PraxIS October 2002                    ISSN 1649-2374

Contents: Book sales ranking, Graphic overuse, .eu domain bid, Hiding email addresses, Virus, Trojan, and Worm defence, Word 97 Hidden File Detector, Software bugs, Euro presentations, UK five tests, Nice Treaty, R&D News

This issue on the web at http://www.sysmod.com/praxis/prax0210.htm

IN THIS ISSUE

Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success

E-business

  Book sales rank tracking service
  Pet peeve - huge graphic logos embedded in attachments
  Irish consortium bids to run .eu domain

Risk Management

  Hide your email address on the web
  The BugBear trojan - update your anti-virus daily
  The Opaserv / Opasoft worm - test your defences
  Linux sysadmins slapped
  Word pilferage field protection: Hidden File Detector

Software Quality

  Software Bugs articles from SQL Server magazine

Euro features

  My upcoming presentations in the UK
  The Five Tests for the UK
  Not so Nice
  CORDIS R&D weekly digest now available by e-mail

FEEDBACK requested on the Nice Treaty Referendum in Ireland

On the lighter side 

  Believe it or not
  TLA Hunt

25 Web links in this newsletter
About this newsletter and Archives
Disclaimer
Subscribe and Unsubscribe information

   
 

| |

_______________________________________________________
 

WELCOME

I have a political kind of question in this month's request for feedback. If you have a view on the Nice Treaty, this is your chance!

Thanks for your interest,

Patrick O'Beirne

_______________________________________________________ _______________________________________________________

E-business

Book sales rank tracking service

Books & Writers offers a free rank notification service to help authors and publishers get complete, accurate, and up-to-date listings, reviews, and cover images at online booksellers. I use it to track the sales position of my book on Amazon and Barnes and Noble.

http://www.booksandwriters.com

_______________________________________________________

Pet peeve - huge graphic logos embedded in attachments.

If people didn't waste the resources we have, we might not have such demand for broadband. One person recently sent me an email with a Word document attached, containing two large logo images. The 6K of text became a megabyte email. I sent back some smaller JPGs in the hope they will use them instead.

When people do get broadband and "always on" access, they stay on the Net longer, with the consequent higher risk of attack from Internet worms. See the Risk Management section below for more on this.

_______________________________________________________

Irish consortium bids to run .eu domain

A consortium of organisations calling itself Eureto has officially launched its bid to run the soon-to-launch European Domain Name Registry out of Ireland. If successful in its bid, which will officially be submitted to the EU before 25 October, the company would create over 200 jobs in Ireland..

http://www.electricnews.net/news.html?code=8624576 [source ElectricNews.net 18 September 2002]

_______________________________________________________

 
_______________________________________________________

Risk Management

Hide your email address on the web

It's surprising how often people put contact email addresses in plain view on a web page, and then suffer spam attacks. The reason is, spammers trawl the net looking for pages with "mailto" tags in them, and harvest such addresses for adding to their database. So here are some avoidance tactics:

1) Place the address in the form of a graphical image. This is the approach I used on www.SoftTest.ie

2) Obscure the address by encoding it. So  mailto:me@me.com  becomes &#109&#97&#105&#108&#116&#111&#58&#109&#101&#64&#109&#101&#46&#99&#111&#109

This used to work for simpler robots, but they are getting more clever. I can send an address encoder written in VBscript (just 336 bytes) to anyone who emails me to ask for it.

3) Break the address up using document.write in a script on the page. That only produces visible output if the recipient allows scripts to run. Most do, but there's always a chance that some will not, for security reasons.

_______________________________________________________

The BugBear trojan - update your anti-virus daily!

This has spread very rapidly. I have received many emails with confidential content stolen from people's address book. The trojan also attempts to extract credit card details. Please update your anti-virus software daily! It fakes the FROM field of the email that it sends out while the TO field contains addresses found in the Windows Address Book.

http://www.messagelabs.com/viruseye/report.asp?id=110 

http://www.silicon.com/a55761 What to do about it

_______________________________________________________

The Opaserv / Opasoft worm - test your defences!

In the last week, there was an increase in the number of alerts from my ZoneAlarm personal firewall. ( www.zonealarm.com ) about probes on Netbios port 137 on my PC. I was wondering about hacker attacks until I saw the description of this worm that was detected at the end of September:

http://vil.nai.com/vil/content/v_99729.htm
Significant NetBIOS traffic (UDP) is caused by this worm. One of the early indications of this worms activity was the increase in port 137 hits on firewalls. This traffic is caused by the worm issuing WINS queries across contiguous IP ranges. The spreading mechanism observed in testing is outlined below:
the worm issues WINS query (to retrieve NetBIOS name).
the worm then tries to establish a NetBIOS session to the remote machine.
if successful the worm attempts to spread via connecting to \\%machinename%\C using SMB (Server Message Block) commands (ie. requiring open 'C' share on remote machine).

There are too many people connecting to the Net with insecure PCs, mainly with open shares on their disk drives. To check the status of your PC, visit Steve Gibson's ShieldsUp web page and run the probe test:

http://grc.com/default.htm, scroll half way down the page, and click on "ShieldsUp!"

_______________________________________________________

Linux sysadmins slapped

Linux users who used to crow over the vulnerabilities in Microsoft's web servers may now have some crow to eat. The Slapper Linux worm is the name of a new bug circulating on the Internet, reportedly attacking servers in over 100 countries. The network worm spreads on Linux servers by exploiting a flaw that has been exposed since August 2002 in OpenSSL libraries. Apache installations cover more than 60 pc of public Web sites on the Internet, and it is estimated that approximately 1m machines have enabled SSL services.

http://www.electricnews.net/news.html?code=8623034 [source ElectricNews.net 16 September 2002]

_______________________________________________________

Word pilferage field protection: Hidden File Detector

Last month, I quoted Woody on the MS Word "spy" field vulnerability. This month, there is a link to Bill Coan's HFD, a utility that finds the offensive fields, helps you understand what they may be doing, and transports you to suspicious locations inside your documents so you can take remedial action. http://www.woodyswatch.com/util/sniff/  or visit

http://www.wordsite.com/HiddenFileDetector.html

_______________________________________________________

 
_______________________________________________________

Software Quality

SQL Server Magazine had an article "Complacency Creates Vicious Cycle of Software Bugs,"

http://www.sqlmag.com/articles/index.cfm?articleid=26056 

"Readers Respond to Software Bug Topic,"

http://www.sqlmag.com/Articles/Index.cfm?ArticleID=26264

_______________________________________________________
_______________________________________________________

 

EURO FEATURES

My upcoming speaking engagements in the UK

I had the pleasure of presenting the BASDA recommendations on euro compliance to the Conference of Scottish Local Authorities (COSLA) in Edinburgh in September. The BASDA web site is www.basda.org

On Oct 15 & 16, I shall be chairing two Sapiens events: http://www.sapiens.com/en/events/euro_breakfast_meeting.html

I shall also be presenting at the Chartered Institute of Public Finance and Accountancy (CIPFA) events in November. Event presentations and a write-up are now available from the July 2002 Euro Forum seminars (Subscriber Access Only). http://www.ipf.co.uk/europe/euroforum/writeup/july2002.htm 

IPF provide "Signposts" for public sector practitioners which track news and key developments on Europe at http://www.ipf.co.uk/europe

_______________________________________________________

The Five Tests for the UK

The UK Treasury has a document on 6 Sept 2002 that explains in more detail the importance, and content, of the preliminary and technical work that is now underway prior to the assessment of the five tests for UK membership of the single currency.

1. Convergence Test
2. Flexibility Test
3. Investment Test
4. Financial Services Test
5. Growth, Stability and Jobs Test

"A study will also be published on price differentials. This study will examine what impact joining EMU might have on UK prices, what explains relative price level movements between European economies in the 1990's and what has happened to euro area prices since the introduction of the euro - whether they have converged and how euro area price dispersion compares with dispersion in other monetary unions such as the US."

http://www.hm-treasury.gov.uk/Documents/The_Euro/euro_selcom0509.cfm 

_______________________________________________________

Not so Nice

You may have seen some of the coverage of the upcoming referendum in Ireland on the Treaty of Nice, for example on the BBC: http://news.bbc.co.uk/1/hi/world/europe/2295173.stm

You can read more detail about the Treaty on the EUObserver's "Nice Treaty - the reader friendly edition" at http://www.euobserver.com/index.phtml?sid=38 

NiceTreaty.com is cybersquatted, but www.NiceTreaty.ie is a real website, the campaign by the employers' organisation, IBEC.

The White Paper and the text of the Treaty of Nice can also be accessed on the website of the Department of Foreign Affairs of Ireland - www.irlgov.ie/iveagh

Because of the defeat of the referendum the last time, the government set about repairing the damage by engaging in more public consultation. Information on the National Forum on Europe is available on http://www.forumoneurope.ie

The figures from an opinion poll show:
37% - Yes
25% - No
38% - Undecided

However, the campaign is getting dirty. James Kinsella has uploaded some photographs of the referendum campaign posters:

http://icd.internetphotoservices.co.uk/public/detail.html?c_album=150386

If you want to know why people are so anti-politicians and the current government, check out the interim report of the Flood tribunal on planning matters. Quick tip: download the report and search for "corrupt payment".

http://www.flood-tribunal.ie/asp/Reports.asp?ItemID=202 

_______________________________________________________

CORDIS R&D weekly digest now available by e-mail

CORDIS, the European Commission's Research and Development Information Service, is offering a free weekly online newsletter on the latest and most topical European research and innovation developments. Registered users will also be able to receive it every Friday morning directly by e-mail,  free of charge. Express offers a review and summaries of the latest news on the Sixth Framework Programme (FP6) , innovation policy, national and regional information, calls and events. In addition, Express highlights new services available on CORDIS as well as a selection of latest projects, partnering opportunities and technological intelligence.

http://www.cordis.lu/express 

_______________________________________________________ _______________________________________________________

FEEDBACK

We value your feedback. This time, I am looking for your comments on the imminent referendum in Ireland on the Nice Treaty, particularly from readers in the accession countries. Is it

a) The only attempt by plucky independent people to quash unbalanced decisions made in smoke filled rooms which the rest of the EU has not been given a referendum voice on by their governments?

b) The opportunity for the new fat cats of Europe to pull up the drawbridge and deny the same path to prosperity,  that the Irish benefited from for many years, to the accession countries emerging from a century of oppression?

c) or something else?

Simply send your comments to NICETREATY (at) SYSMOD (dot) COM

Thank you! Patrick O'Beirne, Editor

_______________________________________________________ _______________________________________________________

On the lighter side

Believe it or not

Last month I reported on the ban on electronic game in Greece. Giorgos Epitidios of Athens wrote to the Risks Digest saying that "The stupid law banning electronic games has been found unconstitutional by the court that was judging the 'criminals'. " Nonetheless, the consulate still insists that the ban on gambling remains: "The New Greek Law has banned all games that can be used for gambling or modified for gambling purposes even if they exist in private spaces (Only Casinos are excluded from the banning)."

TLA Hunt

Hunting for a meaning for that elusive Three-Letter-Abbreviation? Or just looking for one that is not used?  Try http://www.atomiser.demon.co.uk/abbrev/hunt.htm 

_______________________________________________________
_______________________________________________________


Copyright 2002 Systems Modelling Limited, http://www.sysmod.com . Reproduction allowed provided the newsletter is copied in its entirety and with this copyright notice.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to 
EuroIS-subscribe (at) yahoogroups (dot) com
- it's free!

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the sysmod.com web site. I will be moderating posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editor
_______________________________________________________
ABOUT THIS NEWSLETTER

"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".


_______________________________________________________
ARCHIVES

To read previous issues of this newsletter please visit our web site at http://www.sysmod.com/praxis.htm

DISCLAIMER

This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.

Copyright (c) SML 2002

_______________________________________________________
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!

PRIVACY POLICY:

We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website http://groups.yahoo.com/group/EuroIS 

_______________________________________________________