You need right people, right skillset and people with good mindframe. Second factor is Technology you need to decide on a technology by looking at the requirements and how efficient the application will be, Using linux or windows should not be a problem. The end result should be getting the most out of the technology, reducing cost and making project extensible easily if client wants to make some changes or add features at a later date(This happens most of the time). All people should work in the same direction that is to use this agreed upon techology. For eq. For a web app project Perl guy says do it in perl, PHP guy says do it in PHP and manager says JAVA. Seriously I have seen people do all this bullshit. For a sucessfull project People and Technology should work in tandem with each other or else the project is screwed.

I came across a blog about project management and one post which i liked was about the project failures. I am posting the points below, there are Six of them, Top failures according to me out of the below six reasons are 3, 4 and 6: -

1. Intent Failure – Occurs when the project doesn’t bring enough added value or capability to beat down the obstacles inherent throughout the process. This suggests the original intent of the project was flawed from the beginning.
2. Sponsor Failure – Occurs when the person heading up the project is not actively engaged and/or does not have the authority to make decisions critical to project success.
3. Design and Definition/Scope Failure – Occurs when the scope is not clearly defined, so the project team is unclear on deliverables.
4. Communications Failure – Occurs when communications are infrequent or honest discussion of project problems and issues are avoided.
5. Project Discipline Failure – Occurs when process/project methodology is allowed to lapse so that the mitigation factors inherent in the process are never used.
6. Supplier/Vendor Failure – Occurs when the structure of supplier /vendor relationships doesn’t allow for communication and adjustments.

So friends lets keep these things in mind when starting a project and avoid the potential traps.

IE by default has connection limited to 2 per server which is quite slow as we know, since the release of IE8 microsoft has increased the limit of max connections to 6. But still if you want faster connections you can change Max Connection settings in your windows registry to make the most of your internet connection.

You can use the following steps to create more connections to the server which will inturn load your pages faster normally, but beware there are some hosts who still dont allow more than 2-3 connections per IP/session so in such cases the pages will load slow but you should see a difference on most of the websites.

The following steps are to be added to your windows registry.

1. Open Registry Editor by typing REGEDIT into the Run dialog in the start menu
2. Browse to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings.
3. Right click and create a new DWORD key and name it “MaxConnectionsPer1_0Server”
4. Double click the key to set a value. The number 12 should be good.
5. Right click and create a another new DWORD key and name it “MaxConnectionsPerServer”
6. Double click on the key and set the value. The number 12 should be good.
7. Close the Registry Editor
8. Restart your IE, infact restarting the computer is still a good idea.

FYI, I even tried to use 32 and 64 but it does not make things blazing super fast and I think max number of connections 12-16 should work just fine for you.

Another tip, You can use Adblock tool for Internet explorer to block all the unwanted gif’s, flash and ads to speed up your browsing experience. Adblock addons are now availiable for Firefox, IE and Safari. The filthy javascript ads do really slow down your browser. so you might consider blocking those ads but by blocking your ads you are not contributing to the website your love by the way of clicking ads on their webpages. Think about it.

It’s also quite valuable in that your outbound emails will appear in your GMail sent messages folder and hence appear inline in conversations when your users reply.
Setup Instructions

These instructions are developed for Centos 5.2 – but no doubt they can be applied to other distributions with minimal modification.

Ensure that you have Postfix:
yum install postfix -y

We need to create the client keys for the TLS connection to Google’s SMTP service – and to do that we first need to become our own certificate authority (CA):

/etc/pki/tls/misc/CA -newca

Follow the prompts and make intelligent responses.

Now, create the client keys/certs (again with intelligent responses, and ensuring you use the same common name and country code):

cd /etc/postfix
openssl genrsa -out postfixclient.key 1024
openssl req -new -key postfixclient.key -out postfixclient.csr
openssl ca -out ./postfixclient.pem -infiles postfixclient.csr

Now you can configure Postfix accordingly. Add these to the top of /etc/postfix/main.cf
relayhost = [smtp.gmail.com]:587
smtp_connection_cache_destinations = smtp.gmail.com
relay_destination_concurrency_limit = 1
default_destination_concurrency_limit = 5
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
tls_random_source = dev:/dev/urandom
smtp_tls_scert_verifydepth = 5
smtp_tls_key_file=/etc/postfix/postfixclient.key
smtp_tls_cert_file=/etc/postfix/postfixclient.pem
smtp_tls_enforce_peername = no
smtpd_tls_req_ccert =no
smtpd_tls_ask_ccert = yes
soft_bounce = yes

And store your password in /etc/postfix/sasl_passwd
gmail-smtp.l.google.com username@yourdomain.com:password
smtp.gmail.com username@yourdomain.com:password

(Note that if you’re using a regular gmail account instead of Google Apps For Your Domain, you would use username@gmail.com above)

Get Postfix to parse the password file:
postmap /etc/postfix/sasl_passwd

Optionally configure Postfix to run on a different port (so as not to clash with your regular SMTP relay):

Open /etc/postfix/master.cf and change the first line to:
10025 inet n – n – - smtpd

Now start Postfix!
service postfix start

And add it to your startup scripts:
ln -s /etc/init.d/postfix /etc/rc3.d/S96postfix

-Abhishek

-Abhishek

Puppy Linux 4.3 is powered by the 2.6.30.5 Linux Kernel, which is configured to support multiprocessor systems, EXT4 filesystems and is patched to work with Aufs2. Legacy dial-up modems are well supported, with drivers included for Agere, ESS, Lucent, Conexant, Smartlink, Pctel and Intel chipsets. More up-to-date methods of connecting to the Internet are also supported, including the use of 3G modems.

There are many more changes to puppy linux, I have one of my USB drives that has puppy 4.2 installed. I am currently downloading 4.3 to replace the old version with the new one and I am desperate to try out my 3G modem on puppy. If my 3G modem works that would be the best gift from puppy 4.3 upgrade for my birthday.

Cheers!

The “unauthorized access” provision of the Computer Fraud and Abuse Act (CFAA) has turned out to be quite an asset to those looking to prosecute people for all manner of actions involving computers, even though it was originally meant to target hackers. The Ninth Circuit Court of Appeals has ruled, however, that it cannot be used to prosecute someone for being disloyal with company info after quitting—a decision that is being applauded by CFAA critics who want to limit the statute.

The decision came after a company named LVRC Holdings filed a lawsuit against a former employee, Christopher Brekka, his wife, Carolyn Quain, and their independent consulting business. LVRC had accused Brekka of using company computers “without authorization” in order to e-mail himself LVRC client files in order to use that information for his personal business after leaving the company.

Based on that description, one might assume that Brekka had used his or someone else’s credentials to break into the network after he quit, but that’s not exactly the case. As it turns out, Brekka had e-mailed the documents to his home PC while he was still an employee at LVRC, using login information that the company admin had sent to him. The documents he e-mailed included a financial statement for the company, LVRC’s marketing budget, and admissions reports for patients, among other things. Not so coincidentally, Brekka apparently did this while he was in talks to acquire part of LVRC. Those talks eventually broke down and Brekka left the company.

Brekka subsequently used the data to help his own consulting business, which he runs with his wife. You could argue that his actions were unethical and downright slimy, but LVRC brought charges under the CFAA, saying that he had gained unauthorized access to LVRC machines in order to get the data. LVRC had argued that Brekka’s intent at the time of access determined whether or not he was authorized—basically, the company said he was committing a “thought crime.” More

According to Candid W?est, threat researcher with security firm Symantec, around 10 percent of the Trojan market is now open source.
The move to an open source business model is allowing criminals to add extra features to their malware.
“The advantages are that you have more people involved in developing it, so someone who is into cryptography could add a cryptographic plug-in or somebody who does video streaming could add remote streaming of the desktop,” W?est said.
Releasing Trojans as open source dates back to 1999, when the Cult of the Dead Cow group released the source code for its Trojan called Back Orifice.
More recently, the developers of the Limbo Trojan published its source code in an effort to boost take-up following a slump in its use by fraudsters.
Following its release in 2007, the Limbo Trojan became the most widely used Trojan in the world but fell from favor in 2008 after the more sophisticated Zeus Trojan was released, according to security company RSA.
There is a big cash incentive to be the dominant Trojan, with infected machines and the financial and personal details they capture worth millions of dollars on the black market. The Limbo Trojan kit was previously sold to fraudsters for $350 per time before it went open source, while the Zeus Trojan today sells for between $1,000 to $3,000.

However, head of new technologies at RSA, Uri Rivner, said the move to become open source had not reversed Limbo’s decline in fortunes.
“It is a move to the same business model as that behind any open source project–to give away a basic version and sell more advanced versions, professional services or customizations.
“At the beginning of it going open source it was big news but people have since stopped investing in it.
“It is not the best Trojan any more but because it’s open source you can try it as your first Trojan and it is still used in some places,” he said.
Limbo’s popularity continues to slump, despite numerous features in the basic version that allow criminals to add extra fields for PIN numbers into fake banking websites and capture the keystrokes and the files saved on an infected computer.
And while open source may not have boosted Limbo’s fortunes, it also brings with it separate problems for the fraudsters: open sourcing code also places it in the hands of security professionals.
“If you make (the Trojan) open source, that means that a security company can find the source code and it is easier to make a general heuristic detection for it, as they know what could be in it,” Symantec’s W?est said.
The majority of Trojan infections occur via drive-by downloads, where the malware is automatically downloaded after browsing an infected website, or messages sent via social networking sites that encourage people to download a Trojan masquerading as a legitimate security update, according to RSA’s Rivner.
These infection methods are proving far more effective at getting Trojans onto machines than earlier techniques such as sending an e-mail with a link to an infected file or attachment.
RSA analysts say these new methods have fuelled an exponential growth in the rate of infection, with the security firm detecting 613 Trojan infections in August 2008 compared to 19,102 in August 2009.

-Abhishek

“Delhi Police is investigating a case of blackmailing of young sitarist and legendary musician Pandit Ravi Shankar’s daughter, Anoushka
and has arrested a Mumbai-based man who allegedly accessed her photographs stored in her laptop.

The man, whose identity has not been revealed, has been arrested by the Special Cell of Delhi Police following investigations in Mumbai after Ravi Shankar approached police last month complaining about the harassment meted out to his daughter, a senior police official said.

Police had last week registered a case under Section 386 of Indian Penal Code which relates to extortion by putting in fear of death or hurt and provides for a maximum punishment of 10 years in jail.

The official said the musician, who lives in the US, has told police that Anoushka had given her laptop to a service centre in south Delhi in February.

“We think that the material in the laptop was copied by someone. We interrogated the staff at the Apple Services Centre. Later, we zeroed in on the Mumbai-based man and arrested him,” he said.

The man allegedly sent a series of e-mails to 28-year-old Anoushka, demanding money for not making public the photographs. The alleged blackmailer even asked for USD one lakh in one e-mail.

Police did not state as to when the man was arrested.”

-Abhishek

Exploit code is already available online and The code is getting integrated in MetaSploit and its gona be cool, point, click and reboot Windows Vista / 7 machines.

The vulnerability exists in SRV2.SYS which fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionnality.

The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it’s used to identify the SMB dialect that will be used for futher communication.