Saturday, March 05, 2005

Display Local Weather Forecasts
with the NOAA's Web Service

By Scott Mitchell
“In December 2004 the National Oceanic and Atmosphere Administration (NOAA) unveiled a Web service for accessing weather forecasts for locations within the United States. The Web service provides two methods:
  • NDFDgen(latitude, longitude, detailLevel, startTime, endTime, weatherParametersToReturn) - returns a range of weather information for a particular latitude and longitude between a start and end time. The weatherParametersToReturn input parameter dictates what weather information should be returned, such as: maximum temperature, minimum temperature, three hour temperature, snowfall amount, wind speed, and so on.
  • NDFDgenByDay(latitude, longitude, hourlyFormat, startDate, numberOfDays) - returns 12-hour or 24-hour weather information for a particular latitude/longitude starting from a certain date and extending a specified number of dates into the future.
Assuming the latitude and longitude are in the NOAA's database, the Web service returns an XML document that contains a variety of weather information for the dates specified, based on the parameters passed into the Web service. (For more detailed information on the NOAA's Web service, refer to http://www.nws.noaa.gov/forecasts/xml/.)

When reading up on this new Web service, I stumbled across Mikhail Arkhipov's blog entry titled Weather Forecast ASP.NET User Control, which provides a User Control written in C# for displaying the seven-day forecast for a particular latitude and longitude. While Mikhail's User Control definitely fit the bill for a simple forecast display in a C# Web application, I was tempted to provide similar functionality in a custom, compiled server control, which would allow the weather forecasts to be displayed in VB.NET Web applications as well. Additionally, I wanted to add some additional customization not found in Mikhail's solution.

The remainder of this article examines my custom control, MultiDayForecast

http://aspnet.4guysfromrolla.com/articles/030205-1.aspx

Posted by at No comments:

Friday, March 04, 2005

Reusable Dakota Camera Can Be a Hacker's Bargain

“Do you think basic digital camera features should be more affordable? So do I. Start with a trip to your local Ritz Camera or discount store and pick up a $20 reusable Dakota digital camera. You're supposed to buy a Dakota, use it, and then return it to the store to get your images printed. But with a few hacks, you can get the pictures out yourself.

John Maushammer has the Dakota well documented at his Web site http://www.maushammer.com/systems/dakotadigital/DakotaDigital.html, with details on how to hack a USB connection onto the camera http://www.maushammer.com/systems/dakotadigital/usb-cable.html. Once you can get pictures off the Dakota, click here http://www.balerdi.com.ar/dakota/ for instructions on removing the camera's built-in software limit of 25 pictures.”

http://www.pcworld.com/howto/article/0,aid,119267,pg,6,00.asp
Posted by at No comments:

Strategies of Computer Worms

“Advances in programming have brought many conveniences to our
lives, but they have also given cyber-criminals increasingly
sophisticated ways to commit crimes. This chapter describes the nature
and evolution of the computer worm, from simple beginning to modern
Bluetooth travelling cellphone worms.”

http://www.informit.com/articles/article.asp?p=366891

Posted by at No comments:

Wednesday, March 02, 2005

identity theft made even easier

Alarm over pharming attacks:
By Robert Vamosi
“Hopefully, we've all become wise to phishing attacks, so named because they cast the bait (via e-mail) and if you bite, they can lure your personal information out of you. These scams are now fairly recognizable and usually arrive as a note from a bank asking you to go to its site (link provided, of course) to reenter your most personal information. The fact that a bank wouldn't really need your mother's maiden name might tip you off. Most likely, though, you spot the misspellings in this bogus e-mail, or you're otherwise savvy to the identity theft scam and immediately trash these messages unread.

So what if I told you phishing is just kid stuff compared to what's coming next?

Pharming is simply a new name for a relatively old concept: domain spoofing. Rather than spamming you with e-mail requests, pharmers work quietly in the background, "poisoning" your local DNS server by redirecting your Web request somewhere else. As far as your browser's concerned, you're connected to the right site. The danger here is that you no longer have to click an e-mail link to hand over your personal information to identity thieves.

To understand pharming, you need a little background on DNS. Throughout the Internet, a series of domain name servers (DNS) quietly resolve the familiar addresses you type into specific Internet addresses. These servers are basically large directories of common names such as Amazon, Google, and Microsoft, and IP-specific addresses that you never see. For example, if you type www.cnet.com, this request goes to your nearest DNS server, which then locates the registered Internet address for the Web server at CNET Networks. It's much more convenient than always remembering 222.123.0.0 or something similar.

However, this translation is also a weak link in the Internet's infrastructure. With every Internet request first bouncing off a DNS server somewhere on the planet, criminal hackers realized (some time ago) that rather than flooding a specific domain and effectively hiding it from the rest of the world (in what's known as a denial-of-service attack), they can either change the DNS record or take down the DNS system all together.

DNS poisoning is a whole different kettle of fish (so to speak), and much more subtle than what I just described. When a cracker poisons a DNS server, he or she changes the specific record for a domain, sending you to a Web site very different from the one you intended to access--without your knowledge. Usually, the cracker does this by posing as an official who has the authority to change the destination of a domain name. DNS poisoning is also possible via software vulnerability, however. A white paper by Joe Stewart from the security company Lurhq and published on SecurityFocus offers more about DNS poisoning, including its history.

In January of 2005, someone fraudulently changed the DNS address for the domain panix.com, a New York State Internet service provider. Ownership of the company was changed from New York to Australia. Requests to reach the panix.com server were redirected to the United Kingdom, and e-mail was redirected to Canada. State and federal authorities are currently investing this case.

Prior to that, in September 2004, a teenager in Germany managed to hijack the domain for eBay.de. I could go on. Other attacks have targeted Amazon.com and Google.com. There were no immediate reports of identity theft resulting from these specific events.

http://reviews.cnet.com/4520-3513_7-5670780-1.html?tag=nl.e501

Posted by at No comments:

Tuesday, March 01, 2005

Google Toolbar's AutoLink

& The Need For Opt-Out

“AutoLink is new feature in the new third version of Google's popular Google Toolbar that's raised controversy since it was released last week. Why are publishers upset? Can they block the feature that adds links to their web pages? Who rules over content, users or publishers? Why do I think Google should give publishers an opt-out for the feature. That, and other issues, we'll explore in this article. It's a long one, so the links below will let you jump to particular sections, if you prefer.

Google's new Beta Toolbar includes a feature called 'AutoLink'. The toolbar scans through the current Web page and links any addresses or ISBN numbers to Google's services. This script will stop the toolbar from placing a link in the Web page.
The JavaScript Source: Miscellaneous: AutoBlink http://javascript.internet.com/miscellaneous/autoblink.html

http://blog.searchenginewatch.com/blog/050225-104317
Posted by at No comments:
Subscribe to: Posts (Atom)