Conficker.worm

Conficker.worm will be available on April 1, 2009 and it's for free. So let's get ready for this one of a kind malware/virus/spyware thing... Click here to read more on how to fight Conficker.worm or by reading this article...

Conficker.worm How To's

If your computer is infected with this worm, you may not experience any symptoms, or you may experience any of the following symptoms: * Account lockout policies are being tripped. * Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled. * Domain controllers respond slowly to client requests. * The network is congested. * Various security-related Web sites cannot be accessed. Stop Conficker from spreading by using Group Policy Notes * This procedure does not remove the Conficker malware from the system. This procedure only stops the spread of the malware. You should use an antivirus product to remove the Conficker malware from the system. Or, follow the steps in the "Manual steps to remove the Conficker.b variant" section of this Knowledge Base article to manually remove the malware from the system. * Please carefully read and understand the note in step 4 of this procedure. Create a new policy that applies to all computers in a specific organizational unit (OU), site, or domain, as required in your environment. To do this, follow these steps: 1. Set the policy to remove write permissions to the following registry subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost This prevents the random named malware service from being created in the netsvcs registry value. To do this, follow these steps: 1. Open the Group Policy Management Console (GPMC). 2. Create a new Group Policy object (GPO). Give it any name that you want. 3. Open the new GPO, and then move to the following folder: Computer Configuration\Windows Settings\Security Settings\Registry 4. Right-click Registry, and then click Add Key. 5. In the Select Registry Key dialog box, expand Machine, and then move to the following folder: Software\Microsoft\Windows NT\CurrentVersion\Svchost 6. Click OK. 7. In the dialog box that opens, click to clear the Full Control check box for both Administrators and System. 8. Click OK. 9. In the Add Object dialog box, click Replace existing permissions on all subkeys with inheritable permissions. 10. Click OK. 2. Set the policy to remove write permissions to the %windir%\tasks folder. This prevents the Conficker malware from creating the Scheduled Tasks that can re-infect the system. To do this, follow these steps: 1. In the same GPO that you created earlier, move to the following folder: Computer Configuration\Windows Settings\Security Settings\File System 2. Right-click File System, and then click Add File. 3. In the Add a file or folder dialog box, browse to the %windir%\Tasks folder. Make sure that Tasks is highlighted and listed in the Folder: dialog box. 4. Click OK. 5. In the dialog box that opens, click to clear the check boxes for Full Control, Modify and Write for both Administrators and System. 6. Click OK. 7. In the Add Object dialog box, click Replace existing permissions on all subkeys with inheritable permissions. 8. Click OK. 3. Set AutoPlay (Autorun) features to disabled. This keeps the Conficker malware from spreading by using the AutoPlay features that are built into Windows. To do this, follow these steps: 1. In the same GPO that you created earlier, move to one of the following folders: * For a Windows Server 2003 domain, move to the following folder: Computer Configuration\Administrative Templates\System * For a Windows 2008 domain, move to the following folder: Computer Configuration\Administrative Templates\Windows Components\Autoplay Policies 2. Open the Turn off Autoplay policy. 3. In the Turn off Autoplay dialog box, click Enabled. 4. In the drop-down menu, click All drives. 5. Click OK. 4. Disable the local administrator account. This blocks the Conficker malware from using the brute force password attack against the administrator account on the system. Note Do not follow this step if you link the GPO to the domain controller's OU because you could disable the domain administrator account. If you have to do this on the domain controllers, create a separate GPO that does not link the GPO to the domain controller's OU, and then link the new separate GPO to the domain controller's OU. To do this, follow these steps: 1. In the same GPO that you created earlier, move to the following folder: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options 2. Open Accounts: Administrator account status. 3. In the Accounts: Administrator account status dialog box, click to select the Define this policy check box. 4. Click Disabled. 5. Click OK. 5. Close the Group Policy Management Console. 6. Link the newly created GPO to the location that you want it to apply to. 7. Allow for enough time for Group Policy to update to all computers. Generally, Group Policy replication takes five minutes to replicate to each domain controller, and then 90 minutes to replicate to the rest of the systems. A couple hours should be enough. However, more time may be required, depending on the environment. 8. After the Group Policy has propagated, clean the systems of malware. To do this, follow these steps: 1. Run full antivirus scans on all computers. 2. If your antivirus software does not detect Conficker, you can use the Malicious Software Removal Tool (MSRT) to clean the malware. For more information, visit the following Microsoft Web page: http://www.microsoft.com/security/malwareremove/default.mspx (http://www.microsoft.com/security/malwareremove/default.mspx) Note You may still have to take some manual steps to clean all the effects of the malware. To clean all the effects that are left behind by the malware, follow the steps that are listed in the "Manual steps to remove the Conficker.b variant" section of this Knowledge Base article. Click Here to read more.. Source: Microsoft Support

Folders turn into Screensaver file

My Folders from my other partition was turned into Screensaver file after my brother connect a psp to my computer. The windows working fine but there's a virus, the folder from the other partition contains video tutorials, e-books, source codes, resum├ęs, etc was turned into Screensaver file. Can someone help me?...huhuhu…

Chocolate Hills is on oddee.com

Philippine's one of the tourist destination the Chocolate Hills is on the list of oddee.com as 10th Geological Wonders... Click this link for more images...

NSD is Running

When this message appears in your desktop after you view a certain documents in Lotus Notes, download the KillDomino.exe then run it.

The 5th Philippine Blogging Summit

IBLOG5 Click this link to read more

Liferay 5.2.2: Performance Tuning

Liferay 5.2.2: Performance Tuning

This is what i have done to improve liferay's performance using Red Hat Linux 4. export JAVA_HOME=/path/to/java export PATH=$JAVA_HOME\bin:$PATH JAVA_OPTS=$JAVA_OPTS-Xms128m-Xmx1024m-XX:MaxPermSize=128m

100 Interview Questions for Software Developers

 100 Interview Questions for Software Developers

I saw it on my email today, and i find it interesting specially for a programmer like me. Try to answer it...Enjoy!!! Requirements

  • 1. Can you name a number of non-functional (or quality) requirements?
  • 2. What is your advice when a customer wants high performance, high usability and high security?
  • 3. Can you name a number of different techniques for specifying requirements? What works best in which case?
4. What is requirements tracing? What is backward tracing vs. forward tracing? 5. Which tools do you like to use for keeping track of requirements?
  • 6. How do you treat changing requirements? Are they good or bad? Why?
  • 7. How do you search and find requirements? What are possible sources?
  • 8. How do you prioritize requirements? Do you know different techniques?
  • 9. Can you name the responsibilities of the user, the customer and the developer in the requirements process?
  • 10. What do you do with requirements that are incomplete or incomprehensible?

Functional Design
  • 1. What are metaphors used for in functional design? Can you name some successful examples?
  • 2. How can you reduce the user's perception of waiting when some functions take a lot of time?
  • 3. Which controls would you use when a user must select multiple items from a big list, in a minimal amount of space?
  • 4. Can you name different measures to guarantee correctness of data entry?
  • 5. Can you name different techniques for prototyping an application?
  • 6. Can you name examples of how an application can anticipate user behavior?
  • 7. Can you name different ways of designing access to a large and complex list of features?
  • 8. How would you design editing twenty fields for a list of 10 items? And editing 3 fields for a list of 1000 items?
  • 9. What is the problem of using different colors when highlighting pieces of a text?
  • 10. Can you name some limitations of a web environment vs. a Windows environment?

Technical Design
  • 1. What do low coupling and high cohesion mean? What does the principle of encapsulation mean?
  • 2. How do you manage conflicts in a web application when different people are editing the same data?
  • 3. Do you know about design patterns? Which design patterns have you used, and in what situations?
  • 4. Do you know what a stateless business layer is? Where do long-running transactions fit into that picture?
  • 5. What kinds of diagrams have you used in designing parts of an architecture, or a technical design?
  • 6. Can you name the different tiers and responsibilities in an N-tier architecture?
  • 7. Can you name different measures to guarantee correctness and robustness of data in an architecture?
  • 8. Can you name any differences between object-oriented design and component-based design?
  • 9. How would you model user authorization, user profiles and permissions in a database?
  • 10. How would you model the animal kingdom (with species and their behavior) as a class system?

Construction
  • 1. How do you make sure that your code can handle different kinds of error situations?
  • 2. Can you explain what Test-Driven Development is? Can you name some principles of Extreme Programming?
  • 3. What do you care about most when reviewing somebody else's code?
  • 4. When do you use an abstract class and when do you use an interface?
  • 5. Apart from the IDE, which other favorite tools do you use that you think are essential to you? 6. How do you make sure that your code is both safe and fast? 7. When do you use polymorphism and when do you use delegates?
  • 8. When would you use a class with static members and when would you use a Singleton class?
  • 9. Can you name examples of anticipating changing requirements in your code?
  • 10. Can you describe the process you use for writing a piece of code, from requirements to delivery?

Algorithms
  • 1. How do you find out if a number is a power of 2? And how do you know if it is an odd number?
  • 2. How do you find the middle item in a linked list?
  • 3. How would you change the format of all the phone numbers in 10,000 static html web pages?
  • 4. Can you name an example of a recursive solution that you created?
  • 5. Which is faster: finding an item in a hashtable or in a sorted list?
  • 6. What is the last thing you learned about algorithms from a book, magazine or web site?
  • 7. How would you write a function to reverse a string? And can you do that without a temporary string?
  • 8. What type of language do you prefer for writing complex algorithms?
  • 9. In an array with integers between 1 and 1,000,000 one value is in the array twice. How do you determine which one?
  • 10. Do you know about the Traveling Salesman Problem?

Data Structures
  • 1. How would you implement the structure of the London underground in a computer's memory?
  • 2. How would you store the value of a color in a database, as efficiently as possible?
  • 3. What is the difference between a queue and a stack?
  • 4. What is the difference between storing data on the heap vs. on the stack?
  • 5. How would you store a vector in N dimensions in a datatable?
  • 6. What type of language do you prefer for writing complex data structures?
  • 7. What is the number 21 in binary format? And in hex?
  • 8. What is the last thing you learned about data structures from a book, magazine or web site?
  • 9. How would you store the results of a soccer/football competition (with teams and scores) in an XML document?
  • 10. Can you name some different text file formats for storing unicode characters?

Testing
  • 1. Do you know what a regression test is? How do you verify that new changes have not broken existing features?
  • 2. How can you implement unit testing when there are dependencies between a business layer and a data layer?
  • 3. Which tools are essential to you for testing the quality of your code?
  • 4. What types of problems have you encountered most often in your products after deployment?
  • 5. Do you know what code coverage is? What types of code coverage are there?
  • 6. Do you know the difference between functional testing and exploratory testing? How would you test a web site?
  • 7. What is the difference between a test suite, a test case and a test plan? How would you organize testing?
  • 8. What kind of tests would you include for a smoke test of an ecommerce web site?
  • 9. What can you do reduce the chance that a customer finds things that he doesn't like during acceptance testing?
  • 10. Can you tell me something that you have learned about testing and quality assurance in the last year?

Maintenance
  • 1. What kind of tools are important to you for monitoring a product during maintenance?
  • 2. What is important when updating a product that is in production and is being used?
  • 3. How do you find an error in a large file with code that you cannot step through?
  • 4. How can you make sure that changes in code will not affect any other parts of the product?
  • 5. How do you create technical documentation for your products?
  • 6. What measures have you taken to make your software products more easily maintainable?
  • 7. How can you debug a system in a production environment, while it is being used?
  • 8. Do you know what load balancing is? Can you name different types of load balancing?
  • 9. Can you name reasons why maintenance of software is the biggest/most expensive part of an application's life cycle?
  • 10. What is the difference between re-engineering and reverse engineering?

Configuration Management
  • 1. Do you know what a baseline is in configuration management? How do you freeze an important moment in a project?
  • 2. Which items do you normally place under version control?
  • 3. How can you make sure that team members know who changed what in a software project?
  • 4. Do you know the differences between tags and branches? When do you use which? 5. How would you manage changes to technical documentation, like the architecture of a product?
  • 6. Which tools do you need to manage the state of all digital information in a project? Which tools do you like best?
  • 7. How do you deal with changes that a customer wants in a released product?
  • 8. Are there differences in managing versions and releases?
  • 9. What is the difference between managing changes in text files vs. managing changes in binary files?
  • 10. How would you treat simultaneous development of multiple RfC's or increments and maintenance issues?

Project Management
  • 1. How many of the three variables scope, time and cost can be fixed by the customer?
  • 2. Who should make estimates for the effort of a project? Who is allowed to set the deadline?
  • 3. Do you prefer minimization of the number of releases or minimization of the amount of work-in-progress?
  • 4. Which kind of diagrams do you use to track progress in a project?
  • 5. What is the difference between an iteration and an increment?
  • 6. Can you explain the practice of risk management? How should risks be managed? 7. Do you prefer a work breakdown structure or a rolling wave planning?
  • 8. What do you need to be able to determine if a project is on time and within budget?
  • 9. Can you name some differences between DSDM, Prince2 and Scrum? 10. How do you agree on scope and time with the customer, when the customer wants too much? 

Source : www.noop.nl

Radio Online

Try eRadioPortal for radio streaming online.

Create Multiply Account

A friend ask me on how to create an account in multiply. That's why i created this post for those still don't know how to create a multiply account. 1. Log on to the Multiply homepage (see Resources below). 2. Locate the highlighted "Join" box toward the bottom of the screen. Click "Create a New Account Join for Free." 3. Supply the information requested by the form on the account creation page. Pick a User ID of at least four characters long. This name is your Multiply nickname and your website address within the Multiply online social network. The site has a function that lets you know immediately if the online name you've chosen is already taken. Just look to the right of the ID box to see if your chosen user name is available. 4. Choose a password and provide your personal information. At the bottom of the form, reproduce the word or numbers provided to ensure you are a live person joining the site. 5. Click "Register." By doing so you agree to the Multiply website's terms of service. Once registered, your online account is active. 6. Tour the Multiply community to make the most of the site's capabilities. The tour help you create your online social network and find friends already connected to Multiply.

Bohol , Philippines

These are the resorts in Bohol, one of the Beautiful Islands in the Philippines. 1. Flushing Meadows Resort & Playground 2. Amarela Resort 3. Amorita Beach Resort 4. Alona Palm Beach Resort 5. Bohol Tropics Resort Club 6. Alona Kew White Beach Resort 7. Bohol Beach Club 8. Bohol Divers Resort 9. Bohol Tropics Resort

Configure MySQL 5.1 to RHEL 4


Configure MySQL 5.1 to RHEL 4

This is how i do to configure MySQL to RHEL 4 using terminal MySQL will automatically start after the successfull installation to the machine.  
  • 1. Since i can't find the my.cnf file and this message always appear [root]# /etc/init.d/mysql status /etc/init.d/mysql: line 412: test: 20424: binary operator expected MySQL is running but PID file could not be found [FAILED] , i download it from the net...here is the code: [mysqld] datadir=/var/lib/mysql skip-locking skip-innodb skip-networking safe-show-database query_cache_limit=1M query_cache_size=32M ## 32MB for every 1GB of RAM query_cache_type=1 max_user_connections=200 max_connections=500 interactive_timeout=10 wait_timeout=20 connect_timeout=20 thread_cache_size=128 key_buffer=64M ## 64MB for every 1GB of RAM join_buffer=1M max_connect_errors=20 max_allowed_packet=16M table_cache=1024 record_buffer=1M sort_buffer_size=1M ## 1MB for every 1GB of RAM read_buffer_size=1M ## 1MB for every 1GB of RAM read_rnd_buffer_size=1M ## 1MB for every 1GB of RAM thread_concurrency=2 ## Number of CPUs x 2 myisam_sort_buffer_size=64M server-id=1 [mysql.server] user=mysql #basedir=/var/lib [safe_mysqld] err-log=/var/log/mysqld.log pid-file=/var/lib/mysql/mysql.pid open_files_limit=8192 [mysqldump] quick max_allowed_packet=16M [mysql] no-auto-rehash #safe-updates [isamchk] key_buffer=64M sort_buffer=64M read_buffer=16M write_buffer=16M [myisamchk] key_buffer=64M sort_buffer=64M read_buffer=16M write_buffer=16M [mysqlhotcopy] interactive-timeout 
  • 2. Comment mysql file in this directory : /vat/lock/subsys/mysql because of this message : [root]# /etc/init.d/mysql status MySQL is not running, but lock exists [FAILED] 
  • 3. When i enter this command: [root ~]# /etc/init.d/mysql start I've get this message : Starting MySQLCouldn't find MySQL manager (/var/lib/bin/mysqlmanager) or server (/var/lib/bin/mysqld_safe)  
  • 4. That's why i do this part : Step 1.) Rem out the line in /etc/my.conf that was setting basedir to /var/lib. As seen below: user=mysql #basedir=/var/lib Step 2.) Create the directory "/var/run/mysqld" if it does not exist. Then chown that directory to mysql.mysql as below... mkdir /var/run/mysqld chown mysql.mysql /var/run/mysqld Step 3.) Start the service by the command /etc/init.d/mysql start and i've get this message: [root ~]# /etc/init.d/mysql start Starting MySQL [ OK ] After the configuration of MySQL i also installed the client version of MySQL by this command: [root~]# rpm --install MySQL-client-community-5.1.32-0.rhel4.i386.rpm And after the succesfull installation of the Client Version, i created a password for MySQL by this command: I typed : [root]# mysql -u root -p to set the password for MySQL. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 6 Server version: 5.1.32-community MySQL Community Server (GPL) Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> create database lportal character set utf8; The command "create database lportal character set utf8;" will be on my next post.

Jobs

Graduation days are fast approaching, that's why i gave other job seekers some sites were they can find their jobs or careers in the philippines or even in abroad... 1. Jobstreet 2. Trabaho.com 3. Best Jobs 4. JobsDB 5. Philippine Jobs 6. Jobs Online Good Luck!

No youtube in UK

Google will block the UK users from watching videos in youtube on monday night. The reason is just the previous license from "PRS for music" by google was already expired. Click this link to read more...

Wedding Songs

Here are some wedding song which 1. Love of my life by Jim Brickman 2. Only Hope by Mandy Moore 3. I’ll Be by Edwin McCain 4. When you say nothing at all by Alison Krauss 5. A moment like this by Kelly Clarkson 6. All my life by America 7. From this moment by Shania Twain 8. Still the one by Shania Twain 9. Through the years by Kenny Rogers 10. Open Arms by Journey 11. Gift by Jim Brickman 12. I could not ask for more by Sara Evans 13. Beautiful you loved me by Celine Dion 14. I’m your angel by Celine Dion 15. Finally found you 16. Till death do us part 17. In your eyes 18. Glory of love 19. Butterfly Kisses

Furnitures

Here are some site were you can find some furnitures FOR SALE!!! 1. http://gago.sulit.com.ph/ 2. Blims 3. http://www.collectionfurnitures.com/

Windows cannot connect to the domain

Windows cannot connect to the domain

An officemate approach me because of the message appearing when he try to login to his workstation. "Windows cannot connect to the domain, either because domain the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later. If this message continues to appear, contact your network administrator for assistance.". For this error message, i've done the following steps:

  • 1. Login to the Windows XP workstation as a local administrator. If you cannot logon as local administrator, try to disconnect the network cable and login to the computer by using a domain administrator user that was used to logon on the PC before. This will be made possible because of the cached logon credentials feature that remembers the last 10 successful logons. 
  • 2. Go to Control Panel, then click on System icon, then go to Computer Name tab. You can also do this by right-clicking My Computer, and then Properties. 
  • 3. Remove the computer from the domain by clicking on “Change”. You should see that Domain button is now selected. Remember your domain name in the text box. Select the “Workgroup” radio button to remove the computer from the domain, and put any workgroup name in the text box (e.g. workgroup). 
  • 4. Click OK to exit and reboot the computer. 
  • 5. After the computer restarts, go back to Control Panel > System > Computer Name tab, and click Change. 
  • 6. Rejoin the domain by chocking the Domain button. Enter the domain name noted in step 4. 
  • 7. You might be prompter to enter the credentials of one of the Domain Admin users. This can be bypassed if one of the Domain Admins manually creates a computer account in Active Directory Users and Computers for the workstation you're about to join. 
  • 8. Click OK to exit. 
  • 9. Reboot the PC.

Install MySQL 5 to RHEL 4

Install MySQL 5.1 to RHEL 4
  • 1. I enter this command rpm -i MySQLserver-community-5.1.32-0.rhel4.i386.rpm

  • 2. and a message appears "warning: MySQL-server-community-5.1.32-0.RHEL4.i386.rpm: V3 DSA signature: NOKEY, key ID 5072elf5 error: Failed dependencies: MySQL conflicts with mysql-4.1.20-2.RHEL4.1.i386"
  • 3. and i ask some friends about this problem and they told me to run this command to know the other installed MySQL rpm -qa | grep -i '^mysql'

  • 4. I remove previously installed MySql with the command rpm --nodeps -ev mysql-4.1.20-2.RHEL4.1.0.1

  • 5. After i removed the installed MySQL, i run the command : rpm -i MySQLserver-community-5.1.32-0.rhel4.i386.rpm After 48 years, it stops with no errors...My next problem is the configuration of MySQL... Thanks to google...

LDAP

 LDAP - Lightweight Directory Access Protocol

What is LDAP? LDAP, Lightweight Directory Access Protocol, is an Internet protocol that email and other programs use to look up information from a server. Every email program has a personal address book, but how do you look up an address for someone who's never sent you email? How can an organization keep one centralized up-to-date phone book that everybody has access to? That question led software companies such as Microsoft, IBM, Lotus, and Netscape to support a standard called LDAP. "LDAP-aware" client programs can ask LDAP servers to look up entries in a wide variety of ways. LDAP servers index all the data in their entries, and "filters" may be used to select just the person or group you want, and return just the information you want. For example, here's an LDAP search translated into plain English: "Search for all people located in Chicago whose name contains "Fred" that have an email address. Please return their full name, email, title, and description." LDAP is not limited to contact information, or even information about people. LDAP is used to look up encryption certificates, pointers to printers and other services on a network, and provide "single signon" where one password for a user is shared between many services. LDAP is appropriate for any kind of directory-like information, where fast lookups and less-frequent updates are the norm. As a protocol, LDAP does not define how programs work on either the client or server side. It defines the "language" used for client programs to talk to servers (and servers to servers, too). On the client side, a client may be an email program, a printer browser, or an address book. The server may speak only LDAP, or have other methods of sending and receiving data—LDAP may just be an add-on method. If you have an email program (as opposed to web-based email), it probably supports LDAP. Most LDAP clients can only read from a server. Search abilities of clients (as seen in email programs) vary widely. A few can write or update information, but LDAP does not include security or encryption, so updates usually requre additional protection such as an encrypted SSL connection to the LDAP server. LDAP also defines: Permissions, set by the administrator to allow only certain people to access the LDAP database, and optionally keep certain data private. Schema: a way to describe the format and attributes of data in the server. For example: a schema entered in an LDAP server might define a "groovyPerson" entry type, which has attributes of "instantMessageAddress", and "coffeeRoastPreference". The normal attributes of name, email address, etc., would be inherited from one of the standard schemas, which are rooted in X.500 (see below). LDAP was designed at the University of Michigan to adapt a complex enterprise directory system (called X.500) to the modern Internet. X.500 is too complex to support on desktops and over the Internet, so LDAP was created to provide this service "for the rest of us." LDAP servers exist at three levels: There are big public servers, large organizational servers at universities and corporations, and smaller LDAP servers for workgroups. Most public servers from around year 2000 have disappeared, although directory.verisign.com exists for looking up X.509 certificates. The idea of publicly listing your email address for the world to see, of course, has been crushed by spam. While LDAP didn't bring us the worldwide email address book, it continues to be a popular standard for communicating record-based, directory-like data between programs. At first i don't get this word from my officemate until read it on a site...hahahaha...thank god i have internet connection!

Blogger Templates

Precision
Lifegreen
I'm wondering if there are available templates for my blogs, that's why i search for other templates for blogger. When i found blogger templates and save the zip files i downloaded and test it to my news site...

Malwares, Worms hits Facebook

Trend Micro, a computer security firm, is warning that social-networking sites are under attack from a new wave of malware, worms and rogue applications. Although a number of the leading social-network sites have been targeted, the problem has hit Facebook hardest. "We didn't see a lot of these until recently," said Jamz Yaneza, the threat research manager for Trend Micro. "So far, they don't seem to be affecting users that much, although at least one Facebook group has been started by malware victims." Yaneza said there is particular concern about a new variant of a dangerous worm, WORM_KOOBFACE.AZ. Within a very short period of time, the setup file for Koobface.AZ appeared on more than 300 servers, mostly in Asia, and Trend Micro expects that number to rise quickly. Researchers also estimate that as many as 20,000 PCs are being infected each day. Sophisticated Identity Theft Koobface.AZ and other rogue applications either secretly steal user information or dupe users into revealing it voluntarily. For instance, late last week, some Facebook users received a notification in their user profile that they had been reported for a violation of the site's terms and conditions. Users who clicked on the notice were redirected to an application called "f a c e b o o k -- - closing down!!!," which promptly sent the same message to each of the user's friends. Researchers suspect the application was harvesting personal information along the way. A similar approach was used by the application "The Error Check System," which posted notifications from a user's friends that they had experienced "errors" while viewing the user's profile. If the user clicked through to "View the Error Messages," they were given a chance to "Activate" an errors-message checker -- which was really another copy of the rogue application. What happens, Yaneza explained, is that data stolen by the rogue applications gets uploaded to a third-party Web site. Session data, cookies and captured personal information can be used to log in to social-networking sites under the stolen identity, and then the software roots around for even more personal information. "It's Web 2.0," he said, "so there are no standards for how to secure log-in data and other session information." Is Openness the Problem? But an even bigger problem, Yaneza warned, is that the trend toward open social-networking applications makes it easy for identity thieves and other cybercriminals to write malicious applications. Facebook is the highest-profile target because of its user base, he said, but it's a problem faced by many other sites as well. Yaneza agreed that this threat is one reason why Apple's approval approach to the iPhone App Store should be followed by social-networking sites. "There has been a long-standing problem with easily registering malicious apps using a botnet," he said. "I think lockdowns need to be done; not everyone should be able to create an app."

Microsoft : Kumo

Microsoft : Kumo

Microsoft is testing it's new Internet Search Engine called Kumo. According to Microsoft, this search engine can understand sentence unlike the google and yahoo which can only show results base from the matched words entered by the users.

Microsoft converging programming languages

Upgrades to Visual Basic and C# will co-evolve the platforms together and bring interoperability with dynamic languages By Paul Krill February 27, 2009 Microsoft will converge features of Visual Basic and C# languages with planned upgrades to the two platforms, a Microsoft official said this week. Visual Basic 10 and C# 4 are both due concurrently with the Visual Studio 2010 IDE, which might ship at the end of the year. The Visual Basic and C# teams "were merged last year, and it's called the Visual Studio managed languages team," said Beth Massi, senior program manager at Microsoft, during the VSLive conference in San Francisco. Also under the team's domain are the F# language, for functional programming, and Microsoft's DLR (Dynamic Language Runtime), supporting dynamic languages on the .Net platform. [ In a related development, scripting languages are sparking a new programming era. ] Visual Basic and C# developers build the same type of applications, such as Web and business applications, and the intention is to co-evolve the languages together, Massi said. .Net has unified how applications are written, she said. "It's much less focused on the language," Massi said Visual Basic 10 and C# 4 will gain interoperability with dynamic languages. Programmers, for example, could tap into a JavaScript engine in an ASP.Net application, according to Massi. "In both of the languages, Visual Basic and C# are going to have interop with the DLR," for interaction with scripting languages such as Python, Massi said. The DLR has not yet been released. Both Visual Basic 10 and C# 4 also are to get an array literals capability for inferring array types. The two languages also will gain collection initializers for initializing a list or dictionary with data using the new "from" keyword. Multi-line and statement lambdas, another ease of use feature saving programmers from having to return values, also is due in both language upgrades. Compiling without primary interop assemblies also will be enabled in both. A generic variance capability will be offered in the languages for widening or narrowing the scope of generic types, such as a list. Visual Basic 10 also will include auto-implemented properties, an ease of use programming feature already in C# 3. Also, Visual Basic 10 will gain an implicit line continuation capability so developers do not have to write underscores in LINQ (Language Integrated Query).

How You Grow Your Career in a Slow Economy

– Brian Tracy, CIO Always You've got to maximize your potential in order to grow your career. To do that you have to get more or better results than those around you. I've gotten blowback from others before for saying this, but you must realize that you're in a competition with everyone else in your company. So what does it take to get ahead? How can you do this? Here are some simple techniques to help you get more results and be respected for your work. First, work all the time you are at work. Immediately start in on the most important tasks. Do not surf the Internet, make personal calls, read the newspaper or make small talk. The next thing is to contribute. Ask yourself what you can do to render the greatest contribution to your organization. Go that extra mile. Do more than you are paid to do. Put in more effort than other people. Look for ways to do more. Remember, there is no traffic jam on the extra mile. You've got to think about your career like it was a marathon: Some runners get out way ahead of the pack, the pack is there in the middle and then there are those who trail the pack. Your job is to be at the front of the pack. Sometimes I don't think there is anything that applies here sometimes when you're trying to grow your career. Talking about what you could do "sometimes" could be the basis for a whole separate conversation. Never Start work each day without writing down a plan of activities organized by priority. If you don't do that, your whole life will end up going all over the place and you'll get little done. Coach: Brian Tracy, Motivational speaker, author of Reinvention: How to Make the Rest of Your Life the Best of Your Life