article2/0,1558,1594142,00.asp

Tuesday, May 25, 2004

Server Side Coding with PHP & MySQL

PHP & MySQL Tutorials:
"Server Side Coding : PHP & MySQL Tutorials"

http://www.sitepoint.com/subcat/php-tutorials

PHP and PEAR, Instant XML with PHP and PEAR::XML_Serializer

Instant XML with PHP and PEAR::XML_Serializer:
"These days, XML has become part of landscape in most all areas of software development -- none more so than on the Web. Those using common XML applications, such as RSS and XML-RPC, will probably find public domain libraries geared specifically to help them work with the formats, eliminating the need for wheel re-invention."

But for "ad-hoc" XML documents, you may be on your own, and you may well wind up spending valuable time building code to parse it. You may also find yourself needing to expose data as XML, in order to make it available to some other system or application, and while XML, in the end, is just text, generating a document that obeys XML's rules for well-formedness can be trickier than it seems. Enter: PEAR::XML_Serializer, the "Swiss Army Knife" for XML

http://www.sitepoint.com/article/1336

Caller ID for E-Mail: The Next Step to Deterring Spam

Caller ID for E-Mail Technical Specification:
"'Caller ID for E-Mail: The Next Step to Deterring Spam' is the Microsoft draft specification to address the widespread problem of domain spoofing. Domain spoofing refers specifically to the use of someone else's domain name when sending a message, and is part of the larger spoofing problem, the practice of forging the sender's address on e-mail messages.

Caller ID for e-mail would verify that each e-mail message originates from the Internet domain it claims to come from. Eliminating domain spoofing will help legitimate senders protect their domain names and reputations, and help recipients more effectively identify and filter junk e-mail."

http://www.microsoft.com/mscorp/twc/privacy/spam_callerid.mspx

Spam now 83 percent of messages in the United States

Spam now two thirds of all e-mail - News - ZDNet:
"There is no sign of relief for companies already overwhelmed by the sheer volume of unsolicited and unwanted e-mail messages clogging their mail systems. E-mail security firm MessageLabs' filtering statistics for April, which were published on Monday, show that 67.6 percent of all global e-mail traffic is spam.

MessageLabs said it scanned 840 million e-mail messages in April and found that 97 percent of spam is aimed at five countries: the United States, the U.K., Germany, Australia and Hong Kong. The United States has the worst problem, with 83 percent of messages being classified as spam, while in the U.K. that figure stands at 53 percent. "

http://zdnet.com.com/2100-1105-5219078.html

Monday, May 24, 2004

Has your PC made you a spammer?

Is your PC spewing spam?:
"Putting a price on a viral network

But wait, it gets worse. Once upon a time, the only way spam operators spread their junk mail was by opening an e-mail account, queuing up a few thousand e-mail messages, then moving on. But Internet service providers got savvy to this practice, and now they look for abnormal spikes in outbound mail traffic, then immediately block or shut down spam-sending accounts.

So the spammers had to get even savvier. With last summer's Sobig virus, it became clear that someone was building viral networks to relay spam messages.

By using open proxies on virus-compromised Windows computers, a spam operator, who may be on some ISP's block list, sends direct marketing e-mail via someone else's compromised PC. Doesn't matter if the infected PC's ISP shuts them down; there are thousands of other PCs relaying the same spam. Viruses are moving targets, so as one system is disinfected or blocked, another system becomes infected."

To illustrate that point, the Sobig virus self-terminated every two weeks or so, allowing the virus writer to sell his or her list of currently infected PCs, then, after the virus expired, author another version, infecting different PCs, and sell that list at a later date. As individual PCs on a given virus network keep changing, the effort to identify and stop spam operators gets much harder.

Yet this open proxy method isn't perfect. To work, the spam operator still contacts each and every infected PC in the virus network. This requires bandwidth, almost as much as if the operator were using a single account to send the spam.

The self-contained spam factory method
Enter the Bobax worm. Security company Lurhq describes Bobax as a self-propagating Trojan horse and a self-contained spam factory. The worm carries with it a template and a list of e-mail addresses, so it's able to create spam on the fly.

This evolution suggests that the virus writers and the spam operators are working closely. No longer is a rogue virus writer selling his or her networks of infected computers created by off-the-shelf viruses and worms to spammers. Now, the spammers are ordering up custom-designed viruses and worms. Perhaps the virus writers are employees, working solely for the spam operators.

http://reviews-zdnet.com.com/AnchorDesk/4520-7297_16-5136207.html?tag=adss

Sunday, May 23, 2004

Paper Trails for Electronic Votes

Demand Grows to Require Paper Trails for Electronic Votes:
"A coalition of computer scientists, voter groups and state officials, led by California's secretary of state, Kevin Shelley, is trying to force the makers of electronic voting machines to equip those machines with voter-verifiable paper trails.

Following the problems of the 2000 election in Florida, a number of states and hundreds of counties rushed to dump their punch card ballot systems and to buy the electronic touch screens. Election Data Services, a consulting firm that specializes in election administration, estimates that this November 50 million Americans - about 29 percent of the electorate - may be voting on touch screens, up from 12 percent in 2000.

But in the last year election analysts have documented so many malfunctions, including the disappearance of names from the ballot, and computer experts have shown that the machines are so vulnerable to hackers, that critics have organized to counter the rush toward touch screens with a move to require paper trails."

Paper trails - ballot receipts - would let voters verify that they had cast their votes as they intended and let election officials conduct recounts in close races.

Not everyone agrees that paper trails are necessary, or even advisable. Numerous local election officials - the ones who actually conduct elections - argue that paper trails could create worse problems than the perceived ones that they are intended to cure. They warn of paper jams, voter confusion and delays in the voting booth while voters read their receipts.

There are no national standards to help resolve the disputes. The federal commission that Congress created after 2000 to guide states is behind schedule, and the research body that was supposed to set standards for November 2004 has not even been appointed. So states, prompted by voter organizations, are taking matters into their own hands.

Nevada, which is using touch screens in all its voting precincts this November, has become the first state to require the manufacturer to attach printers in time for Election Day.

http://www.nytimes.com/2004/05/23/politics/campaign/23vote.html?pagewanted=all&position=