2007 Flatcoat Retriever Society of America Specialty

2007 Flatcoat Retriever Society of America Specialty

Okay, it's still almost a year away but now is the time to start making your plans to attend the 2007 Flatcoated Retreiver Specialty. The 2007 Specialty will be held in Minnesota June 8 - 15, 2007.

You can find out more by visiting

2007 Specialty Website

Check the site often as updates will be posted as they become available.

A new internet threat is looming for 2/3/2006

It's generic name is "Blackworm" and if the folks at the Internet Storm Center are right - and they usually are - it is going to become a serious problem on February 3, 2006. While the actual number of people that will be affected is not as great as for some earlier threats, those that are affected are going to be seriously hurt.

"Blackworm" is set to activate on February 3, 2006 and when it does, it will begin deleting files on the hard drives of infected computers. It will also harvest email addresses and attempt to send itself to the addresses it finds. A very decent technical writeup can be found HERE.
The writeup includes the files types that will be targets, names of attachments and subject lines. You can also find links to Symantec's removal tool.

What can you do to protect yourself? Here are a few simple steps:

1. Do not open any attachments that you receive with your email.

2. Update your virus scan patterns at least daily.

3. Run a full scan of your personal computer right now to make sure
that you are not already infected.

4. Make sure that your ISP is providing frontend virus scanning. If not,
dump them and find one that will.

5. Don't Panic.

For the long haul, two additional steps will help significantly: disable ActiveX in Windows and do not send or accept html formatted email (use text only).

Right now it looks as if the large majority of infected computers are located in India with a fair number right here in the good old USA. It is anticipated that it will spread even more prior to February 3, 2006.

The internet can be a downright unfriendly place to visit but if you take common sense steps such as always using antivirus protection, you can deflect much of the risk and make the most of your time on the net.

Created: January 27, 2006
Updated: January 27, 2006

(c)2006 Dogsoldier.com

Misleading Advertising Does Not Make The Internet Any Safer

Anyone who has spent time watching the flood of college and pro football games during the end of December and start of January has undoubtedly seen advertised from a certain mega-huge service provider warning folks about the dangers of high speed connections. I believe the tagline goes something like this: "after all, these things come at you much faster now". The ad goes on to talk about spam and virus scanning, blocking spyware and fighting popups. The entire time the viewer is led to believe that these problems increase radically with a high speed connection and that only the mega-huge service provider can protect them.

Repeat after me: B as in B, S as in S.

The speed of your connection has nothing to do with making you more vulnerable to these problems. Whether you are on a T1 or a 28.8 dialup, the delivery method is the same and none of the problems hit until they are actually downloaded to your machine.

If Joe decides to send you three (3) virus emails, a faster connection only means that you will download them quicker. Once they get to your machine, the connection no longer matters as your local software takes over.

Of more impact is the fact that you are usually talking a fulltime connection when you talk higher access speeds. This can expose your machine to hackers who search through the IP blocks known to be associated with broadband or DSL. But folks, this is not what the commercial is talking about.

So before anyone falls for this misleading advertising, you are not inherently at any more risk with a faster connection then you are with a slow dial-up line. The steps necessary to protect your local machine are exactly the same regardless of connection speed. For instance, virus scanners must be used and kept up to date.

To the folks that are lucky enough to have been raised with the modern technology, these probably does not seem like a big issue and you are right. But to those who are new to the internet or not very technically savvy, scare tactics can be effective.

The internet does not need any more scared users, we need users who have a basic understanding of what is going on and are able to surf and email with confidence and safety.

"Illegal Websites" Virus

The virus writers are certainly busy these days.

One of the latest of the mass-mailing worms is sober.x. This is a variation of the earlier sober.c worm that hit email inboxes during 2003.

sober.x usually claims to be from a 'Steve Allison' who supposedly works for a government agency such as FBI or CIA, and warns the reader that the agency has been tracking visitors to illegal websites. The message goes on to say that the recipient has been tracked visiting a number, usually 30, of these websites and demands that the recipient answer a list of questions. Needless to say, the message itself is pure, unmitigated BS. The aim is to get the recipient to open an attached ZIP file and allow the virus to install on their PC.

Once the little beast has made a nest for itself, sober.x may attempt to disable security and firewall programs, replicate itself by sending messages to contacts found in e-mail address books, block access to various security web sites, and open security holes that allow outsiders to gain unrestricted access personal information stored on the PC.

The FBI has issued a warning about sober.x:

"The FBI today warned the public to avoid falling victim to an on-going mass e-mail scheme wherein computer users received unsolicited e-mails purportedly sent by the FBI. These scam e-mails tell the recipients that their Internet use has been monitored by the FBI and that they have accessed illegal web sites. The e-mails then direct recipients to open an attachment and answer questions."

"The e-mail appears to be sent from the e-mail addresses of mail@fbi.gov and admin@fbi.gov. There may be other similarly styled addresses. The recipient is enticed to open the zip attachment which contains a w32/sober.jen@mm worm. The attachment does not open and its goal is to utilize the recipient's computer to garner information. Secondly, the virus allows the e-mail to be forwarded to all those listed in the recipient's address book."

There are a variety of Subject Lines that are used in the delivery package including:

* hi, ive a new mail address
* Mail delivery failed
* Paris Hilton & Nicole Richie
* Registration Confirmation
* smtp mail failed
* You visit illegal websites
* Your IP was logged
* Your Password

As is all too often the case, only PCs running any flavor of Microsoft's Windows can be infected. (One must wonder how much longer consumers will put up with Windows truly horrendous security track record. It also begs the question "why would anyone trust any Microsoft product to be secure?")

Most anti-virus products are either able to detect this beast now or will be able to very soon. As always folks, keep those definition files up to date and NEVER open an attachment unless you are positive about what it contains and where it came from!

Acouple of things to keep in mind. First, if you are like most folks connected to the internet you are using a dynamic IP address. This means each time you connect, you get a different IP address which makes it pretty darned tough to track anything that you do. Second, no government agency will ever send a message like this. If they really are concerned about your activities, you are much more likely to receive a personal visit.

Most of our clients are Windows users. Despite grave misgivings about the security of Windows, we do understand that many, if not most, folks, there really is no other viable option. All operating systems contain security concerns. But this should not deter people from using the internet. Simple precautions such as using anti-virus software and/or firewalls, will go a long way towards providing reasonable security. Dealing with service providers who include frontend anti-virus and anti-spam filtering is another good precaution.

But in the end folks, your online security is your responsibility. It is up to you to make sure that reasonable precautions are in place, that anti-virus products are up to date and that you are not opening any attachments.

Rich
Dogsoldier.com LLC

Fancy New Phish Surfaces

There is a new and sophisticated Paypal phish scam starting to spread on the internet. The information that follows has come from various folks who share information regarding phishing (thanks Peter).

Paste starts here...

The complete URL is:
http://www.google.pt/url?sa=U&start=4&q=http://dns1.n-kiso.co.jp/.checking/.
www.paypal.com/index.php.

Which goes to:
http://dns1.n-kiso.co.jp/.checking/.www.paypal.com/index.php

When the link "Click here to go to our main page "

It will open a javascript: "java script: Start('sysdll.Php')"

When opened it will construct the fraudulent website according to your
default browser.

I've tested with:

- Firefox
- Internet Explorer
- Opera

All latest versions with all relevant patches.

The fake adressbar used may trick someone into thinking that they are
actually on https://www.paypal.com. Watch and observe. This is indeed tricky
done.

Paste ends here ...

Folks, as always, never open a link in an email UNLESS you know what you are doing and you know where it will go. No reputable financial institution or government agency will ever send you emails requiring you to visit any site and verify personal information.

Surf smart, surf safe

Rich
Dogsoldier.com

Personal Filtering Tools and RBLs

One thing that is certain every Thanksgiving and Christmas season is that mail traffic will significantly increase both in terms of numbers of messages and the average size of messages. Part of this traffic increase is due to folks sending seasonal greetings and e-cards but a large part of the increase is due to increases in spam and spyware/malware messages (phishing, etc.)

What also increases is the number of "false positives", messages rejected or marked as spam that should have been accepted as valid. For instance, the e-card sent to you by Grandma that keeps getting bounced as spam or spyware.

Many of these false positives come not from commercial mail servers equipped with filtering technology but from the millions of filtering products in use on personal computers. Sadly, most of these products are not setup correctly which in term increases the number of false positives.

Installing a product such as MailWasher is usually very easy and clean; developers put a lot of thought into how to make their products "load and go". The problems begin post-install, the time when users are able to control the severity of the filtering. This is when you can add blocks for annoying messages from a former friend or instruct the filter product to not block messages from your favorite mail list.

Many of these products make use of one or more of the many Remote Blackhole Listing services, (RBL). In many cases the user is able to add or remove RBLs. Unfortunately, most users do not have the background to make these decisions based upon a thorough review of how a particular RBL functions. The end result is usually frustrated users and a flood of angry emails to the ISP/ASP's support folks.

The following material is the result of one of these 'angry messages'. The content has been cleaned up a bit to protect the identity of the sender and to fix a few spelling errors.


Hello XXXXX,

You want to be careful about relying upon the RBL lists. It is not unusual for a domain or ip to show up as blocked for a day or two and then clear up. Even the major services such as AOL have been listed by one RBL or another at various times.

[As of two minutes ago. On openrbl checking for 195.92.246.182 on 38 blacklists showed the ip is positively whitelisted on 4 lists, positive blacklist on two (spamcop and spambag), neutral whitelist on one and neutral blacklist on 29 lists.]

We each have to decide for ourselves what RBL lists to trust but for what it is worth, we stopped using spamcop with our commercial mail servers due to far too many false positives. After a lot of testing, tweaking and client feedback, we have found a set of RBLs that seem to work fairly well: sbl.spamhaus.org, relays.ordb.org, and
relays.mail-abuse.org. These services place more importance on whether or not a domain mail server is an open relay or not since almost all spam flows through open relays.

It is also important to remember that each RBL service has a different set of criteria for listing someone. Some of these lists are known to be very lenient, others are known to overly sensitive. Some go through a very thorough investigation, others merely react to a report from a disgruntled reporter. Some accept and act upon content complaints, others only react to open relays.

The bottom line is that there are a ton of RBL lists, each with it's own philosophy on how to filter and it is important that you understand their processes and criteria if you are going to use them.

Our advice to our email clients is to not do any RBL checking on their local machine (we do that at the frontend as well as spam assassin and bayesian filtering). If you want to filter, which is not a bad thing since no frontend filtering system is 100% foolproof, do so based upon content. For instance, the Thunderbird email client has an excellent Junk mail filter component that is completely within the control of the user. You decide what is junk and what isn't. I don't use Outlook but my understanding is that it has something similar.

If it is any consolation, over the last 3.5 years, we have seen Smartgroups listed and delisted so many times that I stopped counting. ;>

Rich
Dogsoldier.com, LLC

It's Back, Again

The internet is without a doubt an extremely interesting thing to watch and study. For all the changes in technology and capabilities, some things seem to stay the same. Take for instance, email-borne hoaxes.

In 2004, an email started to circulate warning that Swiffer WetJet posed a general danger to household pets. Several variations surfaced claiming that someone's dog or cat or bird or gerbil or whatever had died due to licking something that had come in contact with a surface cleaned with a Swiffer WetJet. For instance, the dog walked on a freshly cleaned floor, licked it's paws and died. The variations were consistent
in claiming that the cause of death was liver failure and that when the grieving pet owner contacted Procter and Gamble, they were told that an ingredient used in the fluid was "one molecule away from antifreeze".

After circulating for awhile and causing countless pet owners to panic and forward the warning message to everyone in their Address Books, clogging mail servers and inboxes, the hoax faded away.

It is now September 2005 and the hoax is back for another round of silliness.

Folks, THIS IS WELL DOCUMENTED TO BE A HOAX [For the truth]. It is also a great example of how some things on the internet take on a life of their own.

When you receive these sincere sounding warnings, before rushing to send the warning to everyone you know, take a minute and visit Snopes.com. This is one of the best resources for helping to reveal what is or isn't a hoax.

Remember, just because it's on the internet, that doesn't make it true.