December 22, 2006
New Site Coming
Experts Exchange Community News
You are receiving this because you are an member who has opted-in to receive newsletters.
What's New at Experts Exchange
Click here to unsubscribe from the newsletter.
The holidays and advertising

ericpete is the editor of the Experts Exchange newsletter. He considers the main benefit to doing that job to be the opportunity to write -- something he has done professionally since he was a young boy. He also coaches a 7th grade basketball team.

Growing up in the weekly newspaper business has its moments. You get to stand on the sidelines of high school football games, instead of being forced to sit in the bleachers. Politicians ask your opinion on things (sometimes, even when they're not really interested in hearing them) because they don't want to get on your bad side ("Never pick a fight with someone who buys ink by the barrel and paper by the ton."). Organizations always invite you to their dinner meetings (dinner included) because they know you will bring your camera and notebook.

But there are downsides, too. There was a time, not all that long ago, when we dreaded Halloween. Starting the day after, we would begin an eight week struggle to come up with new ways of creating advertising for our clients -- something new and distinctive even if they were advertising more or less the same things they advertised each of the eight years prior. There's not much new one can say about "Free Delivery Of Your Appliance If Purchased Before Thanksgiving" or "Permanents $35 Every Tuesday Until Christmas".

We got to the point where we actually began to dislike -- adamantly, on occasion -- the whole idea of Christmas. The only good part was that (depending on the day of the week Christmas fell on) we would print one issue a day or two early so we could take the day off. Why do they call it Black Friday? Because it's the day when most of our advertisers would make enough money to finally get into the black for the year. It was great for us; volume would always go up -- but the better the Christmas, the worse the spring, because people pay their December ad bills in January (and more frequently February).

We're a little less jaded about the holidays now; we don't have as many deadlines, the hours are a lot better, and we don't get sick and tired of seeing Santa Claus's image all day, every day, for two solid months. We get to enjoy the season; we even actually like some of the advertising we see.

The advertising season was made almost remarkable for us the other day, when a friend of ours sent us a "do-gooder" ad from Spain. It's a reminder of what the season is all about; turning up the sound isn't necessary, so if you're at work, go ahead and click. We aren't normally prone to forwarding the stuff we get in our In Box; this is an exception that deserves to be forwarded.

And if you're in the US, there's an 800 number that you can have your kids call to track Santa's progress across the country.

Have a wonderful holiday, and we'll see you next year.

Not-so last minute holiday gifts
Thanks to all of you who wrote or posted at EE about the DVD Rewinder we profiled last issue. No, we have not bought one, nor do we know anyone who has. No, we don't know that it is anything other than what the website says it is. Yes, we would absolutely love to find out... because it forced us to leave our annual mention of the Roomba out of this year's lists.

Baskeball jerseyTeamAwear Wearable Display
Okay, so we have admitted our fondness for hoops. But we've officiated enough that having something tell us how many fouls a player has is a great idea -- especially if we can program the controller.

Price not available - Details here.

Optimus KeyboardOptimus keyboard
Preorders will be available in the spring for one of 103 of these keyboards. The keys use OLEDs to show exactly what the key is doing at any moment. They also build a 3-button keyboard.

About $1200. - Details here.

CalendarDemotivator Calendar
No new year would be complete without being able to indulge in a little self-pity enhanced by the annual issue from Despair Inc. Order as soon as you can; the stock depletes quickly. Go figure.

About $16. - Details here.

BMP BVPBoyevaya Mashina Pekhoty
Sick of that commute? This is the Czech version of Russia's first generation "infantry fighting vehicle", which evidently doesn't do well in minefields but can handle freeway traffic. The turret is not included -- but it's available.

$18,000. With turret: add $10,000. Details here.

Snowball makerSnow block and snowball maker
This won't be a lot of use this time of year for a good portion of EE's membership who live in the southern hemisphere. For the rest of you who live where there IS snow, give this to the kids, send them outside, and stay indoors.

About $12. - Details here.

Wooden flash drivesWooden USB flash drive
If you're in one of those offices where people are always walking around with their flash drives, and they occasionally get theirs mixed up with someone else's, this is your solution. Unique, handcrafted designs and exotic woods.

Price not available - Details here.

The Premium Services include a number of features not available to "limited" members. Among them:
> Unlimited question points
> VIP Search
> Bookmarks
> Quick Links
> Collapsible menu
> No ads
You can purchase Premium Services on a month-to-month, semi-annual or annual basis, and take full advantage of all that Experts Exchange has to offer!
Guest column: Dissecting an email

MtnNtwks, known to his friends as David Gronbach, is the CEO of Mountain Networks, a networking firm in Santa Cruz, CA.

Well, here's a topic that has been beaten to death. When it comes to dealing with spam, it seems all of our collective efforts have been focused on dealing with the problem after the fact ... after the message has already been sent. We have lots of spam control options. Some reside on the servers of the ISPs, others reside on locally hosted email servers, and still many others reside on the end user's desktop in the form of filters. Yet there seems to be absolutely nothing available to stop the spam messages from being sent in the first place.

Email is all about sending the actual message. Email programs don't care if the recipient exists or not, nor do they care if the sender is who they say they are. It seems that we should spend our collective, global energy on disallowing the sending of messages, if the recipient or the sender are false or do not exist, or if the sender claims to be someone that doesn't add up. For example, if I say I'm from ebay (From: "eBay Center" <> ... a forged header), and I don't have an eBay IP address, I shouldn't be allowed to send the message. Either the email program, or some router should figure it out and trash the message.

Let's take a spam message I just received today. It's a phishing attempt to try to get me to log in to my eBay account using their link, and thus give them my password, my credit card info, and allow them to proceed with fraud.

Let's take a look at some actual headers, then dissect them, and understand how this message is sent. The first thing to understand is that absolutely everything in the example below can be forged. My domain and email address are no secret, and they can be readily accessed from any browser. This explains why I am the target of so much spam. I'm quite sure my address has been harvested by programs looking for email addresses on websites.

first image

Ok, here is the first part of the header. The domain is my domain, and that's for real. If we go to and look up the IP address of, we see that belongs to Comcast. It's possible that this is a DHCP address being used by a computer on a Comcast Internet connection. It is also just as possible, that a spam sending software program randomly inserts this IP from a list of known, popular ISPs.

There is some language in this first part of the header that says "ESMTP." ESMTP stands for (Extended Simple Mail Transfer Protocol). ESMTP provides the capability for a client e-mail program to ask a server e-mail program which capabilities it supports and then communicate accordingly. Currently, most commercial e-mail servers and clients support ESMTP. Next we see this:

     (SMTPD - 9.04)

Processes ending in "d" are most likely unix or linux driven processes called "daemons." If we accept what we see at face value, and assume that up to this point, the headers have not been forged (which they probably were), we see that an email was received from a comcast address by my server with an Extended protocol, and with a linux or unix daemon, probably version 9.04. The email is given an id, stamped with a date and a time.

second image

Here we see an IP address, which according to DNSSTUFF says it's from Romania. The message says "from users" by "VWILSON" using a Microsoft SMTP agent, and it says the date and the time. If I understand this correctly, the first thing we should focus our technology on is prohibiting the sending of messages from sources which can't be authenticated. "From user" should be rejected, as should "VWILSON". The program should ask, "who is VWILSON?" Do I have "VWILSON" in my database of authenticated email accounts? Am I VWILSON ... is that my login or profile name? Am I in a known eBay subnet? Do I have an eBay IP address?

third image

All the rest of this information is generated after the message is created, and can be easily modified before the spammer clicks "send." But the only information the spammer is interested in forging is the sender, the return path and the from. But let's help each other understand the more obscure language in this secton of the email. I'll start from the bottom.

The X-IMail-ThreadID is a unique ID for the message that corresponds to log entries and processing files on the IMail server during processing. IMail is an email server software product made by IPSwitch.

The X-UIDL istands for Unique ID Listing, which is a POP3 mail server function that assigns a unique number to each incoming mail message. This allows mail to be left on the server after it has been downloaded to the user. Both the mail client and the POP server must support this feature. If you configure your email to "Leave a copy of the message on the server" this is the part of the email that makes this possible.

Status U: The "Status" field is used by some mail delivery systems to indicate the status of delivery for this message when stored. In my case, the "U" means the message is not downloaded, and not deleted.

I won't spend any time on the X-RCPT TO and the X OriginalArrrivalTime because they're self-explanatory and irrelevant.

Message-ID: The message ID is the unique message identifier that refers to a particular version of a particular message. The server name after the @ symbol is often invalid/forged in spam messages as it was in this one. The structure of this message looks like it was sent by a spam sending software program.

The rest of the headers have nothing to do with sending or receiving the message. They simply identify the technology and formats used to both draft and send the message. It's good information to know, so I'll go over them.

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000: In this portion of the email headers, the technology identification is broken up into two parts. First is "MIME" which stans for "Multipurpose Internet Mail Extensions." The OLE portion stands for "Object Linking and Embedding." MIME extends the format of Internet mail to allow non-ASCII textual messages, non-textual messages, multipart message bodies, and non-ASCII information in message headers. Among a few other things, it's the ability to send graphics in the body of an email. It's also how you can send embedded HTML pages. Put the Mime and OLE together and you simply have a software product which happens to be named by Microsoft "MimeOLE" along with a version number.

X-Mailer is the program used to send the mail. In my case, the spammer used Microsoft's Outlook Express which is very common.

X-Priority: 1 and X-MSMail-Priority: High: These two are not at all interesting, except that your mail program reads these flags to decide where they will show up in your inbox.

Skipping over the rest because the message content types, character sets, and so on aren't important, we move into the From and Reply-to headers. These are forged. Many automated messaging programs use a "noreply" feature so to prevent people from replying to automated messages which will never be read. And the From says this message is from eBay Security. Well, we all know that's crap.

My wish is that if a sender is not who they say they are, which can be verified by identifying their current IP, or validating their email account from their incoming/outgoing mail servers, the spammers would be prevented from sending the email. My wish is that the spammer would get an error message that says "unable to validate sender information against current login profile and/or email account parameters. Your message cannot be sent." I'm sure that over time someone would find a work-around. But it would make actually sending spam a lot harder than it is today.

Tracking the location of an actual spammer is next to impossible. Let's look at the relevant portions of the body of this message:

     Dear Customer,

Okay, here's the first thing. eBay never sends a message "Dear Customer." It's always "Dear [where they actually say your eBay id]".

This is the link they want me to click. I guess if I was uninformed, I would just blindly click the link. But even an uninformed user could easily surmise that eBay would never put a security link off of an xbox directory. Since this is a technical group, most of us know that anything after a "/" in a URL means a directory on the web server where a web account exists. I did a lookup of the root domain To my shock, it actually resolves to an IP address. (I thought Microsoft owned the world and was on top of this sort of thing.) Anyway, the IP of belongs to EntelNet, which is some South American tech company in Bolivia. All the /%20/... blah blah, tells me is that their site has probably been hacked.

In the end, we see an email that was sent from Hungary, that points to a hacked site in Bolivia, and that says it was sent from someone with a Comcast account. Because email programs don't do any sort of the email checking before they're sent, and because the headers of a message can be made to say anything you really want them to say, your guess is as good as mine in determining who sent the message.

More not-so last minute holiday gifts
Special thanks to stone5150, without whose reliable assistance we would have never found about half the stuff we've listed over the last couple of weeks. He spent so much time looking for things, we think it appropriate to list some of the items on his personal wish list.

HP laptopHP Pavilion dv9000t Series Laptop
This thing is more of a portable home entertainment center than it is a computer. Integrated webcam, dual mics, NVIDIA graphics, dual core Intel processor...

Starting at $1,000. - Details here.

Space flightVirgin Galactic Charter To Space
You're going to have to wait a couple of years before you take the trip on SpaceShipTwo, but it should be worth it; the price is for six people, and includes a party for each and a guest in the Virgin Islands. There are rules.

$1,764,000 - Details here.

Rocket launcherUSB Missile Launcher
The perfect Weapon of Mass Distraction launches three foam rockets controlled from your desktop or laptop. Launcher rotates and angles, so there are no excuses for missing.

About $40. - Details here.

Backyard waterparkWaterplay Backyard Waterpark
Courtesy of lherrou, who must have children. Who knows how many different kinds of water nozzles, sprays, and other contraptions. Controllers, recycling systems and designs.

Price based on configuration - Details here.

RobosapiensRobosapien RS Media
Plays MP3s, MPEG4s, and takes photos and videos. Head-mounted camera, a color LCD screen in his chest, a full speaker system embedded in his armour, 40 MB of internal memory, and an external memory card slot. You want pictures of the boss at the company Christmas party? Here you go...

About $540. - Details here.

iPodApple iPod
We disagree with c|net's "prizefight" between the Zune and the iPod: we'll take the slimmer, more colorful Apple product with over twice the storage. Did we mention the price is about the same?

About $250 - Details here, and a personal viewer here for $300.

PC-BOTWhite Box Robotics 914 PC-BOT
The perfect companion for the Robosapien RS above; think of it as R2D2 to C3PO. It's a fully functional PC with wheels (imagine the TSA trying to figure this one out), has a webcam and can be controlled over the Internet.

As shown $4,995. - Details here.

Ferrari laptopAcer Ferrari 5000 Laptop
This actually isn't a bad little machine: dual-core 64-bit AMD TurionT 64 X2 Mobile Technology, exclusive carbon-fiber casing, HD DVD drive, Bluetooth enabled, and a lot cheaper than the car.

Starting at $2200 - Details here.

20 Questions20Q Challenge Game, Deluxe
We weren't going to include this until we actually saw one; any toy that can figure out a Bengal tiger is pretty slick. Very cool interface, and some impressive technology. There's also a portable version.

About $35. - Details here.

Tip from the Moderators

There are only a few days left in the year, so how about taking a little time to "straighten up" your list of open questions.

Yes, we know that AnnieMod's group of Cleanup Volunteers is out there, and they will probably spend at least part of this season toiling away, but it would be of real service if you would take the time to make sure you don't have some old question hanging around. If you need assistance, take a look at the Help page or post in the Community Support topic area.

Have a great holiday season! We're looking forward to helping you next year!

Page Two: More News and Notes
Nata's Corner: A C-note gets you 10,000 shares of -- what?

NataeEye Digital security announced last week that there is a new botworm that uses a flaw in Symantec's corporate antivirus software; Symantec responded that the flaw was patched six months ago. What makes this all interesting is that at first, virus writers are now focusing on applications (rather than the operating system); and second, that even people who run corporate networks and have antivirus systems installed aren't keeping them up to date. Don't assume that the botnet -- or any botnet, for that matter -- isn't harmful just because you do have antivirus software in place. There is one Russian-controlled net that is sending out the rash of penny stock emails. At this point, I'm actually using two different systems -- one, because I like some of the tools that came with it, and the other because it has a really good firewall. I looked at it yesterday, and even though our system is locked down pretty tightly, people are still trying to get in.

Many people know that the Mods and PEs use Yahoo Instant Messenger, so if you haven't upgraded to the new version that was released last week, don't. It has what is technically a little trojan that installs the Yahoo search bar and a little Yahoo mail icon, and also changes your email preferences to Yahoo mail. They've supposedly fixed the bug, but is no longer pushing the annoying prompt that says "do you want to upgrade" every time you open your messenger.

Speaking of security (and the absence of it), a survey of MySpace showed that people are getting better about picking safe passwords, but not all people. The most common ones at Myspace: password1, abc123, myspace1, password and blink182. The report also says that MySpace members are better about their passwords than the employees of most corporations, but I'll bet that most MySpace members don't have to worry about the company's network, the bank's website, two or three different email systems, a few shopping sites, and, of course, Experts Exchange. That begs the question: are we all having to remember too many passwords?

Inside the numbers
ameba, one of EE's prominent Experts, provides us with a list of newly earned Certificates. His list of all of the Certified Experts is located at his site. The list below covers the period from December 11 through December 18.
Expert Certified in Topic Area
MS Access
Microsoft SQL
Microsoft SQL
Visual Basic
Visual Basic
Visual Basic
Windows XP
Windows XP
Windows XP
Windows XP
Windows XP
Expert Certified in Topic Area
Win. Server 2003
Win. Server 2003
Win. Server 2003
Win. Server 2003
Web Development
Web Development
Web Development
Expert Certified in Topic Area
PHP and Databases
WinNT Net.
Linux Net.
Pocket PCs All
Mac Net.
2486 experts have 4247 certifications: Genius: 129 Sage: 182 Wizard: 279 Guru: 758 Master: 2899
Copyright ? 2006. All rights reserved.