Word of the Day : The KnujOn Antispam Project

The KnujOn Project is an interactive Web-based spam reporting service. By working with the Internet community at large and focusing on shutting down the distribution points for spam, the KnujOn Project hopes to cut off spam at its source. Bob Bruen, Knujon's creator and developer, named the service to reflect its function: "KnujOn" is "no junk" spelled backwards.

Knujon works by gathering and analyzing spam to determine its origin and points of distribution. The service solicits examples of spam from the public, providing individual users and business networks with software that reports incoming spam automatically. KnujOn runs the spam it receives through a process it calls the Policy Enforcement Engine. The Policy Enforcement Engine examines each instance of spam, filters by sending URL to determine origin, and analyzes the message to determine the best course of action. In some cases, KnujOn coordinates with ISPs (Internet service providers) to shut down offending Web servers. By eliminating these transaction platforms and (sometimes) initiating legal action, KnujOn increases operational costs for spammers and lowers the value of unsolicited bulk email (UBE). This approach contrasts with that of spamhaus, which typically identifies spammers but does not directly address the means of distribution or ISPs.

In the future, KnujOn plans to include banks, and consumer product companies in the service. Typically, KnujOn receives about 20,000 pieces of junk mail a day from more than 2,000 registered subscribers and about the same number of unregistered members. Registration costs $27 annually. Since its founding in 2005, KnujOn's efforts have led to the shutdown of tens of thousands of sites, including those trafficking in the following:

• Counterfeit or unlicensed prescription drug sales on the Internet
• Traffic in knockoff, diverted, pirated, and stolen merchandise
• Predatory lending in the sub-prime and refinance mortgage industry
• Vacation scams
• Identity theft

In addition to developing technical tools to address spam, research at KnujOn explores the issues that drive its creation, studying the impact on individual victims as well as the burden on the economy. The challenge that KnujOn and other anti-spam software makers face is simple: Spam works. Currently more than 90% of all global email traffic is spam, with employees in the U.S. spending about 100 hours each year dealing with spam, for a daily loss of $130 million. The loss of productivity to companies is estimated at $712 per employee, or $71 billion annually to all U.S. businesses.

The chances of getting caught, prosecuted and punished are miniscule in comparison to the potential wealth. According to a Consumer Reports survey, 650,000 people purchased at least one item sold through a spam advertisement in a single month. If the average spam "unit" is $75, that is $48,750,000 per month or $585,000,000 per year. While the majority of Internet users may be blocking and deleting spam, the remainder keep the spammers employed.

Word of the Day : Fuzz testing

Fuzz testing or fuzzing is a software testing technique used to discover coding errors and security loopholes in software, operating systems or networks by inputting massive amounts of random data, called fuzz, to the system in an attempt to make it crash. If a vulnerability is found, a tool called a fuzz tester (or fuzzer), indicates potential causes. Fuzz testing was originally developed by Barton Miller at the University of Wisconsin in 1989.

Fuzzers work best for problems that can cause a program to crash, such as buffer overflow, cross-site scripting, denial of service attacks, format bugs and SQL injection. These schemes are often used by malicious hackers intent on wreaking the greatest possible amount of havoc in the least possible time. Fuzz testing is less effective for dealing with security threats that do not cause program crashes, such as spyware, some viruses, worms, Trojans and keyloggers.

Fuzz testing is simple and offers a high benefit-to-cost ratio. Fuzz testing can often reveal defects that are overlooked when software is written and debugged. Nevertheless, fuzz testing usually finds only the most serious faults. Fuzz testing alone cannot provide a complete picture of the overall security, quality or effectiveness of a program in a particular situation or application. Fuzzers are most effective when used in conjunction with extensive black box testing, beta testing and other proven debugging methods.

Word of the Day : Windows SharePoint Server

Windows SharePoint Server (WSS), usually referred to as simply "Sharepoint," is a portal-based platform for creating, managing and sharing documents and customized Web services. WSS is available as a free download included with every Windows Server license. Microsoft Office SharePoint Server (MOSS) offers an increased set of capabilites that add to and build upon the core functionalities of WSS as an inducement for system administrators to upgrade.

Sharepoint was originally added on to Windows Server at the same time as Office XP under the title "SharePoint Team Services" or STS. STS was available as part of Microsoft FrontPage and could run on Windows 2000 Server or Windows XP. The 2.0 version advanced the functionality of the platform by storing both documents and meta data in a database and adding support for versioning for items held in document libraries, SQL Server and the .NET framework. This version of the software was downloaded and implemented at a rate unanticipated by Microsoft, as administrators adopted the platform as a relatively cheap and easy way to introduce collaborative document sharing and editing in Windows environments. Microsoft noted this use and embraced Sharepoint as the cornerstone of a strategy to embrace social computing, bringing Web 2.0 technologies like blogs, wikis and social networking into enterprises without some of the security risks of Internet-based software as a service (SaaS) implementations.

Microsoft's Sharepoint competes against IBM's Notes and Quickr, Oracle's WebCenter Suite, Google Docs and CMS software from EMC, Adobe, Cisco and smaller startups like Socialtext and Zimbra. Many organizations are also exploring free, open source wiki software like MediaWiki, the application that underlies Wikipedia.

Critics of Sharepoint point out that certain features of Sharepoint Server 2007 will only work with the newest version of Microsoft Office, thereby forcing IT managers to upgrade their software. Sharepoint's lack of support for non-Microsoft formats, like files saved using Quark or Adobe Acrobat (.PDF), is a cause of concern for some administrators evaluating the suite as a potential enterprise-wide CMS. Microsoft has also been careful to avoid the bundling charges the company faced in the browser wars of the 1990s, separating WSS as a free download instead of including it with Windows Server.

Word of the Day : Hardware as a Service (HaaS)

Hardware as a Service (HaaS), in a grid computing context, is a pay-as-you-go model for accessing a provider's infrastructure and CPU power. Grid computing is a technology in which several computers work together to act as a single, more powerful computer. Some companies sell use of their grids over the Internet on a per-use basis. The user sends data and a program to process that data; the vendor's grid does the processing and returns the result.

Word of the Day : Hardware virtualization

Hardware virtualization is when the virtual machine manager is embedded in the circuits of a hardware component instead of being called up from a third-party software application. The virtual machine manager is called a hypervisor.

The job of the hypervisor is to control processor, memory and other firmware resources. The hypervisor acts like a traffic cop, allowing multiple operating systems to run on the same device without requiring source code or binary changes. Each operating system appears to have the processor, memory, and other firmware resources all to itself -- but in reality, the hypervisor is controlling the processor and its resources, allocating what is needed to each operating system in turn.

Hardware virtualization is an evolving technology that may become dominant, especially for server platforms, because it has the potential to facilitate the consolidation of multiple workloads on a single physical server without requiring third-party software.

Word of the Day : Fibre Channel over Ethernet

Fibre Channel over Ethernet
FCoE (Fibre Channel over Ethernet) is a proposed standard designed to enable Fibre Channel communications to run directly over Ethernet. FCoE makes it possible to move Fibre Channel traffic across existing high-speed Ethernet infrastructures and extend the reach and capability of storage area networks (SANs). This ability allows organizations to protect and extend existing investments in their storage networks.

Word of the Day : Femtocell

A femtocell is a wireless access point that improves cellular reception inside a home or office building.

The device, which resembles a wireless router, essentially acts as a VoIP repeater. When connected to Internet broadband, it broadcasts the connection using radio waves.

A cell phone call initiated in a home equipped with femtocall would start at the handset, be sent to the femtocell, go from the femtocell to the Internet through the broadband connection, and end up back on the cellular network.

Femtocells are compatible with CDMA2000, WiMAX, or UMTS mobile telephony devices, using the provider's own licensed spectrum to operate. One femtocell can potentially service up to five mobile devices concurrently.

Femtocells were originally called access point base stations. The term was derived from cell and "femto," a metric prefix that stands for 10^-15th, or one-quadrillionth, six orders of magnitude smaller than nano. The development of femtocells is credited, in part, to the work of a skunkworks team at Motorola in the UK, where they created the world's smallest full power UMTS base station.

Femtocell technology is still in its infancy, in terms of actual installations. Service providers are promoting the technology as a cost-effective way for customers to extend indoor coverage.

Word of the Day : Microsoft Office SharePoint Server

Microsoft Office SharePoint Server (MOSS) is the full version of a portal-based platform for collaboratively creating, managing and sharing documents and Web services. MOSS enables users to create "Sharepoint Portals" that include shared workspaces, applications, blogs, wikis and other documents accessible through a Web browser. The free version, Windows SharePoint Server (WSS), usually referred to as simply "Sharepoint," is available as a free download included with every Windows Server license.

MOSS is used by many enterprises as a content management system (CMS). Partially as a result of the tight integration with Microsoft productivity applications included in Office, such as Word, many administrators have found MOSS useful in organizing and aggregating an enterprise's data into Web-based portal with defined taxonomies that structure the information. MOSS includes additional features as an inducement for system administrators to upgrade from WSS, including knowledge management, organization of business processes and enterprise search. Both versions include support for many Web 2.0 technologies and third-party Web browsers like Firefox.

Fundamentally, MOSS provides an integrated platform for building customized Web-based applications and portals in Windows Server environments. To address the needs of remote workers and telecommuters, as well as system administrator concerns for data security, MOSS can be configured to return separate content depending on whether access is gained from intranet, extranet or Internet locations. Active Directory groups or HTML forms authentication can also be added to MOSS, granting multiple permissions to multiple parties or through alternate providers.

Users log on to Web portals to edit and create shared documents. These "SharePoint portals" are ASP.NET applications that are hosted on a server and use a SQL Server database. MOSS provides Web browser-based management and administration tools that allow users to create and edit a document or document library independently. Collaborative editing of this kind is aided by integrated access and revision controls, allowing administrators to freeze certain documents or restrict user privileges where required. MOSS also uses embeddable widgets in shared Web pages to add additional functionality. Widgets include:

• shared workspaces and personal dashboards
• navigation tools
• lists
• automatic alerts, including email and integrated RSS
• shared calendar and contacts
• discussion boards

Users build SharePoint pages is by combining selected widgets into a Web page. Any Web editor that supports ASP.NET can be used for this purpose, though Microsoft has released a WYSIWYG HTML editor, Microsoft Office SharePoint Designer (MOSD), that was specifically designed for this purpose.

Critics of SharePoint point out that certain features of MOSS 2007 only work with the newest version of Microsoft Office, thereby forcing IT managers to upgrade their software. SharePoint's lack of support for non-Microsoft formats, like files saved using quark or Adobe Acrobat (.PDF), is also a cause of concern for some administrators evaluating the suite as a potential enterprise-wide CMS.

The previous versions of SharePoint are SharePoint Portal Server 2003 and SharePoint Portal Server 2001.

Word of the Day : Google Docs

Google Docs is a free Web-based application in which documents and spreadsheets can be created, edited and stored online. Files can be accessed from any computer with an Internet connection and a full-featured Web browser. Google Docs is a part of a comprehensive package of online applications offered by and associated with Google.

Users of Google Docs can import, create, edit and update documents and spreadsheets in various fonts and file formats, combining text with formulas, lists, tables and images. Google Docs is compatible with most presentation software and word processors. Work can be published as a Web page or as a print-ready manuscript. Users can control who sees their work. Google Docs is ideal for publishing within an enterprise, maintaining blogs or composing work for viewing by the general public.

Google Docs lends itself to collaborative projects in which multiple authors work together in real time from geographically diverse locations. All participants can see who made specific document changes and when those alterations were done. Because documents are stored online and can also be stored on users' computers, there is no risk of total data loss as a result of a localized catastrophe. However, the Internet-based nature of Google Docs has given rise to concerns among some authors that their work may not be private or secure.