Reservation Issue

On the burning issue of reservation someone came up with the following idea.

I think we should have job reservations in all the fields. I completely support the PM and all the politicians for promoting this.

Let's start the reservation with our cricket team.

We should have 10 percent reservation for Muslims. 30 percent for OBC, SC/ST like that. Cricket rules should be modified accordingly.
The boundary circle should be reduced for an SC/ST player.
The four hit by an OBC player should be considered as a six and a six hit by a OBC player should be counted as 8 runs.
An OBC player scoring 60 runs should be declared as a century.
We should influence ICC and make rules so that the pace bowlers like Shoaib Akhtar should not bowl fast balls to our OBC player.
Bowlers should bowl maximum speed of 80 kilometer per hour to an OBC player.
Any delivery above this speed should be made illegal.

Also we should have reservation in Olympics.
In the 100 meters race, an OBC player should be given a gold medal if he runs 80 meters. There can be reservation in Government jobs also.
Let's recruit SC/ST and OBC pilots for aircrafts which are carrying the ministers and politicians (that can really help the country.. )
Ensure that only SC/ST and OBC doctors do the operations for the ministers and other politicians. (Another way of saving the country..)

Let's be creative and think of ways and means to guide INDIA forward...
Let's show the world that INDIA is a GREAT country.
Let's be proud of being an INDIAN.. May the good breed of politicians like ARJUN SINGH long live... So, what do you think, huh???

Protest against the reservation should be continued. These bloody politicians are trying to break the unity of India as a nation. They are the persons who make people of India fight with each other and play their election game on top of this.

Evil vs. Good cont.

Something from the blog post of Brian Krebs from Washington Post

In the following snippet from an online conversation Reshef had with a sponsor known as "ATM," the spam operator reluctantly acknowledges that scrubbing his lists of Blue Security users' addresses is the most expedient solution.

ATM: We want to understand, who is attacking us? You? Competitors? Or both? What do you want, to stop your attack? My tech people till now was able to stop your attacks, but I and you want to solve this problem peacefully.

Blue Security: We don't want to harm to your business, we only want you to stop sending spam to our users.

ATM: Who are your users? List of emails, to pass to my affiliates to stop spamming? But first, answer my question - botnet of 15k IP addresses is it yours?

BS: This is not botnet, this is 15,000 of our users from about 500,000. We have program (free/open source) which can automatically clean your email list.

ATM agrees to use the e-mail list-scrubbing program, and asks Reshef for a copy of his customer list. Reshef requests ATM's e-mail address, but the spam sponsor suggests other means of communication, ending the conversation with this priceless quote:

"I'm sick with the spam in my mail boxes, so I don't use email any more."

But one pharmacy spam sponsor who calls himself "Pharma Master" didn't exactly appreciate Blue Security's tactics, and launched a volley of distributed denial-of-service (DDoS) attacks against the company's Web site that eventually cascaded across the Web, knocking dozens of sites and thousands of blogs offline for hours.

Pharma Master: i am discussing daily with 10,000 of people and the biggest companys in the world. i know one thing which i already told you, u started with my and my people and my staff, you shall get hurt first to feel who we are. and when i'll make sure you got the point of who we are then we can talk but i dont feel like you guys really in mood of something. Bleusecurity.con is down now that's not bad how bout to keep all your system down for few months? How bout each time you play games i'll hit your company?

Here the spammer is saying he's willing to cover the costs of his sponsors being knocked offline after they send spam to Blue Security's members: "How bout each time you trying to screw someone i'll pay to sponosrs the money they loosing if they do?

Reshef didn't have much more to say to Pharma Master, and later decided he had lost the fight against the spammers. As of today, Blue Security will no longer be offering its services. Reshef said the company made the decision not to continue with the service out of fear of even more crippling attacks against his company that could further affect other sites. He said the spammers threatened to increase the volume of their attacks, and to write computer viruses that seek to attack security weaknesses in his company's software, thereby targeting the company's individual users themselves.

I can't say I'm surprised. It was only a matter of time before some spammer decided it was worth paying a few thousand dollars to rent out a botnet of 20,000 hacked home computers and take this company offline. The fact that a spammer can hold millions of Web sites hostage just because he is upset that someone is meddling in his business is disturbing.

Still, this saga is yet another reminder that while the Internet is an incredibly versatile, resilient and adaptive network, the underlying framework that the commercial Web rests upon was never designed with mutual trust and security in mind. As such, it will take a lot more than clever gimmickry to give businesses and consumers the upper hand over Internet hucksters, spammers and criminals.

Courtsey : http://blog.washingtonpost.com/securityfix/2006/05/legal_antispam_vigilante_compa.html

Evil vs. Good : Evil won the war this time

A company that was protecting its customer from spammers by spamming them and making a denial of service attack has been thrown in the towel following a massive attack by a Russian spam organization.

Here is the story from Washinton post .

Eran Reshef had an idea in the battle against spam e-mail that seemed to be working: he fought spam with spam. Today, he'll give up the fight.

Reshef's Silicon Valley company, Blue Security Inc., simply asked the spammers to stop sending junk e-mail to his clients. But because those sort of requests tend to be ignored, Blue Security took them to a new level: it bombarded the spammers with requests from all 522,000 of its customers at the same time.

That led to a flood of Internet traffic so heavy that it disrupted the spammers' ability to send e-mails to other victims -- a crippling effect that caused a handful of known spammers to comply with the requests.

Then, earlier this month, a Russia-based spammer counterattacked, Reshef said. Using tens of thousands of hijacked computers, the spammer flooded Blue Security with so much Internet traffic that it blocked legitimate visitors from going to Bluesecurity.com, as well as to other Web sites. The spammer also sent another message: Cease operations or Blue Security customers will soon find themselves targeted with virus-filled attacks.

Today, Reshef will wave a virtual white flag and surrender. The company will shut down this morning and its Web site will display a message informing its customers about the closure.

"It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start," Reshef said. "Our users never signed up for this kind of thing."

Security experts say the move marks a disheartening development in the ongoing battle by computer users, online businesses and law enforcement against those who clutter e-mail inboxes with a continuous glut of ads for drugs, porn and get-rich-quick schemes. According to Symantec Corp., maker of the popular Norton antivirus software products, more than 50 percent of all e-mail sent in the latter half of 2005 was spam.

Alan Paller, director of research for the Bethesda-based SANS Institute, a computer security training group, said extortion attacks have exploded in the past few years. With Blue Security, Paller said, the attackers' extortionist demands were that the company merely stop interfering in a multimillion-dollar spam operation.

"We're hearing from federal law enforcement that they are getting more than one new case of online extortion each day," Paller said.

The spammer's counterattack generated so much Internet traffic that it also affected other sites, including Six Apart Ltd., a San Francisco-based company that runs millions of Web sites through its TypePad and LiveJournal blogging services. The attack also shut down operations for roughly 12 hours at Tucows Inc., a Toronto-based Internet services company that helped manage Blue Security's site.

Tucows chief executive Elliot Noss called the attack "by far the largest the company had ever seen," and said that only a handful of companies have the infrastructure in place to withstand such an assault, much less a more powerful one.

"This attack really was like trying to take out a mosquito with an atomic bomb," Noss said.

The FBI is investigating the attacks, according to Six Apart, but agency officials would not confirm a federal investigation yesterday.

Todd Underwood, chief of operations and security for Renesys Corp., a company that monitors Internet connectivity, called the attack against Blue Security "unsurprising but sad."

The innovative approach in the fight against spam caught the attention of investors in 2004, when Blue Security received more than $4 million in venture capital, but critics questioned whether the company could win such a massive battle.

"When the company's founders first approached the broader anti-spam community and asked them what they thought of the idea, everyone said this was a terrible idea and that they would eventually cause a lot of collateral damage," Underwood said. "But it's also extremely unfortunate, because it shows how much the spammers are winning this battle."

Courtsey : http://www.washingtonpost.com/wp-dyn/content/article/2006/05/16/AR2006051601873.html

Symantec sues Microsoft

Surfing round the net I found this information.

SAN FRANCISCO (Reuters) - Symantec Corp. sued software rival Microsoft Corp. on Thursday, accusing it of misappropriating trade secrets to develop its own competing features and products, including the next version of Windows.

The lawsuit filed in federal court in Seattle charges the world's biggest software maker with misappropriating intellectual property and breach of contract related to a licensing deal with Veritas, which Symantec acquired last year.

It also seeks an injunction that would block the further development, sale or distribution of Vista -- the already- delayed next version of Windows -- and other products until all Symantec intellectual property is removed.

"Microsoft's pervasive and continuing disregard of Symantec's intellectual property and contract rights has irreparably harmed Symantec and constitutes trade secret misappropriation," the complaint said.

Microsoft said in statement it worked hard to try to resolve the dispute and that it acted within its rights in the contract.

"We are confident that our actions are wholly consistent with the legal agreements between Veritas and Microsoft and that these claims will be shown to be without merit," Microsoft said.

The dispute pits two of the biggest consumer software makers against each other and centers on a Symantec product called Volume Manager, which allows operating systems to store and manipulate large amounts of data.

The complaint accuses Microsoft of improperly incorporating the technology into its own operating system products and seeks compensation as well as the removal of the intellectual property from the company's offerings.

Copyright 2006 Reuters

Link : http://news.moneycentral.msn.com/provider/providerarticle.asp?feed=OBR&Date=20060518&ID=5733228

Word 2007 includes blogging support.

It’s a great feature that I’m trying to test from within Word 2007. Now I don’t need to go to the blogging portal or use some other blogging tool. I can just write/edit in the word and click publish. Wow Cool product.

Kudos to Word team they have done a nice job. It has a cool look some big icons I’m not familiar with(but they looks good).

If I could publish this post successfully I’m not gonna use any other tool for blogging and I’m sure you won’t either.

Rediff.com Still sending the clear text password to the server

I was just testing if rediff.com still sends the passwords in clear text. I found that out once in my college days while sniffing the college network. I thought that they might have patched it so today while playing around with gmail's I thought to give Rediff.com a try And see what I found. This is the code from the home page of http://www.rediff.com

Blogger sucks it didn't lemme format my data according to me. Anyway


<br /><br /><form name="loginform" action="http://mail.rediff.com/cgi-bin/login.cgi" method="post"><input type="hidden" value="existing" name="FormName"> </td><br /><td width="80"><span class="f9"><input onblur="if (this.value == '') {this.value='User name'}" style="MARGIN: 0px; WIDTH: 77px; FONT-FAMILY: arial,helvetica,sans-serif; font-class: f9" onfocus="if (this.value =='User name') {this.value = ''}" maxlength="30" size="6" value="User name" name="login"><br /></span></td><br /><td width="85"><input onblur="if (this.value == '') {this.value='Password'}" style="MARGIN: 0px; WIDTH: 77px; FONT-FAMILY: arial,helvetica,sans-serif" onfocus="if (this.value =='Password') {this.value = ''}" type="password" maxlength="30" size="6" value="Password" name="passwd"><br /></td><br /><td width="31"><input type="image" height="19" width="31" src="http://im.rediff.com/uim/mail_go.gif" border="0"><br /></td></form><br />

It must be very clear if you ever read HTML. It just calls the login.cgi and provides the User name and Password in clear text (using POST method).

Look at the Request object your browser is sending


POST /cgi-bin/login.cgi HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://ia.rediff.com/index.html
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)
Host: mail.rediff.com
Content-Length: 60
Proxy-Connection: Keep-Alive
Cookie: Some Cookie string

FormName=existing&login=username&passwd=mypasswords&x=0&y=0


So now anyone who can read your data have your password. It's not that hard to sniff the data. If you are using LAN (using hubs) anyone can read your data. Beaware if you are in a cyber cafe, your neighbour might be reading your emails or may be sending emails to your GF/BF.

Some Microsoft ADs

Hope you enjoy these Microsoft Advertisments



This is the banned ad of Microsoft Office




One more ad of XBox 360

Google afraid of Microsoft Internet Explorer 7 Beta (IE7B)

Google is afraid of Microsoft in the long run for search engine champion trophy. As published in a article in the NYTimes Google started lobbying in the Washitongton against MSFT for removing MSN as default search engine provider in the IE7.
I dont why they forgot to remove Google as default seach engine in Mozilla Firefox. So funny..........................
[SNIP URL=http://www.nytimes.com/2006/05/01/technology/01google.html?_r=1]
With a $10 billion advertising market at stake, Google, the fast-rising Internet star, is raising objections to the way that it says Microsoft, the incumbent powerhouse of computing, is wielding control over Internet searching in its new Web browser.
Google, which only recently began beefing up its lobbying efforts in Washington, says it expressed concerns about competition in the Web search business in recent talks with the Justice Department and the European Commission, both of which have brought previous antitrust actions against Microsoft.
"The market favors open choice for search, and companies should compete for users based on the quality of their search services," said Marissa Mayer, the vice president for search products at Google. "We don't think it's right for Microsoft to just set the default to MSN. We believe users should choose."
Microsoft replies that Google is misreading its intentions and actions. It says the default settings in the browser, Internet Explorer 7, are easy to change. And it says the product was designed with consumers and many partners in mind — even though it might not be to the liking of Google, the leading search engine.
Companies often talk with antitrust officials, and the talks do not imply that an investigation is imminent. But they do indicate that Google is pursuing every option in its escalating rivalry with Microsoft, which has already led to some public battles.
Last December, Google outbid Microsoft to remain the primary search service on America Online, paying $1 billion and taking a 5 percent stake in AOL. Last year, Microsoft sued Google to stop a star computer scientist and manager at Microsoft, Kai-Fu Lee, from working on search technology at Google. The suit was settled, and Mr. Lee runs Google's operations in China.

Microsoft has lost some ground in the browser market in the last year, mainly to Firefox, which is a Google ally. But Microsoft still holds more than 80 percent of the market. And Internet Explorer 7 is expected to be extremely popular because it is an improvement over Microsoft's previous browser, and because Microsoft will promote downloads of it and include it in Windows Vista.
That gives Microsoft the potential to use the browser to steer substantial traffic, and business, to MSN and away from rivals. MSN handled 11 percent of searches in the United States in March, down slightly from a year earlier, according to Nielsen/Net Ratings, a market research firm. That put it well behind Google, which had a 49 percent share, and Yahoo, with 22 percent.
[/SNIP]

Read :http://www.nytimes.com/2006/05/01/technology/01google.html?pagewanted=2&_r=1

Amazon finds Live.com better than google.com search

Amazon.com choose Microsoft's Live.com search engine over Google.The Amazon division's chief, David Tennenhouse, said Google search was removed from the site at the weekend after the contract expired. But Microsoft still has a long way to go to challenge market leader Google and smaller rival Yahoo.
Read more at : http://googlesystem.blogspot.com/2006/04/amazon-drops-google-from-a9-and-alexa.html
Google is more than afraid with Microsoft push on search business. It's apparent from their recent struggle over default search engine provider in IE7Beta. I'll blog it in the other post.

[SNIP URL=http://www.washingtonpost.com/wp-dyn/content/article/2006/05/01/AR2006050101447.html]
Amazon.com Inc. said yesterday that it has dropped Google Inc. as the provider of search engine results on its Web site in favor of one powered by Microsoft, a move that signals a small rebellion against Google but a large gain for Microsoft.
Last week, Amazon quietly removed the "powered by Google" wording near its search box when the company's contract with the search giant ended, according to Amazon. On Sunday, Amazon visitors were directed to its own search site, called A9.com, to scour the Web.
Although they are not labeled as such, A9's search results are now provided by Windows Live Search, Microsoft's new search engine, which is still in its testing phase.
"Our engineers have done some testing and evaluation, and overall we concluded this was an interesting option to discover information," said David Tennenhouse, chief executive of A9, a subsidiary of Amazon.com that provides search and mapping results.
Asked whether Microsoft's search engine is better than Google's, Tennenhouse said, "It will be up to users to try that out."
Microsoft recently announced plans to spend more than $2.4 billion to invest in the company's online efforts, where it has been slow to recognize the fast-paced growth of consumer-driven Web sites.
Microsoft said the win is part of a larger effort for the software giant to become more aggressive in providing search results on other companies' Web sites. Many sites note that their search capabilities are powered by Google or Yahoo. Few give that credit to Microsoft.
"It's very important for us to reach out to different partners in the search space," said Justin Osmer, senior product manager of Windows Live Search, adding that Microsoft cannot just offer search results on its own Web sites.
"It's going to be an area where we're going to continue to focus and continue to expand," he said.
[/SNIP]

Google earning money from your typos

You never knew that just a typo can get some money to Google. Read the news at WashingtonPost.com
Link: http://www.washingtonpost.com/wp-dyn/content/article/2006/04/29/AR2006042900279.html
[Snip]
Google Inc., which runs the largest ad network on the Internet, is making millions of dollars a year by filling otherwise unused Web sites with ads. In many instances, these ad-filled pages appear when users mistype an Internet address, such as "BistBuy.com."

This new form of advertising is turning into a booming business that some say is cluttering the Internet and could be violating trademark rules. It also has sparked a speculative frenzy of investment in domain names, pushing the value of some beyond the $1 million mark.
[/Snip]

Microsoft release a tool called strider which can be used to see the culprit behind the scene. Most of the time it's "No evil" Google.
Read at FuckedGoogle.com : Google's single largest Adsense revenue source is mistyped domain names.

You can watch the Adword abuse video at
http://www.youtube.com/watch?v=PuXilEu2EfI

Reference:
HitFarm