Archive

Archive for October, 2007

gmail as spam filter on other email addresses

October 31st, 2007

Google’s GMail has one of the most robust spam filtering processes in the world. By using Gmail one can put a very strong spam filter check on receiving email.

How to configure 

You must have two email accounts to start with. If you dont have two email accounts then ask your ISP or arrange one more to start.

Suppose you have email name@domain.com. Now, set up gMail , if you don’t have , You’ll need an invitiation to join GMail – to get one, ask a friend who is using GMail to send you an invite. If you dont have friend too then browse around on the web to get one through other website. Once you have it then login to your account and Click on the Settings link, then the Forwarding and POP section.

Check the option for Forward a copy of incoming mail to and type in the second email address.

. Click Save Changes, and logout of GMail.Above is a magic how to get free services from gmail to protect your non gmail email accounts. a very simple trick to save bucks for getting separate antispam software.  I hope you like the trick.

Email security , , , ,

Application Errors Occur After You Run Xmlinst.exe on Production Servers

October 30th, 2007

The MSXML parser is intended for installation in “side-by-side” mode, which allows you to install the specific versions of the MSXML parser that you want without one installation of the MSXML parser affecting another. Thus, all separate versions of the MSXML parser can coexist. In addition, the new and previous DLLs for the parser can reside “side-by-side” on your computer.

An alternate method for the installation of the parser is to as the Replace Mode. In Replace Mode, all the references to any version references of the MSXML parser are updated so that only the latest version of the MSXML parser is used.

Therefore, when you run Xmlinst.exe, Xmlinst.exe may cause programs to fail that were written and tested with specific versions.

Note that if you run Xmlinst.exe, Xmlinst.exe may cause system instability and can cause programs to fail. After you run Xmlinst.exe, the computer is in an unsupported state. Furthermore, the changes made by Xmlinst.exe are global to the computer on which Xmlinst.exe was run, and thus affect all the programs that use the MSXML parser.

Read full story at

http://support.microsoft.com/kb/278636/

Microsoft security, xml security , , , , ,

Benefits of windows defender

October 29th, 2007

Windows defender is a useful tool to detect and remove the spyware from your computer and give you an ease in an online environment.  It also have capability of updating with latest updates available by microsoft.

The benefits which you can avail from this tool is as follow

1- It detects spyware.

2- Eliminates spyware easily.

3- Improves browser safety.

4- Recognize and stop the new threats.

5- It works at backwnd without disturbing your work.

6- It can also do the schedule scanning.

It have multiple language support. For your copy you may refer to microsoft site at www.microsoft.com

Microsoft security , , , ,

Microsoft xml versons

October 28th, 2007

Microsoft provides several different XML parsers. The System.xml parser and the System.XML.XmlReader XML parser are included with the Microsoft .NET Framework 2.0. The MSXML parser is included in the Msxml.dll file, the Msxml2.dll file, the Msxml3.dll file, the Msxml4.dll file, the Msxml5.dll file, the Msxml6.dll file, and one or more resource files. Notice that Windows HTTP Services (Winhttp*.dll) is also included with some versions of MSXML.

The Microsoft XML parser is a Component Object Model (COM) implementation of the W3C DOM model. Two versions are associated with each parser: the release version of the MSXML parser and the actual file version of the DLL that contains the parser. The release version of the MSXML parser (for example, versions 2.5, 2.6, 3.0, 4.0, 5.0, and 6.0) identifies the milestone of development.

The following are the versions which Microsoft has released till now.

1.0 Msxml.dll 4.71.1712.5
1.0a Msxml.dll 4.72.2106.4
1.0 SP1 Msxml.dll 4.72.3110.0
2.0 Msxml.dll 5.0.2014.0206
2.0a Msxml.dll 5.0.2314.1000
2.0b Msxml.dll 5.0.2614.3500
2.5 Beta 2 Msxml.dll 5.0.2919.38
2.5a Msxml.dll 5.0.2919.6303
2.5 Msxml.dll 5.0.2920.0
2.5 SP1 Msxml.dll 8.0.5226
2.5 SP2 Msxml.dll, Msxmlr.dll (the last DLL is a resource-only DLL) 8.0.5718.1
2.5 SP3 Msxml.dll, Msxmlr.dll (the last DLL is a resource-only DLL) 8.00.6730.0
2.6 Web Release Msxml2.dll 7.50.4920.0
2.6 SP1 Msxml2.dll, Msxml2a.dll, Msxml2r.dll (the last two DLLs are resource-only DLLs) 8.1.7502.0
2.6 SP2 Msxml2.dll, Msxml2a.dll, Msxml2r.dll (the last two DLLs are resource-only DLLs) 8.2.8307.0
3.0 Web Release Msxml3.dll, Msxml3a.dll, Msxml3r.dll (the last two DLLs are resource-only DLLs) 7.50.5108.0
3.0 Msxml3.dll, Msxml3a.dll, Msxml3r.dll (the last two DLLs are resource-only DLLs) 8.0.7820.0
3.0 SP1 Msxml3.dll, Msxml3a.dll, Msxml3r.dll (the last two DLLs are resource-only DLLs) 8.10.8308.0
3.0 SP2 Msxml3.dll, Msxml3a.dll, Msxml3r.dll (the last two DLLs are resource-only DLLs) 8.20.8730.1
3.0 SP3 Msxml3.dll, Msxml3a.dll (8.20.8730.1), Msxml3r.dll (8.20.8730.1) (the last two DLLs are resource-only DLLs) 8.30.9926.0
3.0 SP4 Msxml3.dll, Msxml3a.dll (8.20.8730.1), Msxml3r.dll (8.20.8730.1) (the last two DLLs are resource-only DLLs) 8.40.9419.0
3.0 SP5 Msxml3.dll, Msxml3a.dll (8.20.8730.1), Msxml3r.dll (8.20.8730.1) (the last two DLLs are resource-only DLLs) 8.50.2162.0
3.0 SP7 Msxml3.dll, Msxml3a.dll, Msxml3r.dll (the last two DLLs are resource-only DLLs) 8.70.1104
3.0 Post SP7 MS06-061 (http://www.microsoft.com/technet/security/bulletin/ms06-061.mspx) Msxml3.dll 8.70.1113.0
3.0 Post SP8 Msxml3.dll, Msxml3a.dll (8.20.8730.1), Msxml3r.dll (8.20.8730.1) (the last two DLLs are resource-only DLLs) 8.80.1185.0
3.0 SP9 Msxml3.dll, Msxml3a.dll (8.20.8730.1), Msxml3r.dll (8.20.8730.1) (the last two DLLs are resource-only DLLs) 8.90.1002.0
3.0 Post SP9 MS06-061 (http://www.microsoft.com/technet/security/bulletin/ms06-061.mspx) Msxml3.dll 8.90.1101.0
4.0 Msxml4.dll, WinHTTP5.dll, Msxml4a.dll, Msxml4r.dll (the last two DLLs are resource-only DLLs) 4.0.9004.0
4.0 SP1 Msxml4.dll, WinHTTP5.dll, Msxml4a.dll, Msxml4r.dll (the last two DLLs are resource-only DLLs) 4.10.9404.0
4.0 SP2 Msxml4.dll, WinHTTP5.dll (5.0.2613.0), Msxml4a.dll (4.10.9404.0), Msxml4r.dll (4.10.9404.0) (the last two DLLs are resource-only DLLs) 4.20.9818.0
4.0 Post SP2 MS06-061 (http://www.microsoft.com/technet/security/bulletin/ms06-061.mspx) Msxml4.dll, Msxml4r.dll (4.10.9404.0) (the last DLL is a resource-only DLL) 4.20.9839.0
4.0 Post SP2 MS06-071 (http://www.microsoft.com/technet/security/bulletin/ms06-071.mspx) Msxml4.dll 4.20.9841.0
4.0 Post SP2 MS07-042 (http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx) Msxml4.dll 4.20.9848.0
5.0 (Office 2003) Msxml5.dll, Msxml5r.dll (5.0.2916.0) (the last DLL is a resource-only DLL) 5.0.2916.0
5.0 (Office 2003 SP1) Msxml5.dll, Msxml5r.dll (5.10.2925.0) (the last DLL is a resource-only DLL) 5.10.2925.0
5.0 (Office 2003 SP2) Msxml5.dll, Msxml5r.dll ( 5.10.2927.0) (the last DLL is a resource-only DLL) 5.10.2927.0
5.0 (Office 2003 Post SP2) MS06-061 (http://www.microsoft.com/technet/security/bulletin/ms06-061.mspx) Msxml5.dll 5.10.2930.0
5.0 (Office 2007) Msxml5.dll 5.20.1076
5.0 (Office 2007 Post release) MS07-042 (http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx) Msxml5.dll 5.20.1081.0
6.0 Msxml6.dll, Msxml6r.dll (6.0.3883.0) (the last DLL is a resource-only DLL) 6.0.3883.0
6.0 Post release MS06-061 (http://www.microsoft.com/technet/security/bulletin/ms06-061.mspx) Msxml6.dll, Msxml6r.dll (6.0.3883.0) (the last DLL is a resource-only DLL) 6.0.3888.0
6.0 Post release MS06-071 (http://www.microsoft.com/technet/security/bulletin/ms06-071.mspx) Msxml6.dll 6.0.3890.0
6.0 SP1 Msxml6.dll 6.10.1129.0
6.0 Post SP1 MS07-042 (http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx) Msxml.dll 6.10.1200.0

xml security , ,

Conference on xml 2007

October 27th, 2007

There will be conference on xml in December 2007. The full detail is as follow.

There are two ways to register for the conference:

  1. You can register online by visiting the IDEAlliance Conference Registration site
  2. You can download and print out the PDF registration form and mail or FAX it with payment information.

Either way, we look forward to seeing you in Boston this December!

Registration Information

Advanced Registration Deadline

Register early to avoid long lines. Advanced registration closes on Friday November 23, 2007 – 5:00pm EST. Registration will reopen onsite December 3 at 7:30am EST. A $100 onsite fee will be added to all onsite conference registrations. (This fee excludes those registering for the exposition only.)

Registration Hours

Monday December 3rd: 7:30am to 6:00pm EST
Tuesday December 4th: 8:00am to 5:00pm EST
Wednesday December 5th: 8:00am to Noon EST

Payment Policy

All valid registrations MUST be accompanied by full payment or government purchase order. Acceptable forms of payment are via credit card (VISA, MasterCard or American Express), government purchase, and wire transfer (upon request).

Confirmation Policy

Confirmations will not be sent until complete payment is received. Completed on line registrations will receive an email confirmation immediately while faxed registrations will receive a confirmation via fax or email within 7-10 business days after registration is processed.

Academic Policy

To receive the Academic Rate, registrations MUST be accompanied by a copy of you faculty ID from an accredited college or university.

To receive the Student Rate, registrations MUST be accompanied by a copy of your full time student ID from an accredited college or university.

Please send copies of your ID and registration form to IDEAlliance at the address below.

Cancellation Policy

Cancellations must be received in writing. If received before October 19, 2007, only a $100 processing fee will be incurred. No portion of the registration fee will be refunded after October 19. Substitutions are welcome.

Questions

Contact IDEAlliance Registrar

1421 Prince Street, Suite 230
Alexandria, VA 22314
T: +1 703-837-1070
F: +1 703-837-1072
Email: registrar@idealliance.org

Business security , , ,

Installation of modsecurity

October 27th, 2007

ModSecurity installation consists of the following steps:

 

  1. ModSecurity 2.x works with Apache 2.0.x or better.
  2. Make sure you have mod_unique_id installed.
  3. (Optional) Install the latest version of libxml2, if it isn’t already installed on the server.
  4. Unpack the ModSecurity archive
  5. Edit Makefile to configure the path to the Apache ServerRoot directory. You can check this by identifying the ServerRoot directive setting in your httpd.conf file. This is the path that was specified with the “–install-path=” configuration flag during compilation (for example, in Fedora Core4: top_dir = /etc/httpd).
  6. (Optional) Edit Makefile to enable ModSecurity to use libxml2 (uncomment line DEFS = -DWITH_LIBXML2) and configure the include path (for example: INCLUDES=-I/usr/include/libxml2)
  7. Compile with make
  8. Stop Apache
  9. Install with make install
  10. (Optional) Add one line to your configuration to load libxml2: LoadFile /usr/lib/libxml2.so
  11. Add one line to your configuration to load ModSecurity: LoadModule security2_module modules/mod_security2.so
  12. Configure ModSecurity
  13. Start Apache
  14. You now have ModSecurity 2.x up and running.

For any kind of mod security details you can refer to

http://www.modsecurity.org/

ModSecurity , , , ,

THE IEEE 802.11 STANDARD

October 26th, 2007

With respect to the International Standards
Organization’s (ISO) seven layer Open Systems
Interconnection (OSI) model, the 802.11 standard directs
only layer one (Physical) and layer two (Data Link or
Medium Access Control (MAC)) specifications. The
encapsulation of data within each successive layer enables
all lower layers to function without regard for their
higher layer payloads. This chapter is included in order
to provide the reader with an understanding of the 802.11
layer one and two functions as they relate to location
authentication

Networking security , , ,

Resources for xml

October 26th, 2007

About author of above information.

Benoît Marchal is a Belgian consultant. He is the author of XML by Example, Second Edition and other XML books. You can contact him at bmarchal@pineapplesoft.com or through his personal site at marchal.com.

xml security , ,

Rss and copyrights

October 26th, 2007

Since the rss technology the duplication of data is at the peak. Many websites are showing the same data over and over. If not atleast one post excerpt one can see on the different places.

Is there any check for this?

Copyright is the only solution for this evil but one cannot claim copyrights of his or her hundreds or thousands of articles or posting. There should be a technology or measures to stop this.

Google has introduced the penalty corner for those who duplicate the data but the issue is how it knows that who is the original author. If some one have no copyrights on material and being syndicated by others.  This issue may take time to resolve.

I think the content theft can be stopped from being growing if all the search engines and directories act together. There must be a data or content submission form to the  search engines and the person who submit it first will be the original author. If the same data is found on other sites must be penalise. But in real world it is very difficult to be deployed.

Another possible issue can be through crawling, the content found first on crawling becomes its genuine author but there is also a drawback. The sites which are not listed on serach engines or are being crawled less frequently may suffer.

The only option of DMCA left behind. But every body cannot follow the lengthy and expensive process of DMCA.

Rss security , , , , ,

WEP setup information

October 25th, 2007

The 802.11 standard describes the communication that occurs in wireless local area networks (LANs). The Wired Equivalent Privacy (WEP) algorithm is used to protect wireless communication from eavesdropping. A secondary function of WEP is to prevent unauthorized access to a wireless network; this function is not an explicit goal in the 802.11 standard, but it is frequently considered to be a feature of WEP.

WEP relies on a secret key that is shared between a mobile station (eg. a laptop with a wireless ethernet card) and an access point (ie. a base station). The secret key is used to encrypt packets before they are transmitted, and an integrity check is used to ensure that packets are not modified in transit. The standard does not discuss how the shared key is established. In practice, most installations use a single key that is shared between all mobile stations and access points. More sophisticated key management techniques can be used to help defend from the attacks we describe; however, no commercial system we are aware of has mechanisms to support such techniques.

The following two sections describe the problems in the algorithm and the technical details of our attacks; they assume some background understanding of cryptographic protocols. You may wish to skip to the following section, which discusses the practicality of the attacks.

Wireless network security , , , ,

Encoding problems in xml

October 25th, 2007

More serious problems can arise from the use of encodings. Developers often overlook the fact that encodings do not limit the set of characters that XML supports. Every XML document supports the full Unicode character set (16-bit or 32-bit characters in XML 1.1).

Encoding XML documents can reduce their size, but it does not limit the document to a subset of Unicode — thanks to the magic of character entities. Indeed, through character entities, it is possible to insert any character from the Unicode table, even if the document uses the most restrictive encoding (US-ASCII, which is only good for four languages: English, Hawaiian, Latin, and Swahili).

This is a problem because while a Java application or a recent version of DB2® might support Unicode, few legacy applications do. So if the XML stream feeds a legacy application, you must deal with Unicode. To avoid misunderstanding, let me state again that imposing an encoding is not a solution because, as explained above, it is always possible to escape special characters to character entities.

Because rewriting a legacy application is seldom an option, you need a conversion routine that will convert Unicode characters into a set that is acceptable to the application — for example converting “î” into a straight “i” (removing the circumflex). Most XML parsers provide routines for manipulating Unicode characters.

xml security , , ,

Attack to a decrypt data

October 24th, 2007

 A passive eavesdropper can intercept all wireless traffic, until an IV collision occurs. By XORing two packets that use the same IV, the attacker obtains the XOR of the two plaintext messages. The resulting XOR can be used to infer data about the contents of the two messages. IP traffic is often very predictable and includes a lot of redundancy. This redundancy can be used to eliminate many possibilities for the contents of messages. Further educated guesses about the contents of one or both of the messages can be used to statistically reduce the space of possible messages, and in some cases it is possible to determine the exact contents.

When such statistical analysis is inconclusive based on only two messages, the attacker can look for more collisions of the same IV. With only a small factor in the amount of time necessary, it is possible to recover a modest number of messages encrypted with the same key stream, and the success rate of statistical analysis grows quickly. Once it is possible to recover the entire plaintext for one of the messages, the plaintext for all other messages with the same IV follows directly, since all the pairwise XORs are known.

An extension to this attack uses a host somewhere on the Internet to send traffic from the outside to a host on the wireless network installation. The contents of such traffic will be known to the attacker, yielding known plaintext. When the attacker intercepts the encrypted version of his message sent over 802.11, he will be able to decrypt all packets that use the same initialization vector.

Wireless network security , , ,