Has Your Address Been Spoofed?

Deb Shinder, Editor WinXPnews
“Are you getting e-mail messages from administrators of other mail domains, notifying you that the messages you sent were undeliverable? When you open these, do you find that you never sent a message to the supposed recipient? Sometimes these messages indicate that you have a virus sending e-mail from your account without your knowledge. Other times, though, the mail didn't come from your account at all - instead, somebody spoofed your e-mail address and used it as their return address.

Either way, it's more than just an anomaly or an annoyance. If your address is used to send spam, it may be reported to various "spam cop" organizations, resulting in your address - or even your entire domain - being added to various public blacklists of known spammers. And that means the legitimate e-mail you send won't get through to a lot of recipients. Not a good situation. You can read more about how e-mail spoofing is done in my article at http://www.winxpnews.com/rd/rd.cfm?id=050308ED-Spoofing.

What can you do about it? The federal CAN SPAM Act makes it illegal to send unsolicited commercial e-mail with false or misleading headers (return addresses). Unfortunately, you can't prosecute someone for this or any other crime unless you know who the perpetrator is.

Okay, what if your name ends up on a black list? Is there anything you can do about that? The answer is: sometimes. There are many different black lists, so the first challenge is to find out which list(s) are identifying you as a spammer. There is a list of some black lists at http://www.winxpnews.com/rd/rd.cfm?id=050308ED-Black_Lists. In some cases, you can write to those who maintain the lists and explain what happened and ask to have your address removed. Here is an article that contains info on how to get off of specific blacklists: http://www.winxpnews.com/rd/rd.cfm?id=050308S1-Off_Blacklists. Have you been blacklisted? If others are telling you that your e-mails don't reach them, it might be because you're on a blacklist. Many ISPs use blacklists to block spam at the server level.”

http://www.winxpnews.com/?id=166

Understanding E-mail Spoofing

Deb Shinder
“Spam and e-mail-laden viruses can take a lot of the fun and utility out of electronic communications, but at least you can trust e-mail that comes from people you know – except when you can’t. A favorite technique of spammers and other “bad guys” is to “spoof” their return e-mail addresses, making it look as if the mail came from someone else. In effect, this is a form of identity theft, as the sender pretends to be someone else in order to persuade the recipient to do something (from simply opening the message to sending money or revealing personal information). In this article, we look at how e-mail spoofing works and what can be done about it, examining such solutions as the Sender Policy Framework (SPF) and Microsoft’s Sender ID, which is based on it.

If you receive a snail mail letter, you look to the return address in the top left corner as an indicator of where it originated. However, the sender could write any name and address there; you have no assurance that the letter really is from that person and address. E-mail messages contain return addresses, too – but they can likewise be deliberately misleading, or “spoofed.” Senders do this for various reasons, including:

• The e-mail is spam and the sender doesn’t want to be subjected to anti-spam laws
• The e-mail constitutes a violation of some other law (for example, it is threatening or harassing)
• The e-mail contains a virus or Trojan and the sender believes you are more likely to open it if it appears to be from someone you know
• The e-mail requests information that you might be willing to give to the person the sender is pretending to be (for example, a sender might pose as your company’s system administrator and ask for your network password), as part of a “social engineering” attack
• The sender is attempting to cause trouble for someone by pretending to be that person (for example, to make it look as though a political rival or personal enemy said something he/she didn’t in an e-mail message)

Note:
“Phishing” – the practice of attempting to obtain users’ credit card or online banking information, often incorporates e-mail spoofing. For example, a “phisher” may send e-mail that looks as if it comes from the bank’s or credit card’s administrative department, asking the user to log onto a Web page (which purports to be the bank’s or credit card company’s site but really is set up by the “phisher”) and enter passwords, account numbers, and other personal information.

Whatever the motivation, the objective of spoofed mail is to hide the real identity of the sender. This can be done because the Simple Mail Transfer Protocol (SMTP) does not require authentication (unlike some other, more secure protocols). A sender can use a fictitious return address or a valid address that belongs to someone else.

Receiving mail from spoofed addresses ranges from annoying to dangerous (if you’re taken in by a “phisher”). Having your own address spoofed can be even worse. If a spammer uses your address as the return address, you may suddenly find yourself inundated with angry complaints from recipients or even have your address added to “spammer” lists that results in your mail being banned from many servers.…”

http://www.windowsecurity.com/articles/Email-Spoofing.html

Finding Free Content in the Creative Commons

By Chris Sherman, Associate Editor Searchday
“Looking for photos, music, text, books and other content that's free to share or modify for your own purposes? The Creative Commons search engine can help you find tons of (legally) free stuff on the web.

The Creative Commons was founded in 2001 to introduce a new form of copyright that's less restrictive than the "all rights reserved" approach generally in practice today. The goal was to restore "balance, compromise, and moderation—once the driving forces of a copyright system that valued innovation and protection equally."

By using a Creative Commons license, content creators adopt a "some rights reserved" form of copyright that encourages sharing and modifying content by others.

Today, the Creative Commons organization estimates that more than 5 million web sites link to its license. That's a lot of content, most of which is available for free or nominal charge.

The Creative Commons search engine (powered by Nutch, which we've previously covered) makes it easy to find this content. You can search for Creative Commons audio, images, text, video, and other formats that are free to share online.

You can also limit your search to works that you are free to modify, adapt, or build upon, or even use for commercial purposes.…”

http://searchenginewatch.com/searchday/article.php/3487206

4 steps to take if you've responded to a phishing scam

“What to do if you've responded to a phishing scam

You can do your best to prevent having your identity stolen by a phishing scam, but no method or system can guarantee total safety and security.

If you suspect that you've already responded to a phishing scam with personal or financial information or entered this information into a fake Web site, there may be ways you can minimize any damage.”

http://www.microsoft.com/athome/security/email/phishingrespond.mspx

5 don'ts and 3 do's for handling spam e-mail

“Despite your best efforts, you no doubt have received e-mail and instant messages you didn't ask for. Here's what you can do about all that junk.…

Beware of fake e-mail

Thieves use a method known as phishing to send e-mail or instant message spam that meticulously imitates messages from reputable, well-known companies, including Microsoft and others. The forged message capitalizes on your trust of the respected brand by enticing you to click a link on a Web page or in a pop-up window. Clicking it could download a virus or lead you to reveal confidential information such as account and Social Security numbers. Get more details from our video on phishing. ”

http://www.microsoft.com/athome/security/email/options.mspx

Using Microsoft Windows AntiSpyware (Beta)

“Microsoft Windows AntiSpyware (Beta) is a new security technology that helps to protect your computer from spyware and other unwanted software. You can manually scan your computer for spyware or schedule the program to perform a scan automatically on a regular basis at any time.

How to install and set up Windows AntiSpyware (Beta)
How to scan your computer for spyware
How to help remove spyware from your computer
How to set up a scheduled spyware scan
Understanding real-time protection”


http://www.microsoft.com/athome/security/spyware/software/howto/default.mspx

Microsoft Patches Windows 98, ME Flaws

By Ryan Naraine
“Microsoft Corp. on Tuesday updated two previously released bulletins to add critical security fixes for customers running Windows 98, 98SE and ME.

Patches for Windows 98 and ME are a "bonus" because of the critical nature of the vulnerabilities being addressed, a Microsoft spokeswoman said. "Those products are out of lifecycle, but we made a commitment to provide critical updates, and that's what you're seeing."

She said priority was given to rolling out patches for supported products. "After further testing on the out-of-lifecycle platforms, we updated the advisories." The patches cover two remote code execution vulnerabilities.

First, MS05-002, fixes a hole in the cursor and icon format handling feature that could open the door for an attacker to take complete control of an affected system.

Microsoft also added patches to MS05-015 to protect users against a remote code execution vulnerability in the Hyperlink Object Library.”

http://www.eweek.com/article2/0,1759,1774106,00.asp?kc=ewnws030905dtx1k0000599

Shooting Web video: How to put your readers at the scene

By Regina McCombs

Freelance writers, bloggers and independent journalists yearning to use video on the Internet, grab your PDAs. Use these tips to help you begin shooting and editing your own Web video stories.

“As anyone who’s ever watched a great documentary knows, stories told in video can be amazingly powerful. And as anyone who has sat through home movies knows, they can be mind-numbingly boring as well. If you’re a freelance writer, a blogger or an independent journalist with a story to tell in video, there are steps you can take to make sure your story tilts more toward the powerful than the sleep-inducing. (See Sonya Doctorian's video essays for RockyMountainNews.com.)

The story

First, it’s about content. One of the great things about the Web is that there are so many tools at our fingertips. We can use text, animated graphics, photos, audio or video to tell a story. But that means we need to be thoughtful about which we choose. Video is experiential, immersive, emotional – it puts you at the scene, gives flavor and personality, and of course, shows motion.

Video isn’t cheap in terms of time or equipment. Shooting, editing and posting video all demand more effort and gear than text. So first you need to decide why you want to tell a video story, and then you can gather what you will need to get video on the Web.

If you’re just interested in posting video from your Webcam, this article is not for you. Check out audioblog.com or Vlog it! from seriousmagic.com. Here, we’re going to talk about taking your camera out into the world and shooting video.

A common storytelling exercise is to state your story in one sentence, using an active verb. Who is doing what? “Neighborhood garbage burner” is not a story. On the other hand, “Neighbors hate the smelly garbage burner” has real potential.

Refining your story into a sentence helps focus your idea and keeps you from shooting everything that might have only a tangential relationship to the main idea. If it’s your first time out, start small. Really small. Simple, interesting stories deserve to be told, and they won’t make you insane while you deal with the steep video learning curve.

Cameras should be DV with firewire. If not, you’ll need additional hardware to capture video to your computer. There are plenty of good microphones available for under $100. A tripod is important because keeping shots steady is critical for Web encoded video. Every change in pixels makes the encoder work harder and makes your picture fuzzier.

A list of audio and video equipment options at several price points is available here on Visual Edge's site.…”

http://www.jr.org/ojr/stories/050303mccombs/

Display Local Weather Forecasts with the NOAA's Web Service

By Scott Mitchell
“In December 2004 the National Oceanic and Atmosphere Administration (NOAA) unveiled a Web service for accessing weather forecasts for locations within the United States. The Web service provides two methods:

• NDFDgen(latitude, longitude, detailLevel, startTime, endTime, weatherParametersToReturn) - returns a range of weather information for a particular latitude and longitude between a start and end time. The weatherParametersToReturn input parameter dictates what weather information should be returned, such as: maximum temperature, minimum temperature, three hour temperature, snowfall amount, wind speed, and so on.
• NDFDgenByDay(latitude, longitude, hourlyFormat, startDate, numberOfDays) - returns 12-hour or 24-hour weather information for a particular latitude/longitude starting from a certain date and extending a specified number of dates into the future.

Assuming the latitude and longitude are in the NOAA's database, the Web service returns an XML document that contains a variety of weather information for the dates specified, based on the parameters passed into the Web service. (For more detailed information on the NOAA's Web service, refer to http://www.nws.noaa.gov/forecasts/xml/.)

When reading up on this new Web service, I stumbled across Mikhail Arkhipov's blog entry titled Weather Forecast ASP.NET User Control, which provides a User Control written in C# for displaying the seven-day forecast for a particular latitude and longitude. While Mikhail's User Control definitely fit the bill for a simple forecast display in a C# Web application, I was tempted to provide similar functionality in a custom, compiled server control, which would allow the weather forecasts to be displayed in VB.NET Web applications as well. Additionally, I wanted to add some additional customization not found in Mikhail's solution.

The remainder of this article examines my custom control, MultiDayForecast…”

http://aspnet.4guysfromrolla.com/articles/030205-1.aspx

Reusable Dakota Camera Can Be a Hacker's Bargain

“Do you think basic digital camera features should be more affordable? So do I. Start with a trip to your local Ritz Camera or discount store and pick up a $20 reusable Dakota digital camera. You're supposed to buy a Dakota, use it, and then return it to the store to get your images printed. But with a few hacks, you can get the pictures out yourself.

John Maushammer has the Dakota well documented at his Web site http://www.maushammer.com/systems/dakotadigital/DakotaDigital.html, with details on how to hack a USB connection onto the camera http://www.maushammer.com/systems/dakotadigital/usb-cable.html. Once you can get pictures off the Dakota, click here http://www.balerdi.com.ar/dakota/ for instructions on removing the camera's built-in software limit of 25 pictures.”

http://www.pcworld.com/howto/article/0,aid,119267,pg,6,00.asp

Strategies of Computer Worms

“Advances in programming have brought many conveniences to our
lives, but they have also given cyber-criminals increasingly
sophisticated ways to commit crimes. This chapter describes the nature
and evolution of the computer worm, from simple beginning to modern
Bluetooth travelling cellphone worms.”

http://www.informit.com/articles/article.asp?p=366891

identity theft made even easier

Alarm over pharming attacks:
By Robert Vamosi
“Hopefully, we've all become wise to phishing attacks, so named because they cast the bait (via e-mail) and if you bite, they can lure your personal information out of you. These scams are now fairly recognizable and usually arrive as a note from a bank asking you to go to its site (link provided, of course) to reenter your most personal information. The fact that a bank wouldn't really need your mother's maiden name might tip you off. Most likely, though, you spot the misspellings in this bogus e-mail, or you're otherwise savvy to the identity theft scam and immediately trash these messages unread.

So what if I told you phishing is just kid stuff compared to what's coming next?

…Pharming is simply a new name for a relatively old concept: domain spoofing. Rather than spamming you with e-mail requests, pharmers work quietly in the background, "poisoning" your local DNS server by redirecting your Web request somewhere else. As far as your browser's concerned, you're connected to the right site. The danger here is that you no longer have to click an e-mail link to hand over your personal information to identity thieves.…

To understand pharming, you need a little background on DNS. Throughout the Internet, a series of domain name servers (DNS) quietly resolve the familiar addresses you type into specific Internet addresses. These servers are basically large directories of common names such as Amazon, Google, and Microsoft, and IP-specific addresses that you never see. For example, if you type www.cnet.com, this request goes to your nearest DNS server, which then locates the registered Internet address for the Web server at CNET Networks. It's much more convenient than always remembering 222.123.0.0 or something similar.

However, this translation is also a weak link in the Internet's infrastructure. With every Internet request first bouncing off a DNS server somewhere on the planet, criminal hackers realized (some time ago) that rather than flooding a specific domain and effectively hiding it from the rest of the world (in what's known as a denial-of-service attack), they can either change the DNS record or take down the DNS system all together.…

DNS poisoning is a whole different kettle of fish (so to speak), and much more subtle than what I just described. When a cracker poisons a DNS server, he or she changes the specific record for a domain, sending you to a Web site very different from the one you intended to access--without your knowledge. Usually, the cracker does this by posing as an official who has the authority to change the destination of a domain name. DNS poisoning is also possible via software vulnerability, however. A white paper by Joe Stewart from the security company Lurhq and published on SecurityFocus offers more about DNS poisoning, including its history.

In January of 2005, someone fraudulently changed the DNS address for the domain panix.com, a New York State Internet service provider. Ownership of the company was changed from New York to Australia. Requests to reach the panix.com server were redirected to the United Kingdom, and e-mail was redirected to Canada. State and federal authorities are currently investing this case.

Prior to that, in September 2004, a teenager in Germany managed to hijack the domain for eBay.de. I could go on. Other attacks have targeted Amazon.com and Google.com. There were no immediate reports of identity theft resulting from these specific events.…”

http://reviews.cnet.com/4520-3513_7-5670780-1.html?tag=nl.e501

Google Toolbar's AutoLink

& The Need For Opt-Out

“AutoLink is new feature in the new third version of Google's popular Google Toolbar that's raised controversy since it was released last week. Why are publishers upset? Can they block the feature that adds links to their web pages? Who rules over content, users or publishers? Why do I think Google should give publishers an opt-out for the feature. That, and other issues, we'll explore in this article. It's a long one, so the links below will let you jump to particular sections, if you prefer.

• How AutoLink Works
• The User Benefit
• The Publisher Benefit & Fears
• We've Been Here Before
• Monopoly & Monetary Fears
• Future Development
• What's Acceptable & What's Not?
• Drawing The Line At Links
• Provide An Opt-Out!
• They're My Users Too
• Turning The Tables
• The Toolbar Area Itself Is Yours
• Alt-Click Away!
• Here's An Opt-Out”

Google's new Beta Toolbar includes a feature called 'AutoLink'. The toolbar scans through the current Web page and links any addresses or ISBN numbers to Google's services. This script will stop the toolbar from placing a link in the Web page.
The JavaScript Source: Miscellaneous: AutoBlink http://javascript.internet.com/miscellaneous/autoblink.html

http://blog.searchenginewatch.com/blog/050225-104317

What, Exactly, is Search Engine Spam?

By Bill Hunt,
“A special report from the Search Engine Strategies 2004 Conference, December 13-16, Chicago.

There's a subtle boundary that separates acceptable search engine optimization practices from the shadier techniques used by spammers. How can you recognize the difference between white-hat and black-hat techniques?

The first step to determine if you are playing with fire is to understand the philosophical question, "what is considered spam?" The attendees were presented with a fairly clear definition of search engine spam from Tim Mayer, Director of Product Management for Yahoo Search. Yahoo! defines spam as "pages created deliberately to trick the search engine into offering inappropriate, redundant, or poor-quality search results." This is similar to the definitions offered by Google and MSN as well.

Shari Thurow, Webmaster/Marketing Director from GrantasticDesigns.com suggested various questions that site owners should ask themselves related to content and their optimization techniques. While acknowledging that these were "obvious" questions, Thurow said "they just don't get asked enough." She strongly suggests that site owners make sure that the content benefits the target audience—site visitors—and is not just thrown on a page to skew the search engine ranking algorithms.

Sixteen flavors of search engine spam

Thurow next presented a slide that contained a comprehensive list of sixteen tactics that are considered search engine spam. These techniques include:

• Keywords unrelated to site
• Redirects
• Keyword stuffing
• Mirror/duplicate content
• Tiny Text
• Doorway pages
• Link Farms
• Cloaking
• Keyword stacking
• Gibberish
• Hidden text
• Domain Spam
• Hidden links
• Mini/micro-sites
• Page Swapping (bait &switch)
• Typo spam and cyber squatting”

http://searchenginewatch.com/searchday/article.php/3483601

The Search Engine Report - Number 100

“In This Issue
+ SES NY Next Week; Toronto In May
+ What's Up With The SEW Awards?
+ Search Engine Report #100; SearchDay #1000
+ Top Stories
+ More From The Search Engine Watch Blog
+ About The Newsletter”

http://searchenginewatch.com/sereport/article.php/3485996

Help prevent identity theft from phishing scams

What is a phishing scam?
“Phishing is a type of deception designed to steal your identity. In phishing scams, scam artists try to get you to disclose valuable personal data—like credit card numbers, passwords, account data, or other information—by convincing you to provide it under false pretenses. Phishing schemes can be carried out in person or over the phone, and are delivered online through spam e-mail or pop-up windows.

A phishing scam sent by e-mail may start with con artists who send millions of e-mail messages that appear to come from popular Web sites or sites that you trust, like your bank or credit card company. The e-mail messages, pop-up windows, and the Web sites they link to appear official enough that they deceive many people into believing that they are legitimate. Unsuspecting people too often respond to these requests for their credit card numbers, passwords, account information, or other personal data.…

To make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site (1), but it actually takes you to a phony scam site (2) or possibly a pop-up window that looks exactly like the official site. These copycat sites are also called "spoofed" Web sites. Once you're at one of these spoofed sites, you might unwittingly send personal information to the con artists. They then often use your information to purchase goods, apply for a new credit card, or otherwise steal your identity.

To learn how you can spot a phishing e-mail scam, read How can I tell if an e-mail message is fraudulent?”

http://www.microsoft.com/athome/security/email/phishing.mspx

Computer Recycling

from: The NSDL Scout Report for Mathematics Engineering and Technology
Volume 4, Number 4 Topic in Depth

“BBC News: PC Ownership to 'Double by 2010'
http://news.bbc.co.uk/1/hi/technology/4095737.stm
Oasis: Waste from Electrical and Electronic Equipment
http://www.oasis.gov.ie/public_utilities/waste_management/
waste_from_electric_and_electronic_equipment.html
PC World: How to Dispose of an Old Notebook
http://www.pcworld.com/howto/article/0,aid,119445,00.asp
Tech Soup: Ten Tips for Donating a Computer
http://www.techsoup.org/howto/articlepage.cfm?articleid=524&topicid=1
CompuMentor: Computer Recycling & Reuse Program
http://www.compumentor.org/recycle/default.html
Vnunet: Refurbished PCs
http://www.vnunet.com/features/1155286
Refurbished Computers Buyers Guide
http://www.realise-it.org/buyersguide.asp
About.com: Bill to Curb Electronic Waste Introduced
http://usgovinfo.about.com/od/technologyandresearch/a/ewastebill.htm

Given current rates of computer consumerism and technological advances, one might expect to find a lot of computers out there in the world. What happens to these old computers? This Topic in Depth explores this issue, reviews some options for recycling computers, and provides tips for anyone considering purchasing a refurbished computer. The first article from BBC News (1) reports on research which suggests that "the number of personal computers worldwide is expected to double by 2010 to 1.3 billion machines." The second article from Oasis, a project of the Irish eGovernment initiative, (2) reviews some of the issues surrounding waste from electrical and electronic equipment. This next article from PC World (3) gives some ideas for how to dispose of an old notebook computer. One option, of course, is to donate your notebook, which is discussed in this article from Tech Soup (4). Another resource for information on computer recycling and reuse is this website from CompuMentor (5). Given the current market for computers, many are considering refurbished computers. This article from Vnunet (6 ) explains what a refurbished computer is while the next website provides some tips for buying a refurbished computer (7 ). Finally, this article from About.com reports on the recently introduced National Computer Recycling Act (8). [VF] ”

From The NSDL Scout Report for Math, Engineering, & Technology, Copyright Internet Scout Project 1994-2005. http://www.scout.wisc.edu/

http://scout.wisc.edu/Reports/NSDL/MET/2005/met-050225-topicindepth.php#1

Windows XP Product-Activation

“Microsoft is modifying its product-activation policies in it's continuing its crack-down on Windows pirates.

As of next week, however, Microsoft plans to curtail the number of users relying on the Web to activate their copies of XP.

As of February 28, Microsoft will disable Internet activation for all Windows XP product keys located on Certificates of Authenticity (COA) labels that are distributed by the 20 top worldwide PC vendors. Microsoft will be relying on these PC makers to do the activation for users.

Microsoft sent a distribution alert to let its field sales force know of this change a couple of weeks ago. Tech blogger Aviran Mordo posted a copy of the alert to his Web site on Tuesday.

On Wednesday, Microsoft officials acknowledged the authenticity of the alert.”

Microsoft is hoping to eliminate piracy that occurs when product keys are stolen from COAs that traditionally have been placed on PCs by OEMs.

If you type a key into (the authentication mechanism) on the Web, it will activate and not tell you anything is wrong, even if the key is stolen.

Microsoft will disable the ability to activate direct OEM product keys over the Internet. When a customer attempts to activate using a pirated key, the activation wizard will tell them to call Microsoft customer service. Call center operators will issue override keys only to customers who answer questions that prove they have legitimate copies.

Microsoft is looking at expanding the new policy to smaller PC makers and system builders.

http://www.microsoft-watch.com/article2/0,1995,1769339,00.asp

Spyware Snags Blogger Users

By Matt Hicks

“Weblogs are spreading more than opinions and observations across the Internet. Some are beginning to propagate malicious software downloads that can alter browser settings, track users and serve pop-up ads.

Dozens of blogs hosted by Google Inc.'s Blogger service can install programs that are widely considered to be spyware and adware onto visitors' computers, warn users and spyware researchers. In many cases, users are discovering the offending sites as they browse among blogs through Blogger's navigation bar.

Alvin Borromeo, attorney, of Columbus, Ohio victim of spyware from a Blogger-hosted blog wrote about the problem in a post in January on the blog of his law firm, Mallory & Tsibouris Co. LPA. He posted an update with Blogger's reply to his inquiries.

He reached a blog that installed spyware on his Windows computer after clicking the "Next Blog" link in the Blogger navigation bar. Then he noticed pop-up ads appearing and that his Internet Explorer home page was changed.

In August Blogger introduced the navigation bar atop blogs that it hosts at blogspot. The bar is optional for Blogger users with their own Web hosting.

"It was very surprising," Borromeo said. "It's something that you'd expect that Google would be up on, and it came as a shock to me that I would get [spyware] through this avenue."

He added a warning to the law firm's blog about the potential for spyware downloads when navigating blogs and later moved his blog to the firm's own host in order to remove the Blogger navigation bar.

"I don't want my users going onto my blog and then clicking that next link and getting spyware downloaded onto their system," he said.

Many of the affected blogs on Blogger had included JavaScript code in their templates that pointed to a service called iWebTunes. The iWebTunes Web site provides few details about the service and no contact information, but the service appears to promise blogs the ability to play music while it also serves up downloads for spyware and adware.

A Google search on iWebTunes and Blogspot, the name of Blogger's hosting service, yields pages of blog results. When eWEEK.com visited about five of the blogs, they displayed pop-ups in Internet Explorer with misleading prompts to accept downloads.

When one download was accepted, it installed the EliteBar, which disabled other IE tool bars, including the Google Toolbar; changed the browser home page to SearchMiracle.com and began displaying pop-up ads even when IE was closed. ”

http://www.eweek.com/print_article2/0,2533,a=146399,00.asp

So you want to be a consultant...?

Steve Friedl's Unixwiz.net Tech Tips
Or: Why work 8 hours/day for someone else when you can work 16 hours/day for yourself?

http://www.unixwiz.net/techtips/be-consultant.html