IT@Diocesan House #19
For those of you interested in web marketing or search engine
optimization, there are several sites you need to check out:
Church Marketing Sucks
All of the above are good tools for web-based optimization. You might
also want to check out Mike Moran's book, Doing it Wrong
Quickly which is on web marketing and search engine optimization.
FREE Apple Training:
Lehigh Valley Mall Apple Store:
Thursday, Mar 6, 2008: 06:30 PM-07:30 PM, at Double Click
Intro to iPhoto
See how to edit/manage your photo library and share your pictures
with family and friends.
Thursday, Mar 13, 2008: 06:30 PM-07:30 PM, at Double Click
Intro to Leopard
Introduction to Mac OS X 10.5
Thursday, Mar 20, 2008: 06:30 PM-07:30 PM, at Double Click
Microsoft Office on the Mac
Intro to MS Office '08 for the Mac.
Tuesday, Apr 8, 2008: 07:00 PM-09:00 PM, at Sam Ash Philadelphia
Live on Stage with Logic Studio
Logic Studio - from Garage to Studio to the Stage.
Consumers confused -- and often wrong -- about digital TV transition
Much of what consumers are learning about the looming shift to
digital broadcasting is just plain wrong and could end up costing them
money, according to a survey.
Amazon.com adds web services to its offerings
Critics thought it was over the top when Amazon.com Inc. expanded
from books into music in 1998. When the Web retailer let competitors
start selling things alongside its own inventory in 2000, they said
Amazon had gone nuts.
FBI wants palm prints, eye scans, tattoo mapping
The FBI is gearing up to create a massive computer database of
people's physical characteristics, all part of an effort the bureau says
to better identify criminals and terrorists.
FULL STORY WATCH VIDEO
Free Web site maps crime reports, calls
The inspiration for CrimeReports.com came a decade ago when Greg
Whisenant made the mistake of letting a stranger, who turned out to
be a burglar, into his apartment building in Arlington, Virginia.
Communing without nature
As people spend more time communing with their televisions and
computers, the impact is not just on their health, researchers say.
Less time spent outdoors means less contact with nature and,
eventually, less interest in conservation and parks.
Microsoft tinkers with scary-smart ads
Microsoft Corp.'s online advertising researchers will spend this year
teaching computers to be smart about sticking ads into video clips,
and to be even smarter about targeting ads to specific Web surfers.
Facebook fraudster 'stole prince's ID'
Moroccan authorities arrested a state-employed engineer on
Wednesday for allegedly stealing the identity of King Mohammed VI's
younger brother on the Internet site Facebook, the official news
China cuts online video a little slack
China's government has eased new Internet controls that had limited
video-sharing to state companies, saying private competitors already
operating in the fast-growing arena may continue.
Reusable camera pill would be about $300
Technology that doctors expect will help detect precancerous cells
faster and less painfully also could someday take cameras to parts of
the body where no camera has gone before.
Yahoo to reject Microsoft bid - source
Yahoo plans to reject Microsoft's $44.6 billion takeover bid, the Wall
Street Journal reported Saturday, citing a person familiar with the
EBay's PayPal funds freeze plan draws fire
In the uproar that erupted over the planned fee hikes and other policy
changes eBay announced last week, one drew particular ire and
incredulity: eBay's plan to hold payments sent through its PayPal
payment service for up to 21 days in certain circumstances.
From the Christian Science Monitor:
Facebook used to target Colombia's FARC with global rally
Internet site to spawn protests in 185 cities Monday against rebel
Building at World Trade Center is a showcase of terrorproof
Architects around the world are erecting skyscrapers that use a
hollow concrete core surrounded by bomb-resistant glass and other
Resume advice for the over-50 crowd
Those with lengthy work histories must keep resumes brief and adjust
to today's digital times, career specialist say.
Essay: Need a new password? Here's literary help.
Be inventive when changing those computer passwords every few
Colombians tell FARC: 'Enough's enough'
In a march organized on Facebook, hundreds of thousands protested
against the leftist rebel group Monday.
We're on information overload
Kids can't focus these days, and neither can I.
Godtube.com puts Christian worship online
Entrepreneur Chris Wyatt draws millions to GodTube.com, a website
with Christian content that features prayer walls, video clips, and
NEW YORK - Chris Wyatt bears many marks of the Internet
Generation. His thumbs beat out text messages on his BlackBerry,
while his 60-gig iPod croons a soundtrack for his life. He also
sprinkles his conversation with words like "dude" and "man."
Click here to continue reading...
In China, texting home for the New Year
Modern technologies update Chinese traditions as billions of text
messages zing phone to phone.
What's in a (domain) name? Some serious cash.
At least 100 domain names sold for more than $100,000 last year.
Humor: A dog becomes a victim of identity theft
The ID tag of Sir Barks-a-lot, a black Lab, is stolen by a German
shepherd owner, who pins a crime on the unsuspecting hound.
Burma's censors monitor Internet, newspapers - and poets
The regime has watched the media more closely since last
September's uprising by monks.
Homeless: Can you build a life from $25?
In a test of the American Dream, Adam Shepard started life from
scratch with the clothes on his back and twenty-five dollars. Ten
months later, he had an apartment, a car, and a small savings.
In opening Iran's first major space center and unveiling the country's
first domestically built satellite Monday, President Mahmoud
Ahmadinejad said Iran needs to have "an active and influential
presence in space." According to state-run television, Iran launched a
research rocket that was its first into space, reaching more than 60
miles above the earth.
The amount of water that flows in the Mississippi River has increased
9 percent since 1950 and carbon levels have risen 40 percent,
according to a research article in the journal Nature. The authors cite
farming practices, including irrigation and soil treatments, and new
crop types, as the probable reasons why a greater percentage of
rainfall makes it into the river instead of evaporating into the
Dozens of families separated for decades by the border dividing
North and South Korea exchanged video messages with their kin
Tuesday under a new program. The two Koreas plan to continue the
exchange every three months.
Enhanced security technology is now in use at three airports, with
Boston the latest to introduce equipment for digitally scanning each
finger of foreign travelers, not just their index fingers, as has been
done since 2004. More complete fingerprinting, previously introduced
in Washington and Atlanta, is slated to be used at all the nation's
international airports, seaports, and border crossings by the end of
Review: MacBook Air
The decision about whether the MacBook Air is a product worth
having can be answered by one question: How much are you willing
to compromise? In his extensive review of the latest Apple laptop,
Jason Snell looks at what trade-offs you'll have to make and whether
the MacBook Air is the right machine for your needs. Read the story
Copy files from 10.5 Preview's sidebar
PBS Adds iTunes U ContentApple's iTunes U offerings have
expanded this week with new content from the(PBS) network.Read
More Options With Tomorrow's Cell PhonesInstall the software and
services you want--plus, enjoy cameras, portable game consoles,
and more with access to wireless networks.Read the story
Cut Cables Force Worldwide 'Net Traffic ReroutingA preliminary
investigation links the cuts to a ship's anchor that dragged and ripped
into the two fiber optic undersea cables.Read the story
Hackers Can Expose Masked Surfers, Study SaysA researcher says
the techniques to stay anonymous online can be thwarted through
flaws in the systems.Read the story
25 Moments From Our First 25 YearsWe at PC World have seen
technology history--lots and lots of it. And maybe even made a little of
it ourselves.Read the story
Rock On! iPods Won't Hurt Your HeartMagnetic fields produced by
Apple iPods and other such portable music devices don't interfere
with cardiac pacemakers, an FDA study says.Read the story
Three Plead Guilty in Nigerian Spam SchemeE-Mail sob stories that
turn out to be scams could bring jail terms for trio who coaxed $1.2
million from victims.Read the story
Facebook, MySpace Hit by Zero-Day FlawExploit code affecting an
unpatched flaw in an image uploader used by both Facebook and
MySpace is circulating publicly.Read the story
Portable Hard Drive Requires PasswordThe new USB-based SATA
EZSecu disk drive comes with a keypad to enter a PIN for access.
Read the story
New Mac Gaming Site Serves Disabled UsersAssistiveGaming.com
launches to make computer games more accessible to fans with
physical disabilities.Read the story
Users' Bad Habits Invite Malware, Forum SaysA spyware forum
panel suggests users' sloppy security practices are a major
contributor to problems.Read the story
25 Products We Can't Live WithoutHere's the stuff you'd have to pry
from the hands of the PC World staff.View the slideshow
Hackers Rig Google to Deliver MalwareThe latest malware trend
should prompt you to think twice about the links you click next time
you search.Read the story
5 Cool Cell Phone AccessoriesHaving a flashy phone just isn't
enough anymore. These add-ons will help you chat and listen to your
tunes in style.Read the reviewShop for Cell Phone Accessories:Cell
25 Answers To Common Tech QuestionsHow can you make Vista
less annoying? Or back up your data easily? Or preserve your pricey
new HDTV's picture? We've got solutions for these and 22 other
common tech conundrums.Read the article
Use Google Apps to Build Your BusinessAdWords, AdSense, and
Google Analytics can help you grow the reach of your Web site and
help you make money.Read the article
Open Your Business to Open-Source AppsThese nine free
alternatives to commercial software applications can improve your
productivity--and save you money.Read the article
How the Presidential Candidates Stand on TechnologyFrom
broadband speeds to patent reform, lots of important technology
issues face the United States. Here's your guide to how the
presidential candidates view the major questions.Read the story
Apple Is Third Largest Smart Phone Company
With the iPhone in only four countries, Apple has become
the world's third largest smart phone supplier.
Read the story
Security Pros: Kill ActiveXA wave of bugs in the plug-in technology
used by Microsoft's browser has some security experts
recommending that users disable all ActiveX controls.Read the story
Microsoft Offers Small Business Software SubscriptionsThe new
Open Value Subscription program gives additional software license
options to small businesses.Read the story
Mac Hack Contest May Include Linux and Vista The CanSecWest
security research conference promoters are thinking about giving
hackers another shot at hacking a Mac, as well as Linux- and
Windows-based PCs.Read the story
Why Users Hate VistaHands-on users of the new OS are proving to
be the most resistant. Read the story
Four Services Inspired by Firefox and How They Were BuiltThe four
applications serve different purposes: A Web browser, a music player
and organizer, another that does the same for video, and a word
processor for screenwriters.Read the story
Time Warner to Split AOL Internet BusinessTime Warner will run the
Internet access and audience businesses of its AOL segment
independently, the company said today.Read the story
Technology Gets ChicA fashion show at the Boston Museum of
Science blended high tech with high fashion.Read the story
ZebraHosts Announces Mac HostingNew ZebraHosts service lets
data center admins deploy Apple machines in dedicated rack space.
Read the story
Last Call: Analog Cell Phone Service DisappearingMost phones now
use digital service, but home and business owners with alarm
systems may miss the analog signal.Read the story
Yahoo Cancels Limits on Small Biz Hosted StorageThe new monthly
Web hosting service for small and medium sized businesses provides
unlimited hosted storage capacity and bandwidth.Read the story
Yahoo Said to Beef Up Talks With GoogleYahoo looks for
alternatives to Microsoft's unsolicited $44.6 billion takeover bid,
according to a report in the Los Angeles Times.Read the story
Study: iPhone Dominant as Motorola FallsNew research claims
consumers are searching out more advanced phones -- with Apple's
iPhone and RIM's Blackberry leading the trend.Read the story
New Apple Patents Show Range of TechnologiesForty-seven Apple
patents have been published by the U.S. Patent and Trademark
Office showing off upcoming product changes.Read the story
Keep Windows XP Until 2009, Analysts Tell MicrosoftMicrosoft may
have pushed a too-aggressive XP transition schedule because of
how long it took to release Vista, an analyst suggests.Read the story
Hacked Antivirus Site Delivers a VirusThe Web site of AvSoft
Technologies attempts to install a virus on visiting PCs, security firm
warns.Read the story
Encryption Brings New Risks, Experts SaySecurity workers warn that
encrypting stored data doesn't truly protect it, and you're fooling
yourself if you think so.Read the story
From ITBusiness Edge/Daily Edge:
Phishers Go Whaling
The names given to various Internet scams are amusing. They also
are important. Common sense says that the more precisely a threat is
defined, the more effective technical countermeasures will emerge.
Simply put, the better folks understand the issues, the better the odds
are of staying safe — and it all starts with evocative names. But the
names proliferate: phishing, spear phishing, pharming and drive-by-
phishing. In a relatively recent innovation, there now is whaling. All of
these terms refer to efforts to get folks to surrender valuable
information or to click on links that do bad things to their systems,
such as plant key loggers and spyware.
Read Full Article
Open Source Implications of Microsoft-Yahoo
Microsoft's $44.6 billion bid for Yahoo is all over the news, of course,
and pundits are analyzing the possibility from all angles. Will a
Microsoft/Yahoo combo give Google a run for its money? Will the
government gear up for yet another antitrust investigation? Does it
automatically take the sting out of (and the suspicion away from) the
Google-DoubleClick deal? News.com blogger Matt Asay raises
another relevant question: If the deal goes through, what implications
will a Microsoft-Yahoo combination have for open source? In his
view, it puts Microsoft squarely in the open source game — like it or
Read Full Article
Barracuda: We Will Defend Open Source Against Patent Threat
When I see the words "open source" and "patent threat," I
automatically think "Microsoft and Linux." So when news of
Barracuda Networks' fight with Trend Micro over ClamAV began to
surface, it took me awhile to wrap my head around the situation. Here
are the basics, from Barracuda's point of view: Trend Micro wrote a
letter informing the open source security appliance provider that
some of its products violated a Trend Micro patent. Upon discovering
that the patent covered technology used in the Clam AV open source
project, the company filed lawsuit seeking a declaratory judgment that
the patent is invalid and not infringed. Now, the case is being
investigated by the International Trade Commission, and Barracuda
is asking the open source community for help researching prior art.
Users Cutting Corners, Not Crooks, Are Main Inside Threat
Human nature dictates that malicious inside threats get more
attention than folks who cut security corners out of ignorance or
because they want to do their jobs more efficiently. But these non-
malicious threats actually are far greater, says Matt Flynn, the
strategist for NetVision. Luckily, many tools will do as good a job
catching well-meaning employees bypassing security as a malcontent
trying to steal valuable data. It is important, however, that security
staffs put measures in place to closely track both groups.
Read Full Article
Noted Intranets Make Liberal Use of Web 2.0
Many companies are still struggling to determine when and where it
makes sense to employ Web 2.0 technologies at work. Yet at least
one application — the company intranet — appears to be a fairly
obvious candidate to me. So it's not surprising that the winners of
Nielsen Norman Group's (NNG's) annual Ten Best Designed
Intranets competition make liberal use of such Web 2.0 features as
Read Full Article
Get the Full Network Security Picture
Network security analysts have so much data coming at them from so
many different devices it's hard to get a handle on what's really going
on sometimes, says Packet Analytics' Andy Alsop. The company's
new tool gives them what they need to get a "full context" picture.
Read Full Article
U.S. Tops in Tech Use :: Reuters
Web Site Takes Recruiting up a Notch :: Inc.com
Cut Cables Cause Internet Outages in India :: USA Today
Late or Not, Dell Enters VoIP Market :: GigaOM
Blogger Calls Cloud Computing Just Plain Goofy :: ZDNet
Vista May Be Linux's Best Friend :: The Chief Officers' Network
Open Solutions Alliance to Open European Chapter :: LinuxWorld
Insight on HP's Open Source Initiative :: News.com
Trolltech: Another Open Source Company Gobbled Up :: News.com
French Police Dump Windows for Ubuntu :: The Register
Government Using Wiki to Swap Info :: The Washington Post
Gphone Speculation Mounts Again :: MarketingWeek
Gartner Predicts More Macs and More :: InformationWeek
Microsoft Makes $44.6 billion Bid for Yahoo :: TechCrunch
Broad Encryption Deployment Key to Data Security :: News.com
Web Apps, Phishing Responsible for Security Vulnerabilities ::
Phishers Sharpening Their Harpoons :: Dark Reading
Cisco Pushes High-Performance Firewall :: internetnews.com
Storm Botnet Not Going Anywhere :: Computerworld
From IEEE Spectrum:
Detroit Auto Show: Diesels Turn Green and Ecofriendly
Hybrid cars took a backseat to diesels, and GM went on an eco-
offensive, but pickup trucks were still the big deal at the Detroit auto
Dean Kamen's "Luke Arm" Prosthesis Readies for Clinical Trials
DARPA may decide the fate of Dean Kamen's next-generation
Gadgets Gab at 60 GHz
Cheap silicon transceivers broadcasting in this still-unlicensed band
may usher in the hi-def wireless home
Across the Outback on Photons Alone
With Australia's desert as its raceway, the World Solar Challenge
illuminates some of the best electric-vehicle technology
The Erasable Holographic Display
New three-dimensional holographic material can be written and
rewritten indefinitely, paving the way toward 3-D movies
INFORMATION SECURITY REQUIRES ORGANIZED TEAMS
Joel Dubin, CISSP, Contributor
ENTERPRISE SECURITY IN 2008: ASSESSING ACCESS
Joel Dubin, Contributor
Let's start with a key piece of the remote access and
endpoint security puzzle: network authentication for mobile devices
like laptops, BlackBerrys, PDAs and other wireless equipment. For
road warriors armed with laptops, the old standby VPNs -- both IPsec
and SSL -- will continue to grow and dominate because of their
successful track record, ease of deployment and reasonable cost,
though SSL will still outpace IPsec.
The Four Essentials of WAN Optimization from Packeteer
TITLE: "Physical Security in Mission Critical Facilities"
TYPE: White Paper
10 Steps to Security and Compliance
Outbound Email and Content Security in Today's Enterprise
Understanding VPN Technology Choices: Comparing MPLS, IPSec
The Age of Wireless LANs
--Severed Cables Disrupt Service in Mediterranean and Asia
(January 31, 2008)
Two undersea communications cables in the Mediterranean - one
near Marseilles, France and the other near Alexandria, Egypt -
were accidentally cut on Tuesday, January 29. Different groups
operated the two cables, but the damage to both occurred within a
matter of hours. Undersea cables can be damaged by movement
along fault lines or by ships' anchors. Internet access was disrupted
in most of Egypt and in India, and some Verizon customers
experienced slow service. Most communications were rerouted
through other cables.
[Editor's Note (Schultz): Although it appears that this incident
was completely accidental, it is hugely significant in that it provides
a glimpse of what might happen when a massive denial of service
attack designed to bring the entire Internet down occurs, something
that I have predicted will happen this year. (Honan): If your company
outsources services to countries overseas have you reviewed your
business continuity plans lately to determine how an outage like this
would impact on your business and what to do in the event that it
--FTC Asks Court to Hold Alleged MySpace Hijackers in Contempt
(January 31, 2008)
The Federal Trade Commission (FTC) has asked a US district court
to hold alleged MySpace hijackers in contempt for violating an earlier
FTC order that bars them from unfair and deceptive practices. Walter
Rines, Sanford Wallace and Rines's company Online Turbo Merchant
allegedly used a variety of techniques to redirect MySpace users to
other websites where they were inundated with ads, earning the
accused commissions. Rines, who previously ran a company called
Odysseus Marketing, was accused in October 2005 of offering users
free software that came bundled with spyware that bombarded users
with pop-ups, replaced legitimate search results with results that
benefited the company, and stole information from users. In October
2006, the FTC obtained a permanent injunction that barred the
defendants from redirecting users' computers, changing their browser
default home pages and from altering functions of other applications.
--Employee Literally Pulls Plug on Attempted Cyber Theft
(January 31, 2008)
A scheme to steal money from a bank using remote access
equipment was foiled when an attentive bank employee realized
something was amiss with his computer and unplugged it. The
thieves were attempting to transfer a large sum of money from the
bank into an account that they would later presumably empty.
Swedish police arrested seven people earlier this week in connection
with the incident, which occurred last August.
[Editor's Note (Ullrich): It's nice to see someone paying
attention! However, before you start unplugging your systems,
consider removing the network cable instead. In some cases,
memory forensics can be important. I know some malware
researchers who snapped off the little tap on their network cable to
make them easier to pull, after accidentally setting off malware (not
that I recommend doing so on production systems. (Ullrich): Kudos to
the employee for spotting this attack and reacting to it. Two
takeaways from this story, does your security awareness program
educate users on what they should do if they see suspicious activity
on their system? How stringent are your background checks on the
employees, contractors, cleaners and other people who have
physical access to sensitive systems?]
--Stolen Laptop Holds Info on 300,000 NJ HMO Members
(January 30 & 31, 2008)
A stolen laptop computer contains personally identifiable
information of approximately 300,000 members of New Jersey-based
Horizon Blue Cross/Blue Shield health insurance. The compromised
data include names and Social Security numbers (SSNs), but not
medical information. The laptop was not encrypted, but a security
feature on the computer was programmed to delete the data on
January 23. The computer was stolen from an employee on January
5. That employee was authorized to have the data on the computer,
but taking it off premises without taking proper security precautions
was a violation of company policy.
--Identity Thief Exploits Hotel Business Center and Internet Lounge
Simbaqueba Bonilla, a Colombian national, pleaded guilty January 9,
2008 to an indictment involving an identity theft scheme in which
he installed keylogging software on hotel business center computers
and Internet lounges in order to steal passwords, account data, and
other personal information. The computer fraud scheme had more
than 600 victims worldwide, including U.S. Department of Defense
employees. Simbaqueba used money obtained in the scheme to buy
expensive electronic devices, including a home theater system, and
to fund luxury travel to Hong Kong, France, Jamaica, the U.S., and
[Editor's Note (Reichert): How many of you have sent sensitive
personal information (bank accounts, user IDs and passwords, etc.)
over a public-use computer or an open wireless connection offered at
internet cafes, coffee shops, or hotels? Those of you that raised your
hand should rethink how important your personal information is to
you. Editor's note (Rietveld): Maybe the Department of Defense
should mandate that all of its employees subscribe to OUCH! if they
still think hotel business center computers and Internet lounges are
safe ways to send personal information.]
Security Screw-Up of the Month
Data Lost on 650,000 Credit Card Holders.
Personal information on about 650,000 customers of J.C. Penney
and up to 100 or more other retailers could be compromised after a
computer tape went missing. GE Money, which handles credit card
operations for J.C. Penney and many other retailers, said that the
missing information includes Social Security numbers for about
150,000 people. The information was on a backup computer tape
that was discovered missing last October. It was being stored at a
warehouse run by Iron Mountain Inc., a data storage company, and
was never checked out, but can't be found either, said Richard C.
Jones, a spokesman for GE Money, part of General Electric Capital
Corp. Jones said there was "no indication of theft or anything of that
sort," and no evidence of fraudulent activity on the accounts involved.
--Higher Education Funding Bill Tied to Anti-Piracy Efforts
(February 7, 2008)
A provision of the College Opportunity and Affordability Act, which
was approved this week by the US House of Representatives,
requires colleges and universities that participate in federal financial
aid programs to develop and implement plans to enforce antipiracy
rules, either through subscription services or "technology-based
deterrents to prevent" piracy. The bill will have to be reconciled with
a different Senate higher education funding bill before a final version
is drafted for the president's signature.
[Editor's Note (Schultz): To have college funding tied to anti-
piracy enforcement is an intriguing approach. Many other anti-piracy
approaches in colleges and universities that have been tried have
failed. I suspect, however, that this particular approach has a high
chance of succeeding given the great need for funding in higher
education. ] [Editor's Note (Ullrich): It's not clear why universities are
singled out like this. Universities are already exposed to a huge
workload in responding to copyright requests and should be allowed
to decide if the problem is large enough to require a technical
--Lawsuit Will Seek Clarification on Electronic Device Searches
(February 7, 2008)
The Electronic Frontier Foundation (EFF) and the Asia Law Caucus
plan to file a lawsuit this week that would force the US government to
reveal its border search policies, including policy regarding
copying electronic content from devices and seizing such devices.
The lawsuit was prompted by a number of cases in which travelers'
laptop computers, cell phones, MP3 players and other electronic
devices were searched. The searches carried out on the devices go
beyond looking at items being transported; according to an Asian Law
Caucus attorney, "the government is going well beyond its traditional
role of looking for contraband and really is looking into the content of
people's thoughts and ideas and their lawful political activities." If the
searches were conducted
within the country, they would require warrants and probable
cause. Some companies have changed their policies to require
travelers not to have company information on laptop computers.
Instead, these people must access company data over the Internet.
[Editor's Note (Ullrich): Various countries have laws that
prohibit certain data or software from being imported and exported. I
kind of like the note at the end that some companies no longer allow
travelers to carry any company data in and out of the country. This
policy will protect users from lost laptops as well as from searches by
non-US customs services. However, it does require a safe way to
access the data remotely.]
--Spammer Fined US $2.5 Million
(February 4 & 6, 2008)
The Federal Trade Commission (FTC) has announced that a US
judge has ordered Sili Neutraceuticals and its owner Brian McDaid to
pay more than US $2.5 million for violations of the FTC Act and the
CAN-SPAM Act. The company and McDaid were ordered to cease
sending spam, and to cease misrepresenting the products advertised
in the email. The company sent unsolicited email messages
advertising weight loss and age reversing products with
unsubstantiated claims and misleading subject fields, no opt-out
mechanism, and no physical postal address.
DNI CYBER THREAT SUMMARY
DNI has just released a new unclassified threat assessment.
Below is a summary of the assessment; the whole document can be
Did Senator John McCain once say that 'the Democratic Party is a
fine party, and I have no problems with it'?
Is the Make-A-Wish Foundation being driven into bankruptcy by a
child who wished for unlimited wishes?
Of Pell Grants and more: E-mail claims non-citizens don't pay taxes
but are eligible for federal educational assistance programs not
available to U.S. citizens.
Photograph purportedly shows Brutus, a canine Medal of Honor
recipient who tore the throats out of the insurgent guards holding his
handlers before turning his boys loose.
Has the result of this Sunday's Super Bowl already been foretold by a
popular film that hit the theaters in December 2007?
"I Have a Deram" — er, what? News report shows Martin Luther King
Day celebrants holding misspelled signs.
Was a group of Muslim women clutching briefcases and text
messaging during films spotted making a terrorist attack "dry run" in a
Web site offers to sell third-world orphans for adoption as organ
Does a U.S. penny cost more than one cent to manufacture?
E-mail posits a "Bill and Hillary Clinton" presidency. Is it possible?
The malicious 'Storm Worm' is still stealthily infecting computers, this
time with a lure tied to Valentine's Day- themed messages.
Was Patriots quarterback Tom Brady once a cast member of The
Brady Bunch television series?
Worth a Second Look
Does the winner of the Super Bowl predict stock market trends for the
Did actress Catherine Bell correctly predict the results of Super Bowl
Of avocados and toilet flushes: a round-up of miscellaneous Super
Guitar Man: Musician finally masters extraordinarily difficult guitar part
he heard on a record, only to learn the recording had been made
using two guitars.
Still Haunting the Inbox
There was no letter to Starbucks from coffee-seeking GI's serving in
Iraq, so no response from the coffee retailer saying it didn't support
the war and anyone in it.
Many rumors are swirling about Illinois senator Barack Obama.
A 15-year-old boy named Evan Trembley from Wichita Falls, Texas,
isn't missing — it's a hoax.
The entreaty to aid 7-year-old Amy Bruce who is dying of lung cancer
and a brain tumor by forwarding an email and a sappy poem titled
"Slow Dance" is a hoax.
No, the new U.S. dollar coin doesn't omit "In God We Trust" — that
phrase has been stamped into its edge.
While it is true that in 2004 a man in India was electrocuted when
trying to use his cell phone as it recharged, it is safe to use your cell
phone while it is charging.
No, commentator Andy Rooney did not write the "I like big cars, big
boats ..." polemic.
Dialing #77 or *677 is not a surefire way of reaching the local highway
patrol — the service is in place in some regions, but not in others. If in
need of assistance, dial 911 instead for the sure thing.
The missing child alert about 13-year-old Ashley Flores of
Philadelphia is a hoax.
809 area code scam: Unsuspecting phone customers have been
gulled by con artists into placing calls to area codes in the Caribbean
that result in hefty charges.
No, reversing your PIN at the ATM won't summon the police to your
a if you're being robbed.
Hillary Clinton is the subject of many e-mailed items, and our
"Clintons" section contains write-ups about a number of them.
No, Bill Gates is not sharing his fortune with everyone who forwards a
specific e-mail on his behalf. This tired leg-pull continues to romp
through everyone's inbox, the most widespread incarnation swearing
"This took two pages of the Tuesday USA Today!" !
Virus announcement and virus hoax e-mails are afoot! We try to keep
current on them and do our best to point readers to authoritative links
confirming or debunking them.
Political rumors continue to swell around the two leading Democratic
presidential contenders, Barack Obama and Hillary Clinton. .
Appeals to find missing children: Ashley Flores, Reachelle Marie
Smith, and Evan Trembley. .
E-mail claims cell phone numbers are about to be given to
Computer virus warnings: Life Is Beautiful, Invitation (or Olympic
Torch), and Postcard (or Greeting Card).
E-mail claims Starbucks refused to send free coffee to G.I.s serving
E-mail claims Bill Gates, Microsoft and AOL are giving away cash
and merchandise to those who forward an e-mail message.
E-mail claims that entering one's PIN in reverse at any ATM will
summon the police.
E-mail describes woman who evades a rapist posing as a policeman
by calling #77 (or *677) on her cell phone.
Various rumors about the U.S. Social Security system.
Image shows artist's conception of the USS New York, an under-
construction warship built using steel from the World Trade Center.
Warnings about scammers' running up long-distance charges by
asking victims to press #-9-0 on their telephones or luring phone
users into returning calls to numbers within the 809 area code.
"Slow Dance," a poem supposedly written by a terminally ill young girl
named Amy Bruce.
E-mail claims the design of new U.S.dollar coins omits the motto "In
God We Trust."
E-mail warns that auto thieves are stealing cars by using VINs to
obtain duplicate keys.
Transcripts of remarks attributed to television personalities Andy
Rooney and Jay Leno. .
FDA health advisory regarding drugs containing PPA
Web site allocates money to autism research and other charities for
every video viewed.
Photograph shows a kayaker being trailed by a Great White shark.
Seems like everyone has become the recipient of mysterious e-mails
promising untold wealth if only one helps a wealthy foreigner quietly
move millions of dollars out of his country. The venerable Nigerian
Scam has discovered the goldmine that is the Internet. Beware —
there's still no such thing as "something for nothing," and the contents
of your bank account will end up with these wily foreigners if you fall
i with this.
Likewise, look out for mailings announcing you've won a foreign
lottery you don't recall entering.
Or that because you share the surname of a wealthy person who died
without leaving a will you're in line for a windfall inheritance.
And be especially wary if, while trying to sell or rent anything online
(car, boat, horse, motorcycle, painting, apartment, you name it) you're
approached by a prospective buyer/renter who wants to pay with a
cashier check made out for an amount in excess of the agreed-upon
price and who asks the balance be sent to a third party.
Aspiring work-at-homers promised big bucks for acting as
intermediaries for international transactions wherein they cash checks
for other parties or reship goods to them have been defrauded by con
artists. Don't you be next.
If someone calls to announce you've failed to appear for jury duty and
will be arrested, do not give the caller your personal and financial
information in an effort to prove he's sending the gendarmes after the
wrong guy. You're being tricked into giving up this information to an
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
--ActiveX Control Flaws Affect MySpace and Facebook Users
(January 31, 2008)
Vulnerabilities in two ActiveX controls that Facebook and
MySpace members use to upload images to their pages could be
exploited to crash Internet Explorer (IE) and possibly allow remote
code execution, which could in turn allow attackers to take control of
the machine on which IE runs or steal data. The ActiveX controls in
question are based on a commercial control known as Image
A worm that disables Windows Automatic Updating and the Task
Manager (a part of Windows that provides information about
your computer's performance, services and running applications).
The worm is dropped by other malware on infected websites and
spreads via removable devices such as USB sticks and portable
drives. Affected computers are unable to get Windows updates
automatically. Disabling the Task Manager makes it impossible to
check the running processes in order to shut down the infection.
-- Secret Crush.
Adware* with over 50,000 daily users on Facebook that invites people
to find out who amongst their friends has a secret crush on them.
Users tempted to discover more have to invite at least five other
Facebook users to install the application before their mystery admirer
is revealed. However, no secret crush is ever revealed. Instead users
are directed to an external website that invites Facebook users to
download potentially unwanted applications that will display pop-
*Adware: A form of spyware, installed and activated on your
computer without your consent, that collects information about your
browsing patterns and uses it to display targeted advertisements as
pop-ups in your web browser.
-- Storm Worm encore.
A Trojan repackaged yet again. This incarnation of the "Dorf" Trojan
sends out emails posing as messages of love in an attempt to lure
unsuspecting users to dangerous websites. The emails sport subject
lines such as "Falling In Love with You," "Special
Romance," and "You're In My Thoughts." The body of the email
contains a link to a website that is actually one of the many
compromised computers in the worldwide Storm botnet. The website
displays a large red heart, while installing malware onto the visitor's
-- Win 32/Agent.
A Trojan-like malware that found its way onto a popular brand of
digital photo frames sold by Best Buy, both online and in-store. The
affected frames are limited to the 10.4-inch version (model# NS-
DPF10A) of Best Buy's own Insignia brand photo frames,
although there are reports of the same malware found on similar
devices bought from Sam's Club. Best Buy spokesperson Nissa
French said the virus was apparently introduced at some point in the
--Drive-by Download* Menace Spreading Fast
Booby-trapped web pages are growing at an alarming rate
with unsuspecting firms acting as nurseries for botnet farmers,
according to a new study. Security watchers at Sophos** are
discovering 6,000 new infected webpages every day, the equivalent
of one every 14 seconds. Four out of five of these webpages actually
belong to innocent companies and individuals, unaware that their
sites have been hacked. Websites of all types, from those of antique
dealers to ice cream manufacturers and wedding photographers,
have hosted malware on behalf of virus writers.
--Pharming*: Home Router Attack Serves Up Counterfeit Webpages
A security researcher says he has observed criminals using a new
form of attack that causes victims to visit spoofed banking pages by
secretly making changes to their high-speed home routers. According
to Symantec researcher Zulfikar Ramzan, the attack changes a
router's settings which can then send a user to a rogue web site
instead of the one they requested. Malicious code embedded in an
email message he uncovered caused the URL for a popular Mexico-
based bank to map to a fraudulent website controlled by the
--Mozilla Releases Firefox Update
(February 7, 2008)
Mozilla has released Firefox 188.8.131.52, an update for the open
source browser that addresses a number of flaws, three rated critical,
one rated high, and three rated moderate. The flaws addressed
could be exploited to conduct cross-site scripting attacks, execute
code, and steal information that could be used to commit identity
fraud. The update fixes a disclosed directory traversal vulnerability
that affected the browser if it had add-ons with flat packaging.
--Lack of Documentation Accompanying Adobe Reader Update
(February 6, 2008)
Adobe has issued an update for Adobe Reader 8 (Specifically 8.1.2),
but there was no accompanying public documentation on the severity
of the flaws addressed. The summary in Adobe's security advisory
says "the update includes several important security fixes, among
them a few of critical severity that could be remotely exploitable." An
Adobe spokesperson said the company "plan[s] to share further
information on the topic within a few days ..., at which point the
company has completed the process of responsible disclosure with
third-party stakeholders." The statement suggests that at least one of
the vulnerabilities involves third-party software licensed by Adobe.
Internet Storm Center:http://isc.sans.org/diary.html?storyid=3955
[Guest Editor's Note (Raul Siles, Internet Storm Center ): It is
a serious flaw that may cause remote code execution, and proof-of-
concept (PoC) code is already available from a commercial pen-
testing tool vendor.]
--ActiveX Flaws in Yahoo! Jukebox is Being Actively Exploited
(February 4, 5 & 6, 2008)
Attackers have begun exploiting recently disclosed ActiveX flaws
in Yahoo! Music Jukebox. Two ActiveX controls in the media player
are vulnerable to buffer overflow attacks. The malware places
backdoors on vulnerable machine; there is no fix available at this
time. ActiveX vulnerabilities in other products have also been
disclosed recently. Yahoo! has announced that it plans to switch its
customers over to RealNetwork's Rhapsody service.
--US-CERT Recommends Disabling All ActiveX Controls
(February 5, 2008)
The recent spate of ActiveX vulnerabilities has led the US
Computer Emergency Readiness Team (US-CERT) to recommend
that users disable all ActiveX controls. Vulnerabilities have been
disclosed in ActiveX controls in the Facebook and MySpace social
network sites and Yahoo! Messenger, Instant Messenger and Music
Jukebox media player. Internet Explorer users can disable ActiveX
controls by setting the browser's security level to "high."
[Editor's Note (Ullrich): Internet Storm Center handler Tom Liston
wrote a little GUI tool which will allow you to disable these
ActiveX controls. See http://isc.sans.org/diary.html?storyid=3931]
HIGH: Multiple Yahoo! Jukebox ActiveX Controls Multiple
Yahoo! Jukebox mediagrid.dll ActiveX Control
Yahoo! Jukebox datagrid.dll ActiveX Control
Description: Yahoo! Jukebox is Yahoo's popular music
management service. Part of its functionality is provided by
two ActiveX controls, "mediagrid.dll" and "datagrid.dll".
These controls contain multiple buffer overflow vulnerabilities
in their handling of a variety of
parameters. A malicious web page that instantiated one of
these controls could trigger one of these vulnerabilities,
allowing an attacker to execute arbitrary code with the
privileges of the current user. Multiple proofs-of-concept and
technical details are publicly available for
Status: Yahoo! has not confirmed, no updates available.
Users can mitigate the impact of these vulnerabilities by
disabling the affected controls via Microsoft's "kill bit"
and "5F810AFC-BB5F-4416-BE63-E01DD117BD6C". Note
that this may affect normal application functionality.
Microsoft Knowledge Base Article (details the "kill bit"
Yahoo! Jukebox Home Page
HIGH: Multiple Uploader ActiveX Controls Buffer Overflows
MySpace Uploader ActiveX Control
Facebook Photo Uploader 4 ActiveX Control
Aurigma ImageUploader ActiveX Control
Description: Multiple image uploading ActiveX controls
contain buffer overflows in their handling of control
properties. These controls are used by several web sites to
facilitate image uploading. Most importantly, these controls
are used by two extremely popular social networking sites,
MySpace and Facebook. A specially crafted web page that
instantiates one of these controls could exploit this
buffer overflow to execute arbitrary code with the privileges
of the current user. A proof-of-concept and full technical
details are publicly available for this vulnerability.
Status: MySpace has not confirmed, no updates available.
Users can mitigate the impact of this vulnerability by
disabling the affected controls via Microsoft's "kill bit"
mechanism using CLSIDs "48DD0448-9209-4F81-9F6D-
D83562940134" and "6E5E167B-1566-4316-
B27F-0DDAB3484CF7". Note that this may affect
normal application functionality.
Microsoft Knowledge Base Article (details the "kill bit"
Information Technology Coordinator
Diocese of Bethlehem