Quo: Sniper


"Morale was one of the most vital things a soldier could have. 
Without morale, a soldier became ineffective, skittish, and a liability to those around him. 
Few things in war destroy morale faster than an enemy sniper. "

What is XML?


  • XML stands for EXtensible Markup Language
  • XML is a markup language much like HTML
  • XML was designed to carry data, not to display data
  • XML tags are not predefined. You must define your own tags
  • XML is designed to be self-descriptive
  • XML is a W3C Recommendation


The Difference Between XML and HTML

  • XML is not a replacement for HTML.
  • XML and HTML were designed with different goals:
  • XML was designed to transport and store data, with focus on what data is
  • HTML was designed to display data, with focus on how data looks
  • HTML is about displaying information, while XML is about carrying information.
  • XML Does Not DO Anything


Maybe it is a little hard to understand, but XML does not DO anything. XML was created to structure, store, and transport information.

The following example is a note to Tove, from Jani, stored as XML:

 <note>
 <to>Tove</to>
 <from>Jani</from>
 <heading>Reminder</heading>
 <body>Don't forget me this weekend!</body>
 </note>


The note above is quite self descriptive. It has sender and receiver information, it also has a heading and a message body.

But still, this XML document does not DO anything. It is just information wrapped in tags. Someone must write a piece of software to send, receive or display it.

  • With XML You Invent Your Own Tags


The tags in the example above (like <to> and <from>) are not defined in any XML standard. These tags are "invented" by the author of the XML document.

That is because the XML language has no predefined tags.

The tags used in HTML are predefined. HTML documents can only use tags defined in the HTML standard (like <p>, <h1>, etc.).


  • XML allows the author to define his/her own tags and his/her own document structure.
  • XML is Not a Replacement for HTML
  • XML is a complement to HTML.


It is important to understand that XML is not a replacement for HTML. In most web applications, XML is used to transport data, while HTML is used to format and display the data.

My best description of XML is this:

  • XML is a software- and hardware-independent tool for carrying information.
  • XML is a W3C Recommendation
  • XML became a W3C Recommendation on February 10, 1998.
  • XML is Everywhere
  • XML is now as important for the Web as HTML was to the foundation of the Web.
  • XML is the most common tool for data transmissions between all sorts of applications.



There are 5 predefined entity references in XML:

  1. &lt; < less than
  2. &gt; > greater than
  3. &amp; & ampersand
  4. &apos; ' apostrophe
  5. &quot; " quotation mark




Valid XML Documents

A "Valid" XML document is a "Well Formed" XML document, which also conforms to the rules of a Document Type Definition (DTD):

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE note SYSTEM "Note.dtd">
 <note>
 <to>Tove</to>
 <from>Jani</from>
 <heading>Reminder</heading>
 <body>Don't forget me this weekend!</body>
 </note>


The DOCTYPE declaration in the example above, is a reference to an external DTD file. The content of the file is shown in the paragraph below.
XML DTD

The purpose of a DTD is to define the structure of an XML document. It defines the structure with a list of legal elements:

<!DOCTYPE note [
 <!ELEMENT note (to,from,heading,body)>
 <!ELEMENT to (#PCDATA)>
 <!ELEMENT from (#PCDATA)>
 <!ELEMENT heading (#PCDATA)>
 <!ELEMENT body (#PCDATA)>
 ]>


If you want to study DTD, you will find our DTD tutorial on our homepage.
XML Schema

W3C supports an XML-based alternative to DTD, called XML Schema:

<xs:element name="note">
 <xs:complexType>
   <xs:sequence>
     <xs:element name="to" type="xs:string"/>
     <xs:element name="from" type="xs:string"/>
     <xs:element name="heading" type="xs:string"/>
     <xs:element name="body" type="xs:string"/>
   </xs:sequence>
 </xs:complexType>


 </xs:element>

Attributes in C#


In the C# programming language, attributes are metadata attached to a field or a block of code, equivalent to annotations in Java. Attributes are accessible to both the compiler and programmatically through reflection.

Users of the language see many examples where attributes are used to address cross-cutting concerns and other mechanistic or platform uses. This creates the false impression that this is their sole intended purpose.

Their specific use as meta-data is left to the developer and can cover a wide range of types of information about any given application, classes and members that is not instance specific. The decision to expose any given attribute as a property is also left to the developer as is the decision to use them as part of a larger application framework.

Attributes should be contrasted against XML Documentation which also defines meta-data but is not included in the compiled assembly and therefore cannot be accessed programmatically.

Google Dorks




"add.asp?bookid="
"add_cart.asp?num="
"addcart.asp?"
"addItem.asp"
"add-to-cart.asp?ID="
"addToCart.asp?idProduct="
"addtomylist.asp?ProdId="
"adminEditProductFields.asp?intProdID="
"advSearch_h.asp?idCategory="
"affiliate.asp?ID="
"affiliate-agreement.cfm?storeid="
"affiliates.asp?id="
"ancillary.asp?ID="
"archive.asp?id="
"article.asp?id="
"aspx?PageID"
"basket.asp?id="
"Book.asp?bookID="
"book_list.asp?bookid="
"book_view.asp?bookid="
"BookDetails.asp?ID="
"browse.asp?catid="
"browse_item_details.asp"
"Browse_Item_Details.asp?Store_Id="
"buy.asp?"
"buy.asp?bookid="
"bycategory.asp?id="
"cardinfo.asp?card="
"cart.asp?action="
"cart.asp?cart_id="
"cart.asp?id="
"cart_additem.asp?id="
"cart_validate.asp?id="
"cartadd.asp?id="
"cat.asp?iCat="
"catalog.asp"
"catalog.asp?CatalogID="
"catalog_item.asp?ID="
"catalog_main.asp?catid="
"category.asp"
"category.asp?catid="
"category_list.asp?id="
"categorydisplay.asp?catid="
"checkout.asp?cartid="
"checkout.asp?UserID="
"checkout_confirmed.asp?order_id="
"checkout1.asp?cartid="
"comersus_listCategoriesAndProducts.asp?idCategory ="
"comersus_optEmailToFriendForm.asp?idProduct="
"comersus_optReviewReadExec.asp?idProduct="
"comersus_viewItem.asp?idProduct="
"comments_form.asp?ID="
"contact.asp?cartId="
"content.asp?id="
"customerService.asp?TextID1="
"default.asp?catID="
"description.asp?bookid="
"details.asp?BookID="
"details.asp?Press_Release_ID="
"details.asp?Product_ID="
"details.asp?Service_ID="
"display_item.asp?id="
"displayproducts.asp"
"downloadTrial.asp?intProdID="
"emailproduct.asp?itemid="
"emailToFriend.asp?idProduct="
"events.asp?ID="
"faq.asp?cartID="
"faq_list.asp?id="
"faqs.asp?id="
"feedback.asp?title="
"freedownload.asp?bookid="
"fullDisplay.asp?item="
"getbook.asp?bookid="
"GetItems.asp?itemid="
"giftDetail.asp?id="
"help.asp?CartId="
"home.asp?id="
"index.asp?cart="
"index.asp?cartID="
"index.asp?ID="
"info.asp?ID="
"item.asp?eid="
"item.asp?item_id="
"item.asp?itemid="
"item.asp?model="
"item.asp?prodtype="
"item.asp?shopcd="
"item_details.asp?catid="
"item_list.asp?maingroup"
"item_show.asp?code_no="
"itemDesc.asp?CartId="
"itemdetail.asp?item="
"itemdetails.asp?catalogid="
"learnmore.asp?cartID="
"links.asp?catid="
"list.asp?bookid="
"List.asp?CatID="
"listcategoriesandproducts.asp?idCategory="
"modline.asp?id="
"myaccount.asp?catid="
"news.asp?id="
"order.asp?BookID="
"order.asp?id="
"order.asp?item_ID="
"OrderForm.asp?Cart="
"page.asp?PartID="
"payment.asp?CartID="
"pdetail.asp?item_id="
"powersearch.asp?CartId="
"price.asp"
"privacy.asp?cartID="
"prodbycat.asp?intCatalogID="
"prodetails.asp?prodid="
"prodlist.asp?catid="
"product.asp?bookID="
"product.asp?intProdID="
"product_info.asp?item_id="
"productDetails.asp?idProduct="
"productDisplay.asp"
"productinfo.asp?item="
"productlist.asp?ViewType=Category&CategoryID= "
"productpage.asp"
"products.asp?ID="
"products.asp?keyword="
"products_category.asp?CategoryID="
"products_detail.asp?CategoryID="
"productsByCategory.asp?intCatalogID="
"prodView.asp?idProduct="
"promo.asp?id="
"promotion.asp?catid="
"pview.asp?Item="
"resellers.asp?idCategory="
"results.asp?cat="
"savecart.asp?CartId="
"search.asp?CartID="
"searchcat.asp?search_id="
"Select_Item.asp?id="
"Services.asp?ID="
"shippinginfo.asp?CartId="
"shop.asp?a="
"shop.asp?action="
"shop.asp?bookid="
"shop.asp?cartID="
"shop_details.asp?prodid="
"shopaddtocart.asp"
"shopaddtocart.asp?catalogid="
"shopbasket.asp?bookid="
"shopbycategory.asp?catid="
"shopcart.asp?title="
"shopcreatorder.asp"
"shopcurrency.asp?cid="
"shopdc.asp?bookid="
"shopdisplaycategories.asp"
"shopdisplayproduct.asp?catalogid="
"shopdisplayproducts.asp"
"shopexd.asp"
"shopexd.asp?catalogid="
"shopping_basket.asp?cartID="
"shopprojectlogin.asp"
"shopquery.asp?catalogid="
"shopremoveitem.asp?cartid="
"shopreviewadd.asp?id="
"shopreviewlist.asp?id="
"ShopSearch.asp?CategoryID="
"shoptellafriend.asp?id="
"shopthanks.asp"
"shopwelcome.asp?title="
"show_item.asp?id="
"show_item_details.asp?item_id="
"showbook.asp?bookid="
"showStore.asp?catID="
"shprodde.asp?SKU="
"specials.asp?id="
"store.asp?id="
"store_bycat.asp?id="
"store_listing.asp?id="
"Store_ViewProducts.asp?Cat="
"store-details.asp?id="
"storefront.asp?id="
"storefronts.asp?title="
"storeitem.asp?item="
"StoreRedirect.asp?ID="
"subcategories.asp?id="
"tek9.asp?"
"template.asp?Action=Item&pid="
"topic.asp?ID="
"tuangou.asp?bookid="
"type.asp?iType="
"updatebasket.asp?bookid="
"updates.asp?ID="
"view.asp?cid="
"view_cart.asp?title="
"view_detail.asp?ID="
"viewcart.asp?CartId="
"viewCart.asp?userID="
"viewCat_h.asp?idCategory="
"viewevent.asp?EventID="
"viewitem.asp?recor="
"viewPrd.asp?idcategory="
"ViewProduct.asp?misc="
"voteList.asp?item_ID="
"whatsnew.asp?idCategory="
"WsAncillary.asp?ID

Callback

In computer programming, a callback is a reference to executable code, or a piece of executable code, that is passed as an argument to other code. This allows a lower-level software layer to call a subroutine (or function) defined in a higher-level layer.

Use FireFox Firebug to Edit HTML/CSS in Realtime



The Firebug extension for FireFox browser allows you to edit HTML and CSS in realtime.

This can save you a lot of time if you want to experiment with different fonts, colors, and layouts on the fly.

This is also very helpful when you are trying to analyze how someone else's site has the look and feel that it does.

Core Differences Between ASPNET Development Server and IIS




1. Security Context - In ASPNET Development Server, it is determined by who you login as on your computer. In IIS, it is typically IUSR_MachineName.

2. Accessing Static Pages - In ASPNET Development Server, you can not access static pages in a secure folder if you are not logged in, but in IIS, you can.

WriteLog() - The Easy Way to Display Debugging Information in ASP.NET

It can often be difficult to display information in ASP.NET because System.Diagnostics, Response.Write, or the Trace object are not available - for example, when you are working in the global.asax or inside a class.

A simple way to display what lines are executing and what information is in a given field is by creating a simple  WriteLog() method in a class in the App_Code folder. Then, when you want to display the contents of a field anywhere in your program, you just use:

C#:
clsWriteLog.WriteLog("strXyz: " + strXyz);

VB.NET:
clsWriteLog.WriteLog("Line 203 executed")

You have two ways to view what is written to the log:

1. While in Visual Studio, you look at trace.log file in your root directory.

2. While in the website, you type http://www.yourwebsitename.com/trace.log

You can download the few lines of code for the class  clsWriteLog at clsWriteLog .  The code for the class is provided in vb.net and c#.

How Http.Request and Http.Response Work in ASP.NET


Prerequisites (Getting Your Website Publicly Hosted): 


Step 1: Buy Domain name from a Domain Registrar like GoDaddy (costs about $8.00 for 1 yr). This connects the domain name that you purchase to a unique ip address - example http://myqol.com is connected to 96.31.43.8 

Step 2: Buy asp.net hosting package from hosting company like DiscountAsp (costs about $10 each month) - the hosting company needs to use Microsoft's IIS (Internet Information Server) on a Windows operating system - it cannot use Apache Server on a Linux operating system 

Step 3: Buy add-on for SQL Server database from DiscountAsp (costs $10 a month) - this step can be skipped if you have already bought an add-on database for another web site, and you only want to add some tables to that existing database. 

Step 4: Update nameservers in GoDaddy to point to DiscountAsp nameservers. DiscountAsp sends you in an email telling you the nameservers to use: for example, ns1.discountasp.net, ns2.discountasp.net, ns3.discountasp.net 

Step 5: Publish, Web Copy, or FTP your website from the folder it was in when you developed it in Visual Studio to the ftp folder on DiscountAsp. For example, ftp.myqol.com 



Intial Http.Request: 

1. You enter the domain name into your browser (this is known as the client machine) - ex. http://myqol.com 

2. Domain Name Server on internet translates the domain name (http://myqol.com) into the ip address (96.31.43.8) that you bought from GoDaddy. GoDaddy takes ip address (96.31.43.8) and passes the request to Name Servers on DiscountAsp: ns1.discountasp.net, ns2.discountasp.net, ns3.discountasp.net 

3. DiscountAsp NameServers do port forwarding to translate the ip address you bought from GoDaddy (96.31.43.8) to a unique local ip address on DiscountAsp (192.168.5.94) 

4. Local address (192.168.5.94) on DiscountAsp points to your website hosted in IIS and that connects you to the folder where you Published, Web Copy-ed, or FTP-ed your website 

5. The Http.Request for a page reaches IIS on the DiscountAsp server (this is known as the server machine - hence, that is why the architecture is referred to as being client-server). The TCP/IP connection on the server was in the "listening" state, but now the connection state is changed to being "established." IIS checks to see if you have the authority to access the page. 



Initial Http.Response: 

If you do have the authority, the web server executes the code behind instructions to construct a web page and sends it to the ip address of the computer that requested the page 

Three Possible Scenarios after Initial Http.Request: 

Scenario #1 Request: you hover your mouse over a field 

Scenario #1 Response: javascript on the page that was sent to your browser executes without returning to the server and displays a tool tip on the page very efficently. 

Scenario #2 Request: you click on a button that is contained within in a ajax panel. 

Scenario #2 Response: javascript on the page only sends the information in the ajax update panel to the server and the server does whatever your code behind tells it. This allows the server to return a response without doing a full postback and without returning everything on the page - this is more efficient than doing a full postback 

Scenario #3 Request: you click on a submit button for a form that is not contained in ajax panel. This sends all the info on the page to the server in Http.Request 

Scenario #3 Response: Full PostBack Occurs: 

1. The server executes your code-behind instructions to do whatever is needed. For example, the code-behind instructions may cause the server to execute instructions to send commands to SQL Server that will insert the information in the form into the database. Once all the commands in the code-behind are executed the server sends back a Http.Respone with any information updated that the code behind said to update - for example, labels on the web form may be modified to indicate the update was successful 

2. The Http.Request and Http.Response are now complete and the transaction is over until you initiate another one with the mouse or keyboard. 

3. When you navigate away from the website, the TCP/IP connection changes from being in the "established" state to being "closed."

Hosts file to Create Browser Shortcuts

Use Windows Hosts file to Create Browser Shortcuts

Never type www.google.com again!

This tip by itself can save you enough time to allow you to read all the other tips in their entirety.

Windows operating systems have a file called hosts that allows you  connect any domain name to an ip address. For example, you can connect the letter g to the ip address for google and that will allow you just type g in the browser address bar to get to google.  Here are the steps you would take to do this:

Step 1: Find ip address for website - use this link to find the ip address for www.google.com - one ip address for google is 209.85.149.103

Step 2: Use NotePad to edit C:\Windows\System32\drivers\etc\hosts   - add a new line in the file that looks like this: 209.85.149.103 g

Step 3: Type g in your browser address bar - it should take you to google. If you are using internet explorer and it does not work, click on settings in upper right-hand corner of browser; select manage add-ons; select search providers; then disable search suggestions.

Notes: - In addition to creating shortcuts to save time, you can use the windows hosts file to access a new domain name you have bought before it has had time to propagate throughout the internet.

Read Object Data from an XML File

This example reads object data that was previously written to an XML file using the XmlSerializer class.



public class Book
{
public String title;
}

public void ReadXML()
{
System.Xml.Serialization.XmlSerializer reader =
new System.Xml.Serialization.XmlSerializer(typeof(Book));
System.IO.StreamReader file = new System.IO.StreamReader(
@"c:\temp\SerializationOverview.xml");
Book overview = new Book();
overview = (Book)reader.Deserialize(file);

Console.WriteLine(overview.title);

}


Protect your privacy on the Internet

Your privacy on the Internet depends on your ability to control both the amount of personal information that you provide and who has access to that information. To read about how your information gets on the Internet and how it is used,

Follow the practical advice below to help increase your privacy online.

Think before you share personal information

First, read the website's privacy policy
Privacy policies should clearly explain what data the website gathers about you, how it is used, shared, and secured, and how you can edit or delete it. (For example, look at the bottom of this and every page on Microsoft.com.) No privacy statement? Take your business elsewhere.
Do not share more than you need to
  • Do not post anything online that you would not want made public.
  • Minimize details that identify you or your whereabouts.
  • Keep your account numbers, user names, and passwords secret.
  • Only share your primary email address or Instant Message (IM) name with people who you know or with reputable organizations. Avoid listing your address or name on Internet directories and job-posting sites.
  • Enter only required information—often marked with an asterisk (*)—on registration and other forms.
Choose how private you want your profile or blog to be
Modify Windows Internet Explorer or website settings or options to manage who can see your online profile or photos, how people can search for you, who can make comments on what you post, and how to block unwanted access by others.

Monitor what others post

  • Search for your name on the Internet using at least two search engines. Search for text and images. If you find sensitive information on a website about yourself, look for contact information on the website and send a request to have your information removed.
  • Regularly review what others write about you on blogs and social networking websites. Ask friends not to post photos of you or your family without your permission. If you feel uncomfortable with material such as information or photos that are posted on others' websites, ask for it to be removed.


Guard your information

Protect your computer
You can greatly reduce your risk of online identity theft by taking these three steps to protect your computer:
  1. Use an Internet firewall.
    Note Windows 7, Windows Vista, and Windows XP with Service Pack 2 and Service Pack 3 have a firewall already built in and automatically turned on.
  2. Visit Microsoft Update to verify your settings and check for security updates.
    Note Microsoft Update will also update your Microsoft Office programs.
  3. Subscribe to antivirus software and keep it current. Microsoft Security Essentials is a free download for Windows 7, Windows Vista, and Windows XP. For more information, see Help protect your PC with Microsoft Security Essentials. For more information, see How to boost your malware defense and protect your PC.
Create strong passwords
Strong passwords are at least 14 characters long and include a combination of letters (both upper and lower case), numbers, and symbols. They are easy for you to remember but difficult for others to guess.
  1. Don't share your passwords with friends.
  2. Avoid using the same password everywhere. If someone steals it, all the information that password protects is at risk.
TipTip Learn how to create strong passwords.
Save sensitive business for your home computer
Avoid paying bills, banking, and shopping on a public computer, or on any device (such as a laptop or mobile phone) over a public wireless network.
TipTip Internet Explorer can help erase your tracks on a public computer, leaving no trace of specific activity. For more information, see InPrivate: Frequently asked questions.

Protect yourself from fraud

Spot the signs of a scam
Watch for deals that sound too good to be true, phony job ads, notices that you have won a lottery, or requests to help a distant stranger transfer funds. Other clues include urgent messages ("Your account will be closed!"), misspellings, and grammatical errors.
  1. Think before you click to visit a website or call a number in a suspicious email or phone message—both could be phony.
  2. Be cautious with links to video clips and games, or open photos, songs, or other files—even if you know the sender. Check with the sender first.
Look for signs that a web page is safe
Before you enter sensitive data, check for evidence that:
  1. The site uses encryption, a security measure that scrambles data as it crosses the Internet. Good indicators that a site is encrypted include a web address with https ("s" stands for secure) and a closed padlock beside it. (The lock might also be in the lower-right corner of the window.)
    Missing
  2. You are at the correct site—for example, at your bank's website, not a phony website. If you are using Internet Explorer, one sign of trustworthiness is a green address bar like the one above.
Use a phishing filter
Find a filter that warns you of suspicious websites and blocks visits to reported phishing sites. For example, try the SmartScreen Filter included in Internet Explorer.
Help detect potential fraud
In the United States, you are entitled to one free credit report every year from each of the three major U.S. credit bureaus: Experian, Equifax, and TransUnion. Get them by visiting AnnualCreditReport.com.

Object Data to an XML File

This code example defines a class named Book, creates an instance of the class, and uses XML serialization to write the instance to an XML file.


public class Book
{
public String title;

}

public void WriteXML()
{
Book overview = new Book();
overview.title = "Serialization Overview";
System.Xml.Serialization.XmlSerializer writer =
new System.Xml.Serialization.XmlSerializer(typeof(Book));

System.IO.StreamWriter file = new System.IO.StreamWriter(
@"c:\temp\SerializationOverview.xml");
writer.Serialize(file, overview);
file.Close();
}





Security in Internet Explorer 9

Online threats usually fall into one of three categories:

  • Attacks on you (socially engineered attacks)
  • Attacks on your computer, web browser, or add-ons to your web browser.
  • Attacks on websites (for example, cross-site scripting)
Windows Internet Explorer 9, the newest version of the Microsoft web browser software, helps better protect you from these threats. Internet Explorer 9:
  1. Provides a better warning system for potentially dangerous downloads. A new feature, Application Reputation, helps you to make safer decisions when you download content from the Internet.
    It uses available reputation data to prevent unnecessary warnings for programs with established reputations. It also shows a warning only when a download carries a higher risk of being malicious.
    Security in Internet Explorer 9 - Application Reputation
  2. Filters content that might be dangerous. The ActiveX Filtering feature allows you to choose which websites can run ActiveX controls. By allowing ActiveX controls only on the sites you trust, you can reduce the number of ways cybercriminals can harm you.
    Security in Internet Explorer 9 - ActiveX Filtering
  3. Helps you avoid phishing scams and malware. SmartScreen Filter in Internet Explorer 9 helps protect you from websites that are suspected of hosting malicious content. When the SmartScreen Filter detects that a site may be unsafe, you will see an alert that will give you recommended actions. For more information, see SmartScreen Filter: Frequently asked questions.
  4. Protects your privacy from online tracking. Many websites use technology that tracks your activities as you browse the Internet. Internet Explorer 9 introduces Tracking Protection, a feature that helps to protect your privacy from third-party online trackers.
    You can install a Tracking Protection List from a provider you trust or enable your personalized list. Internet Explorer 9 uses the Tracking Protection Lists as a guide to block or allow third-party tracking.
    Security in Internet Explorer 9 - Tracking Protection
  5. Helps protect against cross-site scripting attacks. Cybercriminals look for vulnerabilities in website code so that they can insert malicious scripts which gather private information about site visitors.
    Cross-site scripting vulnerabilities are an example of what these criminals try to find. Once they exploit the vulnerability, they can hijack your web account, monitor your keystrokes, and perform unwanted actions on your behalf. Internet Explorer 9 can identify certain types of such attacks and neutralize them by blocking their malicious code.

Email and web scams Protection

Email and web scams: How to help protect yourself

When you read email or surf the Internet, you should be wary of scams that try to steal your personal information (identity theft), your money, or both. Many of these scams are known as "phishing scams" because they "fish" for your information.
On This Page

How to recognize scams

New scams seem to appear every day. We try to keep up with them in our Security Tips & Talk blog. To see the latest scams, browse through our fraud section. In addition, you can learn to recognize a scam by familiarizing yourself with some of the telltale signs.
Scams can contain the following:
  • Alarmist messages and threats of account closures.
  • Promises of money for little or no effort.
  • Deals that sound too good to be true.
  • Requests to donate to a charitable organization after a disaster that has been in the news.
  • Bad grammar and misspellings.
For more information, see How to recognize phishing emails and links.

Popular scams

Here are some popular scams that you should be aware of:
Scams that use the Microsoft name or names of other well-known companies. These scams include fake email messages or websites that use the Microsoft name. The email message might claim that you have won a Microsoft contest, that Microsoft needs your logon information or password, or that a Microsoft representative is contacting you to help you with your computer. (These fake tech-support scams are often delivered by phone.) For more information, see Avoid scams that use the Microsoft name fraudulently.
Lottery scams. You might receive messages that claim that you have won the Microsoft lottery or sweepstakes. These messages might even look like they come from a Microsoft executive. There is no Microsoft Lottery. Delete the message. For more information, see What is the Microsoft Lottery Scam?
Rogue security software scams. Rogue security software, also known as "scareware," is software that appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure you into participating in fraudulent transactions. These scams can appear in email, online advertisements, your social networking site, search engine results, or even in pop-up windows on your computer that might appear to be part of your operating system, but are not. For more information, see Watch out for fake virus alerts.

How to report a scam

You can use Microsoft tools to report a suspected scam.
  • Internet Explorer. While you are on a suspicious site, click the gear icon and then point to Safety. Then click Report Unsafe Website and use the web page that is displayed to report the website.
  • Hotmail. If you receive a suspicious email message that asks for personal information, click the check box next to the message in your Hotmail inbox. Click Mark as and then point to Phishing scam.
  • Microsoft Office Outlook. Attach the suspicious email message to a new email message and forward it to reportphishing@antiphishing.org. To learn how to attach an email message to an email message, see Attach a file or other item to an email message.
You can also download the Microsoft Junk E-mail Reporting Add-in for Microsoft Office Outlook.

What to do if you think you have been a victim of a scam

If you suspect that you've responded to a phishing scam with personal or financial information, take these steps to minimize any damage and protect your identity.
  • Change the passwords or PINs on all your online accounts that you think might be compromised.
  • Place a fraud alert on your credit reports. Check with your bank or financial advisor if you're not sure how to do this.
  • Contact the bank or the online merchant directly. Do not follow the link in the fraudulent email message.
  • If you know of any accounts that were accessed or opened fraudulently, close those accounts.
  • Routinely review your bank and credit card statements monthly for unexplained charges or inquiries that you didn't initiate.

Identity theft protection tools to help you avoid scams

Microsoft offers several tools to help you avoid phishing scams when you browse the web or read your email.
  • Windows Internet Explorer. In Internet Explorer, the domain name in the address bar is emphasized with black type and the remainder of the address appears gray to make it easy to identify a website's true identity.
    Identify fake web addresses
    The SmartScreen Filter in Internet Explorer also gives you warnings about potentially unsafe websites as you browse. For more information, see SmartScreen Filter: frequently asked questions.
  • Windows Live Hotmail. Microsoft's free webmail program also uses SmartScreen technology to screen email. SmartScreen helps identify and separate phishing threats and other junk email from legitimate email. For more information, see SmartScreen helps keep spam out.
  • Microsoft Office Outlook. The Junk E-mail Filter in Outlook 2010, Outlook 2007, and other Microsoft email programs evaluates each incoming message to see if it includes suspicious characteristics common to phishing scams. For more information, see How Outlook helps protect you from viruses, spam, and phishing.
<

Avoid phishing scams

Phishing scams that target activities, interests, or news events

Phishing scams that target activities, interests, or news events

New phishing scams are generated whenever there is a newsworthy event, such as a natural disaster, a national election, or a significant change in the world financial system.

Fake e-cards

E-cards are created the same way websites are: They're built on the Internet, just like this page. So when you send someone an e-card, you send them a link to click, which takes them to the online greeting card you created for them.
This means an e-card you receive could actually be a phishing scam, spam or a spyware installer, or a computer virus.

How to avoid fake e-cards

  • Recognize the sender of the e-card. If you don't know the sender, do not trust the card. Legitimate companies have standard, obvious ways for you to recognize that the email is not a fraud.
    For example, with MSN Greetings, the "from" always shows "Ecard from MSN Greetings" as the display name and "ecards@msn.americangreetings.com" as the email address.
    Make sure you check both the display name and email address of the sender.
  • When in doubt, use alternative viewing methods. Do not click any links when you are not sure of the sender or intent of the email.
    For example, if you use MSN Greetings, you can view your greeting on the MSN Greetings website. Type "msn.americangreetings.com" into your web browser and click the "ecard pickup" link in the upper right-hand corner.
  • Never download or click anything from an unknown source.
  • Be wary of an email message or file attachment from someone you don't know or that seems suspicious.
  • Preview a link's web address before you click it. If the link doesn't show an address, move your mouse pointer over a link without clicking it to see where the link goes. (The address should appear on the bottom bar of your web browser.)
  • Don't accept an end-user agreement without reading the fine print first; you might inadvertently agree to install spyware or something else you don't want.
  • Use established greeting card sites such as MSN Greetings or American Greetings when sending e-cards.

Online job-hunting scams

Phishing scams might also appear as phony job ads, used to convince job hunters to send them personal information. Cyber criminals post their ads on legitimate job sites and often use familiar-looking or convincing company logos, language, and links to fake websites that appear to be those of real organizations.
These sites might also charge fees for services they will never render. Typically, after a few days the thieves close down the scam and disappear.

Best practices for online job hunters

  • Never provide any non-work related personal information such as your social security number, credit card number, date of birth, home address, and marital status online, through email, over the phone, in a fax, or on your resume.
  • List your resume on a job site that allows only verified recruiters to scan them and uses a privacy policy.
  • Verify a prospective employer, recruiter, or recruiting agency through another source such as the Better Business Bureau or a phone book, and then contact them directly—or better yet, visit them in person at the company location during regular work hours.
  • If a prospective recruiter or employer requests a background check, agree to do so only after you have met with them at their company location during regular work hours.
  • Beware of anyone who asks you for money up front in exchange for finding work for you. You should never have to pay for "exclusive" job leads or for a job itself.
  • If you are paying for job placement services, don't provide credit card or bank information or engage in any monetary transactions unless done in person, onsite, with a prospective recruiter or job agency.
  • Carefully evaluate contact information in job ads or related email messages, watching out for spelling errors, an email address that does not feature the company's name, and inconsistencies with area or zip codes.
  • Create an exclusive web-based email address and account for all non-personal communication.

Donation scams

Natural disasters, political campaigns, and global health issues are often the focus of donation phishing scams. For example, in recent years, cyber criminals have taken advantage of earthquakes and tsunamis to create illegitimate "charity" businesses to help the survivors of these events.
Most of these scams begin with an email message or a post in an online forum asking for donations in the name of well-known, legitimate charities. When you click a link, you are taken to a phony website designed to trick you into providing your personal financial information.

How to avoid donation scams

  • Be on guard if you receive an unsolicited email message from a charitable organization asking for money. Don't open any attachments or click any links. Manually type the charity's web address into your browser's address bar and make sure the request is legitimate before you donate.
  • Double-check the spelling of the organization's website in the address bar before looking through the site. Spoofed websites often use deliberate, easily overlooked misspellings to deceive users.
  • On the web page where you enter your credit card or other personal information, look for an "s" after http in the web address of that page. It should read: https://. (Encryption is a security measure that scrambles data as it traverses the Internet.)
  • Make sure that there is a tiny closed padlock in the address bar, or on the lower-right corner of the window.
  • If you are using Internet Explorer, one sign of trustworthiness is that the address bar turns green and displays both https and the closed padlock.
  • Improve your computer's defenses by always using firewall, antivirus, and antispyware software, and making sure to download and install updates for all of your software. Use automatic updates so you don't have to manually install the updates.
  • Use a browser filter that warns you of suspicious websites, such as the SmartScreen Filter in Internet Explorer.

Quo: Seige of Stalingrad


"Stand Firm.
Die but do not Retreat."


Joseph Stalin on The Seige of Stalingrad 1942-1943

Quo: Facebook, Google, Yahoo

"Facebook, Google, Yahoo - all these major U.S. organizations have built-in interfaces for U.S. intelligence. It's not a matter of serving a subpoena - they have an interface that they have developed for U.S. intelligence to use."
- Julian Assange

Quo: Facebook database

"Here we have the world's most comprehensive database about people, their relationships, their names, their addresses, their locations, their communications with each other, their relatives, all sitting within the United States, all accessible to U.S. intelligence"
- Julian Assange

Quo: Facebook

"Everyone should understand that when add their friends to Facebook, they are doing free work for U.S Intelligence agencies in building this database for them."
- Julian Assange

Quo: Wikileaks

"We don't respond to pressure, we respond to compulsory legal process"
- Julian Assange

Quo: India

"India Conquered and dominated China culturally for 20 centuries without ever having to send a single soldier across her border."

- Hu Shih 

Quo: Obstacles

"Obstacles are what you see when you take your eyes off the goal"

.NET Framework


What is it?

It is a virtual machine that includes a large class library.

Why use it?

Reuse code for basic functions
Security
Memory Management
Safe sandboxes for applications.

Servers


What is a server?
It is like a servant.
A Server is a socket “Listener” that waits for commands and then performs operations to serve up information.

It is the foundation.

There are many types of servers:

Server Operating System
Web Servers
File Servers
FTP Servers
Network Server

Server Operating Systems reside in the C:\Windows folder

Default install of IIS for each server:
Windows 2000 & XP – IIS 5.0
Windows 2003 & Vista – IIS 6.0
Windows 2008 & Windows 7 – IIS 7.0

Expert Systems


Background:
Expert Systems were very popular in the 1980's, but they are still a great idea today.

How Expert Systems Work:
Instead of giving all the information on everything to someone, ask the person about what they are trying to do, and then return the answer to that specific problem.

Example:
Expert System applications are similar to medical diagnosis programs where you describe symptoms, and the computer returns the disease.

Create strong passwords

Create strong passwords

Create strong passwords

Strong passwords are important protections to help you have safer online transactions.

Keys to password strength: length and complexity

An ideal password is long and has letters, punctuation, symbols, and numbers.
  • Whenever possible, use eight characters or more.
  • Don't use the same password for everything. Cybercriminals steal passwords on websites with very little security, and then they try to use that same password and user name in more secure environments, such as banking websites.
  • Change your passwords often. Set an automatic reminder for yourself to change your passwords on your email, banking, and credit card websites about every three months.
  • The greater the variety of characters in your password, the better. However, password hacking software automatically checks for common letter-to-symbol conversions, such as changing "and" to "&" or "to" to "2."
  • Use the entire keyboard, not just the letters and characters you use or see most often.

Create a strong password you can remember

There are many ways to create a long, complex password. Here are some suggestions that might help you remember it easily:
What to doExample
Start with a sentence or two.Complex passwords are safer.
Remove the spaces between the words in the sentence.Complexpasswordsaresafer.
Turn words into shorthand or intentionally misspell a word.ComplekspasswordsRsafer.
Add length with numbers. Put numbers that are meaningful to you after the sentence.ComplekspasswordsRsafer2011.

Test your password with a password checker

A password checker evaluates your password's strength automatically. Try our secure password checker.

Protect your passwords from prying eyes

The easiest way to "remember" passwords is to write them down. It is okay to write passwords down, but keep the written passwords in a secure place.

Common password pitfalls to avoid

Cyber criminals use sophisticated tools that can rapidly decipher passwords.
Avoid creating passwords that use:
  • Dictionary words in any language.
  • Words spelled backwards, common misspellings, and abbreviations.
  • Sequences or repeated characters. Examples: 12345678, 222222, abcdefg, or adjacent letters on your keyboard (qwerty).
  • Personal information. Your name, birthday, driver's license, passport number, or similar information.