As part of the MCDST course material, we look at accessibility options for end users. The material available is fine for the exam, but doesn't go in to nearly enough detail for the real world. Microsoft have therefore produced a number of factsheets for the various main desktop products which will give you, in great detail, all of the information you need to configure the OS of your choice for end users with any type of impairment.

Visit the site Here

Having finally found myself back on UK time, I thought I'd have a look at the photos that we'd taken on our honeymoon (all 1600 of them). The first memory card was slotted in to the card reader in my laptop and I happily copied the photos over. I popped in the second card and... Nothing... At this point I started to panic a bit - there were over 700 irreplaceable photos on it. Ejecting it, I put in the third card and... Nothing... At this point I started sweating - the two cards contained more than 1200 photos. XP apparently wanted to format them, which would not be a good thing! With a sense of rising dread, I put the second card back in to the camera, switched it on, and lo and behold, the photos appeared! Same thing happened with the third card. After transferring them with the camera software, I could relax and start to think more logically.

The only difference between the card that worked and the two that didn't was the size - the first one was a SanDisk 1GB whilst the second and third were SanDisk 2GB. The fact that the camera could read all three quite happily suggested that the cards were OK and that the problem lay somewhere inside XP.

The first place to look was the card reader. My laptop's an HP NC6220, and the card reader is a Texas Instruments PCIxx21 FlashMedia Controller. A quick Google showed that other people have had similar problems. I downloaded an updated driver, which you can find here. After installing it, I rebooted, popped the card back in, and everything was rosy again!

It just goes to show that you should always keep your drivers up to date!

Because of the nature of the network that I manage (academic, full admin access to the desktop), there are always hundreds of threats knocking about. We regularly see attempts to break in to our SQL boxes, and our file servers are repositories for all sorts of dodgy executables! We have a number of security systems in place, but time after time I come back to Wireshark as my weapon of choice. You can pick up a hell of a lot of information about the threats on your network from analysing the packets on the wire. It's got to the point that you can almost tell the temperature of certain switches by the amount of routing packets they resend! It's fair to say then that I know most of the protocols that show up on my electric string.

It was with a bit of a shock then that I found two new entries withing the space of a few hours! The first one to show up was Manolito. The first port of call is of course Google - a quick search and, lo and behold, it's a P2P program! As you can probably imagine, when working with 15,000 or so students, P2P is quite a big problem! It appears though that this one isn't very good - it's fairly centralised and seems fairly reminiscent of the original Napster. If you want to keep an eye out, look for UDP traffic on port 41170. You can have a look at a sample packet here. The format is fairly simple, as it shows the number of shared files, the size of the shared files, the number of connections, the client name and version and the link speed.

The second new protocol I found on my network is Sebek. A Google of this reveals some extremely interesting information. Sebek (as well as being an Egyptian crocodile god!) is a kernel data capture program. This should set massive alarm bells ringing - it is essentially capable of recording everything that's done on a machine and transmitting it to a remote location in real time!

Sebek is part of the Honeynet project. This has the admirable aim of providing monitored systems that hackers can attack. This lets the researchers analyse the attacks and patch them to prevent a legitimate system becoming compromised. Sebek helps by transmitting everything done on the box to the researcher without the attacker knowing. It does this by patching the OS kernel to prevent the sniffing of the transmitted packets from the host system. This means that the attacker will see the doctored TCP/IP stream, whilst the researcher will see everything, including the kernel data.

This is all very interesting, but the crux of the matter is that if I can sniff this data, then one of my machines is compromised and is sending everything that is done on it out over the network! Thankfully, the Wireshark .cap file showed the IP address, so I was able to remove the machine from use. The worrying thing is that unless you know or suspect it's there, it is virtually undetectable. The only way to remove it from a compromised Windows system is via the Recovery Console, as for obvious reasons the installer is not available in user mode. Without wishing to make you paranoid, can you be sure that this software is not on your network? Can you be sure that it's not on your machine?

A three click install can compromise the security of your whole enterprise...

Hopefully you should see the benefits of regularly sniffing your network - it's amazing what you can find if you look hard enough!

If you want to know more about Sebek and the HoneyNet Project, the following site is a great place to start - Sebek FAQ.

As I've said before, I'm a current eBay Powerseller (although I have just had my bye-bye email), and I care about the site and selling on it. If you pop over to the forums, you'll see a lot of disgruntled sellers. This isn't unusual, but added to the usual hot air, a large number of sellers are actually closing their listings and leaving for pastures new. What is also much more worrying from eBay's point of view is that a lot of the sellers that are leaving are shooting stars - members with more than 10,000 positive feedback. These sellers represent the most trusted members - if they're leaving then there is something seriously wrong with the site.

Recently, eBay has announced link-ups with some large partners, notably Chrysler and buy.com. This has led some to speculate that they are trying to re-position themselves as an online shopping mall, with smaller retailers tolerated but not actively encouraged. Whether this strategy is correct, and whether it works or not, will determine the fate of the current management. More important to the company though is the future direction of Paypal.

eBay acquired Paypal for $1.5bn in December 2002, an amount that now appears to be a bargain when compared to the valuations given to sites such as Facebook and Youtube. In recent years, Paypal has agressively pushed its merchant services for off-eBay transactions. Paypal, thus far, has not been tarred with the scammer/conman brush that seems to bilght eBay, and with the loss of trust in Western Union and other similar services, it appears that the time is right for an an even more agressive push by Paypal in to this sector.

So we're left with the possibility that eBay may be devoured by its own acquisition - by tidying up the auction site, eBay decreases the possibility of lawsuits similar to the recent Hermes conterfeit case. This leaves a lower profile eBay - one that won't cause embarrassment for Paypal as it tries to realign its self as a payment gateway. Again, whether this scenario is correct remains to be seen. As the current changes propagate through to the end user, we'll get a clearer idea of where the company is heading. My guess would be that the eBay of 2018 will be a much smaller edifice than what we see today.

As time moves on, so do standards. Where Real Media once ruled, the king is now Flash Video (.flv). In this post, I'll be looking at a couple of freeware and shareware utilities that'll make capturing and converting Flash Video a doddle!

In the past, the medium of choice for sending music and video across the web were the proprietary formats developed by Real Networks. For nearly as long, the software of choice for capturing them has been RM Downloader. With the rise of Youtube and Google Video, Real has taken a big drop in popularity. Some might say this has to do with some unlucky publicity. Others say that it has something to do with the fact that for the majority of users on low bandwidth connections, this was what you were most likely to see...

Flash Video has become almost a web standard, supporting a mix of high quality and low bandwidth. It is, however, a bugger to capture! One of my favourite tools at present is the Moyea FLV Downloader. This handy little app runs in the background, and can capture FLV files to disk silently and automatically.

Once you've got the files, you'll want to convert them to a universally understood format... The Pazera Free FLV to AVI Converter does exactly what it says on the tin. It'll also convert to PAL and NTSC encoded MPEG, which is nice as well...

My final recommendation is shareware... Not WinZip "I'll pay later" shareware, but actual try before you buy software... If you produce a lot of Flash Video, 123 Flash Compressor could shave a huge amount off of your bandwidth bill. The baseline claims are a little excessive, but you can easily see file size reductions of 30% or more without a noticeable loss in quality.

Hopefully, this should give you an idea of what's available - of course, more specialist products are available, but from an occasional downloaders perspective, this should give you something to play with...

NOTE: DON'T DOWNLOAD MATERIAL YOU'RE NOT ENTITLED TO! IT'S VERY NAUGHTY! IF YOU USE THIS INFORMATION TO DOWNLOAD STUFF OFF OF YOUTUBE, YOU ARE WORSE THAN HITLER AND OSAMA BIN LADEN COMBINED...

Having spent hours disinfecting both work and personal machines, the danger of botnets is all too apparent. With some networks estimated to contain upwards of a quarter of a million machines, mitigation against DDOS attacks has become a major headache. With this in mind, three researchers at the University of Washington have suggested a novel method of deflecting the traffic - fighting the evil botnets with good ones...

Whilst the first thought that this might bring to mind is some sort of poor knock-off Transformers episode, the technology is available now, and the argument pretty persuasive. The main drawback seems to be getting the end user to install the software in the first place. There is certainly a market for this sort of software, and there exists amongst the wider community a willingness to participate. Coupled with a publicity campaign similar to SETI@home, we may be about to see a shift in power at a packet level...

You can download a copy of the abstract here.