tansqrx

One post and it is about e-gold. I think we have another winner! Just in case the general population didnât know, the founders of e-gold were indicted by a grand jury in Washington DC on April 27, 2007. The charges are money laundering, conspiracy, and operating an unlicensed money transmitting service. At the time of the charges e-gold was considered the preferred payment method of con artists and the darker side of the Internet. https://en.wikipedia.org/wiki/E-gold Personally I think the idea of trading raw precious medals is a good thing. It goes back to the days of the gold standard in the United States (https://en.wikipedia.org/wiki/Gold_standard). Perhaps the main reason the U.S. Government got so upset over e-gold was because e-gold reminded them the U.S. dollar is not the only game in town anymore. The downside to all of this is of course fraud. Unlike PayPal you will really have to know your customer.

I could certainly get down below the 30 second mark but I would have to remove password protection (boot straight into an account) and remove some startup programs. Some of the biggest time hogs for me is my antivirus (Avast!), PGP, and BCWipe. Actually I suppose if you count until the last program has loaded it could take me around 10 minutes.

I like three and five. Three is the best.

I’m starting to get the feeling that my initial hope has been dashed once again. The chats were working great for about a week and then everything went to Hell once again. Now I am once again back to the condition of waiting for five minutes to get into a chat and then having the thing timeout on me.

Damn you are making me feel old.

Security Fix 8.1.0.416On the 16th of August I reported the latest Yahoo! Messenger exploit that was leaked. At the time not much information was given about the exploit but since then I have a little bit more. The exploit was apparently due to a buffer overflow in the JPEG2000 (https://en.wikipedia.org/wiki/JPEG_2000) CODEC. Yahoo! has now announced that the exploit has been patched in its latest release, 8.1.0.416. The patch should be automatically pushed out to users.

You are on the hunt for the age old myth of the perpetual motion machine. The bottom line is it does not exist. https://en.wikipedia.org/wiki/Perpetual_motion. It has been tried so many times that the US patent office will flatly refuse any application that is a perpetual motion machine. The one thing that most people miss in this argument is efficiency. In other words, in the real world there is no such thing as 100% efficiency or perfect transfer of work (power) from one place to another. Take the turbine example. As the turbine is spinning you also have friction in the bearings, wind drag, and heat produced. All of this equals energy being lost in the system and a dropped efficiency. Even if the system is of 99%+ efficiency, that 1% will eventually bring the whole system to a stop.

Yahoo! Messenger is once again in the news for all the wrong reasons. This time it is a heap overflow in the webcam component. The news was apparently first exposed my McAfee in a blog post at http://www.mcafee.com/us/threat-center.aspx. A second post at http://www.mcafee.com/us/threat-center.aspx goes into more detail explaining that you shouldnât accept unknown webcam invites and to possibly firewall port 5100. Security Focus has also issued an alert at http://www.securityfocus.com/bid/25330/info but they only classify is as a remote denial of service attack, far from the remote code execution heralded by McAfee. Security Focus reports that exploit code can be found at http://forums.xisto.com/no_longer_exists/. When I hear that a new exploit may be on the market for Messenger the first thing I do is head over to Google News and see what the top Messenger stories are. For some reason I think this particular exploit may be getting the attention of a more generalized audience. Compared to the June 2007 exploit, the news reports appear to be more numerous and written in a more ominous tone. The thing that really caught my attention was the fact that more main stream media outlets are picking up on this story such as ABC (http://abcnews.go.com/Technology/PCWorld/story?id=3482490). Although this particular Yahoo! Messenger attack may not be any worse than the June exploit, Yahoo! may have a bigger public relations mess on their hands.

I suppose I should have been more specific. I run encryption on the disk so it takes around 14 hours for my 500Gb hard drive to be full encrypted.

I used to think bigger the better. That was until I had one of those bad boys died on me and it took forever to restore from backup. Also when I format I usually just leave it on overnight because it takes so long.

All I can say is wow. All of those tool bars and no personal information is sent.I too think it is a SPAM bot. It also may by some type of proxy that changes the AGENT field to IE 4. I use one such program that changes everything, even non-Microsoft programs, to IE 6.

This might be one of those areas where if you ask to be someone “cool” then you most likely don’t realize how hard being “cool” is. From running my own forums I know that administrators and moderators are bombarded with all types of nasties everyday. One day there might not be anything to do, but the next you are spending three hours cleaning up spam. Being in power is hard work sometimes.BTW, I do have to compliments the admins and mods. Xisto has always been a clean and safe place to live. Keep up the good work.

Sorry that this is off topic because you wanted help with your server but it is related to Defense of the Ancients. I played DotA for the first time last weekend at a LAN party. It was a one last party before (high) school started again. I am several years elder to the average participant but I still had a blast. The only reason I was invited is because I love to play Warcraft so much and I always request it at parties. I was very impressed with DotA. I will have to say that is was the easiest mod that I every played because it is a map that is automatically downloaded from the server. Since everyone else had played for many months before that I was not named the MVP but I still held my own. I would recommend trying DotA to anyone that is a Warcraft fan.On a side note I also tried SpellCraft which is a very interesting game also. What made it so much fun was we had the maximum number of players all going after the creeps. This one also gave us several hours of entertainment.

Very interesting question that you ask (scratches head, coughs a little, and grins). I can not comment on the current state of Gaia at this moment because I havenât been on there for around six months. Before that I can say that it was most certainly possible. About the time I left I know they were implementing strong botting measures so it might be harder now but I have no doubt it can still be done. Just so you know. Botting is against the Terms and Service of Gaia. If you are caught you will be banned without question and you will have no way of getting your account back. If Gaia even thinks you are botting you will get banned. The simplest way is to get a browser refresher. A few places to look could be http://www.myrefresher.com/ or http://forums.xisto.com/no_longer_exists/. I havenât personally tried either one but I have used similar products and they will get some results. All you have to do is login and then set the refresh to a minute or so.

This has always irked me also. No wonder novices always wonder why their machines get so slow after a few months of use. For Yahoo! Messenger do the following.1. From the main toolbar click Messenger2. Preferences3. General4. Uncheck “Automatically start Yahoo! Messenger” from the “when I start my computer:” groupboxFor a longer lasting solution might I suggest two solutions? The first is msconfig which is a built-in windows utility that shows every program that will load on starting. You can get to it by run > msconfig. The startup tab is usually the most useful because it lists everything that is in the registry. The Services tab should also be looked at because some of the nastier programs like to install a Windows service that starts automatically.A second solution is Tea-Timer which is part of Spybot (https://www.safer-networking.org/). It basically asks if you want to allow changes to specific areas of the registry. I like to think of it as a firewall for the registry. It can get a little annoying but you will never have a startup program get into your registry unless you allow it.

Yes there is. Although there are many ways of doing it the one that I recommend it using TweakUI from Microsoft (http://forums.xisto.com/no_longer_exists/). If you are not familiar with TweakUI, it is a “power toy” from Microsoft that basically lets you enhance many of the settings that you would normally not have access to unless you dug around in the registry.1. Start TweakUI2. Logon3. Autologon4. Check Logon automatically at system startup5. Enter the account and optionally a password6. Apply

Back in May Yahoo! swore that the chat room problems were going to be fixed. Again this past month they said the same thing. This is a survey to see if anyone has experienced better results, specifically within the past week.Personally I started having real problems starting at the beginning of the year. The porn bots and booters were always there so I never considered them to be a problem. I use YahElite to chat so most of the garbage is filtered out anyway. My big complaint is with not being able to get into a chat room at all. When I go to sign in there is usually an extremely long wait (around 5 minutes) and then I get an error message. As I said before, porn bots are one thing but this problem makes the system completely unusable.From my own experience I have noticed the problem being slowly resolved in the past week. I am now able to get into most rooms but not as easily as say a year ago. I would like to know if my observations are unique or others have had similar results. It would be nice to know that Yahoo! is finally working on their problems.

There is no 100%. I do believe that you can make it very close by using many of the security best practices mentioned elsewhere on the forum. I can’t remember how long its been since I had a major nasty on my computer. Antivirus program Update programs (includes non-OS programs also) Firewall (I prefer hardware NAT router or better) Regularly scan for spyware (spybot, adaware) And this is the hardest and the most effective… Train yourself how to act. This means not opening unknown .exe files, not going to shady warez sites, and just having a general knowledge of how a computer works. Always be suspicious.

I will have to second that. I have been using Avast! Since I got sick and tired of Norton. After using it for more than a year I recommend it to everyone that asks. Thanks for making a great and free antivirus Avast!

Don’t worry, I completely understand that an exploit was being offered. From what I can tell the exploit was never bought because it is not showing up in the history. I guess 2000 Euro is a little more than anyone is willing to pay for a Messenger exploit.

I have found that Rapidshare is great. Because it is so popular I would say that it filled a need of many users, much like Altavista filled the need for a search mechanism during the early days of the Internet. I personally already use method 4 on the list but is does not do anything because the IP of the proxy is limited the same way as your home machine. I suppose I could download one file with the proxy and the other without it but that defeats the purpose of the proxy in the first place.Just like everyone else I am annoyed with the wait times. I have had several wait times of multiple hours. I simply paste the link in a text file and wait for later. Now if someone want to possible make a few bucks or provide a good deed for the community they should write their own Rapidshare downloader. Simply place you file in the queue and the program will automatically determine your wait time and download the file for you.

The thought of a scam or someone just making it up did run across my mind. I suppose what I would be more afraid of is a previously released exploit disguised as a new one. At any rate I feel that 50 Euros would be an acceptable price to pay for my curiosity.

A new service run by WSLabi (http://forums.xisto.com/no_longer_exists/?) touts itself as the new eBay of vulnerability researchers (http://www.securityfocus.com/brief/542?ref=rss). From many years there has been a battle between security researchers and software publishers over the price or value of an exploit. As a researcher myself I know how many countless hours go into finding and developing material that is useful in making an exploit. I could easily turn it into a full time job. I do it for a hobby but what if someone wants to make it into a full time job? If you were only able to publish two or three really good exploits a year then you will have to get a fairly large price for you labors.WSLabi makes it possible to ask the highest bidding price for your exploits. It is apparent that this site may encounter legal issues but these questions will have to be answered as this business model turns into a reality.As a bonus to this story, one of the first exploits on the site is for a Yahoo! Messenger 8.1 vulnerability (ZD-00000005 - Yahoo! Messenger 8.1 remote buffer overflow). Very little information is given for the exploit but from the description it appears to have something to do with the address book. The current asking price starts at 2000 Euros which no one has taken yet. I am interested in seeing what this is but 2000 Euros is a tad bit high for my curiosity. If anyone is interested in creating an office pool for this exploit let me know. I am good for 50 Euros right now.

As a developer it is sometimes hard to know what your users want in your product or where they would like to see improvement. This is a problem that any supplier of goods has had since the invention of trade. The problem can be summed up like this. For every 1 complaint there are 10 other people out there that have the same problem and just didn’t say anything. For every 1 compliment there are 50 other people out there that feel the same way but just didn’t say anything.I have to admit that I am the same way. How many times have you gone through your day and thought that a product manufacturer should fix a particular problem? Perhaps your cable TV signal is fuzzy on channel 3, your dryer would be much better off with three setting instead of just two, or you are very impressed with how well built your garage door is made. You constantly have these thoughts running around your head but you never let anyone know about them (at least I do). Rare is the chance that a producer of goods has the opportunity to get some real and heart felt feedback. I know this from experience. After I released the initial iteration of Software X I was expecting to get all kinds of feedback. The software was not perfect and I knew it but it was free to my customers and they wanted it bugs and all. After about a week I was starting to get concerned. I was expecting to hear all types of bug reports but nothing. I started poking at some of my more trusted users to get at the truth. Turns out they found many of the bugs within the first ten minutes and quickly worked around them. I asked why they didn’t say anything to me about them and the standard response was they just didn’t have time or they found a solution and decided the problem didn’t warrant enough hassle to tell anyone. Since this revelation I soon found that if someone did complain I usually had a major problem on my hands and I should act as soon as possible to correct the problem. Now to the point of my rant. As many of you know, Yahoo! has a bolg (http://forums.xisto.com/no_longer_exists/) posted for announcements and general feedback. As with many blog type applications, there is a section for reader comments. After reading the blog for several months I have seen that this service is an absolute gold mine to gauge what the community really thinks of Messenger. From what I can tell this simple and “free” application is better than any budgeted and outsourced poll could ever be. It is the thoughts of the user directly to the developers and programmers. I only wish I had this resource myself.So what are the users saying? First they are not very happy. Second they want the chat rooms to fixed and a Mac version released. In a distant third, they would like to see some of the random logoff problems fixed (this includes me) and the Vista version shipped.It is well known that people go to the Internet to *****. Go to any forum about a specific product and you are likely to see more negative comments than positive just because people complain about what doesn’t work and not praise what does. Unfortunately for Yahoo! it doesn’t look like the ratio is very much in their favor. Even with the “I’m just here to *****” crowd taken into account for it appears that 90-95% of the comments are negative. Even when there is a posting about something completely unrelated to the above mentioned problems, the comments section quickly turns into a competition to see which side can get their point across, chat room problems or the lack of a Mac client.On the chat room front I think Yahoo! has dug themselves somewhat of a hole. In a previous post it was mentioned that the chat rooms would be fixed by May 15, 2007. They weren’t and the mob has certainly taken note.To wrap this up I have to think Yahoo! actually has a good thing going for them in this blog. It really lets them know what their users think and where they should spend their time and money. All that is left is to listen and get some of these things in the works (for real this time). If you would like an entertaining read you should look at some of the comments yourself. I always get a laugh out of them.

Besides all the good ideas already posted, a great free program that I found is allSnap (http://ivanheckman.com/allsnap). allSnap is basically a program that makes your Windows desktop windows snap to each other. It is certainly far from essential and is only used for the visual experience but it is always one of the first programs that I install.I have the habit of having many small windows open at the same time so allSnap is great to get them instantly organized and lined up.