Date: 03/21/05 (Security)    Keywords: security

Commentary--Criminal hackers are finding new and better ways to compromise your computer and electronic devices. So concludes a new Internet Security Threat report out today.

Source: http://news.zdnet.com/Hackers+reach+beyond+Windows%2C+IE/2100-1009_22-5628404.html?part=rss&tag=feed&subj=zdnn

Date: 03/23/05 (Security)    Keywords: security

Greasemonkey extension lets surfers insert links, change a look and feel, and more. But at what cost to security?

Source: http://news.zdnet.com/Firefox+add-on+lets+surfers+tweak+sites%2C+but+is+it+safe%3F/2100-1009_22-5631009.html?part=rss&tag=feed&subj=zdnn

Date: 03/23/05 (Open Source)    Keywords: security, linux, microsoft

Whenever I see a study I look at who sponsored it. Take this for example. It's a study from Security Innovation Inc. claiming Linux servers are less secure than those running Windows.Are you surprised it was sponsored by Microsoft?I wrote such papers in a previous life and believe it or ...

Source: http://blogs.zdnet.com/open-source/index.php?p=203&part=rss&tag=feed&subj=zdblog

Date: 03/23/05 (Security)    Keywords: software, security

Many businesses are ignoring the emerging security threat posed by instant messaging software, a survey shows.

Source: http://news.zdnet.com/Report%3A+Companies+unprepared+for+IM+attacks/2100-1009_22-5631658.html?part=rss&tag=feed&subj=zdnn

Date: 03/23/05 (Java Web)    Keywords: security, spam

According to a survey conducted by security firm Mirapoint and market research company the Radicati Group, nearly a third of e-mail users have clicked on links in spam messages. One in ten users have bought products advertised in spams.   I am speechless!

Source: http://blog.taragana.com/index.php/archive/spamming-is-a-successful-strategy/

Date: 03/23/05 (Security)    Keywords: browser, security

The open-source browser maker rushes out a security patch for a previously unknown flaw and advises all users to update.

Source: http://news.zdnet.com/Mozilla+fixes+risky+Firefox+flaw/2100-1009_22-5632148.html?part=rss&tag=feed&subj=zdnn

Date: 03/25/05 (Security)    Keywords: security

Commentary--A new report which says the cyber-sky is falling got sent to the president, but no matter: The cybersecurity mess won't get fixed.

Source: http://news.zdnet.com/Changes%3F+Wait+until+the+next+disaster/2100-1009_22-5637017.html?part=rss&tag=feed&subj=zdnn

Date: 03/27/05 (Asp Dot Net)    Keywords: html, asp, java, security, web, microsoft

I want to develop the following site over the next few days: http://www.damn-them.com/

The problem that I face is that I have installed a copy of Windows XP Home edition and there is no IIS. Considering that I cannot view (let alone compile) any ASP.Net code the DotNet IDE without IIS, I cannot develop the above site on my current operating system. I wish that I could find an ASP.Net compiler online. As the development of Damn-Them is embryonic, either a VB.Net or C# ASP.Net compiler would suffice. If I do not resolve this problem quickly then I am going to trot to the pub. There is no chance that I will perform any reinstallation.

I found a possible solution (below). However, I do not have those files that it asks for:


General HOWTO for running IIS in Windows XP Home Edition.


by Richard Sandoz - Certified Java Programmer


(1) locate and edit the file C:\WINDOWS\INF\SYSOC.INF


(2) locate a section called [Components]


(3) find a line like this:
iis=iis.dll,OcEntry,iis.inf,hi­de,7


(4) change it to this (the iis cab in the i386 xp home folder looks to
be nothing)
iis=iis2.dll,OcEntry,iis2.inf,­,7


(some sort of ms caching thing keeps sticking back iis.dll when I try
to nuke it. quickly renaming and making hidden dir called iis.dll
seems to thwart, but not worth it, so iis2.dll is good enough)


(5) I grabbed the iis.dl_ and iis.in_ from win2k advanced server cd.


I would guess similar techniques would work from W98, FP, etc.
Use "EXPAND IIS.DL_ IIS2.DLL" from a command prompt
Same for IIS2.INF, place IIS2.INF in C:\WINDOWS\INF and IIS2.DLL in
C:\WINDOWS\SYSTEM32\SETUP


(6) Now when I did "add windows programs" from the control panel's add
new programs,


I had IIS options and I could even check em off. yippee - could not
check em off from my xppro cd :(((


I just went with the defaulted ones though (all i needed was iis web
server)


(7) It will prompt you for files. Get em from MS XP Home CDs, Adv
Server CDs, C:\WINNT\SYSTEM32\INETSRV, C:\WINDOWS\I386, etc. (It will
tell you the file it needs, you just need to have a searcher going,
probably the CDs will have all you need)


(8) You can get to your IIS from Control Panel's Administrative
Programs.
I stuck in an index.html file and reconfigure IIS to work like this.
No go :(((
I right clicked on my inetpub folder and did something with shared
folders. No go :(((
I looked at the event viewer and saw the error of my ways.
Go to IIS and goto Directory Security tab and click Edit button and
Browse for the user setup on my laptop.


(9) Yippee, hello world from http://localhost


I won't support this solution unless paid to. I am an out of work
developer looking for work.


I bought a Toshiba 5005 laptop which came with XP home.
I then bought Win XP Professional.
I have bunches of CDs from when I was a MSDN subscriber.
From a general search on the internet I found contradictions.


Microsoft says you need professional XP to do IIS period.
q310090 was yanked from their site which had the "workaround" for
this.


When I tried to setup XP upgrade to pro, my laptop rebooted and hung
on an xp logo with an animated graphic.
I have verified this to be the case with others as well. Upgrading to
xp pro isn't an option for this laptop.

Source: http://www.livejournal.com/community/aspdotnet/29843.html

Date: 03/28/05 (Security)    Keywords: security

Recently formed industry alliance creates committee to define security requirements for Internet telephony networks.

Source: http://news.zdnet.com/Industry+group+to+map+VoIP+security/2100-1009_22-5643061.html?part=rss&tag=feed&subj=zdnn

Date: 03/28/05 (Open Source)    Keywords: security

There are great open source products for nearly every purpose. But I have yet to find many in the security field. Most seem hand-written, based on books like the O'Reilly Secure Progrmaming Cookbook. Maybe I'm not looking hard enough. If I'm not, please point to your favorite open source security ...

Source: http://blogs.zdnet.com/open-source/index.php?p=209&part=rss&tag=feed&subj=zdblog

Date: 03/29/05 (Web Development)    Keywords: php, security, google, shopping

I've got a client who wants to sell prepared legal forms online in PDF format. I have a site model in PHP, an extremely simple shopping cart through PayPal, and Acrobat 5 professional. I've never done it before, and I'd really not like to go into this blind. Google hasn't pulled up anything in the way of specific tutorials. There are only three relatively small files that need to be sold.

It'd be easy enough to, say, redirect the user upon payment or e-mail the link to a document, but this also necessitates changing the link to the document with every download so it doesn't get shared. I know PHP has PDF generation and temp file capacities, but I've never worked with them. We were also looking into PDF security, but I also have no experience with this.

Anyway, I'd like any tips you might have on the matter.

Source: http://www.livejournal.com/community/webdev/184170.html

Date: 03/29/05 (Security)    Keywords: security

The mass-mailing varmint makes up in numbers what it lacks in heft, security watchers say.

Source: http://news.zdnet.com/Mytob+e-mail+worm+proliferating+quickly/2100-1009_22-5644978.html?part=rss&tag=feed&subj=zdnn

Date: 03/30/05 (Security)    Keywords: software, security

Security specialist reveals vulnerabilities in its products that could let hackers attack PCs running the software.

Source: http://news.zdnet.com/Symantec+details+flaws+in+its+antivirus+software/2100-1009_22-5646871.html?part=rss&tag=feed&subj=zdnn

Date: 03/31/05 (Computer Geeks)    Keywords: templates, software, html, security, virus, spam

I'm really dissatisified with the current state of e-mail and news software, so I've come here to ask for suggestions based on certain requirements.

I only have one general requirements between the two of them (e-mail and nntp software). They should be free (as in beer) or preferably open source. If I must I will pay.

E-mail
*Fast, fast, fast - if it's slow on my 2Ghz P4 then something is wrong.
*OE (Outlook Express) or The Bat! like interface. I don't want to do 2983492384239482 billion tweaks to make it right.
*Should be able to effeciently and "stable-y" (to recover from corruption/crashes and in terms of not redownloading the same messages.) large mail boxes with tens of thousands of messages.
*Effecient support for said mailbox via IMAP.
*Multiple account support
*Good support for contact lists
*Should include built in HTML viewer, not rely on something like MSIE's HTML display control. It should also be smart enough to only display basic stuff, with the option to disable displaying of "external" (non-embedded) images.
*Relatively easy to use plug-in support. Preferably something procmail like that executes external programs for each program or something even more effecient (like a dynamically loaded library that is persistent in memory). This will be used for external viruses and anti-spam crud. (Note: while built in anti-spam stuff is nice, I'd rather rely on the much better external anti-spam stuff and AFAIK there isn't any e-mail software that can mark messages as spam and auto-send them back to an external anti-spam program).
*Built in procmail like stuff is good too.
*Support for mail message templates (i.e. different ones for forwarding, replies, etc...)
*Should include advanced searching and filtering options like in The Bat!, except less crappy.
*Good S/MIME and OpenPGP support that is actually compliant with the standards and can decode messages in place (not just launch an external program to view them).
*Ability to sort messages by various factors.
*Good mail message import/export ability for backup. Compression is nice, but I can always do that manually.
*High configurability in general is good.

News
*Fast, fast, fast - if it's slow on my 2Ghz P4 then something is wrong.
*Should be able to handle large newsgroups, on the order of tens of thousands of messages well.
*A fast OE like interface with a preview pane that can show images.
*Same thing as above about HTML viewing.
*Good binary/encoding support is ok, but I'm not using it for porn so it's not a big deal.
*Ability to sort messages by many different factors

It should be obvious, but security is important in the implementation.

P.S. Spare me what you think the obvious answer is. I won't bash specific clients, but lets just say some are just plain stupid in design and remain popular despite crap for features or crap for a user interface/configuration methodology.

Source: http://www.livejournal.com/community/computergeeks/648358.html

Date: 03/31/05 (Security)    Keywords: software, security

Software giant confirms a problem in a security update it issued for Windows 98 and Windows ME in January.

Source: http://news.zdnet.com/Microsoft%3A+Windows+patch+is+flawed/2100-1009_22-5648595.html?part=rss&tag=feed&subj=zdnn

Date: 04/01/05 (Java Web)    Keywords: security, microsoft

A new set of highly critical flaws has been discovered in Microsoft's Internet Explorer and Outlook programs, according to research company eEye Digital Security. The vulnerabilities allow for remote code execution with no actions from the computer user, eEye said. Although the flaws would not allow self-propagating worms to infiltrate a system, there is the potential [...]

Source: http://blog.taragana.com/index.php/archive/new-critical-flaws-in-ie-and-outlook-discovered-by-eeye/

Date: 04/05/05 (Security)    Keywords: security

Company adds two new models to its Proventia line of integrated security products that protect networks against online attacks.

Source: http://news.zdnet.com/ISS+puts+more+network+defenders+on+patrol/2100-1009_22-5653978.html?part=rss&tag=feed&subj=zdnn

Date: 04/04/05 (Security)    Keywords: security

Commentary--Security watcher Jon Oltsik says the battle to combat identity theft must start with good old-fashioned common sense, not panic.

Source: http://news.zdnet.com/Black+eye+for+privacy/2100-1009_22-5653737.html?part=rss&tag=feed&subj=zdnn

Date: 04/05/05 (Asp Dot Net)    Keywords: browser, asp, security, web

I am new to asp.net and i recently bought some new webspace.

when i uploaded the directories from my computer to my webspace they stopped working and i kept getting this error:

"Server Error in '/' Application."

now strangly enough if i upload all of the data without it's own folder into the main directory of my webspace then it works...how would i be able to get it to work by uploading each project in it's own directory?

this is the description of the error:

"Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.

Details: To enable the details of this specific error message to be viewable on remote machines, please create a tag within a "web.config" configuration file located in the root directory of the current web application. This tag should then have its "mode" attribute set to "Off"."

I've changed the web.config file in the way in which the error page told me to and i'm still getting the same message.

what's going wrong here then? (I'm still quite new to all of this).

Source: http://www.livejournal.com/community/aspdotnet/30825.html

Date: 04/06/05 (Security)    Keywords: security

Former cybersecurity adviser to the White House says there's a shortage of officers to fight online crime.

Source: http://news.zdnet.com/Schmidt%3A+More+cops+needed+for+high-tech+beat/2100-1009_22-5657381.html?part=rss&tag=feed&subj=zdnn