I have switched over my main desktop computer and my netbook to this public DNS server.  My impressions (purely qualitative… not very scientific) are that this DNS is somewhat faster that using my ISP’s DNS server.  This only stands to reason, as Google DNS does caching and prefetching of lookups.  Typical DNS resolution involves, to some degree, searching from a top level domain (e.g. .com, .ca) and then working down until an authoritative resolution can be made.

Even though this does appear to be fast (to me anyway) I’m not ready to switch over some devices, like my Vonage VOIP adapter.

Learn more about Google’s Public DNS by visiting one of these sites (FUD free!)

• Introduction to Google’s Public DNS at Google Code
• Hands On with Google’s Public DNS at PC Mag

There’s also a response from Google’s only competitor in this space, OpenDNS.

Check them both out, give it a try and decide for yourself!

• Use a Repeater to build and format all of the RadioButton controls
• Use code to instantiate RadioButton controls
• Use a RadioButtonList control

The Repeater control seems like a logical choice, as it allows you to create your own control template.  However, in practice this doesn’t work; the RadioButton controls are not mutually exclusive (i.e. you can select more than one).

Using code in your codebehind does allow for a great deal of control when building and formatting a set of RadioButton controls.  Selecting works proper, but because all the controls are built at run time, trying to capture the OnClick event is problematic.

The last choice is to use a RadioButtonList control  This control takes all the radio button labels and values from the databound datasource; events are channeled through a single event handler for the RadioButtonList.  So what’s the problem here?  You can’t databind any of the attributes to other fields in the datasource.

This is where the RadioButtonList’s DataBound event comes in handy.  The DataBound event is fired after a datasource is bound to a control; this is the perfect place to do some reformatting.

Once the event is fired, you have two objects you are interested in; the RadioButtonList and the datasource.  You get a reference to the original datasource from RadioButtonList.DataSourceObject. Once you have the datasource, you can use it to produce a dataview, which is what we will use to customize our control

Protected Sub rblLocations_DataBound( _
          ByVal sender As Object, _
          ByVal e As System.EventArgs) _
          Handles rblLocations.DataBound
 
Dim ds As New SqlDataSource
Dim dv As New Data.DataView
Dim rbl As RadioButtonList
 
' sender is the object sending... in this case a RadioButtonList
rbl = CType(sender, RadioButtonList)
 
' get the datasource from the control
ds = rbl.DataSourceObject
 
' let us take a look
dv = ds.Select(DataSourceSelectArguments.Empty)

The dataview contains only the data bound to the control, so rows are filtered, ordered, etc. as per the original datasource.  This makes it easy to correlate rows in the dataview to collection items in the databound control.

One important thing to note: a dataview does not allow you to refer to a datacolumn by name; the datacolumns are in the same order as the original datasource query.  Just refer to the columns by number, keeping in mind that datarows and datacolumns use zero-based indices.

Dim i as Integer = 0
For Each li As ListItem In rbl.Items
    ' change label text to include additional information
    li.Text = dv.Item(i).Item(0) &amp; "<em> (" &amp; dv.Item(i).Item(2) _
          &amp; " of " &amp; dv.Item(i).Item(1) &amp; " seats remaining)</em>"
 
    ' conditionally enable/disable the control
    li.Enabled = (dv.Item(i).Item(2) &gt; 0)
    i += 1
 
Next
End Sub

There you have it… you can databind your RadioButtonList to a datasource and still have control over the formatting without resorting to black magic!

While scams like the Nigerian advance-fee fraud are fairly easy to spot and avoid, more advanced techniques like phishing are starting to snare more and more people.

I ran across a new method using real web sites to entice people in to visiting bogus ones.  While searching on buysell.com, I found a nice little motorhome at a really good price.  As the seller had not posted a phone number, I sent an email through the web site.  The seller sent an email back, indicating that she was a divorced woman with no license, who was therefore trying to quickly rid herself of the vehicle.  She stated that we would use eBay’s Vehicle Protection Plan to perform the transaction.  The text of the email is shown below:

Hi,
Thanks for being interested in buying my motorhome!It`s in perfect condition,no scratches,damages and never been involved in any accidents.It has only 80000 km and the price is $2,700 CAD.It has a clear title and free of any liens or loans.Because of my divorce settlement,i own this motorhome and as a woman without driver`s license i don`t need it so i`m trying to get rid of it as soon as possible(that`s why i`m selling it so cheap).We will use eBay`s Vehicle Purchase Protection plan for our both safety,i want only legit transactions.Let me know where are you located and any other details you need about it.
Have a great day!

This is when the alarm bells started to go off.   I could understand using this protection plan if you were purchasing through eBay, but this was a local sale.  The email also had the hallmarks of scammers; poor grammar and punctuation.  So, armed with a feeling in my gut and Google in my browser, I started to do some research.

It would seem that scammers use a legitimate site to display deals that are too good to be true.  When the would-be purchaser contacts the “seller”, he/she is directed to use eBay’s Vehicle Purchase Protection.  Should the deal progress any further, the purchaser is directed to a site where financial information can be fished, or worse; the buyer is fooled into sending the cash via Western Union or similar agencies, which usually results in an untraceable transaction.  eBay, Craigslist and others don’t use Western Union because it is easy for scammers to use it for fraudulent purposes.

So, keep these simple rules in mind when purchasing online:

• If the deal is too good to be true, it usually is
• Only use traceable payment methods like Paypal
• Pay attention to grammar and punctuation
• Private sales should only be conducted in person or a known legitimate site
• Locally-based ads should include a phone number

To learn more about this type of scam, visit the following sites:

• Consumer Fraud Reporting
• Tactical Techniques

I ran across a forum thread at Adobe that talks about Vista and Flash being the root cause of the crashes.  Hmmm, interesting.

I have been testing a couple of Twitter apps that were built using Adobe’s AIR.  (AIR is a cross-platform software runtime that lets developers build rich Internet apps.)   Reading the thread got me thinking that maybe it wasn’t Flash et al, but AIR alone.  I broke out my eeePC, uninstalled AIR and any AIR apps I had installed… no more Windows Live Messenger crash.  I will have to test this out on my Vista desktop when I get home, and post my findings.

Update: April 8, 2009 @ 10:05 AM:  Well, no joy on the Vista box.  Even after removing AIR and rebooting WLM is still crashing on Vista.  Damn Flash dependancy!  Back to Googling.

Let’s face it; security holes in browsers are half the problem with web browsers.  The other half of the equation is social engineering.  It’s often said “there’s a sucker born every minute“, and that can really ring true for the average Internet user.  We all want to win that iPod or pick up that greeting card from someone we don’t even know.  We fall for fake banking sites and sometimes entertain the idea that your long lost uncle did die and leave you money.

Those of us that have been around the Internet a long time (who remembers gopher and veronica?) are savvy to these types of schemes.  If you don’t understand how web sites and protocols work, you can be fooled in to visiting sites that nab your private data or worse. A rogue site can fool you in to installing malware on to your computer that can damage or remotely control it.  Sometimes you don’t even click and you get hit by drive-by download.   In fact, over 50% of malware infections come via the web.  How then is one supposed to know what is OK and what isn’t?

According to a recent paper by NSS Labs, preventing social engineering and malware installation is where IE8 beats its competition.  Technologies added to Microsoft’s latest browser offering take a lot of the guesswork out of identifying bad or bogus sites.

Many current browsers utilize a distributed reputation-based system.  Utilizing this system, malicious web sites are recorded by the vendor, with the browser checking URLs against this list and warning/blocking as appropriate.  How quickly these systems block malicious sites varies by browser.  Internet Explorer 8 appears to be the winner here, identifying 41% of URLs at “zero hour” and 65% within the first 5 days.  One large reason for this is IE8’s SmartScreen.  When you  compare these numbers to IE7 (only 4%) you really should upgrade your browser and start protecting your computer now!

The direct link to the report is http://nsslabs.com/test-reports/NSS%20Labs%20Browser%20Security%20Test%20-%20Socially%20Engineered%20Malware.pdf.

The only browser not exploited (so far) is Google’s Chrome.  So, without any futher ado…

Update: March 20, 2009

It looks like the version of IE8 used at Pwn2Own may have not been the final release version.  Microsoft has stated on their Security Research and Defense blog that “the final release of Internet Explorer 8 on Windows Vista blocks the .NET DEP+ASLR bypass mechanism from malicious websites on the Internet”.  If I am understanding things correctly, the combination of the final release IE8 and Vista is quite secure.  The Internet Storm Center questions whether IE8 would have been exploited had the competition been held a day later and the “Official” release been available.

Check out the links and decide for yourself if you’re going to install IE8.

Remember, always keep your firewall and antivirus software running and up-to-date.   Conficker.C has great potential to do lots of damage and to spread quickly.

• Use encryption: Some older routers and network cards only support WEP, which can be cracked.  If you need to, upgrade to hardware that supports WPA or WPA2, and use the improved encryption.
• Tweak your SSID: First, ensure you have turned off SSID broadcast.  This will make the router invisible to the casual observer.  Second, change the SSID to something other than the factory default.  Default SSIDs for most major consumer-level routers are available online, which makes it easy to guess even if the SSID broadcast is turned off.
• Use MAC filtering: Every piece of hardware connected to a network (or the Internet) has a big and unique number called a media access control (MAC) address.  You will see a number like 01-23-45-67-89-ab or 01:23:45:67:89:ab.  Configure your router to only accept known MAC addresses; you will have to enter the addresses from your wireless equipment into your router configuration.
• Change the password: Just like the default SSIDs, default administrator names and passwords for consumer-level routers can be Googled on the Internet.  Make sure you change the password (and administrator name if possible) document the changes and store somewhere safe.
• Disable remote administration: If your wireless router has an option that allows administration over the Internet, turn it off.
• Modify administration web address: Most wireless routers host the configuration interface on 192.168.1.1.  If your router firmware supports it, change the address for the interface to make it harder to find.  Remember to document and store with your username/password info.

Keep in mind that no single step here will prevent breaches; you must complete as many of the steps list here as you can.  Most important is encryption.  As mentioned, this is typically dependant on the hardware you are using… so the encryption you can use is only as strong as the weakest protocol supported by your hardware.

A dedicated hacker can probably (eventually) break through all this security, but these changes increase the level of effort required to exploit your network.

As a side note, some wireless routers can be strengthened even further by using DD-WRT, an open source, Linux based firmware.  If your router is on the supported hardware list, you should consider upgrading your firmware to gain advanced features.

It does appear that this worm also uses a form of DLL injection, which will make it difficult to remove.    Matters are further complicated by the fact that the worm monitors and terminates many popular antivirus/process tools.

Make sure you have updated your antivirus and firewall software for this threat.  It has the potential to be a bad one!

Microsoft has a Community Technology Preview (CTP) of the OpenID Window Live Provider that allows you to associate an OpenID alias with your Windows Live login.  With Google and Microsoft both heavily supporting OpenID, the reality of having a single signon for all your web accounts is getting closer to reality.

For more information, check out the news releases at OpenID and the Window Live ID blog.