Why you must install a firewall NOW
If you haven't already installed a personal firewall on your Windows computer, consider this your last warning.
MSBlast, the recent worm that exploited the buffer overflow in Windows's DCOM RPC protocol, wasn't the sort of e-mail-borne pest that antivirus software is good at catching. Instead, it infiltrated computers directly through their Internet connections.
Although installing the latest Microsoft patches should prevent infections from this sort of worm, a simple software firewall will do the trick, too, whether or not you have antivirus software installed.
I MENTION THIS because Microsoft announced last week another critical flaw affecting DCOM RPC, and released a new patch to fix it that supercedes the previous patch for this protocol. While there are still no public exploits that take advantage of this flaw (exploits are often precursors to major worms), the clock is ticking. History has shown that worms are usually released within 30 days of a major vulnerability announcement.
In July, for example, Microsoft reported and patched a buffer overflow vulnerability in RPC based on the work of the Last Stage of Delirium Research Group. The MSBlast worm, which capitalized on this vulnerability, appeared on Aug. 12.
Last Wednesday, based on additional research by the companies eEye Digital Security, NSFOCUS, and Tenable Network Security, Microsoft reported two more buffer overflows and one denial-of-service vulnerability within its RPC protocol. The fact that it is similar to the first flaw could mean a shorter timeline to the next major RPC worm.
The Remote Procedure Call (RPC) is a protocol used by the Windows operating system. It's based on an RPC protocol from the Open Software Foundation, but it's the Microsoft-specific parts that are afflicted with vulnerabilities. The Distributed Component Model (DCOM), previously called Network Object Linking and Embedding (OLE), is a service that allows software on one computer to communicate directly with software on other computers over a network. In short, DCOM RPC in Windows allows a program on one machine to run code on another machine. To do so, a Windows computer must first listen on a dedicated port, usually 135.
…RPC, like other services that use DCOM, is turned on by default for all Windows versions, whether or not you are working on a network. Also, when your system's connected to the Internet, DCOM makes Windows automatically listen on port 135 (and others) for remote signals. This means a hacker need only construct a special message and aim it at port 135 on your Windows computer to cause a buffer overflow error. The buffer overflow, in turn, could replace part of a program's original code with new code.
That's how a hacker could use this flaw to take over your computer remotely. Upon seizing control of your computer, a hacker could then reformat the hard drive, use the computer to damage other computers, or steal personal data. (Note that this description makes it sound easier than it truly is to execute.)
http://www.zdnet.com/anchordesk/stories/story/0,10738,2914667,00.html
Monday, September 15, 2003
JavaScript tips & how-tos
You'll find details and tips on writing cross-platform code, debugging,
using reusable components, and much more.
http://builder.cnet.com/webbuilding/0-7264.html?tag=dir
You'll find details and tips on writing cross-platform code, debugging,
using reusable components, and much more.
http://builder.cnet.com/webbuilding/0-7264.html?tag=dir
Sunday, September 14, 2003
Internet Scout Project > NSDL Scout Reports > Math, Engineering, and Technology >Topic In Depth >Voice over Internet Protocol
Voice over Internet protocol (VoIP) is a technology that integrates voice services, such as those provided by long distance telephone carriers, into data networks. VoIP has received considerable attention in recent years since it blurs the line between telecommunications and Internet. Among other things, it has the potential for enabling virtually free person-to-person communication for anyone with an Internet connection.
Copyright 1994-2003 Internet Scout Project - http://scout.wisc.edu
http://scout.wisc.edu/Reports/NSDL/MET/2003/met-030912-topicindepth.php
Voice over Internet protocol (VoIP) is a technology that integrates voice services, such as those provided by long distance telephone carriers, into data networks. VoIP has received considerable attention in recent years since it blurs the line between telecommunications and Internet. Among other things, it has the potential for enabling virtually free person-to-person communication for anyone with an Internet connection.
Copyright 1994-2003 Internet Scout Project - http://scout.wisc.edu
http://scout.wisc.edu/Reports/NSDL/MET/2003/met-030912-topicindepth.php
Saturday, September 13, 2003
Special Reports > Securing Windows
Securing Windows against worms and viruses
http://www.eweek.com/category2/0,4148,1252525,00.asp
Securing Windows against worms and viruses
http://www.eweek.com/category2/0,4148,1252525,00.asp
Friday, September 12, 2003
New Worm Headed Our Way?
Administrators and security specialists hoping for a breather now that Blaster has faded and SoBig.F has expired may be in for a long weekend.
The nature of the new vulnerabilities revealed yesterday in the RPC DCOM implementation in Windows is so similar to the one that Blaster exploits that security experts believe it's only a matter of days, if not hours, before someone releases a worm to attack the new weaknesses. Even though it infected close to a million machines, experts say the Blaster worm was poorly coded and as a result did not do nearly the damage that a more efficient worm could have done. Blaster easily could be modified to work much better, and because the source code for the worm is readily available online, it's likely that someone is already at work on that task.
"It all adds up to a situation where we'll probably see a worm in the next 24 hours or so," said Jerry Brady, chief technology officer at managed security provider Guardent Inc., based in Waltham, Mass. "This could be worse. It wouldn't take very much—just some very minor changes to the way the RPC connections work or the duration of the connections."
Like the vulnerability that Blaster exploits, two of the three new flaws reported in the RPC DCOM implementation in Windows are buffer overruns that could enable an attacker to run arbitrary code on a vulnerable machine. The flaws affect Windows NT 4.0, 2000, XP and Windows Server 2003.
Although the vulnerability itself isn't found in other operating systems, Brady said that some of Guardent's customers had Blaster-related problems on non-Windows systems. Some of the customers' problems stemmed from the fact that Unix-based management systems have a hard time handling the volume of RPC requests that were being generated by infected PCs.
"Some of these systems were seeing 15 to 22 times the normal number of connection attempts, which doesn't sound like that much but it's still out of bounds for these workstations," Brady said.
Another issue causing concern in the security community is the fact that many of the control systems for utilities such as water plants and nuclear power plants use RPC to link their supervisory control and data acquisition (SCADA) systems to their Internet-connected networks. SCADA systems comprise central controllers and sensors and are used to remotely control complex systems such as power grids and water treatment facilities.
There have been some reports that Blaster played some role in causing the large blackout last month that affected much of the Northeast United States and parts of the Midwest. Brady said he fears that an improved RPC worm could produce far worse results.
Three New Critical RPC Flaws Found http://www.eweek.com/article2/0,4149,1261390,00.asp
http://www.eweek.com/article2/0,4149,1264676,00.asp
Administrators and security specialists hoping for a breather now that Blaster has faded and SoBig.F has expired may be in for a long weekend.
The nature of the new vulnerabilities revealed yesterday in the RPC DCOM implementation in Windows is so similar to the one that Blaster exploits that security experts believe it's only a matter of days, if not hours, before someone releases a worm to attack the new weaknesses. Even though it infected close to a million machines, experts say the Blaster worm was poorly coded and as a result did not do nearly the damage that a more efficient worm could have done. Blaster easily could be modified to work much better, and because the source code for the worm is readily available online, it's likely that someone is already at work on that task.
"It all adds up to a situation where we'll probably see a worm in the next 24 hours or so," said Jerry Brady, chief technology officer at managed security provider Guardent Inc., based in Waltham, Mass. "This could be worse. It wouldn't take very much—just some very minor changes to the way the RPC connections work or the duration of the connections."
Like the vulnerability that Blaster exploits, two of the three new flaws reported in the RPC DCOM implementation in Windows are buffer overruns that could enable an attacker to run arbitrary code on a vulnerable machine. The flaws affect Windows NT 4.0, 2000, XP and Windows Server 2003.
Although the vulnerability itself isn't found in other operating systems, Brady said that some of Guardent's customers had Blaster-related problems on non-Windows systems. Some of the customers' problems stemmed from the fact that Unix-based management systems have a hard time handling the volume of RPC requests that were being generated by infected PCs.
"Some of these systems were seeing 15 to 22 times the normal number of connection attempts, which doesn't sound like that much but it's still out of bounds for these workstations," Brady said.
Another issue causing concern in the security community is the fact that many of the control systems for utilities such as water plants and nuclear power plants use RPC to link their supervisory control and data acquisition (SCADA) systems to their Internet-connected networks. SCADA systems comprise central controllers and sensors and are used to remotely control complex systems such as power grids and water treatment facilities.
There have been some reports that Blaster played some role in causing the large blackout last month that affected much of the Northeast United States and parts of the Midwest. Brady said he fears that an improved RPC worm could produce far worse results.
Three New Critical RPC Flaws Found http://www.eweek.com/article2/0,4149,1261390,00.asp
http://www.eweek.com/article2/0,4149,1264676,00.asp
Thursday, September 11, 2003
Product Security Notification
To subscribe to the Microsoft Security Notification Service, please visit the Microsoft Profile Center at http://register.microsoft.com/regsys/pic.asp
To unsubscribe to the Microsoft Security Notification Service, please visit the Microsoft Profile Center at http://register.microsoft.com/regsys/pic.asp
This is a free e-mail notification service that Microsoft uses to send information to subscribers about the security of Microsoft products.
The goal of this service is to provide accurate information to our customers that they can use to inform and protect themselves from malicious attacks. Our security team investigates issues reported directly to Microsoft, as well as issues discussed in certain popular security newsgroups. When we publish bulletins, they'll contain information on what the issue is, what products it affects-if any, how to protect yourself against, what we plan to do to fix the problem, and links to other sources of information on the issue.
This service supplements our existing security reporting procedures. You can continue to read security bulletins and other information about Microsoft product security on http://www.microsoft.com/technet/security.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/notify.asp
To subscribe to the Microsoft Security Notification Service, please visit the Microsoft Profile Center at http://register.microsoft.com/regsys/pic.asp
To unsubscribe to the Microsoft Security Notification Service, please visit the Microsoft Profile Center at http://register.microsoft.com/regsys/pic.asp
This is a free e-mail notification service that Microsoft uses to send information to subscribers about the security of Microsoft products.
The goal of this service is to provide accurate information to our customers that they can use to inform and protect themselves from malicious attacks. Our security team investigates issues reported directly to Microsoft, as well as issues discussed in certain popular security newsgroups. When we publish bulletins, they'll contain information on what the issue is, what products it affects-if any, how to protect yourself against, what we plan to do to fix the problem, and links to other sources of information on the issue.
This service supplements our existing security reporting procedures. You can continue to read security bulletins and other information about Microsoft product security on http://www.microsoft.com/technet/security.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/notify.asp
Microsoft Security Bulletin MS03-039
Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)
Originally posted: September 10, 2003
Summary
Who should read this bulletin: Users running Microsoft ® Windows ®
Impact of vulnerability: Three new vulnerabilities, the most serious of which could enable an attacker to run arbitrary code on a user’s system.
Maximum Severity Rating: Critical
Recommendation: System administrators should apply the security patch immediately
End User Bulletin:
An end user version of this bulletin is available at:
http://www.microsoft.com/security/security_bulletins/ms03-039.asp.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-039.asp
Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)
Originally posted: September 10, 2003
Summary
Who should read this bulletin: Users running Microsoft ® Windows ®
Impact of vulnerability: Three new vulnerabilities, the most serious of which could enable an attacker to run arbitrary code on a user’s system.
Maximum Severity Rating: Critical
Recommendation: System administrators should apply the security patch immediately
End User Bulletin:
An end user version of this bulletin is available at:
http://www.microsoft.com/security/security_bulletins/ms03-039.asp.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-039.asp
PC Client Helps Those Desperately Seeking WiFi
WiNc works with almost all WiFi hardware and provides a simple way to find, save, link up to, and manage personal WiFi connections. Even better, Cirond has developed a smaller version for PocketPC, so mobile users can enjoy WiNc's capabilities as well.
How It Works
The interface looks roughly the same on both platforms. It provides three tabs to help you locate, select, and connect to wireless networks. The Connection Management tab is where you identify and select wireless networks. By default, the software scans for new networks every 10 seconds, but you can reduce the frequency to every 2 minutes. The software sorts networks by signal strength initially, but you can sort by SSID, channel, WEP-key status (locked or unlocked), and more.
This window also helps you select the best network. For example, the software uses a closed padlock symbol to mark networks secured by WEP keys. You can even use WiNc to bypass potential areas of congestion. Typically, your system connects to the most powerful WiFi signal. But if two or more access points are operating on the same channel—say 6—you can select an AP using 11 instead, even if the signal strength is lower. You'll likely get a better connection than from the AP with the best signal, because you'll avoid interference. You can mark a network you like as preferred, and when that network is available, your system will automatically connect to it.
Once you connect, the General tab gives you details on the connection—how fast the link is, total packets sent and received, and more. This is also where you can enter the WEP key for a network.
Another really nice WiNc feature automates the often frustrating process of setting up an ad hoc network—a peer-to-peer connection between two WiFi computers. You do this for quick file transfers or head-to-head gaming.
The IP Properties tab is a bit geeky, but longtime wireless users will appreciate both the information and the capabilities it gives. Here you can track exactly what Internet address parameters have been granted to your computer through DHCP, the automatic network configuration protocol used by most networks today. Many WiFi connection problems result from faulty or old IP configurations. Even if you don't know what all the stuff on this screen means, you can easily ask the network's server to reconfigure you, making obtaining a new IP address easy.
http://www.pcmag.com/print_article/0,3048,a=59192,00.asp
WiNc works with almost all WiFi hardware and provides a simple way to find, save, link up to, and manage personal WiFi connections. Even better, Cirond has developed a smaller version for PocketPC, so mobile users can enjoy WiNc's capabilities as well.
How It Works
The interface looks roughly the same on both platforms. It provides three tabs to help you locate, select, and connect to wireless networks. The Connection Management tab is where you identify and select wireless networks. By default, the software scans for new networks every 10 seconds, but you can reduce the frequency to every 2 minutes. The software sorts networks by signal strength initially, but you can sort by SSID, channel, WEP-key status (locked or unlocked), and more.
This window also helps you select the best network. For example, the software uses a closed padlock symbol to mark networks secured by WEP keys. You can even use WiNc to bypass potential areas of congestion. Typically, your system connects to the most powerful WiFi signal. But if two or more access points are operating on the same channel—say 6—you can select an AP using 11 instead, even if the signal strength is lower. You'll likely get a better connection than from the AP with the best signal, because you'll avoid interference. You can mark a network you like as preferred, and when that network is available, your system will automatically connect to it.
Once you connect, the General tab gives you details on the connection—how fast the link is, total packets sent and received, and more. This is also where you can enter the WEP key for a network.
Another really nice WiNc feature automates the often frustrating process of setting up an ad hoc network—a peer-to-peer connection between two WiFi computers. You do this for quick file transfers or head-to-head gaming.
The IP Properties tab is a bit geeky, but longtime wireless users will appreciate both the information and the capabilities it gives. Here you can track exactly what Internet address parameters have been granted to your computer through DHCP, the automatic network configuration protocol used by most networks today. Many WiFi connection problems result from faulty or old IP configurations. Even if you don't know what all the stuff on this screen means, you can easily ask the network's server to reconfigure you, making obtaining a new IP address easy.
http://www.pcmag.com/print_article/0,3048,a=59192,00.asp
Wednesday, September 10, 2003
The Blaster School of Hard Knocks
Blaster is teaching Microsoft how to better communicate. But there are other lessons Redmond could stand to learn.
Microsoft learned a lot from the Blaster worm that blasted onto the scene last month. But it could have learned more.
Thanks to Blaster, the Redmond software giant has come to realize:
It needed to make its emergency communications with its customers simpler and quicker. The recently rolled-out 1-2-3 Protect Your PC campaign shows Microsoft learned this lesson quite well — and quickly, to boot.
Security is a customer-satisfaction issue. Microsoft understands its current and future users might be less-than-thrilled to be approached if their Blaster pain isn't thoroughly acknowledged. The company has cautioned its sales force and partners to lead with an acknowledgement that Blaster has wreaked havoc on customers' businesses before pitching them on new business.
There's nothing wrong with saying you are sorry (even if you don't really believe something is your fault). Right after the Blaster attack, Redmond held a series of conference calls with key customers. (It even published the transcript of one of them.) The key message: We are sorry that Blaster blasted you. And we are pulling out all the stops to make sure this doesn't happen again.
Making Windows and other key infrastructure software more secure is Priority No. 1. No exceptions. It matters more to users than getting their hands on a Longhorn beta, receiving a sneak peek of a Motorola Smartphone, or being granted another round of Software Assurance licensing concessions. Accordingly, Redmond seems to be accelerating its schedule for patching its software-patching mechanisms as a key first step.
But school's not out for Microsoft on Blaster. There are a few lessons that Redmond seemingly hasn't taken to heart.…
http://www.microsoft.com/security/protect/default.asp
http://www.microsoft-watch.com/article2/0,4248,1237609,00.asp
Blaster is teaching Microsoft how to better communicate. But there are other lessons Redmond could stand to learn.
Microsoft learned a lot from the Blaster worm that blasted onto the scene last month. But it could have learned more.
Thanks to Blaster, the Redmond software giant has come to realize:
It needed to make its emergency communications with its customers simpler and quicker. The recently rolled-out 1-2-3 Protect Your PC campaign shows Microsoft learned this lesson quite well — and quickly, to boot.
Security is a customer-satisfaction issue. Microsoft understands its current and future users might be less-than-thrilled to be approached if their Blaster pain isn't thoroughly acknowledged. The company has cautioned its sales force and partners to lead with an acknowledgement that Blaster has wreaked havoc on customers' businesses before pitching them on new business.
There's nothing wrong with saying you are sorry (even if you don't really believe something is your fault). Right after the Blaster attack, Redmond held a series of conference calls with key customers. (It even published the transcript of one of them.) The key message: We are sorry that Blaster blasted you. And we are pulling out all the stops to make sure this doesn't happen again.
Making Windows and other key infrastructure software more secure is Priority No. 1. No exceptions. It matters more to users than getting their hands on a Longhorn beta, receiving a sneak peek of a Motorola Smartphone, or being granted another round of Software Assurance licensing concessions. Accordingly, Redmond seems to be accelerating its schedule for patching its software-patching mechanisms as a key first step.
But school's not out for Microsoft on Blaster. There are a few lessons that Redmond seemingly hasn't taken to heart.…
http://www.microsoft.com/security/protect/default.asp
http://www.microsoft-watch.com/article2/0,4248,1237609,00.asp
SoBig Not Gone Yet
Like Ben and J. Lo, the SoBig.F virus long ago overstayed its welcome and seems to be intent on hanging around to annoy as many people as possible. But, unlike Bennifer, the virus mercifully is set to expire on Wednesday, providing worm-weary administrators and users with a bit of relief.
The original SoBig virus appeared in early January, welcoming workers back from the holidays with a raft of infected messages from big@boss.com. In the intervening eight months, five more variants have been set loose, with varying degrees of success.
But none of the previous versions even remotely approached the infection rates that SoBig.F has achieved.
The latest iteration of the virus hit the Internet on Aug. 18 and spawned more than a million copies of itself in the first 24 hours of its existence. At its peak later that week, one in every 17 pieces of e-mail inspected by e-mail security provider MessageLabs Inc. was infected with SoBig.F. Since then, the infection rate has slowed, but MessageLabs continues to stop as many as 600,000 copies of the virus each day.
The respite from SoBig may be short-lived however, as many anti-virus experts expect another variant to be released soon after this one expires. There is some debate in the community on this point, as well as the question of whether all of the previous versions of SoBig have been created by one person. But if history is any guide, it won't be long before another variant is flooding inboxes with maddening levels of junk.…
http://www.eweek.com/article2/0,4149,1252887,00.asp
Like Ben and J. Lo, the SoBig.F virus long ago overstayed its welcome and seems to be intent on hanging around to annoy as many people as possible. But, unlike Bennifer, the virus mercifully is set to expire on Wednesday, providing worm-weary administrators and users with a bit of relief.
The original SoBig virus appeared in early January, welcoming workers back from the holidays with a raft of infected messages from big@boss.com. In the intervening eight months, five more variants have been set loose, with varying degrees of success.
But none of the previous versions even remotely approached the infection rates that SoBig.F has achieved.
The latest iteration of the virus hit the Internet on Aug. 18 and spawned more than a million copies of itself in the first 24 hours of its existence. At its peak later that week, one in every 17 pieces of e-mail inspected by e-mail security provider MessageLabs Inc. was infected with SoBig.F. Since then, the infection rate has slowed, but MessageLabs continues to stop as many as 600,000 copies of the virus each day.
The respite from SoBig may be short-lived however, as many anti-virus experts expect another variant to be released soon after this one expires. There is some debate in the community on this point, as well as the question of whether all of the previous versions of SoBig have been created by one person. But if history is any guide, it won't be long before another variant is flooding inboxes with maddening levels of junk.…
http://www.eweek.com/article2/0,4149,1252887,00.asp
Tuesday, September 09, 2003
Using nested positioned DIVs to automatically adjust to variable sized DIVs using CSS positioning.
An explanation of their use in the Adaptive Path redesign by Doug Bowman
http://www.stopdesign.com/log/2003/09/03/absolute.html
An explanation of their use in the Adaptive Path redesign by Doug Bowman
http://www.stopdesign.com/log/2003/09/03/absolute.html
Listamatic
Can you take a simple list and use different Cascading Style Sheets to create radically different list options? The Listamatic shows the power of CSS when applied to one simple list using samples from Eric Meyer, ProjectSeven, SimpleBits, Jeffrey Zeldman and others.
http://www.maxdesign.com.au/presentation/listamatic/
Can you take a simple list and use different Cascading Style Sheets to create radically different list options? The Listamatic shows the power of CSS when applied to one simple list using samples from Eric Meyer, ProjectSeven, SimpleBits, Jeffrey Zeldman and others.
http://www.maxdesign.com.au/presentation/listamatic/
Monday, September 08, 2003
Get ready for the latest Microsoft products and technologies:
Microsoft Windows Server™ 2003, Microsoft Exchange Server 2003, and Microsoft Visual Studio® .NET. Receive a free analysis of your current skills; a personalized learning plan to improve your skills, including Microsoft Official Curriculum courses, Microsoft Press books, and Microsoft TechNet resources; and a comparison of your skills to those of others, with high scores posted daily.
http://www.microsoft.com/traincert/assessment/
Microsoft Windows Server™ 2003, Microsoft Exchange Server 2003, and Microsoft Visual Studio® .NET. Receive a free analysis of your current skills; a personalized learning plan to improve your skills, including Microsoft Official Curriculum courses, Microsoft Press books, and Microsoft TechNet resources; and a comparison of your skills to those of others, with high scores posted daily.
http://www.microsoft.com/traincert/assessment/
Sunday, September 07, 2003
A Hearty Buffet of Look-Up Databases
Need to look up an address, postal code, place name or similar information? Forget search engines -- this one-stop source provides free access to lookup databases.
The Lookup Directory from Melissa Data provides a first-rate collection of 18 look-up databases, accessible from a single page. All of these tools are available for free!
Specialized databases like these can save you large amounts of time versus using a general web engine to search, and search, and search and hope to find an answer.
http://www.melissadata.com/Lookups/index.htm
http://searchenginewatch.com/searchday/article.php/2245831
Need to look up an address, postal code, place name or similar information? Forget search engines -- this one-stop source provides free access to lookup databases.
The Lookup Directory from Melissa Data provides a first-rate collection of 18 look-up databases, accessible from a single page. All of these tools are available for free!
Specialized databases like these can save you large amounts of time versus using a general web engine to search, and search, and search and hope to find an answer.
http://www.melissadata.com/Lookups/index.htm
http://searchenginewatch.com/searchday/article.php/2245831
Saturday, September 06, 2003
Writing photo captions for the Web by Ruth Garner, Mark Gillingham, and Yong Zhao
Photographs are rarely self-sufficient. They need captions. A caption tells us something about the person or thing photographed, also something about the photographer. In this article, we discuss how to write photo captions for the Web. We provide examples from adults’ and children’s work.
Photo captions — the good ones, at least — are informative. Without the caption for the Queen Victoria photograph, we might recognize the woman pictured as someone rich and famous (she sits so regally on horseback, after all), but we might not know which rich and famous person she is.
Does that matter? It doesn’t, if we are skimming through the Barthes (1981) book simply to take note of the great variety of photographers’ subject matter. If, however, we find this particular photograph of historical interest, if we are studying it, we surely will want to know more — who the woman is, when the photograph was taken, and so on. For someone studying a photograph, an image is seldom self-sufficient. A caption is required.
A photograph requiring a caption need not be a portrait of a queen, and it need not be a photograph reproduced in a book. It might be an online photograph of a robot.…
http://firstmonday.org/issues/issue8_9/garner/
Photographs are rarely self-sufficient. They need captions. A caption tells us something about the person or thing photographed, also something about the photographer. In this article, we discuss how to write photo captions for the Web. We provide examples from adults’ and children’s work.
Photo captions — the good ones, at least — are informative. Without the caption for the Queen Victoria photograph, we might recognize the woman pictured as someone rich and famous (she sits so regally on horseback, after all), but we might not know which rich and famous person she is.
Does that matter? It doesn’t, if we are skimming through the Barthes (1981) book simply to take note of the great variety of photographers’ subject matter. If, however, we find this particular photograph of historical interest, if we are studying it, we surely will want to know more — who the woman is, when the photograph was taken, and so on. For someone studying a photograph, an image is seldom self-sufficient. A caption is required.
A photograph requiring a caption need not be a portrait of a queen, and it need not be a photograph reproduced in a book. It might be an online photograph of a robot.…
http://firstmonday.org/issues/issue8_9/garner/
Thursday, September 04, 2003
The Search Engine Report - Number 82
In This Issue
+ Search Engine Watch News
+ SES Dates For 2004 Set
+ Search Engine Size Wars IV & Google's Supplemental Index
+ SEMPO, Search Engine Marketing Professional Organization, Opens To Members
+ Search Engine Resources
+ SearchDay Articles
+ Search Engine Articles
http://searchenginewatch.com/sereport/article.php/3071471
In This Issue
+ Search Engine Watch News
+ SES Dates For 2004 Set
+ Search Engine Size Wars IV & Google's Supplemental Index
+ SEMPO, Search Engine Marketing Professional Organization, Opens To Members
+ Search Engine Resources
+ SearchDay Articles
+ Search Engine Articles
http://searchenginewatch.com/sereport/article.php/3071471
A Script to Teach You About Using Forms with ASP(2.2 KB)
Here's a script that was designed for no purpose other then
to teach new ASP users about using forms. If you're new to
ASP or even if you just need a refresher course on form
handling, you've got to take a look at this script.
http://www.asp101.com/resources/visitors/index.asp#formtest
Here's a script that was designed for no purpose other then
to teach new ASP users about using forms. If you're new to
ASP or even if you just need a refresher course on form
handling, you've got to take a look at this script.
http://www.asp101.com/resources/visitors/index.asp#formtest
Tuesday, September 02, 2003
Web Page Analyzer - 0.80
Enter a URL below to calculate page size, composition, and download time. The script calculates the size of individual elements and finds the total for each type of web page component. Based on these page characteristics the script then offers advice on how to improve page display time. The script incorporates best practices from HCI research into its recommendations.
http://www.websiteoptimization.com/speed/1/
http://www.websiteoptimization.com/services/analyze/
Enter a URL below to calculate page size, composition, and download time. The script calculates the size of individual elements and finds the total for each type of web page component. Based on these page characteristics the script then offers advice on how to improve page display time. The script incorporates best practices from HCI research into its recommendations.
http://www.websiteoptimization.com/speed/1/
http://www.websiteoptimization.com/services/analyze/
Saturday, August 30, 2003
Microsoft Guide to Security Patch Management
Organizations depend on information technology resources and expect them to be trustworthy: a few days of downtime is expensive, while a security compromise of corporate assets can have disastrous consequences.
Viruses and worms such as Klez, Nimda, and SQL Slammer exploit security vulnerabilities in software to attack a computer and launch new attacks on other computers. These vulnerabilities also provide opportunities for attackers to compromise information and assets by denying access to valid users, enabling escalated privileges, and exposing data to unauthorized viewing and tampering.
The operational cost of a day's downtime can be calculated for most, but what if the information with which others entrust your organization is compromised publicly?
A breach of corporate security and the resulting loss of credibility (with customers, partners, and governments) can put the very nature of an organization at risk. Organizations that fail to perform proactive security patch management as part of their information technology security strategy do so at their own peril.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/patch/secpatch/default.asp
Organizations depend on information technology resources and expect them to be trustworthy: a few days of downtime is expensive, while a security compromise of corporate assets can have disastrous consequences.
Viruses and worms such as Klez, Nimda, and SQL Slammer exploit security vulnerabilities in software to attack a computer and launch new attacks on other computers. These vulnerabilities also provide opportunities for attackers to compromise information and assets by denying access to valid users, enabling escalated privileges, and exposing data to unauthorized viewing and tampering.
The operational cost of a day's downtime can be calculated for most, but what if the information with which others entrust your organization is compromised publicly?
A breach of corporate security and the resulting loss of credibility (with customers, partners, and governments) can put the very nature of an organization at risk. Organizations that fail to perform proactive security patch management as part of their information technology security strategy do so at their own peril.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/patch/secpatch/default.asp
411 DV: Web Resources for Non-Linear Editors
Have a question on the latest nonlinear editing software? Need a hard-to-find piece of video editing equipment? Or are you just starting out in the field of digital video and need some direction? . Like virtually every other topic imaginable, the digital video fieldhas seen an explosion of online resources, discussion groups, and chat areas to help both neophytes and seasoned pros achieve their goals more effectively and do their jobs more efficiently. Here, we'll take a look at ten sites that specialize in the world of digital video, though each one offers its own unique features that range user forums to tutorials to sales. (And don't forget about EMedia's own site, http://www.emedialive.com, which offers twice-weekly breaking news, online product "demo rooms," and articles from the magazine.)
http://www.emedialive.com/news/2003/0722_4.html
Have a question on the latest nonlinear editing software? Need a hard-to-find piece of video editing equipment? Or are you just starting out in the field of digital video and need some direction? . Like virtually every other topic imaginable, the digital video fieldhas seen an explosion of online resources, discussion groups, and chat areas to help both neophytes and seasoned pros achieve their goals more effectively and do their jobs more efficiently. Here, we'll take a look at ten sites that specialize in the world of digital video, though each one offers its own unique features that range user forums to tutorials to sales. (And don't forget about EMedia's own site, http://www.emedialive.com, which offers twice-weekly breaking news, online product "demo rooms," and articles from the magazine.)
http://www.emedialive.com/news/2003/0722_4.html
Friday, August 29, 2003
Batten Down Those Ports
With worms such as Blaster prowling the Net, every user ought to know the ways a computer may be exposing itself to attacks. One of the simplest but most vital tests you can do to determine potential vulnerabilities is to find out which ports your PC has open to the outside world.
http://www.pcmag.com/print_article/0,3048,a=55855,00.asp
With worms such as Blaster prowling the Net, every user ought to know the ways a computer may be exposing itself to attacks. One of the simplest but most vital tests you can do to determine potential vulnerabilities is to find out which ports your PC has open to the outside world.
http://www.pcmag.com/print_article/0,3048,a=55855,00.asp
Code that directs infected computers to seven mail and name servers owned by an AOL Time Warner Inc. subsidiary.
Anti-virus experts are downplaying recent claims that there is a second hidden cache of data in the SoBig worm's code that directs infected computers to contact a group of seven mail and name servers owned by an AOL Time Warner Inc. subsidiary.
Officials at BitDefender, a unit of Softwin SRL in Bucharest, Romania, said on Tuesday that they had found a second set of encrypted server addresses in the code of the eminently annoying SoBig.F worm. All of the server names appear to belong to Time Warner Telecom Inc.
"The code is quite straightforward and accurately indicates that the virus asks for information at this address, waits for the answer and than runs the downloaded file on the infected host," said Mihai Chiriac, a virus researcher at BitDefender. "As for the moment, there is no information at any of these addresses; we can't predict the code's effects."
http://www.eweek.com/article2/0,3959,1232316,00.asp
Anti-virus experts are downplaying recent claims that there is a second hidden cache of data in the SoBig worm's code that directs infected computers to contact a group of seven mail and name servers owned by an AOL Time Warner Inc. subsidiary.
Officials at BitDefender, a unit of Softwin SRL in Bucharest, Romania, said on Tuesday that they had found a second set of encrypted server addresses in the code of the eminently annoying SoBig.F worm. All of the server names appear to belong to Time Warner Telecom Inc.
"The code is quite straightforward and accurately indicates that the virus asks for information at this address, waits for the answer and than runs the downloaded file on the infected host," said Mihai Chiriac, a virus researcher at BitDefender. "As for the moment, there is no information at any of these addresses; we can't predict the code's effects."
http://www.eweek.com/article2/0,3959,1232316,00.asp
Wednesday, August 27, 2003
Microsoft Baseline Security Analyzer
As part of Microsoft's Strategic Technology Protection Program, and in response to direct customer need for a streamlined method of identifying common security misconfigurations, Microsoft has developed the Microsoft Baseline Security Analyzer (MBSA).
MBSA Version 1.1.1 includes a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows 2000, Windows XP, and Windows Server 2003 systems and will scan for common system misconfigurations in the following products: Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, Internet Information Server (IIS) 4.0 and 5.0, SQL Server 7.0 and 2000, Internet Explorer (IE) 5.01 and later, and Office 2000 and 2002. MBSA will also scan for missing security updates for the following products: Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, IIS 4.0 and 5.0, SQL Server 7.0 and 2000, IE 5.01 and later, Exchange 5.5 and 2000, and Windows Media Player 6.4 and later.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/mbsahome.asp
As part of Microsoft's Strategic Technology Protection Program, and in response to direct customer need for a streamlined method of identifying common security misconfigurations, Microsoft has developed the Microsoft Baseline Security Analyzer (MBSA).
MBSA Version 1.1.1 includes a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows 2000, Windows XP, and Windows Server 2003 systems and will scan for common system misconfigurations in the following products: Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, Internet Information Server (IIS) 4.0 and 5.0, SQL Server 7.0 and 2000, Internet Explorer (IE) 5.01 and later, and Office 2000 and 2002. MBSA will also scan for missing security updates for the following products: Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, IIS 4.0 and 5.0, SQL Server 7.0 and 2000, IE 5.01 and later, Exchange 5.5 and 2000, and Windows Media Player 6.4 and later.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/mbsahome.asp
Windows XP Security Checklist
Although Windows XP Professional is built on the Windows 2000 kernel, there are significant differences between the operating systems - especially when it comes to security. This checklist is partially based on our popular Windows 2000 security checklist and covers both Windows XP Professional and XP Home Edition. Unfortunately, Windows XP Home Edition doesn't have all of the security features of XP Professional, so not all of the options are available for both versions. If you're concerned about your data, we strongly recommend upgrading to XP Professional as soon as possible. When implementing these recommendations, keep in mind that there is a trade off between increased security levels and usability for any Operating System. To help you decide how much security you need, we've divided the checklist into Basic, Intermediate, and Advanced Security options. You should assess your potential security risks, determine the value of your data, and balance your needs accordingly.
This is a "live" document which will be updated over time as new security recommendations are published by Microsoft. We have tried to make the checklist as complete as possible, however if you have any suggestions or feedback, please e-mail bernie@labmice.net
http://www.labmice.net/articles/winxpsecuritychecklist.htm
Although Windows XP Professional is built on the Windows 2000 kernel, there are significant differences between the operating systems - especially when it comes to security. This checklist is partially based on our popular Windows 2000 security checklist and covers both Windows XP Professional and XP Home Edition. Unfortunately, Windows XP Home Edition doesn't have all of the security features of XP Professional, so not all of the options are available for both versions. If you're concerned about your data, we strongly recommend upgrading to XP Professional as soon as possible. When implementing these recommendations, keep in mind that there is a trade off between increased security levels and usability for any Operating System. To help you decide how much security you need, we've divided the checklist into Basic, Intermediate, and Advanced Security options. You should assess your potential security risks, determine the value of your data, and balance your needs accordingly.
This is a "live" document which will be updated over time as new security recommendations are published by Microsoft. We have tried to make the checklist as complete as possible, however if you have any suggestions or feedback, please e-mail bernie@labmice.net
http://www.labmice.net/articles/winxpsecuritychecklist.htm
Monday, August 25, 2003
A Cumulative Patch for Internet Explorer
Microsoft (Quote, Company Info) Wednesday issued a cumulative patch for its Internet Explorer browser that also protects against several newly discovered vulnerabilities that it labeled as "critical."
Microsoft said the patch combines all the previously released patches for IE 5.01, 5.5 and 6.0 and also addresses several vulnerabilities that would allow an attacker to use a malicious Web site or specially-formed HTML email to access certain privileges on a user's computer.
The first new flaw patched involves the cross-domain security model of IE, which is intended to keep windows of different domains from sharing information. Microsoft said the flaw could allow an attacker to execute script in the user's My Computer zone, run an executable file already present on the local system, or view files on the computer.
To exploit the flaw, an attacker would have to host a malicious Web site that contained a page specifically designed to exploit the vulnerability, and then persuade a victim to visit the site. Once the user is on the site, Microsoft said the attacker could run malicious script by misusing the method IE uses to retrieve files from the browser cache, causing that script to access information in a different domain.
The second new vulnerability patched would allow an attacker to run arbitrary code on a user's system because Internet Explorer doesn't properly determine an object type returned from a Web server, Microsoft said. This vulnerability could be exploited either through convincing a user to visit a malicious Web site or through an HTML email.
The cumulative patch also sets the Kill Bit on the BR549.DLL ActiveX control, which was originally implemented to support the Windows Reporting Tool. IE no longer supports the tool, which has been found to contain a security vulnerability. The new patch prevents the control from running or from being reintroduced onto a user's system.
Microsoft has also used the cumulative patch to change the way IE renders HTML files, in order to address a flaw that could cause IE or Outlook Express to fail. Currently, IE does not properly render an input tag, Microsoft said, which would allow an attacker to craft a malicious Web site that would cause the browser to fail. The flaw would also allow an attacker to create a specially-formed HTML email that would cause Outlook Express to fail when the email is opened or previewed.
Finally, the patch modifies an earlier patch in order to cover specific languages.
http://www.internetnews.com/dev-news/article.php/3066741
Microsoft (Quote, Company Info) Wednesday issued a cumulative patch for its Internet Explorer browser that also protects against several newly discovered vulnerabilities that it labeled as "critical."
Microsoft said the patch combines all the previously released patches for IE 5.01, 5.5 and 6.0 and also addresses several vulnerabilities that would allow an attacker to use a malicious Web site or specially-formed HTML email to access certain privileges on a user's computer.
The first new flaw patched involves the cross-domain security model of IE, which is intended to keep windows of different domains from sharing information. Microsoft said the flaw could allow an attacker to execute script in the user's My Computer zone, run an executable file already present on the local system, or view files on the computer.
To exploit the flaw, an attacker would have to host a malicious Web site that contained a page specifically designed to exploit the vulnerability, and then persuade a victim to visit the site. Once the user is on the site, Microsoft said the attacker could run malicious script by misusing the method IE uses to retrieve files from the browser cache, causing that script to access information in a different domain.
The second new vulnerability patched would allow an attacker to run arbitrary code on a user's system because Internet Explorer doesn't properly determine an object type returned from a Web server, Microsoft said. This vulnerability could be exploited either through convincing a user to visit a malicious Web site or through an HTML email.
The cumulative patch also sets the Kill Bit on the BR549.DLL ActiveX control, which was originally implemented to support the Windows Reporting Tool. IE no longer supports the tool, which has been found to contain a security vulnerability. The new patch prevents the control from running or from being reintroduced onto a user's system.
Microsoft has also used the cumulative patch to change the way IE renders HTML files, in order to address a flaw that could cause IE or Outlook Express to fail. Currently, IE does not properly render an input tag, Microsoft said, which would allow an attacker to craft a malicious Web site that would cause the browser to fail. The flaw would also allow an attacker to create a specially-formed HTML email that would cause Outlook Express to fail when the email is opened or previewed.
Finally, the patch modifies an earlier patch in order to cover specific languages.
http://www.internetnews.com/dev-news/article.php/3066741
A recent eWEEK.com article quotes a network administrator critical of Microsoft for not providing essentially what Automatic Updates provides, especially in conjunction with Microsoft's Software Update Services, which basically allows an administrator to set up an internal update server for clients to use instead of the Windows Update site.
Tightening The Security Screws In Windows
Either we're not educating people or education is not working: Too many users still fail to take simple precautions to protect themselves, and many engage in dangerous practices that perpetuate attacks.
The incidents of the past couple of weeks are both illustrative. The Blaster worm succeeded in spite of a massive publicity campaign on the danger of the relevant flaw in Windows and the existence of a patch.
Worse, in monitoring several security mailing lists I saw many users looking for any excuse not to apply the patch. According to conservative estimates, some 500,000 systems were infected with Blaster, and I've seen much higher estimates. For example, Satellite ISP DirecWay just sent out an e-mail to their customers stating that "approximately 10 to 20 percent of DIRECWAY end-users are infected with the Blaster virus."
Meanwhile, based on the hundreds of Sobig.F e-mails I received in the first 24 hours of this week's outbreak, clearly users have left themselves wide open to it as well.
Has education failed? Short of making computer hygiene mandatory like driver's education with tests, something on the order of John Dvorak's idea to license computer users, I can't see public education campaigns having any better results than we found with Blaster. And that was completely unacceptable.
If users won't take care of their computers, the unfortunate answer (depending on your point of view) is to do it for them. This is what Microsoft is considering, according to a recent Washington Post article. It states that Microsoft is considering having Windows download and apply security patches automatically.
Currently available in Windows XP and Windows 2000 SP3+, this updating capability is called Automatic Updates and is accessible through the Control Panel System applet. It is turned off by default. (For Windows 2000 Server, Automatic Updates is only aware of patches for the OS, not for important server applications like SQL Server or IIS).
The applet has 3 options if you turn Automatic Updates on:
Notify the user that updates are available;
Download any updates that are available and notify the user, but don't install them; and
Download any updates that are available and install them according to a schedule specified by the user.
So, it sounds as if Microsoft is considering making the third option the default behavior, at least with respect to certain very critical updates, such as the one that prevented the Blaster worm.
Believe it or not, even some experienced admins are unaware of this feature in its current state. A recent eWEEK.com article quotes a network administrator critical of Microsoft for not providing essentially what Automatic Updates provides, especially in conjunction with Microsoft's Software Update Services, which basically allows an administrator to set up an internal update server for clients to use instead of the Windows Update site. This administrator said: "The only way it's going to happen is automation...Microsoft should provide this free."
Hello. They do.…
http://security.ziffdavis.com/article2/0,3973,1227322,00.asp
SoBig: What You Need to Know
If you or someone you know (or on your network) is infected, here's the manual process for recovering and for preventing SoBig from spreading to other users:
Unplug your computer from the network.
Boot the computer, then hit the F8 key to activate the text-only boot menu; choose Safe mode.
Wait until the boot process completes.
Open Task Manager by pressing Ctrl+Alt+Del and select the Processes tab.
Find and Highlight Winppr32.exe in the Processes tab.
To kill Winppr32.exe, click the End Process button at the bottom of the Processes tab window.
Click the Start button and select Find or Search from the menu. Search All files and Folders for the file Winppr32.exe on all local drives.
Delete all files named Winppr32.exe from the search window.
Repeat steps 7 and 8 for this file Winstt32.dat
Repeat steps 7 and 8 for this file: Winstf32.dll
Got to the Start menu, select Run and type in RegEdit to run the Registry Editor.
From the menu, select Edit/Find to search for this string: WINPPR32.EXE /sinc. Check only the Data box.
Select the Registry Key in the right-hand pane and Edit/Delete from the menu.
Press F3 to find and delete additional keys with values containing WINPPR32.EXE /sinc
Close Registry Editor.
Reboot in normal mode and reconnect to the network.
Install an antivirus and update to the latest antivirus definitions.
Make sure you have firewall software running, because part of SoBig's job is to connect to its master server and try to install a program that would create a back door into your system.
If you have not yet been infected, follow steps 17 and 18 and add these simple rules
Run Outlook with the preview pane closed. Visually scan the subject lines and look for red flags like:
"Details"
"Thank You"
"A Wicked Screen Saver"
SoBig e-mails can come from friends, because you're likely on each other's contact lists in Outlook. If you see an e-mail from a contact that's unexpected or has a telltale subject line, do not open or respond to it.
Never open any attachment from an unknown sender, and think twice before opening unexpected ones from friends or business contacts.
There's some more excellent information as well as removal instructions and even cleaning tools at these sources:
University of Virginia: http://www.itc.virginia.edu/desktop/virus/results.php3?virusID=76
NAI: http://vil.nai.com/vil/content/Print100561.htm
Symantec: http://www.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html#removalinstructions
TrendMicro: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.F
TrendMicro: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.F&VSect=T
BitDefender: http://www.bitdefender.com/html/virusinfo.php?menu_id=1&v_id=152
McAfee: http://msn.mcafee.com/virusInfo/default.asp?id=description&virus_k=100561&affid=102
Central Command: http://www.centralcommand.com
http://www.pcmag.com/print_article/0,3048,a=55015,00.asp
If you or someone you know (or on your network) is infected, here's the manual process for recovering and for preventing SoBig from spreading to other users:
Unplug your computer from the network.
Boot the computer, then hit the F8 key to activate the text-only boot menu; choose Safe mode.
Wait until the boot process completes.
Open Task Manager by pressing Ctrl+Alt+Del and select the Processes tab.
Find and Highlight Winppr32.exe in the Processes tab.
To kill Winppr32.exe, click the End Process button at the bottom of the Processes tab window.
Click the Start button and select Find or Search from the menu. Search All files and Folders for the file Winppr32.exe on all local drives.
Delete all files named Winppr32.exe from the search window.
Repeat steps 7 and 8 for this file Winstt32.dat
Repeat steps 7 and 8 for this file: Winstf32.dll
Got to the Start menu, select Run and type in RegEdit to run the Registry Editor.
From the menu, select Edit/Find to search for this string: WINPPR32.EXE /sinc. Check only the Data box.
Select the Registry Key in the right-hand pane and Edit/Delete from the menu.
Press F3 to find and delete additional keys with values containing WINPPR32.EXE /sinc
Close Registry Editor.
Reboot in normal mode and reconnect to the network.
Install an antivirus and update to the latest antivirus definitions.
Make sure you have firewall software running, because part of SoBig's job is to connect to its master server and try to install a program that would create a back door into your system.
If you have not yet been infected, follow steps 17 and 18 and add these simple rules
Run Outlook with the preview pane closed. Visually scan the subject lines and look for red flags like:
"Details"
"Thank You"
"A Wicked Screen Saver"
SoBig e-mails can come from friends, because you're likely on each other's contact lists in Outlook. If you see an e-mail from a contact that's unexpected or has a telltale subject line, do not open or respond to it.
Never open any attachment from an unknown sender, and think twice before opening unexpected ones from friends or business contacts.
There's some more excellent information as well as removal instructions and even cleaning tools at these sources:
University of Virginia: http://www.itc.virginia.edu/desktop/virus/results.php3?virusID=76
NAI: http://vil.nai.com/vil/content/Print100561.htm
Symantec: http://www.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html#removalinstructions
TrendMicro: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.F
TrendMicro: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.F&VSect=T
BitDefender: http://www.bitdefender.com/html/virusinfo.php?menu_id=1&v_id=152
McAfee: http://msn.mcafee.com/virusInfo/default.asp?id=description&virus_k=100561&affid=102
Central Command: http://www.centralcommand.com
http://www.pcmag.com/print_article/0,3048,a=55015,00.asp
SoBig Virus Breaks Speed Records
By Dennis Fisher
So far, SoBig.
The virus that has been rampaging through corporate networks and bringing mail servers to their figurative knees all week is now officially the most prolific piece of malware ever, at least by one measure. MessageLabs Inc., an e-mail security company based in New York, said it saw more copies of SoBig.F in its first 24 hours of life than it has of any other virus in a comparable period. Ever.
That's no mean feat, considering some of the digital refuse that has hit the Internet in the past couple of years. Viruses such as Klez, Melissa and the Love Bug all caused their fair share of damage and each was at one time or another considered to be as bad as it gets. But this most recent incarnation of SoBig has taken the title, at least for now.
http://www.eweek.com/article2/0,3959,1227345,00.asp
By Dennis Fisher
So far, SoBig.
The virus that has been rampaging through corporate networks and bringing mail servers to their figurative knees all week is now officially the most prolific piece of malware ever, at least by one measure. MessageLabs Inc., an e-mail security company based in New York, said it saw more copies of SoBig.F in its first 24 hours of life than it has of any other virus in a comparable period. Ever.
That's no mean feat, considering some of the digital refuse that has hit the Internet in the past couple of years. Viruses such as Klez, Melissa and the Love Bug all caused their fair share of damage and each was at one time or another considered to be as bad as it gets. But this most recent incarnation of SoBig has taken the title, at least for now.
http://www.eweek.com/article2/0,3959,1227345,00.asp
Saturday, August 23, 2003
BBC News Styleguide
Avoid clichés and improve your journalism with this PDF version of the BBC News Styleguide. The Guide gives practical suggestions on many aspects of journalism style, including abbreviations, clichés, reported speech - and how to avoid irritating your editor.
Who it's for:
This guide was written for BBC journalists but is a valuable resource for anyone who wants to write well.
Outline:
Every time anyone writes a script for BBC News they are potentially touching the lives of millions of people – through radio, tv and the internet. That is the privilege of working for one of the biggest news organisations in the world. It brings with it responsibilities. BBC News is expected to set the highest standards in accuracy, fairness, impartiality – and in the use of language. Clear story-telling and language is at the heart of good journalism. This PDF styleguide will help you to strengthen your journalism and connect with your audiences.
http://www.bbctraining.co.uk/onlineCourse.asp?tID=5487&cat=3
Avoid clichés and improve your journalism with this PDF version of the BBC News Styleguide. The Guide gives practical suggestions on many aspects of journalism style, including abbreviations, clichés, reported speech - and how to avoid irritating your editor.
Who it's for:
This guide was written for BBC journalists but is a valuable resource for anyone who wants to write well.
Outline:
Every time anyone writes a script for BBC News they are potentially touching the lives of millions of people – through radio, tv and the internet. That is the privilege of working for one of the biggest news organisations in the world. It brings with it responsibilities. BBC News is expected to set the highest standards in accuracy, fairness, impartiality – and in the use of language. Clear story-telling and language is at the heart of good journalism. This PDF styleguide will help you to strengthen your journalism and connect with your audiences.
http://www.bbctraining.co.uk/onlineCourse.asp?tID=5487&cat=3
Sobig.f prevention and cure
Yet another member of the Sobig virus family is loose. Sobig.f (w32.sobig.f@mm) spreads via e-mail and shared network files and could slow e-mail servers with excessive traffic, so it rates a 7 on the ZDNet Virus Meter. This worm affects only Windows computers, not Mac, Linux, or Unix systems. Like its siblings, Sobig.f has a built-in termination date, September 10, 2003, and can attempt to retrieve, download, and finally execute a Trojan to steal credit card numbers and other personal account information. But Sobig.f differs in that it appends garbage characters to the end of the infected file, making it harder for antivirus products to recognize Sobig.f.
How it works
Sobig.f arrives as an e-mail with the following characteristics:
The From and To addresses are collected from infected PCs, from files ending with the extensions .dbx, .eml, .htm, .html, .txt, and .wab.
The Sobig.f subject line reads:
Re: Details
Re: Approved
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
Thank you!
Your details
Its body text reads:
See the attached file for details
Please see the attached file for details.…
Removal
Most antivirus-software companies have updated their signature files to include this worm. The updates will stop the infection upon contact and, in some cases, will remove an active infection from your system.…
http://reviews-zdnet.com.com/4520-6600_16-5065487.html
Yet another member of the Sobig virus family is loose. Sobig.f (w32.sobig.f@mm) spreads via e-mail and shared network files and could slow e-mail servers with excessive traffic, so it rates a 7 on the ZDNet Virus Meter. This worm affects only Windows computers, not Mac, Linux, or Unix systems. Like its siblings, Sobig.f has a built-in termination date, September 10, 2003, and can attempt to retrieve, download, and finally execute a Trojan to steal credit card numbers and other personal account information. But Sobig.f differs in that it appends garbage characters to the end of the infected file, making it harder for antivirus products to recognize Sobig.f.
How it works
Sobig.f arrives as an e-mail with the following characteristics:
The From and To addresses are collected from infected PCs, from files ending with the extensions .dbx, .eml, .htm, .html, .txt, and .wab.
The Sobig.f subject line reads:
Re: Details
Re: Approved
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
Thank you!
Your details
Its body text reads:
See the attached file for details
Please see the attached file for details.…
Removal
Most antivirus-software companies have updated their signature files to include this worm. The updates will stop the infection upon contact and, in some cases, will remove an active infection from your system.…
http://reviews-zdnet.com.com/4520-6600_16-5065487.html
Thursday, August 21, 2003
Google Labs
http://labs.google.com/
This Web site is the testing ground for new concepts unearthed by the creative minds that developed the Google Web search engine. "Google staffers with wild and crazy ideas post their prototypes on Google Labs and solicit feedback on how the technology could be used or improved." One of the current projects listed on the site is a distributed computing effort that allows users to contribute their computer's idle time to help solve a scientific research problem. Others add to the Web searching experience by providing a unique display of the results or enabling keyboard shortcuts. People who have experimented with the prototypes are encouraged to email their comments and suggestions to help with the development effort. Some of the prototypes require users to download and install software. [CL]
From The NSDL Scout Report for Math, Engineering, & Technology, Copyright Internet Scout Project 1994-2003. http://www.scout.wisc.edu/
http://labs.google.com/
http://labs.google.com/
This Web site is the testing ground for new concepts unearthed by the creative minds that developed the Google Web search engine. "Google staffers with wild and crazy ideas post their prototypes on Google Labs and solicit feedback on how the technology could be used or improved." One of the current projects listed on the site is a distributed computing effort that allows users to contribute their computer's idle time to help solve a scientific research problem. Others add to the Web searching experience by providing a unique display of the results or enabling keyboard shortcuts. People who have experimented with the prototypes are encouraged to email their comments and suggestions to help with the development effort. Some of the prototypes require users to download and install software. [CL]
From The NSDL Scout Report for Math, Engineering, & Technology, Copyright Internet Scout Project 1994-2003. http://www.scout.wisc.edu/
http://labs.google.com/
How to Stop Sobig.F
Tips and links to help you stop the Sobig variant from infecting your PC.
The Sobig.F worm is a variant of June's Sobig.A worm. The worm is also known as I-Worm.Sobig.f, W32/Sobig.F-mm, W32/Sobig.f@MM, and WORM_SOBIG.F.
Sobig.F only affects Windows systems, and it has been spreading rapidly since earlier this week. Machines running Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, and Windows XP are all susceptible to the worm.
On an infected system, the worm scans various documents for email addresses. The worm then distributes itself to other inboxes using a built-in SMTP engine. When it distributes itself, it "spoofs" in the "From:" field an email address it finds on the infected machine instead of using the infected user's address. Because the address doesn't match that of the infected machine, it's difficult to trace the string of infected computers.
The worm also has a built-in shutoff date. It'll stop working on September 10, 2003.
http://www.techtv.com/screensavers/howto/story/0,24330,3505076,00.html
Tips and links to help you stop the Sobig variant from infecting your PC.
The Sobig.F worm is a variant of June's Sobig.A worm. The worm is also known as I-Worm.Sobig.f, W32/Sobig.F-mm, W32/Sobig.f@MM, and WORM_SOBIG.F.
Sobig.F only affects Windows systems, and it has been spreading rapidly since earlier this week. Machines running Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, and Windows XP are all susceptible to the worm.
On an infected system, the worm scans various documents for email addresses. The worm then distributes itself to other inboxes using a built-in SMTP engine. When it distributes itself, it "spoofs" in the "From:" field an email address it finds on the infected machine instead of using the infected user's address. Because the address doesn't match that of the infected machine, it's difficult to trace the string of infected computers.
The worm also has a built-in shutoff date. It'll stop working on September 10, 2003.
http://www.techtv.com/screensavers/howto/story/0,24330,3505076,00.html
Tuesday, August 19, 2003
Broadband Networking How-to Articles
This collection of articles will help you with the common procedures and tasks you might need to perform on your network. To learn more about a specific procedure, choose from one of the categories below.
Using your base station
Using your network
http://www.microsoft.com/hardware/broadbandnetworking/howto.aspx
This collection of articles will help you with the common procedures and tasks you might need to perform on your network. To learn more about a specific procedure, choose from one of the categories below.
Using your base station
Using your network
http://www.microsoft.com/hardware/broadbandnetworking/howto.aspx
Broadband Networking How-to Articles
This collection of articles will help you with the common procedures and tasks you might need to perform on your network. To learn more about a specific procedure, choose from one of the categories below.
Using your base station
Using your network
http://www.microsoft.com/hardware/broadbandnetworking/howto.aspx
This collection of articles will help you with the common procedures and tasks you might need to perform on your network. To learn more about a specific procedure, choose from one of the categories below.
Using your base station
Using your network
http://www.microsoft.com/hardware/broadbandnetworking/howto.aspx
Microsoft Virtual PC
Microsoft Virtual PC is a powerful software virtualization solution that allows you to run multiple PC-based operating systems simultaneously on one workstation, providing a safety net to maintain compatibility with legacy applications while you migrate to a new operating system. It also saves reconfiguration time, so your support, development, and training staff can work more efficiently.
Microsoft will release Microsoft Virtual PC 2004 late in calendar year 2003. In the meantime, a 45-day free trial of the Connectix Virtual PC for Windows version 5, now from Microsoft, can be downloaded for evaluation purposes.
http://www.microsoft.com/windowsxp/virtualpc/downloads/trial.asp
http://www.microsoft.com/windowsxp/virtualpc/
Microsoft Virtual PC is a powerful software virtualization solution that allows you to run multiple PC-based operating systems simultaneously on one workstation, providing a safety net to maintain compatibility with legacy applications while you migrate to a new operating system. It also saves reconfiguration time, so your support, development, and training staff can work more efficiently.
Microsoft will release Microsoft Virtual PC 2004 late in calendar year 2003. In the meantime, a 45-day free trial of the Connectix Virtual PC for Windows version 5, now from Microsoft, can be downloaded for evaluation purposes.
http://www.microsoft.com/windowsxp/virtualpc/downloads/trial.asp
http://www.microsoft.com/windowsxp/virtualpc/
Monday, August 18, 2003
Verifying Blaster E-mail Communications from Microsoft
http://go.microsoft.com/?linkid=221444
The above link resolves to https://register.microsoft.com/security/incident/verify.asp
If you applied security patch MS03-026 prior to the discovery of the Blaster worm, your system is secure from the vulnerability that W32.Blaster is using. For the most current information on determining if your systems are infected and how to recover from the infection, please go to the following web site and perform the prescribed steps: http://www.microsoft.com/security/incident/blast.asp. This site will be updated as more information regarding the W32.blaster worm becomes available.
In order to help protect your computing environment from security vulnerabilities, use the Windows Update service by going to http://windowsupdate.microsoft.com and also subscribe to Microsoft's security notification service at http://register.microsoft.com/subscription/subscribeme.asp?ID=135. By using these two services you will automatically receive information on the latest software updates and the latest security notifications, thereby improving the likelihood that your computing environment will be safe from the worms and viruses that occur.
https://register.microsoft.com/security/incident/verify.asp
http://go.microsoft.com/?linkid=221444
The above link resolves to https://register.microsoft.com/security/incident/verify.asp
If you applied security patch MS03-026 prior to the discovery of the Blaster worm, your system is secure from the vulnerability that W32.Blaster is using. For the most current information on determining if your systems are infected and how to recover from the infection, please go to the following web site and perform the prescribed steps: http://www.microsoft.com/security/incident/blast.asp. This site will be updated as more information regarding the W32.blaster worm becomes available.
In order to help protect your computing environment from security vulnerabilities, use the Windows Update service by going to http://windowsupdate.microsoft.com and also subscribe to Microsoft's security notification service at http://register.microsoft.com/subscription/subscribeme.asp?ID=135. By using these two services you will automatically receive information on the latest software updates and the latest security notifications, thereby improving the likelihood that your computing environment will be safe from the worms and viruses that occur.
https://register.microsoft.com/security/incident/verify.asp
How To Avoid Blaster Infection
What's more important than figuring out how to get uninfected? Avoiding infection in the first place. Here are some simple steps you can take to safeguard your systems.
http://www.pcmag.com/article2/0,4149,1220051,00.asp
What's more important than figuring out how to get uninfected? Avoiding infection in the first place. Here are some simple steps you can take to safeguard your systems.
http://www.pcmag.com/article2/0,4149,1220051,00.asp
typoGRAPHIC
typoGRAPHIC, an interactive experience informed by type and typography. It aims to illustrate the depth and import of type, and to raise relevant questions about how typography is treated in the digital media, specifically online.
http://www.rsub.com/typographic/
typoGRAPHIC, an interactive experience informed by type and typography. It aims to illustrate the depth and import of type, and to raise relevant questions about how typography is treated in the digital media, specifically online.
http://www.rsub.com/typographic/
Sunday, August 17, 2003
Actions for the Blaster Worm
For Windows XP
1. If your computer reboots repeatedly, please unplug your network cable from
the wall.
2. First, enable Internet Connection Firewall (ICF) in Windows XP:
http://support.microsoft.com/?id=283673
--In Control Panel, double-click "Networking and Internet Connections", and
then click "Network Connections".
--Right-click the connection on which you would like to enable ICF, and then
click "Properties".
--On the Advanced tab, click the box to select the option to "Protect my
computer or network".
3. Plug the network cable back into the wall to reconnect your computer to the
Internet
4. Download the MS03-026 security patch from Microsoft and install it on your
computer:
5.Install or update your antivirus signature software and scan your computer
6.Download and run the worm removal tool from your antivirus vendor.
Windows XP (32 bit)
http://www.microsoft.com/downloads/details.aspx?FamilyID=2354406c-c5b6-44ac-9532-3de40f69c074&displaylang=en
Related Knowledge Base Articles:
http://support.microsoft.com/?kbid=826955
Related Microsoft Security Bulletins:
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp
http://www.microsoft.com/security/incident/blast.asp
For Windows XP
1. If your computer reboots repeatedly, please unplug your network cable from
the wall.
2. First, enable Internet Connection Firewall (ICF) in Windows XP:
http://support.microsoft.com/?id=283673
--In Control Panel, double-click "Networking and Internet Connections", and
then click "Network Connections".
--Right-click the connection on which you would like to enable ICF, and then
click "Properties".
--On the Advanced tab, click the box to select the option to "Protect my
computer or network".
3. Plug the network cable back into the wall to reconnect your computer to the
Internet
4. Download the MS03-026 security patch from Microsoft and install it on your
computer:
5.Install or update your antivirus signature software and scan your computer
6.Download and run the worm removal tool from your antivirus vendor.
Windows XP (32 bit)
http://www.microsoft.com/downloads/details.aspx?FamilyID=2354406c-c5b6-44ac-9532-3de40f69c074&displaylang=en
Related Knowledge Base Articles:
http://support.microsoft.com/?kbid=826955
Related Microsoft Security Bulletins:
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp
http://www.microsoft.com/security/incident/blast.asp
Free Software servers breached
A key server housing software used in Linux and other projects was open to an attacker for four months, creating fears that source code was compromised
The GNU Project, which develops many of the components in the Linux operating system, said this week that the system housing its primary download servers has been compromised by an attacker. The project urged those who have downloaded software from the server since March to check that the source code has not been tampered with.
Linux, an open-source operating system that dominates the Web server market, uses the compiler, libraries and other software that was originally developed by the GNU project. The project warned that the attacker may have inserted malicious code into its software, although it said all the code checked so far appeared to be intact.
In an alert issued on Wednesday, computer security response organisation CERT warned that the breach could prove to be a serious problem. "Because this system serves as a centralised archive of popular software, the insertion of malicious code into the distributed software is a serious threat," the warning stated.…
http://news.zdnet.co.uk/0,39020330,39115701,00.htm
A key server housing software used in Linux and other projects was open to an attacker for four months, creating fears that source code was compromised
The GNU Project, which develops many of the components in the Linux operating system, said this week that the system housing its primary download servers has been compromised by an attacker. The project urged those who have downloaded software from the server since March to check that the source code has not been tampered with.
Linux, an open-source operating system that dominates the Web server market, uses the compiler, libraries and other software that was originally developed by the GNU project. The project warned that the attacker may have inserted malicious code into its software, although it said all the code checked so far appeared to be intact.
In an alert issued on Wednesday, computer security response organisation CERT warned that the breach could prove to be a serious problem. "Because this system serves as a centralised archive of popular software, the insertion of malicious code into the distributed software is a serious threat," the warning stated.…
http://news.zdnet.co.uk/0,39020330,39115701,00.htm
Worm a Sign of Horrors to Come?
The attack forced Maryland's motor vehicle agency to close for the day and kicked Swedish Internet users offline as it spread.
Security experts said the world was lucky this time because LovSan is comparatively mild and doesn't destroy files. They worry that a subsequent attack exploiting the same flaw -- one of the most severe to afflict Windows -- could be much more damaging.
"We think we're going to be dealing with it for quite some time," said Dan Ingevaldson, engineering manager at Internet Security Systems in Atlanta.
Although LovSan does not appear to do any permanent damage, Ingevaldson said instructions to do that could easily be written into a worm that propagates in the same way.
Microsoft itself still faces the wrath of the worm's coder.…
The attack was preventable for many machines running Windows. On July 16, Microsoft posted on its website a free patch that prevents LovSan and similar infections. The patch fixes an underlying flaw that affects nearly all versions of the software giant's flagship Windows operating system.
Notwithstanding high-profile alerts issued by Microsoft and the Department of Homeland Security, many businesses did not install the patches and scrambled Tuesday to shore up their computers.
Security experts say patches often stay on "to do" lists until outbreaks occur.
"You're looking at 70 new vulnerabilities every week," said Sharon Ruckman, senior director at the research lab for antivirus vendor Symantec. "It's more than a full-time job trying to make sure you are up-to-date."
Microsoft spokesman Sean Sundwall acknowledged that the blame does not really lie with customers.
"Ultimately, it's a flaw in our software," he said.
Non-Microsoft systems were not vulnerable, though some may have had trouble connecting with websites, e-mail and other servers that run on Windows.
Symantec's probes detected more than 125,000 infected computers worldwide.
The worm exploits a flaw in a Windows feature for sharing data files across computer networks. It was reported Monday in the United States first and spread across the globe as businesses opened Tuesday and workers logged on.
Additional U.S. computers were hit Tuesday, and Maryland's Motor Vehicle Administration shut all its offices at noon.
"There's no telephone service right now. There's no online service right now. There's no kiosk or express office service," spokeswoman Cheron Wicker said. "We are currently working on a fix and expect to be operational again in the morning."
In Sweden, Internet provider TeliaSonera said about 20,000 of its customers were affected after the infection clogged 40 servers that handle Internet traffic.
Among companies affected in Germany was automaker BMW, said spokesman Eckhard Vannieck. He said the problems did not affect production.
The worm also affected networks in China, but the damage apparently was not serious.…
http://www.wired.com/news/infostructure/0,1377,59994,00.html
http://www.wired.com/news/technology/0,1282,60019,00.html
The attack forced Maryland's motor vehicle agency to close for the day and kicked Swedish Internet users offline as it spread.
Security experts said the world was lucky this time because LovSan is comparatively mild and doesn't destroy files. They worry that a subsequent attack exploiting the same flaw -- one of the most severe to afflict Windows -- could be much more damaging.
"We think we're going to be dealing with it for quite some time," said Dan Ingevaldson, engineering manager at Internet Security Systems in Atlanta.
Although LovSan does not appear to do any permanent damage, Ingevaldson said instructions to do that could easily be written into a worm that propagates in the same way.
Microsoft itself still faces the wrath of the worm's coder.…
The attack was preventable for many machines running Windows. On July 16, Microsoft posted on its website a free patch that prevents LovSan and similar infections. The patch fixes an underlying flaw that affects nearly all versions of the software giant's flagship Windows operating system.
Notwithstanding high-profile alerts issued by Microsoft and the Department of Homeland Security, many businesses did not install the patches and scrambled Tuesday to shore up their computers.
Security experts say patches often stay on "to do" lists until outbreaks occur.
"You're looking at 70 new vulnerabilities every week," said Sharon Ruckman, senior director at the research lab for antivirus vendor Symantec. "It's more than a full-time job trying to make sure you are up-to-date."
Microsoft spokesman Sean Sundwall acknowledged that the blame does not really lie with customers.
"Ultimately, it's a flaw in our software," he said.
Non-Microsoft systems were not vulnerable, though some may have had trouble connecting with websites, e-mail and other servers that run on Windows.
Symantec's probes detected more than 125,000 infected computers worldwide.
The worm exploits a flaw in a Windows feature for sharing data files across computer networks. It was reported Monday in the United States first and spread across the globe as businesses opened Tuesday and workers logged on.
Additional U.S. computers were hit Tuesday, and Maryland's Motor Vehicle Administration shut all its offices at noon.
"There's no telephone service right now. There's no online service right now. There's no kiosk or express office service," spokeswoman Cheron Wicker said. "We are currently working on a fix and expect to be operational again in the morning."
In Sweden, Internet provider TeliaSonera said about 20,000 of its customers were affected after the infection clogged 40 servers that handle Internet traffic.
Among companies affected in Germany was automaker BMW, said spokesman Eckhard Vannieck. He said the problems did not affect production.
The worm also affected networks in China, but the damage apparently was not serious.…
http://www.wired.com/news/infostructure/0,1377,59994,00.html
http://www.wired.com/news/technology/0,1282,60019,00.html
Breadcrumb Navigation: Further Investigation of Usage
The term “breadcrumb” derives its name from the Grimm’s fairy tale, Hansel and Gretel. Hansel left a trail of breadcrumbs through the woods as a strategy to find his way back home. Since today’s internet user often has a need to navigate back through a website path, the cyber-version “breadcrumb trail” was named1.
There are three different types of breadcrumbs represented in websites – path, attribute, and location…
In general, the breadcrumb trail serves two purposes: 1) it provides information to users as to where they are located within the site, and 2) it offers shortcut links for users to “jump” to previously viewed pages without using the Back button, other navigation bars, or typing in a keyword search. Breadcrumb trails give location information and links in a backward linear manner; whereas, navigation methods, such as search fields or horizontal/vertical navigation bars, serve to retrieve information for the user in a forward-seeking approach. As suggested by Marchionini (1995), systems that support navigation by both browsing and analytical strategies are most beneficial to users since tactics associated with both types of strategies are normally used. According to Steven Krug (2000), breadcrumb trails are most valuable as an accessory to a site’s navigational scheme and are optimally located at the top of a web page in a smaller font.
There has been speculation that a breadcrumb trail also aids the user’s “mental model” of the site’s layout to reduce disorientation within the site (Bernard, 2003); however, we have not found research to validate this assumption. It would seem logical, however, that a constant visualization of the path to the user’s current location would increase their awareness and knowledge of the site structure. Toms (2000) suggests that users need both a stable orienting device, such as a menu, to facilitate pathways through the site, as well as a system that supports scanning to smooth the progress of the search. Research has reported that breadcrumb navigation improves measures of site efficiency (Maldonado & Resnick, 2002; Bowler, Ng & Schwartz, 2001). Our earlier study, however, found limited use of breadcrumb trails as a navigational tool and no differences in site efficiency for two online sites, OfficeMax and Google Directory (Lida, et al. 2003).…
http://psychology.wichita.edu/surl/usabilitynews/52/breadcrumb.htm
The term “breadcrumb” derives its name from the Grimm’s fairy tale, Hansel and Gretel. Hansel left a trail of breadcrumbs through the woods as a strategy to find his way back home. Since today’s internet user often has a need to navigate back through a website path, the cyber-version “breadcrumb trail” was named1.
There are three different types of breadcrumbs represented in websites – path, attribute, and location…
In general, the breadcrumb trail serves two purposes: 1) it provides information to users as to where they are located within the site, and 2) it offers shortcut links for users to “jump” to previously viewed pages without using the Back button, other navigation bars, or typing in a keyword search. Breadcrumb trails give location information and links in a backward linear manner; whereas, navigation methods, such as search fields or horizontal/vertical navigation bars, serve to retrieve information for the user in a forward-seeking approach. As suggested by Marchionini (1995), systems that support navigation by both browsing and analytical strategies are most beneficial to users since tactics associated with both types of strategies are normally used. According to Steven Krug (2000), breadcrumb trails are most valuable as an accessory to a site’s navigational scheme and are optimally located at the top of a web page in a smaller font.
There has been speculation that a breadcrumb trail also aids the user’s “mental model” of the site’s layout to reduce disorientation within the site (Bernard, 2003); however, we have not found research to validate this assumption. It would seem logical, however, that a constant visualization of the path to the user’s current location would increase their awareness and knowledge of the site structure. Toms (2000) suggests that users need both a stable orienting device, such as a menu, to facilitate pathways through the site, as well as a system that supports scanning to smooth the progress of the search. Research has reported that breadcrumb navigation improves measures of site efficiency (Maldonado & Resnick, 2002; Bowler, Ng & Schwartz, 2001). Our earlier study, however, found limited use of breadcrumb trails as a navigational tool and no differences in site efficiency for two online sites, OfficeMax and Google Directory (Lida, et al. 2003).…
http://psychology.wichita.edu/surl/usabilitynews/52/breadcrumb.htm
Saturday, August 16, 2003
Text style sampler
Instructions by Jay Small of Small Initiatives
Use this page to try different combinations of typefaces, text line height, paragraph indents and widths, and see the results (and the Cascading Style Sheet properties that made them) in the blocks of text below. Try this in different browsers and observe the subtle differences.
Here are the variables:
Font: Choose from four commonly installed, screen-friendly fonts: Times New Roman, default on many browsers; Verdana, a popular sans-serif choice; Arial, another popular sans-serif face; and Georgia, a serif face that is screen- and printer-friendly.
Line height: The default setting is 1 em. In printing, this setting would be known as "set solid." The line height is identical to the height of the letters themselves. But Web browsers fudge this a bit when they render text -- in fact, if your font size and line height are both left to defaults, there will be at least a pixel of space between lines of text. You may wish to add more space, especially on text set very wide.
Paragraph indents: By default, stacks of paragraphs in Web browsers do not have first-line indents; instead, the first line of each paragraph is flush-left but you see a full line of space between paragraphs. Most printed text is set with paragraph indents, however, and if you want them they are easy to create. The samples with indents have a half line (0.5 em) of space between paragraphs.
Set base font size
Then, select a base font size. The default size (1 em, or what would be applied if you used no style sheets at all) is typically rendered at 16 pixels.…
http://smallinitiatives.com/whatwevedone/presentations/textsampler/
Instructions by Jay Small of Small Initiatives
Use this page to try different combinations of typefaces, text line height, paragraph indents and widths, and see the results (and the Cascading Style Sheet properties that made them) in the blocks of text below. Try this in different browsers and observe the subtle differences.
Here are the variables:
Font: Choose from four commonly installed, screen-friendly fonts: Times New Roman, default on many browsers; Verdana, a popular sans-serif choice; Arial, another popular sans-serif face; and Georgia, a serif face that is screen- and printer-friendly.
Line height: The default setting is 1 em. In printing, this setting would be known as "set solid." The line height is identical to the height of the letters themselves. But Web browsers fudge this a bit when they render text -- in fact, if your font size and line height are both left to defaults, there will be at least a pixel of space between lines of text. You may wish to add more space, especially on text set very wide.
Paragraph indents: By default, stacks of paragraphs in Web browsers do not have first-line indents; instead, the first line of each paragraph is flush-left but you see a full line of space between paragraphs. Most printed text is set with paragraph indents, however, and if you want them they are easy to create. The samples with indents have a half line (0.5 em) of space between paragraphs.
Set base font size
Then, select a base font size. The default size (1 em, or what would be applied if you used no style sheets at all) is typically rendered at 16 pixels.…
http://smallinitiatives.com/whatwevedone/presentations/textsampler/
Blaster Variant on the Loose
Security experts are now tracking a new variant of the Blaster worm that was first spotted Wednesday morning.
The new version is nearly identical to the original, except for a new name on the executable file and a different registry key. The variant's file name is "teekids.exe," and the key it adds to the registry is: "Microsoft Inet Xp.." The key is located in the same place as Blaster's key is, according to Neel Mehta, research engineer at Internet Security Systems Inc. in Atlanta.
"Some of our customers say that they're seeing more copies of the new one than the old one, but I think that's just bad luck," Mehta says. "It scans exactly the same way and acts exactly the same as Blaster."
Mehta said that some copies of the new variant are coming packed with various known Windows Trojan programs, as well.
http://www.eweek.com/article2/0,3959,1219197,00.asp
Security experts are now tracking a new variant of the Blaster worm that was first spotted Wednesday morning.
The new version is nearly identical to the original, except for a new name on the executable file and a different registry key. The variant's file name is "teekids.exe," and the key it adds to the registry is: "Microsoft Inet Xp.." The key is located in the same place as Blaster's key is, according to Neel Mehta, research engineer at Internet Security Systems Inc. in Atlanta.
"Some of our customers say that they're seeing more copies of the new one than the old one, but I think that's just bad luck," Mehta says. "It scans exactly the same way and acts exactly the same as Blaster."
Mehta said that some copies of the new variant are coming packed with various known Windows Trojan programs, as well.
http://www.eweek.com/article2/0,3959,1219197,00.asp
Friday, August 15, 2003
The Bright Side of Blaster
The Blaster worm has infected hundreds of thousands of Windows machines, shut down the Maryland state DMV, put network administrators on overtime, crashed countless consumer's home computers, and on Saturday it will attempt a denial-of-service attack on Microsoft's Windows Update site. But that doesn't make it all bad.
Blaster, also known as MSBlast and LovSan, hit the Internet on Monday, spreading through the RCP DCOM vulnerability discovered by the Polish security research group Last Stage of Delirium earlier this year. The worm is built on dcom.c, one of the public exploit programs that emerged to demonstrate and exercise the flaw in the days and weeks following Microsoft's July 16th advisory. According to data gathered by (SecurityFocus publisher) Symantec's DeepSight network of intrusion detection systems, by Thursday afternoon the worm had infected over 330,000 Windows XP and Windows 2000 machines.
As nasty as that is, security experts say it could have been much worse: the worm is hampered by clumsy construction, and it does not contain a malicious payload to damage victim's files. Moreover, in its reckless tear through cyberspace Blaster is accomplishing what a month of warnings from the security community, an unprecedented mass-e-mail campaign by Microsoft, and two advisories from the Department of Homeland Security all failed to do: it's forcing companies and consumers to install the patch for the serious RPC DCOM vulnerability, shutting down computer intruders who've had their pick of these systems for weeks.
http://www.securityfocus.com/news/6728
The Blaster worm has infected hundreds of thousands of Windows machines, shut down the Maryland state DMV, put network administrators on overtime, crashed countless consumer's home computers, and on Saturday it will attempt a denial-of-service attack on Microsoft's Windows Update site. But that doesn't make it all bad.
Blaster, also known as MSBlast and LovSan, hit the Internet on Monday, spreading through the RCP DCOM vulnerability discovered by the Polish security research group Last Stage of Delirium earlier this year. The worm is built on dcom.c, one of the public exploit programs that emerged to demonstrate and exercise the flaw in the days and weeks following Microsoft's July 16th advisory. According to data gathered by (SecurityFocus publisher) Symantec's DeepSight network of intrusion detection systems, by Thursday afternoon the worm had infected over 330,000 Windows XP and Windows 2000 machines.
As nasty as that is, security experts say it could have been much worse: the worm is hampered by clumsy construction, and it does not contain a malicious payload to damage victim's files. Moreover, in its reckless tear through cyberspace Blaster is accomplishing what a month of warnings from the security community, an unprecedented mass-e-mail campaign by Microsoft, and two advisories from the Department of Homeland Security all failed to do: it's forcing companies and consumers to install the patch for the serious RPC DCOM vulnerability, shutting down computer intruders who've had their pick of these systems for weeks.
http://www.securityfocus.com/news/6728
Thursday, August 14, 2003
Photos.com, unlimited downloads of the 60,000 photos, for only $299.95
You know that high-quality stock photos are not inexpensive, and yet bargain-priced images often don't have the quality you need for your Web or print design projects. Variety and image freshness are also important – when you're on a deadline, looking for just the right image, time is money.
This is why the subscription-based Photos.com site has proven so popular. Now you can take advantage of this special offer to obtain unlimited downloads of the 60,000 photos, for only $299.95 (a 40% savings) for an entire year. Photos are available in three convenient sizes, in such popular categories as business, health, technology, lifestyles and more. Why not try out a few of the free photos first, to make sure the image quality meets your needs?
Sign up by August 30, 2003 at www.photos.com/promo/andromeda to take advantage of this limited-time offer.
www.photos.com/promo/andromeda
You know that high-quality stock photos are not inexpensive, and yet bargain-priced images often don't have the quality you need for your Web or print design projects. Variety and image freshness are also important – when you're on a deadline, looking for just the right image, time is money.
This is why the subscription-based Photos.com site has proven so popular. Now you can take advantage of this special offer to obtain unlimited downloads of the 60,000 photos, for only $299.95 (a 40% savings) for an entire year. Photos are available in three convenient sizes, in such popular categories as business, health, technology, lifestyles and more. Why not try out a few of the free photos first, to make sure the image quality meets your needs?
Sign up by August 30, 2003 at www.photos.com/promo/andromeda to take advantage of this limited-time offer.
www.photos.com/promo/andromeda
Wednesday, August 13, 2003
Blasting Blaster
In mid-July, Microsoft supplied patches for a vulnerability in the DCOM Remote Procedure Call module that could allow a worm to download and run any program. Microsoft Windows NT4, 2000, XP, and Windows Server 2003 were affected. This Monday, machines without the patch became fair game for the fast-spreading Blaster worm. Blaster is set to launch a Distributed Denial of Service (DDoS) attack on windowsupdate.microsoft.com this Saturday, August 16th. You don't want to be a part of that, so be sure you have the patch installed.
But what if your system is one of tens of thousands already compromised by Blaster? You may not be able to install the patch, or to do much of anything. On most machines Blaster triggers a Windows shut down sequence with a 60-second warning, leaving no time for downloading. Your first step is to abort the shutdown by entering the command "shutdown /a" (no quotes) in the Start menu's Run dialog. With the countdown halted, you can try the free removal tool from Symantec or do the job by hand.
http://www.microsoft.com/security/security_bulletins/ms03-026.asp
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
http://www.pcmag.com/article2/0,4149,1217751,00.asp
In mid-July, Microsoft supplied patches for a vulnerability in the DCOM Remote Procedure Call module that could allow a worm to download and run any program. Microsoft Windows NT4, 2000, XP, and Windows Server 2003 were affected. This Monday, machines without the patch became fair game for the fast-spreading Blaster worm. Blaster is set to launch a Distributed Denial of Service (DDoS) attack on windowsupdate.microsoft.com this Saturday, August 16th. You don't want to be a part of that, so be sure you have the patch installed.
But what if your system is one of tens of thousands already compromised by Blaster? You may not be able to install the patch, or to do much of anything. On most machines Blaster triggers a Windows shut down sequence with a 60-second warning, leaving no time for downloading. Your first step is to abort the shutdown by entering the command "shutdown /a" (no quotes) in the Start menu's Run dialog. With the countdown halted, you can try the free removal tool from Symantec or do the job by hand.
http://www.microsoft.com/security/security_bulletins/ms03-026.asp
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
http://www.pcmag.com/article2/0,4149,1217751,00.asp
Blaster Worm on the Move
The Blaster worm continued to tear through the Internet Tuesday morning as security experts struggled to find and fix infected systems. The worm is presenting a unique problem for security specialists because it is infecting a large number of PCs owned by home users, many of whom may be unaware that their machines are compromised.
And because Blaster's scanning algorithm tends to start by looking for IP addresses that are close to the infected machine's, the worm can rattle around inside a local network for quite a while, consuming bandwidth.
Officials at the CERT Coordination Center estimated that the number of infected machines is in the hundreds of thousands and will continue to grow. "A large number of the compromised machines are those of home users. In this case it isn't as easy as downloading a patch because they can't get enough bandwidth to get online and get the patch," said Marty Lindner, team leader for incident handling at CERT, based at Carnegie Mellon University in Pittsburgh.
"The compromise has a harder time getting out of the local network, so it's harder to measure how many machines are infected."
Blaster began spreading early Monday afternoon Eastern time and quickly gained momentum. The worm exploits the RPC DCOM (Distributed Component Object Model) vulnerability in all of the current versions of Windows, except ME. The worm scans the Internet and attempts to connect to TCP port 135. After establishing a connection, Blaster spawns a remote shell on port 4444 and then uses TFTP (Trivial File Transfer Protocol) to download the actual binary containing the worm. The worm is self-extracting and immediately begins scanning for other machines to infect.
For users who cannot free up enough bandwidth to download the patch from Microsoft Corp., CERT recommends an alternative remedy. Users should physically disconnect the infected machine from the Internet or network. Then, kill the running copy of "msblast.exe" in the Task Manager utility. Users should then disable DCOM and reconnect to the Internet and download the patch.
Instructions for disabling DCOM are available at Microsoft's Knowledge Base Web site.
http://support.microsoft.com/default.aspx?scid=kb;[LN];825750
http://www.eweek.com/article2/0,3959,1217020,00.asp
The Blaster worm continued to tear through the Internet Tuesday morning as security experts struggled to find and fix infected systems. The worm is presenting a unique problem for security specialists because it is infecting a large number of PCs owned by home users, many of whom may be unaware that their machines are compromised.
And because Blaster's scanning algorithm tends to start by looking for IP addresses that are close to the infected machine's, the worm can rattle around inside a local network for quite a while, consuming bandwidth.
Officials at the CERT Coordination Center estimated that the number of infected machines is in the hundreds of thousands and will continue to grow. "A large number of the compromised machines are those of home users. In this case it isn't as easy as downloading a patch because they can't get enough bandwidth to get online and get the patch," said Marty Lindner, team leader for incident handling at CERT, based at Carnegie Mellon University in Pittsburgh.
"The compromise has a harder time getting out of the local network, so it's harder to measure how many machines are infected."
Blaster began spreading early Monday afternoon Eastern time and quickly gained momentum. The worm exploits the RPC DCOM (Distributed Component Object Model) vulnerability in all of the current versions of Windows, except ME. The worm scans the Internet and attempts to connect to TCP port 135. After establishing a connection, Blaster spawns a remote shell on port 4444 and then uses TFTP (Trivial File Transfer Protocol) to download the actual binary containing the worm. The worm is self-extracting and immediately begins scanning for other machines to infect.
For users who cannot free up enough bandwidth to download the patch from Microsoft Corp., CERT recommends an alternative remedy. Users should physically disconnect the infected machine from the Internet or network. Then, kill the running copy of "msblast.exe" in the Task Manager utility. Users should then disable DCOM and reconnect to the Internet and download the patch.
Instructions for disabling DCOM are available at Microsoft's Knowledge Base Web site.
http://support.microsoft.com/default.aspx?scid=kb;[LN];825750
http://www.eweek.com/article2/0,3959,1217020,00.asp
MediaSavvy
The online ad boom could delay content charges
Right now, there is more money to be made selling ads online than selling news.
With online advertising continuing to climb (Emarketer says online ad spending will be up 4.8% in 2003), and with online newspapers getting an outsized share of that growth, who is going to be willing to jeopardize their seat on the gravy train by charging for content?…
http://mediasavvy.com/archives/000412.shtml#000412
The online ad boom could delay content charges
Right now, there is more money to be made selling ads online than selling news.
With online advertising continuing to climb (Emarketer says online ad spending will be up 4.8% in 2003), and with online newspapers getting an outsized share of that growth, who is going to be willing to jeopardize their seat on the gravy train by charging for content?…
http://mediasavvy.com/archives/000412.shtml#000412
checkinstall
…it's not always easy to get ready-made binary packages. Checkinstall handles that problem by building a binary package out of a compiled source tree. Where you normally do the ./configure && make && make install routine to build a package, checkinstall intercepts the make install part and builds a package ready for installation in Red Hat, Debian, Slackware, or RPM-based distributions. That way, when your vendor finally does catch up, you can remove the package with a single command (instead of hunting its components down by hand) and install the new binary package without a hassle. Good stuff.
After you ./configure; make your program, CheckInstall will run make install (or whatever you tell it to run) and keep track of every file modified by this installation, using the excelent installwatch utility written by Pancrazio 'Ezio' de Mauro (p@demauro.net).
When make install is done, CheckInstall will create a Slackware, RPM or Debian compatible package and install it with Slackware's installpkg, "rpm -i" or Debian's "dpkg -i" as appropriate, so you can view it's contents with pkgtool ("rpm -ql" for RPM users or "dpkg -l" for Debian) or remove it with removepkg ("rpm -e"|"dpkg -r"). Aditionally, this script will leave you a copy of the installed package in the source directory so you can install it wherever you want, which is my second motivation: I don't have to compile the same software again and again every time I need to install it on another box :-).
http://asic-linux.com.mx/~izto/checkinstall/
…it's not always easy to get ready-made binary packages. Checkinstall handles that problem by building a binary package out of a compiled source tree. Where you normally do the ./configure && make && make install routine to build a package, checkinstall intercepts the make install part and builds a package ready for installation in Red Hat, Debian, Slackware, or RPM-based distributions. That way, when your vendor finally does catch up, you can remove the package with a single command (instead of hunting its components down by hand) and install the new binary package without a hassle. Good stuff.
After you ./configure; make your program, CheckInstall will run make install (or whatever you tell it to run) and keep track of every file modified by this installation, using the excelent installwatch utility written by Pancrazio 'Ezio' de Mauro (p@demauro.net).
When make install is done, CheckInstall will create a Slackware, RPM or Debian compatible package and install it with Slackware's installpkg, "rpm -i" or Debian's "dpkg -i" as appropriate, so you can view it's contents with pkgtool ("rpm -ql" for RPM users or "dpkg -l" for Debian) or remove it with removepkg ("rpm -e"|"dpkg -r"). Aditionally, this script will leave you a copy of the installed package in the source directory so you can install it wherever you want, which is my second motivation: I don't have to compile the same software again and again every time I need to install it on another box :-).
http://asic-linux.com.mx/~izto/checkinstall/
Monday, August 11, 2003
Download and Build Quake II for .NET
Vertigo Software Inc. has released Quake II .NET, a version of id Software's popular Quake II game ported to the Microsoft .NET common language runtime (CLR) using Microsoft Visual C++ .NET 2003.
Download Quake II .NET from Vertigo Software, Inc., including full source code and project files for Visual C++ .NET 2003, as well as a white paper describing the effort.
This application demonstrates the powerful capability of Visual C++ to retarget existing C++ code at the .NET CLR with little effort. It shows how a highly performance-critical application like Quake II can retain these characteristics in the CLR environment, while simultaneously offering new features implemented using the .NET Framework.
Download Quake II .NET from Vertigo Software, Inc.
http://www.vertigosoftware.com/Quake2.htm
http://msdn.microsoft.com/visualc/quake/
Vertigo Software Inc. has released Quake II .NET, a version of id Software's popular Quake II game ported to the Microsoft .NET common language runtime (CLR) using Microsoft Visual C++ .NET 2003.
Download Quake II .NET from Vertigo Software, Inc., including full source code and project files for Visual C++ .NET 2003, as well as a white paper describing the effort.
This application demonstrates the powerful capability of Visual C++ to retarget existing C++ code at the .NET CLR with little effort. It shows how a highly performance-critical application like Quake II can retain these characteristics in the CLR environment, while simultaneously offering new features implemented using the .NET Framework.
Download Quake II .NET from Vertigo Software, Inc.
http://www.vertigosoftware.com/Quake2.htm
http://msdn.microsoft.com/visualc/quake/
Sunday, August 10, 2003
Photo Album Script Generator
This program automatically generates HTML codes for a customized photo gallery. HTML developers, who do not have much time to write codes or want to use a simple personal photo gallery, can use it. For Microsoft Internet Explorer 5+, Netscape Navigator 6+, Opera 6+ and Mozilla 1.2+.
http://javascript.internet.com/miscellaneous/photo-album-script-generator.html
This program automatically generates HTML codes for a customized photo gallery. HTML developers, who do not have much time to write codes or want to use a simple personal photo gallery, can use it. For Microsoft Internet Explorer 5+, Netscape Navigator 6+, Opera 6+ and Mozilla 1.2+.
http://javascript.internet.com/miscellaneous/photo-album-script-generator.html
Friday, August 08, 2003
New Tool Roots Out SCO Code
With legal terms such as liability, indemnification and lawsuit as prominent themes of the LinuxWorld show here, a small software company has addressed the issue with a solution to find offensive code.
Aduva Inc., Sunnyvale, Calif., has developed a system known as OnStage that contains a feature known as SCO Check that will "conduct a complete inventory of your system and if SCO [The SCO Group] identifies some illegal code, we can do a check to find the code, identify it and then automate the replacement of that code" with Red Hat Linux or an appropriate fix, said Chris Van Tuin, director of customer service for Aduva.
In addition, Aduva also announced SoundCheck, a snippet of the OnStage technology the company is delivering for free. SoundCheck scans Linux servers and identifies potential problems, such as missing dependencies, security issues and unaccepted bug fixes that could cause application failures or security leaks. It is available for download free of charge at www.aduva.com/soundcheck.
http://www.eweek.com/article2/0,3959,1212134,00.asp
With legal terms such as liability, indemnification and lawsuit as prominent themes of the LinuxWorld show here, a small software company has addressed the issue with a solution to find offensive code.
Aduva Inc., Sunnyvale, Calif., has developed a system known as OnStage that contains a feature known as SCO Check that will "conduct a complete inventory of your system and if SCO [The SCO Group] identifies some illegal code, we can do a check to find the code, identify it and then automate the replacement of that code" with Red Hat Linux or an appropriate fix, said Chris Van Tuin, director of customer service for Aduva.
In addition, Aduva also announced SoundCheck, a snippet of the OnStage technology the company is delivering for free. SoundCheck scans Linux servers and identifies potential problems, such as missing dependencies, security issues and unaccepted bug fixes that could cause application failures or security leaks. It is available for download free of charge at www.aduva.com/soundcheck.
http://www.eweek.com/article2/0,3959,1212134,00.asp
Prevent data loss on XP workstations with large hard drives
When hard drives first became standard on PCs, they were commonly only around 10 MB in size. Today, depending on your organization, you might have users with ATA hard drives sizes well in excess of 100 GB, with individual data file sizes that dwarf the hard drives of old. Unfortunately, Windows XP can encounter problems with large hard drives. To avoid losing data on large hard drives on XP workstations, you should obtain and install the latest patch from Microsoft.
What's the problem?
If you have or support systems with ATA hard drive sizes exceeding 137 GB running any version of Windows XP or XP with Service Pack 1—Home, Professional, Media Center Edition, Tablet PC Edition, or 64-bit Edition—you may be at risk from a flaw in the operating system. This flaw may become apparent when the system enters Hibernation/Standby mode or after a memory dump is written out to the disk.
It's important to note that you aren't likely to run into this problem in XP without SP1, because only SP1 has native support for drives exceeding the 137-GB limit. While support can be enabled in pre-SP1 XP installations, this isn't recommended outside a test lab.
Only ATA drives are affected by this flaw. If you're running systems exclusively with SCSI drives, you aren't at risk.
To make use of the space beyond the old 137-GB limit, Windows XP SP1 uses 48-bit logical block addressing (LBA). Unfortunately, the processes that write the memory dump and Hibernation/Standby files do not write their data to the disk using 48-bit LBA. Moreover, when a Windows XP SP1 system with 48-bit LBA enabled enters Hibernation, Windows fails to issue a flush cache command to the IDE system's cache. As a result, any information still in the cache won't be written to the disk.
There are a number of symptoms that you can watch for to determine whether you're suffering from this flaw. If your system restarts rather than waking up from Hibernation, or if you experience data corruption upon entering Hibernation/Standby mode or after a memory dump or stop error, you may be afflicted. Data corruption can manifest itself in a variety of ways including problems starting the system, shutting down the system, running programs, or opening and/or saving files.…
Windows XP Patch: Hard Disk May Become Corrupted When Entering Standby or Hibernation
http://www.microsoft.com/downloads/details.aspx?FamilyID=b997cc5f-4483-4edc-a17e-6f659a033b0d&DisplayLang=en
http://techrepublic.com.com/5102-6255-5055171.html
When hard drives first became standard on PCs, they were commonly only around 10 MB in size. Today, depending on your organization, you might have users with ATA hard drives sizes well in excess of 100 GB, with individual data file sizes that dwarf the hard drives of old. Unfortunately, Windows XP can encounter problems with large hard drives. To avoid losing data on large hard drives on XP workstations, you should obtain and install the latest patch from Microsoft.
What's the problem?
If you have or support systems with ATA hard drive sizes exceeding 137 GB running any version of Windows XP or XP with Service Pack 1—Home, Professional, Media Center Edition, Tablet PC Edition, or 64-bit Edition—you may be at risk from a flaw in the operating system. This flaw may become apparent when the system enters Hibernation/Standby mode or after a memory dump is written out to the disk.
It's important to note that you aren't likely to run into this problem in XP without SP1, because only SP1 has native support for drives exceeding the 137-GB limit. While support can be enabled in pre-SP1 XP installations, this isn't recommended outside a test lab.
Only ATA drives are affected by this flaw. If you're running systems exclusively with SCSI drives, you aren't at risk.
To make use of the space beyond the old 137-GB limit, Windows XP SP1 uses 48-bit logical block addressing (LBA). Unfortunately, the processes that write the memory dump and Hibernation/Standby files do not write their data to the disk using 48-bit LBA. Moreover, when a Windows XP SP1 system with 48-bit LBA enabled enters Hibernation, Windows fails to issue a flush cache command to the IDE system's cache. As a result, any information still in the cache won't be written to the disk.
There are a number of symptoms that you can watch for to determine whether you're suffering from this flaw. If your system restarts rather than waking up from Hibernation, or if you experience data corruption upon entering Hibernation/Standby mode or after a memory dump or stop error, you may be afflicted. Data corruption can manifest itself in a variety of ways including problems starting the system, shutting down the system, running programs, or opening and/or saving files.…
Windows XP Patch: Hard Disk May Become Corrupted When Entering Standby or Hibernation
http://www.microsoft.com/downloads/details.aspx?FamilyID=b997cc5f-4483-4edc-a17e-6f659a033b0d&DisplayLang=en
http://techrepublic.com.com/5102-6255-5055171.html
Thursday, August 07, 2003
Microsoft Windows XP Peer-to-Peer Downloads
The new Windows XP Peer-to-Peer SDK and the related Advanced Networking Pack for Windows XP will help developers create advanced networking applications. The SDK provides documentation and sample code while the Pack adds advanced networking support to the XP client, including enhanced IPv6 support, APIs for Peer-to-Peer name resolution, network graphing, grouping, and identity management. This SDK will help developers to create decentralized applications that harness the collective power of edge of the network PCs.
Microsoft Windows XP Peer-to-Peer Software Development Kit (SDK)
http://www.microsoft.com/downloads/details.aspx?FamilyId=5116A614-A487-4DFF-B384-829CD8CE977D&displaylang=en
The Windows XP Peer-to-Peer SDK provides documentation, sample code and other tools that allow developers to build peer-to-peer applications or services that capitalize on the new Advanced Networking Pack for Windows XP available for users.
Note: In order to run applications built with the Windows XP Peer-to-Peer SDK, the Advanced Networking Pack for Windows XP must be installed.
Date: July 23, 2003
Microsoft Advanced Networking Pack for Windows XP
http://www.microsoft.com/downloads/details.aspx?FamilyId=E88CC382-8CE6-4739-97C0-1A52A6F005E4&displaylang=en
The Advanced Networking Pack for Windows XP is a set of platform technologies designed to run on Windows XP to enable the use and deployment of distributed, peer-to-peer applications based on Internet standards. The update includes a new version of the IPv6 stack, including support for NAT traversal for IPv6 applications. An IPv6 firewall is included to protect the end-user's machine from unsolicited IPv6 traffic, while the peer-to-peer platform makes it simple to write distributed solutions.
Date: July 23, 2003
http://msdn.microsoft.com/library/default.asp?url=/downloads/list/winxppeer.asp
The new Windows XP Peer-to-Peer SDK and the related Advanced Networking Pack for Windows XP will help developers create advanced networking applications. The SDK provides documentation and sample code while the Pack adds advanced networking support to the XP client, including enhanced IPv6 support, APIs for Peer-to-Peer name resolution, network graphing, grouping, and identity management. This SDK will help developers to create decentralized applications that harness the collective power of edge of the network PCs.
Microsoft Windows XP Peer-to-Peer Software Development Kit (SDK)
http://www.microsoft.com/downloads/details.aspx?FamilyId=5116A614-A487-4DFF-B384-829CD8CE977D&displaylang=en
The Windows XP Peer-to-Peer SDK provides documentation, sample code and other tools that allow developers to build peer-to-peer applications or services that capitalize on the new Advanced Networking Pack for Windows XP available for users.
Note: In order to run applications built with the Windows XP Peer-to-Peer SDK, the Advanced Networking Pack for Windows XP must be installed.
Date: July 23, 2003
Microsoft Advanced Networking Pack for Windows XP
http://www.microsoft.com/downloads/details.aspx?FamilyId=E88CC382-8CE6-4739-97C0-1A52A6F005E4&displaylang=en
The Advanced Networking Pack for Windows XP is a set of platform technologies designed to run on Windows XP to enable the use and deployment of distributed, peer-to-peer applications based on Internet standards. The update includes a new version of the IPv6 stack, including support for NAT traversal for IPv6 applications. An IPv6 firewall is included to protect the end-user's machine from unsolicited IPv6 traffic, while the peer-to-peer platform makes it simple to write distributed solutions.
Date: July 23, 2003
http://msdn.microsoft.com/library/default.asp?url=/downloads/list/winxppeer.asp
What's the problem with CGI scripts?
The problem with CGI scripts is that each one presents yet another opportunity for exploitable bugs. CGI scripts should be written with the same care and attention given to Internet servers themselves, because, in fact, they are miniature servers. Unfortunately, for many Web authors, CGI scripts are their first encounter with network programming.
CGI scripts can present security holes in two ways:
They may intentionally or unintentionally leak information about the host system that will help hackers break in.
Scripts that process remote user input, such as the contents of a form or a "searchable index" command, may be vulnerable to attacks in which the remote user tricks them into executing commands.
CGI scripts are potential security holes even though you run your server as "nobody". A subverted CGI script running as "nobody" still has enough privileges to mail out the system password file, examine the network information maps, or launch a log-in session on a high numbered port (it just needs to execute a few commands in Perl to accomplish this). Even if your server runs in a chroot directory, a buggy CGI script can leak sufficient system information to compromise the host.
http://www.w3.org/Security/faq/wwwsf4.html
The problem with CGI scripts is that each one presents yet another opportunity for exploitable bugs. CGI scripts should be written with the same care and attention given to Internet servers themselves, because, in fact, they are miniature servers. Unfortunately, for many Web authors, CGI scripts are their first encounter with network programming.
CGI scripts can present security holes in two ways:
They may intentionally or unintentionally leak information about the host system that will help hackers break in.
Scripts that process remote user input, such as the contents of a form or a "searchable index" command, may be vulnerable to attacks in which the remote user tricks them into executing commands.
CGI scripts are potential security holes even though you run your server as "nobody". A subverted CGI script running as "nobody" still has enough privileges to mail out the system password file, examine the network information maps, or launch a log-in session on a high numbered port (it just needs to execute a few commands in Perl to accomplish this). Even if your server runs in a chroot directory, a buggy CGI script can leak sufficient system information to compromise the host.
http://www.w3.org/Security/faq/wwwsf4.html
Tuesday, August 05, 2003
SCO's Smoking-Gun Tour
Is SCO's smoking gun against IBM a sheet of 8 x 11 paper with pertinent lines of programming highlighted in red and blue?
This code, which was allegedly lifted almost verbatim from Unix to Linux, belongs to a large unnamed hardware vendor that isn't IBM, according to SCO, which was waving it around late in July.
But SCO argues it is evidence that many companies are violating its intellectual property, says Chris Sontag, general manager for SCO's SCOsource unit. SCO acquired not just the source code for Unix System 5 from AT&T years ago—but the contracts that pertain to its use by commercial software and hardware makers.
Sontag is making the rounds with press and analysts, arguing IBM is the "ringleader," something akin to an industrywide porting of Unix to Linux without permission.
His presentation boils down to this: IBM "donated" some of the functionality from its own Unix variant, known as AIX, to Linux version 2.4 and beyond. This helped the open-source software grow to handle nonuniform memory access (NUMA), journal file system and other important features for an operating system asked to be a workhorse of enterprise computers. "How did this happen in that short of time?" asks Sontag. "A third or more of the Linux 2.4 kernel is at issue."
According to Sontag, IBM, along with other vendors, gave Linux a helping hand and violated a "derivatives clause" in the contracts for using Unix System 5. The contracts appear to say the source code can be only used for internal purposes and can't be redistributed elsewhere.
http://www.baselinemag.com/article2/0,3959,1208916,00.asp
Is SCO's smoking gun against IBM a sheet of 8 x 11 paper with pertinent lines of programming highlighted in red and blue?
This code, which was allegedly lifted almost verbatim from Unix to Linux, belongs to a large unnamed hardware vendor that isn't IBM, according to SCO, which was waving it around late in July.
But SCO argues it is evidence that many companies are violating its intellectual property, says Chris Sontag, general manager for SCO's SCOsource unit. SCO acquired not just the source code for Unix System 5 from AT&T years ago—but the contracts that pertain to its use by commercial software and hardware makers.
Sontag is making the rounds with press and analysts, arguing IBM is the "ringleader," something akin to an industrywide porting of Unix to Linux without permission.
His presentation boils down to this: IBM "donated" some of the functionality from its own Unix variant, known as AIX, to Linux version 2.4 and beyond. This helped the open-source software grow to handle nonuniform memory access (NUMA), journal file system and other important features for an operating system asked to be a workhorse of enterprise computers. "How did this happen in that short of time?" asks Sontag. "A third or more of the Linux 2.4 kernel is at issue."
According to Sontag, IBM, along with other vendors, gave Linux a helping hand and violated a "derivatives clause" in the contracts for using Unix System 5. The contracts appear to say the source code can be only used for internal purposes and can't be redistributed elsewhere.
http://www.baselinemag.com/article2/0,3959,1208916,00.asp
Even Antivirus Scanners Make Mistakes
Security fundamentally requires trust. You can't function without trusting some other users and some programs. On the other hand, you can't completely trust everything, and that includes normally trustworthy software, such as Symantec's Norton AntiVirus.
http://security.ziffdavis.com/article2/0,3973,1203522,00.asp
Security fundamentally requires trust. You can't function without trusting some other users and some programs. On the other hand, you can't completely trust everything, and that includes normally trustworthy software, such as Symantec's Norton AntiVirus.
http://security.ziffdavis.com/article2/0,3973,1203522,00.asp
Microsoft Security Bulletin MS03-026 Print
Buffer Overrun In RPC Interface Could Allow Code Execution (823980)
Originally posted: July 16, 2003
Revised: July 21, 2003
Summary
Who should read this bulletin: Users running Microsoft ® Windows ®
Impact of vulnerability: Run code of attacker’s choice
Maximum Severity Rating: Critical
Recommendation: Systems administrators should apply the patch immediately
End User Bulletin: An end user version of this bulletin is available at:
http://www.microsoft.com/security/security_bulletins/ms03-026.asp.
Affected Software:
Microsoft Windows NT® 4.0
Microsoft Windows NT 4.0 Terminal Services Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server™ 2003
Not Affected Software:
Microsoft Windows Millennium Edition
Microsoft originally released this bulletin and patch on July 16, 2003 to correct a security vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface. The patch was and still is effective in eliminating the security vulnerability. However, the “mitigating factors” and “workarounds” discussions in the original security bulletin did not clearly identify all of the ports by which the vulnerability could potentially be exploited. We have updated this bulletin to more clearly enumerate the ports over which RPC services can be invoked, and to ensure that customers who have chosen to implement a workaround before installing the patch have the information that they need to protect their systems. Customers who have already installed the patch are protected from attempts to exploit this vulnerability, and need take no further action.
Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly execute code on a remote system. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions.
There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The failure results because of incorrect handling of malformed messages. This particular vulnerability affects a Distributed Component Object Model (DCOM) interface with RPC, which listens on RPC enabled ports. This interface handles DCOM object activation requests that are sent by client machines to the server. An attacker who successfully exploited this vulnerability would be able to run code with Local System privileges on an affected system. The attacker would be able to take any action on the system, including installing programs, viewing changing or deleting data, or creating new accounts with full privileges.
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp
Buffer Overrun In RPC Interface Could Allow Code Execution (823980)
Originally posted: July 16, 2003
Revised: July 21, 2003
Summary
Who should read this bulletin: Users running Microsoft ® Windows ®
Impact of vulnerability: Run code of attacker’s choice
Maximum Severity Rating: Critical
Recommendation: Systems administrators should apply the patch immediately
End User Bulletin: An end user version of this bulletin is available at:
http://www.microsoft.com/security/security_bulletins/ms03-026.asp.
Affected Software:
Microsoft Windows NT® 4.0
Microsoft Windows NT 4.0 Terminal Services Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server™ 2003
Not Affected Software:
Microsoft Windows Millennium Edition
Microsoft originally released this bulletin and patch on July 16, 2003 to correct a security vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface. The patch was and still is effective in eliminating the security vulnerability. However, the “mitigating factors” and “workarounds” discussions in the original security bulletin did not clearly identify all of the ports by which the vulnerability could potentially be exploited. We have updated this bulletin to more clearly enumerate the ports over which RPC services can be invoked, and to ensure that customers who have chosen to implement a workaround before installing the patch have the information that they need to protect their systems. Customers who have already installed the patch are protected from attempts to exploit this vulnerability, and need take no further action.
Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly execute code on a remote system. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions.
There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The failure results because of incorrect handling of malformed messages. This particular vulnerability affects a Distributed Component Object Model (DCOM) interface with RPC, which listens on RPC enabled ports. This interface handles DCOM object activation requests that are sent by client machines to the server. An attacker who successfully exploited this vulnerability would be able to run code with Local System privileges on an affected system. The attacker would be able to take any action on the system, including installing programs, viewing changing or deleting data, or creating new accounts with full privileges.
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp
Monday, August 04, 2003
Attack bot strikes Windows flaw
Online vandals are using a program to compromise Windows servers and remotely control them through Internet relay chat (IRC) networks, system administrators said Saturday.
Several programs, including one that exploits a recent vulnerability in computers running Windows, have been cobbled together to create a remote attack tool. The tool takes commands from an attacker through the IRC networks and can scan for and compromise computers vulnerable to the recently discovered flaw in Windows.
Files left behind on a compromised server by the worm were posted to a security mailing list. Computer security company Symantec analyzed the files and determined that what was first thought to be a worm was actually an attack program.
Based on our analysis, the threat does not appear to be a worm," said Oliver Friedrichs, senior manager for Symantec's security response team. "It doesn't go and try to spread." Friedrichs was in Las Vegas attending the Black Hat Briefings and DefCon hacking conferences.
The ability to spread automatically is the hallmark of a computer worm. The collection of programs that Symantec analyzed is a tool that compromises computers and is referred to as an autorooter. It also acts like an IRC bot, listening to specific channels on the chat network and taking commands from attackers via IRC.
The initial post describing what security researchers thought might be a worm appeared at 10 a.m. PDT Saturday on the Full-Disclosure security list.
The tool consists of six files that work together to find vulnerable systems and attack them. Ever since the Windows flaw was announced, security researchers widely expected a worm to be written to exploit it. The IRC bot is one step removed from a worm and less disruptive.
This bot compromises computers using a flaw that Microsoft warned the public about on July 16.
The flaw is in the distributed component object model (DCOM) interface, a part of the OS that allows other computers to request the system to perform an action or service. The object, known as the remote procedure call (RPC) process, facilitates activities such as sharing files and allowing others to use the computer's printer. By sending too much data to the DCOM interface, an attacker can cause the system to grant full access to the computer.
A week ago, hackers from the Chinese X-Focus security group publicly posted a program to several security lists designed to allow an intruder to use the vulnerability to break into Windows computers. The Windows flaw has been characterized by some security experts as the most widespread ever found in Windows. In the past week, security researchers and hackers have been refining the exploit code.
That program is one of the six that make up the tool. The files include rpc.exe, rpctest.exe, tftpd.exe, worm.exe, lolx.exe and dcomx.exe. Although one of the programs sports the name "worm.exe," the resulting set of files is not a worm, because it doesn't spread automatically, Friedrichs said.
http://zdnet.com.com/2100-1105_2-5059263.html
Online vandals are using a program to compromise Windows servers and remotely control them through Internet relay chat (IRC) networks, system administrators said Saturday.
Several programs, including one that exploits a recent vulnerability in computers running Windows, have been cobbled together to create a remote attack tool. The tool takes commands from an attacker through the IRC networks and can scan for and compromise computers vulnerable to the recently discovered flaw in Windows.
Files left behind on a compromised server by the worm were posted to a security mailing list. Computer security company Symantec analyzed the files and determined that what was first thought to be a worm was actually an attack program.
Based on our analysis, the threat does not appear to be a worm," said Oliver Friedrichs, senior manager for Symantec's security response team. "It doesn't go and try to spread." Friedrichs was in Las Vegas attending the Black Hat Briefings and DefCon hacking conferences.
The ability to spread automatically is the hallmark of a computer worm. The collection of programs that Symantec analyzed is a tool that compromises computers and is referred to as an autorooter. It also acts like an IRC bot, listening to specific channels on the chat network and taking commands from attackers via IRC.
The initial post describing what security researchers thought might be a worm appeared at 10 a.m. PDT Saturday on the Full-Disclosure security list.
The tool consists of six files that work together to find vulnerable systems and attack them. Ever since the Windows flaw was announced, security researchers widely expected a worm to be written to exploit it. The IRC bot is one step removed from a worm and less disruptive.
This bot compromises computers using a flaw that Microsoft warned the public about on July 16.
The flaw is in the distributed component object model (DCOM) interface, a part of the OS that allows other computers to request the system to perform an action or service. The object, known as the remote procedure call (RPC) process, facilitates activities such as sharing files and allowing others to use the computer's printer. By sending too much data to the DCOM interface, an attacker can cause the system to grant full access to the computer.
A week ago, hackers from the Chinese X-Focus security group publicly posted a program to several security lists designed to allow an intruder to use the vulnerability to break into Windows computers. The Windows flaw has been characterized by some security experts as the most widespread ever found in Windows. In the past week, security researchers and hackers have been refining the exploit code.
That program is one of the six that make up the tool. The files include rpc.exe, rpctest.exe, tftpd.exe, worm.exe, lolx.exe and dcomx.exe. Although one of the programs sports the name "worm.exe," the resulting set of files is not a worm, because it doesn't spread automatically, Friedrichs said.
http://zdnet.com.com/2100-1105_2-5059263.html
Patch your software--it'll help secure the Net
When a security researcher or vendor first releases information about a software vulnerability, the clock starts ticking. How long will it be until a malicious user takes advantage of it?
According to Gerhard Eschelbeck, CTO of computer security company Qualys, not very long. He says that, for about 80 percent of publicly known vulnerabilities, exploit code (such as a worm or virus) appears within 60 days of their announcement.
THIS INFORMATION was presented by Eschelbeck at last week's Black Hat USA 2003 conference in Las Vegas, as part of his Law of Vulnerability project. The project is the result of about a year's worth of analysis of the company's extensive vulnerability database.
Eschelbeck's findings give validity to what security experts have been saying for years: There's a limited window between the time a vulnerability is announced and when a patch must be applied.
If home users and corporate system administrators don't already know how important it is to apply fixes as soon as they're available, now there's concrete data to prove it. Eschelbeck's research should also help sys admins justify the time and expense of implementing these patches to their bosses--and thus shorten the life of destructive worms and viruses.
After discussing the "60-day rule," Eschelbeck went on to present another key point from the Law of Vulnerability project: Half of all affected systems are patched within 30 days of the vulnerability's announcement--while the other half remain open to attack.
These unpatched systems keep vulnerabilities--and the worms and viruses that take advantage of them--alive on the Internet long after they're released. As an example, Eschelbeck cited the MS Index Server vulnerability that gave rise to Code Red in 2001. Code Red disappeared for a while, but now is back thanks to the recent appearance of unpatched installations of the server software.
JOINING ESCHELBECK at the Black Hat session were several other security experts, including Black Hat Briefings CEO Jeff Moss and BindView's Mark Loveless (aka Simple Nomad). Loveless pointed out that along with public announcements, malicious users find out about unannounced or recently announced vulnerabilities through an online "black market."
This means malicious users may know about even more vulnerabilities than many security experts or the general public, and underscores the need for software developers to hold off on releasing products until they are truly secure.
http://www.zdnet.com/anchordesk/stories/story/0,10738,2914418,00.html
When a security researcher or vendor first releases information about a software vulnerability, the clock starts ticking. How long will it be until a malicious user takes advantage of it?
According to Gerhard Eschelbeck, CTO of computer security company Qualys, not very long. He says that, for about 80 percent of publicly known vulnerabilities, exploit code (such as a worm or virus) appears within 60 days of their announcement.
THIS INFORMATION was presented by Eschelbeck at last week's Black Hat USA 2003 conference in Las Vegas, as part of his Law of Vulnerability project. The project is the result of about a year's worth of analysis of the company's extensive vulnerability database.
Eschelbeck's findings give validity to what security experts have been saying for years: There's a limited window between the time a vulnerability is announced and when a patch must be applied.
If home users and corporate system administrators don't already know how important it is to apply fixes as soon as they're available, now there's concrete data to prove it. Eschelbeck's research should also help sys admins justify the time and expense of implementing these patches to their bosses--and thus shorten the life of destructive worms and viruses.
After discussing the "60-day rule," Eschelbeck went on to present another key point from the Law of Vulnerability project: Half of all affected systems are patched within 30 days of the vulnerability's announcement--while the other half remain open to attack.
These unpatched systems keep vulnerabilities--and the worms and viruses that take advantage of them--alive on the Internet long after they're released. As an example, Eschelbeck cited the MS Index Server vulnerability that gave rise to Code Red in 2001. Code Red disappeared for a while, but now is back thanks to the recent appearance of unpatched installations of the server software.
JOINING ESCHELBECK at the Black Hat session were several other security experts, including Black Hat Briefings CEO Jeff Moss and BindView's Mark Loveless (aka Simple Nomad). Loveless pointed out that along with public announcements, malicious users find out about unannounced or recently announced vulnerabilities through an online "black market."
This means malicious users may know about even more vulnerabilities than many security experts or the general public, and underscores the need for software developers to hold off on releasing products until they are truly secure.
http://www.zdnet.com/anchordesk/stories/story/0,10738,2914418,00.html
Music Downloading, File-sharing and Copyright: A Pew Internet Project Data Memo
More than two-thirds of Americans who swap songs online don't care whether the music is copyrighted, according to a study, despite the record industry's antipiracy crackdown.
The struggle to enforce copyright laws in the digital age continues to be an uphill battle for content owners. Data gathered from Pew Internet & American Life Project surveys fielded during March - May of 2003 show that a striking 67% of Internet users who download music say they do not care about whether the music they have downloaded is copyrighted. A little over a quarter of these music downloaders - 27% - say they do care, and 6% said they don’t have a position or know enough about the issue.
The number of downloaders who say they don’t care about copyright has increased since July-August 2000, when 61% of a smaller number of downloaders said they didn’t care about the copyright status of their music files.
Of those Internet users who share files online (such as music or video) with others, 65% say they do not care whether the files they share are copyrighted or not. Thirty percent say they do care about the copyright status of the files they share, and 5% said they don’t know or don’t have a position.
http://www.pewinternet.org/reports/toc.asp?Report=96
More than two-thirds of Americans who swap songs online don't care whether the music is copyrighted, according to a study, despite the record industry's antipiracy crackdown.
The struggle to enforce copyright laws in the digital age continues to be an uphill battle for content owners. Data gathered from Pew Internet & American Life Project surveys fielded during March - May of 2003 show that a striking 67% of Internet users who download music say they do not care about whether the music they have downloaded is copyrighted. A little over a quarter of these music downloaders - 27% - say they do care, and 6% said they don’t have a position or know enough about the issue.
The number of downloaders who say they don’t care about copyright has increased since July-August 2000, when 61% of a smaller number of downloaders said they didn’t care about the copyright status of their music files.
Of those Internet users who share files online (such as music or video) with others, 65% say they do not care whether the files they share are copyrighted or not. Thirty percent say they do care about the copyright status of the files they share, and 5% said they don’t know or don’t have a position.
http://www.pewinternet.org/reports/toc.asp?Report=96
Subscribe to:
Posts (Atom)
Posts
