Contents: Book sales ranking, Graphic overuse, .eu domain bid, Hiding email addresses, Virus, Trojan, and Worm defence, Word 97 Hidden File Detector, Software bugs, Euro presentations, UK five tests, Nice Treaty, R&D News
This issue on the web at http://www.sysmod.com/praxis/prax0210.htm
Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success
Book sales rank tracking service
Pet peeve - huge graphic logos embedded in attachments
Irish consortium bids to run .eu domain
Hide your email address on the web
The BugBear trojan - update your anti-virus daily
The Opaserv / Opasoft worm - test your defences
Linux sysadmins slapped
Word pilferage field protection: Hidden File Detector
Software Bugs articles from SQL Server magazine
My upcoming presentations in the UK
The Five Tests for the UK
Not so Nice
CORDIS R&D weekly digest now available by e-mail
FEEDBACK requested on the Nice Treaty Referendum in Ireland
Believe it or not
TLA Hunt
25 Web links in this newsletter
About this newsletter and Archives
Disclaimer
Subscribe and Unsubscribe information
|
| | |
_______________________________________________________
I have a political kind of question in this month's request for feedback. If you have a view on the Nice Treaty, this is your chance!
Thanks for your interest,
Patrick O'Beirne
_______________________________________________________ _______________________________________________________
Books & Writers offers a free rank notification service to help authors and publishers get complete, accurate, and up-to-date listings, reviews, and cover images at online booksellers. I use it to track the sales position of my book on Amazon and Barnes and Noble.
http://www.booksandwriters.com
_______________________________________________________
If people didn't waste the resources we have, we might not have such demand for broadband. One person recently sent me an email with a Word document attached, containing two large logo images. The 6K of text became a megabyte email. I sent back some smaller JPGs in the hope they will use them instead.
When people do get broadband and "always on" access, they stay on the Net longer, with the consequent higher risk of attack from Internet worms. See the Risk Management section below for more on this.
_______________________________________________________
A consortium of organisations calling itself Eureto has officially launched its bid to run the soon-to-launch European Domain Name Registry out of Ireland. If successful in its bid, which will officially be submitted to the EU before 25 October, the company would create over 200 jobs in Ireland..
http://www.electricnews.net/news.html?code=8624576 [source ElectricNews.net 18 September 2002]
_______________________________________________________
_______________________________________________________
It's surprising how often people put contact email addresses in plain view on a web page, and then suffer spam attacks. The reason is, spammers trawl the net looking for pages with "mailto" tags in them, and harvest such addresses for adding to their database. So here are some avoidance tactics:
1) Place the address in the form of a graphical image. This is the approach I used on www.SoftTest.ie
2) Obscure the address by encoding it. So mailto:me@me.com becomes mailto:me@me.com
This used to work for simpler robots, but they are getting more clever. I can send an address encoder written in VBscript (just 336 bytes) to anyone who emails me to ask for it.
3) Break the address up using document.write in a script on the page. That only produces visible output if the recipient allows scripts to run. Most do, but there's always a chance that some will not, for security reasons.
_______________________________________________________
This has spread very rapidly. I have received many emails with confidential content stolen from people's address book. The trojan also attempts to extract credit card details. Please update your anti-virus software daily! It fakes the FROM field of the email that it sends out while the TO field contains addresses found in the Windows Address Book.
http://www.messagelabs.com/viruseye/report.asp?id=110
http://www.silicon.com/a55761 What to do about it
_______________________________________________________
In the last week, there was an increase in the number of alerts from my ZoneAlarm personal firewall. ( www.zonealarm.com ) about probes on Netbios port 137 on my PC. I was wondering about hacker attacks until I saw the description of this worm that was detected at the end of September:
http://vil.nai.com/vil/content/v_99729.htm
Significant NetBIOS traffic (UDP) is caused by this worm. One of
the early indications of this worms activity was the increase in port 137 hits
on firewalls. This traffic is caused by the worm issuing WINS queries across
contiguous IP ranges. The spreading mechanism observed in testing is outlined
below:
· the worm issues WINS query (to retrieve NetBIOS name).
· the worm then tries to establish a NetBIOS session to the remote machine.
· if successful the worm attempts to spread via connecting to \\%machinename%\C
using SMB (Server Message Block) commands (ie. requiring open 'C' share on
remote machine).
There are too many people connecting to the Net with insecure PCs, mainly with open shares on their disk drives. To check the status of your PC, visit Steve Gibson's ShieldsUp web page and run the probe test:
http://grc.com/default.htm, scroll half way down the page, and click on "ShieldsUp!"
_______________________________________________________
Linux users who used to crow over the vulnerabilities in Microsoft's web servers may now have some crow to eat. The Slapper Linux worm is the name of a new bug circulating on the Internet, reportedly attacking servers in over 100 countries. The network worm spreads on Linux servers by exploiting a flaw that has been exposed since August 2002 in OpenSSL libraries. Apache installations cover more than 60 pc of public Web sites on the Internet, and it is estimated that approximately 1m machines have enabled SSL services.
http://www.electricnews.net/news.html?code=8623034 [source ElectricNews.net 16 September 2002]
_______________________________________________________
Last month, I quoted Woody on the MS Word "spy" field vulnerability. This month, there is a link to Bill Coan's HFD, a utility that finds the offensive fields, helps you understand what they may be doing, and transports you to suspicious locations inside your documents so you can take remedial action. http://www.woodyswatch.com/util/sniff/ or visit
http://www.wordsite.com/HiddenFileDetector.html
_______________________________________________________
SQL Server Magazine had an article "Complacency Creates Vicious Cycle of Software Bugs,"
http://www.sqlmag.com/articles/index.cfm?articleid=26056
"Readers Respond to Software Bug Topic,"
http://www.sqlmag.com/Articles/Index.cfm?ArticleID=26264
_______________________________________________________
_______________________________________________________
I had the pleasure of presenting the BASDA recommendations on euro compliance to the Conference of Scottish Local Authorities (COSLA) in Edinburgh in September. The BASDA web site is www.basda.org
On Oct 15 & 16, I shall be chairing two Sapiens events: http://www.sapiens.com/en/events/euro_breakfast_meeting.html
I shall also be presenting at the Chartered Institute of Public Finance and Accountancy (CIPFA) events in November. Event presentations and a write-up are now available from the July 2002 Euro Forum seminars (Subscriber Access Only). http://www.ipf.co.uk/europe/euroforum/writeup/july2002.htm
IPF provide "Signposts" for public sector practitioners which track news and key developments on Europe at http://www.ipf.co.uk/europe
_______________________________________________________
The UK Treasury has a document on 6 Sept 2002 that explains in more detail the importance, and content, of the preliminary and technical work that is now underway prior to the assessment of the five tests for UK membership of the single currency.
1. Convergence Test
2. Flexibility Test
3. Investment Test
4. Financial Services Test
5. Growth, Stability and Jobs Test
"A study will also be published on price differentials. This study will examine what impact joining EMU might have on UK prices, what explains relative price level movements between European economies in the 1990's and what has happened to euro area prices since the introduction of the euro - whether they have converged and how euro area price dispersion compares with dispersion in other monetary unions such as the US."
http://www.hm-treasury.gov.uk/Documents/The_Euro/euro_selcom0509.cfm
_______________________________________________________
You may have seen some of the coverage of the upcoming referendum in Ireland on the Treaty of Nice, for example on the BBC: http://news.bbc.co.uk/1/hi/world/europe/2295173.stm
You can read more detail about the Treaty on the EUObserver's "Nice Treaty - the reader friendly edition" at http://www.euobserver.com/index.phtml?sid=38
NiceTreaty.com is cybersquatted, but www.NiceTreaty.ie is a real website, the campaign by the employers' organisation, IBEC.
The White Paper and the text of the Treaty of Nice can also be accessed on the website of the Department of Foreign Affairs of Ireland - www.irlgov.ie/iveagh
Because of the defeat of the referendum the last time, the government set about repairing the damage by engaging in more public consultation. Information on the National Forum on Europe is available on http://www.forumoneurope.ie
The figures from an opinion poll show:
37% - Yes
25% - No
38% - Undecided
However, the campaign is getting dirty. James Kinsella has uploaded some photographs of the referendum campaign posters:
http://icd.internetphotoservices.co.uk/public/detail.html?c_album=150386
If you want to know why people are so anti-politicians and the current government, check out the interim report of the Flood tribunal on planning matters. Quick tip: download the report and search for "corrupt payment".
http://www.flood-tribunal.ie/asp/Reports.asp?ItemID=202
_______________________________________________________
CORDIS, the European Commission's Research and Development Information Service, is offering a free weekly online newsletter on the latest and most topical European research and innovation developments. Registered users will also be able to receive it every Friday morning directly by e-mail, free of charge. Express offers a review and summaries of the latest news on the Sixth Framework Programme (FP6) , innovation policy, national and regional information, calls and events. In addition, Express highlights new services available on CORDIS as well as a selection of latest projects, partnering opportunities and technological intelligence.
_______________________________________________________ _______________________________________________________
We value your feedback. This time, I am looking for your comments on the imminent referendum in Ireland on the Nice Treaty, particularly from readers in the accession countries. Is it
a) The only attempt by plucky independent people to quash unbalanced decisions made in smoke filled rooms which the rest of the EU has not been given a referendum voice on by their governments?
b) The opportunity for the new fat cats of Europe to pull up the drawbridge and deny the same path to prosperity, that the Irish benefited from for many years, to the accession countries emerging from a century of oppression?
c) or something else?
Simply send your comments to NICETREATY (at) SYSMOD (dot) COM
Thank you! Patrick O'Beirne, Editor
_______________________________________________________ _______________________________________________________
Last month I reported on the ban on electronic game in Greece. Giorgos Epitidios of Athens wrote to the Risks Digest saying that "The stupid law banning electronic games has been found unconstitutional by the court that was judging the 'criminals'. " Nonetheless, the consulate still insists that the ban on gambling remains: "The New Greek Law has banned all games that can be used for gambling or modified for gambling purposes even if they exist in private spaces (Only Casinos are excluded from the banning)."
Hunting for a meaning for that elusive Three-Letter-Abbreviation? Or just looking for one that is not used? Try http://www.atomiser.demon.co.uk/abbrev/hunt.htm
_______________________________________________________
_______________________________________________________
Copyright 2002 Systems Modelling Limited,
http://www.sysmod.com .
Reproduction allowed provided the newsletter is copied in its entirety and with
this copyright notice.
We appreciate any feedback or suggestions for improvement. If you have received
this newsletter from anybody else, we urge you to sign up for your personal copy
by sending a blank email to
EuroIS-subscribe (at) yahoogroups (dot) com - it's free!
For those who would like to do more than receive the monthly newsletter, the
EuroIS list makes it easy for you to discuss issues raised, to share experiences
with the rest of the group, and to contribute files to a common user community
pool independent of the sysmod.com web site. I will be moderating posts to the
EuroIS list, to screen out inappropriate material.
Patrick O'Beirne, Editor
_______________________________________________________
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen
to reflect our focus on practical solutions to IS problems, avoiding hype. If
you like acronyms, think of it as "Patrick's reports and analysis across
Information Systems".
_______________________________________________________
ARCHIVES
To read previous issues of this newsletter please visit our web site at
http://www.sysmod.com/praxis.htm
DISCLAIMER
This newsletter is prepared in good faith and the information has been taken
from observation and other sources believed to be reliable. Systems Modelling
Ltd. (SML) does not represent expressly or by implication the accuracy,
truthfulness or reliability of any information provided. It is a condition of
use that users accept that SML has no liability for any errors, inaccuracies or
omissions. The information is not intended to constitute legal or professional
advice. You should consult a professional at Systems Modelling Ltd. directly for
advice that is specifically tailored to your particular circumstances.
Copyright (c) SML 2002
_______________________________________________________
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
PRIVACY POLICY:
We guarantee not to sell, trade or give your e-mail address to
anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers
a moderated discussion list for readers and a free shared storage area for
user-contributed files. The archives of this group are on YahooGroups website
http://groups.yahoo.com/group/EuroIS
_______________________________________________________