Microsoft to Serve Up Monthly Virus Zapper :
“Microsoft Corp. on Thursday said it plans to release a virus detection and removal tool on Jan. 11. The antivirus fighter will be updated on the second Tuesday of every month as part of the company's scheduled software patching cycle.

Meanwhile, exactly three weeks after acquiring anti-spyware startup Giant Company, Redmond released the first public beta as a free Windows download through July 31.

Redmond also plans to release a virus detection and removal tool on Jan. 11, which will be updated on the second Tuesday of every month as part of the company's scheduled software patching cycle.

As previously reported, the spyware zapper is an exact replica of the Giant Company application acquired late last year.

Microsoft has retained all of the key Giant AntiSpyware features, including RealTime Detection, AutoUpdater, Spyware Scan and the widely hailed SpyNet Community network, which provides an early-warning mechanism.

Microsoft officials declined to discuss what happens after the beta expires in July, but analysts expect the company to start charging for definition updates once the spyware detection and removal tool goes gold.

The addition of a worm zapper to the monthly Patch Day schedule is a change from the previous policy of releasing individual removal tools after a major virus outbreak.

Using expertise and technology acquired from anti-virus vendor GeCAD, Microsoft's malicious software removal tools will consolidate previously released tools for the Blaster, MyDoom and Download.Ject attacks.”

http://www.eweek.com/article2/0,1759,1748869,00.asp

Three unpatched flaws in Internet Explorer

Three unpatched flaws in Internet Explorer:

“Secunia said Friday that it had raised its rating of the vulnerabilities in Microsoft's browser to "extremely critical," its highest rating. The flaws, which affect IE 6, could enable attackers to place and execute programs such as spyware and pornography dialers on victims' computers without their knowledge, said Thomas Kristensen, Secunia's chief technology officer.

Exploit code for one of the vulnerabilities, a flaw in an HTML Help control, was published on the Internet on Dec. 21 in an advisory by GreyHats Security Group.

"In order for us to rate a vulnerability as extremely critical, there has to be a working exploit out there and one that doesn't require user interaction," Kristensen said. "This is our highest rating and is the last warning for users to fix their systems."

The exploit code can be used to attack computers running Windows XP even if Microsoft's Service Pack 2 patch has been installed, Secunia said. The company is advising people to disable IE's Active X support as a preventative measure, until Microsoft develops a patch for the problem. It also suggests using another browser product.

The Secunia advisory also warns of another HTML Help control vulnerability that, when used in combination with a drag-and-drop flaw, could be used to attack PCs--though in that case, it would have to be with the interaction of the victim. The company first issued an alert about the three security holes in October.”

Microsoft said it was investigating the public reports of the exploit, adding that the delay in fixing the IE patch was related to the extensive work needed to produce an effective patch.

The company is advising people to check its safe browsing guidelines and to set their Internet security zone settings to "high." It also suggests that people continue installing automatic security updates from Service Pack 2.

Secunia also offers users the ability to conduct an online test of their systems to see if they are vulnerable.

http://dw.com.com/redir?destUrl=http%3A%2F%2Fsecunia.com%2Finternet_explorer_command_execution_vulnerability_test%2F&siteId=22&oId=2100-1009-5517457&ontId=1009&lop=nl.ex

http://news.zdnet.com/2100-1009_22-5517457.html?tag=nl.e589

The Search Engine Report - Number 98

The Search Engine Report - Number 98:
“In This Issue”

+ SEW Search Term Research Resources Updated
+ SEW Awards Later This Month
+ SES New York Comes Next
+ Search Engine Watch Articles
+ More From The Search Engine Watch Blog
+ About The Newsletter

http://searchenginewatch.com/sereport/article.php/3455031

CSS Crib Sheet

CSS Crib Sheet:

“You will no doubt come across many quirky layout issues when building a site with CSS. You'll end up banging your head against a wall time and again. This is an attempt to make the design process easier, and provide a quick reference to check when you run into trouble.”

Translations are available in Français, Deutsch, Italiano, Magyar, Finnish, Norwegian, Russian, Portuguese, Japanese and Simplified Chinese.

CSS Problem-Solving http://www.mezzoblue.com/archives/2004/03/10/css_problems/index.php

http://www.mezzoblue.com/css/cribsheet/

Firefox has much to learn

Firefox has much to learn:
by George Ou

“It is widely asserted as "fact" that Firefox is more secure, but does that assertion really hold up under intense scrutiny? Peter Torr of Microsoft doesn’t seem to think so. I can hear the howling now to the effect of "but the guy is just a Microsoft lackey on Bill Gate’s payroll". While it is certainly true that he works for Microsoft and is clearly giving a point of view favorable to Microsoft, no one can deny any of the serious criticisms that he lays on Firefox. Here is a list of Peter’s grievances that show a pretty flagrant disregard for the most basic of security principles.”

• Installing Firefox requires downloading an unsigned binary from a random web server
• Installing unsigned extensions is the default action in the Extensions dialog
• There is no way to check the signature on downloaded program files
• There is no obvious way to turn off plug-ins once they are installed
• There is an easy way to bypass the "This might be a virus" dialog

Since the initial posting and much "fanfare" from Slashdot, someone pointed how you can turn off plug-ins so Peter has since then conceded the fourth point. While there has been a huge firestorm of responses on the other points, I haven’t heard any acceptable explanations on any of the other four points that Peter has raised. The most serious issue is the first where Firefox might even send you to a raw IP address link (the favorite tactic of phishers) to download unsigned code.

http://blogs.zdnet.com/Ou/index.php?p=22&tag=nl.e539

Podcasting: Evolution or Revolution?

Podcasting: Evolution or Revolution?:
“Podcasting is getting all kinds of press. The buzz generated from this so-called phenomenon harkens back to the pre-2000 Internet, when the next big thing solved problems yet to be realized by the people in need of the solution. Is podcasting to iPods really what Tivo is to television? .”

Jake Ludington explores

1. Podcast Basics
2. How Do I Subscribe to a Podcast?
3. Podcasting and Windows Media Player
4. Join the Podcast Revolution

http://www.informit.com/articles/article.asp?p=360067

The Basics of Cascading Style Sheets

The Basics of Cascading Style Sheets:
“CSS, if used correctly, can greatly extend your ability to create attractive Web designs. Learn how you can use styles to enhance your Dreamweaver MX 2004 web page. ”

In this article

• A Brief Introduction to Styles
• Designing with CSS
• Style Properties
• Working with CSS Styles
• Editing CSS in Code View

The cascading style sheets (CSS) language is a way to describe the appearance of Web pages by assigning styles to specific HTML tags and portions of the page. These styles allow a designer greater range of presentational effects than can be achieved by using only HTML styles. Dreamweaver MX 2004 makes it easy to edit and apply style sheets to new or existing Web documents.

If you're already familiar with CSS, you can skip over the following introduction and go directly to "Designing with CSS" to use Dreamweaver MX 2004 to build Web pages using styles.

http://www.informit.com/articles/article.asp?p=355339

Download boot disks for all your needs from these Web sites

Download boot disks for all your needs from these Web sites:
“You no longer have to create your own boot disks--others have done the work for you and uploaded their files to the Internet.

Why create a custom boot disk yourself when you can download one quickly and hassle free from a Web site? Many Web sites offer downloadable programs for creating custom boot disks, but of course, some are better than others in terms of their content and page layout. A quick look at some of the most popular of these sites will help you decide where you can find the best one-stop shop for your boot disk needs.”

Free Registration

http://techrepublic.com.com/5102-6270-5034303.html

How Does Google Figure out What Pages are More Relevant? Pagerank

How Does Google Figure out What Pages are More Relevant? Pagerank:

“A core question for anyone on the Web, and certainly a question you should be asking if you're trying to monetize your Web site, is how the heck does Google figure out what sites are more relevant to a given search than others?

Dave Taylor helps you understand Pagerank, a critical first step in increasing the visibility of your website in Google searches.”

http://www.informit.com/articles/article.asp?p=360068

Clean HTML from Word: Can It Be Done?

Clean HTML from Word: Can It Be Done?:
“Laurie Rowell's short answer to the question above: Yes, with a bit of effort. With a number of utilities available at relatively low cost, you can finagle Microsoft Word's output to something that resembles clean HTML. You might need to roll up your sleeves and dig around in the code or the formatting (depending on the application you choose), but you should end up with something you can put on the web without shame.”

Free membership available

http://www.informit.com/articles/article.asp?p=359433

Browsers as test platforms

Browsers as test platforms:
“Browsers from a developer's point of view. When developing for the web, it is inevitable that we need to debug and test our work. How easy or how hard is it to find the problems causing errors and how easy is it to replicate certain environment changes? Once we identified the steps we need to take to test properly, we will see if there is a chance to extend the browser to make these steps a lot easier.”

The development environment is an PC running Windows XP, in this case a IBM Thinkpad T40 with 1GB of Ram and a Centrino 1300MHz processor.

We will take a look at Microsoft Internet Explorer 6, Mozilla Firefox 1.0 preview release and Opera 7.50.

For testing, we will use a web site template with some HTML errors and a Javascript error.

What we want to test is:

• Why is the Javascript not working (i.e. why is the menu not collapsing)?
• Why is the site not being displayed correctly?
• Why does the form not get sent off?
• How does the design behave with different font sizes?
• How does the page work without CSS, or Javascript or images?

Debugging the HTML

We will check how comfortable the source view is in the browser, and if it provides us with extra tools to check the HTML structure.

Debugging the Javascript

We will test how easy it is to trace back Javascript errors. Does the browser tell us the error? How easy is it to see the error messages?

Debugging the CSS

When using CSS seriously, we need to avoid Quirksmode at all costs. Quirksmode is a feature that was added into modern browsers to ensure backward compatibility and forces it to render pages like its predecessor. This makes it nearly impossible to predict the outcome, and forces us to keep developing for the past rather than for the future. We can force browsers to render web sites properly - in standards mode - by giving them the correct DOCTYPE [1]. To see what went wrong with our CSS, we need to find out whether the browser renders in Quirksmode or not.

Testing the accessibility of our page

To test how accessible our page is, we can take a quick look to see how it renders without CSS, Javascript or any of them. Furthermore, we want to resize the font of the browser to check if that breaks our design.…

http://icant.co.uk/forreview/browsertests/

Windows Security Updates Summary for December 2004

Windows Security Updates Summary for December 2004:

“The Microsoft Windows security updates for December 2004 include several important updates and a critical cumulative update for Microsoft Internet Explorer 6 Service Pack 1 (SP1), a component of Windows. If you have any of the software listed on this page installed on your computer, you should visit the Windows Update Web site to install related updates.

Supported software affected

• Internet Explorer 6 SP1 on Windows 2000 SP3, Windows 2000 SP4, or Windows XP SP1
• Internet Explorer 6 SP1 on Windows NT Server 4.0 SP6a; Windows NT Server 4.0, Terminal Service Edition SP6; Windows 98; Windows 98 SE; or Windows Me
• Internet Explorer 6 for Windows XP 64-Bit Edition SP1

Note Updates for Windows Millennium Edition, Windows 98, and Windows 98 Second Edition are being made available under extended support for critical security issues.”

http://www.microsoft.com/security/bulletins/200412_windows.mspx

Net worm using Google to spread

Net worm using Google to spread:

“A Web worm that identifies potential victims by searching Google is spreading among online bulletin boards using a vulnerable version of the program phpBB, security professionals said on Tuesday.

The Santy worm uses a flaw in the widely used community forum software known as the PHP Bulletin Board (phpBB) to spread, according to updated analyses. The worm searches Google for sites using a vulnerable version of the software, antivirus firm Kaspersky said in a statement.

Almost 40,000 sites may have already been infected. Using Microsoft's Search engine to scan for the phrase "NeverEverNoSanity"--part of the defacement text that the Santy worm uses to replace files on infected Web sites--returns nearly 39,000 hits.

"Santy.a is spreading rapidly," antivirus firm Kaspersky stated in a new release published Tuesday. "However, this does not directly affect users. Although the worm infects Web sites, it does not infect computers used to view those sites."

The worm sends Google a specific search request, essentially asking for a list of vulnerable sites. Armed with the list, the worm then attempts to spread to those sites using a PHP request designed to exploit the phpBB bulletin board software.

The worm is the latest twist on using Google as an attack tool, a practice known as Google hacking. It may also be the first time a program used Google to identify victims for an attack.…”

http://news.zdnet.com/2100-1009_22-5499725.html

Producing a High-Definition Windows Media Video File

Producing a High-Definition Windows Media Video File:
“This document provides information about creating high-definition Microsoft Windows Media Video files. Topics covered include an overview of the content creation process, a list of acceptable video sources, information about the capturing and encoding processes, and system requirements for encoding and playing a high-definition Windows Media Video file.

By using Microsoft Windows Media Encoder 9 Series, you can create high-definition Windows Media Video files in the high-definition television (HDTV) standard formats, such as 1280 x 720 progressive (720p), 1920 x 1080 interlaced (1080i), or 1920 x 1080 progressive at 23.976 fps (1080Psf). The process of creating a high-definition Windows Media Video file consists of the following steps:

1. Capture the content from a high-definition source.
2. Edit the content (optional).
3. Convert the content to an .avi file.
4. Encode the content.

Note that you can use software, such as Sonic Foundry Vegas or Discreet CleanerXL, to combine the four steps into a single step. For more information about these programs, see the Sonic Foundry Web site http://go.microsoft.com/fwlink/?LinkId=14986 or the Discreet Web site http://go.microsoft.com/fwlink/?LinkId=15004.”

http://www.microsoft.com/windows/windowsmedia/
howto/articles/ProducingHDVideo.aspx

Web Design: A Decade Under the Influence

Web Design: A Decade Under the Influence:

“Full streaming video feeds of some of most noteworthy sessions at this month's Web Design World 2004 have been published for your education and entertainment.

Keynotes from Jeffrey Zeldman and Kelly Goto are joined by sessions on rich media web apps (Tom Green), defensive web design (37signal's Jason Fried), as well as sessions on accessibility, XML and more.”

http://www.ftponline.com/reports/wdwboston/2004/

Crop Images Contextually

Crop Images Contextually:

“Cropping and resizing your images for the Web is a common technique for creating smaller thumbnail images that download quickly. However, we've seen many sites that either use HTML's width and height attributes to resize larger images, or minimally crop and resize their images to lose vital information (see Figure 1). A better way to create images optimized for the Web is to crop them contextually.”

What is cropping contextually? Many times digital images shot for Web use have a border of useless space around the object(s) of interest. Rather than crop to just the film or chip's border, crop contextually down to the minimum dimensions that still convey the meaning or context of your image…

http://www.websiteoptimization.com/speed/tweak/crop/

The Podcast.net Directory

The Podcast.net Directory:
“Podcast.net is a directory of RSS feeds that feature podcasts sorted by category. Like Yahoo, but for podcasts.”

http://www.podcaster.net/

Build Your Own Windows Media Center PC

Build Your Own Windows Media Center PC :
“In the past year, a number of interesting, pre-configured "media PCs" have arrived on the scene. The boutique PC makers, such as VoodooPC with its Voodoo Vibe and Alienware's DHS series, offer examples of the craft. But even mainstream PC manufacturers have jumped on the bandwagon—Sony with its VAIO RA-810G and HP with its Digital Entertainment Center.

All of them are certainly fine products in their own right, but it seemed to us that we could build something equivalent, or maybe even a little better. At the top of our list was the ability to seamlessly integrate this rig into our home-theater system. Secondarily, it had to look like it belonged in a rack with A/V components. Finally, the system had to support HDTV viewing and recording.… ”

http://www.extremetech.com/article2/0,1558,1742236,00.asp

E-Card Holiday Virus Packs Ugly Punch

E-Card Holiday Virus Packs Ugly Punch:
“A new virus strain masquerading as electronic Christmas cards is accounting for one in every 10 e-mails hitting in-boxes, security experts warned Wednesday.

The W32/Zafi-D worm, which originated in Hungary, is using mass-mailing and P2P (peer-to-peer) techniques to squirm through in-boxes and slow network traffic to a crawl.

The worm, which poses as a Christmas greeting, has the ability to replicate in as many as 19 languages, which makes it a "very serious threat" to computer users worldwide, said Graham Cluley, a senior technology consultant at Sophos Inc.

Cluley told eWEEK.com the Zafi-D mutant accounts for 75 percent of all virus reports at coming into the company's monitoring stations in the past 24 hours.

A spokeswoman for e-mail security services firm MessageLabs said the company had intercepted more than 1 million copies of Zafi-D since it first started squirming Tuesday.…”

According to a Sophos advisory, the worm arrives with the subject line "Merry Christmas," "Buon Natale!" or "Joyeux Noel!," depending on the location of the recipient.

The body of the e-mail contains a "Happy Hollydays" greeting in green text with a yellow emoticon. The virus arrives as an attachment with the following extensions: ZIP, CMD, PIF, BAT or COM.

Once executed, Zafi-D copies itself to the Windows system folder with the filename "Norton Update.exe." It then creates a number of files in the Windows system folder with filenames consisting of eight random characters and a DLL extension.…

http://www.eweek.com/article2/0,1759,1742085,00.asp

How to identity SIMMs

How to identity SIMMs:
“You’ve found some old SIMMs in a desk drawer or extracted them from an unwanted PC. Are they fit only for the bin, or are they suitable for use in a user’s PC? Guy Clapperton shows how to find out.”

http://www.techsupportalert.com/search/h0831.pdf

http://64.233.167.104/search?q=cache:wM4uSCKnGdsJ:www.techsupportalert.com/search/h0831.pdf identify 72 pin SIMM&hl=en