Outlook Hole - Spammers Sending Spam using Not Read Receipts

Spam comes in many flavors and the most common technique that spammers use known as spoofing. Basically, a spammer sends a bunch of spam and he adds a header that says that it is from you, so when that message gets rejected by the spam victims, all the bounce messages come back to you. Its a common issue that can become bothersome, but not really that dangerous.

A new variant has been identified where users suspect Outlook is actually sending the spam. Knowing that mail server logs never lie, our team started pouring through the SMTP logs. We identified that entries our outbound mail did in fact show that those messages had, indeed, been sent from our servers and IP addresses. And to top it off, they had been sent using SMTP authentication. In other words, something had used the end users computer and password to send this new type of spam.

We checked for a new infection or unknown spambots using every method in our Arsenal with no success and were surprised to find it was a bug in how Outlook 2003 and 2007 and how it responds to read receipt requests for junk email. The spammers found a new way to send mail to unknown domains without any notification nor without an entry in your SENT items folders.

Spam occasionally includes requests for read receipts. In some cases this is so the spammer can check for valid email addresses but most of the time it’s not intentional or the spammer just wants to be doubly annoying since the sender’s address is invalid and the read/not read receipt bounces back to the victim in the form of an NDR.

The issue has been reported to Microsoft as far back as December 2007, with no resolution.

http://social.msdn.microsoft.com/forums/en-US/innovateonoffice/thread/82024df4-d5ec-4f89-b268-f824dc26c370/

We had to take action and investigate.

***THE PROBLEM***
We had a user on our servers report this issue. After investigating the issue we did notice that Outlook 2003 and 2007 was causing this outbound SPAM. The headers were showing that the messages were passing the end users local Outlook accounts and spammers found a new way to infiltrate. They basically BCC a number of spam targets and send you the spam message with a read reciept enabled. Once the message arrives and it is Not Read or if your Spam program deletes the message Outlook sends the following

To: [BCC Target]

Subject: Not read: [Varying Subjects]

Body:Your message

To: [your address]

Subject: [Varying Subjects]

Sent: 9/25/2008 4:19 AM
was deleted without being read on 3/28/2009 12:16 AM.

***The FIX***

In Outlook 2003 and 2007, access Tracking settings. -- Tools, Options, Preferences, Email Options, Tracking Options. Select Use this Option to Decide how to Respond to Requests for Read Receipts. Select button Ask me before sending a response.Select OK

*** The TEST***

Remove Preview Pane by Selecting View Toggle Preview PaneSend a NEW test message to yourself and a backup email with ***Spam Test*** in Subject and Select Read Receipt. When the message arrives, highlight the message and delete. Emtpy Deleted Items Folder. The pop up will show to respond to the message. Check off the box to Not show this message again and select No to All. The read receipts response will not be sent and you will be protected.

Say hello to Google Apps http://www.google.com/a and give Microsoft the boot.

WebCanDo.com has a proven track record of providing creative designs, custom database applications, information architecture, e-marketing, software, and high availability hosting services to a wide range of industries and companies around the world. Our team are expert Google Apps professionals. http://webcando.com/apps.html

Can the Palm Pre beat the Iphone?

The Palm Pre is an internet-connected multimedia smart phone designed and marketed by Palm, Inc. with a multi-touch screen and a sliding keyboard and CPU that rivals a small netbook. The phone is scheduled for release in the first half of 2009 and is the first phone to make use of the palm webOS — a Linux-based operating system developed by Palm. The Pre functions as a camera phone, a portable media player, a GPS system, and Internet client (with text messaging, email, web browsing, and local Wi-Fi connectivity).

The Palm Pre was debuted at the 2009 Consumer Electronics Show. It is the first mobile phone to use Texas Instruments OMAP 3430 processor. The Pre will initially be available exclusively through the Sprint CDMA network in the United States. However, an unlocked 3G UMTS/GSM version of the Pre will also be available for other markets.

The Palm Pre has also attracted simultaneous praise and criticism due to a few similar features previously exclusive to Apple's iPhone, not only with its physical design, but with certain aspects of its user interface. It has been speculated that a patent cross-licensing agreement may be forged over many of the touch features of the Palm Pre since Apple has also incorporated features previously patented by Palm in the iPhone, an impending court battle may be the result.

The Palm Pre was a major winner of three of CNET's Best of CES Awards 2009: Best in Show, Best in Category: Cell Phones & Smartphones and People's Voice.
Best in Show Details : http://ces.cnet.com/best-of-ces/

Overview

The Palm Pre features an ARM OMAP3430 microprocessor, featuring a 600 MHz ARM Cortex A8 CPU, PowerVR SGX 530 GPU, 430MHz C64x+ DSP + ISP (Image Signal Processor), the fastest of most phones available today. The phone comes with 8GB of internal memory, a 3 megapixel camera with LED Flash, Bluetooth, Wifi 802.11b/g with WPA and WPA2, and Removable Battery.
Specs provided by http://en.wikipedia.org/wiki/Palm_Pre

The Pre will be one of the first smartphones to feature wireless charging through a first of its kind; electromagnetic induction and the use of an optional wireless charging dock, dubbed the "Touchstone". A special Palm Pre wireless charging back cover will also necessary in order to utilize the device.
Additional Details : http://www.palm.com/us/products/accessories/dock.html

The Pre has connected calendars and contacts and uses the Palm Synergy feature to bring your Outlook, Google, and Facebook calendars together for one logical view of your day. And if you have the same contacts in different places, Pre can link them together, making it easy to find the information you need.

The Pre will keep multiple applications open and move easily between email, maps, photos, and websites. Pre arranges your applications as "activity cards," and lets you flip through them, move them around, or throw them off screen.

Notifications will no longer interupt your calls, as text messages and calendar appointments appear as notifications at the bottom of the screen. You’ll know what’s going on without being completely interrupted or losing your train of thought.

Web applications and search are incredibly fast due to the IE6 browser bringing you full websites the way they were meant to be seen, including Flash based content. Search by typing your contacts, applications, Google, or even Wikipedia. Universal search narrows down the possible results as you type, so it’s easier to find what you need.

Overall the design is a breakthrough design and slide out the keyboard for faster and easier texting a major advantage from the Iphone. Close it up and rotate Pre for music, websites, photos, and videos in full widescreen glory. You get the best of both worlds in one beautifully designed phone.

* Operating system:Palm webOS
* Network specs: 3G EVDO Rev A
* Display:3.1-inch touch screen with a vibrant 24-bit color 320x480 resolution HVGA display
* Keyboard:Physical QWERTY keyboard
* Email: Microsoft Outlook email with Microsoft Direct Push Technology
* POP3/IMAP (Yahoo, Gmail, AOL, etc).
* Messaging:Integrated IM, SMS, and MMS
* GPS:Built-in GPS
* Digital camera:3 megapixel camera with LED flash and extended depth of field
* Sensors:Ambient light, accelerometer, and proximity
* Media formats supported:
o Audio Formats: MP3, AAC, AAC+, AMR, QCELP, WAV
o Video Formats: MPEG-4, H.263, H.264
o Image Formats: GIF, Animated GIF, JPEG, PNG, BMP
* Wireless connectivity:
o Wi-Fi 802.11b/g with WPA, WPA2, 802.1X authentication
o Bluetooth 2.1 + EDR with A2DP stereo Bluetooth support
* Memory:8GB of user storage (~7.4GB user available)
* USB mass storage support
* Phone as laptop modem: Bluetooth tethering
* Connector:MicroUSB connector with USB 2.0 Hi-Speed
* Headphone jack: 3.5mm stereo
* Palm Touchstone charging dock: Compatible
* Dimensions:Width: 59.5mm (2.3 inches)
* Height: 100.5mm (3.9 inches)
* Thickness: 16.95mm (0.67 inches)
* Weight:135 grams (4.76 ounces)

Technical Specs provided by Sprint http://now.sprint.com/pre/?id9=vanity:pre

Overall, the Palm Pre looks like the best contender to the Iphone, hands down. We can only wait and see. Palm has bet the farm on this phone, so if the Pre flops Palm will be next company on the short list.

WebCanDo.com launches Green Initiative

WebCanDo.com launches http://www.GreenCanDo.org an environmental and socially responsible service of WebCanDo.com. GreenCanDo provides solutions to recycle and remove e-waste from the environment. We support and ideas to save clean the environment and find new solutions for a zero carbon footprint.

GreenCanDo is the result of WebCanDo.com's (http://www.webcando.com) environmental commitment to recycling. Our programs were created to eliminate electronic devices from ending up in the waste stream. We encourage everyone to help preserve our earth for future generations by recycling their used devices through one of our three programs.

GreenCanDo creates financially productive partnerships with environmentally friendly charities and programs to ensure that the benefits of recycling mobile phones, electronics, and inkjet cartridges are maximized, and their environmental impact is minimized. GreenCanDo provides marketing, operations and logistics support to our causes and to protect the environment.

By recycling these disposables, the greatest possible value is perpetuated from these devices; consumers are offered a socially and environmentally responsible means of disposing of their used equipment, charities generate donations to further their missions, and we all take steps to bridge the digital divide by providing affordable modern communications to citizens in the developing world. The refurbished phones are primarily used to provide affordable wireless service throughout the Caribbean, Latin America, Eastern Europe and India.

GreenCanDo recycles all donated non-functioning mobile phone batteries in an environmentally responsible manner, and all unusable devices are disposed of in accordance with all local and national environmental standards.

Google goes mobile with Google Sync

Google recently launched the new beta Google Sync service that can now sync contacts and calendars with most popular mobile phones like the Iphone, Blackberry, Android and Windows Mobile.

Synchronize your contacts. Get your Google contacts quickly and easily to your phone. With Sync, you can have access to your address book at anytime and place that you need it.

Get calendar alerts. Using your phone's native calendar, you can now access your Google calendar, and be alerted for upcoming appointments with sound or vibration.

Always in sync. Your contacts stay synchronized whether you access them from your phone or from your computer. Add or edit contact information right on your device or on your Google account on the web.

The Google Sync is part of the Google Mobile App suite that provides you a suite of mobile applications for your mobile phones like Search, Maps, YouTube and other Google products on your mobile device.

http://www.google.com/mobile/default/

Google publishes the approved Open Source projects for Google Summer of Code 2009

Google publishes the list of the Open Source projects selected for this year's Google Summer of Code program. Click below to see the list of participating companies.

http://socghop.appspot.com/program/accepted_orgs/google/gsoc2009

Google Summer of Code (GSoC) is a global program that offers student developers stipends to write code for various open source software projects. We have worked with several open source, free software, and technology-related groups to identify and fund several projects over a three month period. Since its inception in 2005, the program has brought together over 2600 students and 2500 mentors from nearly 100 countries worldwide, all for the love of code. Through Google Summer of Code, accepted student applicants are paired with a mentor or mentors from the participating projects, thus gaining exposure to real-world software development scenarios and the opportunity for employment in areas related to their academic pursuits. In turn, the participating projects are able to more easily identify and bring in new developers. Best of all, more source code is created and released for the use and benefit of all.

"As we conclude our fifth Google Summer of CodeTM, we are incredibly delighted to see the program continue to grow. By our internal estimates, we calculate that our students and mentors have produced nearly 6 million lines of code." said Leslie Hawthorn, Program Manager for Google Summer of Code. "We feel privileged to give back to the community that has provided us and the entire world with so much useful code."

Google Apps threatened by Privacy Group

March, 19th 2009 - EPIC, a public interest research group based in Washington, D.C, has urged the FTC (Federal Trade Commission) to shut down Google's Apps services, including Gmail and Google Docs. The petition filed on March 17th 2009 calls on the FTC to launch a formal probe of the Google Apps service. The petition was sparked by a Google security breach that allowed certain Google Docs files to be viewed by unauthorized users. Google estimates that the breach hit about 0.05 per cent of the documents stored by the service.

The Washington, D.C.based not for profit asked the FTC to assess the privacy and security safeguards used by Google's online apps and determine whether the company has properly represented these safeguards. "Google's inadequate security practices, and the resultant Google Docs data breach, caused substantial injury to consumers, without any countervailing benefits," EPIC stated in its petition. "The harm was reasonably avoidable, in that the damage could have been avoided or mitigated by the adoption of commonsense security practices, including the storage of personal data in encrypted form, rather than in plain text."

It also points to several cases where Google or outside researchers have discovered privacy and security flaws in the company's online apps, including the early March bug involving Google Docs.

The Google service has become an attractive low cost alternative to Microsoft, as the Apps Standard and Education versions are free. The more sophisticated Premier edition costs $50 per user per year and includes, a 99.9% uptime guarantee for Gmail and access to phone support.

Google would not discuss the petition, but it did provide a statement: "We have received a copy of the complaint but have not yet reviewed it in detail. Many providers of cloud computing services, including Google, have extensive policies, procedures and technologies in place to ensure the highest levels of data protection. Indeed, cloud computing can be more secure than storing information on your own hard drive. We are highly aware of how important our users' data is to them and take our responsibility very seriously."

Google has eyes on Voice - Google Voice beta launched

On March 13, 2009 Google released a preview of Google Voice, an application that helps you better manage your voice communications. Google Voice will be available initially to existing users of GrandCentral, a service they acquired in July of 2007. The new application improves the way you use your phone. Google Voice offers a host of great features, including a single number to ring your home, work, and mobile phones, a central voicemail inbox that you could access on the web, and the ability to screen calls by listening in live as callers leave a voicemail. You also can get transcripts of your voicemail and archive and search all of the SMS text messages you send and receive. You can also use the service to make low-priced international calls and easily access Goog-411 directory assistance.

Features : https://www.google.com/voice/about

The service is currently invitation only and will be the next big step in Unified Communications for Google.

WebCanDo Internet Seminar 3-31-09

Tuesday March, 31st 2009 7:00 - 8:00PM

WebCanDo Webinar hosted online by http://vyew.com/

Register online here http://seminar.webcando.com/

"How to start an E Commerce business and succeed in a changing economy."

AGENDA:

Guest Speaker - A 20 year internet and marketing veteran for companies like IBM, WorldCom, Verizon and Sprint will provide a dynamic presentation on the internet and how it can benefit your business.

The following will be covered :

I. Introduction
Introduction to the Internet, History of the Internet, Basic Internet Terminology, Internet Growth, Internet Statistics

II. How to start an E Commerce business and succeed in a changing environment.
Pitfalls, Success Stories, Growth Model, Basics of a Website, Bottom Line, The Steps, Tips, Internet Marketing overview, Online Credit Cards and more.

You will learn the most effective ways to increase and promote online sales.
You will receive an exclusive Top 500 keyword report for strategic marketing.
You will find new profitable marketing ideas for your online store or website.

BONUS PRIZES SPONSORED BY WebCanDo.com:
A free raffle for a Complete custom designed website including domain name, web hosting for one year, a 5 page custom designed website with flash and more gifts.

Everyone will leave with a special gift.

WebCanDo has become an approved Federal Contractor

WebCanDo.com parent company GTS Communications Inc. (GTS) is pleased to announce that we have become an approved federal contractor on March 11, 2009.

"Our company is poised to have a dramatic growth in our public sector initiative with our new federal government contractor status" said Tracy Gil, President of GTS. The company is seeking to partner with larger prime contractors for support on web and IT projects. The company is also looking for experienced account managers that can promote its services to the partner vertical and to federal government and state agencies.

The next step is to focus on a creating and supporting a new GSA schedule that would increase exposure and opportunities.

Welcome to the WebCanDo Blog!

WebCanDo.com was founded by inspired thinkers with a vision - to make internet commerce successful for business. WebCanDo.com is a privately held company focused on developing and promoting internet commerce.

WebCanDo.com has a proven track record of providing creative designs, custom database applications, information architecture, e-marketing, software, and high availability hosting services to a wide range of industries and companies around the world.

Developed by leading programmers in the internet industry, WebCanDo.com uses leading technology and incorporates superior functionality in our designs. Our company has emerged as one of the most innovative and affordable solutions in the internet marketplace.

We have launched this blog to promote our services and communicate with our customers about new industry developments and discuss the latest trends.