It plans to release its first SaaS offering by the end of the year.
July 31, 2007 - Symantec Corp. will follow up the release of its Symantec Protection Network backup service with a range of new software-as-a-service (SaaS) offerings in 2008 and beyond, company executives said Monday.
The Cupertino, Calif.-based software vendor plans to release its first SaaS offering -- a backup service for small and midsize businesses called the Symantec Protection Network -- by year's end, said Greg Hughes, group president of global services, during a meeting with reporters. The backup service will allow Symantec's data centers to "take all the problems of backup and run it efficiently for small to medium-size businesses," he said.
After that, Symantec will introduce a variety of services to will give small businesses a way of doing things like filtering unsafe Web sites or e-mail messages, and even remotely accessing desktop PCs. "We're going to enter messaging, message hygiene [and] remote client operation," he said.
Symantec, like Google Inc. and Microsoft Corp., sees an opportunity to provide smaller companies with applications and IT services over the Web, Hughes said. "We see infrastructure as a big need for small-to-medium business," he said.
Google, in particular, may soon become a more important competitor following its acquisitions of security vendors Postini Inc. and Green Border Technologies Inc. and because of its rumored Gdrive backup service.
But with its sales channel relationships and years of experience doing business with small and midsize companies, Symantec feels that it can hold its own against the search juggernaut. "We really think when you look at Symantec, we have a number of advantages," said Hughes. "We're really trusted when it comes to protecting data."
Symantec CEO John Thompson said he is not particularly surprised by Google's entry into the security market, saying that the Postini acquisition was simply part of the "drive toward making Google apps more relevant to the enterprise buyer."
He added that he is not particularly concerned to have Google as a competitor. "I doubt that Google's intent is to be solely in the security business," he said.
As for Symantec's other SaaS competitors, Thompson seemed more worried about companies such as IBM or Oracle Corp. entering the space. "I don't think it's a foregone conclusion that Microsoft will be a player at all," he said.
"I think the market's going to get very frothy," Thompson added. "Microsoft can't be the only one who plays here."
Edit By: Robert McMillan
7/31/2007
[Security News]Symantec's 'Dark Vision' mines carder sites
A credit card number can be bought for as little as $6
July 31, 2007 - Researchers at Symantec Corp. have developed a system that mines underground Web sites and chat rooms for sensitive information that is being sold.Called Dark Vision, the system was first developed in mid-2006, and allows Symantec to "track the underground economy," said Oliver Friedrichs, director of emerging technologies with Symantec Security Response.Symantec hasn't decided yet when or if it will roll Dark Vision into its product line. "At this point, it's really an early prototype," Friedrichs said. "But we see a number of different opportunities, including the potential to warn consumers where we see their information being disclosed."Identity thieves meet with information-buying criminals on a variety of "carder" Web sites, and then meet up in chat rooms or on Internet Relay Chat (IRC) channels to buy and sell the data.A credit card number can be bought for as little as $6, Friedrichs said, but other information, such as Social Security numbers, addresses and telephone numbers, is also there for the taking. "You can actually buy a complete identity of someone for ... $14 to $18 on average," he said. "They're really dumping a variety of records."Dark Vision gives security researchers a graphical presentation of the data it has mined from these Web sites and IRC chats, showing exactly where the carder servers are located and what is being discussed.Because carders exchange the majority of their credit card information in secret -- and for a price -- Dark Vision captures only a small fraction of the data that has been stolen, generally recording only sample data that is posted in the forums to prove the seller is legitimate.In its first three months of testing, Dark Vision dug up about 800 stolen credit card numbers, Friedrichs said.Still, Friedrichs thinks the tool may be useful to credit card issuers or companies that are looking for early hints on the source of data breaches, and could be delivered as part of Symantec's global services organization.Symantec is not the first company to look into mining this type of information for profit. A small Malibu, Calif., company called CardCops Inc. has already gone into a similar line of business, trolling the Internet for compromised data and reporting it to merchants, authorities and consumers.Last year, the U.S. Department of Justice estimated that identity theft was affecting millions of households each year and costing about $6.4 billion in losses annually.
Edit By: Robert McMillan
July 31, 2007 - Researchers at Symantec Corp. have developed a system that mines underground Web sites and chat rooms for sensitive information that is being sold.Called Dark Vision, the system was first developed in mid-2006, and allows Symantec to "track the underground economy," said Oliver Friedrichs, director of emerging technologies with Symantec Security Response.Symantec hasn't decided yet when or if it will roll Dark Vision into its product line. "At this point, it's really an early prototype," Friedrichs said. "But we see a number of different opportunities, including the potential to warn consumers where we see their information being disclosed."Identity thieves meet with information-buying criminals on a variety of "carder" Web sites, and then meet up in chat rooms or on Internet Relay Chat (IRC) channels to buy and sell the data.A credit card number can be bought for as little as $6, Friedrichs said, but other information, such as Social Security numbers, addresses and telephone numbers, is also there for the taking. "You can actually buy a complete identity of someone for ... $14 to $18 on average," he said. "They're really dumping a variety of records."Dark Vision gives security researchers a graphical presentation of the data it has mined from these Web sites and IRC chats, showing exactly where the carder servers are located and what is being discussed.Because carders exchange the majority of their credit card information in secret -- and for a price -- Dark Vision captures only a small fraction of the data that has been stolen, generally recording only sample data that is posted in the forums to prove the seller is legitimate.In its first three months of testing, Dark Vision dug up about 800 stolen credit card numbers, Friedrichs said.Still, Friedrichs thinks the tool may be useful to credit card issuers or companies that are looking for early hints on the source of data breaches, and could be delivered as part of Symantec's global services organization.Symantec is not the first company to look into mining this type of information for profit. A small Malibu, Calif., company called CardCops Inc. has already gone into a similar line of business, trolling the Internet for compromised data and reporting it to merchants, authorities and consumers.Last year, the U.S. Department of Justice estimated that identity theft was affecting millions of households each year and costing about $6.4 billion in losses annually.
Edit By: Robert McMillan
[Network Technology]Import Your Contacts to Gmail
Add Outlook, OE, and Windows Mail contacts to your Gmail address book in two steps.
Need to transfer contacts from your e-mail program into Gmail? Instead of retyping them, use the comma-separated values (CSV) format (which Gmail and just about every other e-mail program supports) to import them en masse as one file. In Outlook 2003 and 2007, select File, Import and Export, choose Export to a file, click Next, select Comma Separated Values (Windows) as your output format, and click Next again. The Export Wizard will then instruct you to choose a location for your CSV file.
To export contacts from Outlook Express, choose File, Export, Address Book, choose Text File (Comma Separated Values) as your output format, click the Export button, and save the file in a convenient place.
In Windows Mail (Vista's built-in e-mail program), select File, Export, Windows Contacts, choose CSV (Comma Separated Values), click the Export button, and choose a location to store the file in.
If you use Mozilla Thunderbird, open the address book, click Tools, Export, and select Comma Separated (*.csv) from the drop-down menu prior to choosing a folder to save the file in.
Next, import the .csv file into Gmail: Click the Contacts link on the left side of Gmail's main screen. The Contacts page lists your current Gmail contacts. Click Import at the top right, and then choose the Browse button in the Import Contacts dialog box. Navigate to and select the .csv file you just saved, choose Open, and click the Import Contacts button. Choose Close, and you'll see all of your contacts. If you're looking at your sublist of Frequently Mailed contacts, click the All Contacts link above your addresses to see the entire address book.
Edit By: Preston Gralla
Need to transfer contacts from your e-mail program into Gmail? Instead of retyping them, use the comma-separated values (CSV) format (which Gmail and just about every other e-mail program supports) to import them en masse as one file. In Outlook 2003 and 2007, select File, Import and Export, choose Export to a file, click Next, select Comma Separated Values (Windows) as your output format, and click Next again. The Export Wizard will then instruct you to choose a location for your CSV file.
To export contacts from Outlook Express, choose File, Export, Address Book, choose Text File (Comma Separated Values) as your output format, click the Export button, and save the file in a convenient place.
In Windows Mail (Vista's built-in e-mail program), select File, Export, Windows Contacts, choose CSV (Comma Separated Values), click the Export button, and choose a location to store the file in.
If you use Mozilla Thunderbird, open the address book, click Tools, Export, and select Comma Separated (*.csv) from the drop-down menu prior to choosing a folder to save the file in.
Next, import the .csv file into Gmail: Click the Contacts link on the left side of Gmail's main screen. The Contacts page lists your current Gmail contacts. Click Import at the top right, and then choose the Browse button in the Import Contacts dialog box. Navigate to and select the .csv file you just saved, choose Open, and click the Import Contacts button. Choose Close, and you'll see all of your contacts. If you're looking at your sublist of Frequently Mailed contacts, click the All Contacts link above your addresses to see the entire address book.
Edit By: Preston Gralla
7/29/2007
[News]Sprint, Google to Offer WiMAX Mobile Internet Services
Sprint and Google will bring WiMAX mobile Internet customers search, interactive communications and social networking tools though a new mobile portal.
The collaboration between Sprint and Google will help spur new mobility and location-assisted services as Sprint untethers Internet access for consumers, businesses and government customers.
Sprint is developing a nationwide advanced wireless broadband network that is being designed to mobilize the Internet, bring wireless innovation to devices and deliver new mobile multimedia applications to customers. The pact with Google is a milestone in Sprint’s mobile Internet strategy, and it builds upon current WiMAX ecosystem infrastructure and device agreements to establish an Internet destination for user-generated content and multimedia offerings.
“Google and Sprint will optimize the Internet experience for the digital lifestyle,” said Barry West, president, 4G Mobile Broadband for Sprint. “This collaboration brings what will be the best mobile Internet network together with the leading Internet search company. It allows us to capitalize on the powerful mobility and Internet trends, and create wireless services and applications that take advantage of each company’s history of product development innovation.”
Sprint network bandwidth, location detection and presence capabilities will be matched with Google’s communications suite - Google Apps - that combines the Gmail, Google Calendar and Google Talk services. Customers will be able to experience a new form of interactive communications, high speed Internet browsing, local and location-centric services, and multimedia services including music, video, TV and on-demand products.
Sprint will provide open standard APIs (application programming interfaces) to Sprint’s go-to-market partners and the Internet developer community to create customized products for browsable devices, facilitating the delivery of personalized and interactive services to consumer, business, public safety and government customers. These services will be available in a variety of WiMAX embedded devices, including connection cards, stand-alone modems, laptop computers and consumer electronic devices such as personal media players, mobile Internet devices, gaming devices and phones. Eventually, the WiMAX service will be available in vehicles for navigation information, news and entertainment.
Sprint plans WiMAX test service in the Chicago, Baltimore and Washington DC areas by year-end 2007. Commercial service is expected to be available in a number of markets starting April 2008 and cover 100 million people by year-end 2008 in conjunction with a planned partnership with Clearwire.
Edit By: Horia Covaci
The collaboration between Sprint and Google will help spur new mobility and location-assisted services as Sprint untethers Internet access for consumers, businesses and government customers.
Sprint is developing a nationwide advanced wireless broadband network that is being designed to mobilize the Internet, bring wireless innovation to devices and deliver new mobile multimedia applications to customers. The pact with Google is a milestone in Sprint’s mobile Internet strategy, and it builds upon current WiMAX ecosystem infrastructure and device agreements to establish an Internet destination for user-generated content and multimedia offerings.
“Google and Sprint will optimize the Internet experience for the digital lifestyle,” said Barry West, president, 4G Mobile Broadband for Sprint. “This collaboration brings what will be the best mobile Internet network together with the leading Internet search company. It allows us to capitalize on the powerful mobility and Internet trends, and create wireless services and applications that take advantage of each company’s history of product development innovation.”
Sprint network bandwidth, location detection and presence capabilities will be matched with Google’s communications suite - Google Apps - that combines the Gmail, Google Calendar and Google Talk services. Customers will be able to experience a new form of interactive communications, high speed Internet browsing, local and location-centric services, and multimedia services including music, video, TV and on-demand products.
Sprint will provide open standard APIs (application programming interfaces) to Sprint’s go-to-market partners and the Internet developer community to create customized products for browsable devices, facilitating the delivery of personalized and interactive services to consumer, business, public safety and government customers. These services will be available in a variety of WiMAX embedded devices, including connection cards, stand-alone modems, laptop computers and consumer electronic devices such as personal media players, mobile Internet devices, gaming devices and phones. Eventually, the WiMAX service will be available in vehicles for navigation information, news and entertainment.
Sprint plans WiMAX test service in the Chicago, Baltimore and Washington DC areas by year-end 2007. Commercial service is expected to be available in a number of markets starting April 2008 and cover 100 million people by year-end 2008 in conjunction with a planned partnership with Clearwire.
Edit By: Horia Covaci
[Security News]EU and US to Agree Satellite Networks Compatibility
The United States and the European Union announced their agreement to jointly adopt and provide an improved design for their Global Navigation Satellite System (GNSS) signals. These will be implemented on the Galileo Open Service and the GPS IIIA new civil signal.
Building on the cooperative agreement on GPS and Galileo signed between the two parties in June 2004, a joint compatibility and interoperability working group overcame technical challenges to design interoperable optimized civil signals.
The resulting GPS L1C signal and Galileo L1F signal have been optimized to use a multiplexed binary offset carrier (MBOC) waveform. Future receivers using the MBOC signal should be able to track the GPS and/or Galileo signals with higher accuracy in challenging environments that include multipath, noise, and interference.
The agreement would allow GPS to be more precise, allowing it to locate an object to within 3.5 metres instead of 10 currently. Galileo, supposed to be operational in 2012, would be able to locate an object to within one metre.
Future civilian users will enjoy the benefits of multiple GNSS constellations providing greater signal availability and coverage around the world. Incorporating MBOC into both GPS and Galileo will enhance commercial opportunities for the development of new GNSS products and services. Manufacturers and product designers will have the benefit of adequate lead time to ensure products developed will meet the needs of users around the world.
EC Director General Matthias Ruete said, “Today’s announcement underscores Europe’s commitment to interoperability between Galileo and GPS and to managing the Galileo program in an innovative partnership with the United States. The international GNSS community, including the U.S., will have full and transparent access to information on how to access Galileo and GPS services. This should facilitate the rapid acceptance of Galileo in global markets side by side with GPS,” said Matthias Ruete, EC Director General.
U.S. State Department Principal Deputy Assistant Secretary Reno Harnish said, “We are pleased by the adoption of this key improvement to the common civil signal design. The U.S.-EU collaboration that produced this innovation and led to its joint adoption reflects the strong working relationships that we have developed on GPS and Galileo. This technical milestone represents the next step in our ongoing commitment to open standards and market-driven innovation that will benefit all users world wide. We look forward to continuing cooperation in our work with the European Union.”
Edit By: Horia Covaci
Building on the cooperative agreement on GPS and Galileo signed between the two parties in June 2004, a joint compatibility and interoperability working group overcame technical challenges to design interoperable optimized civil signals.
The resulting GPS L1C signal and Galileo L1F signal have been optimized to use a multiplexed binary offset carrier (MBOC) waveform. Future receivers using the MBOC signal should be able to track the GPS and/or Galileo signals with higher accuracy in challenging environments that include multipath, noise, and interference.
The agreement would allow GPS to be more precise, allowing it to locate an object to within 3.5 metres instead of 10 currently. Galileo, supposed to be operational in 2012, would be able to locate an object to within one metre.
Future civilian users will enjoy the benefits of multiple GNSS constellations providing greater signal availability and coverage around the world. Incorporating MBOC into both GPS and Galileo will enhance commercial opportunities for the development of new GNSS products and services. Manufacturers and product designers will have the benefit of adequate lead time to ensure products developed will meet the needs of users around the world.
EC Director General Matthias Ruete said, “Today’s announcement underscores Europe’s commitment to interoperability between Galileo and GPS and to managing the Galileo program in an innovative partnership with the United States. The international GNSS community, including the U.S., will have full and transparent access to information on how to access Galileo and GPS services. This should facilitate the rapid acceptance of Galileo in global markets side by side with GPS,” said Matthias Ruete, EC Director General.
U.S. State Department Principal Deputy Assistant Secretary Reno Harnish said, “We are pleased by the adoption of this key improvement to the common civil signal design. The U.S.-EU collaboration that produced this innovation and led to its joint adoption reflects the strong working relationships that we have developed on GPS and Galileo. This technical milestone represents the next step in our ongoing commitment to open standards and market-driven innovation that will benefit all users world wide. We look forward to continuing cooperation in our work with the European Union.”
Edit By: Horia Covaci
[Security News]Cisco to Acquire a Part of VMWare
Cisco will purchase $150 million of VMware Class A common shares currently held by EMC Corporation, VMware’s parent company, subject to customary regulatory and other closing conditions including Hart-Scott-Rodino (HSR) review.
Upon closing of the investment, Cisco will own approximately 1.6 percent of VMware’s total outstanding common stock (less than one percent of the combined voting power of VMware’s outstanding common stock). VMware has agreed to consider the appointment of a Cisco executive to VMware’s board of directors at a future date.
Cisco’s purchase is intended to strengthen inter-company collaboration towards accelerating customer adoption of VMware virtualization products with Cisco networking infrastructure and the development of customer solutions that address the intersection of virtualization and networking technologies.
In addition, VMware and Cisco have entered into a routine and customary collaboration agreement that expresses their intent to expand cooperative efforts around joint development, marketing, customer and industry initiatives. Through improved coordination and integration of networking and virtualized infrastructure, the companies intend to foster solutions for enhanced datacenter optimization and extend the benefits of virtualization beyond the datacenter to remote offices and end-user desktops.
Edit By: Horia Covaci
Upon closing of the investment, Cisco will own approximately 1.6 percent of VMware’s total outstanding common stock (less than one percent of the combined voting power of VMware’s outstanding common stock). VMware has agreed to consider the appointment of a Cisco executive to VMware’s board of directors at a future date.
Cisco’s purchase is intended to strengthen inter-company collaboration towards accelerating customer adoption of VMware virtualization products with Cisco networking infrastructure and the development of customer solutions that address the intersection of virtualization and networking technologies.
In addition, VMware and Cisco have entered into a routine and customary collaboration agreement that expresses their intent to expand cooperative efforts around joint development, marketing, customer and industry initiatives. Through improved coordination and integration of networking and virtualized infrastructure, the companies intend to foster solutions for enhanced datacenter optimization and extend the benefits of virtualization beyond the datacenter to remote offices and end-user desktops.
Edit By: Horia Covaci
[Security News]Database admin at Fidelity National stole more data than thought
Information on as many as 8.5M consumers may have been exposed
July 26, 2007 - A senior database administrator at a subsidiary of Fidelity National Information Services who was responsible for defining and enforcing data access rights at the firm took data belonging to as many as 8.5 million consumers -- not 2.3 million, as originally disclosed by the company.
The new number was disclosed yesterday in filings by Fidelity National with the U.S. Securities and Exchange Commission (SEC). The company warned of the possibility that even more data may have been compromised in the breach. Jacksonville, Fla.-based Fidelity National, which is not connected with the more widely known mutual funds company Fidelity Investments, is a transaction processing and outsourcing services provider to the financial industry.
On July 3, Fidelity National disclosed that a database administrator, who is no longer with the company, had illegally downloaded and sold customer data to a data broker. The data broker, in turn, sold a subset of the data to other direct marketing companies. The stolen data included names, addresses, birth dates, and bank account and credit card information, the company said.
The database administrator worked for Certegy Check Services Inc., which provides a check-authorization service to help merchants decide whether to accept checks as payment for goods and service.
In its SEC filing, Fidelity National said that an investigation into the theft showed that 8.5 million records were stolen. Of that number, about 5.7 million records were checking account records and about 1.5 million records included credit card details. The remaining records contained only identifying information such as names, addresses, dates of birth and telephone numbers.
"This is an incremental increase of approximately 3.5 million checking account records and approximately 1.4 million credit card records over our announcement on July 3, 2007," Fidelity National said in its statement. Fidelity added that a portion of the stolen data was taken from the company's credit card issuance business.
Fidelity said it "continues to see no evidence of the stolen information being used for anything other than marketing purposes. Although the company does not anticipate significant liability to consumers or for financial fraud, there can be no assurance that this matter will not result in fines or other consequences that adversely impact the Company or its relationship with governing organizations, customers or regulators."
Edit By: Jaikumar Vijayan
July 26, 2007 - A senior database administrator at a subsidiary of Fidelity National Information Services who was responsible for defining and enforcing data access rights at the firm took data belonging to as many as 8.5 million consumers -- not 2.3 million, as originally disclosed by the company.
The new number was disclosed yesterday in filings by Fidelity National with the U.S. Securities and Exchange Commission (SEC). The company warned of the possibility that even more data may have been compromised in the breach. Jacksonville, Fla.-based Fidelity National, which is not connected with the more widely known mutual funds company Fidelity Investments, is a transaction processing and outsourcing services provider to the financial industry.
On July 3, Fidelity National disclosed that a database administrator, who is no longer with the company, had illegally downloaded and sold customer data to a data broker. The data broker, in turn, sold a subset of the data to other direct marketing companies. The stolen data included names, addresses, birth dates, and bank account and credit card information, the company said.
The database administrator worked for Certegy Check Services Inc., which provides a check-authorization service to help merchants decide whether to accept checks as payment for goods and service.
In its SEC filing, Fidelity National said that an investigation into the theft showed that 8.5 million records were stolen. Of that number, about 5.7 million records were checking account records and about 1.5 million records included credit card details. The remaining records contained only identifying information such as names, addresses, dates of birth and telephone numbers.
"This is an incremental increase of approximately 3.5 million checking account records and approximately 1.4 million credit card records over our announcement on July 3, 2007," Fidelity National said in its statement. Fidelity added that a portion of the stolen data was taken from the company's credit card issuance business.
Fidelity said it "continues to see no evidence of the stolen information being used for anything other than marketing purposes. Although the company does not anticipate significant liability to consumers or for financial fraud, there can be no assurance that this matter will not result in fines or other consequences that adversely impact the Company or its relationship with governing organizations, customers or regulators."
Edit By: Jaikumar Vijayan
[News]First American Corp. uses virtualization, quake technology to bolster business
The Santa Ana, Calif., data center is built on 30 vulcanized rubber columns
July 26, 2007 - SANTA ANA, Calif. -- First American Corp. in Santa Ana, Calif., is relying on data center virtualization technologies to provide quick disaster recovery in the event of an earthquake.
The 22,000-square-foot data center, nearly two years old, is built on 30 columns with vulcanized rubber layers that work as seismic isolators designed to withstand an 8.5-magnitude earthquake. The isolators allow the entire structure to sway 24 inches in any direction horizontally, according to a company spokeswoman.
First American offered reporters a tour of its earthquake-hardened data center here yesterday, which will be matched soon by another near Dallas.
But even if the building were somehow destroyed, First American could depend on data center virtualization technologies to provide disaster recovery with the Dallas data center, officials said.
Virtualization for First American has resulted from a comprehensive $100 million IT upgrade first planned in 2004, which began with a data center consolidation and has led to voice-over-IP technology and other changes, said Evan Jafa, chief technology officer of First American. The company had $8.5 billion in revenues in 2006, and provides business information to mortgage bankers and consumers on a range of topics.
Jafa estimated that the $100 million spent for consolidation and related technologies will be paid off by 2008 because of greater efficiencies in server utilization, lower long-distance costs with the use of VoIP, and cost reductions in many other areas.
Distributed systems across 2,100 global offices and 75 business units were consolidated into the two data centers, meaning there are now 4,500 servers in both locations, he said. About 1,200 of those are virtualized, Jafa said, which means they can be used for a range of applications and functions, instead of being dedicated for one specific purpose, which was traditionally the case.
The data center being built outside of Dallas will replace one in the city of Dallas and will also be equipped with virtual servers. If either site went down, both would be backed up with generators and other safeguards, but data could be instantly shipped to virtualized servers.
The virtualization process also means First American can adapt processes faster. Jafa said most of the networking upgrades were provided by Cisco Systems Inc., which is holding its annual Networkers Conference in nearby Anaheim, Calif., this week.
He said server utilization rates of 10% to 25% can be raised to more than 50% with virtualization. As a result of the efficiencies, the company can begin to plan its data needs in the future according to average usage, not peak usage, because it could rely on an unused pool of virtual servers. In fact, Jafa said, First American would not rule out using a third party for added server capacity, as suggested by some grid computing advocates.
"We're really shooting for a utility [computing] model for our customers," he said.
Cisco announced a data center virtualization management product yesterday called VFrame Data Center, which Jafa said First American will look at carefully.
"Today, there's a major gap in managing virtualization environments," he said. But even if VFrame could help manage all the networking, storage and application provisioning functions in a data center, as proposed, companies using it must still get the IT workers in all disciplines to work together, he said.
"Are the storage guys OK with the networking guys setting up their servers?" he asked.
Rick McGouth, vice president of telecommunications services for First American, agreed that a cultural change is in store for any business working toward a virtual data center. "IT has to be like a business to break down the resistance," he said.
McGouth said the data center consolidation and adoption of VoIP technology have so far resulted in 8,000 VoIP phones being installed, while hundreds of T1 lines were replaced by broadband Ethernet connections, fully redundant and from redundant carriers.
Edit By:Matt Hamblen
July 26, 2007 - SANTA ANA, Calif. -- First American Corp. in Santa Ana, Calif., is relying on data center virtualization technologies to provide quick disaster recovery in the event of an earthquake.
The 22,000-square-foot data center, nearly two years old, is built on 30 columns with vulcanized rubber layers that work as seismic isolators designed to withstand an 8.5-magnitude earthquake. The isolators allow the entire structure to sway 24 inches in any direction horizontally, according to a company spokeswoman.
First American offered reporters a tour of its earthquake-hardened data center here yesterday, which will be matched soon by another near Dallas.
But even if the building were somehow destroyed, First American could depend on data center virtualization technologies to provide disaster recovery with the Dallas data center, officials said.
Virtualization for First American has resulted from a comprehensive $100 million IT upgrade first planned in 2004, which began with a data center consolidation and has led to voice-over-IP technology and other changes, said Evan Jafa, chief technology officer of First American. The company had $8.5 billion in revenues in 2006, and provides business information to mortgage bankers and consumers on a range of topics.
Jafa estimated that the $100 million spent for consolidation and related technologies will be paid off by 2008 because of greater efficiencies in server utilization, lower long-distance costs with the use of VoIP, and cost reductions in many other areas.
Distributed systems across 2,100 global offices and 75 business units were consolidated into the two data centers, meaning there are now 4,500 servers in both locations, he said. About 1,200 of those are virtualized, Jafa said, which means they can be used for a range of applications and functions, instead of being dedicated for one specific purpose, which was traditionally the case.
The data center being built outside of Dallas will replace one in the city of Dallas and will also be equipped with virtual servers. If either site went down, both would be backed up with generators and other safeguards, but data could be instantly shipped to virtualized servers.
The virtualization process also means First American can adapt processes faster. Jafa said most of the networking upgrades were provided by Cisco Systems Inc., which is holding its annual Networkers Conference in nearby Anaheim, Calif., this week.
He said server utilization rates of 10% to 25% can be raised to more than 50% with virtualization. As a result of the efficiencies, the company can begin to plan its data needs in the future according to average usage, not peak usage, because it could rely on an unused pool of virtual servers. In fact, Jafa said, First American would not rule out using a third party for added server capacity, as suggested by some grid computing advocates.
"We're really shooting for a utility [computing] model for our customers," he said.
Cisco announced a data center virtualization management product yesterday called VFrame Data Center, which Jafa said First American will look at carefully.
"Today, there's a major gap in managing virtualization environments," he said. But even if VFrame could help manage all the networking, storage and application provisioning functions in a data center, as proposed, companies using it must still get the IT workers in all disciplines to work together, he said.
"Are the storage guys OK with the networking guys setting up their servers?" he asked.
Rick McGouth, vice president of telecommunications services for First American, agreed that a cultural change is in store for any business working toward a virtual data center. "IT has to be like a business to break down the resistance," he said.
McGouth said the data center consolidation and adoption of VoIP technology have so far resulted in 8,000 VoIP phones being installed, while hundreds of T1 lines were replaced by broadband Ethernet connections, fully redundant and from redundant carriers.
Edit By:Matt Hamblen
7/28/2007
[Network Security]Set a Hacker Alarm on Your Web Mail Box
Use a clever trick and free tools to find out if someone has been snooping into your e-mail to steal information.
Your Web mail account is a treasure trove of private and potentially valuable information--and thieves know it. In an online interview, one phisher claimed to make thousands of dollars every day by breaking into people's E-mail accounts and searching for messages that contain financial details.
Normally you can't tell whether you've been hacked in this way. Even if you cannily leave a juicy-sounding e-mail unread, a thief or snoop may read it and then return its status to unread. But with a little bit of know-how, you can create an electronic trip wire that will trigger whenever someone reads a rigged e-mail.
I came across the idea, which takes advantage of a free Web hit counter, in a blog post by Jeremiah Grossman of WhiteHat Security. After I talked with him, we came up with a setup that's easier than the one he originally suggested.
The gist of it is to keep an e-mail message in your account that includes the code for the counter. Opening the attachment trips the counter, thereby alerting you that someone was snooping.
Here's how to set it up:
1. Head over to OneStatFree.com and register for a free Web counter account. You can list anything for the site URL, and use a disposable e-mail address to complete the registration process .
2. Look for an e-mail from OneStat sent to the address you used when you registered. It will come with an attached file named OneStatScript.txt. Save that file, and note your account number. Then delete the e-mail, which has your account details.
3. Give the .txt file a name that will catch a spy's eye, like "BankPasswords," and make it an .htm file so it opens automatically in a Web browser (and trips the counter).
4. Send the file as an e-mail attachment to the Web mail account that you want to monitor. Use a similarly baited subject line, like "Account log-ins," for the message. Just be sure not to open the file when you send it--you don't want to set off your own alarm.
5. Sit back and wait like the patient spy-catcher you are. If anyone opens your rigged attachment, the hit counter will reflect that fact and will record information about them, including the IP address of the accessing computer. To check the counter stats, just log back in to your account at OneStatFree.com.
Of course, the way to maximize your protection is to avoid keeping sensitive financial data in your Web mail in the first place. The excellent, free Stanford Password Hash browser add-on provides additional security by making it easy to use strong, unique passwords for all of your accounts.
Edit By:Erik Larkin
Your Web mail account is a treasure trove of private and potentially valuable information--and thieves know it. In an online interview, one phisher claimed to make thousands of dollars every day by breaking into people's E-mail accounts and searching for messages that contain financial details.
Normally you can't tell whether you've been hacked in this way. Even if you cannily leave a juicy-sounding e-mail unread, a thief or snoop may read it and then return its status to unread. But with a little bit of know-how, you can create an electronic trip wire that will trigger whenever someone reads a rigged e-mail.
I came across the idea, which takes advantage of a free Web hit counter, in a blog post by Jeremiah Grossman of WhiteHat Security. After I talked with him, we came up with a setup that's easier than the one he originally suggested.
The gist of it is to keep an e-mail message in your account that includes the code for the counter. Opening the attachment trips the counter, thereby alerting you that someone was snooping.
Here's how to set it up:
1. Head over to OneStatFree.com and register for a free Web counter account. You can list anything for the site URL, and use a disposable e-mail address to complete the registration process .
2. Look for an e-mail from OneStat sent to the address you used when you registered. It will come with an attached file named OneStatScript.txt. Save that file, and note your account number. Then delete the e-mail, which has your account details.
3. Give the .txt file a name that will catch a spy's eye, like "BankPasswords," and make it an .htm file so it opens automatically in a Web browser (and trips the counter).
4. Send the file as an e-mail attachment to the Web mail account that you want to monitor. Use a similarly baited subject line, like "Account log-ins," for the message. Just be sure not to open the file when you send it--you don't want to set off your own alarm.
5. Sit back and wait like the patient spy-catcher you are. If anyone opens your rigged attachment, the hit counter will reflect that fact and will record information about them, including the IP address of the accessing computer. To check the counter stats, just log back in to your account at OneStatFree.com.
Of course, the way to maximize your protection is to avoid keeping sensitive financial data in your Web mail in the first place. The excellent, free Stanford Password Hash browser add-on provides additional security by making it easy to use strong, unique passwords for all of your accounts.
Edit By:Erik Larkin
[Security News]Yahoo patches Widgets, fixes hijack bug on Windows
July 27, 2007 - Security researchers today warned that Yahoo Widgets, a platform that runs small, Web-based, gadget-like applications on computer desktops, sports a critical flaw hackers can use to hijack Windows PCs.
A bug in an ActiveX control that ships with Yahoo Widgets can be exploited to create a buffer overflow and, after that, introduce rogue code to the compromised computer. The most likely attack scenario, said Yahoo, would find attackers feeding users' links to malicious Web sites.
Yahoo issued an update to Widgets' engine earlier this week, but it was just today that Danish vulnerability tracker Secunia, which reported the bug to Yahoo, announced the flaw. Secunia pegged the problem as "extremely critical," the second-highest threat rating in its five-step scoring system.
Users have reported, however, that although they have the Widgets' automatic update mechanism turned on, they've not received notice of the patch. Yahoo acknowledged this in a security advisory posted on the Widgets site. "Over the next several weeks, users worldwide will be prompted to update to a new version of Yahoo Widgets," the alert read.
Only the Windows version of Yahoo Widgets is at risk; the Mac OS X edition does not need to be updated.
Users can download Yahoo Widgets 4.0.5 rather than wait for the update notification, Yahoo said.
Yahoo Widgets, formerly known as Konfabulator before Yahoo's acquisition of the software in 2005, competes with Windows Vista's Sidebar and with the Mac OS X's Dashboard. The number of gadgets/widgets for each of those rivals, however, falls far short of the 4,000 or so available for Yahoo's engine.
Edit By:Gregg Keizer
[Virus Security]Ransomware Trojans likely work of single group
Strong "family" resemblance between previously released malware and current version
July 27, 2007 - The two most prominent ransomware Trojans of recent times could be the work of the same or a closely-related Russian group, an analysis has suggested.
Last week, a new ransomware Trojan appeared on the radar of security researchers, and was quickly identified as a modified version of the GpCode malware that first hit the Internet as long ago as Spring 2005. As with its predecessors, the new Trojan, also named "Glamour," sets out to encrypt data files on any PC it infects, demanding a ransom of $300 in return for a key to unlock files.
Now an analysis from security research outfit Secure Science Corporation (SSC) has plotted the large number of similarities between the new GpCode and a version that appeared in 2006. Of the 168 functions identified in the code of the new variant, 63 were identical to the older 2006 version.
"The results indicate that these two Trojans, found in the wild nearly 6 months apart, originated from the same source tree. This could mean that the original authors are actively modifying the code themselves, or they sold/traded the source code to another group who is now in charge of the modifications," say the authors.
In other words, a single or allied group is cycling the same basic ransomware platform through a series of attacks, modifying it each time to evade detection for long enough to find victims. If true, that increases the likelihood of future attacks using the same code base.
The planned window of opportunity appears to have been a short one -- the compile date for the malware was July 5th and the deadline date mentioned it its threat message to victims states a payment deadline of July 15th.
SSC has also found frightening evidence of GPCode's effectiveness. "In the 8 months since November, we've recovered stolen data from 51 unique drop sites [...]. The 14.5 million records found within these files came from over 152,000 unique victims," says the report.
Fortunately, despite claiming to have encrypted files using RSA 4096-bit, the new version's apparent use of sophisticated encryption is a bluff. Unlike previous versions of GpCode, the new variant uses a much simpler but unnamed technique to create the appearance of having encrypted files, possibly just a long-strong passphrase. A number of companies have produced tools to reverse the work of the latest GpCode.
Ransomware Trojans have a fearsome reputation, but are still thankfully one of malware's rarer events. The long periods of silence could, indeed, be part of their design. Attacks have been recorded from early 2005, and several times in 2006.
Edit By:John E. Dunn
July 27, 2007 - The two most prominent ransomware Trojans of recent times could be the work of the same or a closely-related Russian group, an analysis has suggested.
Last week, a new ransomware Trojan appeared on the radar of security researchers, and was quickly identified as a modified version of the GpCode malware that first hit the Internet as long ago as Spring 2005. As with its predecessors, the new Trojan, also named "Glamour," sets out to encrypt data files on any PC it infects, demanding a ransom of $300 in return for a key to unlock files.
Now an analysis from security research outfit Secure Science Corporation (SSC) has plotted the large number of similarities between the new GpCode and a version that appeared in 2006. Of the 168 functions identified in the code of the new variant, 63 were identical to the older 2006 version.
"The results indicate that these two Trojans, found in the wild nearly 6 months apart, originated from the same source tree. This could mean that the original authors are actively modifying the code themselves, or they sold/traded the source code to another group who is now in charge of the modifications," say the authors.
In other words, a single or allied group is cycling the same basic ransomware platform through a series of attacks, modifying it each time to evade detection for long enough to find victims. If true, that increases the likelihood of future attacks using the same code base.
The planned window of opportunity appears to have been a short one -- the compile date for the malware was July 5th and the deadline date mentioned it its threat message to victims states a payment deadline of July 15th.
SSC has also found frightening evidence of GPCode's effectiveness. "In the 8 months since November, we've recovered stolen data from 51 unique drop sites [...]. The 14.5 million records found within these files came from over 152,000 unique victims," says the report.
Fortunately, despite claiming to have encrypted files using RSA 4096-bit, the new version's apparent use of sophisticated encryption is a bluff. Unlike previous versions of GpCode, the new variant uses a much simpler but unnamed technique to create the appearance of having encrypted files, possibly just a long-strong passphrase. A number of companies have produced tools to reverse the work of the latest GpCode.
Ransomware Trojans have a fearsome reputation, but are still thankfully one of malware's rarer events. The long periods of silence could, indeed, be part of their design. Attacks have been recorded from early 2005, and several times in 2006.
Edit By:John E. Dunn
[Security News]RIM refutes security concerns over BlackBerry 8820
July 27, 2007 - Research In Motion (RIM) shot back at criticism from industry analysts that Wi-Fi security concerns would mean limited enterprise use for its new dual-mode BlackBerry 8820.
RIM's 8820 model, released mid-July, offers Wi-Fi in addition to traditional cellular connectivity.
The company's director of product management for WLAN and VOIP, Kevin Oerton, said it should make no difference security-wise whether a user is accessing BlackBerry services from home, a hotspot or within the enterprise.
He said the BlackBerry Enterprise Server, a wireless platform which acts as the conduit through which all RIM enterprise services are delivered to mobile devices "offers security from the device all the way into the BlackBerry Enterprise Server."
In addition, Oerton said the company employs 256-bit AES encryption so transmission and data can't be read.
Upon the product release, analysts raised security concerns around the use of Wi-Fi for business, saying Wi-Fi security fears reduced this channel to harmless Web surfing, albeit at a higher throughput.
Jon Arnold, principal of Toronto, Ont.-based J. Arnold & Associates, acknowledged the security fears that enterprises would have with public, unlicensed spectrums, like Wi-Fi hotspots. "There's more vulnerability there," he said.
Companies likely wouldn't encourage employees to conduct business transactions on e-mail accessed via Wi-Fi, he said. "I don't think you're going to be doing your really sensitive secret stuff over Wi-Fi."
Another analyst, expressed concern that the growing number of mobile devices made data leakage easier should devices get lost or stolen. "There will be more things sitting on this device, what happens when it gets stolen?" asked Roberta Fox, senior partner with Mount Albert, Ont.-based Fox Group Telecom Consulting.
This increasing dependence on mobile devices to conduct business, she said, would likely mean secure-sensitive corporations, in particular, would likely not embrace the Wi-Fi functionality.
Companies should enforce policies around device usage for business, whether cellular or Wi-Fi, Fox suggested.
Oerton acknowledged "historical speed bumps" in Wi-Fi security upon which enterprises may be basing their concerns, but believes enterprises now feel very comfortable with the level of security enabled by various technologies out there.
In addition, he said, end users most often don't secure their Wi-Fi access points, which is what leads to problems. "That's why it's critical for the device all the way through to the BlackBerry Enterprise Server to provide triple AES encryption independent of whether the users set up Wi-Fi security at home."
To ease persistent security concerns, he recommends enterprise customers deploy a virtual private network (VPN) -- often used by organizations for remote access -- in tandem with Wi-Fi rollouts.
Although 8820 was designed for the enterprise, Oerton expects adoption to be highest among those industry verticals already known for ubiquitous Wi-Fi use, like health-care, retail, manufacturing and hospitality. "All of these have a need to bring the benefits of IT to a highly mobile workforce," he said.
However, he's not excluding an eventual wider adoption: "Benefits of 8820 should bring additional enterprise and industry verticals to the table because of the new benefits that are being made available through Wi-Fi."
Earlier Wi-Fi rollouts that initially focused solely on access in conference rooms and visitor lounges is now becoming more ubiquitous across the organizations, said Oerton.
Edit By:Kathleen Lau
RIM's 8820 model, released mid-July, offers Wi-Fi in addition to traditional cellular connectivity.
The company's director of product management for WLAN and VOIP, Kevin Oerton, said it should make no difference security-wise whether a user is accessing BlackBerry services from home, a hotspot or within the enterprise.
He said the BlackBerry Enterprise Server, a wireless platform which acts as the conduit through which all RIM enterprise services are delivered to mobile devices "offers security from the device all the way into the BlackBerry Enterprise Server."
In addition, Oerton said the company employs 256-bit AES encryption so transmission and data can't be read.
Upon the product release, analysts raised security concerns around the use of Wi-Fi for business, saying Wi-Fi security fears reduced this channel to harmless Web surfing, albeit at a higher throughput.
Jon Arnold, principal of Toronto, Ont.-based J. Arnold & Associates, acknowledged the security fears that enterprises would have with public, unlicensed spectrums, like Wi-Fi hotspots. "There's more vulnerability there," he said.
Companies likely wouldn't encourage employees to conduct business transactions on e-mail accessed via Wi-Fi, he said. "I don't think you're going to be doing your really sensitive secret stuff over Wi-Fi."
Another analyst, expressed concern that the growing number of mobile devices made data leakage easier should devices get lost or stolen. "There will be more things sitting on this device, what happens when it gets stolen?" asked Roberta Fox, senior partner with Mount Albert, Ont.-based Fox Group Telecom Consulting.
This increasing dependence on mobile devices to conduct business, she said, would likely mean secure-sensitive corporations, in particular, would likely not embrace the Wi-Fi functionality.
Companies should enforce policies around device usage for business, whether cellular or Wi-Fi, Fox suggested.
Oerton acknowledged "historical speed bumps" in Wi-Fi security upon which enterprises may be basing their concerns, but believes enterprises now feel very comfortable with the level of security enabled by various technologies out there.
In addition, he said, end users most often don't secure their Wi-Fi access points, which is what leads to problems. "That's why it's critical for the device all the way through to the BlackBerry Enterprise Server to provide triple AES encryption independent of whether the users set up Wi-Fi security at home."
To ease persistent security concerns, he recommends enterprise customers deploy a virtual private network (VPN) -- often used by organizations for remote access -- in tandem with Wi-Fi rollouts.
Although 8820 was designed for the enterprise, Oerton expects adoption to be highest among those industry verticals already known for ubiquitous Wi-Fi use, like health-care, retail, manufacturing and hospitality. "All of these have a need to bring the benefits of IT to a highly mobile workforce," he said.
However, he's not excluding an eventual wider adoption: "Benefits of 8820 should bring additional enterprise and industry verticals to the table because of the new benefits that are being made available through Wi-Fi."
Earlier Wi-Fi rollouts that initially focused solely on access in conference rooms and visitor lounges is now becoming more ubiquitous across the organizations, said Oerton.
Edit By:Kathleen Lau
[Network Security]IM attacks up nearly 80 percent, Akonix says -- and P2P is worse
Loose lips sink ships, and flying fingers scuttle computers
July 28, 2007 - Malicious code attacks over instant messaging networks are up almost 80 percent over last year, according to a new study from vendor Akonix.
In July, the company, which develops IM hygiene and compliance appliances and services, said it uncovered 20 malicious code attacks over IM in July. The total number of threats for 2007 so far is 226, the company said. That number is a 78 percent increase over the last year.
The company also said attacks on peer-to-peer networks, such as Kazaa and eDonkey, increased 357 percent in July 2007 over July 2006, with 32 attacks.
That report comes on the heels of a report by peer-to-peer network monitoring vendor Tiversa, which found contractors and U.S. government employees are sharing hundreds of secret documents on peer-to-peer networks.
In many cases, those users were overriding the default security settings on their peer-to-peer software to do so, according to Tiversa. Robert Boback, Tiversa's CEO, and retired U.S. Army General Wesley Clark, a Tiversa board member, testified earlier this week before the House of Representatives Oversight and Government Reform Committee.
The IM attacks where tracked by the Akonix IM Security Center, which is a collaborative effort between Akonix, its customers and other security and messaging vendors.
The code used in the attacks was either brand new malware or a variant of earlier code detected by the IM Security Center.
The new worms included Exploit-YIMCAM, Hupigon-SJ, InsideChatSpy, SpyPal, StealthChatMon, Svich and YahooSpyMon.
Akonix officials also said the attacks are moving beyond the nuisance stage and getting more malicious.
"Beginning at the end of last year we started seeing multi stage attacks where IM will deliver a URL and when a person clicks on it they get code loaded that will pull down other code," says Don Montgomery, vice president of marketing at Akonix.
Montgomery says the IM Security Center also is seeing two stage attacks with the second stage being the downloading of a Trojan that waits for users to log into specific banking sites to activate a key-logging program.
In addition, there are multi-vector attacks where a malicious URL may be delivered by IM but propagated using e-mail or come in via e-mail and go out over IM. And attacks, focused on consumer services AOL, MSN and Yahoo, are beginning to span networks.
Edit By:John Fontana
July 28, 2007 - Malicious code attacks over instant messaging networks are up almost 80 percent over last year, according to a new study from vendor Akonix.
In July, the company, which develops IM hygiene and compliance appliances and services, said it uncovered 20 malicious code attacks over IM in July. The total number of threats for 2007 so far is 226, the company said. That number is a 78 percent increase over the last year.
The company also said attacks on peer-to-peer networks, such as Kazaa and eDonkey, increased 357 percent in July 2007 over July 2006, with 32 attacks.
That report comes on the heels of a report by peer-to-peer network monitoring vendor Tiversa, which found contractors and U.S. government employees are sharing hundreds of secret documents on peer-to-peer networks.
In many cases, those users were overriding the default security settings on their peer-to-peer software to do so, according to Tiversa. Robert Boback, Tiversa's CEO, and retired U.S. Army General Wesley Clark, a Tiversa board member, testified earlier this week before the House of Representatives Oversight and Government Reform Committee.
The IM attacks where tracked by the Akonix IM Security Center, which is a collaborative effort between Akonix, its customers and other security and messaging vendors.
The code used in the attacks was either brand new malware or a variant of earlier code detected by the IM Security Center.
The new worms included Exploit-YIMCAM, Hupigon-SJ, InsideChatSpy, SpyPal, StealthChatMon, Svich and YahooSpyMon.
Akonix officials also said the attacks are moving beyond the nuisance stage and getting more malicious.
"Beginning at the end of last year we started seeing multi stage attacks where IM will deliver a URL and when a person clicks on it they get code loaded that will pull down other code," says Don Montgomery, vice president of marketing at Akonix.
Montgomery says the IM Security Center also is seeing two stage attacks with the second stage being the downloading of a Trojan that waits for users to log into specific banking sites to activate a key-logging program.
In addition, there are multi-vector attacks where a malicious URL may be delivered by IM but propagated using e-mail or come in via e-mail and go out over IM. And attacks, focused on consumer services AOL, MSN and Yahoo, are beginning to span networks.
Edit By:John Fontana
[Security News]Google plans YouTube antipiracy tool for September
Tool to be "very much compliant" with controversial DCMA takedown clauses
July 28, 2007 (IDG News Service) -- Google Inc. aims to deliver in September a long-awaited and much-promised technology to combat piracy in its YouTube video sharing site.
During a hearing Friday in the copyright-infringement lawsuit that Viacom Inc. filed against Google, a Google attorney told the judge Google was working "very intensely" on a video recognition technology, the Associated Press (AP) reported.
The technology will be as sophisticated as fingerprint technology used by the FBI and Google plans to roll it out in the fall, "hopefully in September," attorney Philip S. Beck of Barlit Beck Herman Palenchar & Scott LLP told U.S. District Judge Louis L. Stanton, according to the AP. Fall runs from late September to late December.
Viacom sued Google in March in the U.S. District Court for the Southern District of New York, alleging copyright infringement from YouTube and seeking $1 billion in damages.
The video recognition technology will allow copyright owners to provide a digital fingerprint that within a minute or two will trigger a block from YouTube whenever someone tries to upload a copyright video without permission, the AP reported.
However, contacted by IDG News Service, a YouTube spokesman put some caveats around the attorney's stated timeline for implementing the technology.
"We hope to have the testing completed and technology available by some time in the fall, but this is one of the most technologically complicated tasks that we have ever undertaken, and as always with cutting-edge technologies, it's difficult to forecast specific launch dates," he wrote.
Google is collaborating with "some of the major media companies" in experiments with video-identification tools and is "excited" about the progress so far, the YouTube spokesman wrote.
Google officials have acknowledged that the company is working on a system to deal with copyright videos uploaded to YouTube without permission, a nagging problem that has earned Google many enemies among TV and movie companies.
In April of this year, during Google's first-quarter earnings conference call, CEO Eric Schmidt said the system in development wasn't being designed to filter out and block pirated videos.
Instead, he said Google's upcoming "Claim your Content" tool would help to "somewhat automate" the process through which content owners flag illegally copied videos so Google can take them down from the site, he said.
"It's not a filtering system. The technology doesn't block uploads," Schmidt said in April. "It makes it much more effective and quicker to get us to remove inappropriately uploaded content. It's very much compliant with the DMCA."
It's not clear whether Google changed the design of the tool at some point after Schmidt made those comments, since the attorney's description on Friday seems to indicate that the system would indeed block offending videos automatically without content owners notifying Google. The YouTube spokesman didn't immediately respond to a request for clarification of this point.
Friday's hearing was a procedural one intended to set the schedule for the case, such as when the discovery period will begin and end and when the actual trial will begin, Viacom spokesman Jeremy Zweig told IDG News Service.
The comment from Google's attorney came at the start of the hearing, when the judge gave attorneys on both sides a few minutes to present a short outline of what the case is about, to set the stage and put things in context, Zweig said.
The scheduling wasn't completed, so another conference was set for Aug. 6, although that hearing could be canceled if the companies resolve the scheduling issues and notify the judge of their agreements, he said.
Google acquired YouTube in November of last year in a $1.65 billion deal.
Edit By:Juan Carlos Perez
July 28, 2007 (IDG News Service) -- Google Inc. aims to deliver in September a long-awaited and much-promised technology to combat piracy in its YouTube video sharing site.
During a hearing Friday in the copyright-infringement lawsuit that Viacom Inc. filed against Google, a Google attorney told the judge Google was working "very intensely" on a video recognition technology, the Associated Press (AP) reported.
The technology will be as sophisticated as fingerprint technology used by the FBI and Google plans to roll it out in the fall, "hopefully in September," attorney Philip S. Beck of Barlit Beck Herman Palenchar & Scott LLP told U.S. District Judge Louis L. Stanton, according to the AP. Fall runs from late September to late December.
Viacom sued Google in March in the U.S. District Court for the Southern District of New York, alleging copyright infringement from YouTube and seeking $1 billion in damages.
The video recognition technology will allow copyright owners to provide a digital fingerprint that within a minute or two will trigger a block from YouTube whenever someone tries to upload a copyright video without permission, the AP reported.
However, contacted by IDG News Service, a YouTube spokesman put some caveats around the attorney's stated timeline for implementing the technology.
"We hope to have the testing completed and technology available by some time in the fall, but this is one of the most technologically complicated tasks that we have ever undertaken, and as always with cutting-edge technologies, it's difficult to forecast specific launch dates," he wrote.
Google is collaborating with "some of the major media companies" in experiments with video-identification tools and is "excited" about the progress so far, the YouTube spokesman wrote.
Google officials have acknowledged that the company is working on a system to deal with copyright videos uploaded to YouTube without permission, a nagging problem that has earned Google many enemies among TV and movie companies.
In April of this year, during Google's first-quarter earnings conference call, CEO Eric Schmidt said the system in development wasn't being designed to filter out and block pirated videos.
Instead, he said Google's upcoming "Claim your Content" tool would help to "somewhat automate" the process through which content owners flag illegally copied videos so Google can take them down from the site, he said.
"It's not a filtering system. The technology doesn't block uploads," Schmidt said in April. "It makes it much more effective and quicker to get us to remove inappropriately uploaded content. It's very much compliant with the DMCA."
It's not clear whether Google changed the design of the tool at some point after Schmidt made those comments, since the attorney's description on Friday seems to indicate that the system would indeed block offending videos automatically without content owners notifying Google. The YouTube spokesman didn't immediately respond to a request for clarification of this point.
Friday's hearing was a procedural one intended to set the schedule for the case, such as when the discovery period will begin and end and when the actual trial will begin, Viacom spokesman Jeremy Zweig told IDG News Service.
The comment from Google's attorney came at the start of the hearing, when the judge gave attorneys on both sides a few minutes to present a short outline of what the case is about, to set the stage and put things in context, Zweig said.
The scheduling wasn't completed, so another conference was set for Aug. 6, although that hearing could be canceled if the companies resolve the scheduling issues and notify the judge of their agreements, he said.
Google acquired YouTube in November of last year in a $1.65 billion deal.
Edit By:Juan Carlos Perez
7/23/2007
[Security Related]Your boss is spying on you right now. What can you do about it?
Workplaces increasingly track your digital footprints as you go about your normal computing workday life. Here's how to fight back.
From the moment you walk into work until the moment you leave, your boss or his minions may be spying on you.
Computerworld has noted before that surveillance cameras are becoming more common in the workplace ("Big Brother is watching you ... and he's a computer"). But what we are talking about here is the more insidious tracking of your digital footprints as you go about your computing workday. When you start thinking about all the ways that you can be digitally tracked, it can make even the least paranoid person sit up and take notice.
By now, most of us know that our Web browsing histories are stored on our own PCs, which comes in handy when we want to track down a cheating spouse or errant teenager, but is less useful when we are looking at, shall we say, recreational sites at the workplace. Granted, this history can be easily erased if someone knows the right command. But when you are connected to a corporate network, this information can easily be recorded by any number of network packet-capturing and forensic products that are typical these days (see the list at the bottom of this article).
There is even one product, called Locate from eTelemetry Inc., that will cross-correlate your IP address, network log-in name, machine location and other data, making it easier to track you down when you do something that you shouldn't be doing. (See the review here.)
The same is true for how easy it is to view most of your e-mail and instant messaging conversations. There are products from Symantec Corp. and others that can be used to audit these conversations and record everything that is transmitted across the enterprise network (see the list below). Because most of these conversations occur with plain text, they are very easy to record using these tools. The one exception has to do with encrypted messages, and we'll get to that in a moment under defensive measures. The old saying goes, "Don't put anything in e-mail that you wouldn't write on a postcard." E-mail is that public and that easy to track.
And if you have a business cell phone, chances are someone in your telecommunications department is reading your monthly call list and looking at your calls, too. Some of the cellular carriers can provide near-real-time calling data via their billing Web sites, so the watchers don't even have to wait for the printed bills.
If you have been issued an electronic corporate ID card that you use to gain entry to your building, your entries and possibly exits are being recorded somewhere for posterity. And finally, there are those security cameras to capture your image on videotape.
E-mail and IM defensive measures
So how can you defend yourself? There are several different types of tools available. First, at the most basic level, you can encrypt your e-mails and IMs with products such as PGP Desktop that are free or low-cost and can be installed with a minimum of bother. The one drawback is that your correspondents have to use the same product to encrypt their messages back to you. One nicety about PGP is that it can automatically encrypt all AOL Instant Messenger sessions, provided your correspondents are using it too.
Encryption can hide the text of your e-mail messages, but in some cases not necessarily the names of the participants, depending on how your correspondents have set up their software.
PGP Desktop runs on Windows, Linux and Mac OS X and comes in several versions and support packages. Most cost less than $100. There are also free chat software alternatives such as X-IM.net, PSST (which also does voice chats) and a free version of PGP, too. There is also the free Hushmail Communications Corp. service that hosts encrypted e-mail accounts and just needs a Web browser to operate.
Another chat alternative that automatically encrypts all sessions is that of Skype Ltd. There are two potential drawbacks to its use. First, many corporate IT shops have tried to block Skype for various reasons, so it may raise more red flags if you start using it for your communications.
Second, Skype can be set up to automatically record all chat sessions to your local drive: I had to fire one employee a few years ago, and he didn't realize that all of his sessions were nicely recorded on his machine that he returned to the company -- something to keep in mind. (The default settings on other IM chat clients is usually not to record all sessions, but it is worth taking a quick look to make sure.)
Web defensive measures
Probably the best advice is to stick to work-related Web browsing when you are at the office, but the Web is often too tempting, especially when those e-mails and IMs from colleagues arrive daily with "check this site out." There are a number of tools that you can use if you wish for your Web surfing to remain anonymous. The easiest way is to connect to one of any number of anonymous proxy servers, such as TheFreeCountry.com, that will hide your origins. There are also products from Anonymizer Inc. called Total Net Shield and Anonymous Surfing, which cost $100 and $30 per year, respectively, and can further hide your identity.
Any of these products won't get around the general packet-capturing programs that will record your originating IP address, but at least you won't be leaving any digital tracks on the sites themselves. The downside here is that some corporate IT departments specifically block access to these proxies or don't allow you to change from the corporate proxy server, so this might be a moot point anyway.
Protected desktop
Another solution is to use a "protected desktop" tool. For extreme measures, you could make use of Microsoft Virtual PC or something similar, but a much better and less expensive solution is from Mojopac.com. This is a product that is geared mainly towards people who use lots of Internet cafes or other public computers and want to protect themselves from infection or just carry all their standard tools with them in one easy place. Mojopac installs software to any USB thumb drive and will automatically launch a protected, virtual session from the drive. Once you are inside this session, you don't have access to your host's PC resources, but you don't leave any trace of your activities on it, either. You can install Mojopac on a variety of USB devices, including all iPods (other than the Shuffle). It costs $50 for a single installation.
As you can see, a few ounces of prevention may be worth the agony of detection. And while there isn't a single tool that can do everything, it is worth keeping in mind what activities can be detected for your own sanity.
From the moment you walk into work until the moment you leave, your boss or his minions may be spying on you.
Computerworld has noted before that surveillance cameras are becoming more common in the workplace ("Big Brother is watching you ... and he's a computer"). But what we are talking about here is the more insidious tracking of your digital footprints as you go about your computing workday. When you start thinking about all the ways that you can be digitally tracked, it can make even the least paranoid person sit up and take notice.
By now, most of us know that our Web browsing histories are stored on our own PCs, which comes in handy when we want to track down a cheating spouse or errant teenager, but is less useful when we are looking at, shall we say, recreational sites at the workplace. Granted, this history can be easily erased if someone knows the right command. But when you are connected to a corporate network, this information can easily be recorded by any number of network packet-capturing and forensic products that are typical these days (see the list at the bottom of this article).
There is even one product, called Locate from eTelemetry Inc., that will cross-correlate your IP address, network log-in name, machine location and other data, making it easier to track you down when you do something that you shouldn't be doing. (See the review here.)
The same is true for how easy it is to view most of your e-mail and instant messaging conversations. There are products from Symantec Corp. and others that can be used to audit these conversations and record everything that is transmitted across the enterprise network (see the list below). Because most of these conversations occur with plain text, they are very easy to record using these tools. The one exception has to do with encrypted messages, and we'll get to that in a moment under defensive measures. The old saying goes, "Don't put anything in e-mail that you wouldn't write on a postcard." E-mail is that public and that easy to track.
And if you have a business cell phone, chances are someone in your telecommunications department is reading your monthly call list and looking at your calls, too. Some of the cellular carriers can provide near-real-time calling data via their billing Web sites, so the watchers don't even have to wait for the printed bills.
If you have been issued an electronic corporate ID card that you use to gain entry to your building, your entries and possibly exits are being recorded somewhere for posterity. And finally, there are those security cameras to capture your image on videotape.
E-mail and IM defensive measures
So how can you defend yourself? There are several different types of tools available. First, at the most basic level, you can encrypt your e-mails and IMs with products such as PGP Desktop that are free or low-cost and can be installed with a minimum of bother. The one drawback is that your correspondents have to use the same product to encrypt their messages back to you. One nicety about PGP is that it can automatically encrypt all AOL Instant Messenger sessions, provided your correspondents are using it too.
Encryption can hide the text of your e-mail messages, but in some cases not necessarily the names of the participants, depending on how your correspondents have set up their software.
PGP Desktop runs on Windows, Linux and Mac OS X and comes in several versions and support packages. Most cost less than $100. There are also free chat software alternatives such as X-IM.net, PSST (which also does voice chats) and a free version of PGP, too. There is also the free Hushmail Communications Corp. service that hosts encrypted e-mail accounts and just needs a Web browser to operate.
Another chat alternative that automatically encrypts all sessions is that of Skype Ltd. There are two potential drawbacks to its use. First, many corporate IT shops have tried to block Skype for various reasons, so it may raise more red flags if you start using it for your communications.
Second, Skype can be set up to automatically record all chat sessions to your local drive: I had to fire one employee a few years ago, and he didn't realize that all of his sessions were nicely recorded on his machine that he returned to the company -- something to keep in mind. (The default settings on other IM chat clients is usually not to record all sessions, but it is worth taking a quick look to make sure.)
Web defensive measures
Probably the best advice is to stick to work-related Web browsing when you are at the office, but the Web is often too tempting, especially when those e-mails and IMs from colleagues arrive daily with "check this site out." There are a number of tools that you can use if you wish for your Web surfing to remain anonymous. The easiest way is to connect to one of any number of anonymous proxy servers, such as TheFreeCountry.com, that will hide your origins. There are also products from Anonymizer Inc. called Total Net Shield and Anonymous Surfing, which cost $100 and $30 per year, respectively, and can further hide your identity.
Any of these products won't get around the general packet-capturing programs that will record your originating IP address, but at least you won't be leaving any digital tracks on the sites themselves. The downside here is that some corporate IT departments specifically block access to these proxies or don't allow you to change from the corporate proxy server, so this might be a moot point anyway.
Protected desktop
Another solution is to use a "protected desktop" tool. For extreme measures, you could make use of Microsoft Virtual PC or something similar, but a much better and less expensive solution is from Mojopac.com. This is a product that is geared mainly towards people who use lots of Internet cafes or other public computers and want to protect themselves from infection or just carry all their standard tools with them in one easy place. Mojopac installs software to any USB thumb drive and will automatically launch a protected, virtual session from the drive. Once you are inside this session, you don't have access to your host's PC resources, but you don't leave any trace of your activities on it, either. You can install Mojopac on a variety of USB devices, including all iPods (other than the Shuffle). It costs $50 for a single installation.
As you can see, a few ounces of prevention may be worth the agony of detection. And while there isn't a single tool that can do everything, it is worth keeping in mind what activities can be detected for your own sanity.
[PC Technology]The Fast Track to Your Favorite Files and Folders
Use Windows' Places Bar, My Recent Documents, or the 'File-name' dropdown menu to speed up your access to the file or folder you want.
There you are, rummaging in an 'Open' or 'Save As' dialog box, navigating furiously through a maze of files and folders in search of the one you need. Isn't there a better way? Glad you asked. These tips will get you where you're going faster.
Places Bar: Array the two or three folders that you access most often on the Places Bar on the left side of the dialog box. Lincoln Spector describes how at "Keep Your Secrets: A Safe, Easy Way to Encrypt Files." (Windows' Places Bar is separate from the Places Bar in Office apps, so changes to one won't affect the other.)
Another option: Put shortcuts to the folders and documents you frequently use in a separate folder, and then add a shortcut to this folder o' shortcuts on the Places Bar. You'll have to click at least once more to select the one you want, but it's still faster than digging through layers of folders.
In Vista, the Places Bar is called Favorite Links and is located both in Explorer and in most file dialog boxes (applications not designed for Vista being a notable exception). To customize this list, locate the folder you want in the Folders pane (below Favorite Links) on the left, or select a folder or file in the main file window in the center of the dialog box; then drag the item into Favorite Links until a line appears between two existing items (see ). Release the mouse button to create the new shortcut. For a bigger view, click the down arrow next to Folders to collapse the pane. Drag and drop to rearrange items. To eliminate or rename a link, right-click it and choose Remove Link or Rename Link (or simply Rename). Some links (including Desktop and Computer) aren't removable, but you can customize links in the file list by clicking Links in the Folders tree that appears below Favorite Links.
My Recent Documents: Most file dialog boxes have a History (Windows 2000), My Recent Documents (XP), or Recent Places (Vista) shortcut in the Places Bar. Click it to see a list of recently accessed files and folders. In Windows 2000 and XP, you can filter the types of files in this list via the 'Files of type' drop-down menu at the bottom. In Vista, you can remove the current batch of shortcuts in Recent Places by right-clicking the icon and choosing Clear Recent Items List.
'File name' drop-down: A shorter list of recently used files lies in the 'File name' drop-down menu near the bottom of the dialog box. Click the arrow to the right to see the path of recently accessed files. To filter this list by file type, select the type from the 'Files of type' drop-down list (2000 and XP) or from the pop-up menu located to the right of the 'File name' box (Vista).
To open a recently used folder rather than a file, in Windows 2000 and XP, use the 'File name' drop-down menu to select a file located in the folder you need, press the right arrow key once to deselect the text in the 'File name' box, and press as many times as necessary to delete the file name, leaving only the path. Finally, press . The file list above switches to the desired folder. In Vista, the drop-down list at the top of Explorer and most file dialog boxes displays the full path to recently used folders and Web addresses. To return to one of those locations, just select the desired path and away you go.
Vista lets you press the key, type a few letters until a match to your application of choice appears, and then press for a quick launch. If you aren't yet ready to move to Vista (or if you use Vista's Classic Start menu), try Launchy, a free, open-source tool from Josh Karlin. Press - (or another hot-key combination of your choice) to pop open a command-line window; type a few letters, and Launchy anticipates your target file, displaying it (and other alternatives). When the file that you want appears in the window, press . Launchy enables you to customize the directories it searches and the file types it shows, so you can use it to open picture or music files as well as to run applications.
Edit By: Scott Dunn
There you are, rummaging in an 'Open' or 'Save As' dialog box, navigating furiously through a maze of files and folders in search of the one you need. Isn't there a better way? Glad you asked. These tips will get you where you're going faster.
Places Bar: Array the two or three folders that you access most often on the Places Bar on the left side of the dialog box. Lincoln Spector describes how at "Keep Your Secrets: A Safe, Easy Way to Encrypt Files." (Windows' Places Bar is separate from the Places Bar in Office apps, so changes to one won't affect the other.)
Another option: Put shortcuts to the folders and documents you frequently use in a separate folder, and then add a shortcut to this folder o' shortcuts on the Places Bar. You'll have to click at least once more to select the one you want, but it's still faster than digging through layers of folders.
In Vista, the Places Bar is called Favorite Links and is located both in Explorer and in most file dialog boxes (applications not designed for Vista being a notable exception). To customize this list, locate the folder you want in the Folders pane (below Favorite Links) on the left, or select a folder or file in the main file window in the center of the dialog box; then drag the item into Favorite Links until a line appears between two existing items (see ). Release the mouse button to create the new shortcut. For a bigger view, click the down arrow next to Folders to collapse the pane. Drag and drop to rearrange items. To eliminate or rename a link, right-click it and choose Remove Link or Rename Link (or simply Rename). Some links (including Desktop and Computer) aren't removable, but you can customize links in the file list by clicking Links in the Folders tree that appears below Favorite Links.
My Recent Documents: Most file dialog boxes have a History (Windows 2000), My Recent Documents (XP), or Recent Places (Vista) shortcut in the Places Bar. Click it to see a list of recently accessed files and folders. In Windows 2000 and XP, you can filter the types of files in this list via the 'Files of type' drop-down menu at the bottom. In Vista, you can remove the current batch of shortcuts in Recent Places by right-clicking the icon and choosing Clear Recent Items List.
'File name' drop-down: A shorter list of recently used files lies in the 'File name' drop-down menu near the bottom of the dialog box. Click the arrow to the right to see the path of recently accessed files. To filter this list by file type, select the type from the 'Files of type' drop-down list (2000 and XP) or from the pop-up menu located to the right of the 'File name' box (Vista).
To open a recently used folder rather than a file, in Windows 2000 and XP, use the 'File name' drop-down menu to select a file located in the folder you need, press the right arrow key once to deselect the text in the 'File name' box, and press
Vista lets you press the
Edit By: Scott Dunn
7/21/2007
[Security Discussion]Is IT losing the battle against DNS attacks?
C-level execs have rosier view of the problem than folks in the field
Few things can strike fear into the heart of the IT department like an attack on a company's Domain Name System servers. That may explain why companies are spending so much time to deploy myriad, complex security measures to keep their DNS protected from attackers.
A study released Wednesday of 465 IT and business professionals says despite the Sisyphean efforts, many companies remain vulnerable. More than half the respondents reported having fallen victim to some form of malware attack. More than one-third had been hit by a denial-of-service (DoS) attack, and more than 44% had experienced a pharming or cache-poisoning attack. External and internal DNS servers were equally vulnerable: Both types succumbed to attacks with roughly the same frequency, according to the study by Mazerov Research and Consulting.
A DNS server compromised by a hacker could be used to funnel Web surfers to all sorts of phishing attacks and malicious Web sites, and in some cases even could cause havoc with directory services and e-mail, said Paul Mockapetris, the father of the DNS technology, in a Network World story earlier this year. "Once you control the DNS server, you have license to do phishing and pharming attacks and mislead all the users of that DNS server," said Mockapetris, who in 1983 proposed the DNS architecture and is acknowledged, along with the late Jon Postel, as the technology's inventor.
According to the Mazerov study, DoS attacks are prevalent among the respondents, with only 16% never having experienced one, although more than 10% said they often or frequently receive DoS attacks to their network. What also is interesting is that, while a total of 59% of respondents rarely or never experience DoS attacks, a surprisingly high 41% experience them. The study found that the top forms of DNS attack are malware (worms, viruses, Trojans and so forth), 68%; denial of service, 48%; cache poisoning, 36%; and pharming, 23%.
The patching game seems to be the method of choice for protecting DNS. Three-quarters of all respondents devote valuable resources to patching their operating systems continuously. Others reported having to harden operating systems; invest in dedicated firewalls; and add DNS appliances, DoS mitigation services and other network security devices. On average, respondents typically used at least 3.5 overlapping methods simultaneously to shore up their DNS security.
The study also looked at how long respondents' companies could weather DNS being taken offline before significant problems occurred, IT personnel were more sensitive to the issue than those occupying C-suites. According to the study, C-level executives estimated they could withstand losing Internet connectivity for slightly more than two hours (126 minutes), whereas IT managers estimated significant problems would arise after 105 minutes. Other IT personnel -- who may be most directly responsible for maintaining Internet uptime -- estimated an even shorter time frame -- an average of 72 minutes.
Respondents also were asked to assess what the probable impact would be on the health of their company if they were to experience a loss of Internet connectivity for a significant period of time. Maybe most alarming was that 12% of participants claimed they would be extremely or somewhat likely to go out of business completely, the study said.
Edit By: Michael Cooney
Few things can strike fear into the heart of the IT department like an attack on a company's Domain Name System servers. That may explain why companies are spending so much time to deploy myriad, complex security measures to keep their DNS protected from attackers.
A study released Wednesday of 465 IT and business professionals says despite the Sisyphean efforts, many companies remain vulnerable. More than half the respondents reported having fallen victim to some form of malware attack. More than one-third had been hit by a denial-of-service (DoS) attack, and more than 44% had experienced a pharming or cache-poisoning attack. External and internal DNS servers were equally vulnerable: Both types succumbed to attacks with roughly the same frequency, according to the study by Mazerov Research and Consulting.
A DNS server compromised by a hacker could be used to funnel Web surfers to all sorts of phishing attacks and malicious Web sites, and in some cases even could cause havoc with directory services and e-mail, said Paul Mockapetris, the father of the DNS technology, in a Network World story earlier this year. "Once you control the DNS server, you have license to do phishing and pharming attacks and mislead all the users of that DNS server," said Mockapetris, who in 1983 proposed the DNS architecture and is acknowledged, along with the late Jon Postel, as the technology's inventor.
According to the Mazerov study, DoS attacks are prevalent among the respondents, with only 16% never having experienced one, although more than 10% said they often or frequently receive DoS attacks to their network. What also is interesting is that, while a total of 59% of respondents rarely or never experience DoS attacks, a surprisingly high 41% experience them. The study found that the top forms of DNS attack are malware (worms, viruses, Trojans and so forth), 68%; denial of service, 48%; cache poisoning, 36%; and pharming, 23%.
The patching game seems to be the method of choice for protecting DNS. Three-quarters of all respondents devote valuable resources to patching their operating systems continuously. Others reported having to harden operating systems; invest in dedicated firewalls; and add DNS appliances, DoS mitigation services and other network security devices. On average, respondents typically used at least 3.5 overlapping methods simultaneously to shore up their DNS security.
The study also looked at how long respondents' companies could weather DNS being taken offline before significant problems occurred, IT personnel were more sensitive to the issue than those occupying C-suites. According to the study, C-level executives estimated they could withstand losing Internet connectivity for slightly more than two hours (126 minutes), whereas IT managers estimated significant problems would arise after 105 minutes. Other IT personnel -- who may be most directly responsible for maintaining Internet uptime -- estimated an even shorter time frame -- an average of 72 minutes.
Respondents also were asked to assess what the probable impact would be on the health of their company if they were to experience a loss of Internet connectivity for a significant period of time. Maybe most alarming was that 12% of participants claimed they would be extremely or somewhat likely to go out of business completely, the study said.
Edit By: Michael Cooney
[Security News]Mac worm author receives death threats
Fracas over anonymous researcher, Mac malware gets personal (and psychotic)
The beef over news of a worm targeting Macs took an even stranger turn Wednesday as death threats were allegedly posted to the blog of the unidentified the researcher who claimed to have created the malware, and the blog was then reportedly hacked.
In return, the researcher leveled charges at a security expert known for taking on Apple Inc.
The hubbub started earlier this week, when a researcher responsible for the Information Security Sell Out (InfoSec) blog announced a proof-of-concept worm that exploited a Mac OS X vulnerability that Apple Inc. missed in a May round of patches. The vulnerability exploited by the worm was in mDNSResponder, a component of Apple's Bonjour automatic network configuring service, InfoSec said then.
Criticism from Mac users and other security researchers was almost immediate, with the former focusing on crude insults and the latter concentrating on InfoSec's refusal to identify himself or herself, or prove that the worm existed.
The latter group questioned InfoSec's motives and the veracity of his or her claims. "Let's see this worm deliver a destructive payload in the wild and then we can talk again," said a user identified as Ted Wood. "Until then, you're just hot air."
"If you are a legitimate researcher, you have an obligation to publish your findings so they can be tested," said Stephen, another user on the same comment list. "Any good researcher would do this."
According to InfoSec, some of the comments left earlier included death threats. In a posting -- which has since been deleted (more on that below) -- from Tuesday, InfoSec listed comments he refused to allow to be posted to the blog. Among them:
"You are lucky you are anonymous or I would put a bullet in your head for this!" -- Anonymous
"Nice try with the FUD [fear, uncertainty and doubt]. You are full of **** there is no such thing as an Apple Worm." -- Jeff
"I dare you to demonstrate this at Defcon you ***** Microsoftie. We will drag you out, put a bullet in you, and bury your body so deep it will take a nuclear blast to find your body." -- Anonymous
Tuesday night, the InfoSec blog's title changed to "Security Information..." and all former postings, which began in January, had been deleted.
When asked via e-mail today to explain the changes, InfoSec answered: "Blog was hijacked somehow. Also the blog stating I am associated with PHC on another Blog is false and a myth created by Dave Maynor who is involved in the hijacking of the Blog."
InfoSec was likely referring to a posting on a blog dubbed "Security Ripcord" at a site run by a Texas-based security consultancy called Cutaway. In a long entry posted this morning, Don Weber, a.k.a. Cutaway, said an informant had told him that that InfoSec is actually "LMH," a researcher best known for having co-authored January's Month of Apple Bugs (MoAB) campaign. The source also claimed, said Weber, that LMH was part of a group that calls itself Phrack High Council, or PHC, a self-described group of black-hat hackers.
No way, said InfoSec.
"The claim that we are LMH or MoAB or PHC are all wrong," InfoSec wrote in a second e-mail today. "These came from Maynor assuming that we are all one and the same because we have all attacked his creditability."
Dave Maynor, a researcher who last year was involved in a very public spat with Apple Inc. over a wireless hack demonstration he and a colleague gave at the Black Hat security conference, refused to be drawn into the argument with InfoSec. "I am not even going to comment on that stupidity," Maynor wrote in an e-mail responding to an offer to rebut or comment on InfoSec's allegations.
Prior to this, Maynor was most recently in the news as one of several researchers who found vulnerabilities in the Windows beta of Apple's Safari 3.0 within hours of the browser's release.
Kevin Finisterre, who partnered with LMH for MoAB, said he doubted that InfoSec and LMH were one and the same. "From what I am aware of it's not the same guy," Finisterre said in an e-mail.
"I can certainly say that the underground is always abuzz about mDNS bugs," Finisterre added. "If you have ever looked at the source code you would see it is clearly a large target surface. mDNS is a nasty beast."
Apple has been largely forgotten in the heated back-and-forth between InfoSec on one side and Mac users and other researchers on the other. The only response Apple has offered on the issue, and the alleged unpatched vulnerability, was made by spokesman Anuj Nayar on Tuesday. "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users," he said.
Edit By: Gregg Keizer
The beef over news of a worm targeting Macs took an even stranger turn Wednesday as death threats were allegedly posted to the blog of the unidentified the researcher who claimed to have created the malware, and the blog was then reportedly hacked.
In return, the researcher leveled charges at a security expert known for taking on Apple Inc.
The hubbub started earlier this week, when a researcher responsible for the Information Security Sell Out (InfoSec) blog announced a proof-of-concept worm that exploited a Mac OS X vulnerability that Apple Inc. missed in a May round of patches. The vulnerability exploited by the worm was in mDNSResponder, a component of Apple's Bonjour automatic network configuring service, InfoSec said then.
Criticism from Mac users and other security researchers was almost immediate, with the former focusing on crude insults and the latter concentrating on InfoSec's refusal to identify himself or herself, or prove that the worm existed.
The latter group questioned InfoSec's motives and the veracity of his or her claims. "Let's see this worm deliver a destructive payload in the wild and then we can talk again," said a user identified as Ted Wood. "Until then, you're just hot air."
"If you are a legitimate researcher, you have an obligation to publish your findings so they can be tested," said Stephen, another user on the same comment list. "Any good researcher would do this."
According to InfoSec, some of the comments left earlier included death threats. In a posting -- which has since been deleted (more on that below) -- from Tuesday, InfoSec listed comments he refused to allow to be posted to the blog. Among them:
"You are lucky you are anonymous or I would put a bullet in your head for this!" -- Anonymous
"Nice try with the FUD [fear, uncertainty and doubt]. You are full of **** there is no such thing as an Apple Worm." -- Jeff
"I dare you to demonstrate this at Defcon you ***** Microsoftie. We will drag you out, put a bullet in you, and bury your body so deep it will take a nuclear blast to find your body." -- Anonymous
Tuesday night, the InfoSec blog's title changed to "Security Information..." and all former postings, which began in January, had been deleted.
When asked via e-mail today to explain the changes, InfoSec answered: "Blog was hijacked somehow. Also the blog stating I am associated with PHC on another Blog is false and a myth created by Dave Maynor who is involved in the hijacking of the Blog."
InfoSec was likely referring to a posting on a blog dubbed "Security Ripcord" at a site run by a Texas-based security consultancy called Cutaway. In a long entry posted this morning, Don Weber, a.k.a. Cutaway, said an informant had told him that that InfoSec is actually "LMH," a researcher best known for having co-authored January's Month of Apple Bugs (MoAB) campaign. The source also claimed, said Weber, that LMH was part of a group that calls itself Phrack High Council, or PHC, a self-described group of black-hat hackers.
No way, said InfoSec.
"The claim that we are LMH or MoAB or PHC are all wrong," InfoSec wrote in a second e-mail today. "These came from Maynor assuming that we are all one and the same because we have all attacked his creditability."
Dave Maynor, a researcher who last year was involved in a very public spat with Apple Inc. over a wireless hack demonstration he and a colleague gave at the Black Hat security conference, refused to be drawn into the argument with InfoSec. "I am not even going to comment on that stupidity," Maynor wrote in an e-mail responding to an offer to rebut or comment on InfoSec's allegations.
Prior to this, Maynor was most recently in the news as one of several researchers who found vulnerabilities in the Windows beta of Apple's Safari 3.0 within hours of the browser's release.
Kevin Finisterre, who partnered with LMH for MoAB, said he doubted that InfoSec and LMH were one and the same. "From what I am aware of it's not the same guy," Finisterre said in an e-mail.
"I can certainly say that the underground is always abuzz about mDNS bugs," Finisterre added. "If you have ever looked at the source code you would see it is clearly a large target surface. mDNS is a nasty beast."
Apple has been largely forgotten in the heated back-and-forth between InfoSec on one side and Mac users and other researchers on the other. The only response Apple has offered on the issue, and the alleged unpatched vulnerability, was made by spokesman Anuj Nayar on Tuesday. "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users," he said.
Edit By: Gregg Keizer
[Security News]FBI planted spyware on teen's PC to trace bomb threats
The FBI planted spyware on the computer used by a Washington state teenager to finger him as the person behind a rash of bomb threats e-mailed to his high school, court documents revealed this week.
The 15-year-old, a former student at Timberline High School in Lacey, Wash., pleaded guilty Monday to making the bomb threats, as well as to identity theft charges, according to The Olympian. He was sentenced to 90 days in juvenile detention and must pay the school district $8,852 to cover expenses. The first e-mailed bomb threat was sent June 4.
In several of the messages, the student taunted school authorities and police for their inability to trace the e-mails to him. "Seeing as how you're too stupid to trace the e-mail back lets get serious," an e-mail on June 5 said, according to an unsealed search warrant application filed with a Seattle federal court in mid-June. "Stop pretending to be 'tracing it' because I already told you it's coming from Italy. That is where trace will stop, so just stop trying."
Within days, however, the FBI had obtained a warrant that allowed the agency to infect the student's computer with a program it called a Computer & Internet Protocol Address Verifier (CIPAV). "If a warrant is approved, a communication will be sent to the computer being used to administer [the MySpace] user account 'Timberlinebombinfo,'" said FBI Special Agent Norman Sanders in the June 12 filing.
The CIPAV, said Sanders, would "cause any computer -- wherever located -- to send network-level messages containing the activating computer's IP address and/or MAC address, other environmental variables and certain registry-type information to a computer controlled by the FBI."
"I'd call that spyware," said Roger Thompson, CTO at Exploit Prevention Labs. "Or it's pretty darn close."
The warrant did not spell out whether the CIPAV could, for instance, capture keystrokes or inject other code into the compromised system, as do commonplace Trojan downloaders. "The exact nature of [the CIPAV's] commands, processes, capabilities and their configuration is classified as a law enforcement sensitive investigative technique," said the warrant applications.
Sanders, however, did say that after making its initial data harvest, the CIPAV would shift into a silent "pen register" mode in which it only recorded the IP addresses, dates and times of each communication. The contents of those communications -- such as e-mail messages -- would not be captured and passed to the FBI, the affidavit said.
It was also unclear exactly how Sanders expected to get the CIPAV onto the suspect's computer, although the warrant application hinted that it would be delivered through MySpace's own messaging service. "The CIPAV will be deployed through an electronic messaging program from an account controlled by the FBI," the warrant application read. "The electronic message deploying the CIPAV will only be directed to the administrator(s) of the 'Timberlinebombinfo' account [on MySpace]."
The FBI may have used an exploit -- one already in circulation or one of its own -- to plant the CIPAV on the student's machine, said Thompson. Or it might have just gone the simple route, and counted on the suspect's curiosity to get him to launch an attached file or click on a link to a malicious site.
Even if his computer had security software installed and active, the CIPAV could have gotten through, Thompson argued. "In order to evade antivirus, all you've got to do is use a new version of [a piece of malware]. The bad guys do it all the time."
It's also possible, speculated Thompson, that the FBI asked security vendors to whitelist their CIPAV to let it through any defenses. "They've always talked about things like this, whether it was Magic Lantern or Carnivore. But the last time I saw anything from [the FBI] was three, four years ago, and it was pretty rudimentary stuff."
Magic Lantern was the name given to a 2001 FBI effort to develop a keystroke and encryption keylogger. Carnivore, meanwhile, is the label for e-mail tapping software from the same time frame.
When asked if he would agree to whitelist CIPAV, or had in the past when he was with PestPatrol, an antispyware developer acquired in 2004 by CA, Thompson said: "I don't know. We never had to face that decision, because we were never asked."
Edit By: Gregg Keizer, Computerworld
The 15-year-old, a former student at Timberline High School in Lacey, Wash., pleaded guilty Monday to making the bomb threats, as well as to identity theft charges, according to The Olympian. He was sentenced to 90 days in juvenile detention and must pay the school district $8,852 to cover expenses. The first e-mailed bomb threat was sent June 4.
In several of the messages, the student taunted school authorities and police for their inability to trace the e-mails to him. "Seeing as how you're too stupid to trace the e-mail back lets get serious," an e-mail on June 5 said, according to an unsealed search warrant application filed with a Seattle federal court in mid-June. "Stop pretending to be 'tracing it' because I already told you it's coming from Italy. That is where trace will stop, so just stop trying."
Within days, however, the FBI had obtained a warrant that allowed the agency to infect the student's computer with a program it called a Computer & Internet Protocol Address Verifier (CIPAV). "If a warrant is approved, a communication will be sent to the computer being used to administer [the MySpace] user account 'Timberlinebombinfo,'" said FBI Special Agent Norman Sanders in the June 12 filing.
The CIPAV, said Sanders, would "cause any computer -- wherever located -- to send network-level messages containing the activating computer's IP address and/or MAC address, other environmental variables and certain registry-type information to a computer controlled by the FBI."
"I'd call that spyware," said Roger Thompson, CTO at Exploit Prevention Labs. "Or it's pretty darn close."
The warrant did not spell out whether the CIPAV could, for instance, capture keystrokes or inject other code into the compromised system, as do commonplace Trojan downloaders. "The exact nature of [the CIPAV's] commands, processes, capabilities and their configuration is classified as a law enforcement sensitive investigative technique," said the warrant applications.
Sanders, however, did say that after making its initial data harvest, the CIPAV would shift into a silent "pen register" mode in which it only recorded the IP addresses, dates and times of each communication. The contents of those communications -- such as e-mail messages -- would not be captured and passed to the FBI, the affidavit said.
It was also unclear exactly how Sanders expected to get the CIPAV onto the suspect's computer, although the warrant application hinted that it would be delivered through MySpace's own messaging service. "The CIPAV will be deployed through an electronic messaging program from an account controlled by the FBI," the warrant application read. "The electronic message deploying the CIPAV will only be directed to the administrator(s) of the 'Timberlinebombinfo' account [on MySpace]."
The FBI may have used an exploit -- one already in circulation or one of its own -- to plant the CIPAV on the student's machine, said Thompson. Or it might have just gone the simple route, and counted on the suspect's curiosity to get him to launch an attached file or click on a link to a malicious site.
Even if his computer had security software installed and active, the CIPAV could have gotten through, Thompson argued. "In order to evade antivirus, all you've got to do is use a new version of [a piece of malware]. The bad guys do it all the time."
It's also possible, speculated Thompson, that the FBI asked security vendors to whitelist their CIPAV to let it through any defenses. "They've always talked about things like this, whether it was Magic Lantern or Carnivore. But the last time I saw anything from [the FBI] was three, four years ago, and it was pretty rudimentary stuff."
Magic Lantern was the name given to a 2001 FBI effort to develop a keystroke and encryption keylogger. Carnivore, meanwhile, is the label for e-mail tapping software from the same time frame.
When asked if he would agree to whitelist CIPAV, or had in the past when he was with PestPatrol, an antispyware developer acquired in 2004 by CA, Thompson said: "I don't know. We never had to face that decision, because we were never asked."
Edit By: Gregg Keizer, Computerworld
7/20/2007
[Network Security]Hackers Use Brazilian Tragedy to Push Malware
Spam exploiting the deadly airplane crash in Sao Paulo lures readers to a malicious Web site.
Hackers haven't wasted any time exploiting the airplane crash in Sao Paulo, Brazil that claimed nearly 190 deaths Tuesday, a U.S. security company said Wednesday.
An e-mail campaign is using the tragedy to lure readers to a malicious Web site, reported Websense Inc. inan alert. According to Websense, the e-mail, written in Portuguese, includes details of the TAM airlines flight that crashed after trying to land at the notoriously dangerous Congonhas Airport, which is located in the middle of Sao Paulo.
"As soon as their names are confirmed, we'll notify the families before any further information becomes public, as determined by existing law," the message read, as translated by Websense. "We remind you that TAM has started its Victims and Family Assistance Program and provided a collect number 0800-117900, designed to provide information to families and crew members from this flight."
The site linked to in the e-mail, which is hosted in South Korea, has hosted malicious Brazilian code in the past, Websense said.
"If users click on the link, they are prompted to run some code. The code, when launched, is a Trojan downloader that connects to another site to download and install an information-stealing Trojan horse," warned Websense.
TAM has already released a list of the passengers and crew on the flight, as well as seven company workers it said were killed on the ground. The airline said today that 186 people were aboard the Airbus 320, reported CNN. As of mid-day today, however, police said that only eight of the 158 bodies recovered had been identified.
Cybercriminals don't hesitate to take advantage of disasters large and small to dupe users into visiting sites or opening attachments. Major spikes in spam, phishing attacks, and malware infections, for example, quickly followed such events as the December 2004 tsunami in Southeast Asia and the August 2005 landfall of Hurricane Katrina in the U.S.
Edit By: Gregg Keizer, Computerworld
Hackers haven't wasted any time exploiting the airplane crash in Sao Paulo, Brazil that claimed nearly 190 deaths Tuesday, a U.S. security company said Wednesday.
An e-mail campaign is using the tragedy to lure readers to a malicious Web site, reported Websense Inc. inan alert. According to Websense, the e-mail, written in Portuguese, includes details of the TAM airlines flight that crashed after trying to land at the notoriously dangerous Congonhas Airport, which is located in the middle of Sao Paulo.
"As soon as their names are confirmed, we'll notify the families before any further information becomes public, as determined by existing law," the message read, as translated by Websense. "We remind you that TAM has started its Victims and Family Assistance Program and provided a collect number 0800-117900, designed to provide information to families and crew members from this flight."
The site linked to in the e-mail, which is hosted in South Korea, has hosted malicious Brazilian code in the past, Websense said.
"If users click on the link, they are prompted to run some code. The code, when launched, is a Trojan downloader that connects to another site to download and install an information-stealing Trojan horse," warned Websense.
TAM has already released a list of the passengers and crew on the flight, as well as seven company workers it said were killed on the ground. The airline said today that 186 people were aboard the Airbus 320, reported CNN. As of mid-day today, however, police said that only eight of the 158 bodies recovered had been identified.
Cybercriminals don't hesitate to take advantage of disasters large and small to dupe users into visiting sites or opening attachments. Major spikes in spam, phishing attacks, and malware infections, for example, quickly followed such events as the December 2004 tsunami in Southeast Asia and the August 2005 landfall of Hurricane Katrina in the U.S.
Edit By: Gregg Keizer, Computerworld
[Network Security]Next Menace: PDF Spam
As image spam declines, a new type of pest takes its place.
Security vendors and users agree that image spam is finally on the decline, but at the same time a new kind of spam is emerging that uses an attached PDF file to trick recipients into buying stock in a company.
Image spam, which has plagued antispam filters for the past year, is finally on the decline as e-mail security vendors have tweaked their products to block it, says Paul Henry, vice president of technology evangelism with Secure Computing. Image spam has long fooled filters because the message's text is embedded in an image found in an e-mail's body, and filters until recently couldn't decipher images. At the beginning of July it comprised about 38 percent of all spam and is now down to about half that volume, says Henry.
Stats from Symantec also show the volume of image spam, which the company says began to decline in May, has continued to shrink from its all-time high of 52 percent of all spam sent in January.
"Image spam does seem to be decreasing ... Antispam software, RBLs [real-time black lists] and other filtering techniques have done a good job at decreasing the previous spammers' attempts; it is now time for them to find a new avenue to annoy us," says Jim DeSantis, enterprise messaging architect with Abhir Technical Consulting.
Beginning to take image spam's place is PDF spam, where the spammer sends an e-mail message with a PDF attached -- which most spam filters can't read -- that attempts to convince the recipient to purchase stocks. So far security vendors are reporting two types; a professional-looking PDF of a newsletter pumping a German company's stock that security company IronPort says was sent more than 5 billion times in its first few days, and a more rudimentary PDF attachment containing text that pumped a stock which Symantec says was sent to more than 30 million users over a 10-day period in late June.
So far, PDF spam isn't approaching the volumes that image spam has enjoyed -- Secure Computing's Henry says in early July it accounted for about 4 percent of all spam sent -- yet this new spam trick could prove to be significantly more malicious. Henry says proof-of-concept code exists that demonstrates security vulnerabilities in PDF files, which means PDF spam could carry malware that is secretly downloaded on the recipient's PC. Image spam was only dangerous to those recipients who bought the stock that messages were touting and likely lost money on it.
"I haven't seen any malware yet in PDF spam ...but I'm keeping my eye on it," Henry says.
PDF spam does hold some potential for spammers who are advanced enough to take advantage of the technology, some say.
"Simply attaching a PDF to an e-mail and randomizing the size and name of the title, to me, does not seem all that impressive, but it seems to be working," says Kyle Ohme, director of technology with W3i.com, an interactive marketing services provider.
"I'm interested to see how far this will go, as some may start to use some of the more advanced functions of Adobe to place beacons and other tracking mechanisms that have become limited in the past years," Ohme says.
Malware-laden or not, PDF spam is an example of how spammers will continue to innovate in order to get their messages across.
"The battle between spammers and spam-filter vendors will always be a game of cat and mouse. The tools are definitely getting smarter ... the better the tools the more creative spammers will be," says Sharon Finney, information security administrator with Dekalb Medical Center in Decatur, Ga. "I am seeing some increases in PDF spam, but no real volume yet. All spam is a nuisance regardless of the technology behind it. I don't think that any one type of spam is more of a nuisance than any other."
Edit By: Cara Garretson, NetworkWorld
Security vendors and users agree that image spam is finally on the decline, but at the same time a new kind of spam is emerging that uses an attached PDF file to trick recipients into buying stock in a company.
Image spam, which has plagued antispam filters for the past year, is finally on the decline as e-mail security vendors have tweaked their products to block it, says Paul Henry, vice president of technology evangelism with Secure Computing. Image spam has long fooled filters because the message's text is embedded in an image found in an e-mail's body, and filters until recently couldn't decipher images. At the beginning of July it comprised about 38 percent of all spam and is now down to about half that volume, says Henry.
Stats from Symantec also show the volume of image spam, which the company says began to decline in May, has continued to shrink from its all-time high of 52 percent of all spam sent in January.
"Image spam does seem to be decreasing ... Antispam software, RBLs [real-time black lists] and other filtering techniques have done a good job at decreasing the previous spammers' attempts; it is now time for them to find a new avenue to annoy us," says Jim DeSantis, enterprise messaging architect with Abhir Technical Consulting.
Beginning to take image spam's place is PDF spam, where the spammer sends an e-mail message with a PDF attached -- which most spam filters can't read -- that attempts to convince the recipient to purchase stocks. So far security vendors are reporting two types; a professional-looking PDF of a newsletter pumping a German company's stock that security company IronPort says was sent more than 5 billion times in its first few days, and a more rudimentary PDF attachment containing text that pumped a stock which Symantec says was sent to more than 30 million users over a 10-day period in late June.
So far, PDF spam isn't approaching the volumes that image spam has enjoyed -- Secure Computing's Henry says in early July it accounted for about 4 percent of all spam sent -- yet this new spam trick could prove to be significantly more malicious. Henry says proof-of-concept code exists that demonstrates security vulnerabilities in PDF files, which means PDF spam could carry malware that is secretly downloaded on the recipient's PC. Image spam was only dangerous to those recipients who bought the stock that messages were touting and likely lost money on it.
"I haven't seen any malware yet in PDF spam ...but I'm keeping my eye on it," Henry says.
PDF spam does hold some potential for spammers who are advanced enough to take advantage of the technology, some say.
"Simply attaching a PDF to an e-mail and randomizing the size and name of the title, to me, does not seem all that impressive, but it seems to be working," says Kyle Ohme, director of technology with W3i.com, an interactive marketing services provider.
"I'm interested to see how far this will go, as some may start to use some of the more advanced functions of Adobe to place beacons and other tracking mechanisms that have become limited in the past years," Ohme says.
Malware-laden or not, PDF spam is an example of how spammers will continue to innovate in order to get their messages across.
"The battle between spammers and spam-filter vendors will always be a game of cat and mouse. The tools are definitely getting smarter ... the better the tools the more creative spammers will be," says Sharon Finney, information security administrator with Dekalb Medical Center in Decatur, Ga. "I am seeing some increases in PDF spam, but no real volume yet. All spam is a nuisance regardless of the technology behind it. I don't think that any one type of spam is more of a nuisance than any other."
Edit By: Cara Garretson, NetworkWorld
7/19/2007
[Network Security]How Do I Get Malware Off My PC Once and for All?
Also: Print on both sides of your paper; pull up a report on all your drivers.
Q. My PC caught a spyware infection that replicates itself even after I've deleted it from the Windows Registry. I've tried all the spyware-removal tools I could find, but I am still unable to get rid of it.
Myron Oglesby, Rockaway, New Jersey
A. If scanning with multiple antispyware programs doesn't remove it, try using Windows' System Restore feature (note that Windows 2000 lacks System Restore). Select Start, Programs (or All Programs), Accessories, System Tools, System Restore. Choose Restore my computer to an earlier time, click Next, pick the earliest Restore Point available on the displayed calendar, and follow the prompts.
Should System Restore fail to solve the problem, your next steps are to reboot your PC and press before your monitor switches resolution as Windows loads. At the resulting menu, select Safe Mode with a Command Prompt, and then pick your operating system. At the command prompt, type C:\windows\system32\restore\rstrui.exe, press , and try running System Restore from there.
If your PC is still infected after this, I must make like Dear Abby and recommend that you seek the assistance of a professional. Contact the support desks of your various security software vendors, one of which may have the solution.
For the community approach to support, download the free HijackThis and run it to create a very technical report on your system's suspicious Windows behavior (see FIGURE 1). Post this report on one of the many Web forums frequented by people who may be able to make heads or tails of it. Both TechSoup and Spyware Warrior have excellent forums with helpful participants.
If all else fails, back up your data folders and get ready to reformat the PC's hard drive and restore your system from a full backup. If you don't have an image backup of your drive, you'll have to reinstall Windows, install and update your malware protection, and restore your data from the backup. See "Move All of Your Valuable Data to a New Partition" for a list of the folders that likely contain your data. Instead of moving the folders (as that tip suggests), copy them to CDs, DVDs, or an external hard drive.
Of course, reformatting and restoring your drive is easiest if you've been using a backup program with good disaster recovery features. Image backup programs such as Acronis's $50 True Image and Symantec's $70 Norton Save & Restore (which replaces the company's venerable Ghost utility) are particularly adept at drive restoration, allowing you to restore the entire drive from a preinfection backup.
If you don't have a good system backup, reinstall Windows using the restore disc or Windows CD that came with your system, selecting an option that will destroy everything on your hard drive (a good idea in this particular case). You'll also have to reset your Internet connection, and reinstall your hardware drivers and applications. You can view our video tip, on reinstalling Windows XP.
Once you have Windows and your programs back in place, you'll have to update all of your security utilities, and then scan the backup of your data folders with your antivirus program before moving the files back to your hard drive.
Q. My PC caught a spyware infection that replicates itself even after I've deleted it from the Windows Registry. I've tried all the spyware-removal tools I could find, but I am still unable to get rid of it.
Myron Oglesby, Rockaway, New Jersey
A. If scanning with multiple antispyware programs doesn't remove it, try using Windows' System Restore feature (note that Windows 2000 lacks System Restore). Select Start, Programs (or All Programs), Accessories, System Tools, System Restore. Choose Restore my computer to an earlier time, click Next, pick the earliest Restore Point available on the displayed calendar, and follow the prompts.
Should System Restore fail to solve the problem, your next steps are to reboot your PC and press
If your PC is still infected after this, I must make like Dear Abby and recommend that you seek the assistance of a professional. Contact the support desks of your various security software vendors, one of which may have the solution.
For the community approach to support, download the free HijackThis and run it to create a very technical report on your system's suspicious Windows behavior (see FIGURE 1). Post this report on one of the many Web forums frequented by people who may be able to make heads or tails of it. Both TechSoup and Spyware Warrior have excellent forums with helpful participants.
If all else fails, back up your data folders and get ready to reformat the PC's hard drive and restore your system from a full backup. If you don't have an image backup of your drive, you'll have to reinstall Windows, install and update your malware protection, and restore your data from the backup. See "Move All of Your Valuable Data to a New Partition" for a list of the folders that likely contain your data. Instead of moving the folders (as that tip suggests), copy them to CDs, DVDs, or an external hard drive.
Of course, reformatting and restoring your drive is easiest if you've been using a backup program with good disaster recovery features. Image backup programs such as Acronis's $50 True Image and Symantec's $70 Norton Save & Restore (which replaces the company's venerable Ghost utility) are particularly adept at drive restoration, allowing you to restore the entire drive from a preinfection backup.
If you don't have a good system backup, reinstall Windows using the restore disc or Windows CD that came with your system, selecting an option that will destroy everything on your hard drive (a good idea in this particular case). You'll also have to reset your Internet connection, and reinstall your hardware drivers and applications. You can view our video tip, on reinstalling Windows XP.
Once you have Windows and your programs back in place, you'll have to update all of your security utilities, and then scan the backup of your data folders with your antivirus program before moving the files back to your hard drive.
[Security Articles]The Simple Way to Keep Your Private Files Private
Make encrypted files stand out, control access to secure files, and a freebie turns folders invisible.
There's only one way to keep your files truly confidential: Encrypt them. The Encrypting File System (EFS) in most versions of Windows Vista, XP, and 2000 scrambles the contents of files and folders, making it very difficult for snoops to read them. It's easy to make encryption a part of your security arsenal.
Get ready to encrypt: EFS is in Windows Vista Business, Enterprise, and Ultimate; XP Pro; and Windows 2000. XP Home lacks EFS, and Vista Starter, Home Basic, and Home Premium allow only decryption--so you can read encrypted files but not encrypt them. To use EFS on a partition, that partition must be formatted using the NTFS file system. Not using NTFS? The switch is easy. See "Go With the NTFS Flow" (the same steps work in Vista). Also, encryption requires that you use a password-protected account.
Stow your files: To encrypt a file or folder, right-click it in Explorer or any folder window and choose Properties (you can also right-click a group selection to encrypt several files or folders at once). In the General tab, click Advanced, check Encrypt contents to secure data, and click OK twice. If you're encrypting a folder, you'll be asked if you want to encrypt its files and subfolders, as well. Once encrypted, the files or folders will work like any others on your system; you don't have to use any special passwords to open or save them. Other user accounts on the PC, and other PCs on the network, can't view the file contents. Only someone who is logged in to your account with your password can access these files.
Streamline the steps: You can shorten the process by adding an Encrypt command to your right-click context menu (the command switches to Decrypt when you right-click encrypted files). You can do this in XP with a quick Registry edit, but you might find it easier and safer to use Tweak UI, a free PowerToy from Microsoft. If you already have Tweak UI on your system, you may need to upgrade to a more recent version. Once Tweak UI is downloaded, installed, and running, select Explorer in the left pane, scroll through the options on the right, and check Show "Encrypt" on context menu. Click OK. Now when you right-click an unencrypted file, you'll see a new command: Encrypt (or Decrypt if you've selected an encrypted item). Choose that option, and respond to any prompts. As of this writing, Tweak UI was incompatible with Windows Vista. However, Totalidea Software's free TweakVI Basic utility allows you to tweak many Vista settings, letting you add the Encrypt/Decrypt commands to the context menu.
Edit By: Scot Dunn and Scott Spanbauer
There's only one way to keep your files truly confidential: Encrypt them. The Encrypting File System (EFS) in most versions of Windows Vista, XP, and 2000 scrambles the contents of files and folders, making it very difficult for snoops to read them. It's easy to make encryption a part of your security arsenal.
Get ready to encrypt: EFS is in Windows Vista Business, Enterprise, and Ultimate; XP Pro; and Windows 2000. XP Home lacks EFS, and Vista Starter, Home Basic, and Home Premium allow only decryption--so you can read encrypted files but not encrypt them. To use EFS on a partition, that partition must be formatted using the NTFS file system. Not using NTFS? The switch is easy. See "Go With the NTFS Flow" (the same steps work in Vista). Also, encryption requires that you use a password-protected account.
Stow your files: To encrypt a file or folder, right-click it in Explorer or any folder window and choose Properties (you can also right-click a group selection to encrypt several files or folders at once). In the General tab, click Advanced, check Encrypt contents to secure data, and click OK twice. If you're encrypting a folder, you'll be asked if you want to encrypt its files and subfolders, as well. Once encrypted, the files or folders will work like any others on your system; you don't have to use any special passwords to open or save them. Other user accounts on the PC, and other PCs on the network, can't view the file contents. Only someone who is logged in to your account with your password can access these files.
Streamline the steps: You can shorten the process by adding an Encrypt command to your right-click context menu (the command switches to Decrypt when you right-click encrypted files). You can do this in XP with a quick Registry edit, but you might find it easier and safer to use Tweak UI, a free PowerToy from Microsoft. If you already have Tweak UI on your system, you may need to upgrade to a more recent version. Once Tweak UI is downloaded, installed, and running, select Explorer in the left pane, scroll through the options on the right, and check Show "Encrypt" on context menu. Click OK. Now when you right-click an unencrypted file, you'll see a new command: Encrypt (or Decrypt if you've selected an encrypted item). Choose that option, and respond to any prompts. As of this writing, Tweak UI was incompatible with Windows Vista. However, Totalidea Software's free TweakVI Basic utility allows you to tweak many Vista settings, letting you add the Encrypt/Decrypt commands to the context menu.
Edit By: Scot Dunn and Scott Spanbauer
7/16/2007
[PC Security]Protect Your PC on Zero Day
1 Strategies to keep your PC safe when patches aren't available.
Zero-day exploits hit vulnerabilities in a program that the software's maker has not had time to patch yet. But even during this time of exposure, you have ways to help keep your computer safe.
1. Get rid of Internet Explorer 6. One of the best moves you can make to improve Internet safety is to ditch Microsoft's notoriously hole-infested browser. No program is completely safe, of course; but whether because it is inherently vulnerable or because its massive user base makes it an attractive target, IE 6 might as well have a giant bull's-eye painted on it. Upgrade to IE 7 or to an alternative browser such as Firefox or Opera.
2. Try alternatives to other programs that have been targeted by zero-day attacks. The free Foxit program displays PDFs, for instance, and OpenOffice works with many Office documents.
3. Enable automatic updates for Windows and other programs whenever possible. Patches won't help against zero-day incursions, but major vulnerabilities tend to remain targets even after the fixes are released, precisely because attackers know that many people don't bother patching. To check and change your Windows Update settings, click Automatic Updates in the Control Panel. To keep up with the changes to your system, we recommend choosing Download updates for me, but let me choose when to install them.
Other programs make it more or less easy to find automatic-update settings. For example, in Firefox, head to Tools, Options, Advanced, and select the Update tab (again, we recommend selecting Ask me what I want to do as the standard course of action when Firefox finds updates). To find the settings in Adobe Reader, you'll need to check manually for updates under the Help menu, and then click the Preferences button.
Additional Tips
4. Consider choosing antivirus programs or security suites that include heuristic and/or behavioral analysis to protect your PC against as-yet-unknown dangers. Apps that are designed to perform these types of analyses supplement the more traditional signature-based antivirus software, which by definition must be aware of a threat before it can protect against it.
5. Make sure that a firewall--either Windows XP's or a third party's--is running on your PC. Firewalls block malicious worms that could otherwise scan your computer for unpatched vulnerabilities and then try to break in at a weak point. To see whether your PC is running Windows XP's firewall already, go to the Control Panel, open the Security Center, and click the Windows Firewall link. Most broadband routers also act as a firewall.
6. Use a preventive-measure program such as DropMyRights to supplement your antivirus software or security suite. More and more utilities, both free and commercial, change the way vulnerable programs run to increase the likelihood that even a zero-day attack might not harm or even access the rest of your computer. We evaluate such programs in "Disarm Net Threats."
7. Stay informed. The PC World Spyware & Security Info Center carries the latest news on emerging threats, plus safety advice and security product reviews. Other good information sources include the Securitysofts Web site and a security blog.
Edit By:Erik Larkin
Zero-day exploits hit vulnerabilities in a program that the software's maker has not had time to patch yet. But even during this time of exposure, you have ways to help keep your computer safe.
1. Get rid of Internet Explorer 6. One of the best moves you can make to improve Internet safety is to ditch Microsoft's notoriously hole-infested browser. No program is completely safe, of course; but whether because it is inherently vulnerable or because its massive user base makes it an attractive target, IE 6 might as well have a giant bull's-eye painted on it. Upgrade to IE 7 or to an alternative browser such as Firefox or Opera.
2. Try alternatives to other programs that have been targeted by zero-day attacks. The free Foxit program displays PDFs, for instance, and OpenOffice works with many Office documents.
3. Enable automatic updates for Windows and other programs whenever possible. Patches won't help against zero-day incursions, but major vulnerabilities tend to remain targets even after the fixes are released, precisely because attackers know that many people don't bother patching. To check and change your Windows Update settings, click Automatic Updates in the Control Panel. To keep up with the changes to your system, we recommend choosing Download updates for me, but let me choose when to install them.
Other programs make it more or less easy to find automatic-update settings. For example, in Firefox, head to Tools, Options, Advanced, and select the Update tab (again, we recommend selecting Ask me what I want to do as the standard course of action when Firefox finds updates). To find the settings in Adobe Reader, you'll need to check manually for updates under the Help menu, and then click the Preferences button.
Additional Tips
4. Consider choosing antivirus programs or security suites that include heuristic and/or behavioral analysis to protect your PC against as-yet-unknown dangers. Apps that are designed to perform these types of analyses supplement the more traditional signature-based antivirus software, which by definition must be aware of a threat before it can protect against it.
5. Make sure that a firewall--either Windows XP's or a third party's--is running on your PC. Firewalls block malicious worms that could otherwise scan your computer for unpatched vulnerabilities and then try to break in at a weak point. To see whether your PC is running Windows XP's firewall already, go to the Control Panel, open the Security Center, and click the Windows Firewall link. Most broadband routers also act as a firewall.
6. Use a preventive-measure program such as DropMyRights to supplement your antivirus software or security suite. More and more utilities, both free and commercial, change the way vulnerable programs run to increase the likelihood that even a zero-day attack might not harm or even access the rest of your computer. We evaluate such programs in "Disarm Net Threats."
7. Stay informed. The PC World Spyware & Security Info Center carries the latest news on emerging threats, plus safety advice and security product reviews. Other good information sources include the Securitysofts Web site and a security blog.
Edit By:Erik Larkin
7/15/2007
[PC Security]The Ten Commandments of PC Security
- Fight off nasty viruses, worms, and Trojan horses by following these simple rules.
Contributing editor and award-winning journalist Daniel Tynan writes PC World's monthly Gadget Freak column.
And it was written (by Bill Gates, et al): Thou shalt use a Windows PC to do thy work and it will be good.
But Windows computers are vulnerable to plagues of biblical proportions: viruses that bring down entire networks, e-mail worms that replicate at lightning speed, Trojan horses that hide inside otherwise innocent programs, hackers that take over computers, and more.
Fortunately, archeologists have recently unearthed two stone tablets from a garage near Cupertino, California that can help deliver us from such evils. We present their guidelines here, along with interpretations from our brothers and sisters in the PC security choir.
I. Remember thy antivirus software and keep it updated. It's not enough to have the software installed (if you don't have an antivirus package, stop reading right now and get one); you also need to keep up with new viruses as they emerge. "Your antivirus software is only as good as your latest virus definitions set," says Kelly Martin, senior product manager for Symantec's Norton AntiVirus. Programs like Symantec's Norton AntiVirus ($39.99) and Network Associates' McAfee VirusScan ($35 to $60) can automatically update their virus signature databases, but it costs an additional $20 to $35 for ongoing annual subscriptions.
II. Thou shalt not covet thy neighbor's attachments. You get a message you think is from a friend with what looks like a cool file attached, so you click on it. Next thing you know, you're Typhoid Mary, spewing out infected e-mails to everyone in your address book. That's how the Sobig.F worm spread--and it happened so quickly that millions of copies got out before the antivirus companies could update their databases.
"Never trust an e-mail 'from' address," adds Chris Wysopal, director of research for security consultants @Stake. "And never open an attachment without verifying it was sent by a trusted person, and they meant to send it to you."
III. Avoideth bogus file downloads. Be wary of any Web site that requires you to download software to view a page, unless it's something familiar like a Flash plug-in or Acrobat Reader. The file may contain a virus, a Trojan horse, or some auto-dialer that calls pay-per-minute numbers via your modem and racks up huge charges.
"Do not install software via the Web unless you are absolutely sure what it is and that you trust the company you are downloading it from," warns @Stake's Wysopal.
IV. Smite spyware and pop-ups. Like Trojan horse programs, spyware secretly installs itself when you download software like file-swapping applications; it tracks your movements online and delivers ads based on where you surf. Pop-up ads can also exploit security flaws in Internet Explorer, like the recent Qhost Trojan that hijacked users' browsers after they viewed an ad on the Fortune City Web site. Fortunately, there are tools that can protect you: For example, Ad-aware ($39.95) blocks spyware and StopZilla ($29.95) takes care of pop-up ads. Some antivirus software and security suites also stop spyware and pop-ups in their tracks.
V. Thou shalt foil spammers. Unsolicited commercial e-mail is more than just a nuisance; it's also a major source of virus infections. In fact, some versions of Sobig are designed to turn infected PCs into zombie machines that can be used to send spam. A good filter like Symantec's Norton AntiSpam 2004 ($40), Network Associates' McAfee SpamKiller 5 ($40 to $50), or Sunbelt Software's IHateSpam ($20) help trap the nasties your antivirus software might miss.
VI. Keep thy operating system patched. E-mail-borne worms and other scourges like to exploit security holes in your software--namely Windows and other Microsoft programs. These days Microsoft issues so many critical updates to fix these flaws that many users ignore them. Don't. Last January, the Slammer worm exploited a vulnerability that Microsoft had fixed more than six months before. But thousands of infected computers--including some at Microsoft--didn't have the patch installed. Run the Windows Update program once a week and whenever Microsoft issues a warning.
"Until we see automated patch management software, users will simply have to stay up to date," says Thor Larholm, senior security researcher at PivX Solutions.
VII. Maketh a rescue disk and keep it handy. When things go bad, a boot or rescue disk is your first step to recovery. At minimum, you'll want to put the basic elements of your operating system on a floppy disk or Zip media, so you can bypass the hard disk at start-up. To find out how, read "Hardware Tips: Create Your Own Emergency Boot Disk." A better idea: Use your antivirus program to create a rescue disk you can use when your system gets infected. Label it with a date and store it near your system where you won't lose it.
VIII. Be not taken in by false claims. There are more hoaxers than hackers on the Internet, and more bogus "e-mail virus alerts" than actual viruses. Even real virus threats are typically blown out of proportion by the media. A phony warning could cause you to delete harmless files and then forward the message to others, clogging e-mail servers and causing virus-like damage in the process. When you get one of these e-mails (or see yet another breathless news story), check it out first. Type the name of the alleged virus into a search engine to see if any of the major security vendors have issued an alert, and visit the virus hoax pages at F-Secure and Hoaxbusters.
IX. Honor thy firewall. A firewall is like a bouncer for your computer--it checks every ID at the door and won't let anything in or out until you give the thumbs up. So a hacker can't access personal information on your hard drive, and a Trojan horse keystroke logger (a stealth program that monitors the characters you type) can't steal your passwords and transmit them over the Net. Symantec and Network Associates both offer personal firewall packages for $35 to $50, while Zone Labs offers a no-frills version of its ZoneAlarm software firewall for free. But a better deal is an Internet security suite that combines antivirus, firewall, ad blockers, spam fighting, and other useful apps; most cost between $60 to $80. For a review of suites from Symantec and Network Associates, read "Extra-Suite Virus and Spam Protection."
X. Maketh backups and keep them holy. Simply put: Back up your data files at least weekly (daily if you're running a business). Even if you fall victim to a virus or hacker attack, you'll escape with only minor damage. Fail to keep a recent backup though, and you'll go straight to hell--at least, that's how it will feel.
Edit By: Daniel Tynan
Contributing editor and award-winning journalist Daniel Tynan writes PC World's monthly Gadget Freak column.
And it was written (by Bill Gates, et al): Thou shalt use a Windows PC to do thy work and it will be good.
But Windows computers are vulnerable to plagues of biblical proportions: viruses that bring down entire networks, e-mail worms that replicate at lightning speed, Trojan horses that hide inside otherwise innocent programs, hackers that take over computers, and more.
Fortunately, archeologists have recently unearthed two stone tablets from a garage near Cupertino, California that can help deliver us from such evils. We present their guidelines here, along with interpretations from our brothers and sisters in the PC security choir.
I. Remember thy antivirus software and keep it updated. It's not enough to have the software installed (if you don't have an antivirus package, stop reading right now and get one); you also need to keep up with new viruses as they emerge. "Your antivirus software is only as good as your latest virus definitions set," says Kelly Martin, senior product manager for Symantec's Norton AntiVirus. Programs like Symantec's Norton AntiVirus ($39.99) and Network Associates' McAfee VirusScan ($35 to $60) can automatically update their virus signature databases, but it costs an additional $20 to $35 for ongoing annual subscriptions.
II. Thou shalt not covet thy neighbor's attachments. You get a message you think is from a friend with what looks like a cool file attached, so you click on it. Next thing you know, you're Typhoid Mary, spewing out infected e-mails to everyone in your address book. That's how the Sobig.F worm spread--and it happened so quickly that millions of copies got out before the antivirus companies could update their databases.
"Never trust an e-mail 'from' address," adds Chris Wysopal, director of research for security consultants @Stake. "And never open an attachment without verifying it was sent by a trusted person, and they meant to send it to you."
III. Avoideth bogus file downloads. Be wary of any Web site that requires you to download software to view a page, unless it's something familiar like a Flash plug-in or Acrobat Reader. The file may contain a virus, a Trojan horse, or some auto-dialer that calls pay-per-minute numbers via your modem and racks up huge charges.
"Do not install software via the Web unless you are absolutely sure what it is and that you trust the company you are downloading it from," warns @Stake's Wysopal.
IV. Smite spyware and pop-ups. Like Trojan horse programs, spyware secretly installs itself when you download software like file-swapping applications; it tracks your movements online and delivers ads based on where you surf. Pop-up ads can also exploit security flaws in Internet Explorer, like the recent Qhost Trojan that hijacked users' browsers after they viewed an ad on the Fortune City Web site. Fortunately, there are tools that can protect you: For example, Ad-aware ($39.95) blocks spyware and StopZilla ($29.95) takes care of pop-up ads. Some antivirus software and security suites also stop spyware and pop-ups in their tracks.
V. Thou shalt foil spammers. Unsolicited commercial e-mail is more than just a nuisance; it's also a major source of virus infections. In fact, some versions of Sobig are designed to turn infected PCs into zombie machines that can be used to send spam. A good filter like Symantec's Norton AntiSpam 2004 ($40), Network Associates' McAfee SpamKiller 5 ($40 to $50), or Sunbelt Software's IHateSpam ($20) help trap the nasties your antivirus software might miss.
VI. Keep thy operating system patched. E-mail-borne worms and other scourges like to exploit security holes in your software--namely Windows and other Microsoft programs. These days Microsoft issues so many critical updates to fix these flaws that many users ignore them. Don't. Last January, the Slammer worm exploited a vulnerability that Microsoft had fixed more than six months before. But thousands of infected computers--including some at Microsoft--didn't have the patch installed. Run the Windows Update program once a week and whenever Microsoft issues a warning.
"Until we see automated patch management software, users will simply have to stay up to date," says Thor Larholm, senior security researcher at PivX Solutions.
VII. Maketh a rescue disk and keep it handy. When things go bad, a boot or rescue disk is your first step to recovery. At minimum, you'll want to put the basic elements of your operating system on a floppy disk or Zip media, so you can bypass the hard disk at start-up. To find out how, read "Hardware Tips: Create Your Own Emergency Boot Disk." A better idea: Use your antivirus program to create a rescue disk you can use when your system gets infected. Label it with a date and store it near your system where you won't lose it.
VIII. Be not taken in by false claims. There are more hoaxers than hackers on the Internet, and more bogus "e-mail virus alerts" than actual viruses. Even real virus threats are typically blown out of proportion by the media. A phony warning could cause you to delete harmless files and then forward the message to others, clogging e-mail servers and causing virus-like damage in the process. When you get one of these e-mails (or see yet another breathless news story), check it out first. Type the name of the alleged virus into a search engine to see if any of the major security vendors have issued an alert, and visit the virus hoax pages at F-Secure and Hoaxbusters.
IX. Honor thy firewall. A firewall is like a bouncer for your computer--it checks every ID at the door and won't let anything in or out until you give the thumbs up. So a hacker can't access personal information on your hard drive, and a Trojan horse keystroke logger (a stealth program that monitors the characters you type) can't steal your passwords and transmit them over the Net. Symantec and Network Associates both offer personal firewall packages for $35 to $50, while Zone Labs offers a no-frills version of its ZoneAlarm software firewall for free. But a better deal is an Internet security suite that combines antivirus, firewall, ad blockers, spam fighting, and other useful apps; most cost between $60 to $80. For a review of suites from Symantec and Network Associates, read "Extra-Suite Virus and Spam Protection."
X. Maketh backups and keep them holy. Simply put: Back up your data files at least weekly (daily if you're running a business). Even if you fall victim to a virus or hacker attack, you'll escape with only minor damage. Fail to keep a recent backup though, and you'll go straight to hell--at least, that's how it will feel.
Edit By: Daniel Tynan
[Network security]E-Mail to Many Without Looking Like a Spammer
- Your e-mail service may limit the addresses you can send to at once. Here's how to get around such restrictions. Plus, the etiquette of blind carbon copies.
E-mail is a terrific way to get an important message out to lots of people fast. But spam has made Internet service providers wary of mail addressed to a multitude of recipients. I recently tried to send a communication to several hundred members of a group I'm associated with. My ISP sent the message to a handful of the addressees, dumped the rest, and sent me an error message that listed, incorrectly, who had and who had not received my message. In short, it was a mess.
Most e-mail services limit the number of addresses you can stuff into your outgoing messages' To:, Cc:, and Bcc: fields (the last is the masked "blind carbon copy" option). You may be restricted to as few as 100, 50, or even 25 addresses in these three fields combined. Some companies also throttle your overall e-mail output: Generate more than 1000 messages a day through your Comcast account, for example, and the ISP will freeze it for 24 hours, on the assumption that your PC has been infected by spam-spewing malware.
Make a Distribution List
You can circumvent these limitations. If you communicate primarily with people in your e-mail program's contacts list or address book, split the entries into mailing-list groups whose numbers stay under your service's limits. In Outlook 2003 and 2007, for example, select Contacts, and choose Actions, New Distribution List to create such a list. To do the same thing in Outlook Express 6, click Addresses to open the Address Book, and select File, New Group. In Mozilla Thunderbird 1.5, choose Address Book, New List. One simple way to split up lists is to group them alphabetically--A to L and M to Z, for example.
E-mail is a terrific way to get an important message out to lots of people fast. But spam has made Internet service providers wary of mail addressed to a multitude of recipients. I recently tried to send a communication to several hundred members of a group I'm associated with. My ISP sent the message to a handful of the addressees, dumped the rest, and sent me an error message that listed, incorrectly, who had and who had not received my message. In short, it was a mess.
Most e-mail services limit the number of addresses you can stuff into your outgoing messages' To:, Cc:, and Bcc: fields (the last is the masked "blind carbon copy" option). You may be restricted to as few as 100, 50, or even 25 addresses in these three fields combined. Some companies also throttle your overall e-mail output: Generate more than 1000 messages a day through your Comcast account, for example, and the ISP will freeze it for 24 hours, on the assumption that your PC has been infected by spam-spewing malware.
Make a Distribution List
You can circumvent these limitations. If you communicate primarily with people in your e-mail program's contacts list or address book, split the entries into mailing-list groups whose numbers stay under your service's limits. In Outlook 2003 and 2007, for example, select Contacts, and choose Actions, New Distribution List to create such a list. To do the same thing in Outlook Express 6, click Addresses to open the Address Book, and select File, New Group. In Mozilla Thunderbird 1.5, choose Address Book, New List. One simple way to split up lists is to group them alphabetically--A to L and M to Z, for example.
[Other Security]Five Ways to Safeguard Your Digital Camera
- Prevent lens scratches, protect the LCD, add protective skins, and more.
More Tips for Protecting Your Camera
Keep the water away: Digital cameras and water don't get along. If you're trekking outdoors and want to shoot in any weather, consider dressing your camera in a rain cape. Ewa-marine offers various capes for large and small cameras that protect the body but leave the lens exposed ($20 to $200).
A rain cape will deflect drizzle away, but it won't help you if your camera takes a plunge while you're kayaking or snorkeling. If you want your camera to survive short- or long-term submersion, get a watertight enclosure. Traditional watertight camera housings cost hundreds or even thousands of dollars, but Aquapac sells an inexpensive, flexible, plastic bag case ($30 to $120) that keeps your camera safe to a depth of about 10 feet.
Safeguard your photos: No matter how careful you are, accidents can happen. Though you might lose your camera at the end of a long trip, you can make sure that your photos aren't a casualty as well. For extended journeys where lots of photos are at risk, consider using a pocket-size external hard drive to back up your shots. One of my favorites is Digital Foci's Photo Safe ($149 with 40GB; also in 80GB and 120GB capacities). The device's multiformat USB 2.0 memory-card reader supports all common formats. And you can carry fewer memory cards, because you can transfer each day's images from a single card.
Edit By:Dave Johnson
More Tips for Protecting Your Camera
Keep the water away: Digital cameras and water don't get along. If you're trekking outdoors and want to shoot in any weather, consider dressing your camera in a rain cape. Ewa-marine offers various capes for large and small cameras that protect the body but leave the lens exposed ($20 to $200).
A rain cape will deflect drizzle away, but it won't help you if your camera takes a plunge while you're kayaking or snorkeling. If you want your camera to survive short- or long-term submersion, get a watertight enclosure. Traditional watertight camera housings cost hundreds or even thousands of dollars, but Aquapac sells an inexpensive, flexible, plastic bag case ($30 to $120) that keeps your camera safe to a depth of about 10 feet.
Safeguard your photos: No matter how careful you are, accidents can happen. Though you might lose your camera at the end of a long trip, you can make sure that your photos aren't a casualty as well. For extended journeys where lots of photos are at risk, consider using a pocket-size external hard drive to back up your shots. One of my favorites is Digital Foci's Photo Safe ($149 with 40GB; also in 80GB and 120GB capacities). The device's multiformat USB 2.0 memory-card reader supports all common formats. And you can carry fewer memory cards, because you can transfer each day's images from a single card.
Edit By:Dave Johnson
7/13/2007
[PC Technology]Vista Power Tips From a Microsoft Guru
These hidden tools will help you get maximum performance from your Vista PC.
Want to know what's going on behind the surface of your Windows Vista PC--and how to make it run better? Beyond the eye candy of the Aero interface lie some new tools that will help you monitor and maximize the performance of your system.
We got a look at some of these tools from one of Microsoft's own übergeeks, Mark Russinovich, at the recent Windows Hardware Engineering Conference (WinHEC). If you've been serious about digging into the inner workings of Windows, there's a good chance you've used a tool created by Russinovich. He founded Sysinternals, a company that developed Process Explorer, a much more powerful version of Windows Task Manager, as well as a slew of other utilities. Sysinternals was bought by Microsoft last year.
Here are a few of Russinovich's favorite Vista tools:
Performance monitoring:Russinovich uses Vista's Resource Overview, a nicely upgraded utility that provides at-a-glance system performance charts for CPU, disk, network, and memory usage. Clicking any of the four charts provides detailed information on how much each resource is being used by currently running tasks. Preston Gralla has written about it for PC World, along with the companion Reliability monitor tool, which can quickly show all program, hardware, and OS failures, as well as software installs and uninstalls. The Reliability Monitor can show, for instance, how many times a particular program has crashed. You can reach both monitoring tools through the Reliability and Performance Monitor toolset by clicking Start and typing perfmon in the Start Search box.
CPU cycle usage:One thing you won't see in these built-in monitors is Vista's new ability to measure and report a program's processor usage based on CPU cycles over the entire time the program has been in use. Russinovich says such a report can provide a more accurate view of the drain on CPU resources than you can get in XP, whose Task Manager only shows how much of the CPU a process is using at that moment.
To see the new data, download and unzip the Process Explorer utility. Right-click one of the column headings (such as 'Process') and click Select Columns. Choose the Process Performance tab, and then CPU Cycles. You can sort the display by that column and see which programs have eaten up the most CPU resources.
SuperFetch RAM usage: If you do keep an eye on Vista's system performance stats, don't be surprised to see the reported amount of free RAM drop steadily over time, even if you're not opening new files or programs. This trend can sometimes indicate a memory-guzzling program bug, but Russinovich says you'll also see it as a result of the beneficial SuperFetch feature, which attempts to learn which tasks you'll perform at certain times and preload that task's data into available physical memory for faster performance.
Multimedia prioritization: If you use Windows Media Player in Vista, you won't need to worry as much about your music or videos skipping if you weigh down your computer with other, resource-intensive programs. Vista prioritizes Media Player to give it precedence over other tasks so that your tunes and movies play smoothly even when the PC is busy. Other apps should be able to take advantage of this functionality as well, but I haven't yet heard from Apple whether iTunes does. You can read my blog for more on this new feature.
Network open cancellation: In XP, if you tried to access files on servers on your work or home network that were temporarily unavailable, your system would seize up, and you'd have to twiddle your thumbs until Windows decided it wasn't going to hear back from the down server. Vista allows you to interrupt these network access attempts by clicking the Cancel button in file-open dialog boxes, or by pressing-C if you're a serious techie and can run things from the command line.
Rearranging the taskbar: This last tip isn't specific to Vista, but I noticed it on the Vista laptop Russinovich used for his second talk. You already know you can right-click the taskbar on XP or Vista, deselect Lock the Taskbar, and bump up its size to two rows. What I didn't know is that you can then set it so that your Quick Launch icons get a whole taskbar row to themselves. To do this, position your mouse cursor over the dotted Quick Launch border (the cursor will change to the resize arrow). Click and hold the left mouse button, and then drag the Quick Launch region below the task list. Getting it into the right position can be a bit tricky and may take a few tries, but it works best for me to pull it down and to the right.
For more tips on Vista and XP, check out "Windows Tips for Everyone." And if you really want to dig deep into Vista, Russinovich has a three-part article posted at Microsoft's TechNet site titled "Inside the Windows Vista Kernel."
Edit By: Erik Larkin
Want to know what's going on behind the surface of your Windows Vista PC--and how to make it run better? Beyond the eye candy of the Aero interface lie some new tools that will help you monitor and maximize the performance of your system.
We got a look at some of these tools from one of Microsoft's own übergeeks, Mark Russinovich, at the recent Windows Hardware Engineering Conference (WinHEC). If you've been serious about digging into the inner workings of Windows, there's a good chance you've used a tool created by Russinovich. He founded Sysinternals, a company that developed Process Explorer, a much more powerful version of Windows Task Manager, as well as a slew of other utilities. Sysinternals was bought by Microsoft last year.
Here are a few of Russinovich's favorite Vista tools:
Performance monitoring:Russinovich uses Vista's Resource Overview, a nicely upgraded utility that provides at-a-glance system performance charts for CPU, disk, network, and memory usage. Clicking any of the four charts provides detailed information on how much each resource is being used by currently running tasks. Preston Gralla has written about it for PC World, along with the companion Reliability monitor tool, which can quickly show all program, hardware, and OS failures, as well as software installs and uninstalls. The Reliability Monitor can show, for instance, how many times a particular program has crashed. You can reach both monitoring tools through the Reliability and Performance Monitor toolset by clicking Start and typing perfmon in the Start Search box.
CPU cycle usage:One thing you won't see in these built-in monitors is Vista's new ability to measure and report a program's processor usage based on CPU cycles over the entire time the program has been in use. Russinovich says such a report can provide a more accurate view of the drain on CPU resources than you can get in XP, whose Task Manager only shows how much of the CPU a process is using at that moment.
To see the new data, download and unzip the Process Explorer utility. Right-click one of the column headings (such as 'Process') and click Select Columns. Choose the Process Performance tab, and then CPU Cycles. You can sort the display by that column and see which programs have eaten up the most CPU resources.
SuperFetch RAM usage: If you do keep an eye on Vista's system performance stats, don't be surprised to see the reported amount of free RAM drop steadily over time, even if you're not opening new files or programs. This trend can sometimes indicate a memory-guzzling program bug, but Russinovich says you'll also see it as a result of the beneficial SuperFetch feature, which attempts to learn which tasks you'll perform at certain times and preload that task's data into available physical memory for faster performance.
Multimedia prioritization: If you use Windows Media Player in Vista, you won't need to worry as much about your music or videos skipping if you weigh down your computer with other, resource-intensive programs. Vista prioritizes Media Player to give it precedence over other tasks so that your tunes and movies play smoothly even when the PC is busy. Other apps should be able to take advantage of this functionality as well, but I haven't yet heard from Apple whether iTunes does. You can read my blog for more on this new feature.
Network open cancellation: In XP, if you tried to access files on servers on your work or home network that were temporarily unavailable, your system would seize up, and you'd have to twiddle your thumbs until Windows decided it wasn't going to hear back from the down server. Vista allows you to interrupt these network access attempts by clicking the Cancel button in file-open dialog boxes, or by pressing
Rearranging the taskbar: This last tip isn't specific to Vista, but I noticed it on the Vista laptop Russinovich used for his second talk. You already know you can right-click the taskbar on XP or Vista, deselect Lock the Taskbar, and bump up its size to two rows. What I didn't know is that you can then set it so that your Quick Launch icons get a whole taskbar row to themselves. To do this, position your mouse cursor over the dotted Quick Launch border (the cursor will change to the resize arrow). Click and hold the left mouse button, and then drag the Quick Launch region below the task list. Getting it into the right position can be a bit tricky and may take a few tries, but it works best for me to pull it down and to the right.
For more tips on Vista and XP, check out "Windows Tips for Everyone." And if you really want to dig deep into Vista, Russinovich has a three-part article posted at Microsoft's TechNet site titled "Inside the Windows Vista Kernel."
Edit By: Erik Larkin
Subscribe to:
Comments (Atom)