<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article09_11_30_166218</id>
	<title>Are Ad Servers Bogging Down the Web?</title>
	<author>CmdrTaco</author>
	<datestamp>1259601900000</datestamp>
	<htmltext>blackbearnh writes <i>"The work of making high-volume web sites perform well is an ongoing challenge, and one that continues to evolve as the nature of web content changes.  According to Google Performance Guru Steve Souders, fat JavaScript libraries and rich content are creating new problems for web site tuning, but one of the biggest problems lies outside the control of web site administrators &mdash; ad servers.  In an interview previewing the upcoming Velocity Online conference run by O'Reilly, Souders talks at length about  <a href="http://radar.oreilly.com/2009/11/steve-souders-making-web-sites.html">the real causes of poor web performance</a> today, and in particular, the effect that poorly performing ad servers are creating. 'We adopted a framework of inserting ads, of creating ads, that's pretty simple. And because it's pretty simple, it's not highly tuned. That's one reason why we shouldn't be too surprised that we see performance issues in third party ads. The other reason is that ad services are not focused on technology. Certainly companies like Yahoo and Google and Microsoft, we're technology companies. We focus on technology. So it's not surprising that our web developers are on the leading edge of adopting these performance best practices. And it's also not surprising that ad services might lag two, three or four years behind where these web technology companies are.'"</i></htmltext>
<tokenext>blackbearnh writes " The work of making high-volume web sites perform well is an ongoing challenge , and one that continues to evolve as the nature of web content changes .
According to Google Performance Guru Steve Souders , fat JavaScript libraries and rich content are creating new problems for web site tuning , but one of the biggest problems lies outside the control of web site administrators    ad servers .
In an interview previewing the upcoming Velocity Online conference run by O'Reilly , Souders talks at length about the real causes of poor web performance today , and in particular , the effect that poorly performing ad servers are creating .
'We adopted a framework of inserting ads , of creating ads , that 's pretty simple .
And because it 's pretty simple , it 's not highly tuned .
That 's one reason why we should n't be too surprised that we see performance issues in third party ads .
The other reason is that ad services are not focused on technology .
Certainly companies like Yahoo and Google and Microsoft , we 're technology companies .
We focus on technology .
So it 's not surprising that our web developers are on the leading edge of adopting these performance best practices .
And it 's also not surprising that ad services might lag two , three or four years behind where these web technology companies are .
' "</tokentext>
<sentencetext>blackbearnh writes "The work of making high-volume web sites perform well is an ongoing challenge, and one that continues to evolve as the nature of web content changes.
According to Google Performance Guru Steve Souders, fat JavaScript libraries and rich content are creating new problems for web site tuning, but one of the biggest problems lies outside the control of web site administrators — ad servers.
In an interview previewing the upcoming Velocity Online conference run by O'Reilly, Souders talks at length about  the real causes of poor web performance today, and in particular, the effect that poorly performing ad servers are creating.
'We adopted a framework of inserting ads, of creating ads, that's pretty simple.
And because it's pretty simple, it's not highly tuned.
That's one reason why we shouldn't be too surprised that we see performance issues in third party ads.
The other reason is that ad services are not focused on technology.
Certainly companies like Yahoo and Google and Microsoft, we're technology companies.
We focus on technology.
So it's not surprising that our web developers are on the leading edge of adopting these performance best practices.
And it's also not surprising that ad services might lag two, three or four years behind where these web technology companies are.
'"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272340</id>
	<title>I'm doing my part...</title>
	<author>thestudio\_bob</author>
	<datestamp>1259608920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I'm on a pretty pathetic DSL line, so I've tried to optimize things on my end. First, I've setup my "hosts" file to loopback on about 16,000 websites. And I also use a plugin that blocks Flash (unless you click on it).

My browsing experience has never been smoother.</htmltext>
<tokenext>I 'm on a pretty pathetic DSL line , so I 've tried to optimize things on my end .
First , I 've setup my " hosts " file to loopback on about 16,000 websites .
And I also use a plugin that blocks Flash ( unless you click on it ) .
My browsing experience has never been smoother .</tokentext>
<sentencetext>I'm on a pretty pathetic DSL line, so I've tried to optimize things on my end.
First, I've setup my "hosts" file to loopback on about 16,000 websites.
And I also use a plugin that blocks Flash (unless you click on it).
My browsing experience has never been smoother.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274352</id>
	<title>Re:Kind of Fitting</title>
	<author>countertrolling</author>
	<datestamp>1259574120000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>You got it backwards. The purpose of the article is to get you to see the ad. Nobody cares if the article gets read or not.</p></htmltext>
<tokenext>You got it backwards .
The purpose of the article is to get you to see the ad .
Nobody cares if the article gets read or not .</tokentext>
<sentencetext>You got it backwards.
The purpose of the article is to get you to see the ad.
Nobody cares if the article gets read or not.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273654</id>
	<title>Re:Security?</title>
	<author>dkleinsc</author>
	<datestamp>1259571720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>If they're not, then you're giving third-party content access to your site's security zone, which is a terrible idea.</p></div><p>Since when in the long history of bad website security and misused PHP has "a terrible idea" implied "not implemented that way"? Also, if you have some manager who is upset that the page views don't match the ad impressions (because of people using the various techniques listed all over this discussion) demanding that developers do the wrong thing to ensure that all users see all the ads, you might have terrible ideas put in place.</p></div>
	</htmltext>
<tokenext>If they 're not , then you 're giving third-party content access to your site 's security zone , which is a terrible idea.Since when in the long history of bad website security and misused PHP has " a terrible idea " implied " not implemented that way " ?
Also , if you have some manager who is upset that the page views do n't match the ad impressions ( because of people using the various techniques listed all over this discussion ) demanding that developers do the wrong thing to ensure that all users see all the ads , you might have terrible ideas put in place .</tokentext>
<sentencetext>If they're not, then you're giving third-party content access to your site's security zone, which is a terrible idea.Since when in the long history of bad website security and misused PHP has "a terrible idea" implied "not implemented that way"?
Also, if you have some manager who is upset that the page views don't match the ad impressions (because of people using the various techniques listed all over this discussion) demanding that developers do the wrong thing to ensure that all users see all the ads, you might have terrible ideas put in place.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271684</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271726</id>
	<title>Block 'em all...</title>
	<author>rshol</author>
	<datestamp>1259606400000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext>...let God sort 'em out.

At least that's my policy.</htmltext>
<tokenext>...let God sort 'em out .
At least that 's my policy .</tokentext>
<sentencetext>...let God sort 'em out.
At least that's my policy.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275246</id>
	<title>ad servers are killing newspaper web sites</title>
	<author>swschrad</author>
	<datestamp>1259577960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>some of them are just impossible to get into, and there is now periodically on multiple sites from the NYT to the star tribune an IE failure when the news is fully loaded, but the ads are not... "IE cannot load the website."</p><p>folks, if these here ads are going to save the news business, we better bring back the telegraph.</p></htmltext>
<tokenext>some of them are just impossible to get into , and there is now periodically on multiple sites from the NYT to the star tribune an IE failure when the news is fully loaded , but the ads are not... " IE can not load the website .
" folks , if these here ads are going to save the news business , we better bring back the telegraph .</tokentext>
<sentencetext>some of them are just impossible to get into, and there is now periodically on multiple sites from the NYT to the star tribune an IE failure when the news is fully loaded, but the ads are not... "IE cannot load the website.
"folks, if these here ads are going to save the news business, we better bring back the telegraph.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271612</id>
	<title>Slow ads...</title>
	<author>Bert64</author>
	<datestamp>1259605860000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>Quite often you will be loading a website, and be staring at a blank screen with "making connection to ads.blablabla" at the bottom.... The page itself has loaded, but won't display until the browser has managed to retrieve the ads.</p><p>Also you will see ad servers in completely different locations to the site you're viewing, and therefore much slower.</p><p>Also, some ads are especially large, especially animated flash ones, and can add a noticeable delay to a page load even if the ad server isn't slow or lagged.</p><p>My pet hate btw, are ads which have sound... I find that EXTREMELY annoying and quickly block access to any ad provider which serves such things.</p></htmltext>
<tokenext>Quite often you will be loading a website , and be staring at a blank screen with " making connection to ads.blablabla " at the bottom.... The page itself has loaded , but wo n't display until the browser has managed to retrieve the ads.Also you will see ad servers in completely different locations to the site you 're viewing , and therefore much slower.Also , some ads are especially large , especially animated flash ones , and can add a noticeable delay to a page load even if the ad server is n't slow or lagged.My pet hate btw , are ads which have sound... I find that EXTREMELY annoying and quickly block access to any ad provider which serves such things .</tokentext>
<sentencetext>Quite often you will be loading a website, and be staring at a blank screen with "making connection to ads.blablabla" at the bottom.... The page itself has loaded, but won't display until the browser has managed to retrieve the ads.Also you will see ad servers in completely different locations to the site you're viewing, and therefore much slower.Also, some ads are especially large, especially animated flash ones, and can add a noticeable delay to a page load even if the ad server isn't slow or lagged.My pet hate btw, are ads which have sound... I find that EXTREMELY annoying and quickly block access to any ad provider which serves such things.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271960</id>
	<title>Re:Google Analytics</title>
	<author>cnvandev</author>
	<datestamp>1259607300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>That's VERY true, I've seen "Waiting for analytics.google.com" in the status bar one too many times for Steve Souders, performance guru, to complain about something like this. He keeps flopping back and forth between coming off as genuinely interested in the well-being of the internet, and boosting another Google service...although they're free services, and Google's been excellent about data liberation, so I don't quite know what I'm complaining about.</htmltext>
<tokenext>That 's VERY true , I 've seen " Waiting for analytics.google.com " in the status bar one too many times for Steve Souders , performance guru , to complain about something like this .
He keeps flopping back and forth between coming off as genuinely interested in the well-being of the internet , and boosting another Google service...although they 're free services , and Google 's been excellent about data liberation , so I do n't quite know what I 'm complaining about .</tokentext>
<sentencetext>That's VERY true, I've seen "Waiting for analytics.google.com" in the status bar one too many times for Steve Souders, performance guru, to complain about something like this.
He keeps flopping back and forth between coming off as genuinely interested in the well-being of the internet, and boosting another Google service...although they're free services, and Google's been excellent about data liberation, so I don't quite know what I'm complaining about.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271774</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271636</id>
	<title>Yup</title>
	<author>Anonymous</author>
	<datestamp>1259605980000</datestamp>
	<modclass>Redundant</modclass>
	<modscore>-1</modscore>
	<htmltext><p>You also have to consider, we're not really customers on most sites anymore, we're just consumers.  Microsoft, Google, Yahoo, etc, we're their customers, they have us to impress and want to be fast, because that's how we decide if we wanna use them in part, and they need to be impressive.  Ad companies and sites like Facebook? Not their customers!</p><p>So yeah, a site will improve it's speed to get more consumers who view ads which makes their REAL customers (the ad companies) happy.  The ad companies, their customers aren't the websites that host their ads, they're the people who purchase the ads, and those people really don't care about optimizing the ad delivery architecture, that's a problem that the ad companies just don't care about.</p><p>So the people who suffer longer load times are us, who no one in this chain really cares about as long as they have our eyeballs.  Then you have the server admins on the websites, who see no problems because their site is optimized with a small load and all the hard load goes on the ad servers.  Lastly, you have the ad companies, who adapt only as necessary, and have enough money it probably doesn't make economic sense to optimize their ad delivery system.</p><p>So we end up with long load times.</p></htmltext>
<tokenext>You also have to consider , we 're not really customers on most sites anymore , we 're just consumers .
Microsoft , Google , Yahoo , etc , we 're their customers , they have us to impress and want to be fast , because that 's how we decide if we wan na use them in part , and they need to be impressive .
Ad companies and sites like Facebook ?
Not their customers ! So yeah , a site will improve it 's speed to get more consumers who view ads which makes their REAL customers ( the ad companies ) happy .
The ad companies , their customers are n't the websites that host their ads , they 're the people who purchase the ads , and those people really do n't care about optimizing the ad delivery architecture , that 's a problem that the ad companies just do n't care about.So the people who suffer longer load times are us , who no one in this chain really cares about as long as they have our eyeballs .
Then you have the server admins on the websites , who see no problems because their site is optimized with a small load and all the hard load goes on the ad servers .
Lastly , you have the ad companies , who adapt only as necessary , and have enough money it probably does n't make economic sense to optimize their ad delivery system.So we end up with long load times .</tokentext>
<sentencetext>You also have to consider, we're not really customers on most sites anymore, we're just consumers.
Microsoft, Google, Yahoo, etc, we're their customers, they have us to impress and want to be fast, because that's how we decide if we wanna use them in part, and they need to be impressive.
Ad companies and sites like Facebook?
Not their customers!So yeah, a site will improve it's speed to get more consumers who view ads which makes their REAL customers (the ad companies) happy.
The ad companies, their customers aren't the websites that host their ads, they're the people who purchase the ads, and those people really don't care about optimizing the ad delivery architecture, that's a problem that the ad companies just don't care about.So the people who suffer longer load times are us, who no one in this chain really cares about as long as they have our eyeballs.
Then you have the server admins on the websites, who see no problems because their site is optimized with a small load and all the hard load goes on the ad servers.
Lastly, you have the ad companies, who adapt only as necessary, and have enough money it probably doesn't make economic sense to optimize their ad delivery system.So we end up with long load times.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272360</id>
	<title>It is under your control</title>
	<author>gdshaw</author>
	<datestamp>1259608980000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><blockquote><div><p>one of the biggest problems lies outside the control of web site administrators, ad servers.</p></div></blockquote><p>Nonsense!  I for one have chosen to keep my websites ad-free, hence no ad servers and no slowdown.  The same goes for untold thousands of other webmasters.</p><p>If you've chosen differently then<nobr> <wbr></nobr>... well, I suppose it's your website and your decision &mdash; but please don't come whining to us about the consequences.</p></div>
	</htmltext>
<tokenext>one of the biggest problems lies outside the control of web site administrators , ad servers.Nonsense !
I for one have chosen to keep my websites ad-free , hence no ad servers and no slowdown .
The same goes for untold thousands of other webmasters.If you 've chosen differently then ... well , I suppose it 's your website and your decision    but please do n't come whining to us about the consequences .</tokentext>
<sentencetext>one of the biggest problems lies outside the control of web site administrators, ad servers.Nonsense!
I for one have chosen to keep my websites ad-free, hence no ad servers and no slowdown.
The same goes for untold thousands of other webmasters.If you've chosen differently then ... well, I suppose it's your website and your decision — but please don't come whining to us about the consequences.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275958</id>
	<title>Useful for infecting me, slowing me down, &amp; mo</title>
	<author>Anonymous</author>
	<datestamp>1259580360000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><div class="quote"><p><b>"But ads are useful."</b> - by hey (83763) on Monday November 30, @12:40PM (#30271716)</p></div><p>Per my subject line above? Who are they useful to?? Webmasters leeching off users, or malware makers as well (see my p.s. below) but... I have the solution to that, &amp; the speed that adbanners/banner ads take away from you (as well as proof of their infecting others too many times the past few years now also).</p><p>So - <b>How about a GLOBAL solution, instead, &amp; one that extends to ALL of your "webbound apps", instead, &amp; NOT just to Mozilla softwares which is all browser addons soluations works for, in INDIVIDUAL BROWSERS ONLY...</b> (Beyond FF/Mozilla stuff, or, even Opera? Think IE, Outlook &amp; other email programs even, + more), AND, the solution I propose also acts as "layered security" in combination with the FF/Mozilla only methods many here, use  (which sadly, your methods are KNOWN to slow your browser down, use CPU cycles &amp; more (like having bugs &amp; security flaws in themselves too)... where this solution does not &amp; covers ALL webbound apps, globally)??</p><p>Here is <b>a GOOD SOLID WORK-AROUND, CALLED A HOSTS FILE!</b></p><p>(It works for more speed online, AND SECURITY ESPECIALLY... Also, it works for your money, because you pay for your linetime out of pocket most likely as I do, you can get back your speed, AND, gain security easily, &amp; from a single easily edited file &amp; a file eats no CPU cycles like a local DNS server can (&amp; are not as security vulnerable either if you protect write access to a HOSTS file also)... Anyhow/anyways - Here goes:</p><p>SO - "that all said &amp; aside"? Well, per your reply?? You're solutions cost CPU cycles &amp; are KNOWN to slow down FF/Mozilla variants (as browser addons do), but... Hey - NO PROBLEM, because HOSTS files work alongside those addons too, &amp; offer you more speed online AND more security, via a SINGLE EASILY EDITED + POPULATED FILE (called a HOSTS file):</p><p>I use <b>a custom HOSTS file</b>, in addition to the tools others here in this thread have noted (which MANY like FF addons only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, &amp; that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", &amp; of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).</p><p><b>HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&amp;C servers" too!</b></p><p><b>You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!</b></p><p>(More on that later &amp; WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -&gt; <a href="http://en.wikipedia.org/wiki/Hosts\_file" title="wikipedia.org" rel="nofollow">http://en.wikipedia.org/wiki/Hosts\_file</a> [wikipedia.org] or those from mvps.org (a good one this one))</p><p><b>I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats, via:</b></p><p>----</p><p>A.) Spybot "Search &amp; Destroy" updates (populates HOSTS and browser block lists)</p><p>B.) Sites like ZDNet's Mr. Dancho Danchev's blog -&gt; <a href="http://ddanchev.blogspot.com/" title="blogspot.com" rel="nofollow">http://ddanchev.blogspot.com/</a> [blogspot.com]</p><p>C.) Sites like FireEye -&gt; <a href="http://blog.fireeye.com/" title="fireeye.com" rel="nofollow">http://blog.fireeye.com/</a> [fireeye.com]</p><p>D.) SRI -&gt; <a href="http://mtc.sri.com/" title="sri.com" rel="nofollow">http://mtc.sri.com/</a> [sri.com]</p><p>----</p><p>My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).</p><p>(I combined ALL reputable HOSTS files with one of my own (30,000 entries), &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++". That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller &amp; thus faster than 127.0.0.1 default) or the smallest &amp; fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (&amp; it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (&amp; now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -&gt; <a href="http://www.rootkit.com/newsread.php?newsid=952" title="rootkit.com" rel="nofollow">http://www.rootkit.com/newsread.php?newsid=952</a> [rootkit.com] [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))</p><p><b>Another EXCELLENT benefit of HOSTS file usage? More speed online, &amp; also more security + reliability</b> (especially in the case of DNS servers today, per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...</p><p><b>AND, YOU CAN GET EVEN MORE SPEED, and RELIABILITY</b> (vs. downed or "DNS poisoned/misdirected" dns servers too) <b>via yet another "hidden bonus for speed" in HOSTS files:</b></p><p>HOW SO? WELL - <b>I use another "technique" called "hardcoding" an IP address to domainname/hostname in my HOSTS files, for my FAVORITE websites:</b></p><p><b>This allows me to FIRST bypass any remote/external DNS lookups, which also would in theory @ least, make me "proofed" vs. DNS request logs by my ISP/BSP also.</b></p><p>(Especially since I use external DNS servers too, OpenDNS ones to be specific, that go beyond my hardcoded favs in my HOSTS file because I can't ping &amp; resolve the ENTIRE internet after all)</p><p>This also makes it harder for others to track me...</p><p>(Sure, they could do a "reverse DNS lookup" via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest, but that is harder to do, than looking up my URL requests via a log on a DNS server))</p><p><b>ALSO, AS ANOTHER "BONUS" in HOSTS FILES</b> (can't stress it enough, &amp; especially above + beyond adbanner blocking)<b>:  It speeds you up, or can!</b></p><p>E.G.-&gt; A buddy of mine named Jack says it has (verbatim quote) "DOUBLED MY SPEED ONLINE, BUT I VALUE THE SECURITY PART MORE", because he used to get over 200++ viruses a week, now? Only maybe 2 a year IF THAT lately, &amp; he is convinced it is largely due to the HOSTS file I send him weekly (he is my "lab rat #1" due to his previous infestation rate), &amp; if that "anecdotal evidence" is not enough? See this then, from a published security guru on a respected site for it:</p><p>====</p><p><b>RESURRECTING THE KILLFILE:</b></p><p>(by Mr. Oliver Day)</p><p><a href="http://www.securityfocus.com/columnists/491" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/columnists/491</a> [securityfocus.com]</p><p><b>PERTINENT EXCERPTS/QUOTES:</b></p><p>"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."</p><p>"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."</p><p>====</p><p>(A nice bonus beyond blocking adbanners via HOSTS too, because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below, several examples thereof no less), because you don't waste between 30-N ms calling out to an external DNS!</p><p>(Again, and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it)</p><p>Thus, <b>SO, even IF your DNS servers go down, or are "dns poisoned"</b> (or fall to yet another security flaw, many are in my "p.s." below no less, as documented evidences thereof to my statements here no less)?</p><p>Well, <b>by using a custom HOSTS file setup, you can STILL GET TO YOUR FAV. SITES IF HARDCODED in your HOSTS FILE &amp; @ higher speeds than DNS server calls, 30-N times faster in fact</b> (a good thing, but one you may have to periodically alter, easily, via notepad.exe edits of your HOSTS file &amp; a ping to update their new address (sites change hosting providers due to better services or prices, rare, but they do &amp; MOST let you know they are about to do so anyhow, so you can amend a HOSTS file)).</p><p>NICEST PART IS, THOUGH, PER YOUR STATEMENT (in addition to the benefits of HOSTS file I note above, alongside others like Mr. Oliver Day of SECURITYFOCUS.COM)?</p><p>I will STILL get to where it is that I WANT TO GO, not the router's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least, because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL, not via my routers' onboard DNS server...</p><p>APK</p><p>P.S.=&gt; Evidences as to WHY you'd want to add on the "extra layered security protection" of a HOSTS file, which extends global security coverage to your webbound apps, AND, allows for a great deal of added extra speed as well? Ok, here are some documented reasons why like:</p><p>a.) DNS servers vulnerable, under attack, failing or being "DNS poisoned" misdirected &amp; more</p><p>b.) Security suites failing vs. modern "blended threats" online</p><p>c.) javascript being used to do most of this via apps)</p><p>d.) adbanners being maliciously coded also...</p><p>(Here we go with documented proofs/examples:)</p><p>====</p><p><b>POISONED MALSCRIPTED ADBANNERS</b></p><p><b>The Next Ad You Click May Be a Virus:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/06/15/2056219" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/06/15/2056219</a> [slashdot.org]</p><p>----</p><p><b>Attackers Infect Ads With Old Adobe Vulnerability:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/02/25/024211" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/02/25/024211</a> [slashdot.org]</p><p>----</p><p><b>Hackers Use Banner Ads on Major Sites to Hijack Your PC:</b></p><p><a href="http://www.wired.com/techbiz/media/news/2007/11/doubleclick" title="wired.com" rel="nofollow">http://www.wired.com/techbiz/media/news/2007/11/doubleclick</a> [wired.com]</p><p>----</p><p><b>Adobe Flash Ads Launching Clipboard Hijack Attacks:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss</a> [slashdot.org]</p><p>----</p><p><b>Slashdot | Americans Don't Want Targeted Ads:</b></p><p><a href="http://yro.slashdot.org/article.pl?sid=09/10/01/1854214" title="slashdot.org" rel="nofollow">http://yro.slashdot.org/article.pl?sid=09/10/01/1854214</a> [slashdot.org]</p><p>====</p><p><b>DNS PROBLEMS:</b></p><p><b>Number of Rogue DNS Servers on the Rise:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212</a> [slashdot.org]</p><p>----</p><p><b>Security Researcher Kaminsky Pushes DNS Patching:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/02/19/2322231" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/02/19/2322231</a> [slashdot.org]</p><p>----</p><p><b>Ten Percent of DNS Servers Still Vulnerable:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235</a> [slashdot.org]</p><p>----</p><p><b>TimeWarner DNS Hijacking:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=07/07/23/2140208" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=07/07/23/2140208</a> [slashdot.org]</p><p>----</p><p><b>Another DNS Flaw Found:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=09/01/09/2348240" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=09/01/09/2348240</a> [slashdot.org]</p><p>----</p><p><b>Attack Code Published For DNS Vulnerability:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254</a> [slashdot.org]</p><p>----</p><p><b>BIND Still Susceptible To DNS Cache Poisoning:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222</a> [slashdot.org]</p><p>----</p><p><b>DDoS Attacks Via DNS Recursion:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209</a> [slashdot.org]</p><p>----</p><p><b>DNS Poisoning Hits One of China's Biggest ISPs:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250</a> [slashdot.org]</p><p>----</p><p><b>DNS Root Servers Attacked:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225</a> [slashdot.org]</p><p>----</p><p><b>DNS Problem Linked To DDoS Attacks Gets Worse:</b></p><p><a href="http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858</a> [slashdot.org]</p><p>----</p><p><b>Are your servers vulnerable to DNS attacks?</b></p><p><a href="http://www.networkworld.com/news/2007/111907-dns-attacks.html" title="networkworld.com" rel="nofollow">http://www.networkworld.com/news/2007/111907-dns-attacks.html</a> [networkworld.com]</p><p>----</p><p><b>Kaminsky On DNS Bugs a Year Later and DNSSEC:</b></p><p><a href="http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC" title="slashdot.org" rel="nofollow">http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC</a> [slashdot.org]</p><p>----</p><p><b>DNS users put higher premium on security:</b></p><p><a href="http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/" title="techworld.com" rel="nofollow">http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/</a> [techworld.com]</p><p>----</p><p><b>BIND, the Buggy Internet Name Daemon:</b></p><p><a href="http://cr.yp.to/djbdns/blurb/unbind.html" title="cr.yp.to" rel="nofollow">http://cr.yp.to/djbdns/blurb/unbind.html</a> [cr.yp.to]</p><p>(Where djbdns was found to have flaw, though it was alleged invulnerable, they paid out $10,000 reward)</p><p>----</p><p><b>DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE:</b></p><p><a href="http://blogs.zdnet.com/security/?p=1520" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=1520</a> [zdnet.com]</p><p>----</p><p><b>DNS REBINDING ATTACKS: MultiPinning Browser JavaScript Vulnerability</b> (how to protect yourself):</p><p><a href="http://crypto.stanford.edu/dns/" title="stanford.edu" rel="nofollow">http://crypto.stanford.edu/dns/</a> [stanford.edu]</p><p>----</p><p><b>Hackers hijack DNS records of high profile New Zealand sites:</b></p><p><a href="http://blogs.zdnet.com/security/?p=3185" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=3185</a> [zdnet.com]</p><p>====</p><p><b>SECURITY SUITE PROGRAMS FAILING:</b></p><p><b>AntiVirus Products Fail to Find Simple IE Malware:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=07/10/29/1747237" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=07/10/29/1747237</a> [slashdot.org]</p><p>----</p><p><b>Most Security Products Fail To Perform:</b></p><p><a href="http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652" title="slashdot.org" rel="nofollow">http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652</a> [slashdot.org]</p><p>----</p><p><b>TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM:</b></p><p><a href="http://secunia.com/blog/29/" title="secunia.com" rel="nofollow">http://secunia.com/blog/29/</a> [secunia.com]</p><p>----</p><p><b>Top security suites fail exploit tests:</b></p><p><a href="http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head" title="computerworld.com" rel="nofollow">http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head</a> [computerworld.com]</p><p>----</p><p><b>Antivirus is 'completely wasted money': Cisco CSO: News - Security - ZDNet Australia:</b></p><p><a href="http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert" title="zdnet.com.au" rel="nofollow">http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert</a> [zdnet.com.au]</p><p>----</p><p><b>Are Routers the Next Big Target for Hackers?</b></p><p><a href="http://blogs.zdnet.com/security/?p=919" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=919</a> [zdnet.com]</p><p>----</p><p><b>Software Firewalls: Made of Straw? Part 1 of 2:</b></p><p><a href="http://www.securityfocus.com/infocus/1839" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/infocus/1839</a> [securityfocus.com]</p><p><b>Software Firewalls: Made of Straw? Part 2 of 2:</b></p><p><a href="http://www.securityfocus.com/infocus/1840/2" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/infocus/1840/2</a> [securityfocus.com]</p><p>----</p><p><b>Brief study shows difficulty in detecting malware (2008):</b></p><p><a href="http://www.securityfocus.com/brief/858" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/858</a> [securityfocus.com]</p><p>----</p><p><b>2007 - Browser vulnerabilities and attacks will continue to mount:</b></p><p><a href="http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679" title="infoworld.com" rel="nofollow">http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679</a> [infoworld.com]</p><p>----</p><p><b>Bug exposes Cisco switches to attacks:</b></p><p><a href="http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news" title="cnet.com" rel="nofollow">http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news</a> [cnet.com]</p><p>&amp;</p><p><b>CISCO "COMES CLEAN" ON EXTENT OF IOS FLAW:</b></p><p><a href="http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/" title="eweek.com" rel="nofollow">http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/</a> [eweek.com]</p><p>&amp;</p><p><b>Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability:</b></p><p><a href="http://secunia.com/advisories/28625/" title="secunia.com" rel="nofollow">http://secunia.com/advisories/28625/</a> [secunia.com]</p><p>+</p><p><b>Computer routers face hijack risk - study:</b></p><p><a href="http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss" title="www.cbc.ca" rel="nofollow">http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss</a> [www.cbc.ca]</p><p>Slashdot Technology Story | Will Mainstream Media Embrace Adblockers?</p><p><a href="http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers</a> [slashdot.org]</p><p>----</p><p><b>Congress May Require ISPs To Block Certain Fraud Sites:</b></p><p><a href="http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078" title="slashdot.org" rel="nofollow">http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078</a> [slashdot.org]</p><p>====</p><p><b>JAVASCRIPT PROBLEMS:</b></p><p><b>Slashdot | Adobe Confirms PDF Zero-Day, Says Kill JavaScript:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/04/29/1823234" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/04/29/1823234</a> [slashdot.org]</p><p>----</p><p><b>Adobe Flash Zero-Day Attack Underway:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss</a> [slashdot.org]</p><p>----</p><p><b>JavaScript flaw reported in Adobe Reader</b> (4th or 5th time already, if not more):</p><p><a href="http://www.securityfocus.com/brief/953" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/953</a> [securityfocus.com]</p><p>----</p><p><b>Another malware pulls an Italian job via JAVASCRIPT:</b></p><p><a href="http://blog.trendmicro.com/another-malware-pulls-an-italian-job/" title="trendmicro.com" rel="nofollow">http://blog.trendmicro.com/another-malware-pulls-an-italian-job/</a> [trendmicro.com]</p><p>----</p><p><b>JavaScript opens doors to browser-based attacks | CNET News.com:</b></p><p><a href="http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news" title="com.com" rel="nofollow">http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news</a> [com.com]</p><p>----</p><p><b>Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secunia</b></p><p><a href="http://secunia.com/advisories/29787/" title="secunia.com" rel="nofollow">http://secunia.com/advisories/29787/</a> [secunia.com]</p><p>----</p><p><b>New script outstrips all other drive-by download risks:</b></p><p><a href="http://www.theregister.co.uk/2009/05/15/script\_menace/" title="theregister.co.uk" rel="nofollow">http://www.theregister.co.uk/2009/05/15/script\_menace/</a> [theregister.co.uk]</p><p>----</p><p><b>Researcher to demonstrate attack code for Intel chips via Javascript:</b></p><p><a href="http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036" title="infoworld.com" rel="nofollow">http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036</a> [infoworld.com]</p><p>----</p><p><b>Researcher: JavaScript Attacks Get Slicker:</b></p><p><a href="http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/" title="eweek.com" rel="nofollow">http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/</a> [eweek.com]</p><p>----</p><p><b>Rise Of The PDF Exploits:</b></p><p><a href="http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits" title="trustedsource.org" rel="nofollow">http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits</a> [trustedsource.org]</p><p>----</p><p><b>ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF:</b></p><p><a href="http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219" title="shadowserver.org" rel="nofollow">http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219</a> [shadowserver.org]</p><p>----</p><p><b>AJAX Poses Security, Performance Risks:</b></p><p><a href="http://www.eweek.com/article2/0,1895,1916673,00.asp" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,1916673,00.asp</a> [eweek.com]</p><p>----</p><p><b>Web 2.0 Threats and Risks for Financial Services:</b></p><p><a href="http://www.net-security.org/article.php?id=1004&amp;p=1" title="net-security.org" rel="nofollow">http://www.net-security.org/article.php?id=1004&amp;p=1</a> [net-security.org]</p><p><a href="http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack" title="cbronline.com" rel="nofollow">http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack</a> [cbronline.com]</p><p>----</p><p><b>Cross Site Scripting</b> (GOOGLE) <b>and WHY TO TURN OFF JAVASCRIPT:</b></p><p><a href="http://www.cgisecurity.com/xss-faq.html" title="cgisecurity.com" rel="nofollow">http://www.cgisecurity.com/xss-faq.html</a> [cgisecurity.com]</p><p>----</p><p><b>Why the FBI Director Doesn't Bank Online</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/10/08/0327240" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/10/08/0327240</a> [slashdot.org]</p><p>====</p><p><b>MAJOR ATTACKS (only a small sample) of WHY LAYERED SECURITY IS NEEDED</b></p><p><b>Is the Botnet Battle Already Lost?</b></p><p><a href="http://www.eweek.com/article2/0,1895,2029720,00.asp" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,2029720,00.asp</a> [eweek.com]</p><p>----</p><p><b>IT Pros Say They Can't Stop Data Breaches:</b></p><p><a href="http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD</a> [eweek.com]</p><p>----</p><p><b>Cyber Attacks On US Military Jump Sharply In 2009</b></p><p><a href="http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742</a> [slashdot.org]</p><p>----</p><p><b>Bots Found Inside Many Big Companies:</b></p><p><a href="http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html" title="baselinemag.com" rel="nofollow">http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html</a> [baselinemag.com]</p><p>----</p><p><b>Bot master owns up to 250,000 zombie PCs:</b></p><p><a href="http://www.securityfocus.com/news/11495" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/news/11495</a> [securityfocus.com]</p><p>----</p><p><b>Bots surge ahead (2007):</b></p><p><a href="http://www.securityfocus.com/brief/466" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/466</a> [securityfocus.com]</p><p>----</p><p><b>Chinese Hackers Hit Commerce Department:</b></p><p><a href="http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227" title="informationweek.com" rel="nofollow">http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227</a> [informationweek.com]</p><p>----</p><p><b>CIA Admits Cyberattacks Blacked Out Cities:</b></p><p><a href="http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631" title="informationweek.com" rel="nofollow">http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631</a> [informationweek.com]</p><p>----</p><p><b>Compromised Banks and Investment sites list 2006:</b></p><p><a href="http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679" title="slashdot.org" rel="nofollow">http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679</a> [slashdot.org]</p><p>----</p><p><b>Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Massive IFRAME SEO Poisoning Attack Continuing:</b></p><p><a href="http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html" title="blogspot.com" rel="nofollow">http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html</a> [blogspot.com]</p><p>----</p><p><b>Data at Bank of America, Wachovia, others compromised - May. 23, 2005:</b></p><p><a href="http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm" title="cnn.com" rel="nofollow">http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm</a> [cnn.com]</p><p>----</p><p><b>Fresh Security Breaches at Los Alamos:</b></p><p><a href="http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/" title="msn.com" rel="nofollow">http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/</a> [msn.com]</p><p>----</p><p><b>Infected job search sites lead to info theft for 46,000:</b></p><p><a href="http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000" title="computerworld.com" rel="nofollow">http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000</a> [computerworld.com]</p><p>----</p><p><b>New Mega-Botnet Discovered:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/04/22/2223214" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/04/22/2223214</a> [slashdot.org]</p><p>----</p><p>I think THAT list ought to "enlighten" ANYONE, as to why "layered security" is &amp; has been considered largely to be "THE WAY TO GO", vs. that list above (which is only a SMALL \%-age of what I can come up with in regards to threats online + their causes)... HOSTS files help protect vs. those, on several levels - DO consider their usage!</p><p>I'd like to also end this, on a little quote from a fav. film of mine:</p><p><b>"My name is Dr. Robert Neville. I am a survivor living in New York City. I am broadcasting on all a.m. frequencies. I will be in the south street seaport everyday at midday when the sun is highest in the sky. If you are out there, if anyone is out there, I can provide food; I can provide shelter; I can provide security -&gt; <a href="http://www.tcmagazine.com/forums/index.php?s=44b7ce1c3ee460d32e68cb97f2597368&amp;showtopic=2662" title="tcmagazine.com" rel="nofollow">http://www.tcmagazine.com/forums/index.php?s=44b7ce1c3ee460d32e68cb97f2597368&amp;showtopic=2662</a> [tcmagazine.com] . If there's anybody out there, anybody, please... you are not alone."</b> - Dr. Robert Neville, I AM LEGEND</p><p>&amp; that film inspired me to write that guide for securing Windows NT-based OS variants, @ the end of 2007, + for my "New Year's Resolution" for 2008, of "Do the right thing &amp; 'pay it forward'"... &amp;, it works.</p><p>Here though?</p><p>Well, I only suggested a SMALL part of that guide here, but a crucial &amp; EFFECTIVE ONE, &amp; mainly because it fits the bill here QUITE specifically &amp; functions globally, instead of just being good for 1 set of apps only (like FF addons are only, unfortunately), &amp; it doesn't eat CPU like those do either OR slow you down (if anything? They speed you up HUGELY, in addition to securing you too as a bonus)...apk</p></div>
	</htmltext>
<tokenext>" But ads are useful .
" - by hey ( 83763 ) on Monday November 30 , @ 12 : 40PM ( # 30271716 ) Per my subject line above ?
Who are they useful to ? ?
Webmasters leeching off users , or malware makers as well ( see my p.s .
below ) but... I have the solution to that , &amp; the speed that adbanners/banner ads take away from you ( as well as proof of their infecting others too many times the past few years now also ) .So - How about a GLOBAL solution , instead , &amp; one that extends to ALL of your " webbound apps " , instead , &amp; NOT just to Mozilla softwares which is all browser addons soluations works for , in INDIVIDUAL BROWSERS ONLY... ( Beyond FF/Mozilla stuff , or , even Opera ?
Think IE , Outlook &amp; other email programs even , + more ) , AND , the solution I propose also acts as " layered security " in combination with the FF/Mozilla only methods many here , use ( which sadly , your methods are KNOWN to slow your browser down , use CPU cycles &amp; more ( like having bugs &amp; security flaws in themselves too ) ... where this solution does not &amp; covers ALL webbound apps , globally ) ?
? Here is a GOOD SOLID WORK-AROUND , CALLED A HOSTS FILE !
( It works for more speed online , AND SECURITY ESPECIALLY... Also , it works for your money , because you pay for your linetime out of pocket most likely as I do , you can get back your speed , AND , gain security easily , &amp; from a single easily edited file &amp; a file eats no CPU cycles like a local DNS server can ( &amp; are not as security vulnerable either if you protect write access to a HOSTS file also ) ... Anyhow/anyways - Here goes : SO - " that all said &amp; aside " ?
Well , per your reply ? ?
You 're solutions cost CPU cycles &amp; are KNOWN to slow down FF/Mozilla variants ( as browser addons do ) , but... Hey - NO PROBLEM , because HOSTS files work alongside those addons too , &amp; offer you more speed online AND more security , via a SINGLE EASILY EDITED + POPULATED FILE ( called a HOSTS file ) : I use a custom HOSTS file , in addition to the tools others here in this thread have noted ( which MANY like FF addons only really function for FireFox/Mozilla products , but do n't extend globally to all other webbound applications , &amp; that is part of what HOSTS files give you above the methods you extoll + utilize : " GLOBAL COVERAGE " , &amp; of ALL webbound apps , not just FireFox/Mozilla ones via the addons you noted + use yourself... ) .HOSTS files can be used to blockout KNOWN " bad " adserves , maliciously coded sites or adbanners , and " botnet C&amp;C servers " too ! You can obtain reliable HOSTS files from reputable lists for more security online , but also for speed !
( More on that later &amp; WHY/HOW ( I use reliable lists for that , such as these HOSTS @ Wikipedia.com - &gt; http : //en.wikipedia.org/wiki/Hosts \ _file [ wikipedia.org ] or those from mvps.org ( a good one this one ) ) I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats , via : ----A .
) Spybot " Search &amp; Destroy " updates ( populates HOSTS and browser block lists ) B .
) Sites like ZDNet 's Mr. Dancho Danchev 's blog - &gt; http : //ddanchev.blogspot.com/ [ blogspot.com ] C. ) Sites like FireEye - &gt; http : //blog.fireeye.com/ [ fireeye.com ] D. ) SRI - &gt; http : //mtc.sri.com/ [ sri.com ] ----My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online ( by blocking adbanners , which have been compromised many times the past few years now by malscripted exploits ( examples below ) ) .
( I combined ALL reputable HOSTS files with one of my own ( 30,000 entries ) , &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called " APK HOSTS File Grinder 4.0 + + " .
That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter ' IP address to either 0.0.0.0 ( for VISTA/Windows Server 2008/Windows 7 , smaller &amp; thus faster than 127.0.0.1 default ) or the smallest &amp; fastest 0 " blocking 'IP ADDRESS ' " ( for Windows 2000/XP/Server 2003 which can STILL use it ( &amp; it was added in a service pack on Windows 2000 , only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards ( &amp; now all these " phunny little bugs " are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall , which ROOTKIT.COM has stated ( with code too no less on how it is done ) - &gt; http : //www.rootkit.com/newsread.php ? newsid = 952 [ rootkit.com ] [ rootkit.com ] that it is EASIER TO UNHOOK ( than was the design used in Windows 2000/XP/Server 2003 ) ) Another EXCELLENT benefit of HOSTS file usage ?
More speed online , &amp; also more security + reliability ( especially in the case of DNS servers today , per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now ) ...AND , YOU CAN GET EVEN MORE SPEED , and RELIABILITY ( vs. downed or " DNS poisoned/misdirected " dns servers too ) via yet another " hidden bonus for speed " in HOSTS files : HOW SO ?
WELL - I use another " technique " called " hardcoding " an IP address to domainname/hostname in my HOSTS files , for my FAVORITE websites : This allows me to FIRST bypass any remote/external DNS lookups , which also would in theory @ least , make me " proofed " vs. DNS request logs by my ISP/BSP also .
( Especially since I use external DNS servers too , OpenDNS ones to be specific , that go beyond my hardcoded favs in my HOSTS file because I ca n't ping &amp; resolve the ENTIRE internet after all ) This also makes it harder for others to track me... ( Sure , they could do a " reverse DNS lookup " via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest , but that is harder to do , than looking up my URL requests via a log on a DNS server ) ) ALSO , AS ANOTHER " BONUS " in HOSTS FILES ( ca n't stress it enough , &amp; especially above + beyond adbanner blocking ) : It speeds you up , or can ! E.G.- &gt; A buddy of mine named Jack says it has ( verbatim quote ) " DOUBLED MY SPEED ONLINE , BUT I VALUE THE SECURITY PART MORE " , because he used to get over 200 + + viruses a week , now ?
Only maybe 2 a year IF THAT lately , &amp; he is convinced it is largely due to the HOSTS file I send him weekly ( he is my " lab rat # 1 " due to his previous infestation rate ) , &amp; if that " anecdotal evidence " is not enough ?
See this then , from a published security guru on a respected site for it : = = = = RESURRECTING THE KILLFILE : ( by Mr. Oliver Day ) http : //www.securityfocus.com/columnists/491 [ securityfocus.com ] PERTINENT EXCERPTS/QUOTES : " The host file on my day-to-day laptop is now over 16,000 lines long .
Accessing the Internet particularly browsing the Web is actually faster now .
" " From what I have seen in my research , major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade .
The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties .
More recently , projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware .
" = = = = ( A nice bonus beyond blocking adbanners via HOSTS too , because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below , several examples thereof no less ) , because you do n't waste between 30-N ms calling out to an external DNS !
( Again , and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it ) Thus , SO , even IF your DNS servers go down , or are " dns poisoned " ( or fall to yet another security flaw , many are in my " p.s .
" below no less , as documented evidences thereof to my statements here no less ) ? Well , by using a custom HOSTS file setup , you can STILL GET TO YOUR FAV .
SITES IF HARDCODED in your HOSTS FILE &amp; @ higher speeds than DNS server calls , 30-N times faster in fact ( a good thing , but one you may have to periodically alter , easily , via notepad.exe edits of your HOSTS file &amp; a ping to update their new address ( sites change hosting providers due to better services or prices , rare , but they do &amp; MOST let you know they are about to do so anyhow , so you can amend a HOSTS file ) ) .NICEST PART IS , THOUGH , PER YOUR STATEMENT ( in addition to the benefits of HOSTS file I note above , alongside others like Mr. Oliver Day of SECURITYFOCUS.COM ) ? I will STILL get to where it is that I WANT TO GO , not the router 's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least , because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL , not via my routers ' onboard DNS server...APKP.S. = &gt; Evidences as to WHY you 'd want to add on the " extra layered security protection " of a HOSTS file , which extends global security coverage to your webbound apps , AND , allows for a great deal of added extra speed as well ?
Ok , here are some documented reasons why like : a .
) DNS servers vulnerable , under attack , failing or being " DNS poisoned " misdirected &amp; moreb .
) Security suites failing vs. modern " blended threats " onlinec .
) javascript being used to do most of this via apps ) d. ) adbanners being maliciously coded also... ( Here we go with documented proofs/examples : ) = = = = POISONED MALSCRIPTED ADBANNERSThe Next Ad You Click May Be a Virus : http : //it.slashdot.org/article.pl ? sid = 09/06/15/2056219 [ slashdot.org ] ----Attackers Infect Ads With Old Adobe Vulnerability : http : //it.slashdot.org/article.pl ? sid = 09/02/25/024211 [ slashdot.org ] ----Hackers Use Banner Ads on Major Sites to Hijack Your PC : http : //www.wired.com/techbiz/media/news/2007/11/doubleclick [ wired.com ] ----Adobe Flash Ads Launching Clipboard Hijack Attacks : http : //it.slashdot.org/article.pl ? sid = 08/08/20/0029220&amp;from = rss [ slashdot.org ] ----Slashdot | Americans Do n't Want Targeted Ads : http : //yro.slashdot.org/article.pl ? sid = 09/10/01/1854214 [ slashdot.org ] = = = = DNS PROBLEMS : Number of Rogue DNS Servers on the Rise : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/02/15/2118212 [ slashdot.org ] ----Security Researcher Kaminsky Pushes DNS Patching : http : //it.slashdot.org/article.pl ? sid = 09/02/19/2322231 [ slashdot.org ] ----Ten Percent of DNS Servers Still Vulnerable : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 05/08/04/1525235 [ slashdot.org ] ----TimeWarner DNS Hijacking : http : //tech.slashdot.org/article.pl ? sid = 07/07/23/2140208 [ slashdot.org ] ----Another DNS Flaw Found : http : //tech.slashdot.org/article.pl ? sid = 09/01/09/2348240 [ slashdot.org ] ----Attack Code Published For DNS Vulnerability : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/07/23/231254 [ slashdot.org ] ----BIND Still Susceptible To DNS Cache Poisoning : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/08/09/123222 [ slashdot.org ] ----DDoS Attacks Via DNS Recursion : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 06/03/16/1658209 [ slashdot.org ] ----DNS Poisoning Hits One of China 's Biggest ISPs : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/08/21/2343250 [ slashdot.org ] ----DNS Root Servers Attacked : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 07/02/06/2238225 [ slashdot.org ] ----DNS Problem Linked To DDoS Attacks Gets Worse : http : //tech.slashdot.org/comments.pl ? sid = 1444354&amp;cid = 30109858 [ slashdot.org ] ----Are your servers vulnerable to DNS attacks ? http : //www.networkworld.com/news/2007/111907-dns-attacks.html [ networkworld.com ] ----Kaminsky On DNS Bugs a Year Later and DNSSEC : http : //it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC [ slashdot.org ] ----DNS users put higher premium on security : http : //news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/ [ techworld.com ] ----BIND , the Buggy Internet Name Daemon : http : //cr.yp.to/djbdns/blurb/unbind.html [ cr.yp.to ] ( Where djbdns was found to have flaw , though it was alleged invulnerable , they paid out $ 10,000 reward ) ----DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE : http : //blogs.zdnet.com/security/ ? p = 1520 [ zdnet.com ] ----DNS REBINDING ATTACKS : MultiPinning Browser JavaScript Vulnerability ( how to protect yourself ) : http : //crypto.stanford.edu/dns/ [ stanford.edu ] ----Hackers hijack DNS records of high profile New Zealand sites : http : //blogs.zdnet.com/security/ ? p = 3185 [ zdnet.com ] = = = = SECURITY SUITE PROGRAMS FAILING : AntiVirus Products Fail to Find Simple IE Malware : http : //tech.slashdot.org/article.pl ? sid = 07/10/29/1747237 [ slashdot.org ] ----Most Security Products Fail To Perform : http : //hardware.slashdot.org/comments.pl ? sid = 1445302&amp;threshold = -1&amp;commentsort = 0&amp;mode = thread&amp;pid = 30114652 [ slashdot.org ] ----TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM : http : //secunia.com/blog/29/ [ secunia.com ] ----Top security suites fail exploit tests : http : //www.computerworld.com/s/article/9117042/Top \ _security \ _suites \ _fail \ _exploit \ _tests ? intsrc = news \ _ts \ _head [ computerworld.com ] ----Antivirus is 'completely wasted money ' : Cisco CSO : News - Security - ZDNet Australia : http : //www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm ? feed = pt \ _auscert [ zdnet.com.au ] ----Are Routers the Next Big Target for Hackers ? http : //blogs.zdnet.com/security/ ? p = 919 [ zdnet.com ] ----Software Firewalls : Made of Straw ?
Part 1 of 2 : http : //www.securityfocus.com/infocus/1839 [ securityfocus.com ] Software Firewalls : Made of Straw ?
Part 2 of 2 : http : //www.securityfocus.com/infocus/1840/2 [ securityfocus.com ] ----Brief study shows difficulty in detecting malware ( 2008 ) : http : //www.securityfocus.com/brief/858 [ securityfocus.com ] ----2007 - Browser vulnerabilities and attacks will continue to mount : http : //www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679 [ infoworld.com ] ----Bug exposes Cisco switches to attacks : http : //news.cnet.com/Bug-exposes-Cisco-switches + to + attacks/2110-7349 \ _3-5902897.html ? part = rss&amp;tag = 5902897&amp;subj = news [ cnet.com ] &amp;CISCO " COMES CLEAN " ON EXTENT OF IOS FLAW : http : //www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/ [ eweek.com ] &amp;Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability : http : //secunia.com/advisories/28625/ [ secunia.com ] + Computer routers face hijack risk - study : http : //www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html ? ref = rss [ www.cbc.ca ] Slashdot Technology Story | Will Mainstream Media Embrace Adblockers ? http : //tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers [ slashdot.org ] ----Congress May Require ISPs To Block Certain Fraud Sites : http : //yro.slashdot.org/comments.pl ? sid = 1432514&amp;cid = 30024078 [ slashdot.org ] = = = = JAVASCRIPT PROBLEMS : Slashdot | Adobe Confirms PDF Zero-Day , Says Kill JavaScript : http : //it.slashdot.org/article.pl ? sid = 09/04/29/1823234 [ slashdot.org ] ----Adobe Flash Zero-Day Attack Underway : http : //it.slashdot.org/article.pl ? sid = 08/05/28/0138247&amp;from = rss [ slashdot.org ] ----JavaScript flaw reported in Adobe Reader ( 4th or 5th time already , if not more ) : http : //www.securityfocus.com/brief/953 [ securityfocus.com ] ----Another malware pulls an Italian job via JAVASCRIPT : http : //blog.trendmicro.com/another-malware-pulls-an-italian-job/ [ trendmicro.com ] ----JavaScript opens doors to browser-based attacks | CNET News.com : http : //news.com.com/JavaScript + opens + doors + to + browser-based + attacks/2100-7349 \ _3-6099891.html ? part = rss&amp;tag = 6099891&amp;subj = news [ com.com ] ----Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secuniahttp : //secunia.com/advisories/29787/ [ secunia.com ] ----New script outstrips all other drive-by download risks : http : //www.theregister.co.uk/2009/05/15/script \ _menace/ [ theregister.co.uk ] ----Researcher to demonstrate attack code for Intel chips via Javascript : http : //www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036 [ infoworld.com ] ----Researcher : JavaScript Attacks Get Slicker : http : //www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/ [ eweek.com ] ----Rise Of The PDF Exploits : http : //www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits [ trustedsource.org ] ----ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF : http : //www.shadowserver.org/wiki/pmwiki.php ? n = Calendar.20090219 [ shadowserver.org ] ----AJAX Poses Security , Performance Risks : http : //www.eweek.com/article2/0,1895,1916673,00.asp [ eweek.com ] ----Web 2.0 Threats and Risks for Financial Services : http : //www.net-security.org/article.php ? id = 1004&amp;p = 1 [ net-security.org ] http : //www.cbronline.com/news/web \ _20 \ _is \ _vulnerable \ _to \ _attack [ cbronline.com ] ----Cross Site Scripting ( GOOGLE ) and WHY TO TURN OFF JAVASCRIPT : http : //www.cgisecurity.com/xss-faq.html [ cgisecurity.com ] ----Why the FBI Director Does n't Bank Onlinehttp : //it.slashdot.org/article.pl ? sid = 09/10/08/0327240 [ slashdot.org ] = = = = MAJOR ATTACKS ( only a small sample ) of WHY LAYERED SECURITY IS NEEDEDIs the Botnet Battle Already Lost ? http : //www.eweek.com/article2/0,1895,2029720,00.asp [ eweek.com ] ----IT Pros Say They Ca n't Stop Data Breaches : http : //www.eweek.com/article2/0,1895,2010325,00.asp ? kc = EWNAVEMNL083106EOAD [ eweek.com ] ----Cyber Attacks On US Military Jump Sharply In 2009http : //tech.slashdot.org/comments.pl ? sid = 1452358&amp;threshold = -1&amp;commentsort = 0&amp;mode = thread&amp;cid = 30185742 [ slashdot.org ] ----Bots Found Inside Many Big Companies : http : //blogs.baselinemag.com/security/content001/cybercrime/bots \ _found \ _inside \ _many \ _big \ _companies.html [ baselinemag.com ] ----Bot master owns up to 250,000 zombie PCs : http : //www.securityfocus.com/news/11495 [ securityfocus.com ] ----Bots surge ahead ( 2007 ) : http : //www.securityfocus.com/brief/466 [ securityfocus.com ] ----Chinese Hackers Hit Commerce Department : http : //www.informationweek.com/news/security/government/showArticle.jhtml ? articleID = 193105227 [ informationweek.com ] ----CIA Admits Cyberattacks Blacked Out Cities : http : //www.informationweek.com/news/internet/showArticle.jhtml ? articleID = 205901631 [ informationweek.com ] ----Compromised Banks and Investment sites list 2006 : http : //it.slashdot.org/comments.pl ? sid = 233921&amp;cid = 19035679 [ slashdot.org ] ----Dancho Danchev 's Blog - Mind Streams of Information Security Knowledge : Massive IFRAME SEO Poisoning Attack Continuing : http : //ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html [ blogspot.com ] ----Data at Bank of America , Wachovia , others compromised - May .
23 , 2005 : http : //money.cnn.com/2005/05/23/news/fortune500/bank \ _info/index.htm [ cnn.com ] ----Fresh Security Breaches at Los Alamos : http : //www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/ [ msn.com ] ----Infected job search sites lead to info theft for 46,000 : http : //www.computerworld.com/s/article/9031139/Infected \ _job \ _search \ _sites \ _lead \ _to \ _info \ _theft \ _for \ _46 \ _000 [ computerworld.com ] ----New Mega-Botnet Discovered : http : //it.slashdot.org/article.pl ? sid = 09/04/22/2223214 [ slashdot.org ] ----I think THAT list ought to " enlighten " ANYONE , as to why " layered security " is &amp; has been considered largely to be " THE WAY TO GO " , vs. that list above ( which is only a SMALL \ % -age of what I can come up with in regards to threats online + their causes ) ... HOSTS files help protect vs. those , on several levels - DO consider their usage ! I 'd like to also end this , on a little quote from a fav .
film of mine : " My name is Dr. Robert Neville .
I am a survivor living in New York City .
I am broadcasting on all a.m. frequencies. I will be in the south street seaport everyday at midday when the sun is highest in the sky .
If you are out there , if anyone is out there , I can provide food ; I can provide shelter ; I can provide security - &gt; http : //www.tcmagazine.com/forums/index.php ? s = 44b7ce1c3ee460d32e68cb97f2597368&amp;showtopic = 2662 [ tcmagazine.com ] .
If there 's anybody out there , anybody , please... you are not alone .
" - Dr. Robert Neville , I AM LEGEND&amp; that film inspired me to write that guide for securing Windows NT-based OS variants , @ the end of 2007 , + for my " New Year 's Resolution " for 2008 , of " Do the right thing &amp; 'pay it forward ' " ... &amp; , it works.Here though ? Well , I only suggested a SMALL part of that guide here , but a crucial &amp; EFFECTIVE ONE , &amp; mainly because it fits the bill here QUITE specifically &amp; functions globally , instead of just being good for 1 set of apps only ( like FF addons are only , unfortunately ) , &amp; it does n't eat CPU like those do either OR slow you down ( if anything ?
They speed you up HUGELY , in addition to securing you too as a bonus ) ...apk</tokentext>
<sentencetext>"But ads are useful.
" - by hey (83763) on Monday November 30, @12:40PM (#30271716)Per my subject line above?
Who are they useful to??
Webmasters leeching off users, or malware makers as well (see my p.s.
below) but... I have the solution to that, &amp; the speed that adbanners/banner ads take away from you (as well as proof of their infecting others too many times the past few years now also).So - How about a GLOBAL solution, instead, &amp; one that extends to ALL of your "webbound apps", instead, &amp; NOT just to Mozilla softwares which is all browser addons soluations works for, in INDIVIDUAL BROWSERS ONLY... (Beyond FF/Mozilla stuff, or, even Opera?
Think IE, Outlook &amp; other email programs even, + more), AND, the solution I propose also acts as "layered security" in combination with the FF/Mozilla only methods many here, use  (which sadly, your methods are KNOWN to slow your browser down, use CPU cycles &amp; more (like having bugs &amp; security flaws in themselves too)... where this solution does not &amp; covers ALL webbound apps, globally)?
?Here is a GOOD SOLID WORK-AROUND, CALLED A HOSTS FILE!
(It works for more speed online, AND SECURITY ESPECIALLY... Also, it works for your money, because you pay for your linetime out of pocket most likely as I do, you can get back your speed, AND, gain security easily, &amp; from a single easily edited file &amp; a file eats no CPU cycles like a local DNS server can (&amp; are not as security vulnerable either if you protect write access to a HOSTS file also)... Anyhow/anyways - Here goes:SO - "that all said &amp; aside"?
Well, per your reply??
You're solutions cost CPU cycles &amp; are KNOWN to slow down FF/Mozilla variants (as browser addons do), but... Hey - NO PROBLEM, because HOSTS files work alongside those addons too, &amp; offer you more speed online AND more security, via a SINGLE EASILY EDITED + POPULATED FILE (called a HOSTS file):I use a custom HOSTS file, in addition to the tools others here in this thread have noted (which MANY like FF addons only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, &amp; that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", &amp; of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&amp;C servers" too!You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!
(More on that later &amp; WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -&gt; http://en.wikipedia.org/wiki/Hosts\_file [wikipedia.org] or those from mvps.org (a good one this one))I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats, via:----A.
) Spybot "Search &amp; Destroy" updates (populates HOSTS and browser block lists)B.
) Sites like ZDNet's Mr. Dancho Danchev's blog -&gt; http://ddanchev.blogspot.com/ [blogspot.com]C.) Sites like FireEye -&gt; http://blog.fireeye.com/ [fireeye.com]D.) SRI -&gt; http://mtc.sri.com/ [sri.com]----My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).
(I combined ALL reputable HOSTS files with one of my own (30,000 entries), &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++".
That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller &amp; thus faster than 127.0.0.1 default) or the smallest &amp; fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (&amp; it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (&amp; now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -&gt; http://www.rootkit.com/newsread.php?newsid=952 [rootkit.com] [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))Another EXCELLENT benefit of HOSTS file usage?
More speed online, &amp; also more security + reliability (especially in the case of DNS servers today, per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...AND, YOU CAN GET EVEN MORE SPEED, and RELIABILITY (vs. downed or "DNS poisoned/misdirected" dns servers too) via yet another "hidden bonus for speed" in HOSTS files:HOW SO?
WELL - I use another "technique" called "hardcoding" an IP address to domainname/hostname in my HOSTS files, for my FAVORITE websites:This allows me to FIRST bypass any remote/external DNS lookups, which also would in theory @ least, make me "proofed" vs. DNS request logs by my ISP/BSP also.
(Especially since I use external DNS servers too, OpenDNS ones to be specific, that go beyond my hardcoded favs in my HOSTS file because I can't ping &amp; resolve the ENTIRE internet after all)This also makes it harder for others to track me...(Sure, they could do a "reverse DNS lookup" via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest, but that is harder to do, than looking up my URL requests via a log on a DNS server))ALSO, AS ANOTHER "BONUS" in HOSTS FILES (can't stress it enough, &amp; especially above + beyond adbanner blocking):  It speeds you up, or can!E.G.-&gt; A buddy of mine named Jack says it has (verbatim quote) "DOUBLED MY SPEED ONLINE, BUT I VALUE THE SECURITY PART MORE", because he used to get over 200++ viruses a week, now?
Only maybe 2 a year IF THAT lately, &amp; he is convinced it is largely due to the HOSTS file I send him weekly (he is my "lab rat #1" due to his previous infestation rate), &amp; if that "anecdotal evidence" is not enough?
See this then, from a published security guru on a respected site for it:====RESURRECTING THE KILLFILE:(by Mr. Oliver Day)http://www.securityfocus.com/columnists/491 [securityfocus.com]PERTINENT EXCERPTS/QUOTES:"The host file on my day-to-day laptop is now over 16,000 lines long.
Accessing the Internet particularly browsing the Web is actually faster now.
""From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade.
The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties.
More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware.
"====(A nice bonus beyond blocking adbanners via HOSTS too, because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below, several examples thereof no less), because you don't waste between 30-N ms calling out to an external DNS!
(Again, and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it)Thus, SO, even IF your DNS servers go down, or are "dns poisoned" (or fall to yet another security flaw, many are in my "p.s.
" below no less, as documented evidences thereof to my statements here no less)?Well, by using a custom HOSTS file setup, you can STILL GET TO YOUR FAV.
SITES IF HARDCODED in your HOSTS FILE &amp; @ higher speeds than DNS server calls, 30-N times faster in fact (a good thing, but one you may have to periodically alter, easily, via notepad.exe edits of your HOSTS file &amp; a ping to update their new address (sites change hosting providers due to better services or prices, rare, but they do &amp; MOST let you know they are about to do so anyhow, so you can amend a HOSTS file)).NICEST PART IS, THOUGH, PER YOUR STATEMENT (in addition to the benefits of HOSTS file I note above, alongside others like Mr. Oliver Day of SECURITYFOCUS.COM)?I will STILL get to where it is that I WANT TO GO, not the router's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least, because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL, not via my routers' onboard DNS server...APKP.S.=&gt; Evidences as to WHY you'd want to add on the "extra layered security protection" of a HOSTS file, which extends global security coverage to your webbound apps, AND, allows for a great deal of added extra speed as well?
Ok, here are some documented reasons why like:a.
) DNS servers vulnerable, under attack, failing or being "DNS poisoned" misdirected &amp; moreb.
) Security suites failing vs. modern "blended threats" onlinec.
) javascript being used to do most of this via apps)d.) adbanners being maliciously coded also...(Here we go with documented proofs/examples:)====POISONED MALSCRIPTED ADBANNERSThe Next Ad You Click May Be a Virus:http://it.slashdot.org/article.pl?sid=09/06/15/2056219 [slashdot.org]----Attackers Infect Ads With Old Adobe Vulnerability:http://it.slashdot.org/article.pl?sid=09/02/25/024211 [slashdot.org]----Hackers Use Banner Ads on Major Sites to Hijack Your PC:http://www.wired.com/techbiz/media/news/2007/11/doubleclick [wired.com]----Adobe Flash Ads Launching Clipboard Hijack Attacks:http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss [slashdot.org]----Slashdot | Americans Don't Want Targeted Ads:http://yro.slashdot.org/article.pl?sid=09/10/01/1854214 [slashdot.org]====DNS PROBLEMS:Number of Rogue DNS Servers on the Rise:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212 [slashdot.org]----Security Researcher Kaminsky Pushes DNS Patching:http://it.slashdot.org/article.pl?sid=09/02/19/2322231 [slashdot.org]----Ten Percent of DNS Servers Still Vulnerable:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235 [slashdot.org]----TimeWarner DNS Hijacking:http://tech.slashdot.org/article.pl?sid=07/07/23/2140208 [slashdot.org]----Another DNS Flaw Found:http://tech.slashdot.org/article.pl?sid=09/01/09/2348240 [slashdot.org]----Attack Code Published For DNS Vulnerability:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254 [slashdot.org]----BIND Still Susceptible To DNS Cache Poisoning:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222 [slashdot.org]----DDoS Attacks Via DNS Recursion:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209 [slashdot.org]----DNS Poisoning Hits One of China's Biggest ISPs:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250 [slashdot.org]----DNS Root Servers Attacked:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225 [slashdot.org]----DNS Problem Linked To DDoS Attacks Gets Worse:http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858 [slashdot.org]----Are your servers vulnerable to DNS attacks?http://www.networkworld.com/news/2007/111907-dns-attacks.html [networkworld.com]----Kaminsky On DNS Bugs a Year Later and DNSSEC:http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC [slashdot.org]----DNS users put higher premium on security:http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/ [techworld.com]----BIND, the Buggy Internet Name Daemon:http://cr.yp.to/djbdns/blurb/unbind.html [cr.yp.to](Where djbdns was found to have flaw, though it was alleged invulnerable, they paid out $10,000 reward)----DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE:http://blogs.zdnet.com/security/?p=1520 [zdnet.com]----DNS REBINDING ATTACKS: MultiPinning Browser JavaScript Vulnerability (how to protect yourself):http://crypto.stanford.edu/dns/ [stanford.edu]----Hackers hijack DNS records of high profile New Zealand sites:http://blogs.zdnet.com/security/?p=3185 [zdnet.com]====SECURITY SUITE PROGRAMS FAILING:AntiVirus Products Fail to Find Simple IE Malware:http://tech.slashdot.org/article.pl?sid=07/10/29/1747237 [slashdot.org]----Most Security Products Fail To Perform:http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652 [slashdot.org]----TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM:http://secunia.com/blog/29/ [secunia.com]----Top security suites fail exploit tests:http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head [computerworld.com]----Antivirus is 'completely wasted money': Cisco CSO: News - Security - ZDNet Australia:http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert [zdnet.com.au]----Are Routers the Next Big Target for Hackers?http://blogs.zdnet.com/security/?p=919 [zdnet.com]----Software Firewalls: Made of Straw?
Part 1 of 2:http://www.securityfocus.com/infocus/1839 [securityfocus.com]Software Firewalls: Made of Straw?
Part 2 of 2:http://www.securityfocus.com/infocus/1840/2 [securityfocus.com]----Brief study shows difficulty in detecting malware (2008):http://www.securityfocus.com/brief/858 [securityfocus.com]----2007 - Browser vulnerabilities and attacks will continue to mount:http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679 [infoworld.com]----Bug exposes Cisco switches to attacks:http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news [cnet.com]&amp;CISCO "COMES CLEAN" ON EXTENT OF IOS FLAW:http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/ [eweek.com]&amp;Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability:http://secunia.com/advisories/28625/ [secunia.com]+Computer routers face hijack risk - study:http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss [www.cbc.ca]Slashdot Technology Story | Will Mainstream Media Embrace Adblockers?http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers [slashdot.org]----Congress May Require ISPs To Block Certain Fraud Sites:http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078 [slashdot.org]====JAVASCRIPT PROBLEMS:Slashdot | Adobe Confirms PDF Zero-Day, Says Kill JavaScript:http://it.slashdot.org/article.pl?sid=09/04/29/1823234 [slashdot.org]----Adobe Flash Zero-Day Attack Underway:http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss [slashdot.org]----JavaScript flaw reported in Adobe Reader (4th or 5th time already, if not more):http://www.securityfocus.com/brief/953 [securityfocus.com]----Another malware pulls an Italian job via JAVASCRIPT:http://blog.trendmicro.com/another-malware-pulls-an-italian-job/ [trendmicro.com]----JavaScript opens doors to browser-based attacks | CNET News.com:http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news [com.com]----Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secuniahttp://secunia.com/advisories/29787/ [secunia.com]----New script outstrips all other drive-by download risks:http://www.theregister.co.uk/2009/05/15/script\_menace/ [theregister.co.uk]----Researcher to demonstrate attack code for Intel chips via Javascript:http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036 [infoworld.com]----Researcher: JavaScript Attacks Get Slicker:http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/ [eweek.com]----Rise Of The PDF Exploits:http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits [trustedsource.org]----ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF:http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219 [shadowserver.org]----AJAX Poses Security, Performance Risks:http://www.eweek.com/article2/0,1895,1916673,00.asp [eweek.com]----Web 2.0 Threats and Risks for Financial Services:http://www.net-security.org/article.php?id=1004&amp;p=1 [net-security.org]http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack [cbronline.com]----Cross Site Scripting (GOOGLE) and WHY TO TURN OFF JAVASCRIPT:http://www.cgisecurity.com/xss-faq.html [cgisecurity.com]----Why the FBI Director Doesn't Bank Onlinehttp://it.slashdot.org/article.pl?sid=09/10/08/0327240 [slashdot.org]====MAJOR ATTACKS (only a small sample) of WHY LAYERED SECURITY IS NEEDEDIs the Botnet Battle Already Lost?http://www.eweek.com/article2/0,1895,2029720,00.asp [eweek.com]----IT Pros Say They Can't Stop Data Breaches:http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD [eweek.com]----Cyber Attacks On US Military Jump Sharply In 2009http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742 [slashdot.org]----Bots Found Inside Many Big Companies:http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html [baselinemag.com]----Bot master owns up to 250,000 zombie PCs:http://www.securityfocus.com/news/11495 [securityfocus.com]----Bots surge ahead (2007):http://www.securityfocus.com/brief/466 [securityfocus.com]----Chinese Hackers Hit Commerce Department:http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227 [informationweek.com]----CIA Admits Cyberattacks Blacked Out Cities:http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631 [informationweek.com]----Compromised Banks and Investment sites list 2006:http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679 [slashdot.org]----Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Massive IFRAME SEO Poisoning Attack Continuing:http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html [blogspot.com]----Data at Bank of America, Wachovia, others compromised - May.
23, 2005:http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm [cnn.com]----Fresh Security Breaches at Los Alamos:http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/ [msn.com]----Infected job search sites lead to info theft for 46,000:http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000 [computerworld.com]----New Mega-Botnet Discovered:http://it.slashdot.org/article.pl?sid=09/04/22/2223214 [slashdot.org]----I think THAT list ought to "enlighten" ANYONE, as to why "layered security" is &amp; has been considered largely to be "THE WAY TO GO", vs. that list above (which is only a SMALL \%-age of what I can come up with in regards to threats online + their causes)... HOSTS files help protect vs. those, on several levels - DO consider their usage!I'd like to also end this, on a little quote from a fav.
film of mine:"My name is Dr. Robert Neville.
I am a survivor living in New York City.
I am broadcasting on all a.m. frequencies. I will be in the south street seaport everyday at midday when the sun is highest in the sky.
If you are out there, if anyone is out there, I can provide food; I can provide shelter; I can provide security -&gt; http://www.tcmagazine.com/forums/index.php?s=44b7ce1c3ee460d32e68cb97f2597368&amp;showtopic=2662 [tcmagazine.com] .
If there's anybody out there, anybody, please... you are not alone.
" - Dr. Robert Neville, I AM LEGEND&amp; that film inspired me to write that guide for securing Windows NT-based OS variants, @ the end of 2007, + for my "New Year's Resolution" for 2008, of "Do the right thing &amp; 'pay it forward'"... &amp;, it works.Here though?Well, I only suggested a SMALL part of that guide here, but a crucial &amp; EFFECTIVE ONE, &amp; mainly because it fits the bill here QUITE specifically &amp; functions globally, instead of just being good for 1 set of apps only (like FF addons are only, unfortunately), &amp; it doesn't eat CPU like those do either OR slow you down (if anything?
They speed you up HUGELY, in addition to securing you too as a bonus)...apk
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271716</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273062</id>
	<title>Re:Security?</title>
	<author>Anonymous</author>
	<datestamp>1259612760000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>If ads are in iframes then the behavioral targeting won't work correctly, and the user may not stay on the page long enough to see the ad. So, no, ads are not put in iframes.</p></htmltext>
<tokenext>If ads are in iframes then the behavioral targeting wo n't work correctly , and the user may not stay on the page long enough to see the ad .
So , no , ads are not put in iframes .</tokentext>
<sentencetext>If ads are in iframes then the behavioral targeting won't work correctly, and the user may not stay on the page long enough to see the ad.
So, no, ads are not put in iframes.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271684</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276814</id>
	<title>Re:This isn't new</title>
	<author>Anonymous</author>
	<datestamp>1259583540000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>adblock is my friend.  I have a few sites that I tell ad block to allow the ads.  So I do it on a site by site basis, not a ad company by ad company basis.</p></htmltext>
<tokenext>adblock is my friend .
I have a few sites that I tell ad block to allow the ads .
So I do it on a site by site basis , not a ad company by ad company basis .</tokentext>
<sentencetext>adblock is my friend.
I have a few sites that I tell ad block to allow the ads.
So I do it on a site by site basis, not a ad company by ad company basis.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271744</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276334</id>
	<title>Re:I don't even need to read the summary.</title>
	<author>nolongerunknown</author>
	<datestamp>1259581680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>As a web developer I closely follow the work that Steve Souders has done for evaluating performance of websites. I feel very confident that he has no ulterior motive here, other than to call questionable the serving of ANYTHING from outside your domain and your control. Ads are just a single use-case that he has chosen to identify as a weakness since they incur numerous additional page-loading costs, first and foremost of which is at least one additional HTTP request. Sure, Google/Yahoo/MS may deal with other ad loading issues better (blocking JS, slow iframe rendering, etc.), but none can eliminate that performance-degrading HTTP request.

As a footnote, if you're at all interested in web development take a moment to check out his two books, "High Performance Web Sites" and "Even Faster Websites", they're valuable resources for research into browser behavior.</htmltext>
<tokenext>As a web developer I closely follow the work that Steve Souders has done for evaluating performance of websites .
I feel very confident that he has no ulterior motive here , other than to call questionable the serving of ANYTHING from outside your domain and your control .
Ads are just a single use-case that he has chosen to identify as a weakness since they incur numerous additional page-loading costs , first and foremost of which is at least one additional HTTP request .
Sure , Google/Yahoo/MS may deal with other ad loading issues better ( blocking JS , slow iframe rendering , etc .
) , but none can eliminate that performance-degrading HTTP request .
As a footnote , if you 're at all interested in web development take a moment to check out his two books , " High Performance Web Sites " and " Even Faster Websites " , they 're valuable resources for research into browser behavior .</tokentext>
<sentencetext>As a web developer I closely follow the work that Steve Souders has done for evaluating performance of websites.
I feel very confident that he has no ulterior motive here, other than to call questionable the serving of ANYTHING from outside your domain and your control.
Ads are just a single use-case that he has chosen to identify as a weakness since they incur numerous additional page-loading costs, first and foremost of which is at least one additional HTTP request.
Sure, Google/Yahoo/MS may deal with other ad loading issues better (blocking JS, slow iframe rendering, etc.
), but none can eliminate that performance-degrading HTTP request.
As a footnote, if you're at all interested in web development take a moment to check out his two books, "High Performance Web Sites" and "Even Faster Websites", they're valuable resources for research into browser behavior.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271730</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272464</id>
	<title>You get what you don't pay for</title>
	<author>Anonymous</author>
	<datestamp>1259609520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I still don't get the continuing obsession with the idea that everything on the internet should be free.  There's no free lunch.  It costs money to run the servers, write the software, create the information that is being served and on and on.  Yet all this should be free.  So everything ends up being supported by ads.  If customers would be willing to pay a reasonable free for the services rendered, everybody wins.  The folks who run the service can stay in business and customers can get a quality product without being bombarded by ads.</p></htmltext>
<tokenext>I still do n't get the continuing obsession with the idea that everything on the internet should be free .
There 's no free lunch .
It costs money to run the servers , write the software , create the information that is being served and on and on .
Yet all this should be free .
So everything ends up being supported by ads .
If customers would be willing to pay a reasonable free for the services rendered , everybody wins .
The folks who run the service can stay in business and customers can get a quality product without being bombarded by ads .</tokentext>
<sentencetext>I still don't get the continuing obsession with the idea that everything on the internet should be free.
There's no free lunch.
It costs money to run the servers, write the software, create the information that is being served and on and on.
Yet all this should be free.
So everything ends up being supported by ads.
If customers would be willing to pay a reasonable free for the services rendered, everybody wins.
The folks who run the service can stay in business and customers can get a quality product without being bombarded by ads.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272106</id>
	<title>Why would an ad server slow down a site?</title>
	<author>harmonise</author>
	<datestamp>1259607960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I don't understand how an ad server can make a site slow, even if the ad server is slow in serving up an ad. So you have one externally loaded element (the ad) that is an image or a flash element. The browser allocates the space for the image or flash element in the location where it'll be rendered. When it finishes loading your browser draws it in the appropriate place. So it takes a little longer for one or two images to appear in the already displayed page. I don't see what the problem is for the end-user.</p></htmltext>
<tokenext>I do n't understand how an ad server can make a site slow , even if the ad server is slow in serving up an ad .
So you have one externally loaded element ( the ad ) that is an image or a flash element .
The browser allocates the space for the image or flash element in the location where it 'll be rendered .
When it finishes loading your browser draws it in the appropriate place .
So it takes a little longer for one or two images to appear in the already displayed page .
I do n't see what the problem is for the end-user .</tokentext>
<sentencetext>I don't understand how an ad server can make a site slow, even if the ad server is slow in serving up an ad.
So you have one externally loaded element (the ad) that is an image or a flash element.
The browser allocates the space for the image or flash element in the location where it'll be rendered.
When it finishes loading your browser draws it in the appropriate place.
So it takes a little longer for one or two images to appear in the already displayed page.
I don't see what the problem is for the end-user.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273694</id>
	<title>Adblock plus</title>
	<author>fluch</author>
	<datestamp>1259571840000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>So Adblock plus helps to solve the technical problem, or am I wrong?</p></htmltext>
<tokenext>So Adblock plus helps to solve the technical problem , or am I wrong ?</tokentext>
<sentencetext>So Adblock plus helps to solve the technical problem, or am I wrong?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273728</id>
	<title>might lag two, three or four years</title>
	<author>SpaceLifeForm</author>
	<datestamp>1259571960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I've noticed that with Slashdot.</p></htmltext>
<tokenext>I 've noticed that with Slashdot .</tokentext>
<sentencetext>I've noticed that with Slashdot.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271612</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272326</id>
	<title>Re:Why would an ad server slow down a site?</title>
	<author>DNX Blandy</author>
	<datestamp>1259608800000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I've seen ads delaying page loads numerious times, classic is what they have said further up this page, white screen with "connecting to foo.ads.doubleclick.com" in the status bar &gt;:( The page data should be rendered anyway and then the images loaded, but it's not always the case.</htmltext>
<tokenext>I 've seen ads delaying page loads numerious times , classic is what they have said further up this page , white screen with " connecting to foo.ads.doubleclick.com " in the status bar &gt; : ( The page data should be rendered anyway and then the images loaded , but it 's not always the case .</tokentext>
<sentencetext>I've seen ads delaying page loads numerious times, classic is what they have said further up this page, white screen with "connecting to foo.ads.doubleclick.com" in the status bar &gt;:( The page data should be rendered anyway and then the images loaded, but it's not always the case.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272106</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30281592</id>
	<title>Ads are killing sites</title>
	<author>Anonymous</author>
	<datestamp>1259671320000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Poor ad servers and also those providing counters can kill sites. I tried to log into the flybe site to check in on line. They use another site to track traffic and this seemed to be down. As a result I could not log in. Fortunately I was able to block the site with adblock and check in.<br>Stupidity like this will kill some sites as many users will be on ie and will just go elsewhere.</p></htmltext>
<tokenext>Poor ad servers and also those providing counters can kill sites .
I tried to log into the flybe site to check in on line .
They use another site to track traffic and this seemed to be down .
As a result I could not log in .
Fortunately I was able to block the site with adblock and check in.Stupidity like this will kill some sites as many users will be on ie and will just go elsewhere .</tokentext>
<sentencetext>Poor ad servers and also those providing counters can kill sites.
I tried to log into the flybe site to check in on line.
They use another site to track traffic and this seemed to be down.
As a result I could not log in.
Fortunately I was able to block the site with adblock and check in.Stupidity like this will kill some sites as many users will be on ie and will just go elsewhere.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30289948</id>
	<title>Sorry man, somewhat of a "complex" topic is all</title>
	<author>Anonymous</author>
	<datestamp>1259666640000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>"Dude": It's a SOMEWHAT complex topic, &amp; I just tried to offer detail is all, along with supporting evidences + testimonials.</p><p>(That's all...)</p><p>APK</p></htmltext>
<tokenext>" Dude " : It 's a SOMEWHAT complex topic , &amp; I just tried to offer detail is all , along with supporting evidences + testimonials .
( That 's all... ) APK</tokentext>
<sentencetext>"Dude": It's a SOMEWHAT complex topic, &amp; I just tried to offer detail is all, along with supporting evidences + testimonials.
(That's all...)APK</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273312</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272816</id>
	<title>In short, Yes</title>
	<author>Anonymous</author>
	<datestamp>1259611620000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I've had to disable the ads on<nobr> <wbr></nobr>/., because they were stalling and crashing my browser.</p></htmltext>
<tokenext>I 've had to disable the ads on /. , because they were stalling and crashing my browser .</tokentext>
<sentencetext>I've had to disable the ads on /., because they were stalling and crashing my browser.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274574</id>
	<title>Grow up people</title>
	<author>Anonymous</author>
	<datestamp>1259575080000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>there are a few threads in these comments that are completely nonsensical.  In the interest of full disclosure (as much as possible as an AC), I work for an ad serving company.  One at a time:</p><p>1.  I just block ads:  This is theft, even moreso than pirating music.  Bandwidth costs money.  Content costs money.  Servers cost money.  If there are no ads, there is no revenue.  If there is no revenue there are no servers, bandwidth, or content.  Either put up with ads, come up with a completely new economic model whereby you can get money in return for a bit of the attention of your users, or understand you are a thief.  If you're smart enough to know how ad block works you're smart enough to understand while it's theft.  That applies WAAAAY more for video sites, because it costs them a LOT more for the bandwidth.</p><p>2.  Ads don't run in iframes: Wake up and smell 2009 everyone.  Any ad server of note serves ads in an iframe by default, even if the primary asset that is delivered to the page is javascript.  The javascript checks the page and browser for capabilities, then depending on those capabilities writes a new iframe in the page.  In fact, you NEED to run most modern display ads in an iframe, because otherwise a document.write can completely destroy the page it is being rendered in.</p><p>3.  Ad Servers are slow because we don't care:  Any ad server that will run on a marquee site has an SLA.  Part of these SLA's include the maximum response time from the ad server.  Gomez exists to test just this kind of thing.  All manner of alarms go off if the average response time for Gomez goes up my 100 milliseconds.  Ad Serving companies are technology companies (they generally do not sell ads, they only make the technology to enable them).  The companies that the poster cites are not pure technology companies.  There is a reason why Google acquires new technologies; they take ideas that have been incubated then turn them into a more polished commercial offering.  The idea that the big technology companies are "leading the way" is a bit of self-promotion that doesn't bear scrutiny.</p><p>4.  I see "waiting for xxx" on the bottom of my browser:  This is an artifact of browsers.  One of the more important (and misunderstood) parts of adserving is that getting the ads on the page is just the beginning.  we need to report back all types of data (think along the lines of "did the user mouse over the ad?" not "what size underwear did you buy from an online merchant last year"), but in order to be polite there is no data response from the adserver.  So you get a request from the browser, a 200 OK back from the server, but 0 bytes of data.  Until the next HTTP connection is initiated, it's going to say "waiting for xxx" because it's already gotten the 200 OK, but doesn't realize no bytes will be returned.  Something else is hanging the page in those scenarios.</p></htmltext>
<tokenext>there are a few threads in these comments that are completely nonsensical .
In the interest of full disclosure ( as much as possible as an AC ) , I work for an ad serving company .
One at a time : 1 .
I just block ads : This is theft , even moreso than pirating music .
Bandwidth costs money .
Content costs money .
Servers cost money .
If there are no ads , there is no revenue .
If there is no revenue there are no servers , bandwidth , or content .
Either put up with ads , come up with a completely new economic model whereby you can get money in return for a bit of the attention of your users , or understand you are a thief .
If you 're smart enough to know how ad block works you 're smart enough to understand while it 's theft .
That applies WAAAAY more for video sites , because it costs them a LOT more for the bandwidth.2 .
Ads do n't run in iframes : Wake up and smell 2009 everyone .
Any ad server of note serves ads in an iframe by default , even if the primary asset that is delivered to the page is javascript .
The javascript checks the page and browser for capabilities , then depending on those capabilities writes a new iframe in the page .
In fact , you NEED to run most modern display ads in an iframe , because otherwise a document.write can completely destroy the page it is being rendered in.3 .
Ad Servers are slow because we do n't care : Any ad server that will run on a marquee site has an SLA .
Part of these SLA 's include the maximum response time from the ad server .
Gomez exists to test just this kind of thing .
All manner of alarms go off if the average response time for Gomez goes up my 100 milliseconds .
Ad Serving companies are technology companies ( they generally do not sell ads , they only make the technology to enable them ) .
The companies that the poster cites are not pure technology companies .
There is a reason why Google acquires new technologies ; they take ideas that have been incubated then turn them into a more polished commercial offering .
The idea that the big technology companies are " leading the way " is a bit of self-promotion that does n't bear scrutiny.4 .
I see " waiting for xxx " on the bottom of my browser : This is an artifact of browsers .
One of the more important ( and misunderstood ) parts of adserving is that getting the ads on the page is just the beginning .
we need to report back all types of data ( think along the lines of " did the user mouse over the ad ?
" not " what size underwear did you buy from an online merchant last year " ) , but in order to be polite there is no data response from the adserver .
So you get a request from the browser , a 200 OK back from the server , but 0 bytes of data .
Until the next HTTP connection is initiated , it 's going to say " waiting for xxx " because it 's already gotten the 200 OK , but does n't realize no bytes will be returned .
Something else is hanging the page in those scenarios .</tokentext>
<sentencetext>there are a few threads in these comments that are completely nonsensical.
In the interest of full disclosure (as much as possible as an AC), I work for an ad serving company.
One at a time:1.
I just block ads:  This is theft, even moreso than pirating music.
Bandwidth costs money.
Content costs money.
Servers cost money.
If there are no ads, there is no revenue.
If there is no revenue there are no servers, bandwidth, or content.
Either put up with ads, come up with a completely new economic model whereby you can get money in return for a bit of the attention of your users, or understand you are a thief.
If you're smart enough to know how ad block works you're smart enough to understand while it's theft.
That applies WAAAAY more for video sites, because it costs them a LOT more for the bandwidth.2.
Ads don't run in iframes: Wake up and smell 2009 everyone.
Any ad server of note serves ads in an iframe by default, even if the primary asset that is delivered to the page is javascript.
The javascript checks the page and browser for capabilities, then depending on those capabilities writes a new iframe in the page.
In fact, you NEED to run most modern display ads in an iframe, because otherwise a document.write can completely destroy the page it is being rendered in.3.
Ad Servers are slow because we don't care:  Any ad server that will run on a marquee site has an SLA.
Part of these SLA's include the maximum response time from the ad server.
Gomez exists to test just this kind of thing.
All manner of alarms go off if the average response time for Gomez goes up my 100 milliseconds.
Ad Serving companies are technology companies (they generally do not sell ads, they only make the technology to enable them).
The companies that the poster cites are not pure technology companies.
There is a reason why Google acquires new technologies; they take ideas that have been incubated then turn them into a more polished commercial offering.
The idea that the big technology companies are "leading the way" is a bit of self-promotion that doesn't bear scrutiny.4.
I see "waiting for xxx" on the bottom of my browser:  This is an artifact of browsers.
One of the more important (and misunderstood) parts of adserving is that getting the ads on the page is just the beginning.
we need to report back all types of data (think along the lines of "did the user mouse over the ad?
" not "what size underwear did you buy from an online merchant last year"), but in order to be polite there is no data response from the adserver.
So you get a request from the browser, a 200 OK back from the server, but 0 bytes of data.
Until the next HTTP connection is initiated, it's going to say "waiting for xxx" because it's already gotten the 200 OK, but doesn't realize no bytes will be returned.
Something else is hanging the page in those scenarios.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272236</id>
	<title>Re:Flash Ads</title>
	<author>TheRaven64</author>
	<datestamp>1259608560000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext>I don't mind flash.  I use a click-to-flash plugin so I never actually see flash objects unless I click on them.  If you use flash for ads, then you're paying to show me a grey rectangle.  If you use it for content, then you need something around the edges to convince me to click on it.  The problem with JavaScript is that it lacks modularity, so I can't distinguish the bit of JS that's needed for the site and the bit that's needed to irritate me.  Any site that uses those awful ads that underline random words and pop up some crap when you mouseover them get blacklisted and never visited again.</htmltext>
<tokenext>I do n't mind flash .
I use a click-to-flash plugin so I never actually see flash objects unless I click on them .
If you use flash for ads , then you 're paying to show me a grey rectangle .
If you use it for content , then you need something around the edges to convince me to click on it .
The problem with JavaScript is that it lacks modularity , so I ca n't distinguish the bit of JS that 's needed for the site and the bit that 's needed to irritate me .
Any site that uses those awful ads that underline random words and pop up some crap when you mouseover them get blacklisted and never visited again .</tokentext>
<sentencetext>I don't mind flash.
I use a click-to-flash plugin so I never actually see flash objects unless I click on them.
If you use flash for ads, then you're paying to show me a grey rectangle.
If you use it for content, then you need something around the edges to convince me to click on it.
The problem with JavaScript is that it lacks modularity, so I can't distinguish the bit of JS that's needed for the site and the bit that's needed to irritate me.
Any site that uses those awful ads that underline random words and pop up some crap when you mouseover them get blacklisted and never visited again.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271708</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274916</id>
	<title>Giving Ads Their Due</title>
	<author>Anonymous</author>
	<datestamp>1259576520000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I run an ad blocker.  My browser doesn't even do GETs on any URL that contains<nobr> <wbr></nobr>/ad. or doubleclick or tribalfusion or any of a whole bunch of other crap, and yours shouldn't either.</p><p>Ads are not necessary for anything, and the sooner that companies that rely on them to exist dry up and blow away, the better.  Remember, the Internet existed as a superb medium for people to share information with each other BEFORE the advertising slimeballs discovered it and started exploiting it and degrading it, so as soon as you hear someone start to bleat the hypothesis that a medium needs ads to exist, or that ads are necessary to fund content, open the door, turn them to face it, and plant your foot squarely in their ass.  A medium that works well to exchange information will be used for that purpose with or without ads - and the experience is always better without.</p></htmltext>
<tokenext>I run an ad blocker .
My browser does n't even do GETs on any URL that contains /ad .
or doubleclick or tribalfusion or any of a whole bunch of other crap , and yours should n't either.Ads are not necessary for anything , and the sooner that companies that rely on them to exist dry up and blow away , the better .
Remember , the Internet existed as a superb medium for people to share information with each other BEFORE the advertising slimeballs discovered it and started exploiting it and degrading it , so as soon as you hear someone start to bleat the hypothesis that a medium needs ads to exist , or that ads are necessary to fund content , open the door , turn them to face it , and plant your foot squarely in their ass .
A medium that works well to exchange information will be used for that purpose with or without ads - and the experience is always better without .</tokentext>
<sentencetext>I run an ad blocker.
My browser doesn't even do GETs on any URL that contains /ad.
or doubleclick or tribalfusion or any of a whole bunch of other crap, and yours shouldn't either.Ads are not necessary for anything, and the sooner that companies that rely on them to exist dry up and blow away, the better.
Remember, the Internet existed as a superb medium for people to share information with each other BEFORE the advertising slimeballs discovered it and started exploiting it and degrading it, so as soon as you hear someone start to bleat the hypothesis that a medium needs ads to exist, or that ads are necessary to fund content, open the door, turn them to face it, and plant your foot squarely in their ass.
A medium that works well to exchange information will be used for that purpose with or without ads - and the experience is always better without.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271934</id>
	<title>Re:Uselful</title>
	<author>Anonymous</author>
	<datestamp>1259607180000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>But ads are useful.</p></div><p>What planet do you live on?</p></div>
	</htmltext>
<tokenext>But ads are useful.What planet do you live on ?</tokentext>
<sentencetext>But ads are useful.What planet do you live on?
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271716</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273636</id>
	<title>Re:HOSTS FILES ARE THE BEST GLOBAL ANSWER</title>
	<author>Anonymous</author>
	<datestamp>1259571660000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>MODDED: -1, Dude Needs to Chill</p></htmltext>
<tokenext>MODDED : -1 , Dude Needs to Chill</tokentext>
<sentencetext>MODDED: -1, Dude Needs to Chill</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272320</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275112</id>
	<title>Use Java Killers</title>
	<author>pubwvj</author>
	<datestamp>1259577360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Turn off Java, JavaScript, Plugins, etc or run programs like PithHelmet (Safari) that can even kill these selectively per web site. This greatly speeds up browsing and gets rid of all that ugly, flashing, moving junk.</p></htmltext>
<tokenext>Turn off Java , JavaScript , Plugins , etc or run programs like PithHelmet ( Safari ) that can even kill these selectively per web site .
This greatly speeds up browsing and gets rid of all that ugly , flashing , moving junk .</tokentext>
<sentencetext>Turn off Java, JavaScript, Plugins, etc or run programs like PithHelmet (Safari) that can even kill these selectively per web site.
This greatly speeds up browsing and gets rid of all that ugly, flashing, moving junk.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271708</id>
	<title>Flash Ads</title>
	<author>handy\_vandal</author>
	<datestamp>1259606340000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>Nothing bogs down a site like Flash.</p><p>Case in point: <a href="http://boingboing.net/" title="boingboing.net">Boing Boing</a> [boingboing.net].</p><p>Several months ago, Boing Boing got a new layout. The old layout worked fine, was easy to read, easy to scroll.  The new Boing Boing stutters when scrolled<nobr> <wbr></nobr>... it's annoyingly easy to lose your place and scroll way down or way up by mistake. Grrr<nobr> <wbr></nobr>....</p></htmltext>
<tokenext>Nothing bogs down a site like Flash.Case in point : Boing Boing [ boingboing.net ] .Several months ago , Boing Boing got a new layout .
The old layout worked fine , was easy to read , easy to scroll .
The new Boing Boing stutters when scrolled ... it 's annoyingly easy to lose your place and scroll way down or way up by mistake .
Grrr ... .</tokentext>
<sentencetext>Nothing bogs down a site like Flash.Case in point: Boing Boing [boingboing.net].Several months ago, Boing Boing got a new layout.
The old layout worked fine, was easy to read, easy to scroll.
The new Boing Boing stutters when scrolled ... it's annoyingly easy to lose your place and scroll way down or way up by mistake.
Grrr ....</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272080</id>
	<title>Re:I don't even need to read the summary.</title>
	<author>Monkeedude1212</author>
	<datestamp>1259607840000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The problem is that it doesn't take much to run an Ad Server. I could hack one together with things that are just sitting around in my Parent's Garage, then just upgrade my Internet service to a business line and I'll be good to go.</p><p>Now, most web admins simply look at the price. If I can offer a penny more for my slow-you-down-ads, I think more people will choose my service.</p><p>When it comes to the ad business, there is no "Quality" gague for rating ads, since everyone who uses the net actually hates Ads.</p></htmltext>
<tokenext>The problem is that it does n't take much to run an Ad Server .
I could hack one together with things that are just sitting around in my Parent 's Garage , then just upgrade my Internet service to a business line and I 'll be good to go.Now , most web admins simply look at the price .
If I can offer a penny more for my slow-you-down-ads , I think more people will choose my service.When it comes to the ad business , there is no " Quality " gague for rating ads , since everyone who uses the net actually hates Ads .</tokentext>
<sentencetext>The problem is that it doesn't take much to run an Ad Server.
I could hack one together with things that are just sitting around in my Parent's Garage, then just upgrade my Internet service to a business line and I'll be good to go.Now, most web admins simply look at the price.
If I can offer a penny more for my slow-you-down-ads, I think more people will choose my service.When it comes to the ad business, there is no "Quality" gague for rating ads, since everyone who uses the net actually hates Ads.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271730</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271570</id>
	<title>fp</title>
	<author>Anonymous</author>
	<datestamp>1259605560000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext>cool4sale!</htmltext>
<tokenext>cool4sale !</tokentext>
<sentencetext>cool4sale!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271618</id>
	<title>I don't even need to read the summary.</title>
	<author>Monkeedude1212</author>
	<datestamp>1259605920000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p><div class="quote"><p> Technology: Are Ad Servers Bogging Down the Web?</p></div><p>Yes. Period.</p></div>
	</htmltext>
<tokenext>Technology : Are Ad Servers Bogging Down the Web ? Yes .
Period .</tokentext>
<sentencetext> Technology: Are Ad Servers Bogging Down the Web?Yes.
Period.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272500</id>
	<title>Wait for Mobile ads</title>
	<author>beerdini</author>
	<datestamp>1259609700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Just wait for someone to realize that they are missing a huge advertising market by not advertising on mobile (phone) browsers.  Lots of sites these days are making their "mobile" page as a "watered down" version of their main pages, and as far as I can tell that primarily means removing lots of ads.  There are some sites that I actually like better in their mobile versions than the real versions and change my User Agent in FireFox to a mobile browser to get that page.  I'm not a trendsetter so I know that if I'm doing this there are others doing this as well, and once the developers catch on it is only a matter of time before we start seeing more ads on our mobile phones when we're browsing.  Better hope you have an unlimited data plan when this happens.</htmltext>
<tokenext>Just wait for someone to realize that they are missing a huge advertising market by not advertising on mobile ( phone ) browsers .
Lots of sites these days are making their " mobile " page as a " watered down " version of their main pages , and as far as I can tell that primarily means removing lots of ads .
There are some sites that I actually like better in their mobile versions than the real versions and change my User Agent in FireFox to a mobile browser to get that page .
I 'm not a trendsetter so I know that if I 'm doing this there are others doing this as well , and once the developers catch on it is only a matter of time before we start seeing more ads on our mobile phones when we 're browsing .
Better hope you have an unlimited data plan when this happens .</tokentext>
<sentencetext>Just wait for someone to realize that they are missing a huge advertising market by not advertising on mobile (phone) browsers.
Lots of sites these days are making their "mobile" page as a "watered down" version of their main pages, and as far as I can tell that primarily means removing lots of ads.
There are some sites that I actually like better in their mobile versions than the real versions and change my User Agent in FireFox to a mobile browser to get that page.
I'm not a trendsetter so I know that if I'm doing this there are others doing this as well, and once the developers catch on it is only a matter of time before we start seeing more ads on our mobile phones when we're browsing.
Better hope you have an unlimited data plan when this happens.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273058</id>
	<title>Are ad servers bogging down the web?</title>
	<author>Anonymous</author>
	<datestamp>1259612760000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I <a href="http://opera.com/" title="opera.com" rel="nofollow">wouldn't</a> [opera.com] <a href="http://adblockplus.org/en/" title="adblockplus.org" rel="nofollow">know</a> [adblockplus.org]</p></htmltext>
<tokenext>I would n't [ opera.com ] know [ adblockplus.org ]</tokentext>
<sentencetext>I wouldn't [opera.com] know [adblockplus.org]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271952</id>
	<title>HOST file</title>
	<author>Kral\_Blbec</author>
	<datestamp>1259607240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I personally use adblock in addition to the hosts file from <a href="http://www.mvps.org/winhelp2002/hosts2.htm" title="mvps.org">http://www.mvps.org/winhelp2002/hosts2.htm</a> [mvps.org] It just redirects known bad/ad domains to loopback. Some affiliate sites (like bing cashback) are affected, but its easy to find them and comment out those entries. Quite often Ill find an ad that adblock misses and it just loads up a blank window because it was blocked by the host file.</htmltext>
<tokenext>I personally use adblock in addition to the hosts file from http : //www.mvps.org/winhelp2002/hosts2.htm [ mvps.org ] It just redirects known bad/ad domains to loopback .
Some affiliate sites ( like bing cashback ) are affected , but its easy to find them and comment out those entries .
Quite often Ill find an ad that adblock misses and it just loads up a blank window because it was blocked by the host file .</tokentext>
<sentencetext>I personally use adblock in addition to the hosts file from http://www.mvps.org/winhelp2002/hosts2.htm [mvps.org] It just redirects known bad/ad domains to loopback.
Some affiliate sites (like bing cashback) are affected, but its easy to find them and comment out those entries.
Quite often Ill find an ad that adblock misses and it just loads up a blank window because it was blocked by the host file.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273204</id>
	<title>These people should be prosecuted!</title>
	<author>Crypto Gnome</author>
	<datestamp>1259613480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>High Bandwidth (video, flash, audio) advertising on The internet <strong>IS THEFT</strong><nobr> <wbr></nobr>..... plain and simple.<br> <br>My internet services costs me per megabit (yes, in this modern day and age, in a modern western country, there are people who have NO OPTION but to use an internet service with either *direct* per-megabit cost or, at a minimum, a download limit of some kind), so <strong>forcing</strong> me to view HIGH BANDWIDTH multimedia ads is <strong>stealing from me</strong>.<br> <br>And I have *no choice* because there's no way to tell whether a website is covered witth 100MB of ads to download, or  text-only google ads (or even none).<br> <br>Seriously folks, and these <strong>mental retards in the advertising industry</strong> imagine that we're not "clicking-thru" on their ads because <strong>somehow</strong> we *did not notice* the ads.<br> <br>I'd like to suggest alternate possibilities:<ul> <li>we did not want your product</li><li>excessively attention grabbing advertising JUST MAKES ME MAD, I'll <strong>never</strong> click your ad or buy your product<br>(never never never never never I HATE YOU)</li><li>you've <strong>stolen</strong> so much banwidth from me, I'm forced to surf the rest of this month from a text-only no-javascript browser</li><li>Because I do not get paid a million dollars a month (required to support the cost of bandwidth consumed due to ads) I <strong>never</strong> surf without an ad-blocker</li></ul></htmltext>
<tokenext>High Bandwidth ( video , flash , audio ) advertising on The internet IS THEFT ..... plain and simple .
My internet services costs me per megabit ( yes , in this modern day and age , in a modern western country , there are people who have NO OPTION but to use an internet service with either * direct * per-megabit cost or , at a minimum , a download limit of some kind ) , so forcing me to view HIGH BANDWIDTH multimedia ads is stealing from me .
And I have * no choice * because there 's no way to tell whether a website is covered witth 100MB of ads to download , or text-only google ads ( or even none ) .
Seriously folks , and these mental retards in the advertising industry imagine that we 're not " clicking-thru " on their ads because somehow we * did not notice * the ads .
I 'd like to suggest alternate possibilities : we did not want your productexcessively attention grabbing advertising JUST MAKES ME MAD , I 'll never click your ad or buy your product ( never never never never never I HATE YOU ) you 've stolen so much banwidth from me , I 'm forced to surf the rest of this month from a text-only no-javascript browserBecause I do not get paid a million dollars a month ( required to support the cost of bandwidth consumed due to ads ) I never surf without an ad-blocker</tokentext>
<sentencetext>High Bandwidth (video, flash, audio) advertising on The internet IS THEFT ..... plain and simple.
My internet services costs me per megabit (yes, in this modern day and age, in a modern western country, there are people who have NO OPTION but to use an internet service with either *direct* per-megabit cost or, at a minimum, a download limit of some kind), so forcing me to view HIGH BANDWIDTH multimedia ads is stealing from me.
And I have *no choice* because there's no way to tell whether a website is covered witth 100MB of ads to download, or  text-only google ads (or even none).
Seriously folks, and these mental retards in the advertising industry imagine that we're not "clicking-thru" on their ads because somehow we *did not notice* the ads.
I'd like to suggest alternate possibilities: we did not want your productexcessively attention grabbing advertising JUST MAKES ME MAD, I'll never click your ad or buy your product(never never never never never I HATE YOU)you've stolen so much banwidth from me, I'm forced to surf the rest of this month from a text-only no-javascript browserBecause I do not get paid a million dollars a month (required to support the cost of bandwidth consumed due to ads) I never surf without an ad-blocker</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272446</id>
	<title>Re:Kind of Fitting</title>
	<author>dintlu</author>
	<datestamp>1259609460000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>I was ignoring that checkbox until I realized that every time Slashdot hung while loading it was because I was waiting on a third-party ad server.</p><p>It's surprising there don't seem to be any quality-of-service clauses in the contracts between content providers and third-party advertisers.</p></htmltext>
<tokenext>I was ignoring that checkbox until I realized that every time Slashdot hung while loading it was because I was waiting on a third-party ad server.It 's surprising there do n't seem to be any quality-of-service clauses in the contracts between content providers and third-party advertisers .</tokentext>
<sentencetext>I was ignoring that checkbox until I realized that every time Slashdot hung while loading it was because I was waiting on a third-party ad server.It's surprising there don't seem to be any quality-of-service clauses in the contracts between content providers and third-party advertisers.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272126</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272764</id>
	<title>So I'll ask again</title>
	<author>MikeURL</author>
	<datestamp>1259611320000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext>I never get a satisfactory answer to this question.
<br> <br>
Why can't the serving of ads be done from the primary website's server?  There has to be some lightweight API that would allow for the host server to select from ads that were downloaded the night before and are all set, cached and ready to go.  Not only would this level out performance to the level of the primary server but it would also, in lots of cases, defeat adblock.  If the ad is coming from the website I went to then they have a lot more options for getting around adblock (in fact text ads served from the primary server are rather difficult to filter).
<br> <br>
When I go to a site like cnet and I see that 5 websites want script access to my browser I have to shake my head.  If any one of those sites is saturated then the whole website will load like a dog.  I guess the only benefit I can see to this situation is that if an advertiser goes bad then that site, if it is separate, won't have script access to my browser.  But if they'd all only accept text-only ads that would solve that.
<br> <br>
This idea strikes me as something that somebody is going to make a fortune off of.  They will develop a nice embedded model that works on the server side to pre-load ads and then simply query the ad server for the # of the ad the main server should present to the user.  Lightweight, targeted, fast...a lot like google.</htmltext>
<tokenext>I never get a satisfactory answer to this question .
Why ca n't the serving of ads be done from the primary website 's server ?
There has to be some lightweight API that would allow for the host server to select from ads that were downloaded the night before and are all set , cached and ready to go .
Not only would this level out performance to the level of the primary server but it would also , in lots of cases , defeat adblock .
If the ad is coming from the website I went to then they have a lot more options for getting around adblock ( in fact text ads served from the primary server are rather difficult to filter ) .
When I go to a site like cnet and I see that 5 websites want script access to my browser I have to shake my head .
If any one of those sites is saturated then the whole website will load like a dog .
I guess the only benefit I can see to this situation is that if an advertiser goes bad then that site , if it is separate , wo n't have script access to my browser .
But if they 'd all only accept text-only ads that would solve that .
This idea strikes me as something that somebody is going to make a fortune off of .
They will develop a nice embedded model that works on the server side to pre-load ads and then simply query the ad server for the # of the ad the main server should present to the user .
Lightweight , targeted , fast...a lot like google .</tokentext>
<sentencetext>I never get a satisfactory answer to this question.
Why can't the serving of ads be done from the primary website's server?
There has to be some lightweight API that would allow for the host server to select from ads that were downloaded the night before and are all set, cached and ready to go.
Not only would this level out performance to the level of the primary server but it would also, in lots of cases, defeat adblock.
If the ad is coming from the website I went to then they have a lot more options for getting around adblock (in fact text ads served from the primary server are rather difficult to filter).
When I go to a site like cnet and I see that 5 websites want script access to my browser I have to shake my head.
If any one of those sites is saturated then the whole website will load like a dog.
I guess the only benefit I can see to this situation is that if an advertiser goes bad then that site, if it is separate, won't have script access to my browser.
But if they'd all only accept text-only ads that would solve that.
This idea strikes me as something that somebody is going to make a fortune off of.
They will develop a nice embedded model that works on the server side to pre-load ads and then simply query the ad server for the # of the ad the main server should present to the user.
Lightweight, targeted, fast...a lot like google.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276474</id>
	<title>EVERYBODY be thankful (&amp; from a SINGLE FILE)</title>
	<author>Anonymous</author>
	<datestamp>1259582160000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><div class="quote"><p><b>"We, as<nobr> <wbr></nobr>./ users, have the ability to disable advertising on<nobr> <wbr></nobr>./ forums, etc. Not that this is relevant, but the rest of the world (fark, anyone?) does have serious lag time. Be thankful, guys! Back to the subject matter, though. Is this a "new" revelation? --Stak</b> - by stakovahflow (1660677) on Monday November 30, @12:40PM (#30271720)</p></div><p>Untrue, &amp; I'll show you folks here (and folks from other forums too), on how to do that, GLOBALLY (for all webbound apps you have), &amp; easily in a simple easily edited text file called a HOSTS file...</p><p>HOSTS files yield not only more speed (in a couple ways no less), but, also FAR MORE SECURITY ONLINE too, as a bonus (&amp; works perfectly with all browser addons, firewalls, ip security policies, you-name-it)... here goes:</p><p>Per my subject line above? <b>How about a GLOBAL solution, instead, &amp; one that extends to ALL of your "webbound apps", instead, &amp; NOT just to Mozilla softwares which is all your solution works for...</b> (think IE, Outlook &amp; other email programs even, + more), AND, the solution I propose also acts as "layered security" in combination with the FF/Mozilla only methods many here use, &amp; those, ONLY  (which sadly, your methods are KNOWN to slow your browser down, use CPU cycles &amp; more (like having bugs &amp; security flaws in themselves too)... where this solution does not &amp; covers ALL webbound apps, globally)??</p><p>Here is <b>a GOOD SOLID WORK-AROUND, CALLED A HOSTS FILE!</b></p><p>(It works for more speed online, AND SECURITY ESPECIALLY... Also, it works for your money, because you pay for your linetime out of pocket most likely as I do, you can get back your speed, AND, gain security easily, &amp; from a single easily edited file &amp; a file eats no CPU cycles like a local DNS server can (&amp; are not as security vulnerable either if you protect write access to a HOSTS file also)... Anyhow/anyways - Here goes:</p><p>SO - "that all said &amp; aside"? Well, per your reply?? You're solutions cost CPU cycles &amp; are KNOWN to slow down FF/Mozilla variants (as browser addons do), but... Hey - NO PROBLEM, because HOSTS files work alongside those addons too, &amp; offer you more speed online AND more security, via a SINGLE EASILY EDITED + POPULATED FILE (called a HOSTS file):</p><p>I use <b>a custom HOSTS file</b>, in addition to the tools others here in this thread have noted (which MANY like FF addons only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, &amp; that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", &amp; of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).</p><p><b>HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&amp;C servers" too!</b></p><p><b>You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!</b></p><p>(More on that later &amp; WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -&gt; <a href="http://en.wikipedia.org/wiki/Hosts\_file" title="wikipedia.org" rel="nofollow">http://en.wikipedia.org/wiki/Hosts\_file</a> [wikipedia.org] or those from mvps.org (a good one this one))</p><p><b>I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats, via:</b></p><p>----</p><p>A.) Spybot "Search &amp; Destroy" updates (populates HOSTS and browser block lists)</p><p>B.) Sites like ZDNet's Mr. Dancho Danchev's blog -&gt; <a href="http://ddanchev.blogspot.com/" title="blogspot.com" rel="nofollow">http://ddanchev.blogspot.com/</a> [blogspot.com]</p><p>C.) Sites like FireEye -&gt; <a href="http://blog.fireeye.com/" title="fireeye.com" rel="nofollow">http://blog.fireeye.com/</a> [fireeye.com]</p><p>D.) SRI -&gt; <a href="http://mtc.sri.com/" title="sri.com" rel="nofollow">http://mtc.sri.com/</a> [sri.com]</p><p>----</p><p>My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).</p><p>(I combined ALL reputable HOSTS files with one of my own (30,000 entries), &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++". That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller &amp; thus faster than 127.0.0.1 default) or the smallest &amp; fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (&amp; it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (&amp; now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -&gt; <a href="http://www.rootkit.com/newsread.php?newsid=952" title="rootkit.com" rel="nofollow">http://www.rootkit.com/newsread.php?newsid=952</a> [rootkit.com] [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))</p><p><b>Another EXCELLENT benefit of HOSTS file usage? More speed online, &amp; also more security + reliability</b> (especially in the case of DNS servers today, per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...</p><p><b>AND, YOU CAN GET EVEN MORE SPEED, and RELIABILITY</b> (vs. downed or "DNS poisoned/misdirected" dns servers too) <b>via yet another "hidden bonus for speed" in HOSTS files:</b></p><p>HOW SO? WELL - <b>I use another "technique" called "hardcoding" an IP address to domainname/hostname in my HOSTS files, for my FAVORITE websites:</b></p><p><b>This allows me to FIRST bypass any remote/external DNS lookups, which also would in theory @ least, make me "proofed" vs. DNS request logs by my ISP/BSP also.</b></p><p>(Especially since I use external DNS servers too, OpenDNS ones to be specific, that go beyond my hardcoded favs in my HOSTS file because I can't ping &amp; resolve the ENTIRE internet after all)</p><p>This also makes it harder for others to track me...</p><p>(Sure, they could do a "reverse DNS lookup" via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest, but that is harder to do, than looking up my URL requests via a log on a DNS server))</p><p><b>ALSO, AS ANOTHER "BONUS" in HOSTS FILES</b> (can't stress it enough, &amp; especially above + beyond adbanner blocking)<b>:  It speeds you up, or can!</b></p><p>E.G.-&gt; A buddy of mine named Jack says it has (verbatim quote) "DOUBLED MY SPEED ONLINE, BUT I VALUE THE SECURITY PART MORE", because he used to get over 200++ viruses a week, now? Only maybe 2 a year IF THAT lately, &amp; he is convinced it is largely due to the HOSTS file I send him weekly (he is my "lab rat #1" due to his previous infestation rate), &amp; if that "anecdotal evidence" is not enough? See this then, from a published security guru on a respected site for it:</p><p>====</p><p><b>RESURRECTING THE KILLFILE:</b></p><p>(by Mr. Oliver Day)</p><p><a href="http://www.securityfocus.com/columnists/491" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/columnists/491</a> [securityfocus.com]</p><p><b>PERTINENT EXCERPTS/QUOTES:</b></p><p>"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."</p><p>"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."</p><p>====</p><p>(A nice bonus beyond blocking adbanners via HOSTS too, because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below, several examples thereof no less), because you don't waste between 30-N ms calling out to an external DNS!</p><p>(Again, and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it)</p><p>Thus, <b>SO, even IF your DNS servers go down, or are "dns poisoned"</b> (or fall to yet another security flaw, many are in my "p.s." below no less, as documented evidences thereof to my statements here no less)?</p><p>Well, <b>by using a custom HOSTS file setup, you can STILL GET TO YOUR FAV. SITES IF HARDCODED in your HOSTS FILE &amp; @ higher speeds than DNS server calls, 30-N times faster in fact</b> (a good thing, but one you may have to periodically alter, easily, via notepad.exe edits of your HOSTS file &amp; a ping to update their new address (sites change hosting providers due to better services or prices, rare, but they do &amp; MOST let you know they are about to do so anyhow, so you can amend a HOSTS file)).</p><p>NICEST PART IS, THOUGH, PER YOUR STATEMENT (in addition to the benefits of HOSTS file I note above, alongside others like Mr. Oliver Day of SECURITYFOCUS.COM)?</p><p>I will STILL get to where it is that I WANT TO GO, not the router's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least, because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL, not via my routers' onboard DNS server...</p><p>APK</p><p>P.S.=&gt; Evidences as to WHY you'd want to add on the "extra layered security protection" of a HOSTS file, which extends global security coverage to your webbound apps, AND, allows for a great deal of added extra speed as well? Ok, here are some documented reasons why like:</p><p>a.) DNS servers vulnerable, under attack, failing or being "DNS poisoned" misdirected &amp; more</p><p>b.) Security suites failing vs. modern "blended threats" online</p><p>c.) javascript being used to do most of this via apps)</p><p>d.) adbanners being maliciously coded also...</p><p>(Here we go with documented proofs/examples:)</p><p>====</p><p><b>POISONED MALSCRIPTED ADBANNERS</b></p><p><b>The Next Ad You Click May Be a Virus:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/06/15/2056219" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/06/15/2056219</a> [slashdot.org]</p><p>----</p><p><b>Attackers Infect Ads With Old Adobe Vulnerability:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/02/25/024211" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/02/25/024211</a> [slashdot.org]</p><p>----</p><p><b>Hackers Use Banner Ads on Major Sites to Hijack Your PC:</b></p><p><a href="http://www.wired.com/techbiz/media/news/2007/11/doubleclick" title="wired.com" rel="nofollow">http://www.wired.com/techbiz/media/news/2007/11/doubleclick</a> [wired.com]</p><p>----</p><p><b>Adobe Flash Ads Launching Clipboard Hijack Attacks:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss</a> [slashdot.org]</p><p>----</p><p><b>Slashdot | Americans Don't Want Targeted Ads:</b></p><p><a href="http://yro.slashdot.org/article.pl?sid=09/10/01/1854214" title="slashdot.org" rel="nofollow">http://yro.slashdot.org/article.pl?sid=09/10/01/1854214</a> [slashdot.org]</p><p>====</p><p><b>DNS PROBLEMS:</b></p><p><b>Number of Rogue DNS Servers on the Rise:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212</a> [slashdot.org]</p><p>----</p><p><b>Security Researcher Kaminsky Pushes DNS Patching:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/02/19/2322231" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/02/19/2322231</a> [slashdot.org]</p><p>----</p><p><b>Ten Percent of DNS Servers Still Vulnerable:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235</a> [slashdot.org]</p><p>----</p><p><b>TimeWarner DNS Hijacking:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=07/07/23/2140208" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=07/07/23/2140208</a> [slashdot.org]</p><p>----</p><p><b>Another DNS Flaw Found:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=09/01/09/2348240" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=09/01/09/2348240</a> [slashdot.org]</p><p>----</p><p><b>Attack Code Published For DNS Vulnerability:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254</a> [slashdot.org]</p><p>----</p><p><b>BIND Still Susceptible To DNS Cache Poisoning:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222</a> [slashdot.org]</p><p>----</p><p><b>DDoS Attacks Via DNS Recursion:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209</a> [slashdot.org]</p><p>----</p><p><b>DNS Poisoning Hits One of China's Biggest ISPs:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250</a> [slashdot.org]</p><p>----</p><p><b>DNS Root Servers Attacked:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225</a> [slashdot.org]</p><p>----</p><p><b>DNS Problem Linked To DDoS Attacks Gets Worse:</b></p><p><a href="http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858</a> [slashdot.org]</p><p>----</p><p><b>Are your servers vulnerable to DNS attacks?</b></p><p><a href="http://www.networkworld.com/news/2007/111907-dns-attacks.html" title="networkworld.com" rel="nofollow">http://www.networkworld.com/news/2007/111907-dns-attacks.html</a> [networkworld.com]</p><p>----</p><p><b>Kaminsky On DNS Bugs a Year Later and DNSSEC:</b></p><p><a href="http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC" title="slashdot.org" rel="nofollow">http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC</a> [slashdot.org]</p><p>----</p><p><b>DNS users put higher premium on security:</b></p><p><a href="http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/" title="techworld.com" rel="nofollow">http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/</a> [techworld.com]</p><p>----</p><p><b>BIND, the Buggy Internet Name Daemon:</b></p><p><a href="http://cr.yp.to/djbdns/blurb/unbind.html" title="cr.yp.to" rel="nofollow">http://cr.yp.to/djbdns/blurb/unbind.html</a> [cr.yp.to]</p><p>(Where djbdns was found to have flaw, though it was alleged invulnerable, they paid out $10,000 reward)</p><p>----</p><p><b>DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE:</b></p><p><a href="http://blogs.zdnet.com/security/?p=1520" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=1520</a> [zdnet.com]</p><p>----</p><p><b>DNS REBINDING ATTACKS: MultiPinning Browser JavaScript Vulnerability</b> (how to protect yourself):</p><p><a href="http://crypto.stanford.edu/dns/" title="stanford.edu" rel="nofollow">http://crypto.stanford.edu/dns/</a> [stanford.edu]</p><p>----</p><p><b>Hackers hijack DNS records of high profile New Zealand sites:</b></p><p><a href="http://blogs.zdnet.com/security/?p=3185" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=3185</a> [zdnet.com]</p><p>====</p><p><b>SECURITY SUITE PROGRAMS FAILING:</b></p><p><b>AntiVirus Products Fail to Find Simple IE Malware:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=07/10/29/1747237" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=07/10/29/1747237</a> [slashdot.org]</p><p>----</p><p><b>Most Security Products Fail To Perform:</b></p><p><a href="http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652" title="slashdot.org" rel="nofollow">http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652</a> [slashdot.org]</p><p>----</p><p><b>TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM:</b></p><p><a href="http://secunia.com/blog/29/" title="secunia.com" rel="nofollow">http://secunia.com/blog/29/</a> [secunia.com]</p><p>----</p><p><b>Top security suites fail exploit tests:</b></p><p><a href="http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head" title="computerworld.com" rel="nofollow">http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head</a> [computerworld.com]</p><p>----</p><p><b>Antivirus is 'completely wasted money': Cisco CSO: News - Security - ZDNet Australia:</b></p><p><a href="http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert" title="zdnet.com.au" rel="nofollow">http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert</a> [zdnet.com.au]</p><p>----</p><p><b>Are Routers the Next Big Target for Hackers?</b></p><p><a href="http://blogs.zdnet.com/security/?p=919" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=919</a> [zdnet.com]</p><p>----</p><p><b>Software Firewalls: Made of Straw? Part 1 of 2:</b></p><p><a href="http://www.securityfocus.com/infocus/1839" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/infocus/1839</a> [securityfocus.com]</p><p><b>Software Firewalls: Made of Straw? Part 2 of 2:</b></p><p><a href="http://www.securityfocus.com/infocus/1840/2" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/infocus/1840/2</a> [securityfocus.com]</p><p>----</p><p><b>Brief study shows difficulty in detecting malware (2008):</b></p><p><a href="http://www.securityfocus.com/brief/858" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/858</a> [securityfocus.com]</p><p>----</p><p><b>2007 - Browser vulnerabilities and attacks will continue to mount:</b></p><p><a href="http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679" title="infoworld.com" rel="nofollow">http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679</a> [infoworld.com]</p><p>----</p><p><b>Bug exposes Cisco switches to attacks:</b></p><p><a href="http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news" title="cnet.com" rel="nofollow">http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news</a> [cnet.com]</p><p>&amp;</p><p><b>CISCO "COMES CLEAN" ON EXTENT OF IOS FLAW:</b></p><p><a href="http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/" title="eweek.com" rel="nofollow">http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/</a> [eweek.com]</p><p>&amp;</p><p><b>Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability:</b></p><p><a href="http://secunia.com/advisories/28625/" title="secunia.com" rel="nofollow">http://secunia.com/advisories/28625/</a> [secunia.com]</p><p>+</p><p><b>Computer routers face hijack risk - study:</b></p><p><a href="http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss" title="www.cbc.ca" rel="nofollow">http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss</a> [www.cbc.ca]</p><p>Slashdot Technology Story | Will Mainstream Media Embrace Adblockers?</p><p><a href="http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers</a> [slashdot.org]</p><p>----</p><p><b>Congress May Require ISPs To Block Certain Fraud Sites:</b></p><p><a href="http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078" title="slashdot.org" rel="nofollow">http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078</a> [slashdot.org]</p><p>====</p><p><b>JAVASCRIPT PROBLEMS:</b></p><p><b>Slashdot | Adobe Confirms PDF Zero-Day, Says Kill JavaScript:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/04/29/1823234" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/04/29/1823234</a> [slashdot.org]</p><p>----</p><p><b>Adobe Flash Zero-Day Attack Underway:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss</a> [slashdot.org]</p><p>----</p><p><b>JavaScript flaw reported in Adobe Reader</b> (4th or 5th time already, if not more):</p><p><a href="http://www.securityfocus.com/brief/953" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/953</a> [securityfocus.com]</p><p>----</p><p><b>Another malware pulls an Italian job via JAVASCRIPT:</b></p><p><a href="http://blog.trendmicro.com/another-malware-pulls-an-italian-job/" title="trendmicro.com" rel="nofollow">http://blog.trendmicro.com/another-malware-pulls-an-italian-job/</a> [trendmicro.com]</p><p>----</p><p><b>JavaScript opens doors to browser-based attacks | CNET News.com:</b></p><p><a href="http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news" title="com.com" rel="nofollow">http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news</a> [com.com]</p><p>----</p><p><b>Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secunia</b></p><p><a href="http://secunia.com/advisories/29787/" title="secunia.com" rel="nofollow">http://secunia.com/advisories/29787/</a> [secunia.com]</p><p>----</p><p><b>New script outstrips all other drive-by download risks:</b></p><p><a href="http://www.theregister.co.uk/2009/05/15/script\_menace/" title="theregister.co.uk" rel="nofollow">http://www.theregister.co.uk/2009/05/15/script\_menace/</a> [theregister.co.uk]</p><p>----</p><p><b>Researcher to demonstrate attack code for Intel chips via Javascript:</b></p><p><a href="http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036" title="infoworld.com" rel="nofollow">http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036</a> [infoworld.com]</p><p>----</p><p><b>Researcher: JavaScript Attacks Get Slicker:</b></p><p><a href="http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/" title="eweek.com" rel="nofollow">http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/</a> [eweek.com]</p><p>----</p><p><b>Rise Of The PDF Exploits:</b></p><p><a href="http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits" title="trustedsource.org" rel="nofollow">http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits</a> [trustedsource.org]</p><p>----</p><p><b>ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF:</b></p><p><a href="http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219" title="shadowserver.org" rel="nofollow">http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219</a> [shadowserver.org]</p><p>----</p><p><b>AJAX Poses Security, Performance Risks:</b></p><p><a href="http://www.eweek.com/article2/0,1895,1916673,00.asp" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,1916673,00.asp</a> [eweek.com]</p><p>----</p><p><b>Web 2.0 Threats and Risks for Financial Services:</b></p><p><a href="http://www.net-security.org/article.php?id=1004&amp;p=1" title="net-security.org" rel="nofollow">http://www.net-security.org/article.php?id=1004&amp;p=1</a> [net-security.org]</p><p><a href="http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack" title="cbronline.com" rel="nofollow">http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack</a> [cbronline.com]</p><p>----</p><p><b>Cross Site Scripting</b> (GOOGLE) <b>and WHY TO TURN OFF JAVASCRIPT:</b></p><p><a href="http://www.cgisecurity.com/xss-faq.html" title="cgisecurity.com" rel="nofollow">http://www.cgisecurity.com/xss-faq.html</a> [cgisecurity.com]</p><p>----</p><p><b>Why the FBI Director Doesn't Bank Online</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/10/08/0327240" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/10/08/0327240</a> [slashdot.org]</p><p>====</p><p><b>MAJOR ATTACKS (only a small sample) of WHY LAYERED SECURITY IS NEEDED</b></p><p><b>Is the Botnet Battle Already Lost?</b></p><p><a href="http://www.eweek.com/article2/0,1895,2029720,00.asp" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,2029720,00.asp</a> [eweek.com]</p><p>----</p><p><b>IT Pros Say They Can't Stop Data Breaches:</b></p><p><a href="http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD</a> [eweek.com]</p><p>----</p><p><b>Cyber Attacks On US Military Jump Sharply In 2009</b></p><p><a href="http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742</a> [slashdot.org]</p><p>----</p><p><b>Bots Found Inside Many Big Companies:</b></p><p><a href="http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html" title="baselinemag.com" rel="nofollow">http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html</a> [baselinemag.com]</p><p>----</p><p><b>Bot master owns up to 250,000 zombie PCs:</b></p><p><a href="http://www.securityfocus.com/news/11495" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/news/11495</a> [securityfocus.com]</p><p>----</p><p><b>Bots surge ahead (2007):</b></p><p><a href="http://www.securityfocus.com/brief/466" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/466</a> [securityfocus.com]</p><p>----</p><p><b>Chinese Hackers Hit Commerce Department:</b></p><p><a href="http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227" title="informationweek.com" rel="nofollow">http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227</a> [informationweek.com]</p><p>----</p><p><b>CIA Admits Cyberattacks Blacked Out Cities:</b></p><p><a href="http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631" title="informationweek.com" rel="nofollow">http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631</a> [informationweek.com]</p><p>----</p><p><b>Compromised Banks and Investment sites list 2006:</b></p><p><a href="http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679" title="slashdot.org" rel="nofollow">http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679</a> [slashdot.org]</p><p>----</p><p><b>Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Massive IFRAME SEO Poisoning Attack Continuing:</b></p><p><a href="http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html" title="blogspot.com" rel="nofollow">http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html</a> [blogspot.com]</p><p>----</p><p><b>Data at Bank of America, Wachovia, others compromised - May. 23, 2005:</b></p><p><a href="http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm" title="cnn.com" rel="nofollow">http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm</a> [cnn.com]</p><p>----</p><p><b>Fresh Security Breaches at Los Alamos:</b></p><p><a href="http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/" title="msn.com" rel="nofollow">http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/</a> [msn.com]</p><p>----</p><p><b>Infected job search sites lead to info theft for 46,000:</b></p><p><a href="http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000" title="computerworld.com" rel="nofollow">http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000</a> [computerworld.com]</p><p>----</p><p><b>New Mega-Botnet Discovered:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/04/22/2223214" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/04/22/2223214</a> [slashdot.org]</p><p>----</p><p>I think THAT list ought to "enlighten" ANYONE, as to why "layered security" is &amp; has been considered largely to be "THE WAY TO GO", vs. that list above (which is only a SMALL \%-age of what I can come up with in regards to threats online + their causes)... HOSTS files help protect vs. those, on several levels - DO consider their usage!</p><p>I'd like to also end this, on a little quote from a fav. film of mine:</p><p><b>"My name is Dr. Robert Neville. I am a survivor living in New York City. I am broadcasting on all a.m. frequencies. I will be in the south street seaport everyday at midday when the sun is highest in the sky. If you are out there, if anyone is out there, I can provide food; I can provide shelter; I can provide security -&gt; <a href="http://www.tcmagazine.com/forums/index.php?s=44b7ce1c3ee460d32e68cb97f2597368&amp;showtopic=2662" title="tcmagazine.com" rel="nofollow">http://www.tcmagazine.com/forums/index.php?s=44b7ce1c3ee460d32e68cb97f2597368&amp;showtopic=2662</a> [tcmagazine.com] . If there's anybody out there, anybody, please... you are not alone."</b> - Dr. Robert Neville, I AM LEGEND</p><p>&amp; that film inspired me to write that guide for securing Windows NT-based OS variants, @ the end of 2007, + for my "New Year's Resolution" for 2008, of "Do the right thing &amp; 'pay it forward'"... &amp;, it works.</p><p>Here though?</p><p>Well, I only suggested a SMALL part of that guide here, but a crucial &amp; EFFECTIVE ONE, &amp; mainly because it fits the bill here QUITE specifically &amp; functions globally, instead of just being good for 1 set of apps only (like FF addons are only, unfortunately), &amp; it doesn't eat CPU like those do either OR slow you down (if anything? They speed you up HUGELY, in addition to securing you too as a bonus)...apk</p></div>
	</htmltext>
<tokenext>" We , as ./ users , have the ability to disable advertising on ./ forums , etc .
Not that this is relevant , but the rest of the world ( fark , anyone ?
) does have serious lag time .
Be thankful , guys !
Back to the subject matter , though .
Is this a " new " revelation ?
--Stak - by stakovahflow ( 1660677 ) on Monday November 30 , @ 12 : 40PM ( # 30271720 ) Untrue , &amp; I 'll show you folks here ( and folks from other forums too ) , on how to do that , GLOBALLY ( for all webbound apps you have ) , &amp; easily in a simple easily edited text file called a HOSTS file...HOSTS files yield not only more speed ( in a couple ways no less ) , but , also FAR MORE SECURITY ONLINE too , as a bonus ( &amp; works perfectly with all browser addons , firewalls , ip security policies , you-name-it ) ... here goes : Per my subject line above ?
How about a GLOBAL solution , instead , &amp; one that extends to ALL of your " webbound apps " , instead , &amp; NOT just to Mozilla softwares which is all your solution works for... ( think IE , Outlook &amp; other email programs even , + more ) , AND , the solution I propose also acts as " layered security " in combination with the FF/Mozilla only methods many here use , &amp; those , ONLY ( which sadly , your methods are KNOWN to slow your browser down , use CPU cycles &amp; more ( like having bugs &amp; security flaws in themselves too ) ... where this solution does not &amp; covers ALL webbound apps , globally ) ?
? Here is a GOOD SOLID WORK-AROUND , CALLED A HOSTS FILE !
( It works for more speed online , AND SECURITY ESPECIALLY... Also , it works for your money , because you pay for your linetime out of pocket most likely as I do , you can get back your speed , AND , gain security easily , &amp; from a single easily edited file &amp; a file eats no CPU cycles like a local DNS server can ( &amp; are not as security vulnerable either if you protect write access to a HOSTS file also ) ... Anyhow/anyways - Here goes : SO - " that all said &amp; aside " ?
Well , per your reply ? ?
You 're solutions cost CPU cycles &amp; are KNOWN to slow down FF/Mozilla variants ( as browser addons do ) , but... Hey - NO PROBLEM , because HOSTS files work alongside those addons too , &amp; offer you more speed online AND more security , via a SINGLE EASILY EDITED + POPULATED FILE ( called a HOSTS file ) : I use a custom HOSTS file , in addition to the tools others here in this thread have noted ( which MANY like FF addons only really function for FireFox/Mozilla products , but do n't extend globally to all other webbound applications , &amp; that is part of what HOSTS files give you above the methods you extoll + utilize : " GLOBAL COVERAGE " , &amp; of ALL webbound apps , not just FireFox/Mozilla ones via the addons you noted + use yourself... ) .HOSTS files can be used to blockout KNOWN " bad " adserves , maliciously coded sites or adbanners , and " botnet C&amp;C servers " too ! You can obtain reliable HOSTS files from reputable lists for more security online , but also for speed !
( More on that later &amp; WHY/HOW ( I use reliable lists for that , such as these HOSTS @ Wikipedia.com - &gt; http : //en.wikipedia.org/wiki/Hosts \ _file [ wikipedia.org ] or those from mvps.org ( a good one this one ) ) I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats , via : ----A .
) Spybot " Search &amp; Destroy " updates ( populates HOSTS and browser block lists ) B .
) Sites like ZDNet 's Mr. Dancho Danchev 's blog - &gt; http : //ddanchev.blogspot.com/ [ blogspot.com ] C. ) Sites like FireEye - &gt; http : //blog.fireeye.com/ [ fireeye.com ] D. ) SRI - &gt; http : //mtc.sri.com/ [ sri.com ] ----My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online ( by blocking adbanners , which have been compromised many times the past few years now by malscripted exploits ( examples below ) ) .
( I combined ALL reputable HOSTS files with one of my own ( 30,000 entries ) , &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called " APK HOSTS File Grinder 4.0 + + " .
That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter ' IP address to either 0.0.0.0 ( for VISTA/Windows Server 2008/Windows 7 , smaller &amp; thus faster than 127.0.0.1 default ) or the smallest &amp; fastest 0 " blocking 'IP ADDRESS ' " ( for Windows 2000/XP/Server 2003 which can STILL use it ( &amp; it was added in a service pack on Windows 2000 , only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards ( &amp; now all these " phunny little bugs " are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall , which ROOTKIT.COM has stated ( with code too no less on how it is done ) - &gt; http : //www.rootkit.com/newsread.php ? newsid = 952 [ rootkit.com ] [ rootkit.com ] that it is EASIER TO UNHOOK ( than was the design used in Windows 2000/XP/Server 2003 ) ) Another EXCELLENT benefit of HOSTS file usage ?
More speed online , &amp; also more security + reliability ( especially in the case of DNS servers today , per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now ) ...AND , YOU CAN GET EVEN MORE SPEED , and RELIABILITY ( vs. downed or " DNS poisoned/misdirected " dns servers too ) via yet another " hidden bonus for speed " in HOSTS files : HOW SO ?
WELL - I use another " technique " called " hardcoding " an IP address to domainname/hostname in my HOSTS files , for my FAVORITE websites : This allows me to FIRST bypass any remote/external DNS lookups , which also would in theory @ least , make me " proofed " vs. DNS request logs by my ISP/BSP also .
( Especially since I use external DNS servers too , OpenDNS ones to be specific , that go beyond my hardcoded favs in my HOSTS file because I ca n't ping &amp; resolve the ENTIRE internet after all ) This also makes it harder for others to track me... ( Sure , they could do a " reverse DNS lookup " via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest , but that is harder to do , than looking up my URL requests via a log on a DNS server ) ) ALSO , AS ANOTHER " BONUS " in HOSTS FILES ( ca n't stress it enough , &amp; especially above + beyond adbanner blocking ) : It speeds you up , or can ! E.G.- &gt; A buddy of mine named Jack says it has ( verbatim quote ) " DOUBLED MY SPEED ONLINE , BUT I VALUE THE SECURITY PART MORE " , because he used to get over 200 + + viruses a week , now ?
Only maybe 2 a year IF THAT lately , &amp; he is convinced it is largely due to the HOSTS file I send him weekly ( he is my " lab rat # 1 " due to his previous infestation rate ) , &amp; if that " anecdotal evidence " is not enough ?
See this then , from a published security guru on a respected site for it : = = = = RESURRECTING THE KILLFILE : ( by Mr. Oliver Day ) http : //www.securityfocus.com/columnists/491 [ securityfocus.com ] PERTINENT EXCERPTS/QUOTES : " The host file on my day-to-day laptop is now over 16,000 lines long .
Accessing the Internet particularly browsing the Web is actually faster now .
" " From what I have seen in my research , major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade .
The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties .
More recently , projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware .
" = = = = ( A nice bonus beyond blocking adbanners via HOSTS too , because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below , several examples thereof no less ) , because you do n't waste between 30-N ms calling out to an external DNS !
( Again , and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it ) Thus , SO , even IF your DNS servers go down , or are " dns poisoned " ( or fall to yet another security flaw , many are in my " p.s .
" below no less , as documented evidences thereof to my statements here no less ) ? Well , by using a custom HOSTS file setup , you can STILL GET TO YOUR FAV .
SITES IF HARDCODED in your HOSTS FILE &amp; @ higher speeds than DNS server calls , 30-N times faster in fact ( a good thing , but one you may have to periodically alter , easily , via notepad.exe edits of your HOSTS file &amp; a ping to update their new address ( sites change hosting providers due to better services or prices , rare , but they do &amp; MOST let you know they are about to do so anyhow , so you can amend a HOSTS file ) ) .NICEST PART IS , THOUGH , PER YOUR STATEMENT ( in addition to the benefits of HOSTS file I note above , alongside others like Mr. Oliver Day of SECURITYFOCUS.COM ) ? I will STILL get to where it is that I WANT TO GO , not the router 's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least , because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL , not via my routers ' onboard DNS server...APKP.S. = &gt; Evidences as to WHY you 'd want to add on the " extra layered security protection " of a HOSTS file , which extends global security coverage to your webbound apps , AND , allows for a great deal of added extra speed as well ?
Ok , here are some documented reasons why like : a .
) DNS servers vulnerable , under attack , failing or being " DNS poisoned " misdirected &amp; moreb .
) Security suites failing vs. modern " blended threats " onlinec .
) javascript being used to do most of this via apps ) d. ) adbanners being maliciously coded also... ( Here we go with documented proofs/examples : ) = = = = POISONED MALSCRIPTED ADBANNERSThe Next Ad You Click May Be a Virus : http : //it.slashdot.org/article.pl ? sid = 09/06/15/2056219 [ slashdot.org ] ----Attackers Infect Ads With Old Adobe Vulnerability : http : //it.slashdot.org/article.pl ? sid = 09/02/25/024211 [ slashdot.org ] ----Hackers Use Banner Ads on Major Sites to Hijack Your PC : http : //www.wired.com/techbiz/media/news/2007/11/doubleclick [ wired.com ] ----Adobe Flash Ads Launching Clipboard Hijack Attacks : http : //it.slashdot.org/article.pl ? sid = 08/08/20/0029220&amp;from = rss [ slashdot.org ] ----Slashdot | Americans Do n't Want Targeted Ads : http : //yro.slashdot.org/article.pl ? sid = 09/10/01/1854214 [ slashdot.org ] = = = = DNS PROBLEMS : Number of Rogue DNS Servers on the Rise : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/02/15/2118212 [ slashdot.org ] ----Security Researcher Kaminsky Pushes DNS Patching : http : //it.slashdot.org/article.pl ? sid = 09/02/19/2322231 [ slashdot.org ] ----Ten Percent of DNS Servers Still Vulnerable : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 05/08/04/1525235 [ slashdot.org ] ----TimeWarner DNS Hijacking : http : //tech.slashdot.org/article.pl ? sid = 07/07/23/2140208 [ slashdot.org ] ----Another DNS Flaw Found : http : //tech.slashdot.org/article.pl ? sid = 09/01/09/2348240 [ slashdot.org ] ----Attack Code Published For DNS Vulnerability : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/07/23/231254 [ slashdot.org ] ----BIND Still Susceptible To DNS Cache Poisoning : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/08/09/123222 [ slashdot.org ] ----DDoS Attacks Via DNS Recursion : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 06/03/16/1658209 [ slashdot.org ] ----DNS Poisoning Hits One of China 's Biggest ISPs : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/08/21/2343250 [ slashdot.org ] ----DNS Root Servers Attacked : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 07/02/06/2238225 [ slashdot.org ] ----DNS Problem Linked To DDoS Attacks Gets Worse : http : //tech.slashdot.org/comments.pl ? sid = 1444354&amp;cid = 30109858 [ slashdot.org ] ----Are your servers vulnerable to DNS attacks ? http : //www.networkworld.com/news/2007/111907-dns-attacks.html [ networkworld.com ] ----Kaminsky On DNS Bugs a Year Later and DNSSEC : http : //it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC [ slashdot.org ] ----DNS users put higher premium on security : http : //news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/ [ techworld.com ] ----BIND , the Buggy Internet Name Daemon : http : //cr.yp.to/djbdns/blurb/unbind.html [ cr.yp.to ] ( Where djbdns was found to have flaw , though it was alleged invulnerable , they paid out $ 10,000 reward ) ----DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE : http : //blogs.zdnet.com/security/ ? p = 1520 [ zdnet.com ] ----DNS REBINDING ATTACKS : MultiPinning Browser JavaScript Vulnerability ( how to protect yourself ) : http : //crypto.stanford.edu/dns/ [ stanford.edu ] ----Hackers hijack DNS records of high profile New Zealand sites : http : //blogs.zdnet.com/security/ ? p = 3185 [ zdnet.com ] = = = = SECURITY SUITE PROGRAMS FAILING : AntiVirus Products Fail to Find Simple IE Malware : http : //tech.slashdot.org/article.pl ? sid = 07/10/29/1747237 [ slashdot.org ] ----Most Security Products Fail To Perform : http : //hardware.slashdot.org/comments.pl ? sid = 1445302&amp;threshold = -1&amp;commentsort = 0&amp;mode = thread&amp;pid = 30114652 [ slashdot.org ] ----TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM : http : //secunia.com/blog/29/ [ secunia.com ] ----Top security suites fail exploit tests : http : //www.computerworld.com/s/article/9117042/Top \ _security \ _suites \ _fail \ _exploit \ _tests ? intsrc = news \ _ts \ _head [ computerworld.com ] ----Antivirus is 'completely wasted money ' : Cisco CSO : News - Security - ZDNet Australia : http : //www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm ? feed = pt \ _auscert [ zdnet.com.au ] ----Are Routers the Next Big Target for Hackers ? http : //blogs.zdnet.com/security/ ? p = 919 [ zdnet.com ] ----Software Firewalls : Made of Straw ?
Part 1 of 2 : http : //www.securityfocus.com/infocus/1839 [ securityfocus.com ] Software Firewalls : Made of Straw ?
Part 2 of 2 : http : //www.securityfocus.com/infocus/1840/2 [ securityfocus.com ] ----Brief study shows difficulty in detecting malware ( 2008 ) : http : //www.securityfocus.com/brief/858 [ securityfocus.com ] ----2007 - Browser vulnerabilities and attacks will continue to mount : http : //www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679 [ infoworld.com ] ----Bug exposes Cisco switches to attacks : http : //news.cnet.com/Bug-exposes-Cisco-switches + to + attacks/2110-7349 \ _3-5902897.html ? part = rss&amp;tag = 5902897&amp;subj = news [ cnet.com ] &amp;CISCO " COMES CLEAN " ON EXTENT OF IOS FLAW : http : //www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/ [ eweek.com ] &amp;Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability : http : //secunia.com/advisories/28625/ [ secunia.com ] + Computer routers face hijack risk - study : http : //www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html ? ref = rss [ www.cbc.ca ] Slashdot Technology Story | Will Mainstream Media Embrace Adblockers ? http : //tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers [ slashdot.org ] ----Congress May Require ISPs To Block Certain Fraud Sites : http : //yro.slashdot.org/comments.pl ? sid = 1432514&amp;cid = 30024078 [ slashdot.org ] = = = = JAVASCRIPT PROBLEMS : Slashdot | Adobe Confirms PDF Zero-Day , Says Kill JavaScript : http : //it.slashdot.org/article.pl ? sid = 09/04/29/1823234 [ slashdot.org ] ----Adobe Flash Zero-Day Attack Underway : http : //it.slashdot.org/article.pl ? sid = 08/05/28/0138247&amp;from = rss [ slashdot.org ] ----JavaScript flaw reported in Adobe Reader ( 4th or 5th time already , if not more ) : http : //www.securityfocus.com/brief/953 [ securityfocus.com ] ----Another malware pulls an Italian job via JAVASCRIPT : http : //blog.trendmicro.com/another-malware-pulls-an-italian-job/ [ trendmicro.com ] ----JavaScript opens doors to browser-based attacks | CNET News.com : http : //news.com.com/JavaScript + opens + doors + to + browser-based + attacks/2100-7349 \ _3-6099891.html ? part = rss&amp;tag = 6099891&amp;subj = news [ com.com ] ----Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secuniahttp : //secunia.com/advisories/29787/ [ secunia.com ] ----New script outstrips all other drive-by download risks : http : //www.theregister.co.uk/2009/05/15/script \ _menace/ [ theregister.co.uk ] ----Researcher to demonstrate attack code for Intel chips via Javascript : http : //www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036 [ infoworld.com ] ----Researcher : JavaScript Attacks Get Slicker : http : //www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/ [ eweek.com ] ----Rise Of The PDF Exploits : http : //www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits [ trustedsource.org ] ----ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF : http : //www.shadowserver.org/wiki/pmwiki.php ? n = Calendar.20090219 [ shadowserver.org ] ----AJAX Poses Security , Performance Risks : http : //www.eweek.com/article2/0,1895,1916673,00.asp [ eweek.com ] ----Web 2.0 Threats and Risks for Financial Services : http : //www.net-security.org/article.php ? id = 1004&amp;p = 1 [ net-security.org ] http : //www.cbronline.com/news/web \ _20 \ _is \ _vulnerable \ _to \ _attack [ cbronline.com ] ----Cross Site Scripting ( GOOGLE ) and WHY TO TURN OFF JAVASCRIPT : http : //www.cgisecurity.com/xss-faq.html [ cgisecurity.com ] ----Why the FBI Director Does n't Bank Onlinehttp : //it.slashdot.org/article.pl ? sid = 09/10/08/0327240 [ slashdot.org ] = = = = MAJOR ATTACKS ( only a small sample ) of WHY LAYERED SECURITY IS NEEDEDIs the Botnet Battle Already Lost ? http : //www.eweek.com/article2/0,1895,2029720,00.asp [ eweek.com ] ----IT Pros Say They Ca n't Stop Data Breaches : http : //www.eweek.com/article2/0,1895,2010325,00.asp ? kc = EWNAVEMNL083106EOAD [ eweek.com ] ----Cyber Attacks On US Military Jump Sharply In 2009http : //tech.slashdot.org/comments.pl ? sid = 1452358&amp;threshold = -1&amp;commentsort = 0&amp;mode = thread&amp;cid = 30185742 [ slashdot.org ] ----Bots Found Inside Many Big Companies : http : //blogs.baselinemag.com/security/content001/cybercrime/bots \ _found \ _inside \ _many \ _big \ _companies.html [ baselinemag.com ] ----Bot master owns up to 250,000 zombie PCs : http : //www.securityfocus.com/news/11495 [ securityfocus.com ] ----Bots surge ahead ( 2007 ) : http : //www.securityfocus.com/brief/466 [ securityfocus.com ] ----Chinese Hackers Hit Commerce Department : http : //www.informationweek.com/news/security/government/showArticle.jhtml ? articleID = 193105227 [ informationweek.com ] ----CIA Admits Cyberattacks Blacked Out Cities : http : //www.informationweek.com/news/internet/showArticle.jhtml ? articleID = 205901631 [ informationweek.com ] ----Compromised Banks and Investment sites list 2006 : http : //it.slashdot.org/comments.pl ? sid = 233921&amp;cid = 19035679 [ slashdot.org ] ----Dancho Danchev 's Blog - Mind Streams of Information Security Knowledge : Massive IFRAME SEO Poisoning Attack Continuing : http : //ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html [ blogspot.com ] ----Data at Bank of America , Wachovia , others compromised - May .
23 , 2005 : http : //money.cnn.com/2005/05/23/news/fortune500/bank \ _info/index.htm [ cnn.com ] ----Fresh Security Breaches at Los Alamos : http : //www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/ [ msn.com ] ----Infected job search sites lead to info theft for 46,000 : http : //www.computerworld.com/s/article/9031139/Infected \ _job \ _search \ _sites \ _lead \ _to \ _info \ _theft \ _for \ _46 \ _000 [ computerworld.com ] ----New Mega-Botnet Discovered : http : //it.slashdot.org/article.pl ? sid = 09/04/22/2223214 [ slashdot.org ] ----I think THAT list ought to " enlighten " ANYONE , as to why " layered security " is &amp; has been considered largely to be " THE WAY TO GO " , vs. that list above ( which is only a SMALL \ % -age of what I can come up with in regards to threats online + their causes ) ... HOSTS files help protect vs. those , on several levels - DO consider their usage ! I 'd like to also end this , on a little quote from a fav .
film of mine : " My name is Dr. Robert Neville .
I am a survivor living in New York City .
I am broadcasting on all a.m. frequencies. I will be in the south street seaport everyday at midday when the sun is highest in the sky .
If you are out there , if anyone is out there , I can provide food ; I can provide shelter ; I can provide security - &gt; http : //www.tcmagazine.com/forums/index.php ? s = 44b7ce1c3ee460d32e68cb97f2597368&amp;showtopic = 2662 [ tcmagazine.com ] .
If there 's anybody out there , anybody , please... you are not alone .
" - Dr. Robert Neville , I AM LEGEND&amp; that film inspired me to write that guide for securing Windows NT-based OS variants , @ the end of 2007 , + for my " New Year 's Resolution " for 2008 , of " Do the right thing &amp; 'pay it forward ' " ... &amp; , it works.Here though ? Well , I only suggested a SMALL part of that guide here , but a crucial &amp; EFFECTIVE ONE , &amp; mainly because it fits the bill here QUITE specifically &amp; functions globally , instead of just being good for 1 set of apps only ( like FF addons are only , unfortunately ) , &amp; it does n't eat CPU like those do either OR slow you down ( if anything ?
They speed you up HUGELY , in addition to securing you too as a bonus ) ...apk</tokentext>
<sentencetext>"We, as ./ users, have the ability to disable advertising on ./ forums, etc.
Not that this is relevant, but the rest of the world (fark, anyone?
) does have serious lag time.
Be thankful, guys!
Back to the subject matter, though.
Is this a "new" revelation?
--Stak - by stakovahflow (1660677) on Monday November 30, @12:40PM (#30271720)Untrue, &amp; I'll show you folks here (and folks from other forums too), on how to do that, GLOBALLY (for all webbound apps you have), &amp; easily in a simple easily edited text file called a HOSTS file...HOSTS files yield not only more speed (in a couple ways no less), but, also FAR MORE SECURITY ONLINE too, as a bonus (&amp; works perfectly with all browser addons, firewalls, ip security policies, you-name-it)... here goes:Per my subject line above?
How about a GLOBAL solution, instead, &amp; one that extends to ALL of your "webbound apps", instead, &amp; NOT just to Mozilla softwares which is all your solution works for... (think IE, Outlook &amp; other email programs even, + more), AND, the solution I propose also acts as "layered security" in combination with the FF/Mozilla only methods many here use, &amp; those, ONLY  (which sadly, your methods are KNOWN to slow your browser down, use CPU cycles &amp; more (like having bugs &amp; security flaws in themselves too)... where this solution does not &amp; covers ALL webbound apps, globally)?
?Here is a GOOD SOLID WORK-AROUND, CALLED A HOSTS FILE!
(It works for more speed online, AND SECURITY ESPECIALLY... Also, it works for your money, because you pay for your linetime out of pocket most likely as I do, you can get back your speed, AND, gain security easily, &amp; from a single easily edited file &amp; a file eats no CPU cycles like a local DNS server can (&amp; are not as security vulnerable either if you protect write access to a HOSTS file also)... Anyhow/anyways - Here goes:SO - "that all said &amp; aside"?
Well, per your reply??
You're solutions cost CPU cycles &amp; are KNOWN to slow down FF/Mozilla variants (as browser addons do), but... Hey - NO PROBLEM, because HOSTS files work alongside those addons too, &amp; offer you more speed online AND more security, via a SINGLE EASILY EDITED + POPULATED FILE (called a HOSTS file):I use a custom HOSTS file, in addition to the tools others here in this thread have noted (which MANY like FF addons only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, &amp; that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", &amp; of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&amp;C servers" too!You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!
(More on that later &amp; WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -&gt; http://en.wikipedia.org/wiki/Hosts\_file [wikipedia.org] or those from mvps.org (a good one this one))I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats, via:----A.
) Spybot "Search &amp; Destroy" updates (populates HOSTS and browser block lists)B.
) Sites like ZDNet's Mr. Dancho Danchev's blog -&gt; http://ddanchev.blogspot.com/ [blogspot.com]C.) Sites like FireEye -&gt; http://blog.fireeye.com/ [fireeye.com]D.) SRI -&gt; http://mtc.sri.com/ [sri.com]----My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).
(I combined ALL reputable HOSTS files with one of my own (30,000 entries), &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++".
That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller &amp; thus faster than 127.0.0.1 default) or the smallest &amp; fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (&amp; it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (&amp; now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -&gt; http://www.rootkit.com/newsread.php?newsid=952 [rootkit.com] [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))Another EXCELLENT benefit of HOSTS file usage?
More speed online, &amp; also more security + reliability (especially in the case of DNS servers today, per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...AND, YOU CAN GET EVEN MORE SPEED, and RELIABILITY (vs. downed or "DNS poisoned/misdirected" dns servers too) via yet another "hidden bonus for speed" in HOSTS files:HOW SO?
WELL - I use another "technique" called "hardcoding" an IP address to domainname/hostname in my HOSTS files, for my FAVORITE websites:This allows me to FIRST bypass any remote/external DNS lookups, which also would in theory @ least, make me "proofed" vs. DNS request logs by my ISP/BSP also.
(Especially since I use external DNS servers too, OpenDNS ones to be specific, that go beyond my hardcoded favs in my HOSTS file because I can't ping &amp; resolve the ENTIRE internet after all)This also makes it harder for others to track me...(Sure, they could do a "reverse DNS lookup" via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest, but that is harder to do, than looking up my URL requests via a log on a DNS server))ALSO, AS ANOTHER "BONUS" in HOSTS FILES (can't stress it enough, &amp; especially above + beyond adbanner blocking):  It speeds you up, or can!E.G.-&gt; A buddy of mine named Jack says it has (verbatim quote) "DOUBLED MY SPEED ONLINE, BUT I VALUE THE SECURITY PART MORE", because he used to get over 200++ viruses a week, now?
Only maybe 2 a year IF THAT lately, &amp; he is convinced it is largely due to the HOSTS file I send him weekly (he is my "lab rat #1" due to his previous infestation rate), &amp; if that "anecdotal evidence" is not enough?
See this then, from a published security guru on a respected site for it:====RESURRECTING THE KILLFILE:(by Mr. Oliver Day)http://www.securityfocus.com/columnists/491 [securityfocus.com]PERTINENT EXCERPTS/QUOTES:"The host file on my day-to-day laptop is now over 16,000 lines long.
Accessing the Internet particularly browsing the Web is actually faster now.
""From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade.
The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties.
More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware.
"====(A nice bonus beyond blocking adbanners via HOSTS too, because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below, several examples thereof no less), because you don't waste between 30-N ms calling out to an external DNS!
(Again, and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it)Thus, SO, even IF your DNS servers go down, or are "dns poisoned" (or fall to yet another security flaw, many are in my "p.s.
" below no less, as documented evidences thereof to my statements here no less)?Well, by using a custom HOSTS file setup, you can STILL GET TO YOUR FAV.
SITES IF HARDCODED in your HOSTS FILE &amp; @ higher speeds than DNS server calls, 30-N times faster in fact (a good thing, but one you may have to periodically alter, easily, via notepad.exe edits of your HOSTS file &amp; a ping to update their new address (sites change hosting providers due to better services or prices, rare, but they do &amp; MOST let you know they are about to do so anyhow, so you can amend a HOSTS file)).NICEST PART IS, THOUGH, PER YOUR STATEMENT (in addition to the benefits of HOSTS file I note above, alongside others like Mr. Oliver Day of SECURITYFOCUS.COM)?I will STILL get to where it is that I WANT TO GO, not the router's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least, because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL, not via my routers' onboard DNS server...APKP.S.=&gt; Evidences as to WHY you'd want to add on the "extra layered security protection" of a HOSTS file, which extends global security coverage to your webbound apps, AND, allows for a great deal of added extra speed as well?
Ok, here are some documented reasons why like:a.
) DNS servers vulnerable, under attack, failing or being "DNS poisoned" misdirected &amp; moreb.
) Security suites failing vs. modern "blended threats" onlinec.
) javascript being used to do most of this via apps)d.) adbanners being maliciously coded also...(Here we go with documented proofs/examples:)====POISONED MALSCRIPTED ADBANNERSThe Next Ad You Click May Be a Virus:http://it.slashdot.org/article.pl?sid=09/06/15/2056219 [slashdot.org]----Attackers Infect Ads With Old Adobe Vulnerability:http://it.slashdot.org/article.pl?sid=09/02/25/024211 [slashdot.org]----Hackers Use Banner Ads on Major Sites to Hijack Your PC:http://www.wired.com/techbiz/media/news/2007/11/doubleclick [wired.com]----Adobe Flash Ads Launching Clipboard Hijack Attacks:http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss [slashdot.org]----Slashdot | Americans Don't Want Targeted Ads:http://yro.slashdot.org/article.pl?sid=09/10/01/1854214 [slashdot.org]====DNS PROBLEMS:Number of Rogue DNS Servers on the Rise:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212 [slashdot.org]----Security Researcher Kaminsky Pushes DNS Patching:http://it.slashdot.org/article.pl?sid=09/02/19/2322231 [slashdot.org]----Ten Percent of DNS Servers Still Vulnerable:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235 [slashdot.org]----TimeWarner DNS Hijacking:http://tech.slashdot.org/article.pl?sid=07/07/23/2140208 [slashdot.org]----Another DNS Flaw Found:http://tech.slashdot.org/article.pl?sid=09/01/09/2348240 [slashdot.org]----Attack Code Published For DNS Vulnerability:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254 [slashdot.org]----BIND Still Susceptible To DNS Cache Poisoning:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222 [slashdot.org]----DDoS Attacks Via DNS Recursion:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209 [slashdot.org]----DNS Poisoning Hits One of China's Biggest ISPs:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250 [slashdot.org]----DNS Root Servers Attacked:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225 [slashdot.org]----DNS Problem Linked To DDoS Attacks Gets Worse:http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858 [slashdot.org]----Are your servers vulnerable to DNS attacks?http://www.networkworld.com/news/2007/111907-dns-attacks.html [networkworld.com]----Kaminsky On DNS Bugs a Year Later and DNSSEC:http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC [slashdot.org]----DNS users put higher premium on security:http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/ [techworld.com]----BIND, the Buggy Internet Name Daemon:http://cr.yp.to/djbdns/blurb/unbind.html [cr.yp.to](Where djbdns was found to have flaw, though it was alleged invulnerable, they paid out $10,000 reward)----DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE:http://blogs.zdnet.com/security/?p=1520 [zdnet.com]----DNS REBINDING ATTACKS: MultiPinning Browser JavaScript Vulnerability (how to protect yourself):http://crypto.stanford.edu/dns/ [stanford.edu]----Hackers hijack DNS records of high profile New Zealand sites:http://blogs.zdnet.com/security/?p=3185 [zdnet.com]====SECURITY SUITE PROGRAMS FAILING:AntiVirus Products Fail to Find Simple IE Malware:http://tech.slashdot.org/article.pl?sid=07/10/29/1747237 [slashdot.org]----Most Security Products Fail To Perform:http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652 [slashdot.org]----TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM:http://secunia.com/blog/29/ [secunia.com]----Top security suites fail exploit tests:http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head [computerworld.com]----Antivirus is 'completely wasted money': Cisco CSO: News - Security - ZDNet Australia:http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert [zdnet.com.au]----Are Routers the Next Big Target for Hackers?http://blogs.zdnet.com/security/?p=919 [zdnet.com]----Software Firewalls: Made of Straw?
Part 1 of 2:http://www.securityfocus.com/infocus/1839 [securityfocus.com]Software Firewalls: Made of Straw?
Part 2 of 2:http://www.securityfocus.com/infocus/1840/2 [securityfocus.com]----Brief study shows difficulty in detecting malware (2008):http://www.securityfocus.com/brief/858 [securityfocus.com]----2007 - Browser vulnerabilities and attacks will continue to mount:http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679 [infoworld.com]----Bug exposes Cisco switches to attacks:http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news [cnet.com]&amp;CISCO "COMES CLEAN" ON EXTENT OF IOS FLAW:http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/ [eweek.com]&amp;Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability:http://secunia.com/advisories/28625/ [secunia.com]+Computer routers face hijack risk - study:http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss [www.cbc.ca]Slashdot Technology Story | Will Mainstream Media Embrace Adblockers?http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers [slashdot.org]----Congress May Require ISPs To Block Certain Fraud Sites:http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078 [slashdot.org]====JAVASCRIPT PROBLEMS:Slashdot | Adobe Confirms PDF Zero-Day, Says Kill JavaScript:http://it.slashdot.org/article.pl?sid=09/04/29/1823234 [slashdot.org]----Adobe Flash Zero-Day Attack Underway:http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss [slashdot.org]----JavaScript flaw reported in Adobe Reader (4th or 5th time already, if not more):http://www.securityfocus.com/brief/953 [securityfocus.com]----Another malware pulls an Italian job via JAVASCRIPT:http://blog.trendmicro.com/another-malware-pulls-an-italian-job/ [trendmicro.com]----JavaScript opens doors to browser-based attacks | CNET News.com:http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news [com.com]----Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secuniahttp://secunia.com/advisories/29787/ [secunia.com]----New script outstrips all other drive-by download risks:http://www.theregister.co.uk/2009/05/15/script\_menace/ [theregister.co.uk]----Researcher to demonstrate attack code for Intel chips via Javascript:http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036 [infoworld.com]----Researcher: JavaScript Attacks Get Slicker:http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/ [eweek.com]----Rise Of The PDF Exploits:http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits [trustedsource.org]----ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF:http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219 [shadowserver.org]----AJAX Poses Security, Performance Risks:http://www.eweek.com/article2/0,1895,1916673,00.asp [eweek.com]----Web 2.0 Threats and Risks for Financial Services:http://www.net-security.org/article.php?id=1004&amp;p=1 [net-security.org]http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack [cbronline.com]----Cross Site Scripting (GOOGLE) and WHY TO TURN OFF JAVASCRIPT:http://www.cgisecurity.com/xss-faq.html [cgisecurity.com]----Why the FBI Director Doesn't Bank Onlinehttp://it.slashdot.org/article.pl?sid=09/10/08/0327240 [slashdot.org]====MAJOR ATTACKS (only a small sample) of WHY LAYERED SECURITY IS NEEDEDIs the Botnet Battle Already Lost?http://www.eweek.com/article2/0,1895,2029720,00.asp [eweek.com]----IT Pros Say They Can't Stop Data Breaches:http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD [eweek.com]----Cyber Attacks On US Military Jump Sharply In 2009http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742 [slashdot.org]----Bots Found Inside Many Big Companies:http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html [baselinemag.com]----Bot master owns up to 250,000 zombie PCs:http://www.securityfocus.com/news/11495 [securityfocus.com]----Bots surge ahead (2007):http://www.securityfocus.com/brief/466 [securityfocus.com]----Chinese Hackers Hit Commerce Department:http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227 [informationweek.com]----CIA Admits Cyberattacks Blacked Out Cities:http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631 [informationweek.com]----Compromised Banks and Investment sites list 2006:http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679 [slashdot.org]----Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Massive IFRAME SEO Poisoning Attack Continuing:http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html [blogspot.com]----Data at Bank of America, Wachovia, others compromised - May.
23, 2005:http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm [cnn.com]----Fresh Security Breaches at Los Alamos:http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/ [msn.com]----Infected job search sites lead to info theft for 46,000:http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000 [computerworld.com]----New Mega-Botnet Discovered:http://it.slashdot.org/article.pl?sid=09/04/22/2223214 [slashdot.org]----I think THAT list ought to "enlighten" ANYONE, as to why "layered security" is &amp; has been considered largely to be "THE WAY TO GO", vs. that list above (which is only a SMALL \%-age of what I can come up with in regards to threats online + their causes)... HOSTS files help protect vs. those, on several levels - DO consider their usage!I'd like to also end this, on a little quote from a fav.
film of mine:"My name is Dr. Robert Neville.
I am a survivor living in New York City.
I am broadcasting on all a.m. frequencies. I will be in the south street seaport everyday at midday when the sun is highest in the sky.
If you are out there, if anyone is out there, I can provide food; I can provide shelter; I can provide security -&gt; http://www.tcmagazine.com/forums/index.php?s=44b7ce1c3ee460d32e68cb97f2597368&amp;showtopic=2662 [tcmagazine.com] .
If there's anybody out there, anybody, please... you are not alone.
" - Dr. Robert Neville, I AM LEGEND&amp; that film inspired me to write that guide for securing Windows NT-based OS variants, @ the end of 2007, + for my "New Year's Resolution" for 2008, of "Do the right thing &amp; 'pay it forward'"... &amp;, it works.Here though?Well, I only suggested a SMALL part of that guide here, but a crucial &amp; EFFECTIVE ONE, &amp; mainly because it fits the bill here QUITE specifically &amp; functions globally, instead of just being good for 1 set of apps only (like FF addons are only, unfortunately), &amp; it doesn't eat CPU like those do either OR slow you down (if anything?
They speed you up HUGELY, in addition to securing you too as a bonus)...apk
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271720</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276142</id>
	<title>web ad manifesto</title>
	<author>Anonymous</author>
	<datestamp>1259580960000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Dear internet, I know me looking at a webpage makes no money for the host or the content provider, I don't care.</p><p>I will block ads until the following issues are fixed.</p><p>1. ads animate<br>1. ads play sound<br>2. ads take up more than 20\% of the screen<br>3. ads scroll with the content<br>4. ads break up the content<br>5. content is split on multiple pages for the purpose of generating more ad impressions<br>6. ads are disguised as content<br>7. ads insult me by reminding me useless scammy products exist  (ax body spray, mlm, get rich quick, diet pills, horoscopes, etc)<br>8. ads are irrelevant to the context in which they are displayed</p></htmltext>
<tokenext>Dear internet , I know me looking at a webpage makes no money for the host or the content provider , I do n't care.I will block ads until the following issues are fixed.1 .
ads animate1 .
ads play sound2 .
ads take up more than 20 \ % of the screen3 .
ads scroll with the content4 .
ads break up the content5 .
content is split on multiple pages for the purpose of generating more ad impressions6 .
ads are disguised as content7 .
ads insult me by reminding me useless scammy products exist ( ax body spray , mlm , get rich quick , diet pills , horoscopes , etc ) 8. ads are irrelevant to the context in which they are displayed</tokentext>
<sentencetext>Dear internet, I know me looking at a webpage makes no money for the host or the content provider, I don't care.I will block ads until the following issues are fixed.1.
ads animate1.
ads play sound2.
ads take up more than 20\% of the screen3.
ads scroll with the content4.
ads break up the content5.
content is split on multiple pages for the purpose of generating more ad impressions6.
ads are disguised as content7.
ads insult me by reminding me useless scammy products exist  (ax body spray, mlm, get rich quick, diet pills, horoscopes, etc)8. ads are irrelevant to the context in which they are displayed</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271838</id>
	<title>I'm looking at you, Slashdot</title>
	<author>Animats</author>
	<datestamp>1259606820000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>
I've mentioned the ad bottleneck before.  Slashdot is an especially bad offender. Pages use several ad servers, and they use "document.write" to stall the page load until the ad comes up.  Even if you have the ad images blocked, some of the junk JavaScript still needs to run.
</p><p>
Some sites are just slow at serving pages. Behind my <a href="http://www.sitetruth.com/" title="sitetruth.com">SiteTruth</a> [sitetruth.com] system there is a specialized web crawler which looks for a business name and address on each web site.  It never looks at more than 20 pages, and it's looking for pages like "About", "Contact", and about 40 other words which might plausibly lead to contact info.  This process runs about 5-15 seconds for a well-implemented site.  I log sites where it takes more than 45 seconds.  About 5-10\% of sites run overtime. In the last hour, the slowest site is "www.airsmaxkey.com", at 159 seconds to read 10 pages. (Yes, they're a bottom-feeder.  Not only is there no business address on the site (a criminal offense in the European Union), they have logos from Verisign, PayPay, Verified by Visa, and MasterCard SecureCode, none of which are actually clickable to do the claimed verification. Nor does their shopping cart checkout use SSL. The whole site may be a scam. SiteTruth gives them a "Do Not Enter" rating.)
</p><p>
Some of the social networking sites have so much Javascript that Firefox will time out.  (Facebook had that problem for a while.  They fixed it.)</p></htmltext>
<tokenext>I 've mentioned the ad bottleneck before .
Slashdot is an especially bad offender .
Pages use several ad servers , and they use " document.write " to stall the page load until the ad comes up .
Even if you have the ad images blocked , some of the junk JavaScript still needs to run .
Some sites are just slow at serving pages .
Behind my SiteTruth [ sitetruth.com ] system there is a specialized web crawler which looks for a business name and address on each web site .
It never looks at more than 20 pages , and it 's looking for pages like " About " , " Contact " , and about 40 other words which might plausibly lead to contact info .
This process runs about 5-15 seconds for a well-implemented site .
I log sites where it takes more than 45 seconds .
About 5-10 \ % of sites run overtime .
In the last hour , the slowest site is " www.airsmaxkey.com " , at 159 seconds to read 10 pages .
( Yes , they 're a bottom-feeder .
Not only is there no business address on the site ( a criminal offense in the European Union ) , they have logos from Verisign , PayPay , Verified by Visa , and MasterCard SecureCode , none of which are actually clickable to do the claimed verification .
Nor does their shopping cart checkout use SSL .
The whole site may be a scam .
SiteTruth gives them a " Do Not Enter " rating .
) Some of the social networking sites have so much Javascript that Firefox will time out .
( Facebook had that problem for a while .
They fixed it .
)</tokentext>
<sentencetext>
I've mentioned the ad bottleneck before.
Slashdot is an especially bad offender.
Pages use several ad servers, and they use "document.write" to stall the page load until the ad comes up.
Even if you have the ad images blocked, some of the junk JavaScript still needs to run.
Some sites are just slow at serving pages.
Behind my SiteTruth [sitetruth.com] system there is a specialized web crawler which looks for a business name and address on each web site.
It never looks at more than 20 pages, and it's looking for pages like "About", "Contact", and about 40 other words which might plausibly lead to contact info.
This process runs about 5-15 seconds for a well-implemented site.
I log sites where it takes more than 45 seconds.
About 5-10\% of sites run overtime.
In the last hour, the slowest site is "www.airsmaxkey.com", at 159 seconds to read 10 pages.
(Yes, they're a bottom-feeder.
Not only is there no business address on the site (a criminal offense in the European Union), they have logos from Verisign, PayPay, Verified by Visa, and MasterCard SecureCode, none of which are actually clickable to do the claimed verification.
Nor does their shopping cart checkout use SSL.
The whole site may be a scam.
SiteTruth gives them a "Do Not Enter" rating.
)

Some of the social networking sites have so much Javascript that Firefox will time out.
(Facebook had that problem for a while.
They fixed it.
)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273472</id>
	<title>Re:Kind of Fitting</title>
	<author>Anonymous</author>
	<datestamp>1259614380000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>WAIT! Slashdot has ads? Who knew...</p><p>(curls up in the corner, slowly stroking my AdBlock Plus)</p></htmltext>
<tokenext>WAIT !
Slashdot has ads ?
Who knew... ( curls up in the corner , slowly stroking my AdBlock Plus )</tokentext>
<sentencetext>WAIT!
Slashdot has ads?
Who knew...(curls up in the corner, slowly stroking my AdBlock Plus)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276502</id>
	<title>Yes</title>
	<author>ascari</author>
	<datestamp>1259582220000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Considering advertising is what keeps many (most??) sites in business, if ads go away there would be a lot fewer sites to choose from. And consequently a lot less traffic. I'm all for the fast, empty Internet!</htmltext>
<tokenext>Considering advertising is what keeps many ( most ? ?
) sites in business , if ads go away there would be a lot fewer sites to choose from .
And consequently a lot less traffic .
I 'm all for the fast , empty Internet !</tokentext>
<sentencetext>Considering advertising is what keeps many (most??
) sites in business, if ads go away there would be a lot fewer sites to choose from.
And consequently a lot less traffic.
I'm all for the fast, empty Internet!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272636</id>
	<title>UNBOG IT, easily, from a SINGLE EASILY EDITED FILE</title>
	<author>Anonymous</author>
	<datestamp>1259610540000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><div class="quote"><p><b>"Technology: Are Ad Servers Bogging Down the Web? Yes. Period."</b> - by Monkeedude1212 (1560403) on Monday November 30, @12:32PM (#30271618)</p></div><p>Here is <b>a GOOD SOLID WORK-AROUND, CALLED A HOSTS FILE!</b></p><p>(It works for more speed online, AND SECURITY ESPECIALLY... Also, it works for your money, because you pay for your linetime out of pocket most likely as I do, you can get back your speed, AND, gain security easily, &amp; from a single easily edited file &amp; a file eats no CPU cycles like a local DNS server can (&amp; are not as security vulnerable either if you protect write access to a HOSTS file also)... Anyhow/anyways - Here goes:</p><p>SO - "that all said &amp; aside"? Well, per your reply??</p><p>Hey - NO PROBLEM, 110\% agreement here on that account... &amp; more (like more speed online AND more security, via a SINGLE EASILY EDITED + POPULATED FILE, called a HOSTS file):</p><p>I use <b>a custom HOSTS file</b>, in addition to the tools others here in this thread have noted (which MANY like FF addons only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, &amp; that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", &amp; of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).</p><p><b>HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&amp;C servers" too!</b></p><p><b>You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!</b></p><p>(More on that later &amp; WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -&gt; <a href="http://en.wikipedia.org/wiki/Hosts\_file" title="wikipedia.org" rel="nofollow">http://en.wikipedia.org/wiki/Hosts\_file</a> [wikipedia.org] or those from mvps.org (a good one this one))</p><p><b>I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats, via:</b></p><p>----</p><p>A.) Spybot "Search &amp; Destroy" updates (populates HOSTS and browser block lists)</p><p>B.) Sites like ZDNet's Mr. Dancho Danchev's blog -&gt; <a href="http://ddanchev.blogspot.com/" title="blogspot.com" rel="nofollow">http://ddanchev.blogspot.com/</a> [blogspot.com]</p><p>C.) Sites like FireEye -&gt; <a href="http://blog.fireeye.com/" title="fireeye.com" rel="nofollow">http://blog.fireeye.com/</a> [fireeye.com]</p><p>D.) SRI -&gt; <a href="http://mtc.sri.com/" title="sri.com" rel="nofollow">http://mtc.sri.com/</a> [sri.com]</p><p>----</p><p>My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).</p><p>(I combined ALL reputable HOSTS files with one of my own (30,000 entries), &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++". That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller &amp; thus faster than 127.0.0.1 default) or the smallest &amp; fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (&amp; it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (&amp; now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -&gt; <a href="http://www.rootkit.com/newsread.php?newsid=952" title="rootkit.com" rel="nofollow">http://www.rootkit.com/newsread.php?newsid=952</a> [rootkit.com] [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))</p><p><b>Another EXCELLENT benefit of HOSTS file usage? More speed online, &amp; also more security + reliability</b> (especially in the case of DNS servers today, per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...</p><p>SO, to "CIRCUMVENT" THAT WHICH YOU NOTE &amp; to get more speed online (besides/above potentially hijacked adbanners etc. et al)?</p><p>WELL - <b>I use another "technique" called "hardcoding" an IP address to domainname/hostname in my HOSTS files, for my FAVORITE websites:</b></p><p><b>This allows me to FIRST bypass any remote/external DNS lookups, which also would in theory @ least, make me "proofed" vs. DNS request logs by my ISP/BSP also.</b></p><p>(Especially since I use external DNS servers too, OpenDNS ones to be specific, that go beyond my hardcoded favs in my HOSTS file because I can't ping &amp; resolve the ENTIRE internet after all)</p><p>This also makes it harder for others to track me...</p><p>(Sure, they could do a "reverse DNS lookup" via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest, but that is harder to do, than looking up my URL requests via a log on a DNS server))</p><p><b>ALSO, AS ANOTHER "BONUS" in HOSTS FILES</b> (can't stress it enough, &amp; especially above + beyond adbanner blocking)<b>:  It speeds you up, or can!</b></p><p>E.G.-&gt; A buddy of mine named Jack says it has (verbatim quote) "DOUBLED MY SPEED ONLINE, BUT I VALUE THE SECURITY PART MORE", because he used to get over 200++ viruses a week, now? Only maybe 2 a year IF THAT lately, &amp; he is convinced it is largely due to the HOSTS file I send him weekly (he is my "lab rat #1" due to his previous infestation rate), &amp; if that "anecdotal evidence" is not enough? See this then, from a published security guru on a respected site for it:</p><p>====</p><p><b>RESURRECTING THE KILLFILE:</b></p><p>(by Mr. Oliver Day)</p><p><a href="http://www.securityfocus.com/columnists/491" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/columnists/491</a> [securityfocus.com]</p><p><b>PERTINENT EXCERPTS/QUOTES:</b></p><p>"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."</p><p>"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."</p><p>====</p><p>(A nice bonus beyond blocking adbanners via HOSTS too, because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below, several examples thereof no less), because you don't waste between 30-N ms calling out to an external DNS!</p><p>(Again, and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it)</p><p>Thus, you can STILL GET TO YOUR FAV. SITES IF HARDCODED in your HOSTS FILE (a good thing, but one you may have to periodically alter, easily, via notepad.exe edits of your HOSTS file &amp; a ping to update their new address (sites change hosting providers due to better services or prices, rare, but they do &amp; MOST let you know they are about to do so anyhow, so you can amend a HOSTS file)).</p><p>NICEST PART IS, THOUGH, PER YOUR STATEMENT (in addition to the benefits of HOSTS file I note above, alongside others like Mr. Oliver Day of SECURITYFOCUS.COM)?</p><p>I will STILL get to where it is that I WANT TO GO, not the router's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least, because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL, not via my routers' onboard DNS server...</p><p>APK</p><p>P.S.=&gt; Evidences as to WHY you'd want to add on the "extra layered security protection" of a HOSTS file, which extends global security coverage to your webbound apps, AND, allows for a great deal of added extra speed as well? Ok, here are some documented reasons why like:</p><p>a.) DNS servers vulnerable, under attack, failing or being "DNS poisoned" misdirected &amp; more</p><p>b.) Security suites failing vs. modern "blended threats" online</p><p>c.) javascript being used to do most of this via apps)</p><p>d.) adbanners being maliciously coded also...</p><p>(Here we go with documented proofs/examples:)</p><p><b>POISONED MALSCRIPTED ADBANNERS</b></p><p><b>The Next Ad You Click May Be a Virus:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/06/15/2056219" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/06/15/2056219</a> [slashdot.org]</p><p>----</p><p><b>Attackers Infect Ads With Old Adobe Vulnerability:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/02/25/024211" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/02/25/024211</a> [slashdot.org]</p><p>----</p><p><b>Hackers Use Banner Ads on Major Sites to Hijack Your PC:</b></p><p><a href="http://www.wired.com/techbiz/media/news/2007/11/doubleclick" title="wired.com" rel="nofollow">http://www.wired.com/techbiz/media/news/2007/11/doubleclick</a> [wired.com]</p><p>----</p><p><b>Adobe Flash Ads Launching Clipboard Hijack Attacks:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss</a> [slashdot.org]</p><p>----</p><p><b>Slashdot | Americans Don't Want Targeted Ads:</b></p><p><a href="http://yro.slashdot.org/article.pl?sid=09/10/01/1854214" title="slashdot.org" rel="nofollow">http://yro.slashdot.org/article.pl?sid=09/10/01/1854214</a> [slashdot.org]</p><p>====</p><p><b>DNS PROBLEMS:</b></p><p><b>Number of Rogue DNS Servers on the Rise:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212</a> [slashdot.org]</p><p>----</p><p><b>Security Researcher Kaminsky Pushes DNS Patching:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/02/19/2322231" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/02/19/2322231</a> [slashdot.org]</p><p>----</p><p><b>Ten Percent of DNS Servers Still Vulnerable:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235</a> [slashdot.org]</p><p>----</p><p><b>TimeWarner DNS Hijacking:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=07/07/23/2140208" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=07/07/23/2140208</a> [slashdot.org]</p><p>----</p><p><b>Another DNS Flaw Found:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=09/01/09/2348240" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=09/01/09/2348240</a> [slashdot.org]</p><p>----</p><p><b>Attack Code Published For DNS Vulnerability:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254</a> [slashdot.org]</p><p>----</p><p><b>BIND Still Susceptible To DNS Cache Poisoning:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222</a> [slashdot.org]</p><p>----</p><p><b>DDoS Attacks Via DNS Recursion:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209</a> [slashdot.org]</p><p>----</p><p><b>DNS Poisoning Hits One of China's Biggest ISPs:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250</a> [slashdot.org]</p><p>----</p><p><b>DNS Root Servers Attacked:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225</a> [slashdot.org]</p><p>----</p><p><b>DNS Problem Linked To DDoS Attacks Gets Worse:</b></p><p><a href="http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858</a> [slashdot.org]</p><p>----</p><p><b>Are your servers vulnerable to DNS attacks?</b></p><p><a href="http://www.networkworld.com/news/2007/111907-dns-attacks.html" title="networkworld.com" rel="nofollow">http://www.networkworld.com/news/2007/111907-dns-attacks.html</a> [networkworld.com]</p><p>----</p><p><b>Kaminsky On DNS Bugs a Year Later and DNSSEC:</b></p><p><a href="http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC" title="slashdot.org" rel="nofollow">http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC</a> [slashdot.org]</p><p>----</p><p><b>DNS users put higher premium on security:</b></p><p><a href="http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/" title="techworld.com" rel="nofollow">http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/</a> [techworld.com]</p><p>----</p><p><b>BIND, the Buggy Internet Name Daemon:</b></p><p><a href="http://cr.yp.to/djbdns/blurb/unbind.html" title="cr.yp.to" rel="nofollow">http://cr.yp.to/djbdns/blurb/unbind.html</a> [cr.yp.to]</p><p>(Where djbdns was found to have flaw, though it was alleged invulnerable, they paid out $10,000 reward)</p><p>----</p><p><b>DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE:</b></p><p><a href="http://blogs.zdnet.com/security/?p=1520" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=1520</a> [zdnet.com]</p><p>----</p><p><b>DNS REBINDING ATTACKS: MultiPinning Browser JavaScript Vulnerability</b> (how to protect yourself):</p><p><a href="http://crypto.stanford.edu/dns/" title="stanford.edu" rel="nofollow">http://crypto.stanford.edu/dns/</a> [stanford.edu]</p><p>----</p><p><b>Hackers hijack DNS records of high profile New Zealand sites:</b></p><p><a href="http://blogs.zdnet.com/security/?p=3185" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=3185</a> [zdnet.com]</p><p>====</p><p><b>SECURITY SUITE PROGRAMS FAILING:</b></p><p><b>AntiVirus Products Fail to Find Simple IE Malware:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=07/10/29/1747237" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=07/10/29/1747237</a> [slashdot.org]</p><p>----</p><p><b>Most Security Products Fail To Perform:</b></p><p><a href="http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652" title="slashdot.org" rel="nofollow">http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652</a> [slashdot.org]</p><p>----</p><p><b>TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM:</b></p><p><a href="http://secunia.com/blog/29/" title="secunia.com" rel="nofollow">http://secunia.com/blog/29/</a> [secunia.com]</p><p>----</p><p><b>Top security suites fail exploit tests:</b></p><p><a href="http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head" title="computerworld.com" rel="nofollow">http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head</a> [computerworld.com]</p><p>----</p><p><b>Antivirus is 'completely wasted money': Cisco CSO: News - Security - ZDNet Australia:</b></p><p><a href="http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert" title="zdnet.com.au" rel="nofollow">http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert</a> [zdnet.com.au]</p><p>----</p><p><b>Are Routers the Next Big Target for Hackers?</b></p><p><a href="http://blogs.zdnet.com/security/?p=919" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=919</a> [zdnet.com]</p><p>----</p><p><b>Software Firewalls: Made of Straw? Part 1 of 2:</b></p><p><a href="http://www.securityfocus.com/infocus/1839" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/infocus/1839</a> [securityfocus.com]</p><p><b>Software Firewalls: Made of Straw? Part 2 of 2:</b></p><p><a href="http://www.securityfocus.com/infocus/1840/2" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/infocus/1840/2</a> [securityfocus.com]</p><p>----</p><p><b>Brief study shows difficulty in detecting malware (2008):</b></p><p><a href="http://www.securityfocus.com/brief/858" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/858</a> [securityfocus.com]</p><p>----</p><p><b>2007 - Browser vulnerabilities and attacks will continue to mount:</b></p><p><a href="http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679" title="infoworld.com" rel="nofollow">http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679</a> [infoworld.com]</p><p>----</p><p><b>Bug exposes Cisco switches to attacks:</b></p><p><a href="http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news" title="cnet.com" rel="nofollow">http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news</a> [cnet.com]</p><p>&amp;</p><p><b>CISCO "COMES CLEAN" ON EXTENT OF IOS FLAW:</b></p><p><a href="http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/" title="eweek.com" rel="nofollow">http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/</a> [eweek.com]</p><p>&amp;</p><p><b>Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability:</b></p><p><a href="http://secunia.com/advisories/28625/" title="secunia.com" rel="nofollow">http://secunia.com/advisories/28625/</a> [secunia.com]</p><p>+</p><p><b>Computer routers face hijack risk - study:</b></p><p><a href="http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss" title="www.cbc.ca" rel="nofollow">http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss</a> [www.cbc.ca]</p><p>Slashdot Technology Story | Will Mainstream Media Embrace Adblockers?</p><p><a href="http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers</a> [slashdot.org]</p><p>----</p><p><b>Congress May Require ISPs To Block Certain Fraud Sites:</b></p><p><a href="http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078" title="slashdot.org" rel="nofollow">http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078</a> [slashdot.org]</p><p>====</p><p><b>JAVASCRIPT PROBLEMS:</b></p><p><b>Slashdot | Adobe Confirms PDF Zero-Day, Says Kill JavaScript:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/04/29/1823234" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/04/29/1823234</a> [slashdot.org]</p><p>----</p><p><b>Adobe Flash Zero-Day Attack Underway:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss</a> [slashdot.org]</p><p>----</p><p><b>JavaScript flaw reported in Adobe Reader</b> (4th or 5th time already, if not more):</p><p><a href="http://www.securityfocus.com/brief/953" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/953</a> [securityfocus.com]</p><p>----</p><p><b>Another malware pulls an Italian job via JAVASCRIPT:</b></p><p><a href="http://blog.trendmicro.com/another-malware-pulls-an-italian-job/" title="trendmicro.com" rel="nofollow">http://blog.trendmicro.com/another-malware-pulls-an-italian-job/</a> [trendmicro.com]</p><p>----</p><p><b>JavaScript opens doors to browser-based attacks | CNET News.com:</b></p><p><a href="http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news" title="com.com" rel="nofollow">http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news</a> [com.com]</p><p>----</p><p><b>Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secunia</b></p><p><a href="http://secunia.com/advisories/29787/" title="secunia.com" rel="nofollow">http://secunia.com/advisories/29787/</a> [secunia.com]</p><p>----</p><p><b>New script outstrips all other drive-by download risks:</b></p><p><a href="http://www.theregister.co.uk/2009/05/15/script\_menace/" title="theregister.co.uk" rel="nofollow">http://www.theregister.co.uk/2009/05/15/script\_menace/</a> [theregister.co.uk]</p><p>----</p><p><b>Researcher to demonstrate attack code for Intel chips via Javascript:</b></p><p><a href="http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036" title="infoworld.com" rel="nofollow">http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036</a> [infoworld.com]</p><p>----</p><p><b>Researcher: JavaScript Attacks Get Slicker:</b></p><p><a href="http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/" title="eweek.com" rel="nofollow">http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/</a> [eweek.com]</p><p>----</p><p><b>Rise Of The PDF Exploits:</b></p><p><a href="http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits" title="trustedsource.org" rel="nofollow">http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits</a> [trustedsource.org]</p><p>----</p><p><b>ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF:</b></p><p><a href="http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219" title="shadowserver.org" rel="nofollow">http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219</a> [shadowserver.org]</p><p>----</p><p><b>AJAX Poses Security, Performance Risks:</b></p><p><a href="http://www.eweek.com/article2/0,1895,1916673,00.asp" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,1916673,00.asp</a> [eweek.com]</p><p>----</p><p><b>Web 2.0 Threats and Risks for Financial Services:</b></p><p><a href="http://www.net-security.org/article.php?id=1004&amp;p=1" title="net-security.org" rel="nofollow">http://www.net-security.org/article.php?id=1004&amp;p=1</a> [net-security.org]</p><p><a href="http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack" title="cbronline.com" rel="nofollow">http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack</a> [cbronline.com]</p><p>----</p><p><b>Cross Site Scripting</b> (GOOGLE) <b>and WHY TO TURN OFF JAVASCRIPT:</b></p><p><a href="http://www.cgisecurity.com/xss-faq.html" title="cgisecurity.com" rel="nofollow">http://www.cgisecurity.com/xss-faq.html</a> [cgisecurity.com]</p><p>----</p><p><b>Why the FBI Director Doesn't Bank Online</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/10/08/0327240" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/10/08/0327240</a> [slashdot.org]</p><p>====</p><p><b>MAJOR ATTACKS (only a small sample) of WHY LAYERED SECURITY IS NEEDED</b></p><p><b>Is the Botnet Battle Already Lost?</b></p><p><a href="http://www.eweek.com/article2/0,1895,2029720,00.asp" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,2029720,00.asp</a> [eweek.com]</p><p>----</p><p><b>IT Pros Say They Can't Stop Data Breaches:</b></p><p><a href="http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD</a> [eweek.com]</p><p>----</p><p><b>Cyber Attacks On US Military Jump Sharply In 2009</b></p><p><a href="http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742</a> [slashdot.org]</p><p>----</p><p><b>Bots Found Inside Many Big Companies:</b></p><p><a href="http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html" title="baselinemag.com" rel="nofollow">http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html</a> [baselinemag.com]</p><p>----</p><p><b>Bot master owns up to 250,000 zombie PCs:</b></p><p><a href="http://www.securityfocus.com/news/11495" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/news/11495</a> [securityfocus.com]</p><p>----</p><p><b>Bots surge ahead (2007):</b></p><p><a href="http://www.securityfocus.com/brief/466" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/466</a> [securityfocus.com]</p><p>----</p><p><b>Chinese Hackers Hit Commerce Department:</b></p><p><a href="http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227" title="informationweek.com" rel="nofollow">http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227</a> [informationweek.com]</p><p>----</p><p><b>CIA Admits Cyberattacks Blacked Out Cities:</b></p><p><a href="http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631" title="informationweek.com" rel="nofollow">http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631</a> [informationweek.com]</p><p>----</p><p><b>Compromised Banks and Investment sites list 2006:</b></p><p><a href="http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679" title="slashdot.org" rel="nofollow">http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679</a> [slashdot.org]</p><p>----</p><p><b>Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Massive IFRAME SEO Poisoning Attack Continuing:</b></p><p><a href="http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html" title="blogspot.com" rel="nofollow">http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html</a> [blogspot.com]</p><p>----</p><p><b>Data at Bank of America, Wachovia, others compromised - May. 23, 2005:</b></p><p><a href="http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm" title="cnn.com" rel="nofollow">http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm</a> [cnn.com]</p><p>----</p><p><b>Fresh Security Breaches at Los Alamos:</b></p><p><a href="http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/" title="msn.com" rel="nofollow">http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/</a> [msn.com]</p><p>----</p><p><b>Infected job search sites lead to info theft for 46,000:</b></p><p><a href="http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000" title="computerworld.com" rel="nofollow">http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000</a> [computerworld.com]</p><p>----</p><p><b>New Mega-Botnet Discovered:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/04/22/2223214" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/04/22/2223214</a> [slashdot.org]</p><p>----</p><p>I think THAT list ought to "enlighten" ANYONE, as to why "layered security" is &amp; has been considered largely to be "THE WAY TO GO", vs. that list above (which is only a SMALL \%-age of what I can come up with in regards to threats online + their causes)... HOSTS files help protect vs. those, on several levels - DO consider their usage!</p><p>apk</p></div>
	</htmltext>
<tokenext>" Technology : Are Ad Servers Bogging Down the Web ?
Yes. Period .
" - by Monkeedude1212 ( 1560403 ) on Monday November 30 , @ 12 : 32PM ( # 30271618 ) Here is a GOOD SOLID WORK-AROUND , CALLED A HOSTS FILE !
( It works for more speed online , AND SECURITY ESPECIALLY... Also , it works for your money , because you pay for your linetime out of pocket most likely as I do , you can get back your speed , AND , gain security easily , &amp; from a single easily edited file &amp; a file eats no CPU cycles like a local DNS server can ( &amp; are not as security vulnerable either if you protect write access to a HOSTS file also ) ... Anyhow/anyways - Here goes : SO - " that all said &amp; aside " ?
Well , per your reply ?
? Hey - NO PROBLEM , 110 \ % agreement here on that account... &amp; more ( like more speed online AND more security , via a SINGLE EASILY EDITED + POPULATED FILE , called a HOSTS file ) : I use a custom HOSTS file , in addition to the tools others here in this thread have noted ( which MANY like FF addons only really function for FireFox/Mozilla products , but do n't extend globally to all other webbound applications , &amp; that is part of what HOSTS files give you above the methods you extoll + utilize : " GLOBAL COVERAGE " , &amp; of ALL webbound apps , not just FireFox/Mozilla ones via the addons you noted + use yourself... ) .HOSTS files can be used to blockout KNOWN " bad " adserves , maliciously coded sites or adbanners , and " botnet C&amp;C servers " too ! You can obtain reliable HOSTS files from reputable lists for more security online , but also for speed !
( More on that later &amp; WHY/HOW ( I use reliable lists for that , such as these HOSTS @ Wikipedia.com - &gt; http : //en.wikipedia.org/wiki/Hosts \ _file [ wikipedia.org ] or those from mvps.org ( a good one this one ) ) I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats , via : ----A .
) Spybot " Search &amp; Destroy " updates ( populates HOSTS and browser block lists ) B .
) Sites like ZDNet 's Mr. Dancho Danchev 's blog - &gt; http : //ddanchev.blogspot.com/ [ blogspot.com ] C. ) Sites like FireEye - &gt; http : //blog.fireeye.com/ [ fireeye.com ] D. ) SRI - &gt; http : //mtc.sri.com/ [ sri.com ] ----My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online ( by blocking adbanners , which have been compromised many times the past few years now by malscripted exploits ( examples below ) ) .
( I combined ALL reputable HOSTS files with one of my own ( 30,000 entries ) , &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called " APK HOSTS File Grinder 4.0 + + " .
That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter ' IP address to either 0.0.0.0 ( for VISTA/Windows Server 2008/Windows 7 , smaller &amp; thus faster than 127.0.0.1 default ) or the smallest &amp; fastest 0 " blocking 'IP ADDRESS ' " ( for Windows 2000/XP/Server 2003 which can STILL use it ( &amp; it was added in a service pack on Windows 2000 , only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards ( &amp; now all these " phunny little bugs " are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall , which ROOTKIT.COM has stated ( with code too no less on how it is done ) - &gt; http : //www.rootkit.com/newsread.php ? newsid = 952 [ rootkit.com ] [ rootkit.com ] that it is EASIER TO UNHOOK ( than was the design used in Windows 2000/XP/Server 2003 ) ) Another EXCELLENT benefit of HOSTS file usage ?
More speed online , &amp; also more security + reliability ( especially in the case of DNS servers today , per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now ) ...SO , to " CIRCUMVENT " THAT WHICH YOU NOTE &amp; to get more speed online ( besides/above potentially hijacked adbanners etc .
et al ) ? WELL - I use another " technique " called " hardcoding " an IP address to domainname/hostname in my HOSTS files , for my FAVORITE websites : This allows me to FIRST bypass any remote/external DNS lookups , which also would in theory @ least , make me " proofed " vs. DNS request logs by my ISP/BSP also .
( Especially since I use external DNS servers too , OpenDNS ones to be specific , that go beyond my hardcoded favs in my HOSTS file because I ca n't ping &amp; resolve the ENTIRE internet after all ) This also makes it harder for others to track me... ( Sure , they could do a " reverse DNS lookup " via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest , but that is harder to do , than looking up my URL requests via a log on a DNS server ) ) ALSO , AS ANOTHER " BONUS " in HOSTS FILES ( ca n't stress it enough , &amp; especially above + beyond adbanner blocking ) : It speeds you up , or can ! E.G.- &gt; A buddy of mine named Jack says it has ( verbatim quote ) " DOUBLED MY SPEED ONLINE , BUT I VALUE THE SECURITY PART MORE " , because he used to get over 200 + + viruses a week , now ?
Only maybe 2 a year IF THAT lately , &amp; he is convinced it is largely due to the HOSTS file I send him weekly ( he is my " lab rat # 1 " due to his previous infestation rate ) , &amp; if that " anecdotal evidence " is not enough ?
See this then , from a published security guru on a respected site for it : = = = = RESURRECTING THE KILLFILE : ( by Mr. Oliver Day ) http : //www.securityfocus.com/columnists/491 [ securityfocus.com ] PERTINENT EXCERPTS/QUOTES : " The host file on my day-to-day laptop is now over 16,000 lines long .
Accessing the Internet particularly browsing the Web is actually faster now .
" " From what I have seen in my research , major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade .
The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties .
More recently , projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware .
" = = = = ( A nice bonus beyond blocking adbanners via HOSTS too , because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below , several examples thereof no less ) , because you do n't waste between 30-N ms calling out to an external DNS !
( Again , and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it ) Thus , you can STILL GET TO YOUR FAV .
SITES IF HARDCODED in your HOSTS FILE ( a good thing , but one you may have to periodically alter , easily , via notepad.exe edits of your HOSTS file &amp; a ping to update their new address ( sites change hosting providers due to better services or prices , rare , but they do &amp; MOST let you know they are about to do so anyhow , so you can amend a HOSTS file ) ) .NICEST PART IS , THOUGH , PER YOUR STATEMENT ( in addition to the benefits of HOSTS file I note above , alongside others like Mr. Oliver Day of SECURITYFOCUS.COM ) ? I will STILL get to where it is that I WANT TO GO , not the router 's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least , because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL , not via my routers ' onboard DNS server...APKP.S. = &gt; Evidences as to WHY you 'd want to add on the " extra layered security protection " of a HOSTS file , which extends global security coverage to your webbound apps , AND , allows for a great deal of added extra speed as well ?
Ok , here are some documented reasons why like : a .
) DNS servers vulnerable , under attack , failing or being " DNS poisoned " misdirected &amp; moreb .
) Security suites failing vs. modern " blended threats " onlinec .
) javascript being used to do most of this via apps ) d. ) adbanners being maliciously coded also... ( Here we go with documented proofs/examples : ) POISONED MALSCRIPTED ADBANNERSThe Next Ad You Click May Be a Virus : http : //it.slashdot.org/article.pl ? sid = 09/06/15/2056219 [ slashdot.org ] ----Attackers Infect Ads With Old Adobe Vulnerability : http : //it.slashdot.org/article.pl ? sid = 09/02/25/024211 [ slashdot.org ] ----Hackers Use Banner Ads on Major Sites to Hijack Your PC : http : //www.wired.com/techbiz/media/news/2007/11/doubleclick [ wired.com ] ----Adobe Flash Ads Launching Clipboard Hijack Attacks : http : //it.slashdot.org/article.pl ? sid = 08/08/20/0029220&amp;from = rss [ slashdot.org ] ----Slashdot | Americans Do n't Want Targeted Ads : http : //yro.slashdot.org/article.pl ? sid = 09/10/01/1854214 [ slashdot.org ] = = = = DNS PROBLEMS : Number of Rogue DNS Servers on the Rise : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/02/15/2118212 [ slashdot.org ] ----Security Researcher Kaminsky Pushes DNS Patching : http : //it.slashdot.org/article.pl ? sid = 09/02/19/2322231 [ slashdot.org ] ----Ten Percent of DNS Servers Still Vulnerable : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 05/08/04/1525235 [ slashdot.org ] ----TimeWarner DNS Hijacking : http : //tech.slashdot.org/article.pl ? sid = 07/07/23/2140208 [ slashdot.org ] ----Another DNS Flaw Found : http : //tech.slashdot.org/article.pl ? sid = 09/01/09/2348240 [ slashdot.org ] ----Attack Code Published For DNS Vulnerability : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/07/23/231254 [ slashdot.org ] ----BIND Still Susceptible To DNS Cache Poisoning : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/08/09/123222 [ slashdot.org ] ----DDoS Attacks Via DNS Recursion : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 06/03/16/1658209 [ slashdot.org ] ----DNS Poisoning Hits One of China 's Biggest ISPs : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/08/21/2343250 [ slashdot.org ] ----DNS Root Servers Attacked : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 07/02/06/2238225 [ slashdot.org ] ----DNS Problem Linked To DDoS Attacks Gets Worse : http : //tech.slashdot.org/comments.pl ? sid = 1444354&amp;cid = 30109858 [ slashdot.org ] ----Are your servers vulnerable to DNS attacks ? http : //www.networkworld.com/news/2007/111907-dns-attacks.html [ networkworld.com ] ----Kaminsky On DNS Bugs a Year Later and DNSSEC : http : //it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC [ slashdot.org ] ----DNS users put higher premium on security : http : //news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/ [ techworld.com ] ----BIND , the Buggy Internet Name Daemon : http : //cr.yp.to/djbdns/blurb/unbind.html [ cr.yp.to ] ( Where djbdns was found to have flaw , though it was alleged invulnerable , they paid out $ 10,000 reward ) ----DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE : http : //blogs.zdnet.com/security/ ? p = 1520 [ zdnet.com ] ----DNS REBINDING ATTACKS : MultiPinning Browser JavaScript Vulnerability ( how to protect yourself ) : http : //crypto.stanford.edu/dns/ [ stanford.edu ] ----Hackers hijack DNS records of high profile New Zealand sites : http : //blogs.zdnet.com/security/ ? p = 3185 [ zdnet.com ] = = = = SECURITY SUITE PROGRAMS FAILING : AntiVirus Products Fail to Find Simple IE Malware : http : //tech.slashdot.org/article.pl ? sid = 07/10/29/1747237 [ slashdot.org ] ----Most Security Products Fail To Perform : http : //hardware.slashdot.org/comments.pl ? sid = 1445302&amp;threshold = -1&amp;commentsort = 0&amp;mode = thread&amp;pid = 30114652 [ slashdot.org ] ----TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM : http : //secunia.com/blog/29/ [ secunia.com ] ----Top security suites fail exploit tests : http : //www.computerworld.com/s/article/9117042/Top \ _security \ _suites \ _fail \ _exploit \ _tests ? intsrc = news \ _ts \ _head [ computerworld.com ] ----Antivirus is 'completely wasted money ' : Cisco CSO : News - Security - ZDNet Australia : http : //www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm ? feed = pt \ _auscert [ zdnet.com.au ] ----Are Routers the Next Big Target for Hackers ? http : //blogs.zdnet.com/security/ ? p = 919 [ zdnet.com ] ----Software Firewalls : Made of Straw ?
Part 1 of 2 : http : //www.securityfocus.com/infocus/1839 [ securityfocus.com ] Software Firewalls : Made of Straw ?
Part 2 of 2 : http : //www.securityfocus.com/infocus/1840/2 [ securityfocus.com ] ----Brief study shows difficulty in detecting malware ( 2008 ) : http : //www.securityfocus.com/brief/858 [ securityfocus.com ] ----2007 - Browser vulnerabilities and attacks will continue to mount : http : //www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679 [ infoworld.com ] ----Bug exposes Cisco switches to attacks : http : //news.cnet.com/Bug-exposes-Cisco-switches + to + attacks/2110-7349 \ _3-5902897.html ? part = rss&amp;tag = 5902897&amp;subj = news [ cnet.com ] &amp;CISCO " COMES CLEAN " ON EXTENT OF IOS FLAW : http : //www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/ [ eweek.com ] &amp;Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability : http : //secunia.com/advisories/28625/ [ secunia.com ] + Computer routers face hijack risk - study : http : //www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html ? ref = rss [ www.cbc.ca ] Slashdot Technology Story | Will Mainstream Media Embrace Adblockers ? http : //tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers [ slashdot.org ] ----Congress May Require ISPs To Block Certain Fraud Sites : http : //yro.slashdot.org/comments.pl ? sid = 1432514&amp;cid = 30024078 [ slashdot.org ] = = = = JAVASCRIPT PROBLEMS : Slashdot | Adobe Confirms PDF Zero-Day , Says Kill JavaScript : http : //it.slashdot.org/article.pl ? sid = 09/04/29/1823234 [ slashdot.org ] ----Adobe Flash Zero-Day Attack Underway : http : //it.slashdot.org/article.pl ? sid = 08/05/28/0138247&amp;from = rss [ slashdot.org ] ----JavaScript flaw reported in Adobe Reader ( 4th or 5th time already , if not more ) : http : //www.securityfocus.com/brief/953 [ securityfocus.com ] ----Another malware pulls an Italian job via JAVASCRIPT : http : //blog.trendmicro.com/another-malware-pulls-an-italian-job/ [ trendmicro.com ] ----JavaScript opens doors to browser-based attacks | CNET News.com : http : //news.com.com/JavaScript + opens + doors + to + browser-based + attacks/2100-7349 \ _3-6099891.html ? part = rss&amp;tag = 6099891&amp;subj = news [ com.com ] ----Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secuniahttp : //secunia.com/advisories/29787/ [ secunia.com ] ----New script outstrips all other drive-by download risks : http : //www.theregister.co.uk/2009/05/15/script \ _menace/ [ theregister.co.uk ] ----Researcher to demonstrate attack code for Intel chips via Javascript : http : //www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036 [ infoworld.com ] ----Researcher : JavaScript Attacks Get Slicker : http : //www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/ [ eweek.com ] ----Rise Of The PDF Exploits : http : //www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits [ trustedsource.org ] ----ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF : http : //www.shadowserver.org/wiki/pmwiki.php ? n = Calendar.20090219 [ shadowserver.org ] ----AJAX Poses Security , Performance Risks : http : //www.eweek.com/article2/0,1895,1916673,00.asp [ eweek.com ] ----Web 2.0 Threats and Risks for Financial Services : http : //www.net-security.org/article.php ? id = 1004&amp;p = 1 [ net-security.org ] http : //www.cbronline.com/news/web \ _20 \ _is \ _vulnerable \ _to \ _attack [ cbronline.com ] ----Cross Site Scripting ( GOOGLE ) and WHY TO TURN OFF JAVASCRIPT : http : //www.cgisecurity.com/xss-faq.html [ cgisecurity.com ] ----Why the FBI Director Does n't Bank Onlinehttp : //it.slashdot.org/article.pl ? sid = 09/10/08/0327240 [ slashdot.org ] = = = = MAJOR ATTACKS ( only a small sample ) of WHY LAYERED SECURITY IS NEEDEDIs the Botnet Battle Already Lost ? http : //www.eweek.com/article2/0,1895,2029720,00.asp [ eweek.com ] ----IT Pros Say They Ca n't Stop Data Breaches : http : //www.eweek.com/article2/0,1895,2010325,00.asp ? kc = EWNAVEMNL083106EOAD [ eweek.com ] ----Cyber Attacks On US Military Jump Sharply In 2009http : //tech.slashdot.org/comments.pl ? sid = 1452358&amp;threshold = -1&amp;commentsort = 0&amp;mode = thread&amp;cid = 30185742 [ slashdot.org ] ----Bots Found Inside Many Big Companies : http : //blogs.baselinemag.com/security/content001/cybercrime/bots \ _found \ _inside \ _many \ _big \ _companies.html [ baselinemag.com ] ----Bot master owns up to 250,000 zombie PCs : http : //www.securityfocus.com/news/11495 [ securityfocus.com ] ----Bots surge ahead ( 2007 ) : http : //www.securityfocus.com/brief/466 [ securityfocus.com ] ----Chinese Hackers Hit Commerce Department : http : //www.informationweek.com/news/security/government/showArticle.jhtml ? articleID = 193105227 [ informationweek.com ] ----CIA Admits Cyberattacks Blacked Out Cities : http : //www.informationweek.com/news/internet/showArticle.jhtml ? articleID = 205901631 [ informationweek.com ] ----Compromised Banks and Investment sites list 2006 : http : //it.slashdot.org/comments.pl ? sid = 233921&amp;cid = 19035679 [ slashdot.org ] ----Dancho Danchev 's Blog - Mind Streams of Information Security Knowledge : Massive IFRAME SEO Poisoning Attack Continuing : http : //ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html [ blogspot.com ] ----Data at Bank of America , Wachovia , others compromised - May .
23 , 2005 : http : //money.cnn.com/2005/05/23/news/fortune500/bank \ _info/index.htm [ cnn.com ] ----Fresh Security Breaches at Los Alamos : http : //www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/ [ msn.com ] ----Infected job search sites lead to info theft for 46,000 : http : //www.computerworld.com/s/article/9031139/Infected \ _job \ _search \ _sites \ _lead \ _to \ _info \ _theft \ _for \ _46 \ _000 [ computerworld.com ] ----New Mega-Botnet Discovered : http : //it.slashdot.org/article.pl ? sid = 09/04/22/2223214 [ slashdot.org ] ----I think THAT list ought to " enlighten " ANYONE , as to why " layered security " is &amp; has been considered largely to be " THE WAY TO GO " , vs. that list above ( which is only a SMALL \ % -age of what I can come up with in regards to threats online + their causes ) ... HOSTS files help protect vs. those , on several levels - DO consider their usage ! apk</tokentext>
<sentencetext>"Technology: Are Ad Servers Bogging Down the Web?
Yes. Period.
" - by Monkeedude1212 (1560403) on Monday November 30, @12:32PM (#30271618)Here is a GOOD SOLID WORK-AROUND, CALLED A HOSTS FILE!
(It works for more speed online, AND SECURITY ESPECIALLY... Also, it works for your money, because you pay for your linetime out of pocket most likely as I do, you can get back your speed, AND, gain security easily, &amp; from a single easily edited file &amp; a file eats no CPU cycles like a local DNS server can (&amp; are not as security vulnerable either if you protect write access to a HOSTS file also)... Anyhow/anyways - Here goes:SO - "that all said &amp; aside"?
Well, per your reply?
?Hey - NO PROBLEM, 110\% agreement here on that account... &amp; more (like more speed online AND more security, via a SINGLE EASILY EDITED + POPULATED FILE, called a HOSTS file):I use a custom HOSTS file, in addition to the tools others here in this thread have noted (which MANY like FF addons only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, &amp; that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", &amp; of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&amp;C servers" too!You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!
(More on that later &amp; WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -&gt; http://en.wikipedia.org/wiki/Hosts\_file [wikipedia.org] or those from mvps.org (a good one this one))I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats, via:----A.
) Spybot "Search &amp; Destroy" updates (populates HOSTS and browser block lists)B.
) Sites like ZDNet's Mr. Dancho Danchev's blog -&gt; http://ddanchev.blogspot.com/ [blogspot.com]C.) Sites like FireEye -&gt; http://blog.fireeye.com/ [fireeye.com]D.) SRI -&gt; http://mtc.sri.com/ [sri.com]----My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).
(I combined ALL reputable HOSTS files with one of my own (30,000 entries), &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++".
That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller &amp; thus faster than 127.0.0.1 default) or the smallest &amp; fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (&amp; it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (&amp; now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -&gt; http://www.rootkit.com/newsread.php?newsid=952 [rootkit.com] [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))Another EXCELLENT benefit of HOSTS file usage?
More speed online, &amp; also more security + reliability (especially in the case of DNS servers today, per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...SO, to "CIRCUMVENT" THAT WHICH YOU NOTE &amp; to get more speed online (besides/above potentially hijacked adbanners etc.
et al)?WELL - I use another "technique" called "hardcoding" an IP address to domainname/hostname in my HOSTS files, for my FAVORITE websites:This allows me to FIRST bypass any remote/external DNS lookups, which also would in theory @ least, make me "proofed" vs. DNS request logs by my ISP/BSP also.
(Especially since I use external DNS servers too, OpenDNS ones to be specific, that go beyond my hardcoded favs in my HOSTS file because I can't ping &amp; resolve the ENTIRE internet after all)This also makes it harder for others to track me...(Sure, they could do a "reverse DNS lookup" via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest, but that is harder to do, than looking up my URL requests via a log on a DNS server))ALSO, AS ANOTHER "BONUS" in HOSTS FILES (can't stress it enough, &amp; especially above + beyond adbanner blocking):  It speeds you up, or can!E.G.-&gt; A buddy of mine named Jack says it has (verbatim quote) "DOUBLED MY SPEED ONLINE, BUT I VALUE THE SECURITY PART MORE", because he used to get over 200++ viruses a week, now?
Only maybe 2 a year IF THAT lately, &amp; he is convinced it is largely due to the HOSTS file I send him weekly (he is my "lab rat #1" due to his previous infestation rate), &amp; if that "anecdotal evidence" is not enough?
See this then, from a published security guru on a respected site for it:====RESURRECTING THE KILLFILE:(by Mr. Oliver Day)http://www.securityfocus.com/columnists/491 [securityfocus.com]PERTINENT EXCERPTS/QUOTES:"The host file on my day-to-day laptop is now over 16,000 lines long.
Accessing the Internet particularly browsing the Web is actually faster now.
""From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade.
The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties.
More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware.
"====(A nice bonus beyond blocking adbanners via HOSTS too, because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below, several examples thereof no less), because you don't waste between 30-N ms calling out to an external DNS!
(Again, and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it)Thus, you can STILL GET TO YOUR FAV.
SITES IF HARDCODED in your HOSTS FILE (a good thing, but one you may have to periodically alter, easily, via notepad.exe edits of your HOSTS file &amp; a ping to update their new address (sites change hosting providers due to better services or prices, rare, but they do &amp; MOST let you know they are about to do so anyhow, so you can amend a HOSTS file)).NICEST PART IS, THOUGH, PER YOUR STATEMENT (in addition to the benefits of HOSTS file I note above, alongside others like Mr. Oliver Day of SECURITYFOCUS.COM)?I will STILL get to where it is that I WANT TO GO, not the router's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least, because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL, not via my routers' onboard DNS server...APKP.S.=&gt; Evidences as to WHY you'd want to add on the "extra layered security protection" of a HOSTS file, which extends global security coverage to your webbound apps, AND, allows for a great deal of added extra speed as well?
Ok, here are some documented reasons why like:a.
) DNS servers vulnerable, under attack, failing or being "DNS poisoned" misdirected &amp; moreb.
) Security suites failing vs. modern "blended threats" onlinec.
) javascript being used to do most of this via apps)d.) adbanners being maliciously coded also...(Here we go with documented proofs/examples:)POISONED MALSCRIPTED ADBANNERSThe Next Ad You Click May Be a Virus:http://it.slashdot.org/article.pl?sid=09/06/15/2056219 [slashdot.org]----Attackers Infect Ads With Old Adobe Vulnerability:http://it.slashdot.org/article.pl?sid=09/02/25/024211 [slashdot.org]----Hackers Use Banner Ads on Major Sites to Hijack Your PC:http://www.wired.com/techbiz/media/news/2007/11/doubleclick [wired.com]----Adobe Flash Ads Launching Clipboard Hijack Attacks:http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss [slashdot.org]----Slashdot | Americans Don't Want Targeted Ads:http://yro.slashdot.org/article.pl?sid=09/10/01/1854214 [slashdot.org]====DNS PROBLEMS:Number of Rogue DNS Servers on the Rise:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212 [slashdot.org]----Security Researcher Kaminsky Pushes DNS Patching:http://it.slashdot.org/article.pl?sid=09/02/19/2322231 [slashdot.org]----Ten Percent of DNS Servers Still Vulnerable:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235 [slashdot.org]----TimeWarner DNS Hijacking:http://tech.slashdot.org/article.pl?sid=07/07/23/2140208 [slashdot.org]----Another DNS Flaw Found:http://tech.slashdot.org/article.pl?sid=09/01/09/2348240 [slashdot.org]----Attack Code Published For DNS Vulnerability:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254 [slashdot.org]----BIND Still Susceptible To DNS Cache Poisoning:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222 [slashdot.org]----DDoS Attacks Via DNS Recursion:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209 [slashdot.org]----DNS Poisoning Hits One of China's Biggest ISPs:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250 [slashdot.org]----DNS Root Servers Attacked:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225 [slashdot.org]----DNS Problem Linked To DDoS Attacks Gets Worse:http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858 [slashdot.org]----Are your servers vulnerable to DNS attacks?http://www.networkworld.com/news/2007/111907-dns-attacks.html [networkworld.com]----Kaminsky On DNS Bugs a Year Later and DNSSEC:http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC [slashdot.org]----DNS users put higher premium on security:http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/ [techworld.com]----BIND, the Buggy Internet Name Daemon:http://cr.yp.to/djbdns/blurb/unbind.html [cr.yp.to](Where djbdns was found to have flaw, though it was alleged invulnerable, they paid out $10,000 reward)----DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE:http://blogs.zdnet.com/security/?p=1520 [zdnet.com]----DNS REBINDING ATTACKS: MultiPinning Browser JavaScript Vulnerability (how to protect yourself):http://crypto.stanford.edu/dns/ [stanford.edu]----Hackers hijack DNS records of high profile New Zealand sites:http://blogs.zdnet.com/security/?p=3185 [zdnet.com]====SECURITY SUITE PROGRAMS FAILING:AntiVirus Products Fail to Find Simple IE Malware:http://tech.slashdot.org/article.pl?sid=07/10/29/1747237 [slashdot.org]----Most Security Products Fail To Perform:http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652 [slashdot.org]----TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM:http://secunia.com/blog/29/ [secunia.com]----Top security suites fail exploit tests:http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head [computerworld.com]----Antivirus is 'completely wasted money': Cisco CSO: News - Security - ZDNet Australia:http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert [zdnet.com.au]----Are Routers the Next Big Target for Hackers?http://blogs.zdnet.com/security/?p=919 [zdnet.com]----Software Firewalls: Made of Straw?
Part 1 of 2:http://www.securityfocus.com/infocus/1839 [securityfocus.com]Software Firewalls: Made of Straw?
Part 2 of 2:http://www.securityfocus.com/infocus/1840/2 [securityfocus.com]----Brief study shows difficulty in detecting malware (2008):http://www.securityfocus.com/brief/858 [securityfocus.com]----2007 - Browser vulnerabilities and attacks will continue to mount:http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679 [infoworld.com]----Bug exposes Cisco switches to attacks:http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news [cnet.com]&amp;CISCO "COMES CLEAN" ON EXTENT OF IOS FLAW:http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/ [eweek.com]&amp;Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability:http://secunia.com/advisories/28625/ [secunia.com]+Computer routers face hijack risk - study:http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss [www.cbc.ca]Slashdot Technology Story | Will Mainstream Media Embrace Adblockers?http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers [slashdot.org]----Congress May Require ISPs To Block Certain Fraud Sites:http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078 [slashdot.org]====JAVASCRIPT PROBLEMS:Slashdot | Adobe Confirms PDF Zero-Day, Says Kill JavaScript:http://it.slashdot.org/article.pl?sid=09/04/29/1823234 [slashdot.org]----Adobe Flash Zero-Day Attack Underway:http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss [slashdot.org]----JavaScript flaw reported in Adobe Reader (4th or 5th time already, if not more):http://www.securityfocus.com/brief/953 [securityfocus.com]----Another malware pulls an Italian job via JAVASCRIPT:http://blog.trendmicro.com/another-malware-pulls-an-italian-job/ [trendmicro.com]----JavaScript opens doors to browser-based attacks | CNET News.com:http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news [com.com]----Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secuniahttp://secunia.com/advisories/29787/ [secunia.com]----New script outstrips all other drive-by download risks:http://www.theregister.co.uk/2009/05/15/script\_menace/ [theregister.co.uk]----Researcher to demonstrate attack code for Intel chips via Javascript:http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036 [infoworld.com]----Researcher: JavaScript Attacks Get Slicker:http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/ [eweek.com]----Rise Of The PDF Exploits:http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits [trustedsource.org]----ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF:http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219 [shadowserver.org]----AJAX Poses Security, Performance Risks:http://www.eweek.com/article2/0,1895,1916673,00.asp [eweek.com]----Web 2.0 Threats and Risks for Financial Services:http://www.net-security.org/article.php?id=1004&amp;p=1 [net-security.org]http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack [cbronline.com]----Cross Site Scripting (GOOGLE) and WHY TO TURN OFF JAVASCRIPT:http://www.cgisecurity.com/xss-faq.html [cgisecurity.com]----Why the FBI Director Doesn't Bank Onlinehttp://it.slashdot.org/article.pl?sid=09/10/08/0327240 [slashdot.org]====MAJOR ATTACKS (only a small sample) of WHY LAYERED SECURITY IS NEEDEDIs the Botnet Battle Already Lost?http://www.eweek.com/article2/0,1895,2029720,00.asp [eweek.com]----IT Pros Say They Can't Stop Data Breaches:http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD [eweek.com]----Cyber Attacks On US Military Jump Sharply In 2009http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742 [slashdot.org]----Bots Found Inside Many Big Companies:http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html [baselinemag.com]----Bot master owns up to 250,000 zombie PCs:http://www.securityfocus.com/news/11495 [securityfocus.com]----Bots surge ahead (2007):http://www.securityfocus.com/brief/466 [securityfocus.com]----Chinese Hackers Hit Commerce Department:http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227 [informationweek.com]----CIA Admits Cyberattacks Blacked Out Cities:http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631 [informationweek.com]----Compromised Banks and Investment sites list 2006:http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679 [slashdot.org]----Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Massive IFRAME SEO Poisoning Attack Continuing:http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html [blogspot.com]----Data at Bank of America, Wachovia, others compromised - May.
23, 2005:http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm [cnn.com]----Fresh Security Breaches at Los Alamos:http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/ [msn.com]----Infected job search sites lead to info theft for 46,000:http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000 [computerworld.com]----New Mega-Botnet Discovered:http://it.slashdot.org/article.pl?sid=09/04/22/2223214 [slashdot.org]----I think THAT list ought to "enlighten" ANYONE, as to why "layered security" is &amp; has been considered largely to be "THE WAY TO GO", vs. that list above (which is only a SMALL \%-age of what I can come up with in regards to threats online + their causes)... HOSTS files help protect vs. those, on several levels - DO consider their usage!apk
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271618</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272370</id>
	<title>Re:no-script</title>
	<author>CNTOAGN</author>
	<datestamp>1259609040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Agree completely.  No script is perhaps the finest add on ever.  If a page doesn't load properly, then I don't go to that site.  There are some sites that have upwards of 30 scripts from all over running - to this, even google is a problem - how many sites are running googleanalytics or googlesyndication, or the 10 other weird little google scripts?</htmltext>
<tokenext>Agree completely .
No script is perhaps the finest add on ever .
If a page does n't load properly , then I do n't go to that site .
There are some sites that have upwards of 30 scripts from all over running - to this , even google is a problem - how many sites are running googleanalytics or googlesyndication , or the 10 other weird little google scripts ?</tokentext>
<sentencetext>Agree completely.
No script is perhaps the finest add on ever.
If a page doesn't load properly, then I don't go to that site.
There are some sites that have upwards of 30 scripts from all over running - to this, even google is a problem - how many sites are running googleanalytics or googlesyndication, or the 10 other weird little google scripts?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271676</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271632</id>
	<title>Why?</title>
	<author>Archangel Michael</author>
	<datestamp>1259605980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I realize that most websites run some version or another of "adverts", but generally speaking, most of those sites are marginal value to start. The sites I frequent usually use text ads, and not the flash (pun intended) graphical ads on some of the more questionable sites.</p><p>In fact, I dare say, that if I see lots of flashy or ads that are obtrusive in nature, I discount the nature of the site and tend to leave quicker.</p><p>One of the things that pisses me off to no end, are third party ads that are spewing crap/malware to driveby web browsing.</p><p>I don't personally get infecgted by them, because I run all the latest anti-malware defenses (adblock, noscript, firefox etc). But I'm in IT, and I see way too many machines compromized by the lastest "Antivirus 2010" styple crap/malware all the time.</p><p>Websites that house such malware should be blacklisted. Screw them if they can't make a living without using dubious adverts.</p></htmltext>
<tokenext>I realize that most websites run some version or another of " adverts " , but generally speaking , most of those sites are marginal value to start .
The sites I frequent usually use text ads , and not the flash ( pun intended ) graphical ads on some of the more questionable sites.In fact , I dare say , that if I see lots of flashy or ads that are obtrusive in nature , I discount the nature of the site and tend to leave quicker.One of the things that pisses me off to no end , are third party ads that are spewing crap/malware to driveby web browsing.I do n't personally get infecgted by them , because I run all the latest anti-malware defenses ( adblock , noscript , firefox etc ) .
But I 'm in IT , and I see way too many machines compromized by the lastest " Antivirus 2010 " styple crap/malware all the time.Websites that house such malware should be blacklisted .
Screw them if they ca n't make a living without using dubious adverts .</tokentext>
<sentencetext>I realize that most websites run some version or another of "adverts", but generally speaking, most of those sites are marginal value to start.
The sites I frequent usually use text ads, and not the flash (pun intended) graphical ads on some of the more questionable sites.In fact, I dare say, that if I see lots of flashy or ads that are obtrusive in nature, I discount the nature of the site and tend to leave quicker.One of the things that pisses me off to no end, are third party ads that are spewing crap/malware to driveby web browsing.I don't personally get infecgted by them, because I run all the latest anti-malware defenses (adblock, noscript, firefox etc).
But I'm in IT, and I see way too many machines compromized by the lastest "Antivirus 2010" styple crap/malware all the time.Websites that house such malware should be blacklisted.
Screw them if they can't make a living without using dubious adverts.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272566</id>
	<title>Ad-block pro</title>
	<author>Anonymous</author>
	<datestamp>1259610120000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>FTW!</p></htmltext>
<tokenext>FTW !</tokentext>
<sentencetext>FTW!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30296298</id>
	<title>Re:Old, old story</title>
	<author>Sardaukar86</author>
	<datestamp>1259590560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><div class="quote"><p><em>In 1995, columnist and Ethernet-inventor Bob Metcalfe was again going on about a topic that eventually had him </em> <strong>literally eating his words</strong> <em> (he had to chop up a column in a blender with water and chug it) - that the Internet was going to collapse from all the heavy bandwidth demands of its exponentially-expanding clientele.</em></p></div><p><nobr> <wbr></nobr>..and here we have a fine example of the near-mythical 'correct-use-of-the-term-"literally"' beast, grazing in its native environment. Fellow Slashdotters are advised to learn as much as possible while the animal is so clearly visible, for typical correct-use-of-the-term-"literally"s are very rare indeed and it may be some time before we see another.</p></div>
	</htmltext>
<tokenext>In 1995 , columnist and Ethernet-inventor Bob Metcalfe was again going on about a topic that eventually had him literally eating his words ( he had to chop up a column in a blender with water and chug it ) - that the Internet was going to collapse from all the heavy bandwidth demands of its exponentially-expanding clientele .
..and here we have a fine example of the near-mythical 'correct-use-of-the-term- " literally " ' beast , grazing in its native environment .
Fellow Slashdotters are advised to learn as much as possible while the animal is so clearly visible , for typical correct-use-of-the-term- " literally " s are very rare indeed and it may be some time before we see another .</tokentext>
<sentencetext>In 1995, columnist and Ethernet-inventor Bob Metcalfe was again going on about a topic that eventually had him  literally eating his words  (he had to chop up a column in a blender with water and chug it) - that the Internet was going to collapse from all the heavy bandwidth demands of its exponentially-expanding clientele.
..and here we have a fine example of the near-mythical 'correct-use-of-the-term-"literally"' beast, grazing in its native environment.
Fellow Slashdotters are advised to learn as much as possible while the animal is so clearly visible, for typical correct-use-of-the-term-"literally"s are very rare indeed and it may be some time before we see another.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272670</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276030</id>
	<title>Ads?  But I thought ...</title>
	<author>jc42</author>
	<datestamp>1259580600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>All along they've been telling us that is was the porn that was dragging the Net to a halt.  And now they're saying that it's all because of dumb old ads?  C'mon, now, were they lying to us all along about the porn?  I mean; the advertisers are all honest, upstanding businessmen (and women), aren't they?  They wouldn't drag it all down with their spam^Wattractive advertising, would they?</p></htmltext>
<tokenext>All along they 've been telling us that is was the porn that was dragging the Net to a halt .
And now they 're saying that it 's all because of dumb old ads ?
C'mon , now , were they lying to us all along about the porn ?
I mean ; the advertisers are all honest , upstanding businessmen ( and women ) , are n't they ?
They would n't drag it all down with their spam ^ Wattractive advertising , would they ?</tokentext>
<sentencetext>All along they've been telling us that is was the porn that was dragging the Net to a halt.
And now they're saying that it's all because of dumb old ads?
C'mon, now, were they lying to us all along about the porn?
I mean; the advertisers are all honest, upstanding businessmen (and women), aren't they?
They wouldn't drag it all down with their spam^Wattractive advertising, would they?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271676</id>
	<title>no-script</title>
	<author>rgviza</author>
	<datestamp>1259606160000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>no-script for the win, yet again.</p></htmltext>
<tokenext>no-script for the win , yet again .</tokentext>
<sentencetext>no-script for the win, yet again.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272102</id>
	<title>Simple solution ...</title>
	<author>Anonymous</author>
	<datestamp>1259607960000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>add  Adblock Plus to Firefox. Works wonders<nobr> <wbr></nobr>:-)</p></htmltext>
<tokenext>add Adblock Plus to Firefox .
Works wonders : - )</tokentext>
<sentencetext>add  Adblock Plus to Firefox.
Works wonders :-)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276446</id>
	<title>I think they are being too kind...</title>
	<author>dingo8baby</author>
	<datestamp>1259582040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><i>And it's also not surprising that ad services might lag two, three or four years behind where these web technology companies are.</i>
<br> <br>
more like 10 years behind. Asking an Ad Vendor to provide me and my fellow developers with valid xhtml code got the response: "We only have iframe and javascript as our current available ad tags."
<br> <br>
Brilliant people, these Ad Vendors.</htmltext>
<tokenext>And it 's also not surprising that ad services might lag two , three or four years behind where these web technology companies are .
more like 10 years behind .
Asking an Ad Vendor to provide me and my fellow developers with valid xhtml code got the response : " We only have iframe and javascript as our current available ad tags .
" Brilliant people , these Ad Vendors .</tokentext>
<sentencetext>And it's also not surprising that ad services might lag two, three or four years behind where these web technology companies are.
more like 10 years behind.
Asking an Ad Vendor to provide me and my fellow developers with valid xhtml code got the response: "We only have iframe and javascript as our current available ad tags.
"
 
Brilliant people, these Ad Vendors.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272496</id>
	<title>Cache my ads</title>
	<author>TheGreatOrangePeel</author>
	<datestamp>1259609640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>When I was running a (now defunct) website, I noted that the ads were the slowest part of my site to load. My solution was to take all the static images and, with a little help of some additional PHP into my existing image system, I cached them. This sped up the loading of the page dramatically and allowed me to refresh my ad-cache when my site traffic was low.</htmltext>
<tokenext>When I was running a ( now defunct ) website , I noted that the ads were the slowest part of my site to load .
My solution was to take all the static images and , with a little help of some additional PHP into my existing image system , I cached them .
This sped up the loading of the page dramatically and allowed me to refresh my ad-cache when my site traffic was low .</tokentext>
<sentencetext>When I was running a (now defunct) website, I noted that the ads were the slowest part of my site to load.
My solution was to take all the static images and, with a little help of some additional PHP into my existing image system, I cached them.
This sped up the loading of the page dramatically and allowed me to refresh my ad-cache when my site traffic was low.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30277408</id>
	<title>Re:Flash Ads</title>
	<author>RoboRay</author>
	<datestamp>1259586480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>NoScript will get rid of those random-word link-fests for you, along with providing "click-to-flash" in one plug-in.</p></htmltext>
<tokenext>NoScript will get rid of those random-word link-fests for you , along with providing " click-to-flash " in one plug-in .</tokentext>
<sentencetext>NoScript will get rid of those random-word link-fests for you, along with providing "click-to-flash" in one plug-in.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272236</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272126</id>
	<title>Re:Kind of Fitting</title>
	<author>Anonymous</author>
	<datestamp>1259608080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Weird. Don't you get the "Disable Ads" checkbox on the side of your page? It showed up on mine sometime this year, and it's made slashdot much faster and more enjoyable.</p></htmltext>
<tokenext>Weird .
Do n't you get the " Disable Ads " checkbox on the side of your page ?
It showed up on mine sometime this year , and it 's made slashdot much faster and more enjoyable .</tokentext>
<sentencetext>Weird.
Don't you get the "Disable Ads" checkbox on the side of your page?
It showed up on mine sometime this year, and it's made slashdot much faster and more enjoyable.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274088</id>
	<title>Firefox bug 487638 [Was: Re:Google Analytics]</title>
	<author>Anonymous</author>
	<datestamp>1259573220000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>If you're using Firefox, this bug is/will be fixed in Firefox 3.6, so that it will report the correct website when things are slow.</p><p>See https://bugzilla.mozilla.org/show\_bug.cgi?id=487638 for the details: "status bar blames wrong resource when downloading slow responding resource" is the title of that bug.</p></htmltext>
<tokenext>If you 're using Firefox , this bug is/will be fixed in Firefox 3.6 , so that it will report the correct website when things are slow.See https : //bugzilla.mozilla.org/show \ _bug.cgi ? id = 487638 for the details : " status bar blames wrong resource when downloading slow responding resource " is the title of that bug .</tokentext>
<sentencetext>If you're using Firefox, this bug is/will be fixed in Firefox 3.6, so that it will report the correct website when things are slow.See https://bugzilla.mozilla.org/show\_bug.cgi?id=487638 for the details: "status bar blames wrong resource when downloading slow responding resource" is the title of that bug.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271774</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275734</id>
	<title>NoScript &amp; FF addons? NOT GLOBAL: HOSTS, are..</title>
	<author>Anonymous</author>
	<datestamp>1259579640000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><div class="quote"><p><b>"no-script for the win, yet again."</b> - by rgviza (1303161) on Monday November 30, @12:36PM (#30271676)</p></div><p>Per my subject line above? <b>How about a GLOBAL solution, instead, &amp; one that extends to ALL of your "webbound apps", instead, &amp; NOT just to Mozilla softwares which is all your solution works for...</b> (think IE, Outlook &amp; other email programs even, + more), AND, the solution I propose also acts as "layered security" in combination with the FF/Mozilla only methods you use  (which sadly, your methods are KNOWN to slow your browser down, use CPU cycles &amp; more (like having bugs &amp; security flaws in themselves too)... where this solution does not &amp; covers ALL webbound apps, globally)??</p><p>Here is <b>a GOOD SOLID WORK-AROUND, CALLED A HOSTS FILE!</b></p><p>(It works for more speed online, AND SECURITY ESPECIALLY... Also, it works for your money, because you pay for your linetime out of pocket most likely as I do, you can get back your speed, AND, gain security easily, &amp; from a single easily edited file &amp; a file eats no CPU cycles like a local DNS server can (&amp; are not as security vulnerable either if you protect write access to a HOSTS file also)... Anyhow/anyways - Here goes:</p><p>SO - "that all said &amp; aside"? Well, per your reply?? You're solutions cost CPU cycles &amp; are KNOWN to slow down FF/Mozilla variants (as browser addons do), but... Hey - NO PROBLEM, because HOSTS files work alongside those addons too, &amp; offer you more speed online AND more security, via a SINGLE EASILY EDITED + POPULATED FILE (called a HOSTS file):</p><p>I use <b>a custom HOSTS file</b>, in addition to the tools others here in this thread have noted (which MANY like FF addons only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, &amp; that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", &amp; of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).</p><p><b>HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&amp;C servers" too!</b></p><p><b>You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!</b></p><p>(More on that later &amp; WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -&gt; <a href="http://en.wikipedia.org/wiki/Hosts\_file" title="wikipedia.org" rel="nofollow">http://en.wikipedia.org/wiki/Hosts\_file</a> [wikipedia.org] or those from mvps.org (a good one this one))</p><p><b>I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats, via:</b></p><p>----</p><p>A.) Spybot "Search &amp; Destroy" updates (populates HOSTS and browser block lists)</p><p>B.) Sites like ZDNet's Mr. Dancho Danchev's blog -&gt; <a href="http://ddanchev.blogspot.com/" title="blogspot.com" rel="nofollow">http://ddanchev.blogspot.com/</a> [blogspot.com]</p><p>C.) Sites like FireEye -&gt; <a href="http://blog.fireeye.com/" title="fireeye.com" rel="nofollow">http://blog.fireeye.com/</a> [fireeye.com]</p><p>D.) SRI -&gt; <a href="http://mtc.sri.com/" title="sri.com" rel="nofollow">http://mtc.sri.com/</a> [sri.com]</p><p>----</p><p>My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).</p><p>(I combined ALL reputable HOSTS files with one of my own (30,000 entries), &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++". That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller &amp; thus faster than 127.0.0.1 default) or the smallest &amp; fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (&amp; it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (&amp; now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -&gt; <a href="http://www.rootkit.com/newsread.php?newsid=952" title="rootkit.com" rel="nofollow">http://www.rootkit.com/newsread.php?newsid=952</a> [rootkit.com] [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))</p><p><b>Another EXCELLENT benefit of HOSTS file usage? More speed online, &amp; also more security + reliability</b> (especially in the case of DNS servers today, per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...</p><p><b>AND, YOU CAN GET EVEN MORE SPEED, and RELIABILITY</b> (vs. downed or "DNS poisoned/misdirected" dns servers too) <b>via yet another "hidden bonus for speed" in HOSTS files:</b></p><p>HOW SO? WELL - <b>I use another "technique" called "hardcoding" an IP address to domainname/hostname in my HOSTS files, for my FAVORITE websites:</b></p><p><b>This allows me to FIRST bypass any remote/external DNS lookups, which also would in theory @ least, make me "proofed" vs. DNS request logs by my ISP/BSP also.</b></p><p>(Especially since I use external DNS servers too, OpenDNS ones to be specific, that go beyond my hardcoded favs in my HOSTS file because I can't ping &amp; resolve the ENTIRE internet after all)</p><p>This also makes it harder for others to track me...</p><p>(Sure, they could do a "reverse DNS lookup" via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest, but that is harder to do, than looking up my URL requests via a log on a DNS server))</p><p><b>ALSO, AS ANOTHER "BONUS" in HOSTS FILES</b> (can't stress it enough, &amp; especially above + beyond adbanner blocking)<b>:  It speeds you up, or can!</b></p><p>E.G.-&gt; A buddy of mine named Jack says it has (verbatim quote) "DOUBLED MY SPEED ONLINE, BUT I VALUE THE SECURITY PART MORE", because he used to get over 200++ viruses a week, now? Only maybe 2 a year IF THAT lately, &amp; he is convinced it is largely due to the HOSTS file I send him weekly (he is my "lab rat #1" due to his previous infestation rate), &amp; if that "anecdotal evidence" is not enough? See this then, from a published security guru on a respected site for it:</p><p>====</p><p><b>RESURRECTING THE KILLFILE:</b></p><p>(by Mr. Oliver Day)</p><p><a href="http://www.securityfocus.com/columnists/491" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/columnists/491</a> [securityfocus.com]</p><p><b>PERTINENT EXCERPTS/QUOTES:</b></p><p>"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."</p><p>"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."</p><p>====</p><p>(A nice bonus beyond blocking adbanners via HOSTS too, because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below, several examples thereof no less), because you don't waste between 30-N ms calling out to an external DNS!</p><p>(Again, and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it)</p><p>Thus, <b>SO, even IF your DNS servers go down, or are "dns poisoned"</b> (or fall to yet another security flaw, many are in my "p.s." below no less, as documented evidences thereof to my statements here no less)?</p><p>Well, <b>by using a custom HOSTS file setup, you can STILL GET TO YOUR FAV. SITES IF HARDCODED in your HOSTS FILE &amp; @ higher speeds than DNS server calls, 30-N times faster in fact</b> (a good thing, but one you may have to periodically alter, easily, via notepad.exe edits of your HOSTS file &amp; a ping to update their new address (sites change hosting providers due to better services or prices, rare, but they do &amp; MOST let you know they are about to do so anyhow, so you can amend a HOSTS file)).</p><p>NICEST PART IS, THOUGH, PER YOUR STATEMENT (in addition to the benefits of HOSTS file I note above, alongside others like Mr. Oliver Day of SECURITYFOCUS.COM)?</p><p>I will STILL get to where it is that I WANT TO GO, not the router's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least, because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL, not via my routers' onboard DNS server...</p><p>APK</p><p>P.S.=&gt; Evidences as to WHY you'd want to add on the "extra layered security protection" of a HOSTS file, which extends global security coverage to your webbound apps, AND, allows for a great deal of added extra speed as well? Ok, here are some documented reasons why like:</p><p>a.) DNS servers vulnerable, under attack, failing or being "DNS poisoned" misdirected &amp; more</p><p>b.) Security suites failing vs. modern "blended threats" online</p><p>c.) javascript being used to do most of this via apps)</p><p>d.) adbanners being maliciously coded also...</p><p>(Here we go with documented proofs/examples:)</p><p>====</p><p><b>POISONED MALSCRIPTED ADBANNERS</b></p><p><b>The Next Ad You Click May Be a Virus:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/06/15/2056219" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/06/15/2056219</a> [slashdot.org]</p><p>----</p><p><b>Attackers Infect Ads With Old Adobe Vulnerability:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/02/25/024211" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/02/25/024211</a> [slashdot.org]</p><p>----</p><p><b>Hackers Use Banner Ads on Major Sites to Hijack Your PC:</b></p><p><a href="http://www.wired.com/techbiz/media/news/2007/11/doubleclick" title="wired.com" rel="nofollow">http://www.wired.com/techbiz/media/news/2007/11/doubleclick</a> [wired.com]</p><p>----</p><p><b>Adobe Flash Ads Launching Clipboard Hijack Attacks:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss</a> [slashdot.org]</p><p>----</p><p><b>Slashdot | Americans Don't Want Targeted Ads:</b></p><p><a href="http://yro.slashdot.org/article.pl?sid=09/10/01/1854214" title="slashdot.org" rel="nofollow">http://yro.slashdot.org/article.pl?sid=09/10/01/1854214</a> [slashdot.org]</p><p>====</p><p><b>DNS PROBLEMS:</b></p><p><b>Number of Rogue DNS Servers on the Rise:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212</a> [slashdot.org]</p><p>----</p><p><b>Security Researcher Kaminsky Pushes DNS Patching:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/02/19/2322231" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/02/19/2322231</a> [slashdot.org]</p><p>----</p><p><b>Ten Percent of DNS Servers Still Vulnerable:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235</a> [slashdot.org]</p><p>----</p><p><b>TimeWarner DNS Hijacking:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=07/07/23/2140208" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=07/07/23/2140208</a> [slashdot.org]</p><p>----</p><p><b>Another DNS Flaw Found:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=09/01/09/2348240" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=09/01/09/2348240</a> [slashdot.org]</p><p>----</p><p><b>Attack Code Published For DNS Vulnerability:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254</a> [slashdot.org]</p><p>----</p><p><b>BIND Still Susceptible To DNS Cache Poisoning:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222</a> [slashdot.org]</p><p>----</p><p><b>DDoS Attacks Via DNS Recursion:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209</a> [slashdot.org]</p><p>----</p><p><b>DNS Poisoning Hits One of China's Biggest ISPs:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250</a> [slashdot.org]</p><p>----</p><p><b>DNS Root Servers Attacked:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225</a> [slashdot.org]</p><p>----</p><p><b>DNS Problem Linked To DDoS Attacks Gets Worse:</b></p><p><a href="http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858</a> [slashdot.org]</p><p>----</p><p><b>Are your servers vulnerable to DNS attacks?</b></p><p><a href="http://www.networkworld.com/news/2007/111907-dns-attacks.html" title="networkworld.com" rel="nofollow">http://www.networkworld.com/news/2007/111907-dns-attacks.html</a> [networkworld.com]</p><p>----</p><p><b>Kaminsky On DNS Bugs a Year Later and DNSSEC:</b></p><p><a href="http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC" title="slashdot.org" rel="nofollow">http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC</a> [slashdot.org]</p><p>----</p><p><b>DNS users put higher premium on security:</b></p><p><a href="http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/" title="techworld.com" rel="nofollow">http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/</a> [techworld.com]</p><p>----</p><p><b>BIND, the Buggy Internet Name Daemon:</b></p><p><a href="http://cr.yp.to/djbdns/blurb/unbind.html" title="cr.yp.to" rel="nofollow">http://cr.yp.to/djbdns/blurb/unbind.html</a> [cr.yp.to]</p><p>(Where djbdns was found to have flaw, though it was alleged invulnerable, they paid out $10,000 reward)</p><p>----</p><p><b>DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE:</b></p><p><a href="http://blogs.zdnet.com/security/?p=1520" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=1520</a> [zdnet.com]</p><p>----</p><p><b>DNS REBINDING ATTACKS: MultiPinning Browser JavaScript Vulnerability</b> (how to protect yourself):</p><p><a href="http://crypto.stanford.edu/dns/" title="stanford.edu" rel="nofollow">http://crypto.stanford.edu/dns/</a> [stanford.edu]</p><p>----</p><p><b>Hackers hijack DNS records of high profile New Zealand sites:</b></p><p><a href="http://blogs.zdnet.com/security/?p=3185" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=3185</a> [zdnet.com]</p><p>====</p><p><b>SECURITY SUITE PROGRAMS FAILING:</b></p><p><b>AntiVirus Products Fail to Find Simple IE Malware:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=07/10/29/1747237" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=07/10/29/1747237</a> [slashdot.org]</p><p>----</p><p><b>Most Security Products Fail To Perform:</b></p><p><a href="http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652" title="slashdot.org" rel="nofollow">http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652</a> [slashdot.org]</p><p>----</p><p><b>TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM:</b></p><p><a href="http://secunia.com/blog/29/" title="secunia.com" rel="nofollow">http://secunia.com/blog/29/</a> [secunia.com]</p><p>----</p><p><b>Top security suites fail exploit tests:</b></p><p><a href="http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head" title="computerworld.com" rel="nofollow">http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head</a> [computerworld.com]</p><p>----</p><p><b>Antivirus is 'completely wasted money': Cisco CSO: News - Security - ZDNet Australia:</b></p><p><a href="http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert" title="zdnet.com.au" rel="nofollow">http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert</a> [zdnet.com.au]</p><p>----</p><p><b>Are Routers the Next Big Target for Hackers?</b></p><p><a href="http://blogs.zdnet.com/security/?p=919" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=919</a> [zdnet.com]</p><p>----</p><p><b>Software Firewalls: Made of Straw? Part 1 of 2:</b></p><p><a href="http://www.securityfocus.com/infocus/1839" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/infocus/1839</a> [securityfocus.com]</p><p><b>Software Firewalls: Made of Straw? Part 2 of 2:</b></p><p><a href="http://www.securityfocus.com/infocus/1840/2" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/infocus/1840/2</a> [securityfocus.com]</p><p>----</p><p><b>Brief study shows difficulty in detecting malware (2008):</b></p><p><a href="http://www.securityfocus.com/brief/858" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/858</a> [securityfocus.com]</p><p>----</p><p><b>2007 - Browser vulnerabilities and attacks will continue to mount:</b></p><p><a href="http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679" title="infoworld.com" rel="nofollow">http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679</a> [infoworld.com]</p><p>----</p><p><b>Bug exposes Cisco switches to attacks:</b></p><p><a href="http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news" title="cnet.com" rel="nofollow">http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news</a> [cnet.com]</p><p>&amp;</p><p><b>CISCO "COMES CLEAN" ON EXTENT OF IOS FLAW:</b></p><p><a href="http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/" title="eweek.com" rel="nofollow">http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/</a> [eweek.com]</p><p>&amp;</p><p><b>Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability:</b></p><p><a href="http://secunia.com/advisories/28625/" title="secunia.com" rel="nofollow">http://secunia.com/advisories/28625/</a> [secunia.com]</p><p>+</p><p><b>Computer routers face hijack risk - study:</b></p><p><a href="http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss" title="www.cbc.ca" rel="nofollow">http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss</a> [www.cbc.ca]</p><p>Slashdot Technology Story | Will Mainstream Media Embrace Adblockers?</p><p><a href="http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers</a> [slashdot.org]</p><p>----</p><p><b>Congress May Require ISPs To Block Certain Fraud Sites:</b></p><p><a href="http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078" title="slashdot.org" rel="nofollow">http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078</a> [slashdot.org]</p><p>====</p><p><b>JAVASCRIPT PROBLEMS:</b></p><p><b>Slashdot | Adobe Confirms PDF Zero-Day, Says Kill JavaScript:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/04/29/1823234" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/04/29/1823234</a> [slashdot.org]</p><p>----</p><p><b>Adobe Flash Zero-Day Attack Underway:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss</a> [slashdot.org]</p><p>----</p><p><b>JavaScript flaw reported in Adobe Reader</b> (4th or 5th time already, if not more):</p><p><a href="http://www.securityfocus.com/brief/953" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/953</a> [securityfocus.com]</p><p>----</p><p><b>Another malware pulls an Italian job via JAVASCRIPT:</b></p><p><a href="http://blog.trendmicro.com/another-malware-pulls-an-italian-job/" title="trendmicro.com" rel="nofollow">http://blog.trendmicro.com/another-malware-pulls-an-italian-job/</a> [trendmicro.com]</p><p>----</p><p><b>JavaScript opens doors to browser-based attacks | CNET News.com:</b></p><p><a href="http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news" title="com.com" rel="nofollow">http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news</a> [com.com]</p><p>----</p><p><b>Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secunia</b></p><p><a href="http://secunia.com/advisories/29787/" title="secunia.com" rel="nofollow">http://secunia.com/advisories/29787/</a> [secunia.com]</p><p>----</p><p><b>New script outstrips all other drive-by download risks:</b></p><p><a href="http://www.theregister.co.uk/2009/05/15/script\_menace/" title="theregister.co.uk" rel="nofollow">http://www.theregister.co.uk/2009/05/15/script\_menace/</a> [theregister.co.uk]</p><p>----</p><p><b>Researcher to demonstrate attack code for Intel chips via Javascript:</b></p><p><a href="http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036" title="infoworld.com" rel="nofollow">http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036</a> [infoworld.com]</p><p>----</p><p><b>Researcher: JavaScript Attacks Get Slicker:</b></p><p><a href="http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/" title="eweek.com" rel="nofollow">http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/</a> [eweek.com]</p><p>----</p><p><b>Rise Of The PDF Exploits:</b></p><p><a href="http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits" title="trustedsource.org" rel="nofollow">http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits</a> [trustedsource.org]</p><p>----</p><p><b>ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF:</b></p><p><a href="http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219" title="shadowserver.org" rel="nofollow">http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219</a> [shadowserver.org]</p><p>----</p><p><b>AJAX Poses Security, Performance Risks:</b></p><p><a href="http://www.eweek.com/article2/0,1895,1916673,00.asp" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,1916673,00.asp</a> [eweek.com]</p><p>----</p><p><b>Web 2.0 Threats and Risks for Financial Services:</b></p><p><a href="http://www.net-security.org/article.php?id=1004&amp;p=1" title="net-security.org" rel="nofollow">http://www.net-security.org/article.php?id=1004&amp;p=1</a> [net-security.org]</p><p><a href="http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack" title="cbronline.com" rel="nofollow">http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack</a> [cbronline.com]</p><p>----</p><p><b>Cross Site Scripting</b> (GOOGLE) <b>and WHY TO TURN OFF JAVASCRIPT:</b></p><p><a href="http://www.cgisecurity.com/xss-faq.html" title="cgisecurity.com" rel="nofollow">http://www.cgisecurity.com/xss-faq.html</a> [cgisecurity.com]</p><p>----</p><p><b>Why the FBI Director Doesn't Bank Online</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/10/08/0327240" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/10/08/0327240</a> [slashdot.org]</p><p>====</p><p><b>MAJOR ATTACKS (only a small sample) of WHY LAYERED SECURITY IS NEEDED</b></p><p><b>Is the Botnet Battle Already Lost?</b></p><p><a href="http://www.eweek.com/article2/0,1895,2029720,00.asp" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,2029720,00.asp</a> [eweek.com]</p><p>----</p><p><b>IT Pros Say They Can't Stop Data Breaches:</b></p><p><a href="http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD</a> [eweek.com]</p><p>----</p><p><b>Cyber Attacks On US Military Jump Sharply In 2009</b></p><p><a href="http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742</a> [slashdot.org]</p><p>----</p><p><b>Bots Found Inside Many Big Companies:</b></p><p><a href="http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html" title="baselinemag.com" rel="nofollow">http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html</a> [baselinemag.com]</p><p>----</p><p><b>Bot master owns up to 250,000 zombie PCs:</b></p><p><a href="http://www.securityfocus.com/news/11495" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/news/11495</a> [securityfocus.com]</p><p>----</p><p><b>Bots surge ahead (2007):</b></p><p><a href="http://www.securityfocus.com/brief/466" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/466</a> [securityfocus.com]</p><p>----</p><p><b>Chinese Hackers Hit Commerce Department:</b></p><p><a href="http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227" title="informationweek.com" rel="nofollow">http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227</a> [informationweek.com]</p><p>----</p><p><b>CIA Admits Cyberattacks Blacked Out Cities:</b></p><p><a href="http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631" title="informationweek.com" rel="nofollow">http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631</a> [informationweek.com]</p><p>----</p><p><b>Compromised Banks and Investment sites list 2006:</b></p><p><a href="http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679" title="slashdot.org" rel="nofollow">http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679</a> [slashdot.org]</p><p>----</p><p><b>Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Massive IFRAME SEO Poisoning Attack Continuing:</b></p><p><a href="http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html" title="blogspot.com" rel="nofollow">http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html</a> [blogspot.com]</p><p>----</p><p><b>Data at Bank of America, Wachovia, others compromised - May. 23, 2005:</b></p><p><a href="http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm" title="cnn.com" rel="nofollow">http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm</a> [cnn.com]</p><p>----</p><p><b>Fresh Security Breaches at Los Alamos:</b></p><p><a href="http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/" title="msn.com" rel="nofollow">http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/</a> [msn.com]</p><p>----</p><p><b>Infected job search sites lead to info theft for 46,000:</b></p><p><a href="http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000" title="computerworld.com" rel="nofollow">http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000</a> [computerworld.com]</p><p>----</p><p><b>New Mega-Botnet Discovered:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/04/22/2223214" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/04/22/2223214</a> [slashdot.org]</p><p>----</p><p>I think THAT list ought to "enlighten" ANYONE, as to why "layered security" is &amp; has been considered largely to be "THE WAY TO GO", vs. that list above (which is only a SMALL \%-age of what I can come up with in regards to threats online + their causes)... HOSTS files help protect vs. those, on several levels - DO consider their usage!</p><p>I'd like to also end this, on a little quote from a fav. film of mine:</p><p><b>"My name is Dr. Robert Neville. I am a survivor living in New York City. I am broadcasting on all a.m. frequencies. I will be in the south street seaport everyday at midday when the sun is highest in the sky. If you are out there, if anyone is out there, I can provide food; I can provide shelter; I can provide security -&gt; <a href="http://www.tcmagazine.com/forums/index.php?s=44b7ce1c3ee460d32e68cb97f2597368&amp;showtopic=2662" title="tcmagazine.com" rel="nofollow">http://www.tcmagazine.com/forums/index.php?s=44b7ce1c3ee460d32e68cb97f2597368&amp;showtopic=2662</a> [tcmagazine.com] . If there's anybody out there, anybody, please... you are not alone."</b> - Dr. Robert Neville, I AM LEGEND</p><p>&amp; that film inspired me to write that guide for securing Windows NT-based OS variants, @ the end of 2007, + for my "New Year's Resolution" for 2008, of "Do the right thing &amp; 'pay it forward'"... &amp;, it works.</p><p>Here though?</p><p>Well, I only suggested a SMALL part of that guide here, but a crucial &amp; EFFECTIVE ONE, &amp; mainly because it fits the bill here QUITE specifically &amp; functions globally, instead of just being good for 1 set of apps only (like FF addons are only, unfortunately), &amp; it doesn't eat CPU like those do either OR slow you down (if anything? They speed you up HUGELY, in addition to securing you too as a bonus)...apk</p></div>
	</htmltext>
<tokenext>" no-script for the win , yet again .
" - by rgviza ( 1303161 ) on Monday November 30 , @ 12 : 36PM ( # 30271676 ) Per my subject line above ?
How about a GLOBAL solution , instead , &amp; one that extends to ALL of your " webbound apps " , instead , &amp; NOT just to Mozilla softwares which is all your solution works for... ( think IE , Outlook &amp; other email programs even , + more ) , AND , the solution I propose also acts as " layered security " in combination with the FF/Mozilla only methods you use ( which sadly , your methods are KNOWN to slow your browser down , use CPU cycles &amp; more ( like having bugs &amp; security flaws in themselves too ) ... where this solution does not &amp; covers ALL webbound apps , globally ) ?
? Here is a GOOD SOLID WORK-AROUND , CALLED A HOSTS FILE !
( It works for more speed online , AND SECURITY ESPECIALLY... Also , it works for your money , because you pay for your linetime out of pocket most likely as I do , you can get back your speed , AND , gain security easily , &amp; from a single easily edited file &amp; a file eats no CPU cycles like a local DNS server can ( &amp; are not as security vulnerable either if you protect write access to a HOSTS file also ) ... Anyhow/anyways - Here goes : SO - " that all said &amp; aside " ?
Well , per your reply ? ?
You 're solutions cost CPU cycles &amp; are KNOWN to slow down FF/Mozilla variants ( as browser addons do ) , but... Hey - NO PROBLEM , because HOSTS files work alongside those addons too , &amp; offer you more speed online AND more security , via a SINGLE EASILY EDITED + POPULATED FILE ( called a HOSTS file ) : I use a custom HOSTS file , in addition to the tools others here in this thread have noted ( which MANY like FF addons only really function for FireFox/Mozilla products , but do n't extend globally to all other webbound applications , &amp; that is part of what HOSTS files give you above the methods you extoll + utilize : " GLOBAL COVERAGE " , &amp; of ALL webbound apps , not just FireFox/Mozilla ones via the addons you noted + use yourself... ) .HOSTS files can be used to blockout KNOWN " bad " adserves , maliciously coded sites or adbanners , and " botnet C&amp;C servers " too ! You can obtain reliable HOSTS files from reputable lists for more security online , but also for speed !
( More on that later &amp; WHY/HOW ( I use reliable lists for that , such as these HOSTS @ Wikipedia.com - &gt; http : //en.wikipedia.org/wiki/Hosts \ _file [ wikipedia.org ] or those from mvps.org ( a good one this one ) ) I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats , via : ----A .
) Spybot " Search &amp; Destroy " updates ( populates HOSTS and browser block lists ) B .
) Sites like ZDNet 's Mr. Dancho Danchev 's blog - &gt; http : //ddanchev.blogspot.com/ [ blogspot.com ] C. ) Sites like FireEye - &gt; http : //blog.fireeye.com/ [ fireeye.com ] D. ) SRI - &gt; http : //mtc.sri.com/ [ sri.com ] ----My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online ( by blocking adbanners , which have been compromised many times the past few years now by malscripted exploits ( examples below ) ) .
( I combined ALL reputable HOSTS files with one of my own ( 30,000 entries ) , &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called " APK HOSTS File Grinder 4.0 + + " .
That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter ' IP address to either 0.0.0.0 ( for VISTA/Windows Server 2008/Windows 7 , smaller &amp; thus faster than 127.0.0.1 default ) or the smallest &amp; fastest 0 " blocking 'IP ADDRESS ' " ( for Windows 2000/XP/Server 2003 which can STILL use it ( &amp; it was added in a service pack on Windows 2000 , only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards ( &amp; now all these " phunny little bugs " are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall , which ROOTKIT.COM has stated ( with code too no less on how it is done ) - &gt; http : //www.rootkit.com/newsread.php ? newsid = 952 [ rootkit.com ] [ rootkit.com ] that it is EASIER TO UNHOOK ( than was the design used in Windows 2000/XP/Server 2003 ) ) Another EXCELLENT benefit of HOSTS file usage ?
More speed online , &amp; also more security + reliability ( especially in the case of DNS servers today , per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now ) ...AND , YOU CAN GET EVEN MORE SPEED , and RELIABILITY ( vs. downed or " DNS poisoned/misdirected " dns servers too ) via yet another " hidden bonus for speed " in HOSTS files : HOW SO ?
WELL - I use another " technique " called " hardcoding " an IP address to domainname/hostname in my HOSTS files , for my FAVORITE websites : This allows me to FIRST bypass any remote/external DNS lookups , which also would in theory @ least , make me " proofed " vs. DNS request logs by my ISP/BSP also .
( Especially since I use external DNS servers too , OpenDNS ones to be specific , that go beyond my hardcoded favs in my HOSTS file because I ca n't ping &amp; resolve the ENTIRE internet after all ) This also makes it harder for others to track me... ( Sure , they could do a " reverse DNS lookup " via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest , but that is harder to do , than looking up my URL requests via a log on a DNS server ) ) ALSO , AS ANOTHER " BONUS " in HOSTS FILES ( ca n't stress it enough , &amp; especially above + beyond adbanner blocking ) : It speeds you up , or can ! E.G.- &gt; A buddy of mine named Jack says it has ( verbatim quote ) " DOUBLED MY SPEED ONLINE , BUT I VALUE THE SECURITY PART MORE " , because he used to get over 200 + + viruses a week , now ?
Only maybe 2 a year IF THAT lately , &amp; he is convinced it is largely due to the HOSTS file I send him weekly ( he is my " lab rat # 1 " due to his previous infestation rate ) , &amp; if that " anecdotal evidence " is not enough ?
See this then , from a published security guru on a respected site for it : = = = = RESURRECTING THE KILLFILE : ( by Mr. Oliver Day ) http : //www.securityfocus.com/columnists/491 [ securityfocus.com ] PERTINENT EXCERPTS/QUOTES : " The host file on my day-to-day laptop is now over 16,000 lines long .
Accessing the Internet particularly browsing the Web is actually faster now .
" " From what I have seen in my research , major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade .
The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties .
More recently , projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware .
" = = = = ( A nice bonus beyond blocking adbanners via HOSTS too , because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below , several examples thereof no less ) , because you do n't waste between 30-N ms calling out to an external DNS !
( Again , and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it ) Thus , SO , even IF your DNS servers go down , or are " dns poisoned " ( or fall to yet another security flaw , many are in my " p.s .
" below no less , as documented evidences thereof to my statements here no less ) ? Well , by using a custom HOSTS file setup , you can STILL GET TO YOUR FAV .
SITES IF HARDCODED in your HOSTS FILE &amp; @ higher speeds than DNS server calls , 30-N times faster in fact ( a good thing , but one you may have to periodically alter , easily , via notepad.exe edits of your HOSTS file &amp; a ping to update their new address ( sites change hosting providers due to better services or prices , rare , but they do &amp; MOST let you know they are about to do so anyhow , so you can amend a HOSTS file ) ) .NICEST PART IS , THOUGH , PER YOUR STATEMENT ( in addition to the benefits of HOSTS file I note above , alongside others like Mr. Oliver Day of SECURITYFOCUS.COM ) ? I will STILL get to where it is that I WANT TO GO , not the router 's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least , because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL , not via my routers ' onboard DNS server...APKP.S. = &gt; Evidences as to WHY you 'd want to add on the " extra layered security protection " of a HOSTS file , which extends global security coverage to your webbound apps , AND , allows for a great deal of added extra speed as well ?
Ok , here are some documented reasons why like : a .
) DNS servers vulnerable , under attack , failing or being " DNS poisoned " misdirected &amp; moreb .
) Security suites failing vs. modern " blended threats " onlinec .
) javascript being used to do most of this via apps ) d. ) adbanners being maliciously coded also... ( Here we go with documented proofs/examples : ) = = = = POISONED MALSCRIPTED ADBANNERSThe Next Ad You Click May Be a Virus : http : //it.slashdot.org/article.pl ? sid = 09/06/15/2056219 [ slashdot.org ] ----Attackers Infect Ads With Old Adobe Vulnerability : http : //it.slashdot.org/article.pl ? sid = 09/02/25/024211 [ slashdot.org ] ----Hackers Use Banner Ads on Major Sites to Hijack Your PC : http : //www.wired.com/techbiz/media/news/2007/11/doubleclick [ wired.com ] ----Adobe Flash Ads Launching Clipboard Hijack Attacks : http : //it.slashdot.org/article.pl ? sid = 08/08/20/0029220&amp;from = rss [ slashdot.org ] ----Slashdot | Americans Do n't Want Targeted Ads : http : //yro.slashdot.org/article.pl ? sid = 09/10/01/1854214 [ slashdot.org ] = = = = DNS PROBLEMS : Number of Rogue DNS Servers on the Rise : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/02/15/2118212 [ slashdot.org ] ----Security Researcher Kaminsky Pushes DNS Patching : http : //it.slashdot.org/article.pl ? sid = 09/02/19/2322231 [ slashdot.org ] ----Ten Percent of DNS Servers Still Vulnerable : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 05/08/04/1525235 [ slashdot.org ] ----TimeWarner DNS Hijacking : http : //tech.slashdot.org/article.pl ? sid = 07/07/23/2140208 [ slashdot.org ] ----Another DNS Flaw Found : http : //tech.slashdot.org/article.pl ? sid = 09/01/09/2348240 [ slashdot.org ] ----Attack Code Published For DNS Vulnerability : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/07/23/231254 [ slashdot.org ] ----BIND Still Susceptible To DNS Cache Poisoning : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/08/09/123222 [ slashdot.org ] ----DDoS Attacks Via DNS Recursion : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 06/03/16/1658209 [ slashdot.org ] ----DNS Poisoning Hits One of China 's Biggest ISPs : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/08/21/2343250 [ slashdot.org ] ----DNS Root Servers Attacked : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 07/02/06/2238225 [ slashdot.org ] ----DNS Problem Linked To DDoS Attacks Gets Worse : http : //tech.slashdot.org/comments.pl ? sid = 1444354&amp;cid = 30109858 [ slashdot.org ] ----Are your servers vulnerable to DNS attacks ? http : //www.networkworld.com/news/2007/111907-dns-attacks.html [ networkworld.com ] ----Kaminsky On DNS Bugs a Year Later and DNSSEC : http : //it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC [ slashdot.org ] ----DNS users put higher premium on security : http : //news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/ [ techworld.com ] ----BIND , the Buggy Internet Name Daemon : http : //cr.yp.to/djbdns/blurb/unbind.html [ cr.yp.to ] ( Where djbdns was found to have flaw , though it was alleged invulnerable , they paid out $ 10,000 reward ) ----DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE : http : //blogs.zdnet.com/security/ ? p = 1520 [ zdnet.com ] ----DNS REBINDING ATTACKS : MultiPinning Browser JavaScript Vulnerability ( how to protect yourself ) : http : //crypto.stanford.edu/dns/ [ stanford.edu ] ----Hackers hijack DNS records of high profile New Zealand sites : http : //blogs.zdnet.com/security/ ? p = 3185 [ zdnet.com ] = = = = SECURITY SUITE PROGRAMS FAILING : AntiVirus Products Fail to Find Simple IE Malware : http : //tech.slashdot.org/article.pl ? sid = 07/10/29/1747237 [ slashdot.org ] ----Most Security Products Fail To Perform : http : //hardware.slashdot.org/comments.pl ? sid = 1445302&amp;threshold = -1&amp;commentsort = 0&amp;mode = thread&amp;pid = 30114652 [ slashdot.org ] ----TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM : http : //secunia.com/blog/29/ [ secunia.com ] ----Top security suites fail exploit tests : http : //www.computerworld.com/s/article/9117042/Top \ _security \ _suites \ _fail \ _exploit \ _tests ? intsrc = news \ _ts \ _head [ computerworld.com ] ----Antivirus is 'completely wasted money ' : Cisco CSO : News - Security - ZDNet Australia : http : //www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm ? feed = pt \ _auscert [ zdnet.com.au ] ----Are Routers the Next Big Target for Hackers ? http : //blogs.zdnet.com/security/ ? p = 919 [ zdnet.com ] ----Software Firewalls : Made of Straw ?
Part 1 of 2 : http : //www.securityfocus.com/infocus/1839 [ securityfocus.com ] Software Firewalls : Made of Straw ?
Part 2 of 2 : http : //www.securityfocus.com/infocus/1840/2 [ securityfocus.com ] ----Brief study shows difficulty in detecting malware ( 2008 ) : http : //www.securityfocus.com/brief/858 [ securityfocus.com ] ----2007 - Browser vulnerabilities and attacks will continue to mount : http : //www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679 [ infoworld.com ] ----Bug exposes Cisco switches to attacks : http : //news.cnet.com/Bug-exposes-Cisco-switches + to + attacks/2110-7349 \ _3-5902897.html ? part = rss&amp;tag = 5902897&amp;subj = news [ cnet.com ] &amp;CISCO " COMES CLEAN " ON EXTENT OF IOS FLAW : http : //www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/ [ eweek.com ] &amp;Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability : http : //secunia.com/advisories/28625/ [ secunia.com ] + Computer routers face hijack risk - study : http : //www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html ? ref = rss [ www.cbc.ca ] Slashdot Technology Story | Will Mainstream Media Embrace Adblockers ? http : //tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers [ slashdot.org ] ----Congress May Require ISPs To Block Certain Fraud Sites : http : //yro.slashdot.org/comments.pl ? sid = 1432514&amp;cid = 30024078 [ slashdot.org ] = = = = JAVASCRIPT PROBLEMS : Slashdot | Adobe Confirms PDF Zero-Day , Says Kill JavaScript : http : //it.slashdot.org/article.pl ? sid = 09/04/29/1823234 [ slashdot.org ] ----Adobe Flash Zero-Day Attack Underway : http : //it.slashdot.org/article.pl ? sid = 08/05/28/0138247&amp;from = rss [ slashdot.org ] ----JavaScript flaw reported in Adobe Reader ( 4th or 5th time already , if not more ) : http : //www.securityfocus.com/brief/953 [ securityfocus.com ] ----Another malware pulls an Italian job via JAVASCRIPT : http : //blog.trendmicro.com/another-malware-pulls-an-italian-job/ [ trendmicro.com ] ----JavaScript opens doors to browser-based attacks | CNET News.com : http : //news.com.com/JavaScript + opens + doors + to + browser-based + attacks/2100-7349 \ _3-6099891.html ? part = rss&amp;tag = 6099891&amp;subj = news [ com.com ] ----Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secuniahttp : //secunia.com/advisories/29787/ [ secunia.com ] ----New script outstrips all other drive-by download risks : http : //www.theregister.co.uk/2009/05/15/script \ _menace/ [ theregister.co.uk ] ----Researcher to demonstrate attack code for Intel chips via Javascript : http : //www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036 [ infoworld.com ] ----Researcher : JavaScript Attacks Get Slicker : http : //www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/ [ eweek.com ] ----Rise Of The PDF Exploits : http : //www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits [ trustedsource.org ] ----ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF : http : //www.shadowserver.org/wiki/pmwiki.php ? n = Calendar.20090219 [ shadowserver.org ] ----AJAX Poses Security , Performance Risks : http : //www.eweek.com/article2/0,1895,1916673,00.asp [ eweek.com ] ----Web 2.0 Threats and Risks for Financial Services : http : //www.net-security.org/article.php ? id = 1004&amp;p = 1 [ net-security.org ] http : //www.cbronline.com/news/web \ _20 \ _is \ _vulnerable \ _to \ _attack [ cbronline.com ] ----Cross Site Scripting ( GOOGLE ) and WHY TO TURN OFF JAVASCRIPT : http : //www.cgisecurity.com/xss-faq.html [ cgisecurity.com ] ----Why the FBI Director Does n't Bank Onlinehttp : //it.slashdot.org/article.pl ? sid = 09/10/08/0327240 [ slashdot.org ] = = = = MAJOR ATTACKS ( only a small sample ) of WHY LAYERED SECURITY IS NEEDEDIs the Botnet Battle Already Lost ? http : //www.eweek.com/article2/0,1895,2029720,00.asp [ eweek.com ] ----IT Pros Say They Ca n't Stop Data Breaches : http : //www.eweek.com/article2/0,1895,2010325,00.asp ? kc = EWNAVEMNL083106EOAD [ eweek.com ] ----Cyber Attacks On US Military Jump Sharply In 2009http : //tech.slashdot.org/comments.pl ? sid = 1452358&amp;threshold = -1&amp;commentsort = 0&amp;mode = thread&amp;cid = 30185742 [ slashdot.org ] ----Bots Found Inside Many Big Companies : http : //blogs.baselinemag.com/security/content001/cybercrime/bots \ _found \ _inside \ _many \ _big \ _companies.html [ baselinemag.com ] ----Bot master owns up to 250,000 zombie PCs : http : //www.securityfocus.com/news/11495 [ securityfocus.com ] ----Bots surge ahead ( 2007 ) : http : //www.securityfocus.com/brief/466 [ securityfocus.com ] ----Chinese Hackers Hit Commerce Department : http : //www.informationweek.com/news/security/government/showArticle.jhtml ? articleID = 193105227 [ informationweek.com ] ----CIA Admits Cyberattacks Blacked Out Cities : http : //www.informationweek.com/news/internet/showArticle.jhtml ? articleID = 205901631 [ informationweek.com ] ----Compromised Banks and Investment sites list 2006 : http : //it.slashdot.org/comments.pl ? sid = 233921&amp;cid = 19035679 [ slashdot.org ] ----Dancho Danchev 's Blog - Mind Streams of Information Security Knowledge : Massive IFRAME SEO Poisoning Attack Continuing : http : //ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html [ blogspot.com ] ----Data at Bank of America , Wachovia , others compromised - May .
23 , 2005 : http : //money.cnn.com/2005/05/23/news/fortune500/bank \ _info/index.htm [ cnn.com ] ----Fresh Security Breaches at Los Alamos : http : //www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/ [ msn.com ] ----Infected job search sites lead to info theft for 46,000 : http : //www.computerworld.com/s/article/9031139/Infected \ _job \ _search \ _sites \ _lead \ _to \ _info \ _theft \ _for \ _46 \ _000 [ computerworld.com ] ----New Mega-Botnet Discovered : http : //it.slashdot.org/article.pl ? sid = 09/04/22/2223214 [ slashdot.org ] ----I think THAT list ought to " enlighten " ANYONE , as to why " layered security " is &amp; has been considered largely to be " THE WAY TO GO " , vs. that list above ( which is only a SMALL \ % -age of what I can come up with in regards to threats online + their causes ) ... HOSTS files help protect vs. those , on several levels - DO consider their usage ! I 'd like to also end this , on a little quote from a fav .
film of mine : " My name is Dr. Robert Neville .
I am a survivor living in New York City .
I am broadcasting on all a.m. frequencies. I will be in the south street seaport everyday at midday when the sun is highest in the sky .
If you are out there , if anyone is out there , I can provide food ; I can provide shelter ; I can provide security - &gt; http : //www.tcmagazine.com/forums/index.php ? s = 44b7ce1c3ee460d32e68cb97f2597368&amp;showtopic = 2662 [ tcmagazine.com ] .
If there 's anybody out there , anybody , please... you are not alone .
" - Dr. Robert Neville , I AM LEGEND&amp; that film inspired me to write that guide for securing Windows NT-based OS variants , @ the end of 2007 , + for my " New Year 's Resolution " for 2008 , of " Do the right thing &amp; 'pay it forward ' " ... &amp; , it works.Here though ? Well , I only suggested a SMALL part of that guide here , but a crucial &amp; EFFECTIVE ONE , &amp; mainly because it fits the bill here QUITE specifically &amp; functions globally , instead of just being good for 1 set of apps only ( like FF addons are only , unfortunately ) , &amp; it does n't eat CPU like those do either OR slow you down ( if anything ?
They speed you up HUGELY , in addition to securing you too as a bonus ) ...apk</tokentext>
<sentencetext>"no-script for the win, yet again.
" - by rgviza (1303161) on Monday November 30, @12:36PM (#30271676)Per my subject line above?
How about a GLOBAL solution, instead, &amp; one that extends to ALL of your "webbound apps", instead, &amp; NOT just to Mozilla softwares which is all your solution works for... (think IE, Outlook &amp; other email programs even, + more), AND, the solution I propose also acts as "layered security" in combination with the FF/Mozilla only methods you use  (which sadly, your methods are KNOWN to slow your browser down, use CPU cycles &amp; more (like having bugs &amp; security flaws in themselves too)... where this solution does not &amp; covers ALL webbound apps, globally)?
?Here is a GOOD SOLID WORK-AROUND, CALLED A HOSTS FILE!
(It works for more speed online, AND SECURITY ESPECIALLY... Also, it works for your money, because you pay for your linetime out of pocket most likely as I do, you can get back your speed, AND, gain security easily, &amp; from a single easily edited file &amp; a file eats no CPU cycles like a local DNS server can (&amp; are not as security vulnerable either if you protect write access to a HOSTS file also)... Anyhow/anyways - Here goes:SO - "that all said &amp; aside"?
Well, per your reply??
You're solutions cost CPU cycles &amp; are KNOWN to slow down FF/Mozilla variants (as browser addons do), but... Hey - NO PROBLEM, because HOSTS files work alongside those addons too, &amp; offer you more speed online AND more security, via a SINGLE EASILY EDITED + POPULATED FILE (called a HOSTS file):I use a custom HOSTS file, in addition to the tools others here in this thread have noted (which MANY like FF addons only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, &amp; that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", &amp; of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&amp;C servers" too!You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!
(More on that later &amp; WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -&gt; http://en.wikipedia.org/wiki/Hosts\_file [wikipedia.org] or those from mvps.org (a good one this one))I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats, via:----A.
) Spybot "Search &amp; Destroy" updates (populates HOSTS and browser block lists)B.
) Sites like ZDNet's Mr. Dancho Danchev's blog -&gt; http://ddanchev.blogspot.com/ [blogspot.com]C.) Sites like FireEye -&gt; http://blog.fireeye.com/ [fireeye.com]D.) SRI -&gt; http://mtc.sri.com/ [sri.com]----My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).
(I combined ALL reputable HOSTS files with one of my own (30,000 entries), &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++".
That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller &amp; thus faster than 127.0.0.1 default) or the smallest &amp; fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (&amp; it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (&amp; now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -&gt; http://www.rootkit.com/newsread.php?newsid=952 [rootkit.com] [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))Another EXCELLENT benefit of HOSTS file usage?
More speed online, &amp; also more security + reliability (especially in the case of DNS servers today, per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...AND, YOU CAN GET EVEN MORE SPEED, and RELIABILITY (vs. downed or "DNS poisoned/misdirected" dns servers too) via yet another "hidden bonus for speed" in HOSTS files:HOW SO?
WELL - I use another "technique" called "hardcoding" an IP address to domainname/hostname in my HOSTS files, for my FAVORITE websites:This allows me to FIRST bypass any remote/external DNS lookups, which also would in theory @ least, make me "proofed" vs. DNS request logs by my ISP/BSP also.
(Especially since I use external DNS servers too, OpenDNS ones to be specific, that go beyond my hardcoded favs in my HOSTS file because I can't ping &amp; resolve the ENTIRE internet after all)This also makes it harder for others to track me...(Sure, they could do a "reverse DNS lookup" via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest, but that is harder to do, than looking up my URL requests via a log on a DNS server))ALSO, AS ANOTHER "BONUS" in HOSTS FILES (can't stress it enough, &amp; especially above + beyond adbanner blocking):  It speeds you up, or can!E.G.-&gt; A buddy of mine named Jack says it has (verbatim quote) "DOUBLED MY SPEED ONLINE, BUT I VALUE THE SECURITY PART MORE", because he used to get over 200++ viruses a week, now?
Only maybe 2 a year IF THAT lately, &amp; he is convinced it is largely due to the HOSTS file I send him weekly (he is my "lab rat #1" due to his previous infestation rate), &amp; if that "anecdotal evidence" is not enough?
See this then, from a published security guru on a respected site for it:====RESURRECTING THE KILLFILE:(by Mr. Oliver Day)http://www.securityfocus.com/columnists/491 [securityfocus.com]PERTINENT EXCERPTS/QUOTES:"The host file on my day-to-day laptop is now over 16,000 lines long.
Accessing the Internet particularly browsing the Web is actually faster now.
""From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade.
The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties.
More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware.
"====(A nice bonus beyond blocking adbanners via HOSTS too, because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below, several examples thereof no less), because you don't waste between 30-N ms calling out to an external DNS!
(Again, and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it)Thus, SO, even IF your DNS servers go down, or are "dns poisoned" (or fall to yet another security flaw, many are in my "p.s.
" below no less, as documented evidences thereof to my statements here no less)?Well, by using a custom HOSTS file setup, you can STILL GET TO YOUR FAV.
SITES IF HARDCODED in your HOSTS FILE &amp; @ higher speeds than DNS server calls, 30-N times faster in fact (a good thing, but one you may have to periodically alter, easily, via notepad.exe edits of your HOSTS file &amp; a ping to update their new address (sites change hosting providers due to better services or prices, rare, but they do &amp; MOST let you know they are about to do so anyhow, so you can amend a HOSTS file)).NICEST PART IS, THOUGH, PER YOUR STATEMENT (in addition to the benefits of HOSTS file I note above, alongside others like Mr. Oliver Day of SECURITYFOCUS.COM)?I will STILL get to where it is that I WANT TO GO, not the router's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least, because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL, not via my routers' onboard DNS server...APKP.S.=&gt; Evidences as to WHY you'd want to add on the "extra layered security protection" of a HOSTS file, which extends global security coverage to your webbound apps, AND, allows for a great deal of added extra speed as well?
Ok, here are some documented reasons why like:a.
) DNS servers vulnerable, under attack, failing or being "DNS poisoned" misdirected &amp; moreb.
) Security suites failing vs. modern "blended threats" onlinec.
) javascript being used to do most of this via apps)d.) adbanners being maliciously coded also...(Here we go with documented proofs/examples:)====POISONED MALSCRIPTED ADBANNERSThe Next Ad You Click May Be a Virus:http://it.slashdot.org/article.pl?sid=09/06/15/2056219 [slashdot.org]----Attackers Infect Ads With Old Adobe Vulnerability:http://it.slashdot.org/article.pl?sid=09/02/25/024211 [slashdot.org]----Hackers Use Banner Ads on Major Sites to Hijack Your PC:http://www.wired.com/techbiz/media/news/2007/11/doubleclick [wired.com]----Adobe Flash Ads Launching Clipboard Hijack Attacks:http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss [slashdot.org]----Slashdot | Americans Don't Want Targeted Ads:http://yro.slashdot.org/article.pl?sid=09/10/01/1854214 [slashdot.org]====DNS PROBLEMS:Number of Rogue DNS Servers on the Rise:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212 [slashdot.org]----Security Researcher Kaminsky Pushes DNS Patching:http://it.slashdot.org/article.pl?sid=09/02/19/2322231 [slashdot.org]----Ten Percent of DNS Servers Still Vulnerable:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235 [slashdot.org]----TimeWarner DNS Hijacking:http://tech.slashdot.org/article.pl?sid=07/07/23/2140208 [slashdot.org]----Another DNS Flaw Found:http://tech.slashdot.org/article.pl?sid=09/01/09/2348240 [slashdot.org]----Attack Code Published For DNS Vulnerability:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254 [slashdot.org]----BIND Still Susceptible To DNS Cache Poisoning:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222 [slashdot.org]----DDoS Attacks Via DNS Recursion:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209 [slashdot.org]----DNS Poisoning Hits One of China's Biggest ISPs:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250 [slashdot.org]----DNS Root Servers Attacked:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225 [slashdot.org]----DNS Problem Linked To DDoS Attacks Gets Worse:http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858 [slashdot.org]----Are your servers vulnerable to DNS attacks?http://www.networkworld.com/news/2007/111907-dns-attacks.html [networkworld.com]----Kaminsky On DNS Bugs a Year Later and DNSSEC:http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC [slashdot.org]----DNS users put higher premium on security:http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/ [techworld.com]----BIND, the Buggy Internet Name Daemon:http://cr.yp.to/djbdns/blurb/unbind.html [cr.yp.to](Where djbdns was found to have flaw, though it was alleged invulnerable, they paid out $10,000 reward)----DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE:http://blogs.zdnet.com/security/?p=1520 [zdnet.com]----DNS REBINDING ATTACKS: MultiPinning Browser JavaScript Vulnerability (how to protect yourself):http://crypto.stanford.edu/dns/ [stanford.edu]----Hackers hijack DNS records of high profile New Zealand sites:http://blogs.zdnet.com/security/?p=3185 [zdnet.com]====SECURITY SUITE PROGRAMS FAILING:AntiVirus Products Fail to Find Simple IE Malware:http://tech.slashdot.org/article.pl?sid=07/10/29/1747237 [slashdot.org]----Most Security Products Fail To Perform:http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652 [slashdot.org]----TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM:http://secunia.com/blog/29/ [secunia.com]----Top security suites fail exploit tests:http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head [computerworld.com]----Antivirus is 'completely wasted money': Cisco CSO: News - Security - ZDNet Australia:http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert [zdnet.com.au]----Are Routers the Next Big Target for Hackers?http://blogs.zdnet.com/security/?p=919 [zdnet.com]----Software Firewalls: Made of Straw?
Part 1 of 2:http://www.securityfocus.com/infocus/1839 [securityfocus.com]Software Firewalls: Made of Straw?
Part 2 of 2:http://www.securityfocus.com/infocus/1840/2 [securityfocus.com]----Brief study shows difficulty in detecting malware (2008):http://www.securityfocus.com/brief/858 [securityfocus.com]----2007 - Browser vulnerabilities and attacks will continue to mount:http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679 [infoworld.com]----Bug exposes Cisco switches to attacks:http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news [cnet.com]&amp;CISCO "COMES CLEAN" ON EXTENT OF IOS FLAW:http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/ [eweek.com]&amp;Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability:http://secunia.com/advisories/28625/ [secunia.com]+Computer routers face hijack risk - study:http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss [www.cbc.ca]Slashdot Technology Story | Will Mainstream Media Embrace Adblockers?http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers [slashdot.org]----Congress May Require ISPs To Block Certain Fraud Sites:http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078 [slashdot.org]====JAVASCRIPT PROBLEMS:Slashdot | Adobe Confirms PDF Zero-Day, Says Kill JavaScript:http://it.slashdot.org/article.pl?sid=09/04/29/1823234 [slashdot.org]----Adobe Flash Zero-Day Attack Underway:http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss [slashdot.org]----JavaScript flaw reported in Adobe Reader (4th or 5th time already, if not more):http://www.securityfocus.com/brief/953 [securityfocus.com]----Another malware pulls an Italian job via JAVASCRIPT:http://blog.trendmicro.com/another-malware-pulls-an-italian-job/ [trendmicro.com]----JavaScript opens doors to browser-based attacks | CNET News.com:http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news [com.com]----Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secuniahttp://secunia.com/advisories/29787/ [secunia.com]----New script outstrips all other drive-by download risks:http://www.theregister.co.uk/2009/05/15/script\_menace/ [theregister.co.uk]----Researcher to demonstrate attack code for Intel chips via Javascript:http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036 [infoworld.com]----Researcher: JavaScript Attacks Get Slicker:http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/ [eweek.com]----Rise Of The PDF Exploits:http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits [trustedsource.org]----ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF:http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219 [shadowserver.org]----AJAX Poses Security, Performance Risks:http://www.eweek.com/article2/0,1895,1916673,00.asp [eweek.com]----Web 2.0 Threats and Risks for Financial Services:http://www.net-security.org/article.php?id=1004&amp;p=1 [net-security.org]http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack [cbronline.com]----Cross Site Scripting (GOOGLE) and WHY TO TURN OFF JAVASCRIPT:http://www.cgisecurity.com/xss-faq.html [cgisecurity.com]----Why the FBI Director Doesn't Bank Onlinehttp://it.slashdot.org/article.pl?sid=09/10/08/0327240 [slashdot.org]====MAJOR ATTACKS (only a small sample) of WHY LAYERED SECURITY IS NEEDEDIs the Botnet Battle Already Lost?http://www.eweek.com/article2/0,1895,2029720,00.asp [eweek.com]----IT Pros Say They Can't Stop Data Breaches:http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD [eweek.com]----Cyber Attacks On US Military Jump Sharply In 2009http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742 [slashdot.org]----Bots Found Inside Many Big Companies:http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html [baselinemag.com]----Bot master owns up to 250,000 zombie PCs:http://www.securityfocus.com/news/11495 [securityfocus.com]----Bots surge ahead (2007):http://www.securityfocus.com/brief/466 [securityfocus.com]----Chinese Hackers Hit Commerce Department:http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227 [informationweek.com]----CIA Admits Cyberattacks Blacked Out Cities:http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631 [informationweek.com]----Compromised Banks and Investment sites list 2006:http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679 [slashdot.org]----Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Massive IFRAME SEO Poisoning Attack Continuing:http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html [blogspot.com]----Data at Bank of America, Wachovia, others compromised - May.
23, 2005:http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm [cnn.com]----Fresh Security Breaches at Los Alamos:http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/ [msn.com]----Infected job search sites lead to info theft for 46,000:http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000 [computerworld.com]----New Mega-Botnet Discovered:http://it.slashdot.org/article.pl?sid=09/04/22/2223214 [slashdot.org]----I think THAT list ought to "enlighten" ANYONE, as to why "layered security" is &amp; has been considered largely to be "THE WAY TO GO", vs. that list above (which is only a SMALL \%-age of what I can come up with in regards to threats online + their causes)... HOSTS files help protect vs. those, on several levels - DO consider their usage!I'd like to also end this, on a little quote from a fav.
film of mine:"My name is Dr. Robert Neville.
I am a survivor living in New York City.
I am broadcasting on all a.m. frequencies. I will be in the south street seaport everyday at midday when the sun is highest in the sky.
If you are out there, if anyone is out there, I can provide food; I can provide shelter; I can provide security -&gt; http://www.tcmagazine.com/forums/index.php?s=44b7ce1c3ee460d32e68cb97f2597368&amp;showtopic=2662 [tcmagazine.com] .
If there's anybody out there, anybody, please... you are not alone.
" - Dr. Robert Neville, I AM LEGEND&amp; that film inspired me to write that guide for securing Windows NT-based OS variants, @ the end of 2007, + for my "New Year's Resolution" for 2008, of "Do the right thing &amp; 'pay it forward'"... &amp;, it works.Here though?Well, I only suggested a SMALL part of that guide here, but a crucial &amp; EFFECTIVE ONE, &amp; mainly because it fits the bill here QUITE specifically &amp; functions globally, instead of just being good for 1 set of apps only (like FF addons are only, unfortunately), &amp; it doesn't eat CPU like those do either OR slow you down (if anything?
They speed you up HUGELY, in addition to securing you too as a bonus)...apk
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271676</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272640</id>
	<title>Notify content-site owners</title>
	<author>davidwr</author>
	<datestamp>1259610600000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>When you hit a web site that loads slow because an ad-server or its DNS is slow to respond, report it to the content-owner web site.</p><p>They will be annoyed on multiple counts:<br>*Their advertisers aren't getting eyeballs they want<br>*Their own content is being devalued due to their site appearing "sluggish"<br>*They are getting complaints</p><p>By the way, a well-run ad network can give better performance than a poorly-run in-house network.</p></htmltext>
<tokenext>When you hit a web site that loads slow because an ad-server or its DNS is slow to respond , report it to the content-owner web site.They will be annoyed on multiple counts : * Their advertisers are n't getting eyeballs they want * Their own content is being devalued due to their site appearing " sluggish " * They are getting complaintsBy the way , a well-run ad network can give better performance than a poorly-run in-house network .</tokentext>
<sentencetext>When you hit a web site that loads slow because an ad-server or its DNS is slow to respond, report it to the content-owner web site.They will be annoyed on multiple counts:*Their advertisers aren't getting eyeballs they want*Their own content is being devalued due to their site appearing "sluggish"*They are getting complaintsBy the way, a well-run ad network can give better performance than a poorly-run in-house network.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273458</id>
	<title>Re:Security?</title>
	<author>Fwonkas</author>
	<datestamp>1259614380000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>That's just not realistic.  In addition to the reasons given in the other replies, there is a long-standing Firefox bug which swaps the contents of iframes under some circumstances.  It happens with iframed ads frequently.</htmltext>
<tokenext>That 's just not realistic .
In addition to the reasons given in the other replies , there is a long-standing Firefox bug which swaps the contents of iframes under some circumstances .
It happens with iframed ads frequently .</tokentext>
<sentencetext>That's just not realistic.
In addition to the reasons given in the other replies, there is a long-standing Firefox bug which swaps the contents of iframes under some circumstances.
It happens with iframed ads frequently.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271684</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271862</id>
	<title>Re:I don't even need to read the summary.</title>
	<author>Anonymous</author>
	<datestamp>1259606940000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>insightful?!</htmltext>
<tokenext>insightful ?
!</tokentext>
<sentencetext>insightful?
!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271618</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272510</id>
	<title>Re:Kind of Fitting</title>
	<author>dintlu</author>
	<datestamp>1259609760000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext><p>Flash objects store cookies in a location that is not covered by browser privacy controls.</p><p>These cookies stick with you even after you uninstall/reinstall the plugin, and can only be managed through a web interface on the flash website.  So you're correct  - flash bypasses traditional browser controls and provides advertisers a more persistent method of following a user across multiple domains.</p></htmltext>
<tokenext>Flash objects store cookies in a location that is not covered by browser privacy controls.These cookies stick with you even after you uninstall/reinstall the plugin , and can only be managed through a web interface on the flash website .
So you 're correct - flash bypasses traditional browser controls and provides advertisers a more persistent method of following a user across multiple domains .</tokentext>
<sentencetext>Flash objects store cookies in a location that is not covered by browser privacy controls.These cookies stick with you even after you uninstall/reinstall the plugin, and can only be managed through a web interface on the flash website.
So you're correct  - flash bypasses traditional browser controls and provides advertisers a more persistent method of following a user across multiple domains.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272218</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276886</id>
	<title>For what its worth</title>
	<author>nurb432</author>
	<datestamp>1259583840000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>When i get attacked like that from an ad, i do my best to never do business with that company again.</p><p>Sure, my dime wont bankrupt them, but it makes me feel better, and I'm sure I'm not alone.</p></htmltext>
<tokenext>When i get attacked like that from an ad , i do my best to never do business with that company again.Sure , my dime wont bankrupt them , but it makes me feel better , and I 'm sure I 'm not alone .</tokentext>
<sentencetext>When i get attacked like that from an ad, i do my best to never do business with that company again.Sure, my dime wont bankrupt them, but it makes me feel better, and I'm sure I'm not alone.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271612</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272218</id>
	<title>Re:Kind of Fitting</title>
	<author>Anonymous</author>
	<datestamp>1259608500000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext><p>Advertisers using flash because it's not as easily blockable, I would imagine flash also allows advertisers to track users in more sophisticated ways.</p></htmltext>
<tokenext>Advertisers using flash because it 's not as easily blockable , I would imagine flash also allows advertisers to track users in more sophisticated ways .</tokentext>
<sentencetext>Advertisers using flash because it's not as easily blockable, I would imagine flash also allows advertisers to track users in more sophisticated ways.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271624</id>
	<title>Re:Kind of Fitting</title>
	<author>sopssa</author>
	<datestamp>1259605920000</datestamp>
	<modclass>Redundant</modclass>
	<modscore>0</modscore>
	<htmltext><p>swf isn't exactly heavy, and can provide results that are not suited for HTML+CSS+Javascript. And I rather <i>not</i> have ads controlling Javascript, that would be even more annoying. Now you can at least block the<nobr> <wbr></nobr>.swf file/url pattern if you want to.</p><p>And no, ads aren't going away, websites need income to operate. AdSense like text ads are ok, but they aren't suitable everywhere.</p></htmltext>
<tokenext>swf is n't exactly heavy , and can provide results that are not suited for HTML + CSS + Javascript .
And I rather not have ads controlling Javascript , that would be even more annoying .
Now you can at least block the .swf file/url pattern if you want to.And no , ads are n't going away , websites need income to operate .
AdSense like text ads are ok , but they are n't suitable everywhere .</tokentext>
<sentencetext>swf isn't exactly heavy, and can provide results that are not suited for HTML+CSS+Javascript.
And I rather not have ads controlling Javascript, that would be even more annoying.
Now you can at least block the .swf file/url pattern if you want to.And no, ads aren't going away, websites need income to operate.
AdSense like text ads are ok, but they aren't suitable everywhere.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274270</id>
	<title>Yes</title>
	<author>countertrolling</author>
	<datestamp>1259573880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>That's why I'm blocking ads right here on Slashdot, amongst many other places. If they ever fix it, I'll be more than happy to let them through.</p></htmltext>
<tokenext>That 's why I 'm blocking ads right here on Slashdot , amongst many other places .
If they ever fix it , I 'll be more than happy to let them through .</tokentext>
<sentencetext>That's why I'm blocking ads right here on Slashdot, amongst many other places.
If they ever fix it, I'll be more than happy to let them through.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274092</id>
	<title>Gary GNU</title>
	<author>HomelessInLaJolla</author>
	<datestamp>1259573220000</datestamp>
	<modclass>None</modclass>
	<modscore>-1</modscore>
	<htmltext><p>No news here.</p><p>We've been doing this in rpg and frp video games for years.  Create new characters, add them to the party, pool the money, remove the used up shells, delete them.  Create new characters.</p><p>As soon as the concept of being paid to surf the web, paid to follow links, paid to click on ads arrived there were a thousand gamers who knew exactly what to do.</p><p>Are ad servers bogging down the web?  Who in their right mind would pass up a chance for free cash?</p><p>Ad servers are the most profitable thing short of using a sector editor to create supercharacters.</p></htmltext>
<tokenext>No news here.We 've been doing this in rpg and frp video games for years .
Create new characters , add them to the party , pool the money , remove the used up shells , delete them .
Create new characters.As soon as the concept of being paid to surf the web , paid to follow links , paid to click on ads arrived there were a thousand gamers who knew exactly what to do.Are ad servers bogging down the web ?
Who in their right mind would pass up a chance for free cash ? Ad servers are the most profitable thing short of using a sector editor to create supercharacters .</tokentext>
<sentencetext>No news here.We've been doing this in rpg and frp video games for years.
Create new characters, add them to the party, pool the money, remove the used up shells, delete them.
Create new characters.As soon as the concept of being paid to surf the web, paid to follow links, paid to click on ads arrived there were a thousand gamers who knew exactly what to do.Are ad servers bogging down the web?
Who in their right mind would pass up a chance for free cash?Ad servers are the most profitable thing short of using a sector editor to create supercharacters.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272318</id>
	<title>External crap</title>
	<author>Anonymous</author>
	<datestamp>1259608800000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Ads are part of the problem, but a more general description of the issue is that, for various reasons (most of them contrary to users' interests), web sites often embed crap from other websites.  Sometimes they're ads, sometimes they're "follow us on facebook/twitter" widgets, etc (the thinking is that once someone follows you on twitter, and if they ever stop visiting your site, then maybe some day they'll see your spew on twitter and then come back to you).  And then there's even the fairly benevolent stuff, like Google Maps.</p><p>Once you start doing this, page load times start to leave your control.  And you'll start to have weird problems that don't come up in your test environment, like maybe you're embedding something that a lot of WebSense users can't load, but it doesn't degrade gracefully.</p><p>Two good approaches seem to be: 1) load it after the page, using javascript 2) load it in an iframe. Actually, I'm starting to really like the idea of using iframes, since I sometimes have ads that do horrible things (sometimes modifying the DOM outside of their container), and iframes tend to more compartmentalize misbehavior.</p></htmltext>
<tokenext>Ads are part of the problem , but a more general description of the issue is that , for various reasons ( most of them contrary to users ' interests ) , web sites often embed crap from other websites .
Sometimes they 're ads , sometimes they 're " follow us on facebook/twitter " widgets , etc ( the thinking is that once someone follows you on twitter , and if they ever stop visiting your site , then maybe some day they 'll see your spew on twitter and then come back to you ) .
And then there 's even the fairly benevolent stuff , like Google Maps.Once you start doing this , page load times start to leave your control .
And you 'll start to have weird problems that do n't come up in your test environment , like maybe you 're embedding something that a lot of WebSense users ca n't load , but it does n't degrade gracefully.Two good approaches seem to be : 1 ) load it after the page , using javascript 2 ) load it in an iframe .
Actually , I 'm starting to really like the idea of using iframes , since I sometimes have ads that do horrible things ( sometimes modifying the DOM outside of their container ) , and iframes tend to more compartmentalize misbehavior .</tokentext>
<sentencetext>Ads are part of the problem, but a more general description of the issue is that, for various reasons (most of them contrary to users' interests), web sites often embed crap from other websites.
Sometimes they're ads, sometimes they're "follow us on facebook/twitter" widgets, etc (the thinking is that once someone follows you on twitter, and if they ever stop visiting your site, then maybe some day they'll see your spew on twitter and then come back to you).
And then there's even the fairly benevolent stuff, like Google Maps.Once you start doing this, page load times start to leave your control.
And you'll start to have weird problems that don't come up in your test environment, like maybe you're embedding something that a lot of WebSense users can't load, but it doesn't degrade gracefully.Two good approaches seem to be: 1) load it after the page, using javascript 2) load it in an iframe.
Actually, I'm starting to really like the idea of using iframes, since I sometimes have ads that do horrible things (sometimes modifying the DOM outside of their container), and iframes tend to more compartmentalize misbehavior.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272304</id>
	<title>Re:Slow ads...</title>
	<author>rysiek</author>
	<datestamp>1259608740000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Maybe the ads should be loaded by JavaScript, AFTER the site's content is loaded? This way it starts to be the ad vendor's problem to get the ads there fast, *before* user clicks on something else.

For those users that do not use JS, the ads might be in iframes, so that they still load after the website's content, and asynchronously (as somebody already pointed out).</htmltext>
<tokenext>Maybe the ads should be loaded by JavaScript , AFTER the site 's content is loaded ?
This way it starts to be the ad vendor 's problem to get the ads there fast , * before * user clicks on something else .
For those users that do not use JS , the ads might be in iframes , so that they still load after the website 's content , and asynchronously ( as somebody already pointed out ) .</tokentext>
<sentencetext>Maybe the ads should be loaded by JavaScript, AFTER the site's content is loaded?
This way it starts to be the ad vendor's problem to get the ads there fast, *before* user clicks on something else.
For those users that do not use JS, the ads might be in iframes, so that they still load after the website's content, and asynchronously (as somebody already pointed out).</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271612</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271668</id>
	<title>"outside the control"?</title>
	<author>Anonymous</author>
	<datestamp>1259606100000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><blockquote><div><p>one of the biggest problems lies outside the control of web site administrators</p></div></blockquote><p>So, who's choosing to put these slow third-party ads on their websites again?</p></div>
	</htmltext>
<tokenext>one of the biggest problems lies outside the control of web site administratorsSo , who 's choosing to put these slow third-party ads on their websites again ?</tokentext>
<sentencetext>one of the biggest problems lies outside the control of web site administratorsSo, who's choosing to put these slow third-party ads on their websites again?
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30284108</id>
	<title>Simple, Simon</title>
	<author>Anonymous</author>
	<datestamp>1259686920000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The fix is SIMPLE! Stop using javascript, ad servers, flash video and tons of graphics! DUH!!!!</p></htmltext>
<tokenext>The fix is SIMPLE !
Stop using javascript , ad servers , flash video and tons of graphics !
DUH ! ! ! !</tokentext>
<sentencetext>The fix is SIMPLE!
Stop using javascript, ad servers, flash video and tons of graphics!
DUH!!!!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275500</id>
	<title>Re:Kind of Fitting</title>
	<author>StuartHankins</author>
	<datestamp>1259578800000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext>AdBlock + NoScript. You won't be inconvenienced that way again. And after the first few weeks of approving / adding sites to your blocklist you'll speed right through your web time.</htmltext>
<tokenext>AdBlock + NoScript .
You wo n't be inconvenienced that way again .
And after the first few weeks of approving / adding sites to your blocklist you 'll speed right through your web time .</tokentext>
<sentencetext>AdBlock + NoScript.
You won't be inconvenienced that way again.
And after the first few weeks of approving / adding sites to your blocklist you'll speed right through your web time.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276176</id>
	<title>AdBlock/NoScript=FF only: HOSTS cover all</title>
	<author>Anonymous</author>
	<datestamp>1259581080000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><div class="quote"><p><b>"In this regard, AdBlock makes a significant difference if you tell it to not download ads at all, but I am not comfortable with denying revenue streams to the websites I visit, after all, they are providing me with a service I enjoy, for free."</b> - by mr\_da3m0n (887821) on Monday November 30, @12:41PM (#30271744) Homepage</p></div><p>Banner Ads slow you down massively, &amp;, adbanners have been shown as infection by malware vectors too many times over the past few years now (see my p.s. below for evidence of that), &amp;, they also cut into my linespeed I PAY FOR... that is a "no no", sorry webmaster, just a fact, that.</p><p>SO - Per my subject line above?</p><p><b>How about a GLOBAL solution, instead, &amp; one that extends to ALL of your "webbound apps", instead, &amp; NOT just to Mozilla softwares which is all your solution works for...</b> (think IE, Outlook &amp; other email programs even, + more), AND, the solution I propose also acts as "layered security" in combination with the FF/Mozilla only methods you use  (which sadly, your methods are KNOWN to slow your browser down, use CPU cycles &amp; more (like having bugs &amp; security flaws in themselves too)... where this solution does not &amp; covers ALL webbound apps, globally)??</p><p>Here is <b>a GOOD SOLID WORK-AROUND, CALLED A HOSTS FILE!</b></p><p>(It works for more speed online, AND SECURITY ESPECIALLY... Also, it works for your money, because you pay for your linetime out of pocket most likely as I do, you can get back your speed, AND, gain security easily, &amp; from a single easily edited file &amp; a file eats no CPU cycles like a local DNS server can (&amp; are not as security vulnerable either if you protect write access to a HOSTS file also)... Anyhow/anyways - Here goes:</p><p>SO - "that all said &amp; aside"? Well, per your reply?? You're solutions cost CPU cycles &amp; are KNOWN to slow down FF/Mozilla variants (as browser addons do), but... Hey - NO PROBLEM, because HOSTS files work alongside those addons too, &amp; offer you more speed online AND more security, via a SINGLE EASILY EDITED + POPULATED FILE (called a HOSTS file):</p><p>I use <b>a custom HOSTS file</b>, in addition to the tools others here in this thread have noted (which MANY like FF addons only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, &amp; that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", &amp; of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).</p><p><b>HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&amp;C servers" too!</b></p><p><b>You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!</b></p><p>(More on that later &amp; WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -&gt; <a href="http://en.wikipedia.org/wiki/Hosts\_file" title="wikipedia.org" rel="nofollow">http://en.wikipedia.org/wiki/Hosts\_file</a> [wikipedia.org] or those from mvps.org (a good one this one))</p><p><b>I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats, via:</b></p><p>----</p><p>A.) Spybot "Search &amp; Destroy" updates (populates HOSTS and browser block lists)</p><p>B.) Sites like ZDNet's Mr. Dancho Danchev's blog -&gt; <a href="http://ddanchev.blogspot.com/" title="blogspot.com" rel="nofollow">http://ddanchev.blogspot.com/</a> [blogspot.com]</p><p>C.) Sites like FireEye -&gt; <a href="http://blog.fireeye.com/" title="fireeye.com" rel="nofollow">http://blog.fireeye.com/</a> [fireeye.com]</p><p>D.) SRI -&gt; <a href="http://mtc.sri.com/" title="sri.com" rel="nofollow">http://mtc.sri.com/</a> [sri.com]</p><p>----</p><p>My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).</p><p>(I combined ALL reputable HOSTS files with one of my own (30,000 entries), &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++". That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller &amp; thus faster than 127.0.0.1 default) or the smallest &amp; fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (&amp; it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (&amp; now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -&gt; <a href="http://www.rootkit.com/newsread.php?newsid=952" title="rootkit.com" rel="nofollow">http://www.rootkit.com/newsread.php?newsid=952</a> [rootkit.com] [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))</p><p><b>Another EXCELLENT benefit of HOSTS file usage? More speed online, &amp; also more security + reliability</b> (especially in the case of DNS servers today, per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...</p><p><b>AND, YOU CAN GET EVEN MORE SPEED, and RELIABILITY</b> (vs. downed or "DNS poisoned/misdirected" dns servers too) <b>via yet another "hidden bonus for speed" in HOSTS files:</b></p><p>HOW SO? WELL - <b>I use another "technique" called "hardcoding" an IP address to domainname/hostname in my HOSTS files, for my FAVORITE websites:</b></p><p><b>This allows me to FIRST bypass any remote/external DNS lookups, which also would in theory @ least, make me "proofed" vs. DNS request logs by my ISP/BSP also.</b></p><p>(Especially since I use external DNS servers too, OpenDNS ones to be specific, that go beyond my hardcoded favs in my HOSTS file because I can't ping &amp; resolve the ENTIRE internet after all)</p><p>This also makes it harder for others to track me...</p><p>(Sure, they could do a "reverse DNS lookup" via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest, but that is harder to do, than looking up my URL requests via a log on a DNS server))</p><p><b>ALSO, AS ANOTHER "BONUS" in HOSTS FILES</b> (can't stress it enough, &amp; especially above + beyond adbanner blocking)<b>:  It speeds you up, or can!</b></p><p>E.G.-&gt; A buddy of mine named Jack says it has (verbatim quote) "DOUBLED MY SPEED ONLINE, BUT I VALUE THE SECURITY PART MORE", because he used to get over 200++ viruses a week, now? Only maybe 2 a year IF THAT lately, &amp; he is convinced it is largely due to the HOSTS file I send him weekly (he is my "lab rat #1" due to his previous infestation rate), &amp; if that "anecdotal evidence" is not enough? See this then, from a published security guru on a respected site for it:</p><p>====</p><p><b>RESURRECTING THE KILLFILE:</b></p><p>(by Mr. Oliver Day)</p><p><a href="http://www.securityfocus.com/columnists/491" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/columnists/491</a> [securityfocus.com]</p><p><b>PERTINENT EXCERPTS/QUOTES:</b></p><p>"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."</p><p>"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."</p><p>====</p><p>(A nice bonus beyond blocking adbanners via HOSTS too, because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below, several examples thereof no less), because you don't waste between 30-N ms calling out to an external DNS!</p><p>(Again, and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it)</p><p>Thus, <b>SO, even IF your DNS servers go down, or are "dns poisoned"</b> (or fall to yet another security flaw, many are in my "p.s." below no less, as documented evidences thereof to my statements here no less)?</p><p>Well, <b>by using a custom HOSTS file setup, you can STILL GET TO YOUR FAV. SITES IF HARDCODED in your HOSTS FILE &amp; @ higher speeds than DNS server calls, 30-N times faster in fact</b> (a good thing, but one you may have to periodically alter, easily, via notepad.exe edits of your HOSTS file &amp; a ping to update their new address (sites change hosting providers due to better services or prices, rare, but they do &amp; MOST let you know they are about to do so anyhow, so you can amend a HOSTS file)).</p><p>NICEST PART IS, THOUGH, PER YOUR STATEMENT (in addition to the benefits of HOSTS file I note above, alongside others like Mr. Oliver Day of SECURITYFOCUS.COM)?</p><p>I will STILL get to where it is that I WANT TO GO, not the router's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least, because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL, not via my routers' onboard DNS server...</p><p>APK</p><p>P.S.=&gt; Evidences as to WHY you'd want to add on the "extra layered security protection" of a HOSTS file, which extends global security coverage to your webbound apps, AND, allows for a great deal of added extra speed as well? Ok, here are some documented reasons why like:</p><p>a.) DNS servers vulnerable, under attack, failing or being "DNS poisoned" misdirected &amp; more</p><p>b.) Security suites failing vs. modern "blended threats" online</p><p>c.) javascript being used to do most of this via apps)</p><p>d.) adbanners being maliciously coded also...</p><p>(Here we go with documented proofs/examples:)</p><p>====</p><p><b>POISONED MALSCRIPTED ADBANNERS</b></p><p><b>The Next Ad You Click May Be a Virus:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/06/15/2056219" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/06/15/2056219</a> [slashdot.org]</p><p>----</p><p><b>Attackers Infect Ads With Old Adobe Vulnerability:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/02/25/024211" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/02/25/024211</a> [slashdot.org]</p><p>----</p><p><b>Hackers Use Banner Ads on Major Sites to Hijack Your PC:</b></p><p><a href="http://www.wired.com/techbiz/media/news/2007/11/doubleclick" title="wired.com" rel="nofollow">http://www.wired.com/techbiz/media/news/2007/11/doubleclick</a> [wired.com]</p><p>----</p><p><b>Adobe Flash Ads Launching Clipboard Hijack Attacks:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss</a> [slashdot.org]</p><p>----</p><p><b>Slashdot | Americans Don't Want Targeted Ads:</b></p><p><a href="http://yro.slashdot.org/article.pl?sid=09/10/01/1854214" title="slashdot.org" rel="nofollow">http://yro.slashdot.org/article.pl?sid=09/10/01/1854214</a> [slashdot.org]</p><p>====</p><p><b>DNS PROBLEMS:</b></p><p><b>Number of Rogue DNS Servers on the Rise:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212</a> [slashdot.org]</p><p>----</p><p><b>Security Researcher Kaminsky Pushes DNS Patching:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/02/19/2322231" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/02/19/2322231</a> [slashdot.org]</p><p>----</p><p><b>Ten Percent of DNS Servers Still Vulnerable:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235</a> [slashdot.org]</p><p>----</p><p><b>TimeWarner DNS Hijacking:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=07/07/23/2140208" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=07/07/23/2140208</a> [slashdot.org]</p><p>----</p><p><b>Another DNS Flaw Found:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=09/01/09/2348240" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=09/01/09/2348240</a> [slashdot.org]</p><p>----</p><p><b>Attack Code Published For DNS Vulnerability:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254</a> [slashdot.org]</p><p>----</p><p><b>BIND Still Susceptible To DNS Cache Poisoning:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222</a> [slashdot.org]</p><p>----</p><p><b>DDoS Attacks Via DNS Recursion:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209</a> [slashdot.org]</p><p>----</p><p><b>DNS Poisoning Hits One of China's Biggest ISPs:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250</a> [slashdot.org]</p><p>----</p><p><b>DNS Root Servers Attacked:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225</a> [slashdot.org]</p><p>----</p><p><b>DNS Problem Linked To DDoS Attacks Gets Worse:</b></p><p><a href="http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858</a> [slashdot.org]</p><p>----</p><p><b>Are your servers vulnerable to DNS attacks?</b></p><p><a href="http://www.networkworld.com/news/2007/111907-dns-attacks.html" title="networkworld.com" rel="nofollow">http://www.networkworld.com/news/2007/111907-dns-attacks.html</a> [networkworld.com]</p><p>----</p><p><b>Kaminsky On DNS Bugs a Year Later and DNSSEC:</b></p><p><a href="http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC" title="slashdot.org" rel="nofollow">http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC</a> [slashdot.org]</p><p>----</p><p><b>DNS users put higher premium on security:</b></p><p><a href="http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/" title="techworld.com" rel="nofollow">http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/</a> [techworld.com]</p><p>----</p><p><b>BIND, the Buggy Internet Name Daemon:</b></p><p><a href="http://cr.yp.to/djbdns/blurb/unbind.html" title="cr.yp.to" rel="nofollow">http://cr.yp.to/djbdns/blurb/unbind.html</a> [cr.yp.to]</p><p>(Where djbdns was found to have flaw, though it was alleged invulnerable, they paid out $10,000 reward)</p><p>----</p><p><b>DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE:</b></p><p><a href="http://blogs.zdnet.com/security/?p=1520" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=1520</a> [zdnet.com]</p><p>----</p><p><b>DNS REBINDING ATTACKS: MultiPinning Browser JavaScript Vulnerability</b> (how to protect yourself):</p><p><a href="http://crypto.stanford.edu/dns/" title="stanford.edu" rel="nofollow">http://crypto.stanford.edu/dns/</a> [stanford.edu]</p><p>----</p><p><b>Hackers hijack DNS records of high profile New Zealand sites:</b></p><p><a href="http://blogs.zdnet.com/security/?p=3185" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=3185</a> [zdnet.com]</p><p>====</p><p><b>SECURITY SUITE PROGRAMS FAILING:</b></p><p><b>AntiVirus Products Fail to Find Simple IE Malware:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=07/10/29/1747237" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=07/10/29/1747237</a> [slashdot.org]</p><p>----</p><p><b>Most Security Products Fail To Perform:</b></p><p><a href="http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652" title="slashdot.org" rel="nofollow">http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652</a> [slashdot.org]</p><p>----</p><p><b>TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM:</b></p><p><a href="http://secunia.com/blog/29/" title="secunia.com" rel="nofollow">http://secunia.com/blog/29/</a> [secunia.com]</p><p>----</p><p><b>Top security suites fail exploit tests:</b></p><p><a href="http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head" title="computerworld.com" rel="nofollow">http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head</a> [computerworld.com]</p><p>----</p><p><b>Antivirus is 'completely wasted money': Cisco CSO: News - Security - ZDNet Australia:</b></p><p><a href="http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert" title="zdnet.com.au" rel="nofollow">http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert</a> [zdnet.com.au]</p><p>----</p><p><b>Are Routers the Next Big Target for Hackers?</b></p><p><a href="http://blogs.zdnet.com/security/?p=919" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=919</a> [zdnet.com]</p><p>----</p><p><b>Software Firewalls: Made of Straw? Part 1 of 2:</b></p><p><a href="http://www.securityfocus.com/infocus/1839" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/infocus/1839</a> [securityfocus.com]</p><p><b>Software Firewalls: Made of Straw? Part 2 of 2:</b></p><p><a href="http://www.securityfocus.com/infocus/1840/2" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/infocus/1840/2</a> [securityfocus.com]</p><p>----</p><p><b>Brief study shows difficulty in detecting malware (2008):</b></p><p><a href="http://www.securityfocus.com/brief/858" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/858</a> [securityfocus.com]</p><p>----</p><p><b>2007 - Browser vulnerabilities and attacks will continue to mount:</b></p><p><a href="http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679" title="infoworld.com" rel="nofollow">http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679</a> [infoworld.com]</p><p>----</p><p><b>Bug exposes Cisco switches to attacks:</b></p><p><a href="http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news" title="cnet.com" rel="nofollow">http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news</a> [cnet.com]</p><p>&amp;</p><p><b>CISCO "COMES CLEAN" ON EXTENT OF IOS FLAW:</b></p><p><a href="http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/" title="eweek.com" rel="nofollow">http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/</a> [eweek.com]</p><p>&amp;</p><p><b>Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability:</b></p><p><a href="http://secunia.com/advisories/28625/" title="secunia.com" rel="nofollow">http://secunia.com/advisories/28625/</a> [secunia.com]</p><p>+</p><p><b>Computer routers face hijack risk - study:</b></p><p><a href="http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss" title="www.cbc.ca" rel="nofollow">http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss</a> [www.cbc.ca]</p><p>Slashdot Technology Story | Will Mainstream Media Embrace Adblockers?</p><p><a href="http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers</a> [slashdot.org]</p><p>----</p><p><b>Congress May Require ISPs To Block Certain Fraud Sites:</b></p><p><a href="http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078" title="slashdot.org" rel="nofollow">http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078</a> [slashdot.org]</p><p>====</p><p><b>JAVASCRIPT PROBLEMS:</b></p><p><b>Slashdot | Adobe Confirms PDF Zero-Day, Says Kill JavaScript:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/04/29/1823234" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/04/29/1823234</a> [slashdot.org]</p><p>----</p><p><b>Adobe Flash Zero-Day Attack Underway:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss</a> [slashdot.org]</p><p>----</p><p><b>JavaScript flaw reported in Adobe Reader</b> (4th or 5th time already, if not more):</p><p><a href="http://www.securityfocus.com/brief/953" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/953</a> [securityfocus.com]</p><p>----</p><p><b>Another malware pulls an Italian job via JAVASCRIPT:</b></p><p><a href="http://blog.trendmicro.com/another-malware-pulls-an-italian-job/" title="trendmicro.com" rel="nofollow">http://blog.trendmicro.com/another-malware-pulls-an-italian-job/</a> [trendmicro.com]</p><p>----</p><p><b>JavaScript opens doors to browser-based attacks | CNET News.com:</b></p><p><a href="http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news" title="com.com" rel="nofollow">http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news</a> [com.com]</p><p>----</p><p><b>Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secunia</b></p><p><a href="http://secunia.com/advisories/29787/" title="secunia.com" rel="nofollow">http://secunia.com/advisories/29787/</a> [secunia.com]</p><p>----</p><p><b>New script outstrips all other drive-by download risks:</b></p><p><a href="http://www.theregister.co.uk/2009/05/15/script\_menace/" title="theregister.co.uk" rel="nofollow">http://www.theregister.co.uk/2009/05/15/script\_menace/</a> [theregister.co.uk]</p><p>----</p><p><b>Researcher to demonstrate attack code for Intel chips via Javascript:</b></p><p><a href="http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036" title="infoworld.com" rel="nofollow">http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036</a> [infoworld.com]</p><p>----</p><p><b>Researcher: JavaScript Attacks Get Slicker:</b></p><p><a href="http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/" title="eweek.com" rel="nofollow">http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/</a> [eweek.com]</p><p>----</p><p><b>Rise Of The PDF Exploits:</b></p><p><a href="http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits" title="trustedsource.org" rel="nofollow">http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits</a> [trustedsource.org]</p><p>----</p><p><b>ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF:</b></p><p><a href="http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219" title="shadowserver.org" rel="nofollow">http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219</a> [shadowserver.org]</p><p>----</p><p><b>AJAX Poses Security, Performance Risks:</b></p><p><a href="http://www.eweek.com/article2/0,1895,1916673,00.asp" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,1916673,00.asp</a> [eweek.com]</p><p>----</p><p><b>Web 2.0 Threats and Risks for Financial Services:</b></p><p><a href="http://www.net-security.org/article.php?id=1004&amp;p=1" title="net-security.org" rel="nofollow">http://www.net-security.org/article.php?id=1004&amp;p=1</a> [net-security.org]</p><p><a href="http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack" title="cbronline.com" rel="nofollow">http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack</a> [cbronline.com]</p><p>----</p><p><b>Cross Site Scripting</b> (GOOGLE) <b>and WHY TO TURN OFF JAVASCRIPT:</b></p><p><a href="http://www.cgisecurity.com/xss-faq.html" title="cgisecurity.com" rel="nofollow">http://www.cgisecurity.com/xss-faq.html</a> [cgisecurity.com]</p><p>----</p><p><b>Why the FBI Director Doesn't Bank Online</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/10/08/0327240" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/10/08/0327240</a> [slashdot.org]</p><p>====</p><p><b>MAJOR ATTACKS (only a small sample) of WHY LAYERED SECURITY IS NEEDED</b></p><p><b>Is the Botnet Battle Already Lost?</b></p><p><a href="http://www.eweek.com/article2/0,1895,2029720,00.asp" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,2029720,00.asp</a> [eweek.com]</p><p>----</p><p><b>IT Pros Say They Can't Stop Data Breaches:</b></p><p><a href="http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD</a> [eweek.com]</p><p>----</p><p><b>Cyber Attacks On US Military Jump Sharply In 2009</b></p><p><a href="http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742</a> [slashdot.org]</p><p>----</p><p><b>Bots Found Inside Many Big Companies:</b></p><p><a href="http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html" title="baselinemag.com" rel="nofollow">http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html</a> [baselinemag.com]</p><p>----</p><p><b>Bot master owns up to 250,000 zombie PCs:</b></p><p><a href="http://www.securityfocus.com/news/11495" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/news/11495</a> [securityfocus.com]</p><p>----</p><p><b>Bots surge ahead (2007):</b></p><p><a href="http://www.securityfocus.com/brief/466" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/466</a> [securityfocus.com]</p><p>----</p><p><b>Chinese Hackers Hit Commerce Department:</b></p><p><a href="http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227" title="informationweek.com" rel="nofollow">http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227</a> [informationweek.com]</p><p>----</p><p><b>CIA Admits Cyberattacks Blacked Out Cities:</b></p><p><a href="http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631" title="informationweek.com" rel="nofollow">http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631</a> [informationweek.com]</p><p>----</p><p><b>Compromised Banks and Investment sites list 2006:</b></p><p><a href="http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679" title="slashdot.org" rel="nofollow">http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679</a> [slashdot.org]</p><p>----</p><p><b>Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Massive IFRAME SEO Poisoning Attack Continuing:</b></p><p><a href="http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html" title="blogspot.com" rel="nofollow">http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html</a> [blogspot.com]</p><p>----</p><p><b>Data at Bank of America, Wachovia, others compromised - May. 23, 2005:</b></p><p><a href="http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm" title="cnn.com" rel="nofollow">http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm</a> [cnn.com]</p><p>----</p><p><b>Fresh Security Breaches at Los Alamos:</b></p><p><a href="http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/" title="msn.com" rel="nofollow">http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/</a> [msn.com]</p><p>----</p><p><b>Infected job search sites lead to info theft for 46,000:</b></p><p><a href="http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000" title="computerworld.com" rel="nofollow">http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000</a> [computerworld.com]</p><p>----</p><p><b>New Mega-Botnet Discovered:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/04/22/2223214" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/04/22/2223214</a> [slashdot.org]</p><p>----</p><p>I think THAT list ought to "enlighten" ANYONE, as to why "layered security" is &amp; has been considered largely to be "THE WAY TO GO", vs. that list above (which is only a SMALL \%-age of what I can come up with in regards to threats online + their causes)... HOSTS files help protect vs. those, on several levels - DO consider their usage!</p><p>I'd like to also end this, on a little quote from a fav. film of mine:</p><p><b>"My name is Dr. Robert Neville. I am a survivor living in New York City. I am broadcasting on all a.m. frequencies. I will be in the south street seaport everyday at midday when the sun is highest in the sky. If you are out there, if anyone is out there, I can provide food; I can provide shelter; I can provide security -&gt; <a href="http://www.tcmagazine.com/forums/index.php?s=44b7ce1c3ee460d32e68cb97f2597368&amp;showtopic=2662" title="tcmagazine.com" rel="nofollow">http://www.tcmagazine.com/forums/index.php?s=44b7ce1c3ee460d32e68cb97f2597368&amp;showtopic=2662</a> [tcmagazine.com] . If there's anybody out there, anybody, please... you are not alone."</b> - Dr. Robert Neville, I AM LEGEND</p><p>&amp; that film inspired me to write that guide for securing Windows NT-based OS variants, @ the end of 2007, + for my "New Year's Resolution" for 2008, of "Do the right thing &amp; 'pay it forward'"... &amp;, it works.</p><p>Here though?</p><p>Well, I only suggested a SMALL part of that guide here, but a crucial &amp; EFFECTIVE ONE, &amp; mainly because it fits the bill here QUITE specifically &amp; functions globally, instead of just being good for 1 set of apps only (like FF addons are only, unfortunately), &amp; it doesn't eat CPU like those do either OR slow you down (if anything? They speed you up HUGELY, in addition to securing you too as a bonus)...apk</p></div>
	</htmltext>
<tokenext>" In this regard , AdBlock makes a significant difference if you tell it to not download ads at all , but I am not comfortable with denying revenue streams to the websites I visit , after all , they are providing me with a service I enjoy , for free .
" - by mr \ _da3m0n ( 887821 ) on Monday November 30 , @ 12 : 41PM ( # 30271744 ) HomepageBanner Ads slow you down massively , &amp; , adbanners have been shown as infection by malware vectors too many times over the past few years now ( see my p.s .
below for evidence of that ) , &amp; , they also cut into my linespeed I PAY FOR... that is a " no no " , sorry webmaster , just a fact , that.SO - Per my subject line above ? How about a GLOBAL solution , instead , &amp; one that extends to ALL of your " webbound apps " , instead , &amp; NOT just to Mozilla softwares which is all your solution works for... ( think IE , Outlook &amp; other email programs even , + more ) , AND , the solution I propose also acts as " layered security " in combination with the FF/Mozilla only methods you use ( which sadly , your methods are KNOWN to slow your browser down , use CPU cycles &amp; more ( like having bugs &amp; security flaws in themselves too ) ... where this solution does not &amp; covers ALL webbound apps , globally ) ?
? Here is a GOOD SOLID WORK-AROUND , CALLED A HOSTS FILE !
( It works for more speed online , AND SECURITY ESPECIALLY... Also , it works for your money , because you pay for your linetime out of pocket most likely as I do , you can get back your speed , AND , gain security easily , &amp; from a single easily edited file &amp; a file eats no CPU cycles like a local DNS server can ( &amp; are not as security vulnerable either if you protect write access to a HOSTS file also ) ... Anyhow/anyways - Here goes : SO - " that all said &amp; aside " ?
Well , per your reply ? ?
You 're solutions cost CPU cycles &amp; are KNOWN to slow down FF/Mozilla variants ( as browser addons do ) , but... Hey - NO PROBLEM , because HOSTS files work alongside those addons too , &amp; offer you more speed online AND more security , via a SINGLE EASILY EDITED + POPULATED FILE ( called a HOSTS file ) : I use a custom HOSTS file , in addition to the tools others here in this thread have noted ( which MANY like FF addons only really function for FireFox/Mozilla products , but do n't extend globally to all other webbound applications , &amp; that is part of what HOSTS files give you above the methods you extoll + utilize : " GLOBAL COVERAGE " , &amp; of ALL webbound apps , not just FireFox/Mozilla ones via the addons you noted + use yourself... ) .HOSTS files can be used to blockout KNOWN " bad " adserves , maliciously coded sites or adbanners , and " botnet C&amp;C servers " too ! You can obtain reliable HOSTS files from reputable lists for more security online , but also for speed !
( More on that later &amp; WHY/HOW ( I use reliable lists for that , such as these HOSTS @ Wikipedia.com - &gt; http : //en.wikipedia.org/wiki/Hosts \ _file [ wikipedia.org ] or those from mvps.org ( a good one this one ) ) I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats , via : ----A .
) Spybot " Search &amp; Destroy " updates ( populates HOSTS and browser block lists ) B .
) Sites like ZDNet 's Mr. Dancho Danchev 's blog - &gt; http : //ddanchev.blogspot.com/ [ blogspot.com ] C. ) Sites like FireEye - &gt; http : //blog.fireeye.com/ [ fireeye.com ] D. ) SRI - &gt; http : //mtc.sri.com/ [ sri.com ] ----My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online ( by blocking adbanners , which have been compromised many times the past few years now by malscripted exploits ( examples below ) ) .
( I combined ALL reputable HOSTS files with one of my own ( 30,000 entries ) , &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called " APK HOSTS File Grinder 4.0 + + " .
That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter ' IP address to either 0.0.0.0 ( for VISTA/Windows Server 2008/Windows 7 , smaller &amp; thus faster than 127.0.0.1 default ) or the smallest &amp; fastest 0 " blocking 'IP ADDRESS ' " ( for Windows 2000/XP/Server 2003 which can STILL use it ( &amp; it was added in a service pack on Windows 2000 , only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards ( &amp; now all these " phunny little bugs " are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall , which ROOTKIT.COM has stated ( with code too no less on how it is done ) - &gt; http : //www.rootkit.com/newsread.php ? newsid = 952 [ rootkit.com ] [ rootkit.com ] that it is EASIER TO UNHOOK ( than was the design used in Windows 2000/XP/Server 2003 ) ) Another EXCELLENT benefit of HOSTS file usage ?
More speed online , &amp; also more security + reliability ( especially in the case of DNS servers today , per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now ) ...AND , YOU CAN GET EVEN MORE SPEED , and RELIABILITY ( vs. downed or " DNS poisoned/misdirected " dns servers too ) via yet another " hidden bonus for speed " in HOSTS files : HOW SO ?
WELL - I use another " technique " called " hardcoding " an IP address to domainname/hostname in my HOSTS files , for my FAVORITE websites : This allows me to FIRST bypass any remote/external DNS lookups , which also would in theory @ least , make me " proofed " vs. DNS request logs by my ISP/BSP also .
( Especially since I use external DNS servers too , OpenDNS ones to be specific , that go beyond my hardcoded favs in my HOSTS file because I ca n't ping &amp; resolve the ENTIRE internet after all ) This also makes it harder for others to track me... ( Sure , they could do a " reverse DNS lookup " via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest , but that is harder to do , than looking up my URL requests via a log on a DNS server ) ) ALSO , AS ANOTHER " BONUS " in HOSTS FILES ( ca n't stress it enough , &amp; especially above + beyond adbanner blocking ) : It speeds you up , or can ! E.G.- &gt; A buddy of mine named Jack says it has ( verbatim quote ) " DOUBLED MY SPEED ONLINE , BUT I VALUE THE SECURITY PART MORE " , because he used to get over 200 + + viruses a week , now ?
Only maybe 2 a year IF THAT lately , &amp; he is convinced it is largely due to the HOSTS file I send him weekly ( he is my " lab rat # 1 " due to his previous infestation rate ) , &amp; if that " anecdotal evidence " is not enough ?
See this then , from a published security guru on a respected site for it : = = = = RESURRECTING THE KILLFILE : ( by Mr. Oliver Day ) http : //www.securityfocus.com/columnists/491 [ securityfocus.com ] PERTINENT EXCERPTS/QUOTES : " The host file on my day-to-day laptop is now over 16,000 lines long .
Accessing the Internet particularly browsing the Web is actually faster now .
" " From what I have seen in my research , major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade .
The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties .
More recently , projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware .
" = = = = ( A nice bonus beyond blocking adbanners via HOSTS too , because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below , several examples thereof no less ) , because you do n't waste between 30-N ms calling out to an external DNS !
( Again , and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it ) Thus , SO , even IF your DNS servers go down , or are " dns poisoned " ( or fall to yet another security flaw , many are in my " p.s .
" below no less , as documented evidences thereof to my statements here no less ) ? Well , by using a custom HOSTS file setup , you can STILL GET TO YOUR FAV .
SITES IF HARDCODED in your HOSTS FILE &amp; @ higher speeds than DNS server calls , 30-N times faster in fact ( a good thing , but one you may have to periodically alter , easily , via notepad.exe edits of your HOSTS file &amp; a ping to update their new address ( sites change hosting providers due to better services or prices , rare , but they do &amp; MOST let you know they are about to do so anyhow , so you can amend a HOSTS file ) ) .NICEST PART IS , THOUGH , PER YOUR STATEMENT ( in addition to the benefits of HOSTS file I note above , alongside others like Mr. Oliver Day of SECURITYFOCUS.COM ) ? I will STILL get to where it is that I WANT TO GO , not the router 's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least , because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL , not via my routers ' onboard DNS server...APKP.S. = &gt; Evidences as to WHY you 'd want to add on the " extra layered security protection " of a HOSTS file , which extends global security coverage to your webbound apps , AND , allows for a great deal of added extra speed as well ?
Ok , here are some documented reasons why like : a .
) DNS servers vulnerable , under attack , failing or being " DNS poisoned " misdirected &amp; moreb .
) Security suites failing vs. modern " blended threats " onlinec .
) javascript being used to do most of this via apps ) d. ) adbanners being maliciously coded also... ( Here we go with documented proofs/examples : ) = = = = POISONED MALSCRIPTED ADBANNERSThe Next Ad You Click May Be a Virus : http : //it.slashdot.org/article.pl ? sid = 09/06/15/2056219 [ slashdot.org ] ----Attackers Infect Ads With Old Adobe Vulnerability : http : //it.slashdot.org/article.pl ? sid = 09/02/25/024211 [ slashdot.org ] ----Hackers Use Banner Ads on Major Sites to Hijack Your PC : http : //www.wired.com/techbiz/media/news/2007/11/doubleclick [ wired.com ] ----Adobe Flash Ads Launching Clipboard Hijack Attacks : http : //it.slashdot.org/article.pl ? sid = 08/08/20/0029220&amp;from = rss [ slashdot.org ] ----Slashdot | Americans Do n't Want Targeted Ads : http : //yro.slashdot.org/article.pl ? sid = 09/10/01/1854214 [ slashdot.org ] = = = = DNS PROBLEMS : Number of Rogue DNS Servers on the Rise : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/02/15/2118212 [ slashdot.org ] ----Security Researcher Kaminsky Pushes DNS Patching : http : //it.slashdot.org/article.pl ? sid = 09/02/19/2322231 [ slashdot.org ] ----Ten Percent of DNS Servers Still Vulnerable : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 05/08/04/1525235 [ slashdot.org ] ----TimeWarner DNS Hijacking : http : //tech.slashdot.org/article.pl ? sid = 07/07/23/2140208 [ slashdot.org ] ----Another DNS Flaw Found : http : //tech.slashdot.org/article.pl ? sid = 09/01/09/2348240 [ slashdot.org ] ----Attack Code Published For DNS Vulnerability : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/07/23/231254 [ slashdot.org ] ----BIND Still Susceptible To DNS Cache Poisoning : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/08/09/123222 [ slashdot.org ] ----DDoS Attacks Via DNS Recursion : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 06/03/16/1658209 [ slashdot.org ] ----DNS Poisoning Hits One of China 's Biggest ISPs : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/08/21/2343250 [ slashdot.org ] ----DNS Root Servers Attacked : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 07/02/06/2238225 [ slashdot.org ] ----DNS Problem Linked To DDoS Attacks Gets Worse : http : //tech.slashdot.org/comments.pl ? sid = 1444354&amp;cid = 30109858 [ slashdot.org ] ----Are your servers vulnerable to DNS attacks ? http : //www.networkworld.com/news/2007/111907-dns-attacks.html [ networkworld.com ] ----Kaminsky On DNS Bugs a Year Later and DNSSEC : http : //it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC [ slashdot.org ] ----DNS users put higher premium on security : http : //news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/ [ techworld.com ] ----BIND , the Buggy Internet Name Daemon : http : //cr.yp.to/djbdns/blurb/unbind.html [ cr.yp.to ] ( Where djbdns was found to have flaw , though it was alleged invulnerable , they paid out $ 10,000 reward ) ----DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE : http : //blogs.zdnet.com/security/ ? p = 1520 [ zdnet.com ] ----DNS REBINDING ATTACKS : MultiPinning Browser JavaScript Vulnerability ( how to protect yourself ) : http : //crypto.stanford.edu/dns/ [ stanford.edu ] ----Hackers hijack DNS records of high profile New Zealand sites : http : //blogs.zdnet.com/security/ ? p = 3185 [ zdnet.com ] = = = = SECURITY SUITE PROGRAMS FAILING : AntiVirus Products Fail to Find Simple IE Malware : http : //tech.slashdot.org/article.pl ? sid = 07/10/29/1747237 [ slashdot.org ] ----Most Security Products Fail To Perform : http : //hardware.slashdot.org/comments.pl ? sid = 1445302&amp;threshold = -1&amp;commentsort = 0&amp;mode = thread&amp;pid = 30114652 [ slashdot.org ] ----TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM : http : //secunia.com/blog/29/ [ secunia.com ] ----Top security suites fail exploit tests : http : //www.computerworld.com/s/article/9117042/Top \ _security \ _suites \ _fail \ _exploit \ _tests ? intsrc = news \ _ts \ _head [ computerworld.com ] ----Antivirus is 'completely wasted money ' : Cisco CSO : News - Security - ZDNet Australia : http : //www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm ? feed = pt \ _auscert [ zdnet.com.au ] ----Are Routers the Next Big Target for Hackers ? http : //blogs.zdnet.com/security/ ? p = 919 [ zdnet.com ] ----Software Firewalls : Made of Straw ?
Part 1 of 2 : http : //www.securityfocus.com/infocus/1839 [ securityfocus.com ] Software Firewalls : Made of Straw ?
Part 2 of 2 : http : //www.securityfocus.com/infocus/1840/2 [ securityfocus.com ] ----Brief study shows difficulty in detecting malware ( 2008 ) : http : //www.securityfocus.com/brief/858 [ securityfocus.com ] ----2007 - Browser vulnerabilities and attacks will continue to mount : http : //www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679 [ infoworld.com ] ----Bug exposes Cisco switches to attacks : http : //news.cnet.com/Bug-exposes-Cisco-switches + to + attacks/2110-7349 \ _3-5902897.html ? part = rss&amp;tag = 5902897&amp;subj = news [ cnet.com ] &amp;CISCO " COMES CLEAN " ON EXTENT OF IOS FLAW : http : //www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/ [ eweek.com ] &amp;Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability : http : //secunia.com/advisories/28625/ [ secunia.com ] + Computer routers face hijack risk - study : http : //www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html ? ref = rss [ www.cbc.ca ] Slashdot Technology Story | Will Mainstream Media Embrace Adblockers ? http : //tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers [ slashdot.org ] ----Congress May Require ISPs To Block Certain Fraud Sites : http : //yro.slashdot.org/comments.pl ? sid = 1432514&amp;cid = 30024078 [ slashdot.org ] = = = = JAVASCRIPT PROBLEMS : Slashdot | Adobe Confirms PDF Zero-Day , Says Kill JavaScript : http : //it.slashdot.org/article.pl ? sid = 09/04/29/1823234 [ slashdot.org ] ----Adobe Flash Zero-Day Attack Underway : http : //it.slashdot.org/article.pl ? sid = 08/05/28/0138247&amp;from = rss [ slashdot.org ] ----JavaScript flaw reported in Adobe Reader ( 4th or 5th time already , if not more ) : http : //www.securityfocus.com/brief/953 [ securityfocus.com ] ----Another malware pulls an Italian job via JAVASCRIPT : http : //blog.trendmicro.com/another-malware-pulls-an-italian-job/ [ trendmicro.com ] ----JavaScript opens doors to browser-based attacks | CNET News.com : http : //news.com.com/JavaScript + opens + doors + to + browser-based + attacks/2100-7349 \ _3-6099891.html ? part = rss&amp;tag = 6099891&amp;subj = news [ com.com ] ----Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secuniahttp : //secunia.com/advisories/29787/ [ secunia.com ] ----New script outstrips all other drive-by download risks : http : //www.theregister.co.uk/2009/05/15/script \ _menace/ [ theregister.co.uk ] ----Researcher to demonstrate attack code for Intel chips via Javascript : http : //www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036 [ infoworld.com ] ----Researcher : JavaScript Attacks Get Slicker : http : //www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/ [ eweek.com ] ----Rise Of The PDF Exploits : http : //www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits [ trustedsource.org ] ----ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF : http : //www.shadowserver.org/wiki/pmwiki.php ? n = Calendar.20090219 [ shadowserver.org ] ----AJAX Poses Security , Performance Risks : http : //www.eweek.com/article2/0,1895,1916673,00.asp [ eweek.com ] ----Web 2.0 Threats and Risks for Financial Services : http : //www.net-security.org/article.php ? id = 1004&amp;p = 1 [ net-security.org ] http : //www.cbronline.com/news/web \ _20 \ _is \ _vulnerable \ _to \ _attack [ cbronline.com ] ----Cross Site Scripting ( GOOGLE ) and WHY TO TURN OFF JAVASCRIPT : http : //www.cgisecurity.com/xss-faq.html [ cgisecurity.com ] ----Why the FBI Director Does n't Bank Onlinehttp : //it.slashdot.org/article.pl ? sid = 09/10/08/0327240 [ slashdot.org ] = = = = MAJOR ATTACKS ( only a small sample ) of WHY LAYERED SECURITY IS NEEDEDIs the Botnet Battle Already Lost ? http : //www.eweek.com/article2/0,1895,2029720,00.asp [ eweek.com ] ----IT Pros Say They Ca n't Stop Data Breaches : http : //www.eweek.com/article2/0,1895,2010325,00.asp ? kc = EWNAVEMNL083106EOAD [ eweek.com ] ----Cyber Attacks On US Military Jump Sharply In 2009http : //tech.slashdot.org/comments.pl ? sid = 1452358&amp;threshold = -1&amp;commentsort = 0&amp;mode = thread&amp;cid = 30185742 [ slashdot.org ] ----Bots Found Inside Many Big Companies : http : //blogs.baselinemag.com/security/content001/cybercrime/bots \ _found \ _inside \ _many \ _big \ _companies.html [ baselinemag.com ] ----Bot master owns up to 250,000 zombie PCs : http : //www.securityfocus.com/news/11495 [ securityfocus.com ] ----Bots surge ahead ( 2007 ) : http : //www.securityfocus.com/brief/466 [ securityfocus.com ] ----Chinese Hackers Hit Commerce Department : http : //www.informationweek.com/news/security/government/showArticle.jhtml ? articleID = 193105227 [ informationweek.com ] ----CIA Admits Cyberattacks Blacked Out Cities : http : //www.informationweek.com/news/internet/showArticle.jhtml ? articleID = 205901631 [ informationweek.com ] ----Compromised Banks and Investment sites list 2006 : http : //it.slashdot.org/comments.pl ? sid = 233921&amp;cid = 19035679 [ slashdot.org ] ----Dancho Danchev 's Blog - Mind Streams of Information Security Knowledge : Massive IFRAME SEO Poisoning Attack Continuing : http : //ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html [ blogspot.com ] ----Data at Bank of America , Wachovia , others compromised - May .
23 , 2005 : http : //money.cnn.com/2005/05/23/news/fortune500/bank \ _info/index.htm [ cnn.com ] ----Fresh Security Breaches at Los Alamos : http : //www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/ [ msn.com ] ----Infected job search sites lead to info theft for 46,000 : http : //www.computerworld.com/s/article/9031139/Infected \ _job \ _search \ _sites \ _lead \ _to \ _info \ _theft \ _for \ _46 \ _000 [ computerworld.com ] ----New Mega-Botnet Discovered : http : //it.slashdot.org/article.pl ? sid = 09/04/22/2223214 [ slashdot.org ] ----I think THAT list ought to " enlighten " ANYONE , as to why " layered security " is &amp; has been considered largely to be " THE WAY TO GO " , vs. that list above ( which is only a SMALL \ % -age of what I can come up with in regards to threats online + their causes ) ... HOSTS files help protect vs. those , on several levels - DO consider their usage ! I 'd like to also end this , on a little quote from a fav .
film of mine : " My name is Dr. Robert Neville .
I am a survivor living in New York City .
I am broadcasting on all a.m. frequencies. I will be in the south street seaport everyday at midday when the sun is highest in the sky .
If you are out there , if anyone is out there , I can provide food ; I can provide shelter ; I can provide security - &gt; http : //www.tcmagazine.com/forums/index.php ? s = 44b7ce1c3ee460d32e68cb97f2597368&amp;showtopic = 2662 [ tcmagazine.com ] .
If there 's anybody out there , anybody , please... you are not alone .
" - Dr. Robert Neville , I AM LEGEND&amp; that film inspired me to write that guide for securing Windows NT-based OS variants , @ the end of 2007 , + for my " New Year 's Resolution " for 2008 , of " Do the right thing &amp; 'pay it forward ' " ... &amp; , it works.Here though ? Well , I only suggested a SMALL part of that guide here , but a crucial &amp; EFFECTIVE ONE , &amp; mainly because it fits the bill here QUITE specifically &amp; functions globally , instead of just being good for 1 set of apps only ( like FF addons are only , unfortunately ) , &amp; it does n't eat CPU like those do either OR slow you down ( if anything ?
They speed you up HUGELY , in addition to securing you too as a bonus ) ...apk</tokentext>
<sentencetext>"In this regard, AdBlock makes a significant difference if you tell it to not download ads at all, but I am not comfortable with denying revenue streams to the websites I visit, after all, they are providing me with a service I enjoy, for free.
" - by mr\_da3m0n (887821) on Monday November 30, @12:41PM (#30271744) HomepageBanner Ads slow you down massively, &amp;, adbanners have been shown as infection by malware vectors too many times over the past few years now (see my p.s.
below for evidence of that), &amp;, they also cut into my linespeed I PAY FOR... that is a "no no", sorry webmaster, just a fact, that.SO - Per my subject line above?How about a GLOBAL solution, instead, &amp; one that extends to ALL of your "webbound apps", instead, &amp; NOT just to Mozilla softwares which is all your solution works for... (think IE, Outlook &amp; other email programs even, + more), AND, the solution I propose also acts as "layered security" in combination with the FF/Mozilla only methods you use  (which sadly, your methods are KNOWN to slow your browser down, use CPU cycles &amp; more (like having bugs &amp; security flaws in themselves too)... where this solution does not &amp; covers ALL webbound apps, globally)?
?Here is a GOOD SOLID WORK-AROUND, CALLED A HOSTS FILE!
(It works for more speed online, AND SECURITY ESPECIALLY... Also, it works for your money, because you pay for your linetime out of pocket most likely as I do, you can get back your speed, AND, gain security easily, &amp; from a single easily edited file &amp; a file eats no CPU cycles like a local DNS server can (&amp; are not as security vulnerable either if you protect write access to a HOSTS file also)... Anyhow/anyways - Here goes:SO - "that all said &amp; aside"?
Well, per your reply??
You're solutions cost CPU cycles &amp; are KNOWN to slow down FF/Mozilla variants (as browser addons do), but... Hey - NO PROBLEM, because HOSTS files work alongside those addons too, &amp; offer you more speed online AND more security, via a SINGLE EASILY EDITED + POPULATED FILE (called a HOSTS file):I use a custom HOSTS file, in addition to the tools others here in this thread have noted (which MANY like FF addons only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, &amp; that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", &amp; of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&amp;C servers" too!You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!
(More on that later &amp; WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -&gt; http://en.wikipedia.org/wiki/Hosts\_file [wikipedia.org] or those from mvps.org (a good one this one))I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats, via:----A.
) Spybot "Search &amp; Destroy" updates (populates HOSTS and browser block lists)B.
) Sites like ZDNet's Mr. Dancho Danchev's blog -&gt; http://ddanchev.blogspot.com/ [blogspot.com]C.) Sites like FireEye -&gt; http://blog.fireeye.com/ [fireeye.com]D.) SRI -&gt; http://mtc.sri.com/ [sri.com]----My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).
(I combined ALL reputable HOSTS files with one of my own (30,000 entries), &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++".
That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller &amp; thus faster than 127.0.0.1 default) or the smallest &amp; fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (&amp; it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (&amp; now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -&gt; http://www.rootkit.com/newsread.php?newsid=952 [rootkit.com] [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))Another EXCELLENT benefit of HOSTS file usage?
More speed online, &amp; also more security + reliability (especially in the case of DNS servers today, per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...AND, YOU CAN GET EVEN MORE SPEED, and RELIABILITY (vs. downed or "DNS poisoned/misdirected" dns servers too) via yet another "hidden bonus for speed" in HOSTS files:HOW SO?
WELL - I use another "technique" called "hardcoding" an IP address to domainname/hostname in my HOSTS files, for my FAVORITE websites:This allows me to FIRST bypass any remote/external DNS lookups, which also would in theory @ least, make me "proofed" vs. DNS request logs by my ISP/BSP also.
(Especially since I use external DNS servers too, OpenDNS ones to be specific, that go beyond my hardcoded favs in my HOSTS file because I can't ping &amp; resolve the ENTIRE internet after all)This also makes it harder for others to track me...(Sure, they could do a "reverse DNS lookup" via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest, but that is harder to do, than looking up my URL requests via a log on a DNS server))ALSO, AS ANOTHER "BONUS" in HOSTS FILES (can't stress it enough, &amp; especially above + beyond adbanner blocking):  It speeds you up, or can!E.G.-&gt; A buddy of mine named Jack says it has (verbatim quote) "DOUBLED MY SPEED ONLINE, BUT I VALUE THE SECURITY PART MORE", because he used to get over 200++ viruses a week, now?
Only maybe 2 a year IF THAT lately, &amp; he is convinced it is largely due to the HOSTS file I send him weekly (he is my "lab rat #1" due to his previous infestation rate), &amp; if that "anecdotal evidence" is not enough?
See this then, from a published security guru on a respected site for it:====RESURRECTING THE KILLFILE:(by Mr. Oliver Day)http://www.securityfocus.com/columnists/491 [securityfocus.com]PERTINENT EXCERPTS/QUOTES:"The host file on my day-to-day laptop is now over 16,000 lines long.
Accessing the Internet particularly browsing the Web is actually faster now.
""From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade.
The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties.
More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware.
"====(A nice bonus beyond blocking adbanners via HOSTS too, because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below, several examples thereof no less), because you don't waste between 30-N ms calling out to an external DNS!
(Again, and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it)Thus, SO, even IF your DNS servers go down, or are "dns poisoned" (or fall to yet another security flaw, many are in my "p.s.
" below no less, as documented evidences thereof to my statements here no less)?Well, by using a custom HOSTS file setup, you can STILL GET TO YOUR FAV.
SITES IF HARDCODED in your HOSTS FILE &amp; @ higher speeds than DNS server calls, 30-N times faster in fact (a good thing, but one you may have to periodically alter, easily, via notepad.exe edits of your HOSTS file &amp; a ping to update their new address (sites change hosting providers due to better services or prices, rare, but they do &amp; MOST let you know they are about to do so anyhow, so you can amend a HOSTS file)).NICEST PART IS, THOUGH, PER YOUR STATEMENT (in addition to the benefits of HOSTS file I note above, alongside others like Mr. Oliver Day of SECURITYFOCUS.COM)?I will STILL get to where it is that I WANT TO GO, not the router's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least, because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL, not via my routers' onboard DNS server...APKP.S.=&gt; Evidences as to WHY you'd want to add on the "extra layered security protection" of a HOSTS file, which extends global security coverage to your webbound apps, AND, allows for a great deal of added extra speed as well?
Ok, here are some documented reasons why like:a.
) DNS servers vulnerable, under attack, failing or being "DNS poisoned" misdirected &amp; moreb.
) Security suites failing vs. modern "blended threats" onlinec.
) javascript being used to do most of this via apps)d.) adbanners being maliciously coded also...(Here we go with documented proofs/examples:)====POISONED MALSCRIPTED ADBANNERSThe Next Ad You Click May Be a Virus:http://it.slashdot.org/article.pl?sid=09/06/15/2056219 [slashdot.org]----Attackers Infect Ads With Old Adobe Vulnerability:http://it.slashdot.org/article.pl?sid=09/02/25/024211 [slashdot.org]----Hackers Use Banner Ads on Major Sites to Hijack Your PC:http://www.wired.com/techbiz/media/news/2007/11/doubleclick [wired.com]----Adobe Flash Ads Launching Clipboard Hijack Attacks:http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss [slashdot.org]----Slashdot | Americans Don't Want Targeted Ads:http://yro.slashdot.org/article.pl?sid=09/10/01/1854214 [slashdot.org]====DNS PROBLEMS:Number of Rogue DNS Servers on the Rise:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212 [slashdot.org]----Security Researcher Kaminsky Pushes DNS Patching:http://it.slashdot.org/article.pl?sid=09/02/19/2322231 [slashdot.org]----Ten Percent of DNS Servers Still Vulnerable:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235 [slashdot.org]----TimeWarner DNS Hijacking:http://tech.slashdot.org/article.pl?sid=07/07/23/2140208 [slashdot.org]----Another DNS Flaw Found:http://tech.slashdot.org/article.pl?sid=09/01/09/2348240 [slashdot.org]----Attack Code Published For DNS Vulnerability:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254 [slashdot.org]----BIND Still Susceptible To DNS Cache Poisoning:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222 [slashdot.org]----DDoS Attacks Via DNS Recursion:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209 [slashdot.org]----DNS Poisoning Hits One of China's Biggest ISPs:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250 [slashdot.org]----DNS Root Servers Attacked:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225 [slashdot.org]----DNS Problem Linked To DDoS Attacks Gets Worse:http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858 [slashdot.org]----Are your servers vulnerable to DNS attacks?http://www.networkworld.com/news/2007/111907-dns-attacks.html [networkworld.com]----Kaminsky On DNS Bugs a Year Later and DNSSEC:http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC [slashdot.org]----DNS users put higher premium on security:http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/ [techworld.com]----BIND, the Buggy Internet Name Daemon:http://cr.yp.to/djbdns/blurb/unbind.html [cr.yp.to](Where djbdns was found to have flaw, though it was alleged invulnerable, they paid out $10,000 reward)----DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE:http://blogs.zdnet.com/security/?p=1520 [zdnet.com]----DNS REBINDING ATTACKS: MultiPinning Browser JavaScript Vulnerability (how to protect yourself):http://crypto.stanford.edu/dns/ [stanford.edu]----Hackers hijack DNS records of high profile New Zealand sites:http://blogs.zdnet.com/security/?p=3185 [zdnet.com]====SECURITY SUITE PROGRAMS FAILING:AntiVirus Products Fail to Find Simple IE Malware:http://tech.slashdot.org/article.pl?sid=07/10/29/1747237 [slashdot.org]----Most Security Products Fail To Perform:http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652 [slashdot.org]----TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM:http://secunia.com/blog/29/ [secunia.com]----Top security suites fail exploit tests:http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head [computerworld.com]----Antivirus is 'completely wasted money': Cisco CSO: News - Security - ZDNet Australia:http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert [zdnet.com.au]----Are Routers the Next Big Target for Hackers?http://blogs.zdnet.com/security/?p=919 [zdnet.com]----Software Firewalls: Made of Straw?
Part 1 of 2:http://www.securityfocus.com/infocus/1839 [securityfocus.com]Software Firewalls: Made of Straw?
Part 2 of 2:http://www.securityfocus.com/infocus/1840/2 [securityfocus.com]----Brief study shows difficulty in detecting malware (2008):http://www.securityfocus.com/brief/858 [securityfocus.com]----2007 - Browser vulnerabilities and attacks will continue to mount:http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679 [infoworld.com]----Bug exposes Cisco switches to attacks:http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news [cnet.com]&amp;CISCO "COMES CLEAN" ON EXTENT OF IOS FLAW:http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/ [eweek.com]&amp;Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability:http://secunia.com/advisories/28625/ [secunia.com]+Computer routers face hijack risk - study:http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss [www.cbc.ca]Slashdot Technology Story | Will Mainstream Media Embrace Adblockers?http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers [slashdot.org]----Congress May Require ISPs To Block Certain Fraud Sites:http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078 [slashdot.org]====JAVASCRIPT PROBLEMS:Slashdot | Adobe Confirms PDF Zero-Day, Says Kill JavaScript:http://it.slashdot.org/article.pl?sid=09/04/29/1823234 [slashdot.org]----Adobe Flash Zero-Day Attack Underway:http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss [slashdot.org]----JavaScript flaw reported in Adobe Reader (4th or 5th time already, if not more):http://www.securityfocus.com/brief/953 [securityfocus.com]----Another malware pulls an Italian job via JAVASCRIPT:http://blog.trendmicro.com/another-malware-pulls-an-italian-job/ [trendmicro.com]----JavaScript opens doors to browser-based attacks | CNET News.com:http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news [com.com]----Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secuniahttp://secunia.com/advisories/29787/ [secunia.com]----New script outstrips all other drive-by download risks:http://www.theregister.co.uk/2009/05/15/script\_menace/ [theregister.co.uk]----Researcher to demonstrate attack code for Intel chips via Javascript:http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036 [infoworld.com]----Researcher: JavaScript Attacks Get Slicker:http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/ [eweek.com]----Rise Of The PDF Exploits:http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits [trustedsource.org]----ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF:http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219 [shadowserver.org]----AJAX Poses Security, Performance Risks:http://www.eweek.com/article2/0,1895,1916673,00.asp [eweek.com]----Web 2.0 Threats and Risks for Financial Services:http://www.net-security.org/article.php?id=1004&amp;p=1 [net-security.org]http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack [cbronline.com]----Cross Site Scripting (GOOGLE) and WHY TO TURN OFF JAVASCRIPT:http://www.cgisecurity.com/xss-faq.html [cgisecurity.com]----Why the FBI Director Doesn't Bank Onlinehttp://it.slashdot.org/article.pl?sid=09/10/08/0327240 [slashdot.org]====MAJOR ATTACKS (only a small sample) of WHY LAYERED SECURITY IS NEEDEDIs the Botnet Battle Already Lost?http://www.eweek.com/article2/0,1895,2029720,00.asp [eweek.com]----IT Pros Say They Can't Stop Data Breaches:http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD [eweek.com]----Cyber Attacks On US Military Jump Sharply In 2009http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742 [slashdot.org]----Bots Found Inside Many Big Companies:http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html [baselinemag.com]----Bot master owns up to 250,000 zombie PCs:http://www.securityfocus.com/news/11495 [securityfocus.com]----Bots surge ahead (2007):http://www.securityfocus.com/brief/466 [securityfocus.com]----Chinese Hackers Hit Commerce Department:http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227 [informationweek.com]----CIA Admits Cyberattacks Blacked Out Cities:http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631 [informationweek.com]----Compromised Banks and Investment sites list 2006:http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679 [slashdot.org]----Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Massive IFRAME SEO Poisoning Attack Continuing:http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html [blogspot.com]----Data at Bank of America, Wachovia, others compromised - May.
23, 2005:http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm [cnn.com]----Fresh Security Breaches at Los Alamos:http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/ [msn.com]----Infected job search sites lead to info theft for 46,000:http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000 [computerworld.com]----New Mega-Botnet Discovered:http://it.slashdot.org/article.pl?sid=09/04/22/2223214 [slashdot.org]----I think THAT list ought to "enlighten" ANYONE, as to why "layered security" is &amp; has been considered largely to be "THE WAY TO GO", vs. that list above (which is only a SMALL \%-age of what I can come up with in regards to threats online + their causes)... HOSTS files help protect vs. those, on several levels - DO consider their usage!I'd like to also end this, on a little quote from a fav.
film of mine:"My name is Dr. Robert Neville.
I am a survivor living in New York City.
I am broadcasting on all a.m. frequencies. I will be in the south street seaport everyday at midday when the sun is highest in the sky.
If you are out there, if anyone is out there, I can provide food; I can provide shelter; I can provide security -&gt; http://www.tcmagazine.com/forums/index.php?s=44b7ce1c3ee460d32e68cb97f2597368&amp;showtopic=2662 [tcmagazine.com] .
If there's anybody out there, anybody, please... you are not alone.
" - Dr. Robert Neville, I AM LEGEND&amp; that film inspired me to write that guide for securing Windows NT-based OS variants, @ the end of 2007, + for my "New Year's Resolution" for 2008, of "Do the right thing &amp; 'pay it forward'"... &amp;, it works.Here though?Well, I only suggested a SMALL part of that guide here, but a crucial &amp; EFFECTIVE ONE, &amp; mainly because it fits the bill here QUITE specifically &amp; functions globally, instead of just being good for 1 set of apps only (like FF addons are only, unfortunately), &amp; it doesn't eat CPU like those do either OR slow you down (if anything?
They speed you up HUGELY, in addition to securing you too as a bonus)...apk
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271744</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272486</id>
	<title>Re:Kind of Fitting</title>
	<author>IntlHarvester</author>
	<datestamp>1259609580000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>No, the main reason Flash is used is because it's "flashy" and draws more eyeballs to that space. Any additional tracking is just a side-benefit.</p><p>And everyone knows you can block ads if you really want to. Although Flash allows them to overlay ads over video and that kind of thing.</p></htmltext>
<tokenext>No , the main reason Flash is used is because it 's " flashy " and draws more eyeballs to that space .
Any additional tracking is just a side-benefit.And everyone knows you can block ads if you really want to .
Although Flash allows them to overlay ads over video and that kind of thing .</tokentext>
<sentencetext>No, the main reason Flash is used is because it's "flashy" and draws more eyeballs to that space.
Any additional tracking is just a side-benefit.And everyone knows you can block ads if you really want to.
Although Flash allows them to overlay ads over video and that kind of thing.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272218</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274710</id>
	<title>This is why...</title>
	<author>Anonymous</author>
	<datestamp>1259575560000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>This is why so many people use plug-ins like noscript and adblock plus.  If your ads are annoying in any way, people will find ways to block them.</p></htmltext>
<tokenext>This is why so many people use plug-ins like noscript and adblock plus .
If your ads are annoying in any way , people will find ways to block them .</tokentext>
<sentencetext>This is why so many people use plug-ins like noscript and adblock plus.
If your ads are annoying in any way, people will find ways to block them.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272472</id>
	<title>Re:I don't even need to read the summary.</title>
	<author>colinu1701</author>
	<datestamp>1259609520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p><div class="quote"><p> Technology: Are Ad Servers Bogging Down the Web?</p></div><p>Yes. Period.</p></div><p>I don't think the title needed the question mark.</p></div>
	</htmltext>
<tokenext>Technology : Are Ad Servers Bogging Down the Web ? Yes .
Period.I do n't think the title needed the question mark .</tokentext>
<sentencetext> Technology: Are Ad Servers Bogging Down the Web?Yes.
Period.I don't think the title needed the question mark.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271618</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275114</id>
	<title>Re:Why would an ad server slow down a site?</title>
	<author>Anonymous</author>
	<datestamp>1259577360000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><i>... to appear in the already displayed page. I don't see what the problem is<nobr> <wbr></nobr>...</i></p><p>1. Some browsers wait until they have all the data before painting the page.<br>2. The ones that start painting immediately and then shift stuff around as soon as<br>
&nbsp; &nbsp; &nbsp; they know the size of incoming boxes jerk text around and are mostly unreadable<br>
&nbsp; &nbsp; &nbsp; until almost everything has finished loading.</p><p>If you don't have a problem with the performance degradation of ads, that's great.<br>You can give the ad delivery counters something to count while surfers like me block them.</p></htmltext>
<tokenext>... to appear in the already displayed page .
I do n't see what the problem is ...1 .
Some browsers wait until they have all the data before painting the page.2 .
The ones that start painting immediately and then shift stuff around as soon as       they know the size of incoming boxes jerk text around and are mostly unreadable       until almost everything has finished loading.If you do n't have a problem with the performance degradation of ads , that 's great.You can give the ad delivery counters something to count while surfers like me block them .</tokentext>
<sentencetext>... to appear in the already displayed page.
I don't see what the problem is ...1.
Some browsers wait until they have all the data before painting the page.2.
The ones that start painting immediately and then shift stuff around as soon as
      they know the size of incoming boxes jerk text around and are mostly unreadable
      until almost everything has finished loading.If you don't have a problem with the performance degradation of ads, that's great.You can give the ad delivery counters something to count while surfers like me block them.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272106</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272918</id>
	<title>karma</title>
	<author>jDeepbeep</author>
	<datestamp>1259612040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Yes, and when your karma gets really really high, you are allowed to disable<nobr> <wbr></nobr>/. 2.0</htmltext>
<tokenext>Yes , and when your karma gets really really high , you are allowed to disable / .
2.0</tokentext>
<sentencetext>Yes, and when your karma gets really really high, you are allowed to disable /.
2.0</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272564</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271778</id>
	<title>Slow Ads by Contract?</title>
	<author>Anonymous</author>
	<datestamp>1259606580000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext><p>Even Slashdot is falling prey to slow ad servers. And to answer TheRaven64's presumption -- no, it used to be the case that ads loaded asynchronously, but today it seems that many, if not most sites delay loading the content you actually came to see until the ads load. I am guessing this is part of the contract between sites and advertisers. (Would any admin for Slashdot care to comment?)</p><p>-Coward</p></htmltext>
<tokenext>Even Slashdot is falling prey to slow ad servers .
And to answer TheRaven64 's presumption -- no , it used to be the case that ads loaded asynchronously , but today it seems that many , if not most sites delay loading the content you actually came to see until the ads load .
I am guessing this is part of the contract between sites and advertisers .
( Would any admin for Slashdot care to comment ?
) -Coward</tokentext>
<sentencetext>Even Slashdot is falling prey to slow ad servers.
And to answer TheRaven64's presumption -- no, it used to be the case that ads loaded asynchronously, but today it seems that many, if not most sites delay loading the content you actually came to see until the ads load.
I am guessing this is part of the contract between sites and advertisers.
(Would any admin for Slashdot care to comment?
)-Coward</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275888</id>
	<title>Re:Make it a statistic and they'll care</title>
	<author>mibus</author>
	<datestamp>1259580120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I ran both the site and the ad-server used at my last job, so I cared.</p><p>Turns out iframes are the solution that works best (I think) - needs things set up slightly more restricted than normal (eg. ad href's must have a target of \_top/\_parent/\_blank, not missing), but otherwise it works great.</p></htmltext>
<tokenext>I ran both the site and the ad-server used at my last job , so I cared.Turns out iframes are the solution that works best ( I think ) - needs things set up slightly more restricted than normal ( eg .
ad href 's must have a target of \ _top/ \ _parent/ \ _blank , not missing ) , but otherwise it works great .</tokentext>
<sentencetext>I ran both the site and the ad-server used at my last job, so I cared.Turns out iframes are the solution that works best (I think) - needs things set up slightly more restricted than normal (eg.
ad href's must have a target of \_top/\_parent/\_blank, not missing), but otherwise it works great.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271610</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276858</id>
	<title>OLDER STORY THAT WORKS vs. adbanners+infections</title>
	<author>Anonymous</author>
	<datestamp>1259583780000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><div class="quote"><p><b>"This is all necessary: they do what they MUST to get response from the ads."</b> - by rbrander (73222) on Monday November 30, @01:52PM (#30272670) Homepage</p></div><p>It's NOT "necessary" @ all, &amp; here is how you get a faster + SAFER, almost "HBO Style internet" (no commercials &amp; slowdowns + adbanner malware infestation (yes, that happens a lot too, proof's in my "p.s." below in fact, more than just a few times)), easily, &amp; from a SINGLE EASILY EDITED FILE!</p><p>Per my subject line above? <b>How about a GLOBAL solution, instead, &amp; one that extends to ALL of your "webbound apps", instead, &amp; NOT just to Mozilla softwares which is all MOST folks' suggested solutions here today work for...</b> (think IE, Outlook &amp; other email programs even, + more), AND, the solution I propose also acts as "layered security" in combination with the FF/Mozilla only methods you use  (which sadly, your methods are KNOWN to slow your browser down, use CPU cycles &amp; more (like having bugs &amp; security flaws in themselves too)... where this solution does not &amp; covers ALL webbound apps, globally)??</p><p>Here is <b>a GOOD SOLID WORK-AROUND, CALLED A HOSTS FILE!</b></p><p>(It works for more speed online, AND SECURITY ESPECIALLY...)</p><p><b>HOSTS files also work to YOUR ADVANTAGE, for your money, because you pay for your linetime out of pocket most likely as I do, you can get back your speed, AND, gain security easily, &amp; from a single easily edited file &amp; a file eats no CPU cycles like a local DNS server can</b> (&amp; are not as security vulnerable either if you protect write access to a HOSTS file also)... Anyhow/anyways - Here goes:</p><p>SO - "that all said &amp; aside"? Well, per your reply?? You're solutions cost CPU cycles &amp; are KNOWN to slow down FF/Mozilla variants (as browser addons do), but... Hey - NO PROBLEM, because HOSTS files work alongside those addons too, &amp; offer you more speed online AND more security, via a SINGLE EASILY EDITED + POPULATED FILE (called a HOSTS file):</p><p>I use <b>a custom HOSTS file</b>, in addition to the tools others here in this thread have noted (which MANY like FF addons only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, &amp; that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", &amp; of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).</p><p><b>HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&amp;C servers" too!</b></p><p><b>You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!</b></p><p>(More on that later &amp; WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -&gt; <a href="http://en.wikipedia.org/wiki/Hosts\_file" title="wikipedia.org" rel="nofollow">http://en.wikipedia.org/wiki/Hosts\_file</a> [wikipedia.org] or those from mvps.org (a good one this one))</p><p><b>I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats, via:</b></p><p>----</p><p>A.) Spybot "Search &amp; Destroy" updates (populates HOSTS and browser block lists)</p><p>B.) Sites like ZDNet's Mr. Dancho Danchev's blog -&gt; <a href="http://ddanchev.blogspot.com/" title="blogspot.com" rel="nofollow">http://ddanchev.blogspot.com/</a> [blogspot.com]</p><p>C.) Sites like FireEye -&gt; <a href="http://blog.fireeye.com/" title="fireeye.com" rel="nofollow">http://blog.fireeye.com/</a> [fireeye.com]</p><p>D.) SRI -&gt; <a href="http://mtc.sri.com/" title="sri.com" rel="nofollow">http://mtc.sri.com/</a> [sri.com]</p><p>----</p><p>My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).</p><p>(I combined ALL reputable HOSTS files with one of my own (30,000 entries), &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++". That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller &amp; thus faster than 127.0.0.1 default) or the smallest &amp; fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (&amp; it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (&amp; now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -&gt; <a href="http://www.rootkit.com/newsread.php?newsid=952" title="rootkit.com" rel="nofollow">http://www.rootkit.com/newsread.php?newsid=952</a> [rootkit.com] [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))</p><p><b>Another EXCELLENT benefit of HOSTS file usage? More speed online, &amp; also more security + reliability</b> (especially in the case of DNS servers today, per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...</p><p><b>AND, YOU CAN GET EVEN MORE SPEED, and RELIABILITY</b> (vs. downed or "DNS poisoned/misdirected" dns servers too) <b>via yet another "hidden bonus for speed" in HOSTS files:</b></p><p>HOW SO? WELL - <b>I use another "technique" called "hardcoding" an IP address to domainname/hostname in my HOSTS files, for my FAVORITE websites:</b></p><p><b>This allows me to FIRST bypass any remote/external DNS lookups, which also would in theory @ least, make me "proofed" vs. DNS request logs by my ISP/BSP also.</b></p><p>(Especially since I use external DNS servers too, OpenDNS ones to be specific, that go beyond my hardcoded favs in my HOSTS file because I can't ping &amp; resolve the ENTIRE internet after all)</p><p>This also makes it harder for others to track me...</p><p>(Sure, they could do a "reverse DNS lookup" via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest, but that is harder to do, than looking up my URL requests via a log on a DNS server))</p><p><b>ALSO, AS ANOTHER "BONUS" in HOSTS FILES</b> (can't stress it enough, &amp; especially above + beyond adbanner blocking)<b>:  It speeds you up, or can!</b></p><p>E.G.-&gt; A buddy of mine named Jack says it has (verbatim quote) "DOUBLED MY SPEED ONLINE, BUT I VALUE THE SECURITY PART MORE", because he used to get over 200++ viruses a week, now? Only maybe 2 a year IF THAT lately, &amp; he is convinced it is largely due to the HOSTS file I send him weekly (he is my "lab rat #1" due to his previous infestation rate), &amp; if that "anecdotal evidence" is not enough? See this then, from a published security guru on a respected site for it:</p><p>====</p><p><b>RESURRECTING THE KILLFILE:</b></p><p>(by Mr. Oliver Day)</p><p><a href="http://www.securityfocus.com/columnists/491" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/columnists/491</a> [securityfocus.com]</p><p><b>PERTINENT EXCERPTS/QUOTES:</b></p><p>"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."</p><p>"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."</p><p>====</p><p>(A nice bonus beyond blocking adbanners via HOSTS too, because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below, several examples thereof no less), because you don't waste between 30-N ms calling out to an external DNS!</p><p>(Again, and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it)</p><p>Thus, <b>SO, even IF your DNS servers go down, or are "dns poisoned"</b> (or fall to yet another security flaw, many are in my "p.s." below no less, as documented evidences thereof to my statements here no less)?</p><p>Well, <b>by using a custom HOSTS file setup, you can STILL GET TO YOUR FAV. SITES IF HARDCODED in your HOSTS FILE &amp; @ higher speeds than DNS server calls, 30-N times faster in fact</b> (a good thing, but one you may have to periodically alter, easily, via notepad.exe edits of your HOSTS file &amp; a ping to update their new address (sites change hosting providers due to better services or prices, rare, but they do &amp; MOST let you know they are about to do so anyhow, so you can amend a HOSTS file)).</p><p>NICEST PART IS, THOUGH, PER YOUR STATEMENT (in addition to the benefits of HOSTS file I note above, alongside others like Mr. Oliver Day of SECURITYFOCUS.COM)?</p><p>I will STILL get to where it is that I WANT TO GO, not the router's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least, because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL, not via my routers' onboard DNS server...</p><p>APK</p><p>P.S.=&gt; Evidences as to WHY you'd want to add on the "extra layered security protection" of a HOSTS file, which extends global security coverage to your webbound apps, AND, allows for a great deal of added extra speed as well? Ok, here are some documented reasons why like:</p><p>a.) DNS servers vulnerable, under attack, failing or being "DNS poisoned" misdirected &amp; more</p><p>b.) Security suites failing vs. modern "blended threats" online</p><p>c.) javascript being used to do most of this via apps)</p><p>d.) adbanners being maliciously coded also...</p><p>(Here we go with documented proofs/examples:)</p><p>====</p><p><b>POISONED MALSCRIPTED ADBANNERS</b></p><p><b>The Next Ad You Click May Be a Virus:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/06/15/2056219" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/06/15/2056219</a> [slashdot.org]</p><p>----</p><p><b>Attackers Infect Ads With Old Adobe Vulnerability:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/02/25/024211" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/02/25/024211</a> [slashdot.org]</p><p>----</p><p><b>Hackers Use Banner Ads on Major Sites to Hijack Your PC:</b></p><p><a href="http://www.wired.com/techbiz/media/news/2007/11/doubleclick" title="wired.com" rel="nofollow">http://www.wired.com/techbiz/media/news/2007/11/doubleclick</a> [wired.com]</p><p>----</p><p><b>Adobe Flash Ads Launching Clipboard Hijack Attacks:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss</a> [slashdot.org]</p><p>----</p><p><b>Slashdot | Americans Don't Want Targeted Ads:</b></p><p><a href="http://yro.slashdot.org/article.pl?sid=09/10/01/1854214" title="slashdot.org" rel="nofollow">http://yro.slashdot.org/article.pl?sid=09/10/01/1854214</a> [slashdot.org]</p><p>====</p><p><b>DNS PROBLEMS:</b></p><p><b>Number of Rogue DNS Servers on the Rise:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212</a> [slashdot.org]</p><p>----</p><p><b>Security Researcher Kaminsky Pushes DNS Patching:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/02/19/2322231" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/02/19/2322231</a> [slashdot.org]</p><p>----</p><p><b>Ten Percent of DNS Servers Still Vulnerable:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235</a> [slashdot.org]</p><p>----</p><p><b>TimeWarner DNS Hijacking:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=07/07/23/2140208" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=07/07/23/2140208</a> [slashdot.org]</p><p>----</p><p><b>Another DNS Flaw Found:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=09/01/09/2348240" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=09/01/09/2348240</a> [slashdot.org]</p><p>----</p><p><b>Attack Code Published For DNS Vulnerability:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254</a> [slashdot.org]</p><p>----</p><p><b>BIND Still Susceptible To DNS Cache Poisoning:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222</a> [slashdot.org]</p><p>----</p><p><b>DDoS Attacks Via DNS Recursion:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209</a> [slashdot.org]</p><p>----</p><p><b>DNS Poisoning Hits One of China's Biggest ISPs:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250</a> [slashdot.org]</p><p>----</p><p><b>DNS Root Servers Attacked:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225</a> [slashdot.org]</p><p>----</p><p><b>DNS Problem Linked To DDoS Attacks Gets Worse:</b></p><p><a href="http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858</a> [slashdot.org]</p><p>----</p><p><b>Are your servers vulnerable to DNS attacks?</b></p><p><a href="http://www.networkworld.com/news/2007/111907-dns-attacks.html" title="networkworld.com" rel="nofollow">http://www.networkworld.com/news/2007/111907-dns-attacks.html</a> [networkworld.com]</p><p>----</p><p><b>Kaminsky On DNS Bugs a Year Later and DNSSEC:</b></p><p><a href="http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC" title="slashdot.org" rel="nofollow">http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC</a> [slashdot.org]</p><p>----</p><p><b>DNS users put higher premium on security:</b></p><p><a href="http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/" title="techworld.com" rel="nofollow">http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/</a> [techworld.com]</p><p>----</p><p><b>BIND, the Buggy Internet Name Daemon:</b></p><p><a href="http://cr.yp.to/djbdns/blurb/unbind.html" title="cr.yp.to" rel="nofollow">http://cr.yp.to/djbdns/blurb/unbind.html</a> [cr.yp.to]</p><p>(Where djbdns was found to have flaw, though it was alleged invulnerable, they paid out $10,000 reward)</p><p>----</p><p><b>DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE:</b></p><p><a href="http://blogs.zdnet.com/security/?p=1520" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=1520</a> [zdnet.com]</p><p>----</p><p><b>DNS REBINDING ATTACKS: MultiPinning Browser JavaScript Vulnerability</b> (how to protect yourself):</p><p><a href="http://crypto.stanford.edu/dns/" title="stanford.edu" rel="nofollow">http://crypto.stanford.edu/dns/</a> [stanford.edu]</p><p>----</p><p><b>Hackers hijack DNS records of high profile New Zealand sites:</b></p><p><a href="http://blogs.zdnet.com/security/?p=3185" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=3185</a> [zdnet.com]</p><p>====</p><p><b>SECURITY SUITE PROGRAMS FAILING:</b></p><p><b>AntiVirus Products Fail to Find Simple IE Malware:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=07/10/29/1747237" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=07/10/29/1747237</a> [slashdot.org]</p><p>----</p><p><b>Most Security Products Fail To Perform:</b></p><p><a href="http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652" title="slashdot.org" rel="nofollow">http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652</a> [slashdot.org]</p><p>----</p><p><b>TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM:</b></p><p><a href="http://secunia.com/blog/29/" title="secunia.com" rel="nofollow">http://secunia.com/blog/29/</a> [secunia.com]</p><p>----</p><p><b>Top security suites fail exploit tests:</b></p><p><a href="http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head" title="computerworld.com" rel="nofollow">http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head</a> [computerworld.com]</p><p>----</p><p><b>Antivirus is 'completely wasted money': Cisco CSO: News - Security - ZDNet Australia:</b></p><p><a href="http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert" title="zdnet.com.au" rel="nofollow">http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert</a> [zdnet.com.au]</p><p>----</p><p><b>Are Routers the Next Big Target for Hackers?</b></p><p><a href="http://blogs.zdnet.com/security/?p=919" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=919</a> [zdnet.com]</p><p>----</p><p><b>Software Firewalls: Made of Straw? Part 1 of 2:</b></p><p><a href="http://www.securityfocus.com/infocus/1839" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/infocus/1839</a> [securityfocus.com]</p><p><b>Software Firewalls: Made of Straw? Part 2 of 2:</b></p><p><a href="http://www.securityfocus.com/infocus/1840/2" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/infocus/1840/2</a> [securityfocus.com]</p><p>----</p><p><b>Brief study shows difficulty in detecting malware (2008):</b></p><p><a href="http://www.securityfocus.com/brief/858" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/858</a> [securityfocus.com]</p><p>----</p><p><b>2007 - Browser vulnerabilities and attacks will continue to mount:</b></p><p><a href="http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679" title="infoworld.com" rel="nofollow">http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679</a> [infoworld.com]</p><p>----</p><p><b>Bug exposes Cisco switches to attacks:</b></p><p><a href="http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news" title="cnet.com" rel="nofollow">http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news</a> [cnet.com]</p><p>&amp;</p><p><b>CISCO "COMES CLEAN" ON EXTENT OF IOS FLAW:</b></p><p><a href="http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/" title="eweek.com" rel="nofollow">http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/</a> [eweek.com]</p><p>&amp;</p><p><b>Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability:</b></p><p><a href="http://secunia.com/advisories/28625/" title="secunia.com" rel="nofollow">http://secunia.com/advisories/28625/</a> [secunia.com]</p><p>+</p><p><b>Computer routers face hijack risk - study:</b></p><p><a href="http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss" title="www.cbc.ca" rel="nofollow">http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss</a> [www.cbc.ca]</p><p>Slashdot Technology Story | Will Mainstream Media Embrace Adblockers?</p><p><a href="http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers</a> [slashdot.org]</p><p>----</p><p><b>Congress May Require ISPs To Block Certain Fraud Sites:</b></p><p><a href="http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078" title="slashdot.org" rel="nofollow">http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078</a> [slashdot.org]</p><p>====</p><p><b>JAVASCRIPT PROBLEMS:</b></p><p><b>Slashdot | Adobe Confirms PDF Zero-Day, Says Kill JavaScript:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/04/29/1823234" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/04/29/1823234</a> [slashdot.org]</p><p>----</p><p><b>Adobe Flash Zero-Day Attack Underway:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss</a> [slashdot.org]</p><p>----</p><p><b>JavaScript flaw reported in Adobe Reader</b> (4th or 5th time already, if not more):</p><p><a href="http://www.securityfocus.com/brief/953" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/953</a> [securityfocus.com]</p><p>----</p><p><b>Another malware pulls an Italian job via JAVASCRIPT:</b></p><p><a href="http://blog.trendmicro.com/another-malware-pulls-an-italian-job/" title="trendmicro.com" rel="nofollow">http://blog.trendmicro.com/another-malware-pulls-an-italian-job/</a> [trendmicro.com]</p><p>----</p><p><b>JavaScript opens doors to browser-based attacks | CNET News.com:</b></p><p><a href="http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news" title="com.com" rel="nofollow">http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news</a> [com.com]</p><p>----</p><p><b>Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secunia</b></p><p><a href="http://secunia.com/advisories/29787/" title="secunia.com" rel="nofollow">http://secunia.com/advisories/29787/</a> [secunia.com]</p><p>----</p><p><b>New script outstrips all other drive-by download risks:</b></p><p><a href="http://www.theregister.co.uk/2009/05/15/script\_menace/" title="theregister.co.uk" rel="nofollow">http://www.theregister.co.uk/2009/05/15/script\_menace/</a> [theregister.co.uk]</p><p>----</p><p><b>Researcher to demonstrate attack code for Intel chips via Javascript:</b></p><p><a href="http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036" title="infoworld.com" rel="nofollow">http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036</a> [infoworld.com]</p><p>----</p><p><b>Researcher: JavaScript Attacks Get Slicker:</b></p><p><a href="http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/" title="eweek.com" rel="nofollow">http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/</a> [eweek.com]</p><p>----</p><p><b>Rise Of The PDF Exploits:</b></p><p><a href="http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits" title="trustedsource.org" rel="nofollow">http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits</a> [trustedsource.org]</p><p>----</p><p><b>ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF:</b></p><p><a href="http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219" title="shadowserver.org" rel="nofollow">http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219</a> [shadowserver.org]</p><p>----</p><p><b>AJAX Poses Security, Performance Risks:</b></p><p><a href="http://www.eweek.com/article2/0,1895,1916673,00.asp" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,1916673,00.asp</a> [eweek.com]</p><p>----</p><p><b>Web 2.0 Threats and Risks for Financial Services:</b></p><p><a href="http://www.net-security.org/article.php?id=1004&amp;p=1" title="net-security.org" rel="nofollow">http://www.net-security.org/article.php?id=1004&amp;p=1</a> [net-security.org]</p><p><a href="http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack" title="cbronline.com" rel="nofollow">http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack</a> [cbronline.com]</p><p>----</p><p><b>Cross Site Scripting</b> (GOOGLE) <b>and WHY TO TURN OFF JAVASCRIPT:</b></p><p><a href="http://www.cgisecurity.com/xss-faq.html" title="cgisecurity.com" rel="nofollow">http://www.cgisecurity.com/xss-faq.html</a> [cgisecurity.com]</p><p>----</p><p><b>Why the FBI Director Doesn't Bank Online</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/10/08/0327240" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/10/08/0327240</a> [slashdot.org]</p><p>====</p><p><b>MAJOR ATTACKS (only a small sample) of WHY LAYERED SECURITY IS NEEDED</b></p><p><b>Is the Botnet Battle Already Lost?</b></p><p><a href="http://www.eweek.com/article2/0,1895,2029720,00.asp" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,2029720,00.asp</a> [eweek.com]</p><p>----</p><p><b>IT Pros Say They Can't Stop Data Breaches:</b></p><p><a href="http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD</a> [eweek.com]</p><p>----</p><p><b>Cyber Attacks On US Military Jump Sharply In 2009</b></p><p><a href="http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742</a> [slashdot.org]</p><p>----</p><p><b>Bots Found Inside Many Big Companies:</b></p><p><a href="http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html" title="baselinemag.com" rel="nofollow">http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html</a> [baselinemag.com]</p><p>----</p><p><b>Bot master owns up to 250,000 zombie PCs:</b></p><p><a href="http://www.securityfocus.com/news/11495" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/news/11495</a> [securityfocus.com]</p><p>----</p><p><b>Bots surge ahead (2007):</b></p><p><a href="http://www.securityfocus.com/brief/466" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/466</a> [securityfocus.com]</p><p>----</p><p><b>Chinese Hackers Hit Commerce Department:</b></p><p><a href="http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227" title="informationweek.com" rel="nofollow">http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227</a> [informationweek.com]</p><p>----</p><p><b>CIA Admits Cyberattacks Blacked Out Cities:</b></p><p><a href="http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631" title="informationweek.com" rel="nofollow">http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631</a> [informationweek.com]</p><p>----</p><p><b>Compromised Banks and Investment sites list 2006:</b></p><p><a href="http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679" title="slashdot.org" rel="nofollow">http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679</a> [slashdot.org]</p><p>----</p><p><b>Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Massive IFRAME SEO Poisoning Attack Continuing:</b></p><p><a href="http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html" title="blogspot.com" rel="nofollow">http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html</a> [blogspot.com]</p><p>----</p><p><b>Data at Bank of America, Wachovia, others compromised - May. 23, 2005:</b></p><p><a href="http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm" title="cnn.com" rel="nofollow">http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm</a> [cnn.com]</p><p>----</p><p><b>Fresh Security Breaches at Los Alamos:</b></p><p><a href="http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/" title="msn.com" rel="nofollow">http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/</a> [msn.com]</p><p>----</p><p><b>Infected job search sites lead to info theft for 46,000:</b></p><p><a href="http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000" title="computerworld.com" rel="nofollow">http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000</a> [computerworld.com]</p><p>----</p><p><b>New Mega-Botnet Discovered:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/04/22/2223214" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/04/22/2223214</a> [slashdot.org]</p><p>----</p><p>I think THAT list ought to "enlighten" ANYONE, as to why "layered security" is &amp; has been considered largely to be "THE WAY TO GO", vs. that list above (which is only a SMALL \%-age of what I can come up with in regards to threats online + their causes)... HOSTS files help protect vs. those, on several levels - DO consider their usage!</p><p>I'd like to also end this, on a little quote from a fav. film of mine:</p><p><b>"My name is Dr. Robert Neville. I am a survivor living in New York City. I am broadcasting on all a.m. frequencies. I will be in the south street seaport everyday at midday when the sun is highest in the sky. If you are out there, if anyone is out there, I can provide food; I can provide shelter; I can provide security -&gt; <a href="http://www.tcmagazine.com/forums/index.php?s=44b7ce1c3ee460d32e68cb97f2597368&amp;showtopic=2662" title="tcmagazine.com" rel="nofollow">http://www.tcmagazine.com/forums/index.php?s=44b7ce1c3ee460d32e68cb97f2597368&amp;showtopic=2662</a> [tcmagazine.com] . If there's anybody out there, anybody, please... you are not alone."</b> - Dr. Robert Neville, I AM LEGEND</p><p>&amp; that film inspired me to write that guide for securing Windows NT-based OS variants, @ the end of 2007, + for my "New Year's Resolution" for 2008, of "Do the right thing &amp; 'pay it forward'"... &amp;, it works.</p><p>Here though?</p><p>Well, I only suggested a SMALL part of that guide here, but a crucial &amp; EFFECTIVE ONE, &amp; mainly because it fits the bill here QUITE specifically &amp; functions globally, instead of just being good for 1 set of apps only (like FF addons are only, unfortunately), &amp; it doesn't eat CPU like those do either OR slow you down (if anything? They speed you up HUGELY, in addition to securing you too as a bonus)...apk</p></div>
	</htmltext>
<tokenext>" This is all necessary : they do what they MUST to get response from the ads .
" - by rbrander ( 73222 ) on Monday November 30 , @ 01 : 52PM ( # 30272670 ) HomepageIt 's NOT " necessary " @ all , &amp; here is how you get a faster + SAFER , almost " HBO Style internet " ( no commercials &amp; slowdowns + adbanner malware infestation ( yes , that happens a lot too , proof 's in my " p.s .
" below in fact , more than just a few times ) ) , easily , &amp; from a SINGLE EASILY EDITED FILE ! Per my subject line above ?
How about a GLOBAL solution , instead , &amp; one that extends to ALL of your " webbound apps " , instead , &amp; NOT just to Mozilla softwares which is all MOST folks ' suggested solutions here today work for... ( think IE , Outlook &amp; other email programs even , + more ) , AND , the solution I propose also acts as " layered security " in combination with the FF/Mozilla only methods you use ( which sadly , your methods are KNOWN to slow your browser down , use CPU cycles &amp; more ( like having bugs &amp; security flaws in themselves too ) ... where this solution does not &amp; covers ALL webbound apps , globally ) ?
? Here is a GOOD SOLID WORK-AROUND , CALLED A HOSTS FILE !
( It works for more speed online , AND SECURITY ESPECIALLY... ) HOSTS files also work to YOUR ADVANTAGE , for your money , because you pay for your linetime out of pocket most likely as I do , you can get back your speed , AND , gain security easily , &amp; from a single easily edited file &amp; a file eats no CPU cycles like a local DNS server can ( &amp; are not as security vulnerable either if you protect write access to a HOSTS file also ) ... Anyhow/anyways - Here goes : SO - " that all said &amp; aside " ?
Well , per your reply ? ?
You 're solutions cost CPU cycles &amp; are KNOWN to slow down FF/Mozilla variants ( as browser addons do ) , but... Hey - NO PROBLEM , because HOSTS files work alongside those addons too , &amp; offer you more speed online AND more security , via a SINGLE EASILY EDITED + POPULATED FILE ( called a HOSTS file ) : I use a custom HOSTS file , in addition to the tools others here in this thread have noted ( which MANY like FF addons only really function for FireFox/Mozilla products , but do n't extend globally to all other webbound applications , &amp; that is part of what HOSTS files give you above the methods you extoll + utilize : " GLOBAL COVERAGE " , &amp; of ALL webbound apps , not just FireFox/Mozilla ones via the addons you noted + use yourself... ) .HOSTS files can be used to blockout KNOWN " bad " adserves , maliciously coded sites or adbanners , and " botnet C&amp;C servers " too ! You can obtain reliable HOSTS files from reputable lists for more security online , but also for speed !
( More on that later &amp; WHY/HOW ( I use reliable lists for that , such as these HOSTS @ Wikipedia.com - &gt; http : //en.wikipedia.org/wiki/Hosts \ _file [ wikipedia.org ] or those from mvps.org ( a good one this one ) ) I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats , via : ----A .
) Spybot " Search &amp; Destroy " updates ( populates HOSTS and browser block lists ) B .
) Sites like ZDNet 's Mr. Dancho Danchev 's blog - &gt; http : //ddanchev.blogspot.com/ [ blogspot.com ] C. ) Sites like FireEye - &gt; http : //blog.fireeye.com/ [ fireeye.com ] D. ) SRI - &gt; http : //mtc.sri.com/ [ sri.com ] ----My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online ( by blocking adbanners , which have been compromised many times the past few years now by malscripted exploits ( examples below ) ) .
( I combined ALL reputable HOSTS files with one of my own ( 30,000 entries ) , &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called " APK HOSTS File Grinder 4.0 + + " .
That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter ' IP address to either 0.0.0.0 ( for VISTA/Windows Server 2008/Windows 7 , smaller &amp; thus faster than 127.0.0.1 default ) or the smallest &amp; fastest 0 " blocking 'IP ADDRESS ' " ( for Windows 2000/XP/Server 2003 which can STILL use it ( &amp; it was added in a service pack on Windows 2000 , only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards ( &amp; now all these " phunny little bugs " are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall , which ROOTKIT.COM has stated ( with code too no less on how it is done ) - &gt; http : //www.rootkit.com/newsread.php ? newsid = 952 [ rootkit.com ] [ rootkit.com ] that it is EASIER TO UNHOOK ( than was the design used in Windows 2000/XP/Server 2003 ) ) Another EXCELLENT benefit of HOSTS file usage ?
More speed online , &amp; also more security + reliability ( especially in the case of DNS servers today , per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now ) ...AND , YOU CAN GET EVEN MORE SPEED , and RELIABILITY ( vs. downed or " DNS poisoned/misdirected " dns servers too ) via yet another " hidden bonus for speed " in HOSTS files : HOW SO ?
WELL - I use another " technique " called " hardcoding " an IP address to domainname/hostname in my HOSTS files , for my FAVORITE websites : This allows me to FIRST bypass any remote/external DNS lookups , which also would in theory @ least , make me " proofed " vs. DNS request logs by my ISP/BSP also .
( Especially since I use external DNS servers too , OpenDNS ones to be specific , that go beyond my hardcoded favs in my HOSTS file because I ca n't ping &amp; resolve the ENTIRE internet after all ) This also makes it harder for others to track me... ( Sure , they could do a " reverse DNS lookup " via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest , but that is harder to do , than looking up my URL requests via a log on a DNS server ) ) ALSO , AS ANOTHER " BONUS " in HOSTS FILES ( ca n't stress it enough , &amp; especially above + beyond adbanner blocking ) : It speeds you up , or can ! E.G.- &gt; A buddy of mine named Jack says it has ( verbatim quote ) " DOUBLED MY SPEED ONLINE , BUT I VALUE THE SECURITY PART MORE " , because he used to get over 200 + + viruses a week , now ?
Only maybe 2 a year IF THAT lately , &amp; he is convinced it is largely due to the HOSTS file I send him weekly ( he is my " lab rat # 1 " due to his previous infestation rate ) , &amp; if that " anecdotal evidence " is not enough ?
See this then , from a published security guru on a respected site for it : = = = = RESURRECTING THE KILLFILE : ( by Mr. Oliver Day ) http : //www.securityfocus.com/columnists/491 [ securityfocus.com ] PERTINENT EXCERPTS/QUOTES : " The host file on my day-to-day laptop is now over 16,000 lines long .
Accessing the Internet particularly browsing the Web is actually faster now .
" " From what I have seen in my research , major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade .
The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties .
More recently , projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware .
" = = = = ( A nice bonus beyond blocking adbanners via HOSTS too , because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below , several examples thereof no less ) , because you do n't waste between 30-N ms calling out to an external DNS !
( Again , and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it ) Thus , SO , even IF your DNS servers go down , or are " dns poisoned " ( or fall to yet another security flaw , many are in my " p.s .
" below no less , as documented evidences thereof to my statements here no less ) ? Well , by using a custom HOSTS file setup , you can STILL GET TO YOUR FAV .
SITES IF HARDCODED in your HOSTS FILE &amp; @ higher speeds than DNS server calls , 30-N times faster in fact ( a good thing , but one you may have to periodically alter , easily , via notepad.exe edits of your HOSTS file &amp; a ping to update their new address ( sites change hosting providers due to better services or prices , rare , but they do &amp; MOST let you know they are about to do so anyhow , so you can amend a HOSTS file ) ) .NICEST PART IS , THOUGH , PER YOUR STATEMENT ( in addition to the benefits of HOSTS file I note above , alongside others like Mr. Oliver Day of SECURITYFOCUS.COM ) ? I will STILL get to where it is that I WANT TO GO , not the router 's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least , because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL , not via my routers ' onboard DNS server...APKP.S. = &gt; Evidences as to WHY you 'd want to add on the " extra layered security protection " of a HOSTS file , which extends global security coverage to your webbound apps , AND , allows for a great deal of added extra speed as well ?
Ok , here are some documented reasons why like : a .
) DNS servers vulnerable , under attack , failing or being " DNS poisoned " misdirected &amp; moreb .
) Security suites failing vs. modern " blended threats " onlinec .
) javascript being used to do most of this via apps ) d. ) adbanners being maliciously coded also... ( Here we go with documented proofs/examples : ) = = = = POISONED MALSCRIPTED ADBANNERSThe Next Ad You Click May Be a Virus : http : //it.slashdot.org/article.pl ? sid = 09/06/15/2056219 [ slashdot.org ] ----Attackers Infect Ads With Old Adobe Vulnerability : http : //it.slashdot.org/article.pl ? sid = 09/02/25/024211 [ slashdot.org ] ----Hackers Use Banner Ads on Major Sites to Hijack Your PC : http : //www.wired.com/techbiz/media/news/2007/11/doubleclick [ wired.com ] ----Adobe Flash Ads Launching Clipboard Hijack Attacks : http : //it.slashdot.org/article.pl ? sid = 08/08/20/0029220&amp;from = rss [ slashdot.org ] ----Slashdot | Americans Do n't Want Targeted Ads : http : //yro.slashdot.org/article.pl ? sid = 09/10/01/1854214 [ slashdot.org ] = = = = DNS PROBLEMS : Number of Rogue DNS Servers on the Rise : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/02/15/2118212 [ slashdot.org ] ----Security Researcher Kaminsky Pushes DNS Patching : http : //it.slashdot.org/article.pl ? sid = 09/02/19/2322231 [ slashdot.org ] ----Ten Percent of DNS Servers Still Vulnerable : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 05/08/04/1525235 [ slashdot.org ] ----TimeWarner DNS Hijacking : http : //tech.slashdot.org/article.pl ? sid = 07/07/23/2140208 [ slashdot.org ] ----Another DNS Flaw Found : http : //tech.slashdot.org/article.pl ? sid = 09/01/09/2348240 [ slashdot.org ] ----Attack Code Published For DNS Vulnerability : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/07/23/231254 [ slashdot.org ] ----BIND Still Susceptible To DNS Cache Poisoning : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/08/09/123222 [ slashdot.org ] ----DDoS Attacks Via DNS Recursion : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 06/03/16/1658209 [ slashdot.org ] ----DNS Poisoning Hits One of China 's Biggest ISPs : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/08/21/2343250 [ slashdot.org ] ----DNS Root Servers Attacked : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 07/02/06/2238225 [ slashdot.org ] ----DNS Problem Linked To DDoS Attacks Gets Worse : http : //tech.slashdot.org/comments.pl ? sid = 1444354&amp;cid = 30109858 [ slashdot.org ] ----Are your servers vulnerable to DNS attacks ? http : //www.networkworld.com/news/2007/111907-dns-attacks.html [ networkworld.com ] ----Kaminsky On DNS Bugs a Year Later and DNSSEC : http : //it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC [ slashdot.org ] ----DNS users put higher premium on security : http : //news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/ [ techworld.com ] ----BIND , the Buggy Internet Name Daemon : http : //cr.yp.to/djbdns/blurb/unbind.html [ cr.yp.to ] ( Where djbdns was found to have flaw , though it was alleged invulnerable , they paid out $ 10,000 reward ) ----DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE : http : //blogs.zdnet.com/security/ ? p = 1520 [ zdnet.com ] ----DNS REBINDING ATTACKS : MultiPinning Browser JavaScript Vulnerability ( how to protect yourself ) : http : //crypto.stanford.edu/dns/ [ stanford.edu ] ----Hackers hijack DNS records of high profile New Zealand sites : http : //blogs.zdnet.com/security/ ? p = 3185 [ zdnet.com ] = = = = SECURITY SUITE PROGRAMS FAILING : AntiVirus Products Fail to Find Simple IE Malware : http : //tech.slashdot.org/article.pl ? sid = 07/10/29/1747237 [ slashdot.org ] ----Most Security Products Fail To Perform : http : //hardware.slashdot.org/comments.pl ? sid = 1445302&amp;threshold = -1&amp;commentsort = 0&amp;mode = thread&amp;pid = 30114652 [ slashdot.org ] ----TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM : http : //secunia.com/blog/29/ [ secunia.com ] ----Top security suites fail exploit tests : http : //www.computerworld.com/s/article/9117042/Top \ _security \ _suites \ _fail \ _exploit \ _tests ? intsrc = news \ _ts \ _head [ computerworld.com ] ----Antivirus is 'completely wasted money ' : Cisco CSO : News - Security - ZDNet Australia : http : //www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm ? feed = pt \ _auscert [ zdnet.com.au ] ----Are Routers the Next Big Target for Hackers ? http : //blogs.zdnet.com/security/ ? p = 919 [ zdnet.com ] ----Software Firewalls : Made of Straw ?
Part 1 of 2 : http : //www.securityfocus.com/infocus/1839 [ securityfocus.com ] Software Firewalls : Made of Straw ?
Part 2 of 2 : http : //www.securityfocus.com/infocus/1840/2 [ securityfocus.com ] ----Brief study shows difficulty in detecting malware ( 2008 ) : http : //www.securityfocus.com/brief/858 [ securityfocus.com ] ----2007 - Browser vulnerabilities and attacks will continue to mount : http : //www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679 [ infoworld.com ] ----Bug exposes Cisco switches to attacks : http : //news.cnet.com/Bug-exposes-Cisco-switches + to + attacks/2110-7349 \ _3-5902897.html ? part = rss&amp;tag = 5902897&amp;subj = news [ cnet.com ] &amp;CISCO " COMES CLEAN " ON EXTENT OF IOS FLAW : http : //www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/ [ eweek.com ] &amp;Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability : http : //secunia.com/advisories/28625/ [ secunia.com ] + Computer routers face hijack risk - study : http : //www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html ? ref = rss [ www.cbc.ca ] Slashdot Technology Story | Will Mainstream Media Embrace Adblockers ? http : //tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers [ slashdot.org ] ----Congress May Require ISPs To Block Certain Fraud Sites : http : //yro.slashdot.org/comments.pl ? sid = 1432514&amp;cid = 30024078 [ slashdot.org ] = = = = JAVASCRIPT PROBLEMS : Slashdot | Adobe Confirms PDF Zero-Day , Says Kill JavaScript : http : //it.slashdot.org/article.pl ? sid = 09/04/29/1823234 [ slashdot.org ] ----Adobe Flash Zero-Day Attack Underway : http : //it.slashdot.org/article.pl ? sid = 08/05/28/0138247&amp;from = rss [ slashdot.org ] ----JavaScript flaw reported in Adobe Reader ( 4th or 5th time already , if not more ) : http : //www.securityfocus.com/brief/953 [ securityfocus.com ] ----Another malware pulls an Italian job via JAVASCRIPT : http : //blog.trendmicro.com/another-malware-pulls-an-italian-job/ [ trendmicro.com ] ----JavaScript opens doors to browser-based attacks | CNET News.com : http : //news.com.com/JavaScript + opens + doors + to + browser-based + attacks/2100-7349 \ _3-6099891.html ? part = rss&amp;tag = 6099891&amp;subj = news [ com.com ] ----Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secuniahttp : //secunia.com/advisories/29787/ [ secunia.com ] ----New script outstrips all other drive-by download risks : http : //www.theregister.co.uk/2009/05/15/script \ _menace/ [ theregister.co.uk ] ----Researcher to demonstrate attack code for Intel chips via Javascript : http : //www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036 [ infoworld.com ] ----Researcher : JavaScript Attacks Get Slicker : http : //www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/ [ eweek.com ] ----Rise Of The PDF Exploits : http : //www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits [ trustedsource.org ] ----ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF : http : //www.shadowserver.org/wiki/pmwiki.php ? n = Calendar.20090219 [ shadowserver.org ] ----AJAX Poses Security , Performance Risks : http : //www.eweek.com/article2/0,1895,1916673,00.asp [ eweek.com ] ----Web 2.0 Threats and Risks for Financial Services : http : //www.net-security.org/article.php ? id = 1004&amp;p = 1 [ net-security.org ] http : //www.cbronline.com/news/web \ _20 \ _is \ _vulnerable \ _to \ _attack [ cbronline.com ] ----Cross Site Scripting ( GOOGLE ) and WHY TO TURN OFF JAVASCRIPT : http : //www.cgisecurity.com/xss-faq.html [ cgisecurity.com ] ----Why the FBI Director Does n't Bank Onlinehttp : //it.slashdot.org/article.pl ? sid = 09/10/08/0327240 [ slashdot.org ] = = = = MAJOR ATTACKS ( only a small sample ) of WHY LAYERED SECURITY IS NEEDEDIs the Botnet Battle Already Lost ? http : //www.eweek.com/article2/0,1895,2029720,00.asp [ eweek.com ] ----IT Pros Say They Ca n't Stop Data Breaches : http : //www.eweek.com/article2/0,1895,2010325,00.asp ? kc = EWNAVEMNL083106EOAD [ eweek.com ] ----Cyber Attacks On US Military Jump Sharply In 2009http : //tech.slashdot.org/comments.pl ? sid = 1452358&amp;threshold = -1&amp;commentsort = 0&amp;mode = thread&amp;cid = 30185742 [ slashdot.org ] ----Bots Found Inside Many Big Companies : http : //blogs.baselinemag.com/security/content001/cybercrime/bots \ _found \ _inside \ _many \ _big \ _companies.html [ baselinemag.com ] ----Bot master owns up to 250,000 zombie PCs : http : //www.securityfocus.com/news/11495 [ securityfocus.com ] ----Bots surge ahead ( 2007 ) : http : //www.securityfocus.com/brief/466 [ securityfocus.com ] ----Chinese Hackers Hit Commerce Department : http : //www.informationweek.com/news/security/government/showArticle.jhtml ? articleID = 193105227 [ informationweek.com ] ----CIA Admits Cyberattacks Blacked Out Cities : http : //www.informationweek.com/news/internet/showArticle.jhtml ? articleID = 205901631 [ informationweek.com ] ----Compromised Banks and Investment sites list 2006 : http : //it.slashdot.org/comments.pl ? sid = 233921&amp;cid = 19035679 [ slashdot.org ] ----Dancho Danchev 's Blog - Mind Streams of Information Security Knowledge : Massive IFRAME SEO Poisoning Attack Continuing : http : //ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html [ blogspot.com ] ----Data at Bank of America , Wachovia , others compromised - May .
23 , 2005 : http : //money.cnn.com/2005/05/23/news/fortune500/bank \ _info/index.htm [ cnn.com ] ----Fresh Security Breaches at Los Alamos : http : //www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/ [ msn.com ] ----Infected job search sites lead to info theft for 46,000 : http : //www.computerworld.com/s/article/9031139/Infected \ _job \ _search \ _sites \ _lead \ _to \ _info \ _theft \ _for \ _46 \ _000 [ computerworld.com ] ----New Mega-Botnet Discovered : http : //it.slashdot.org/article.pl ? sid = 09/04/22/2223214 [ slashdot.org ] ----I think THAT list ought to " enlighten " ANYONE , as to why " layered security " is &amp; has been considered largely to be " THE WAY TO GO " , vs. that list above ( which is only a SMALL \ % -age of what I can come up with in regards to threats online + their causes ) ... HOSTS files help protect vs. those , on several levels - DO consider their usage ! I 'd like to also end this , on a little quote from a fav .
film of mine : " My name is Dr. Robert Neville .
I am a survivor living in New York City .
I am broadcasting on all a.m. frequencies. I will be in the south street seaport everyday at midday when the sun is highest in the sky .
If you are out there , if anyone is out there , I can provide food ; I can provide shelter ; I can provide security - &gt; http : //www.tcmagazine.com/forums/index.php ? s = 44b7ce1c3ee460d32e68cb97f2597368&amp;showtopic = 2662 [ tcmagazine.com ] .
If there 's anybody out there , anybody , please... you are not alone .
" - Dr. Robert Neville , I AM LEGEND&amp; that film inspired me to write that guide for securing Windows NT-based OS variants , @ the end of 2007 , + for my " New Year 's Resolution " for 2008 , of " Do the right thing &amp; 'pay it forward ' " ... &amp; , it works.Here though ? Well , I only suggested a SMALL part of that guide here , but a crucial &amp; EFFECTIVE ONE , &amp; mainly because it fits the bill here QUITE specifically &amp; functions globally , instead of just being good for 1 set of apps only ( like FF addons are only , unfortunately ) , &amp; it does n't eat CPU like those do either OR slow you down ( if anything ?
They speed you up HUGELY , in addition to securing you too as a bonus ) ...apk</tokentext>
<sentencetext>"This is all necessary: they do what they MUST to get response from the ads.
" - by rbrander (73222) on Monday November 30, @01:52PM (#30272670) HomepageIt's NOT "necessary" @ all, &amp; here is how you get a faster + SAFER, almost "HBO Style internet" (no commercials &amp; slowdowns + adbanner malware infestation (yes, that happens a lot too, proof's in my "p.s.
" below in fact, more than just a few times)), easily, &amp; from a SINGLE EASILY EDITED FILE!Per my subject line above?
How about a GLOBAL solution, instead, &amp; one that extends to ALL of your "webbound apps", instead, &amp; NOT just to Mozilla softwares which is all MOST folks' suggested solutions here today work for... (think IE, Outlook &amp; other email programs even, + more), AND, the solution I propose also acts as "layered security" in combination with the FF/Mozilla only methods you use  (which sadly, your methods are KNOWN to slow your browser down, use CPU cycles &amp; more (like having bugs &amp; security flaws in themselves too)... where this solution does not &amp; covers ALL webbound apps, globally)?
?Here is a GOOD SOLID WORK-AROUND, CALLED A HOSTS FILE!
(It works for more speed online, AND SECURITY ESPECIALLY...)HOSTS files also work to YOUR ADVANTAGE, for your money, because you pay for your linetime out of pocket most likely as I do, you can get back your speed, AND, gain security easily, &amp; from a single easily edited file &amp; a file eats no CPU cycles like a local DNS server can (&amp; are not as security vulnerable either if you protect write access to a HOSTS file also)... Anyhow/anyways - Here goes:SO - "that all said &amp; aside"?
Well, per your reply??
You're solutions cost CPU cycles &amp; are KNOWN to slow down FF/Mozilla variants (as browser addons do), but... Hey - NO PROBLEM, because HOSTS files work alongside those addons too, &amp; offer you more speed online AND more security, via a SINGLE EASILY EDITED + POPULATED FILE (called a HOSTS file):I use a custom HOSTS file, in addition to the tools others here in this thread have noted (which MANY like FF addons only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, &amp; that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", &amp; of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&amp;C servers" too!You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!
(More on that later &amp; WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -&gt; http://en.wikipedia.org/wiki/Hosts\_file [wikipedia.org] or those from mvps.org (a good one this one))I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats, via:----A.
) Spybot "Search &amp; Destroy" updates (populates HOSTS and browser block lists)B.
) Sites like ZDNet's Mr. Dancho Danchev's blog -&gt; http://ddanchev.blogspot.com/ [blogspot.com]C.) Sites like FireEye -&gt; http://blog.fireeye.com/ [fireeye.com]D.) SRI -&gt; http://mtc.sri.com/ [sri.com]----My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).
(I combined ALL reputable HOSTS files with one of my own (30,000 entries), &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++".
That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller &amp; thus faster than 127.0.0.1 default) or the smallest &amp; fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (&amp; it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (&amp; now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -&gt; http://www.rootkit.com/newsread.php?newsid=952 [rootkit.com] [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))Another EXCELLENT benefit of HOSTS file usage?
More speed online, &amp; also more security + reliability (especially in the case of DNS servers today, per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...AND, YOU CAN GET EVEN MORE SPEED, and RELIABILITY (vs. downed or "DNS poisoned/misdirected" dns servers too) via yet another "hidden bonus for speed" in HOSTS files:HOW SO?
WELL - I use another "technique" called "hardcoding" an IP address to domainname/hostname in my HOSTS files, for my FAVORITE websites:This allows me to FIRST bypass any remote/external DNS lookups, which also would in theory @ least, make me "proofed" vs. DNS request logs by my ISP/BSP also.
(Especially since I use external DNS servers too, OpenDNS ones to be specific, that go beyond my hardcoded favs in my HOSTS file because I can't ping &amp; resolve the ENTIRE internet after all)This also makes it harder for others to track me...(Sure, they could do a "reverse DNS lookup" via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest, but that is harder to do, than looking up my URL requests via a log on a DNS server))ALSO, AS ANOTHER "BONUS" in HOSTS FILES (can't stress it enough, &amp; especially above + beyond adbanner blocking):  It speeds you up, or can!E.G.-&gt; A buddy of mine named Jack says it has (verbatim quote) "DOUBLED MY SPEED ONLINE, BUT I VALUE THE SECURITY PART MORE", because he used to get over 200++ viruses a week, now?
Only maybe 2 a year IF THAT lately, &amp; he is convinced it is largely due to the HOSTS file I send him weekly (he is my "lab rat #1" due to his previous infestation rate), &amp; if that "anecdotal evidence" is not enough?
See this then, from a published security guru on a respected site for it:====RESURRECTING THE KILLFILE:(by Mr. Oliver Day)http://www.securityfocus.com/columnists/491 [securityfocus.com]PERTINENT EXCERPTS/QUOTES:"The host file on my day-to-day laptop is now over 16,000 lines long.
Accessing the Internet particularly browsing the Web is actually faster now.
""From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade.
The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties.
More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware.
"====(A nice bonus beyond blocking adbanners via HOSTS too, because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below, several examples thereof no less), because you don't waste between 30-N ms calling out to an external DNS!
(Again, and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it)Thus, SO, even IF your DNS servers go down, or are "dns poisoned" (or fall to yet another security flaw, many are in my "p.s.
" below no less, as documented evidences thereof to my statements here no less)?Well, by using a custom HOSTS file setup, you can STILL GET TO YOUR FAV.
SITES IF HARDCODED in your HOSTS FILE &amp; @ higher speeds than DNS server calls, 30-N times faster in fact (a good thing, but one you may have to periodically alter, easily, via notepad.exe edits of your HOSTS file &amp; a ping to update their new address (sites change hosting providers due to better services or prices, rare, but they do &amp; MOST let you know they are about to do so anyhow, so you can amend a HOSTS file)).NICEST PART IS, THOUGH, PER YOUR STATEMENT (in addition to the benefits of HOSTS file I note above, alongside others like Mr. Oliver Day of SECURITYFOCUS.COM)?I will STILL get to where it is that I WANT TO GO, not the router's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least, because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL, not via my routers' onboard DNS server...APKP.S.=&gt; Evidences as to WHY you'd want to add on the "extra layered security protection" of a HOSTS file, which extends global security coverage to your webbound apps, AND, allows for a great deal of added extra speed as well?
Ok, here are some documented reasons why like:a.
) DNS servers vulnerable, under attack, failing or being "DNS poisoned" misdirected &amp; moreb.
) Security suites failing vs. modern "blended threats" onlinec.
) javascript being used to do most of this via apps)d.) adbanners being maliciously coded also...(Here we go with documented proofs/examples:)====POISONED MALSCRIPTED ADBANNERSThe Next Ad You Click May Be a Virus:http://it.slashdot.org/article.pl?sid=09/06/15/2056219 [slashdot.org]----Attackers Infect Ads With Old Adobe Vulnerability:http://it.slashdot.org/article.pl?sid=09/02/25/024211 [slashdot.org]----Hackers Use Banner Ads on Major Sites to Hijack Your PC:http://www.wired.com/techbiz/media/news/2007/11/doubleclick [wired.com]----Adobe Flash Ads Launching Clipboard Hijack Attacks:http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss [slashdot.org]----Slashdot | Americans Don't Want Targeted Ads:http://yro.slashdot.org/article.pl?sid=09/10/01/1854214 [slashdot.org]====DNS PROBLEMS:Number of Rogue DNS Servers on the Rise:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212 [slashdot.org]----Security Researcher Kaminsky Pushes DNS Patching:http://it.slashdot.org/article.pl?sid=09/02/19/2322231 [slashdot.org]----Ten Percent of DNS Servers Still Vulnerable:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235 [slashdot.org]----TimeWarner DNS Hijacking:http://tech.slashdot.org/article.pl?sid=07/07/23/2140208 [slashdot.org]----Another DNS Flaw Found:http://tech.slashdot.org/article.pl?sid=09/01/09/2348240 [slashdot.org]----Attack Code Published For DNS Vulnerability:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254 [slashdot.org]----BIND Still Susceptible To DNS Cache Poisoning:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222 [slashdot.org]----DDoS Attacks Via DNS Recursion:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209 [slashdot.org]----DNS Poisoning Hits One of China's Biggest ISPs:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250 [slashdot.org]----DNS Root Servers Attacked:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225 [slashdot.org]----DNS Problem Linked To DDoS Attacks Gets Worse:http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858 [slashdot.org]----Are your servers vulnerable to DNS attacks?http://www.networkworld.com/news/2007/111907-dns-attacks.html [networkworld.com]----Kaminsky On DNS Bugs a Year Later and DNSSEC:http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC [slashdot.org]----DNS users put higher premium on security:http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/ [techworld.com]----BIND, the Buggy Internet Name Daemon:http://cr.yp.to/djbdns/blurb/unbind.html [cr.yp.to](Where djbdns was found to have flaw, though it was alleged invulnerable, they paid out $10,000 reward)----DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE:http://blogs.zdnet.com/security/?p=1520 [zdnet.com]----DNS REBINDING ATTACKS: MultiPinning Browser JavaScript Vulnerability (how to protect yourself):http://crypto.stanford.edu/dns/ [stanford.edu]----Hackers hijack DNS records of high profile New Zealand sites:http://blogs.zdnet.com/security/?p=3185 [zdnet.com]====SECURITY SUITE PROGRAMS FAILING:AntiVirus Products Fail to Find Simple IE Malware:http://tech.slashdot.org/article.pl?sid=07/10/29/1747237 [slashdot.org]----Most Security Products Fail To Perform:http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652 [slashdot.org]----TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM:http://secunia.com/blog/29/ [secunia.com]----Top security suites fail exploit tests:http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head [computerworld.com]----Antivirus is 'completely wasted money': Cisco CSO: News - Security - ZDNet Australia:http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert [zdnet.com.au]----Are Routers the Next Big Target for Hackers?http://blogs.zdnet.com/security/?p=919 [zdnet.com]----Software Firewalls: Made of Straw?
Part 1 of 2:http://www.securityfocus.com/infocus/1839 [securityfocus.com]Software Firewalls: Made of Straw?
Part 2 of 2:http://www.securityfocus.com/infocus/1840/2 [securityfocus.com]----Brief study shows difficulty in detecting malware (2008):http://www.securityfocus.com/brief/858 [securityfocus.com]----2007 - Browser vulnerabilities and attacks will continue to mount:http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679 [infoworld.com]----Bug exposes Cisco switches to attacks:http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news [cnet.com]&amp;CISCO "COMES CLEAN" ON EXTENT OF IOS FLAW:http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/ [eweek.com]&amp;Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability:http://secunia.com/advisories/28625/ [secunia.com]+Computer routers face hijack risk - study:http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss [www.cbc.ca]Slashdot Technology Story | Will Mainstream Media Embrace Adblockers?http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers [slashdot.org]----Congress May Require ISPs To Block Certain Fraud Sites:http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078 [slashdot.org]====JAVASCRIPT PROBLEMS:Slashdot | Adobe Confirms PDF Zero-Day, Says Kill JavaScript:http://it.slashdot.org/article.pl?sid=09/04/29/1823234 [slashdot.org]----Adobe Flash Zero-Day Attack Underway:http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss [slashdot.org]----JavaScript flaw reported in Adobe Reader (4th or 5th time already, if not more):http://www.securityfocus.com/brief/953 [securityfocus.com]----Another malware pulls an Italian job via JAVASCRIPT:http://blog.trendmicro.com/another-malware-pulls-an-italian-job/ [trendmicro.com]----JavaScript opens doors to browser-based attacks | CNET News.com:http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news [com.com]----Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secuniahttp://secunia.com/advisories/29787/ [secunia.com]----New script outstrips all other drive-by download risks:http://www.theregister.co.uk/2009/05/15/script\_menace/ [theregister.co.uk]----Researcher to demonstrate attack code for Intel chips via Javascript:http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036 [infoworld.com]----Researcher: JavaScript Attacks Get Slicker:http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/ [eweek.com]----Rise Of The PDF Exploits:http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits [trustedsource.org]----ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF:http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219 [shadowserver.org]----AJAX Poses Security, Performance Risks:http://www.eweek.com/article2/0,1895,1916673,00.asp [eweek.com]----Web 2.0 Threats and Risks for Financial Services:http://www.net-security.org/article.php?id=1004&amp;p=1 [net-security.org]http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack [cbronline.com]----Cross Site Scripting (GOOGLE) and WHY TO TURN OFF JAVASCRIPT:http://www.cgisecurity.com/xss-faq.html [cgisecurity.com]----Why the FBI Director Doesn't Bank Onlinehttp://it.slashdot.org/article.pl?sid=09/10/08/0327240 [slashdot.org]====MAJOR ATTACKS (only a small sample) of WHY LAYERED SECURITY IS NEEDEDIs the Botnet Battle Already Lost?http://www.eweek.com/article2/0,1895,2029720,00.asp [eweek.com]----IT Pros Say They Can't Stop Data Breaches:http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD [eweek.com]----Cyber Attacks On US Military Jump Sharply In 2009http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742 [slashdot.org]----Bots Found Inside Many Big Companies:http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html [baselinemag.com]----Bot master owns up to 250,000 zombie PCs:http://www.securityfocus.com/news/11495 [securityfocus.com]----Bots surge ahead (2007):http://www.securityfocus.com/brief/466 [securityfocus.com]----Chinese Hackers Hit Commerce Department:http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227 [informationweek.com]----CIA Admits Cyberattacks Blacked Out Cities:http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631 [informationweek.com]----Compromised Banks and Investment sites list 2006:http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679 [slashdot.org]----Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Massive IFRAME SEO Poisoning Attack Continuing:http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html [blogspot.com]----Data at Bank of America, Wachovia, others compromised - May.
23, 2005:http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm [cnn.com]----Fresh Security Breaches at Los Alamos:http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/ [msn.com]----Infected job search sites lead to info theft for 46,000:http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000 [computerworld.com]----New Mega-Botnet Discovered:http://it.slashdot.org/article.pl?sid=09/04/22/2223214 [slashdot.org]----I think THAT list ought to "enlighten" ANYONE, as to why "layered security" is &amp; has been considered largely to be "THE WAY TO GO", vs. that list above (which is only a SMALL \%-age of what I can come up with in regards to threats online + their causes)... HOSTS files help protect vs. those, on several levels - DO consider their usage!I'd like to also end this, on a little quote from a fav.
film of mine:"My name is Dr. Robert Neville.
I am a survivor living in New York City.
I am broadcasting on all a.m. frequencies. I will be in the south street seaport everyday at midday when the sun is highest in the sky.
If you are out there, if anyone is out there, I can provide food; I can provide shelter; I can provide security -&gt; http://www.tcmagazine.com/forums/index.php?s=44b7ce1c3ee460d32e68cb97f2597368&amp;showtopic=2662 [tcmagazine.com] .
If there's anybody out there, anybody, please... you are not alone.
" - Dr. Robert Neville, I AM LEGEND&amp; that film inspired me to write that guide for securing Windows NT-based OS variants, @ the end of 2007, + for my "New Year's Resolution" for 2008, of "Do the right thing &amp; 'pay it forward'"... &amp;, it works.Here though?Well, I only suggested a SMALL part of that guide here, but a crucial &amp; EFFECTIVE ONE, &amp; mainly because it fits the bill here QUITE specifically &amp; functions globally, instead of just being good for 1 set of apps only (like FF addons are only, unfortunately), &amp; it doesn't eat CPU like those do either OR slow you down (if anything?
They speed you up HUGELY, in addition to securing you too as a bonus)...apk
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272670</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30277220</id>
	<title>Re:Slow ads...</title>
	<author>Nithendil</author>
	<datestamp>1259585460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Sounds ads are the main reason I stopped using Chrome. I don't mind the advertisements themselves but I cannot tolerate sound based ads. Apparently the developer version of Chrome has a working flashblock but 4.0.223.16 doesn't.</p><p>In addition there has to be a solution between having to choose noscript (which makes the internet just plain annoying to use) and having a browser that is happy to do anything any website requests of it (e.g. flash cookies).</p></htmltext>
<tokenext>Sounds ads are the main reason I stopped using Chrome .
I do n't mind the advertisements themselves but I can not tolerate sound based ads .
Apparently the developer version of Chrome has a working flashblock but 4.0.223.16 does n't.In addition there has to be a solution between having to choose noscript ( which makes the internet just plain annoying to use ) and having a browser that is happy to do anything any website requests of it ( e.g .
flash cookies ) .</tokentext>
<sentencetext>Sounds ads are the main reason I stopped using Chrome.
I don't mind the advertisements themselves but I cannot tolerate sound based ads.
Apparently the developer version of Chrome has a working flashblock but 4.0.223.16 doesn't.In addition there has to be a solution between having to choose noscript (which makes the internet just plain annoying to use) and having a browser that is happy to do anything any website requests of it (e.g.
flash cookies).</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271612</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272434</id>
	<title>Re:Why?</title>
	<author>Anonymous</author>
	<datestamp>1259609400000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p><div class="quote"><p>I realize that most websites run some version or another of "adverts", but generally speaking, most of those sites are marginal value to start. The sites I frequent usually use text ads, and not the flash (pun intended) graphical ads on some of the more questionable sites.</p></div><p>Do you even realize that the hosting/bandwidth for your marginal and questionable comment was paid for by adverts?</p></div>
	</htmltext>
<tokenext>I realize that most websites run some version or another of " adverts " , but generally speaking , most of those sites are marginal value to start .
The sites I frequent usually use text ads , and not the flash ( pun intended ) graphical ads on some of the more questionable sites.Do you even realize that the hosting/bandwidth for your marginal and questionable comment was paid for by adverts ?</tokentext>
<sentencetext>I realize that most websites run some version or another of "adverts", but generally speaking, most of those sites are marginal value to start.
The sites I frequent usually use text ads, and not the flash (pun intended) graphical ads on some of the more questionable sites.Do you even realize that the hosting/bandwidth for your marginal and questionable comment was paid for by adverts?
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271632</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272142</id>
	<title>Ads? What Ads?</title>
	<author>uncledrax</author>
	<datestamp>1259608140000</datestamp>
	<modclass>Redundant</modclass>
	<modscore>0</modscore>
	<htmltext><p>Seriously.. what ads? I'm amazed whenever I have to fire up a default browser and i'm like "There are ads on this page?".. not to mention every now and again<nobr> <wbr></nobr>/. says "Hey you've been nice.. we can turn off ads for you".. "um.. there are ads?"</p><p>Adblock.. I love you.</p><p>(unfortunately it makes FF start up slower<nobr> <wbr></nobr>:/ )</p></htmltext>
<tokenext>Seriously.. what ads ?
I 'm amazed whenever I have to fire up a default browser and i 'm like " There are ads on this page ? " . .
not to mention every now and again / .
says " Hey you 've been nice.. we can turn off ads for you " .. " um.. there are ads ? " Adblock. .
I love you .
( unfortunately it makes FF start up slower : / )</tokentext>
<sentencetext>Seriously.. what ads?
I'm amazed whenever I have to fire up a default browser and i'm like "There are ads on this page?"..
not to mention every now and again /.
says "Hey you've been nice.. we can turn off ads for you".. "um.. there are ads?"Adblock..
I love you.
(unfortunately it makes FF start up slower :/ )</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275846</id>
	<title>Re:Uselful</title>
	<author>Anonymous</author>
	<datestamp>1259580000000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Fail, Mr. 5-digit-uid.</p><p>I can't believe you don't understand simple concepts.  When I enter "http://example.com/" in the browser, I get a page of text and a link.  This is the web in its purest and simplest form.  How can you make an ad hominem attack against one of the cleanest examples of good web site design?  This is completely ridiculous.  You should be ashamed of yourself.</p><p>Fail, just fail.</p></htmltext>
<tokenext>Fail , Mr. 5-digit-uid.I ca n't believe you do n't understand simple concepts .
When I enter " http : //example.com/ " in the browser , I get a page of text and a link .
This is the web in its purest and simplest form .
How can you make an ad hominem attack against one of the cleanest examples of good web site design ?
This is completely ridiculous .
You should be ashamed of yourself.Fail , just fail .</tokentext>
<sentencetext>Fail, Mr. 5-digit-uid.I can't believe you don't understand simple concepts.
When I enter "http://example.com/" in the browser, I get a page of text and a link.
This is the web in its purest and simplest form.
How can you make an ad hominem attack against one of the cleanest examples of good web site design?
This is completely ridiculous.
You should be ashamed of yourself.Fail, just fail.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271716</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275586</id>
	<title>Re:Why?</title>
	<author>Anonymous</author>
	<datestamp>1259579100000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><i>Do you even realize that the hosting/bandwidth for your marginal and questionable comment was paid for by adverts?</i> </p><p>*This* is adding content to Slashdot for free.  It is a two-way street.  A nickle and dime approach would likely leave us all poorer.  Ads are indeed a terrible way to pay for things.  If you place any non-trivial sum on your time's worth, the ad is not worth your time.  I expect ad-free TV content to settle at around $0.25/hour to $1/hour.</p><p>Is there an ad server out their worth unblocking?  No cookies, no javascript, no flash?  If not, fuck 'em.</p></htmltext>
<tokenext>Do you even realize that the hosting/bandwidth for your marginal and questionable comment was paid for by adverts ?
* This * is adding content to Slashdot for free .
It is a two-way street .
A nickle and dime approach would likely leave us all poorer .
Ads are indeed a terrible way to pay for things .
If you place any non-trivial sum on your time 's worth , the ad is not worth your time .
I expect ad-free TV content to settle at around $ 0.25/hour to $ 1/hour.Is there an ad server out their worth unblocking ?
No cookies , no javascript , no flash ?
If not , fuck 'em .</tokentext>
<sentencetext>Do you even realize that the hosting/bandwidth for your marginal and questionable comment was paid for by adverts?
*This* is adding content to Slashdot for free.
It is a two-way street.
A nickle and dime approach would likely leave us all poorer.
Ads are indeed a terrible way to pay for things.
If you place any non-trivial sum on your time's worth, the ad is not worth your time.
I expect ad-free TV content to settle at around $0.25/hour to $1/hour.Is there an ad server out their worth unblocking?
No cookies, no javascript, no flash?
If not, fuck 'em.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272434</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272272</id>
	<title>Ads, scew you!!</title>
	<author>DNX Blandy</author>
	<datestamp>1259608620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Firefox + ABP = No ads.</htmltext>
<tokenext>Firefox + ABP = No ads .</tokentext>
<sentencetext>Firefox + ABP = No ads.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272558</id>
	<title>remember when there never was any question?</title>
	<author>blair1q</author>
	<datestamp>1259610060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Remember when there never was any question about what was bogging down the net?</p><p>Unless you didn't know what<nobr> <wbr></nobr>/. was?</p></htmltext>
<tokenext>Remember when there never was any question about what was bogging down the net ? Unless you did n't know what / .
was ?</tokentext>
<sentencetext>Remember when there never was any question about what was bogging down the net?Unless you didn't know what /.
was?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272204</id>
	<title>Hell yeah!</title>
	<author>Anonymous</author>
	<datestamp>1259608380000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>On my little Sony VAIO with a Pentium M 1.2GHz processor some websites are incredibly slow on Windows 7 and XP. The only thing that makes it run quick is Firefox with noscript and adblockplus installed.</p></htmltext>
<tokenext>On my little Sony VAIO with a Pentium M 1.2GHz processor some websites are incredibly slow on Windows 7 and XP .
The only thing that makes it run quick is Firefox with noscript and adblockplus installed .</tokentext>
<sentencetext>On my little Sony VAIO with a Pentium M 1.2GHz processor some websites are incredibly slow on Windows 7 and XP.
The only thing that makes it run quick is Firefox with noscript and adblockplus installed.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271610</id>
	<title>Make it a statistic and they'll care</title>
	<author>Anonymous</author>
	<datestamp>1259605860000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>5</modscore>
	<htmltext><p>Having worked for an ad-serving company, I'm pretty confident that the reason they don't care is that they're not measured on the speed at which they serve up ads.</p><p>If high-value websites started rejecting ad networks that served ads in less then x milliseconds after the rest of the page was downloaded, you'd see ad servers speed up, quick.</p></htmltext>
<tokenext>Having worked for an ad-serving company , I 'm pretty confident that the reason they do n't care is that they 're not measured on the speed at which they serve up ads.If high-value websites started rejecting ad networks that served ads in less then x milliseconds after the rest of the page was downloaded , you 'd see ad servers speed up , quick .</tokentext>
<sentencetext>Having worked for an ad-serving company, I'm pretty confident that the reason they don't care is that they're not measured on the speed at which they serve up ads.If high-value websites started rejecting ad networks that served ads in less then x milliseconds after the rest of the page was downloaded, you'd see ad servers speed up, quick.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272008</id>
	<title>Re:Flash Ads</title>
	<author>Anonymous</author>
	<datestamp>1259607480000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>i think you'll find that most of the flash on boing boing is inline video. what makes web pages stutter and scroll badly is css.</p><p>anyone who knows anything on this subject will know that css weighs sites down a lot more than swf content. looks crap as well.</p><p>people with the brains to use flash go ahead and use it to make their sites, ads etc. those without don't, and moan a lot about it.</p></htmltext>
<tokenext>i think you 'll find that most of the flash on boing boing is inline video .
what makes web pages stutter and scroll badly is css.anyone who knows anything on this subject will know that css weighs sites down a lot more than swf content .
looks crap as well.people with the brains to use flash go ahead and use it to make their sites , ads etc .
those without do n't , and moan a lot about it .</tokentext>
<sentencetext>i think you'll find that most of the flash on boing boing is inline video.
what makes web pages stutter and scroll badly is css.anyone who knows anything on this subject will know that css weighs sites down a lot more than swf content.
looks crap as well.people with the brains to use flash go ahead and use it to make their sites, ads etc.
those without don't, and moan a lot about it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271708</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272074</id>
	<title>Re:Why? Why not: HOSTS files, give this a read...</title>
	<author>Anonymous</author>
	<datestamp>1259607840000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>1</modscore>
	<htmltext><div class="quote"><p><b>"One of the things that pisses me off to no end, are third party ads that are spewing crap/malware to driveby web browsing. I don't personally get infecgted by them, because I run all the latest anti-malware defenses (adblock, noscript, firefox etc). But I'm in IT, and I see way too many machines compromized by the lastest "Antivirus 2010" styple crap/malware all the time. Websites that house such malware should be blacklisted. Screw them if they can't make a living without using dubious adverts</b> - by Archangel Michael (180766) on Monday November 30, @12:33PM (#30271632)</p></div><p>Archangel Michael, meet "the LORD OF HOSTS" (just in keeping with your nick/handle here, AND the fact that much of what you note is covered by another tool you omitted mentioning that is easily edited, everyone has one (if their OS IP stack is BSD based, most all are iirc), &amp; eats no CPU cycles like a local DNS server can (&amp; are not as security vulnerable either if you protect write access to a HOSTS file also):</p><p>I use <b>a custom HOSTS file</b>, in addition to the tools you noted (which only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, &amp; that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", &amp; of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).</p><p>HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&amp;C servers" too!</p><p><b>You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!</b></p><p>(More on that later &amp; WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -&gt; <a href="http://en.wikipedia.org/wiki/Hosts\_file" title="wikipedia.org" rel="nofollow">http://en.wikipedia.org/wiki/Hosts\_file</a> [wikipedia.org] or those from mvps.org (a good one this one))</p><p><b>I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats, via:</b></p><p>----</p><p>A.) Spybot "Search &amp; Destroy" updates (populates HOSTS and browser block lists)</p><p>B.) Sites like ZDNet's Mr. Dancho Danchev's blog -&gt; <a href="http://ddanchev.blogspot.com/" title="blogspot.com" rel="nofollow">http://ddanchev.blogspot.com/</a> [blogspot.com]</p><p>C.) Sites like FireEye -&gt; <a href="http://blog.fireeye.com/" title="fireeye.com" rel="nofollow">http://blog.fireeye.com/</a> [fireeye.com]</p><p>D.) SRI -&gt; <a href="http://mtc.sri.com/" title="sri.com" rel="nofollow">http://mtc.sri.com/</a> [sri.com]</p><p>----</p><p>My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).</p><p>(I combined ALL reputable HOSTS files with one of my own (30,000 entries), &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++". That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller &amp; thus faster than 127.0.0.1 default) or the smallest &amp; fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (&amp; it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (&amp; now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -&gt; <a href="http://www.rootkit.com/newsread.php?newsid=952" title="rootkit.com" rel="nofollow">http://www.rootkit.com/newsread.php?newsid=952</a> [rootkit.com] [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))</p><p><b>Another EXCELLENT benefit of HOSTS file usage? More speed online, &amp; also more security + reliability</b> (especially in the case of DNS servers today, per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...</p><p>SO, to "CIRCUMVENT" THAT WHICH YOU NOTE &amp; to get more speed online (besides/above potentially hijacked adbanners etc. et al)?</p><p>WELL - <b>I use another "technique" called "hardcoding" an IP address to domainname/hostname in my HOSTS files, for my FAVORITE websites:</b></p><p><b>This allows me to FIRST bypass any remote/external DNS lookups, which also would in theory @ least, make me "proofed" vs. DNS request logs by my ISP/BSP also.</b></p><p>(Especially since I use external DNS servers too, OpenDNS ones to be specific, that go beyond my hardcoded favs in my HOSTS file because I can't ping &amp; resolve the ENTIRE internet after all)</p><p>This also makes it harder for others to track me...</p><p>(Sure, they could do a "reverse DNS lookup" via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest, but that is harder to do, than looking up my URL requests via a log on a DNS server))</p><p><b>ALSO, AS ANOTHER "BONUS" in HOSTS FILES</b> (can't stress it enough, &amp; especially above + beyond adbanner blocking)<b>:  It speeds you up, or can!</b></p><p>E.G.-&gt; A buddy of mine named Jack says it has (verbatim quote) "DOUBLED MY SPEED ONLINE, BUT I VALUE THE SECURITY PART MORE", because he used to get over 200++ viruses a week, now? Only maybe 2 a year IF THAT lately, &amp; he is convinced it is largely due to the HOSTS file I send him weekly (he is my "lab rat #1" due to his previous infestation rate), &amp; if that "anecdotal evidence" is not enough? See this then, from a published security guru on a respected site for it:</p><p>====</p><p><b>RESURRECTING THE KILLFILE:</b></p><p>(by Mr. Oliver Day)</p><p><a href="http://www.securityfocus.com/columnists/491" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/columnists/491</a> [securityfocus.com]</p><p><b>PERTINENT EXCERPTS/QUOTES:</b></p><p>"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."</p><p>"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."</p><p>====</p><p>(A nice bonus beyond blocking adbanners via HOSTS too, because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below, several examples thereof no less), because you don't waste between 30-N ms calling out to an external DNS!</p><p>(Again, and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it)</p><p>Thus, you can STILL GET TO YOUR FAV. SITES IF HARDCODED in your HOSTS FILE (a good thing, but one you may have to periodically alter, easily, via notepad.exe edits of your HOSTS file &amp; a ping to update their new address (sites change hosting providers due to better services or prices, rare, but they do &amp; MOST let you know they are about to do so anyhow, so you can amend a HOSTS file)).</p><p>NICEST PART IS, THOUGH, PER YOUR STATEMENT (in addition to the benefits of HOSTS file I note above, alongside others like Mr. Oliver Day of SECURITYFOCUS.COM)?</p><p>I will STILL get to where it is that I WANT TO GO, not the router's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least, because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL, not via my routers' onboard DNS server...</p><p>APK</p><p>P.S.=&gt; Evidences as to WHY you'd want to add on the "extra layered security protection" of a HOSTS file, which extends global security coverage to your webbound apps, AND, allows for a great deal of added extra speed as well? Ok, here are some documented reasons why:</p><p><b>POISONED MALSCRIPTED ADBANNERS</b></p><p><b>The Next Ad You Click May Be a Virus:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/06/15/2056219" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/06/15/2056219</a> [slashdot.org]</p><p>----</p><p><b>Attackers Infect Ads With Old Adobe Vulnerability:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/02/25/024211" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/02/25/024211</a> [slashdot.org]</p><p>----</p><p><b>Hackers Use Banner Ads on Major Sites to Hijack Your PC:</b></p><p><a href="http://www.wired.com/techbiz/media/news/2007/11/doubleclick" title="wired.com" rel="nofollow">http://www.wired.com/techbiz/media/news/2007/11/doubleclick</a> [wired.com]</p><p>----</p><p>Adobe Flash Ads Launching Clipboard Hijack Attacks:</p><p><a href="http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss</a> [slashdot.org]</p><p>----</p><p><b>DNS PROBLEMS:</b></p><p><b>Number of Rogue DNS Servers on the Rise:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212</a> [slashdot.org]</p><p>----</p><p><b>Security Researcher Kaminsky Pushes DNS Patching:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/02/19/2322231" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/02/19/2322231</a> [slashdot.org]</p><p>----</p><p><b>Ten Percent of DNS Servers Still Vulnerable:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235</a> [slashdot.org]</p><p>----</p><p><b>TimeWarner DNS Hijacking:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=07/07/23/2140208" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=07/07/23/2140208</a> [slashdot.org]</p><p>----</p><p><b>Another DNS Flaw Found:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=09/01/09/2348240" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=09/01/09/2348240</a> [slashdot.org]</p><p>----</p><p><b>Attack Code Published For DNS Vulnerability:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254</a> [slashdot.org]</p><p>----</p><p><b>BIND Still Susceptible To DNS Cache Poisoning:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222</a> [slashdot.org]</p><p>----</p><p><b>DDoS Attacks Via DNS Recursion:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209</a> [slashdot.org]</p><p>----</p><p><b>DNS Poisoning Hits One of China's Biggest ISPs:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250</a> [slashdot.org]</p><p>----</p><p><b>DNS Root Servers Attacked:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225</a> [slashdot.org]</p><p>----</p><p><b>DNS Problem Linked To DDoS Attacks Gets Worse:</b></p><p><a href="http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858</a> [slashdot.org]</p><p>----</p><p><b>Are your servers vulnerable to DNS attacks?</b></p><p><a href="http://www.networkworld.com/news/2007/111907-dns-attacks.html" title="networkworld.com" rel="nofollow">http://www.networkworld.com/news/2007/111907-dns-attacks.html</a> [networkworld.com]</p><p>----</p><p><b>Kaminsky On DNS Bugs a Year Later and DNSSEC:</b></p><p><a href="http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC" title="slashdot.org" rel="nofollow">http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC</a> [slashdot.org]</p><p>----</p><p><b>DNS users put higher premium on security:</b></p><p><a href="http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/" title="techworld.com" rel="nofollow">http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/</a> [techworld.com]</p><p>----</p><p><b>BIND, the Buggy Internet Name Daemon:</b></p><p><a href="http://cr.yp.to/djbdns/blurb/unbind.html" title="cr.yp.to" rel="nofollow">http://cr.yp.to/djbdns/blurb/unbind.html</a> [cr.yp.to]</p><p>(Where djbdns was found to have flaw, though it was alleged invulnerable, they paid out $10,000 reward)</p><p>----</p><p><b>DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE:</b></p><p><a href="http://blogs.zdnet.com/security/?p=1520" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=1520</a> [zdnet.com]</p><p>----</p><p><b>DNS REBINDING ATTACKS: MultiPinning Browser JavaScript Vulnerability</b> (how to protect yourself):</p><p><a href="http://crypto.stanford.edu/dns/" title="stanford.edu" rel="nofollow">http://crypto.stanford.edu/dns/</a> [stanford.edu]</p><p>----</p><p><b>Hackers hijack DNS records of high profile New Zealand sites:</b></p><p><a href="http://blogs.zdnet.com/security/?p=3185" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=3185</a> [zdnet.com]</p><p><b>SECURITY SUITE PROGRAMS FAILING:</b></p><p><b>AntiVirus Products Fail to Find Simple IE Malware:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=07/10/29/1747237" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=07/10/29/1747237</a> [slashdot.org]</p><p>----</p><p><b>Most Security Products Fail To Perform:</b></p><p><a href="http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652" title="slashdot.org" rel="nofollow">http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652</a> [slashdot.org]</p><p>----</p><p><b>TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM:</b></p><p><a href="http://secunia.com/blog/29/" title="secunia.com" rel="nofollow">http://secunia.com/blog/29/</a> [secunia.com]</p><p>----</p><p><b>Top security suites fail exploit tests:</b></p><p><a href="http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head" title="computerworld.com" rel="nofollow">http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head</a> [computerworld.com]</p><p>----</p><p><b>Antivirus is 'completely wasted money': Cisco CSO: News - Security - ZDNet Australia:</b></p><p><a href="http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert" title="zdnet.com.au" rel="nofollow">http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert</a> [zdnet.com.au]</p><p>----</p><p><b>Are Routers the Next Big Target for Hackers?</b></p><p><a href="http://blogs.zdnet.com/security/?p=919" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=919</a> [zdnet.com]</p><p>----</p><p><b>Software Firewalls: Made of Straw? Part 1 of 2:</b></p><p><a href="http://www.securityfocus.com/infocus/1839" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/infocus/1839</a> [securityfocus.com]</p><p><b>Software Firewalls: Made of Straw? Part 2 of 2:</b></p><p><a href="http://www.securityfocus.com/infocus/1840/2" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/infocus/1840/2</a> [securityfocus.com]</p><p>----</p><p><b>Brief study shows difficulty in detecting malware (2008):</b></p><p><a href="http://www.securityfocus.com/brief/858" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/858</a> [securityfocus.com]</p><p>----</p><p><b>2007 - Browser vulnerabilities and attacks will continue to mount:</b></p><p><a href="http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679" title="infoworld.com" rel="nofollow">http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679</a> [infoworld.com]</p><p>----</p><p><b>Bug exposes Cisco switches to attacks:</b></p><p><a href="http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news" title="cnet.com" rel="nofollow">http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news</a> [cnet.com]</p><p>&amp;</p><p><b>CISCO "COMES CLEAN" ON EXTENT OF IOS FLAW:</b></p><p><a href="http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/" title="eweek.com" rel="nofollow">http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/</a> [eweek.com]</p><p>&amp;</p><p><b>Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability:</b></p><p><a href="http://secunia.com/advisories/28625/" title="secunia.com" rel="nofollow">http://secunia.com/advisories/28625/</a> [secunia.com]</p><p>+</p><p><b>Computer routers face hijack risk - study:</b></p><p><a href="http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss" title="www.cbc.ca" rel="nofollow">http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss</a> [www.cbc.ca]</p><p>Slashdot Technology Story | Will Mainstream Media Embrace Adblockers?</p><p><a href="http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers</a> [slashdot.org]</p><p>----</p><p><b>Congress May Require ISPs To Block Certain Fraud Sites:</b></p><p><a href="http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078" title="slashdot.org" rel="nofollow">http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078</a> [slashdot.org]</p><p>----</p><p>Slashdot | Americans Don't Want Targeted Ads:</p><p><a href="http://yro.slashdot.org/article.pl?sid=09/10/01/1854214" title="slashdot.org" rel="nofollow">http://yro.slashdot.org/article.pl?sid=09/10/01/1854214</a> [slashdot.org]</p><p><b>JAVASCRIPT PROBLEMS:</b></p><p><b>Slashdot | Adobe Confirms PDF Zero-Day, Says Kill JavaScript:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/04/29/1823234" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/04/29/1823234</a> [slashdot.org]</p><p>----</p><p><b>Adobe Flash Zero-Day Attack Underway:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss</a> [slashdot.org]</p><p>----</p><p><b>JavaScript flaw reported in Adobe Reader</b> (4th or 5th time already, if not more):</p><p><a href="http://www.securityfocus.com/brief/953" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/953</a> [securityfocus.com]</p><p>----</p><p><b>Another malware pulls an Italian job via JAVASCRIPT:</b></p><p><a href="http://blog.trendmicro.com/another-malware-pulls-an-italian-job/" title="trendmicro.com" rel="nofollow">http://blog.trendmicro.com/another-malware-pulls-an-italian-job/</a> [trendmicro.com]</p><p>----</p><p><b>JavaScript opens doors to browser-based attacks | CNET News.com:</b></p><p><a href="http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news" title="com.com" rel="nofollow">http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news</a> [com.com]</p><p>----</p><p><b>Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secunia</b></p><p><a href="http://secunia.com/advisories/29787/" title="secunia.com" rel="nofollow">http://secunia.com/advisories/29787/</a> [secunia.com]</p><p>----</p><p><b>New script outstrips all other drive-by download risks:</b></p><p><a href="http://www.theregister.co.uk/2009/05/15/script\_menace/" title="theregister.co.uk" rel="nofollow">http://www.theregister.co.uk/2009/05/15/script\_menace/</a> [theregister.co.uk]</p><p>----</p><p><b>Researcher to demonstrate attack code for Intel chips via Javascript:</b></p><p><a href="http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036" title="infoworld.com" rel="nofollow">http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036</a> [infoworld.com]</p><p>----</p><p><b>Researcher: JavaScript Attacks Get Slicker:</b></p><p><a href="http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/" title="eweek.com" rel="nofollow">http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/</a> [eweek.com]</p><p>----</p><p><b>Rise Of The PDF Exploits:</b></p><p><a href="http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits" title="trustedsource.org" rel="nofollow">http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits</a> [trustedsource.org]</p><p>----</p><p><b>ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF:</b></p><p><a href="http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219" title="shadowserver.org" rel="nofollow">http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219</a> [shadowserver.org]</p><p>----</p><p><b>AJAX Poses Security, Performance Risks:</b></p><p><a href="http://www.eweek.com/article2/0,1895,1916673,00.asp" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,1916673,00.asp</a> [eweek.com]</p><p>----</p><p><b>Web 2.0 Threats and Risks for Financial Services:</b></p><p><a href="http://www.net-security.org/article.php?id=1004&amp;p=1" title="net-security.org" rel="nofollow">http://www.net-security.org/article.php?id=1004&amp;p=1</a> [net-security.org]</p><p><a href="http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack" title="cbronline.com" rel="nofollow">http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack</a> [cbronline.com]</p><p>----</p><p><b>Cross Site Scripting</b> (GOOGLE) <b>and WHY TO TURN OFF JAVASCRIPT:</b></p><p><a href="http://www.cgisecurity.com/xss-faq.html" title="cgisecurity.com" rel="nofollow">http://www.cgisecurity.com/xss-faq.html</a> [cgisecurity.com]</p><p>----</p><p><b>Why the FBI Director Doesn't Bank Online</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/10/08/0327240" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/10/08/0327240</a> [slashdot.org]</p><p><b>MAJOR ATTACKS (only a small sample) of WHY LAYERED SECURITY IS NEEDED</b></p><p><b>Is the Botnet Battle Already Lost?</b></p><p><a href="http://www.eweek.com/article2/0,1895,2029720,00.asp" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,2029720,00.asp</a> [eweek.com]</p><p>----</p><p><b>IT Pros Say They Can't Stop Data Breaches:</b></p><p><a href="http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD</a> [eweek.com]</p><p>----</p><p><b>Cyber Attacks On US Military Jump Sharply In 2009</b></p><p><a href="http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742</a> [slashdot.org]</p><p>----</p><p><b>Bots Found Inside Many Big Companies:</b></p><p><a href="http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html" title="baselinemag.com" rel="nofollow">http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html</a> [baselinemag.com]</p><p>----</p><p><b>Bot master owns up to 250,000 zombie PCs:</b></p><p><a href="http://www.securityfocus.com/news/11495" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/news/11495</a> [securityfocus.com]</p><p>----</p><p><b>Bots surge ahead (2007):</b></p><p><a href="http://www.securityfocus.com/brief/466" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/466</a> [securityfocus.com]</p><p>----</p><p><b>Chinese Hackers Hit Commerce Department:</b></p><p><a href="http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227" title="informationweek.com" rel="nofollow">http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227</a> [informationweek.com]</p><p>----</p><p><b>CIA Admits Cyberattacks Blacked Out Cities:</b></p><p><a href="http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631" title="informationweek.com" rel="nofollow">http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631</a> [informationweek.com]</p><p>----</p><p><b>Compromised Banks and Investment sites list 2006:</b></p><p><a href="http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679" title="slashdot.org" rel="nofollow">http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679</a> [slashdot.org]</p><p>----</p><p><b>Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Massive IFRAME SEO Poisoning Attack Continuing:</b></p><p><a href="http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html" title="blogspot.com" rel="nofollow">http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html</a> [blogspot.com]</p><p>----</p><p><b>Data at Bank of America, Wachovia, others compromised - May. 23, 2005:</b></p><p><a href="http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm" title="cnn.com" rel="nofollow">http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm</a> [cnn.com]</p><p>----</p><p><b>Fresh Security Breaches at Los Alamos:</b></p><p><a href="http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/" title="msn.com" rel="nofollow">http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/</a> [msn.com]</p><p>----</p><p><b>Infected job search sites lead to info theft for 46,000:</b></p><p><a href="http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000" title="computerworld.com" rel="nofollow">http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000</a> [computerworld.com]</p><p>----</p><p><b>New Mega-Botnet Discovered:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/04/22/2223214" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/04/22/2223214</a> [slashdot.org]</p><p>----</p><p>I think THAT list ought to "enlighten" ANYONE, as to why "layered security" is &amp; has been considered largely to be "THE WAY TO GO", vs. that list above (which is only a SMALL \%-age of what I can come up with in regards to threats online + their causes)... HOSTS files help protect vs. those, on several levels - DO consider their usage!</p><p>apk</p></div>
	</htmltext>
<tokenext>" One of the things that pisses me off to no end , are third party ads that are spewing crap/malware to driveby web browsing .
I do n't personally get infecgted by them , because I run all the latest anti-malware defenses ( adblock , noscript , firefox etc ) .
But I 'm in IT , and I see way too many machines compromized by the lastest " Antivirus 2010 " styple crap/malware all the time .
Websites that house such malware should be blacklisted .
Screw them if they ca n't make a living without using dubious adverts - by Archangel Michael ( 180766 ) on Monday November 30 , @ 12 : 33PM ( # 30271632 ) Archangel Michael , meet " the LORD OF HOSTS " ( just in keeping with your nick/handle here , AND the fact that much of what you note is covered by another tool you omitted mentioning that is easily edited , everyone has one ( if their OS IP stack is BSD based , most all are iirc ) , &amp; eats no CPU cycles like a local DNS server can ( &amp; are not as security vulnerable either if you protect write access to a HOSTS file also ) : I use a custom HOSTS file , in addition to the tools you noted ( which only really function for FireFox/Mozilla products , but do n't extend globally to all other webbound applications , &amp; that is part of what HOSTS files give you above the methods you extoll + utilize : " GLOBAL COVERAGE " , &amp; of ALL webbound apps , not just FireFox/Mozilla ones via the addons you noted + use yourself... ) .HOSTS files can be used to blockout KNOWN " bad " adserves , maliciously coded sites or adbanners , and " botnet C&amp;C servers " too ! You can obtain reliable HOSTS files from reputable lists for more security online , but also for speed !
( More on that later &amp; WHY/HOW ( I use reliable lists for that , such as these HOSTS @ Wikipedia.com - &gt; http : //en.wikipedia.org/wiki/Hosts \ _file [ wikipedia.org ] or those from mvps.org ( a good one this one ) ) I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats , via : ----A .
) Spybot " Search &amp; Destroy " updates ( populates HOSTS and browser block lists ) B .
) Sites like ZDNet 's Mr. Dancho Danchev 's blog - &gt; http : //ddanchev.blogspot.com/ [ blogspot.com ] C. ) Sites like FireEye - &gt; http : //blog.fireeye.com/ [ fireeye.com ] D. ) SRI - &gt; http : //mtc.sri.com/ [ sri.com ] ----My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online ( by blocking adbanners , which have been compromised many times the past few years now by malscripted exploits ( examples below ) ) .
( I combined ALL reputable HOSTS files with one of my own ( 30,000 entries ) , &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called " APK HOSTS File Grinder 4.0 + + " .
That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter ' IP address to either 0.0.0.0 ( for VISTA/Windows Server 2008/Windows 7 , smaller &amp; thus faster than 127.0.0.1 default ) or the smallest &amp; fastest 0 " blocking 'IP ADDRESS ' " ( for Windows 2000/XP/Server 2003 which can STILL use it ( &amp; it was added in a service pack on Windows 2000 , only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards ( &amp; now all these " phunny little bugs " are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall , which ROOTKIT.COM has stated ( with code too no less on how it is done ) - &gt; http : //www.rootkit.com/newsread.php ? newsid = 952 [ rootkit.com ] [ rootkit.com ] that it is EASIER TO UNHOOK ( than was the design used in Windows 2000/XP/Server 2003 ) ) Another EXCELLENT benefit of HOSTS file usage ?
More speed online , &amp; also more security + reliability ( especially in the case of DNS servers today , per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now ) ...SO , to " CIRCUMVENT " THAT WHICH YOU NOTE &amp; to get more speed online ( besides/above potentially hijacked adbanners etc .
et al ) ? WELL - I use another " technique " called " hardcoding " an IP address to domainname/hostname in my HOSTS files , for my FAVORITE websites : This allows me to FIRST bypass any remote/external DNS lookups , which also would in theory @ least , make me " proofed " vs. DNS request logs by my ISP/BSP also .
( Especially since I use external DNS servers too , OpenDNS ones to be specific , that go beyond my hardcoded favs in my HOSTS file because I ca n't ping &amp; resolve the ENTIRE internet after all ) This also makes it harder for others to track me... ( Sure , they could do a " reverse DNS lookup " via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest , but that is harder to do , than looking up my URL requests via a log on a DNS server ) ) ALSO , AS ANOTHER " BONUS " in HOSTS FILES ( ca n't stress it enough , &amp; especially above + beyond adbanner blocking ) : It speeds you up , or can ! E.G.- &gt; A buddy of mine named Jack says it has ( verbatim quote ) " DOUBLED MY SPEED ONLINE , BUT I VALUE THE SECURITY PART MORE " , because he used to get over 200 + + viruses a week , now ?
Only maybe 2 a year IF THAT lately , &amp; he is convinced it is largely due to the HOSTS file I send him weekly ( he is my " lab rat # 1 " due to his previous infestation rate ) , &amp; if that " anecdotal evidence " is not enough ?
See this then , from a published security guru on a respected site for it : = = = = RESURRECTING THE KILLFILE : ( by Mr. Oliver Day ) http : //www.securityfocus.com/columnists/491 [ securityfocus.com ] PERTINENT EXCERPTS/QUOTES : " The host file on my day-to-day laptop is now over 16,000 lines long .
Accessing the Internet particularly browsing the Web is actually faster now .
" " From what I have seen in my research , major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade .
The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties .
More recently , projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware .
" = = = = ( A nice bonus beyond blocking adbanners via HOSTS too , because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below , several examples thereof no less ) , because you do n't waste between 30-N ms calling out to an external DNS !
( Again , and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it ) Thus , you can STILL GET TO YOUR FAV .
SITES IF HARDCODED in your HOSTS FILE ( a good thing , but one you may have to periodically alter , easily , via notepad.exe edits of your HOSTS file &amp; a ping to update their new address ( sites change hosting providers due to better services or prices , rare , but they do &amp; MOST let you know they are about to do so anyhow , so you can amend a HOSTS file ) ) .NICEST PART IS , THOUGH , PER YOUR STATEMENT ( in addition to the benefits of HOSTS file I note above , alongside others like Mr. Oliver Day of SECURITYFOCUS.COM ) ? I will STILL get to where it is that I WANT TO GO , not the router 's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least , because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL , not via my routers ' onboard DNS server...APKP.S. = &gt; Evidences as to WHY you 'd want to add on the " extra layered security protection " of a HOSTS file , which extends global security coverage to your webbound apps , AND , allows for a great deal of added extra speed as well ?
Ok , here are some documented reasons why : POISONED MALSCRIPTED ADBANNERSThe Next Ad You Click May Be a Virus : http : //it.slashdot.org/article.pl ? sid = 09/06/15/2056219 [ slashdot.org ] ----Attackers Infect Ads With Old Adobe Vulnerability : http : //it.slashdot.org/article.pl ? sid = 09/02/25/024211 [ slashdot.org ] ----Hackers Use Banner Ads on Major Sites to Hijack Your PC : http : //www.wired.com/techbiz/media/news/2007/11/doubleclick [ wired.com ] ----Adobe Flash Ads Launching Clipboard Hijack Attacks : http : //it.slashdot.org/article.pl ? sid = 08/08/20/0029220&amp;from = rss [ slashdot.org ] ----DNS PROBLEMS : Number of Rogue DNS Servers on the Rise : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/02/15/2118212 [ slashdot.org ] ----Security Researcher Kaminsky Pushes DNS Patching : http : //it.slashdot.org/article.pl ? sid = 09/02/19/2322231 [ slashdot.org ] ----Ten Percent of DNS Servers Still Vulnerable : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 05/08/04/1525235 [ slashdot.org ] ----TimeWarner DNS Hijacking : http : //tech.slashdot.org/article.pl ? sid = 07/07/23/2140208 [ slashdot.org ] ----Another DNS Flaw Found : http : //tech.slashdot.org/article.pl ? sid = 09/01/09/2348240 [ slashdot.org ] ----Attack Code Published For DNS Vulnerability : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/07/23/231254 [ slashdot.org ] ----BIND Still Susceptible To DNS Cache Poisoning : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/08/09/123222 [ slashdot.org ] ----DDoS Attacks Via DNS Recursion : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 06/03/16/1658209 [ slashdot.org ] ----DNS Poisoning Hits One of China 's Biggest ISPs : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/08/21/2343250 [ slashdot.org ] ----DNS Root Servers Attacked : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 07/02/06/2238225 [ slashdot.org ] ----DNS Problem Linked To DDoS Attacks Gets Worse : http : //tech.slashdot.org/comments.pl ? sid = 1444354&amp;cid = 30109858 [ slashdot.org ] ----Are your servers vulnerable to DNS attacks ? http : //www.networkworld.com/news/2007/111907-dns-attacks.html [ networkworld.com ] ----Kaminsky On DNS Bugs a Year Later and DNSSEC : http : //it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC [ slashdot.org ] ----DNS users put higher premium on security : http : //news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/ [ techworld.com ] ----BIND , the Buggy Internet Name Daemon : http : //cr.yp.to/djbdns/blurb/unbind.html [ cr.yp.to ] ( Where djbdns was found to have flaw , though it was alleged invulnerable , they paid out $ 10,000 reward ) ----DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE : http : //blogs.zdnet.com/security/ ? p = 1520 [ zdnet.com ] ----DNS REBINDING ATTACKS : MultiPinning Browser JavaScript Vulnerability ( how to protect yourself ) : http : //crypto.stanford.edu/dns/ [ stanford.edu ] ----Hackers hijack DNS records of high profile New Zealand sites : http : //blogs.zdnet.com/security/ ? p = 3185 [ zdnet.com ] SECURITY SUITE PROGRAMS FAILING : AntiVirus Products Fail to Find Simple IE Malware : http : //tech.slashdot.org/article.pl ? sid = 07/10/29/1747237 [ slashdot.org ] ----Most Security Products Fail To Perform : http : //hardware.slashdot.org/comments.pl ? sid = 1445302&amp;threshold = -1&amp;commentsort = 0&amp;mode = thread&amp;pid = 30114652 [ slashdot.org ] ----TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM : http : //secunia.com/blog/29/ [ secunia.com ] ----Top security suites fail exploit tests : http : //www.computerworld.com/s/article/9117042/Top \ _security \ _suites \ _fail \ _exploit \ _tests ? intsrc = news \ _ts \ _head [ computerworld.com ] ----Antivirus is 'completely wasted money ' : Cisco CSO : News - Security - ZDNet Australia : http : //www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm ? feed = pt \ _auscert [ zdnet.com.au ] ----Are Routers the Next Big Target for Hackers ? http : //blogs.zdnet.com/security/ ? p = 919 [ zdnet.com ] ----Software Firewalls : Made of Straw ?
Part 1 of 2 : http : //www.securityfocus.com/infocus/1839 [ securityfocus.com ] Software Firewalls : Made of Straw ?
Part 2 of 2 : http : //www.securityfocus.com/infocus/1840/2 [ securityfocus.com ] ----Brief study shows difficulty in detecting malware ( 2008 ) : http : //www.securityfocus.com/brief/858 [ securityfocus.com ] ----2007 - Browser vulnerabilities and attacks will continue to mount : http : //www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679 [ infoworld.com ] ----Bug exposes Cisco switches to attacks : http : //news.cnet.com/Bug-exposes-Cisco-switches + to + attacks/2110-7349 \ _3-5902897.html ? part = rss&amp;tag = 5902897&amp;subj = news [ cnet.com ] &amp;CISCO " COMES CLEAN " ON EXTENT OF IOS FLAW : http : //www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/ [ eweek.com ] &amp;Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability : http : //secunia.com/advisories/28625/ [ secunia.com ] + Computer routers face hijack risk - study : http : //www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html ? ref = rss [ www.cbc.ca ] Slashdot Technology Story | Will Mainstream Media Embrace Adblockers ? http : //tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers [ slashdot.org ] ----Congress May Require ISPs To Block Certain Fraud Sites : http : //yro.slashdot.org/comments.pl ? sid = 1432514&amp;cid = 30024078 [ slashdot.org ] ----Slashdot | Americans Do n't Want Targeted Ads : http : //yro.slashdot.org/article.pl ? sid = 09/10/01/1854214 [ slashdot.org ] JAVASCRIPT PROBLEMS : Slashdot | Adobe Confirms PDF Zero-Day , Says Kill JavaScript : http : //it.slashdot.org/article.pl ? sid = 09/04/29/1823234 [ slashdot.org ] ----Adobe Flash Zero-Day Attack Underway : http : //it.slashdot.org/article.pl ? sid = 08/05/28/0138247&amp;from = rss [ slashdot.org ] ----JavaScript flaw reported in Adobe Reader ( 4th or 5th time already , if not more ) : http : //www.securityfocus.com/brief/953 [ securityfocus.com ] ----Another malware pulls an Italian job via JAVASCRIPT : http : //blog.trendmicro.com/another-malware-pulls-an-italian-job/ [ trendmicro.com ] ----JavaScript opens doors to browser-based attacks | CNET News.com : http : //news.com.com/JavaScript + opens + doors + to + browser-based + attacks/2100-7349 \ _3-6099891.html ? part = rss&amp;tag = 6099891&amp;subj = news [ com.com ] ----Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secuniahttp : //secunia.com/advisories/29787/ [ secunia.com ] ----New script outstrips all other drive-by download risks : http : //www.theregister.co.uk/2009/05/15/script \ _menace/ [ theregister.co.uk ] ----Researcher to demonstrate attack code for Intel chips via Javascript : http : //www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036 [ infoworld.com ] ----Researcher : JavaScript Attacks Get Slicker : http : //www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/ [ eweek.com ] ----Rise Of The PDF Exploits : http : //www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits [ trustedsource.org ] ----ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF : http : //www.shadowserver.org/wiki/pmwiki.php ? n = Calendar.20090219 [ shadowserver.org ] ----AJAX Poses Security , Performance Risks : http : //www.eweek.com/article2/0,1895,1916673,00.asp [ eweek.com ] ----Web 2.0 Threats and Risks for Financial Services : http : //www.net-security.org/article.php ? id = 1004&amp;p = 1 [ net-security.org ] http : //www.cbronline.com/news/web \ _20 \ _is \ _vulnerable \ _to \ _attack [ cbronline.com ] ----Cross Site Scripting ( GOOGLE ) and WHY TO TURN OFF JAVASCRIPT : http : //www.cgisecurity.com/xss-faq.html [ cgisecurity.com ] ----Why the FBI Director Does n't Bank Onlinehttp : //it.slashdot.org/article.pl ? sid = 09/10/08/0327240 [ slashdot.org ] MAJOR ATTACKS ( only a small sample ) of WHY LAYERED SECURITY IS NEEDEDIs the Botnet Battle Already Lost ? http : //www.eweek.com/article2/0,1895,2029720,00.asp [ eweek.com ] ----IT Pros Say They Ca n't Stop Data Breaches : http : //www.eweek.com/article2/0,1895,2010325,00.asp ? kc = EWNAVEMNL083106EOAD [ eweek.com ] ----Cyber Attacks On US Military Jump Sharply In 2009http : //tech.slashdot.org/comments.pl ? sid = 1452358&amp;threshold = -1&amp;commentsort = 0&amp;mode = thread&amp;cid = 30185742 [ slashdot.org ] ----Bots Found Inside Many Big Companies : http : //blogs.baselinemag.com/security/content001/cybercrime/bots \ _found \ _inside \ _many \ _big \ _companies.html [ baselinemag.com ] ----Bot master owns up to 250,000 zombie PCs : http : //www.securityfocus.com/news/11495 [ securityfocus.com ] ----Bots surge ahead ( 2007 ) : http : //www.securityfocus.com/brief/466 [ securityfocus.com ] ----Chinese Hackers Hit Commerce Department : http : //www.informationweek.com/news/security/government/showArticle.jhtml ? articleID = 193105227 [ informationweek.com ] ----CIA Admits Cyberattacks Blacked Out Cities : http : //www.informationweek.com/news/internet/showArticle.jhtml ? articleID = 205901631 [ informationweek.com ] ----Compromised Banks and Investment sites list 2006 : http : //it.slashdot.org/comments.pl ? sid = 233921&amp;cid = 19035679 [ slashdot.org ] ----Dancho Danchev 's Blog - Mind Streams of Information Security Knowledge : Massive IFRAME SEO Poisoning Attack Continuing : http : //ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html [ blogspot.com ] ----Data at Bank of America , Wachovia , others compromised - May .
23 , 2005 : http : //money.cnn.com/2005/05/23/news/fortune500/bank \ _info/index.htm [ cnn.com ] ----Fresh Security Breaches at Los Alamos : http : //www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/ [ msn.com ] ----Infected job search sites lead to info theft for 46,000 : http : //www.computerworld.com/s/article/9031139/Infected \ _job \ _search \ _sites \ _lead \ _to \ _info \ _theft \ _for \ _46 \ _000 [ computerworld.com ] ----New Mega-Botnet Discovered : http : //it.slashdot.org/article.pl ? sid = 09/04/22/2223214 [ slashdot.org ] ----I think THAT list ought to " enlighten " ANYONE , as to why " layered security " is &amp; has been considered largely to be " THE WAY TO GO " , vs. that list above ( which is only a SMALL \ % -age of what I can come up with in regards to threats online + their causes ) ... HOSTS files help protect vs. those , on several levels - DO consider their usage ! apk</tokentext>
<sentencetext>"One of the things that pisses me off to no end, are third party ads that are spewing crap/malware to driveby web browsing.
I don't personally get infecgted by them, because I run all the latest anti-malware defenses (adblock, noscript, firefox etc).
But I'm in IT, and I see way too many machines compromized by the lastest "Antivirus 2010" styple crap/malware all the time.
Websites that house such malware should be blacklisted.
Screw them if they can't make a living without using dubious adverts - by Archangel Michael (180766) on Monday November 30, @12:33PM (#30271632)Archangel Michael, meet "the LORD OF HOSTS" (just in keeping with your nick/handle here, AND the fact that much of what you note is covered by another tool you omitted mentioning that is easily edited, everyone has one (if their OS IP stack is BSD based, most all are iirc), &amp; eats no CPU cycles like a local DNS server can (&amp; are not as security vulnerable either if you protect write access to a HOSTS file also):I use a custom HOSTS file, in addition to the tools you noted (which only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, &amp; that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", &amp; of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&amp;C servers" too!You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!
(More on that later &amp; WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -&gt; http://en.wikipedia.org/wiki/Hosts\_file [wikipedia.org] or those from mvps.org (a good one this one))I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats, via:----A.
) Spybot "Search &amp; Destroy" updates (populates HOSTS and browser block lists)B.
) Sites like ZDNet's Mr. Dancho Danchev's blog -&gt; http://ddanchev.blogspot.com/ [blogspot.com]C.) Sites like FireEye -&gt; http://blog.fireeye.com/ [fireeye.com]D.) SRI -&gt; http://mtc.sri.com/ [sri.com]----My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).
(I combined ALL reputable HOSTS files with one of my own (30,000 entries), &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++".
That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller &amp; thus faster than 127.0.0.1 default) or the smallest &amp; fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (&amp; it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (&amp; now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -&gt; http://www.rootkit.com/newsread.php?newsid=952 [rootkit.com] [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))Another EXCELLENT benefit of HOSTS file usage?
More speed online, &amp; also more security + reliability (especially in the case of DNS servers today, per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...SO, to "CIRCUMVENT" THAT WHICH YOU NOTE &amp; to get more speed online (besides/above potentially hijacked adbanners etc.
et al)?WELL - I use another "technique" called "hardcoding" an IP address to domainname/hostname in my HOSTS files, for my FAVORITE websites:This allows me to FIRST bypass any remote/external DNS lookups, which also would in theory @ least, make me "proofed" vs. DNS request logs by my ISP/BSP also.
(Especially since I use external DNS servers too, OpenDNS ones to be specific, that go beyond my hardcoded favs in my HOSTS file because I can't ping &amp; resolve the ENTIRE internet after all)This also makes it harder for others to track me...(Sure, they could do a "reverse DNS lookup" via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest, but that is harder to do, than looking up my URL requests via a log on a DNS server))ALSO, AS ANOTHER "BONUS" in HOSTS FILES (can't stress it enough, &amp; especially above + beyond adbanner blocking):  It speeds you up, or can!E.G.-&gt; A buddy of mine named Jack says it has (verbatim quote) "DOUBLED MY SPEED ONLINE, BUT I VALUE THE SECURITY PART MORE", because he used to get over 200++ viruses a week, now?
Only maybe 2 a year IF THAT lately, &amp; he is convinced it is largely due to the HOSTS file I send him weekly (he is my "lab rat #1" due to his previous infestation rate), &amp; if that "anecdotal evidence" is not enough?
See this then, from a published security guru on a respected site for it:====RESURRECTING THE KILLFILE:(by Mr. Oliver Day)http://www.securityfocus.com/columnists/491 [securityfocus.com]PERTINENT EXCERPTS/QUOTES:"The host file on my day-to-day laptop is now over 16,000 lines long.
Accessing the Internet particularly browsing the Web is actually faster now.
""From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade.
The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties.
More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware.
"====(A nice bonus beyond blocking adbanners via HOSTS too, because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below, several examples thereof no less), because you don't waste between 30-N ms calling out to an external DNS!
(Again, and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it)Thus, you can STILL GET TO YOUR FAV.
SITES IF HARDCODED in your HOSTS FILE (a good thing, but one you may have to periodically alter, easily, via notepad.exe edits of your HOSTS file &amp; a ping to update their new address (sites change hosting providers due to better services or prices, rare, but they do &amp; MOST let you know they are about to do so anyhow, so you can amend a HOSTS file)).NICEST PART IS, THOUGH, PER YOUR STATEMENT (in addition to the benefits of HOSTS file I note above, alongside others like Mr. Oliver Day of SECURITYFOCUS.COM)?I will STILL get to where it is that I WANT TO GO, not the router's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least, because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL, not via my routers' onboard DNS server...APKP.S.=&gt; Evidences as to WHY you'd want to add on the "extra layered security protection" of a HOSTS file, which extends global security coverage to your webbound apps, AND, allows for a great deal of added extra speed as well?
Ok, here are some documented reasons why:POISONED MALSCRIPTED ADBANNERSThe Next Ad You Click May Be a Virus:http://it.slashdot.org/article.pl?sid=09/06/15/2056219 [slashdot.org]----Attackers Infect Ads With Old Adobe Vulnerability:http://it.slashdot.org/article.pl?sid=09/02/25/024211 [slashdot.org]----Hackers Use Banner Ads on Major Sites to Hijack Your PC:http://www.wired.com/techbiz/media/news/2007/11/doubleclick [wired.com]----Adobe Flash Ads Launching Clipboard Hijack Attacks:http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss [slashdot.org]----DNS PROBLEMS:Number of Rogue DNS Servers on the Rise:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212 [slashdot.org]----Security Researcher Kaminsky Pushes DNS Patching:http://it.slashdot.org/article.pl?sid=09/02/19/2322231 [slashdot.org]----Ten Percent of DNS Servers Still Vulnerable:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235 [slashdot.org]----TimeWarner DNS Hijacking:http://tech.slashdot.org/article.pl?sid=07/07/23/2140208 [slashdot.org]----Another DNS Flaw Found:http://tech.slashdot.org/article.pl?sid=09/01/09/2348240 [slashdot.org]----Attack Code Published For DNS Vulnerability:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254 [slashdot.org]----BIND Still Susceptible To DNS Cache Poisoning:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222 [slashdot.org]----DDoS Attacks Via DNS Recursion:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209 [slashdot.org]----DNS Poisoning Hits One of China's Biggest ISPs:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250 [slashdot.org]----DNS Root Servers Attacked:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225 [slashdot.org]----DNS Problem Linked To DDoS Attacks Gets Worse:http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858 [slashdot.org]----Are your servers vulnerable to DNS attacks?http://www.networkworld.com/news/2007/111907-dns-attacks.html [networkworld.com]----Kaminsky On DNS Bugs a Year Later and DNSSEC:http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC [slashdot.org]----DNS users put higher premium on security:http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/ [techworld.com]----BIND, the Buggy Internet Name Daemon:http://cr.yp.to/djbdns/blurb/unbind.html [cr.yp.to](Where djbdns was found to have flaw, though it was alleged invulnerable, they paid out $10,000 reward)----DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE:http://blogs.zdnet.com/security/?p=1520 [zdnet.com]----DNS REBINDING ATTACKS: MultiPinning Browser JavaScript Vulnerability (how to protect yourself):http://crypto.stanford.edu/dns/ [stanford.edu]----Hackers hijack DNS records of high profile New Zealand sites:http://blogs.zdnet.com/security/?p=3185 [zdnet.com]SECURITY SUITE PROGRAMS FAILING:AntiVirus Products Fail to Find Simple IE Malware:http://tech.slashdot.org/article.pl?sid=07/10/29/1747237 [slashdot.org]----Most Security Products Fail To Perform:http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652 [slashdot.org]----TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM:http://secunia.com/blog/29/ [secunia.com]----Top security suites fail exploit tests:http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head [computerworld.com]----Antivirus is 'completely wasted money': Cisco CSO: News - Security - ZDNet Australia:http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert [zdnet.com.au]----Are Routers the Next Big Target for Hackers?http://blogs.zdnet.com/security/?p=919 [zdnet.com]----Software Firewalls: Made of Straw?
Part 1 of 2:http://www.securityfocus.com/infocus/1839 [securityfocus.com]Software Firewalls: Made of Straw?
Part 2 of 2:http://www.securityfocus.com/infocus/1840/2 [securityfocus.com]----Brief study shows difficulty in detecting malware (2008):http://www.securityfocus.com/brief/858 [securityfocus.com]----2007 - Browser vulnerabilities and attacks will continue to mount:http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679 [infoworld.com]----Bug exposes Cisco switches to attacks:http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news [cnet.com]&amp;CISCO "COMES CLEAN" ON EXTENT OF IOS FLAW:http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/ [eweek.com]&amp;Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability:http://secunia.com/advisories/28625/ [secunia.com]+Computer routers face hijack risk - study:http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss [www.cbc.ca]Slashdot Technology Story | Will Mainstream Media Embrace Adblockers?http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers [slashdot.org]----Congress May Require ISPs To Block Certain Fraud Sites:http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078 [slashdot.org]----Slashdot | Americans Don't Want Targeted Ads:http://yro.slashdot.org/article.pl?sid=09/10/01/1854214 [slashdot.org]JAVASCRIPT PROBLEMS:Slashdot | Adobe Confirms PDF Zero-Day, Says Kill JavaScript:http://it.slashdot.org/article.pl?sid=09/04/29/1823234 [slashdot.org]----Adobe Flash Zero-Day Attack Underway:http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss [slashdot.org]----JavaScript flaw reported in Adobe Reader (4th or 5th time already, if not more):http://www.securityfocus.com/brief/953 [securityfocus.com]----Another malware pulls an Italian job via JAVASCRIPT:http://blog.trendmicro.com/another-malware-pulls-an-italian-job/ [trendmicro.com]----JavaScript opens doors to browser-based attacks | CNET News.com:http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news [com.com]----Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secuniahttp://secunia.com/advisories/29787/ [secunia.com]----New script outstrips all other drive-by download risks:http://www.theregister.co.uk/2009/05/15/script\_menace/ [theregister.co.uk]----Researcher to demonstrate attack code for Intel chips via Javascript:http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036 [infoworld.com]----Researcher: JavaScript Attacks Get Slicker:http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/ [eweek.com]----Rise Of The PDF Exploits:http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits [trustedsource.org]----ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF:http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219 [shadowserver.org]----AJAX Poses Security, Performance Risks:http://www.eweek.com/article2/0,1895,1916673,00.asp [eweek.com]----Web 2.0 Threats and Risks for Financial Services:http://www.net-security.org/article.php?id=1004&amp;p=1 [net-security.org]http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack [cbronline.com]----Cross Site Scripting (GOOGLE) and WHY TO TURN OFF JAVASCRIPT:http://www.cgisecurity.com/xss-faq.html [cgisecurity.com]----Why the FBI Director Doesn't Bank Onlinehttp://it.slashdot.org/article.pl?sid=09/10/08/0327240 [slashdot.org]MAJOR ATTACKS (only a small sample) of WHY LAYERED SECURITY IS NEEDEDIs the Botnet Battle Already Lost?http://www.eweek.com/article2/0,1895,2029720,00.asp [eweek.com]----IT Pros Say They Can't Stop Data Breaches:http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD [eweek.com]----Cyber Attacks On US Military Jump Sharply In 2009http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742 [slashdot.org]----Bots Found Inside Many Big Companies:http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html [baselinemag.com]----Bot master owns up to 250,000 zombie PCs:http://www.securityfocus.com/news/11495 [securityfocus.com]----Bots surge ahead (2007):http://www.securityfocus.com/brief/466 [securityfocus.com]----Chinese Hackers Hit Commerce Department:http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227 [informationweek.com]----CIA Admits Cyberattacks Blacked Out Cities:http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631 [informationweek.com]----Compromised Banks and Investment sites list 2006:http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679 [slashdot.org]----Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Massive IFRAME SEO Poisoning Attack Continuing:http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html [blogspot.com]----Data at Bank of America, Wachovia, others compromised - May.
23, 2005:http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm [cnn.com]----Fresh Security Breaches at Los Alamos:http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/ [msn.com]----Infected job search sites lead to info theft for 46,000:http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000 [computerworld.com]----New Mega-Botnet Discovered:http://it.slashdot.org/article.pl?sid=09/04/22/2223214 [slashdot.org]----I think THAT list ought to "enlighten" ANYONE, as to why "layered security" is &amp; has been considered largely to be "THE WAY TO GO", vs. that list above (which is only a SMALL \%-age of what I can come up with in regards to threats online + their causes)... HOSTS files help protect vs. those, on several levels - DO consider their usage!apk
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271632</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271812</id>
	<title>Implement client-side prioritization</title>
	<author>Anonymous</author>
	<datestamp>1259606700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The issue is that the browser is only allowed to use a handful of requests at a time, and with a 3rd-party server some fraction of those requests are going to someone else's server. Therefore the goal should be to make sure that your content gets loaded first. This can be done in the browser--and may already be done; I'm not in the mood to parse FireFox's sourececode--using a simple prioritization algorithm:</p><ol>
<li>Content from the page host gets first priority (<tt>tech.slashdot.org</tt>)</li><li>Content from the same domain gets second priority (<tt>*.slashdot.org</tt>)</li><li>Content from anywhere else gets lowest priority.</li></ol><p>And of course, there are HTML tricks that can be used to boost render time, like using absolute hight/width attributes on every image and avoiding the use of relative metrics against dynamic portions of the page. In other words, don't define the width of your main body element as a percentage of your advertising banner's width!</p><p>Still, I can't help but think this just 1998 again, "Now with more JavaScript!"</p></htmltext>
<tokenext>The issue is that the browser is only allowed to use a handful of requests at a time , and with a 3rd-party server some fraction of those requests are going to someone else 's server .
Therefore the goal should be to make sure that your content gets loaded first .
This can be done in the browser--and may already be done ; I 'm not in the mood to parse FireFox 's sourececode--using a simple prioritization algorithm : Content from the page host gets first priority ( tech.slashdot.org ) Content from the same domain gets second priority ( * .slashdot.org ) Content from anywhere else gets lowest priority.And of course , there are HTML tricks that can be used to boost render time , like using absolute hight/width attributes on every image and avoiding the use of relative metrics against dynamic portions of the page .
In other words , do n't define the width of your main body element as a percentage of your advertising banner 's width ! Still , I ca n't help but think this just 1998 again , " Now with more JavaScript !
"</tokentext>
<sentencetext>The issue is that the browser is only allowed to use a handful of requests at a time, and with a 3rd-party server some fraction of those requests are going to someone else's server.
Therefore the goal should be to make sure that your content gets loaded first.
This can be done in the browser--and may already be done; I'm not in the mood to parse FireFox's sourececode--using a simple prioritization algorithm:
Content from the page host gets first priority (tech.slashdot.org)Content from the same domain gets second priority (*.slashdot.org)Content from anywhere else gets lowest priority.And of course, there are HTML tricks that can be used to boost render time, like using absolute hight/width attributes on every image and avoiding the use of relative metrics against dynamic portions of the page.
In other words, don't define the width of your main body element as a percentage of your advertising banner's width!Still, I can't help but think this just 1998 again, "Now with more JavaScript!
"</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271758</id>
	<title>Always the ads</title>
	<author>Anonymous</author>
	<datestamp>1259606520000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>Most of the time I see a page taking a long time to load, my status bar tells me it's trying to contact some ad server or another.</htmltext>
<tokenext>Most of the time I see a page taking a long time to load , my status bar tells me it 's trying to contact some ad server or another .</tokentext>
<sentencetext>Most of the time I see a page taking a long time to load, my status bar tells me it's trying to contact some ad server or another.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274950</id>
	<title>Re:So I'll ask again</title>
	<author>Anonymous</author>
	<datestamp>1259576700000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>There is a very specific reason why.  An ad server has a lot of decisions to make in order to serve an ad.  Most importantly is deals directly with how ads are sold.  ads are sold per 1000 views, and these views are coordinated over many different sites.  if all these ads are cached on local servers, the publisher would be running a huge risk of serving ads that he won't be paid for (because the advertiser will only pay for the amount promised, not any extras that are served).  The server that makes the decision needs to have an accurate, realtime counter in order to prevent the overdelivery problem.</p></htmltext>
<tokenext>There is a very specific reason why .
An ad server has a lot of decisions to make in order to serve an ad .
Most importantly is deals directly with how ads are sold .
ads are sold per 1000 views , and these views are coordinated over many different sites .
if all these ads are cached on local servers , the publisher would be running a huge risk of serving ads that he wo n't be paid for ( because the advertiser will only pay for the amount promised , not any extras that are served ) .
The server that makes the decision needs to have an accurate , realtime counter in order to prevent the overdelivery problem .</tokentext>
<sentencetext>There is a very specific reason why.
An ad server has a lot of decisions to make in order to serve an ad.
Most importantly is deals directly with how ads are sold.
ads are sold per 1000 views, and these views are coordinated over many different sites.
if all these ads are cached on local servers, the publisher would be running a huge risk of serving ads that he won't be paid for (because the advertiser will only pay for the amount promised, not any extras that are served).
The server that makes the decision needs to have an accurate, realtime counter in order to prevent the overdelivery problem.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272764</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272738</id>
	<title>Re:Security?</title>
	<author>colfer</author>
	<datestamp>1259611200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><nobr> <wbr></nobr></p><div class="quote"><p>...then you're giving third-party content access to your site's security zone, which is a terrible idea.</p></div><p>Not true, Google "Same Origin Policy."</p></div>
	</htmltext>
<tokenext>...then you 're giving third-party content access to your site 's security zone , which is a terrible idea.Not true , Google " Same Origin Policy .
"</tokentext>
<sentencetext> ...then you're giving third-party content access to your site's security zone, which is a terrible idea.Not true, Google "Same Origin Policy.
"
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271684</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272224</id>
	<title>Re:Why would an ad server slow down a site?</title>
	<author>BZ</author>
	<datestamp>1259608500000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>The last time I profiled some topsites in Firefox, well north of 50\% of the CPU time was spent dealing with the Flash ads (as in, 50\% of the time the CPU was busy during the pageload the program counter was inside the Flash plugin).  Given the typical latency of the ad networks, I'd estimate over 40\% of total load time on those sites was taken up by the ads.</p></htmltext>
<tokenext>The last time I profiled some topsites in Firefox , well north of 50 \ % of the CPU time was spent dealing with the Flash ads ( as in , 50 \ % of the time the CPU was busy during the pageload the program counter was inside the Flash plugin ) .
Given the typical latency of the ad networks , I 'd estimate over 40 \ % of total load time on those sites was taken up by the ads .</tokentext>
<sentencetext>The last time I profiled some topsites in Firefox, well north of 50\% of the CPU time was spent dealing with the Flash ads (as in, 50\% of the time the CPU was busy during the pageload the program counter was inside the Flash plugin).
Given the typical latency of the ad networks, I'd estimate over 40\% of total load time on those sites was taken up by the ads.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272106</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271664</id>
	<title>Pot calling the kettle black</title>
	<author>Anonymous</author>
	<datestamp>1259606100000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Google is not on the leading edge of adopting performance best practices, at least not for their ad and statistics services. The ad scripts are designed to be in the middle of the document and they load uncacheable scripts, which stops page rendering completely on a network interaction with a far away server. If this is supposed to be "best practices", I shudder to see what they think is bad practices.</p></htmltext>
<tokenext>Google is not on the leading edge of adopting performance best practices , at least not for their ad and statistics services .
The ad scripts are designed to be in the middle of the document and they load uncacheable scripts , which stops page rendering completely on a network interaction with a far away server .
If this is supposed to be " best practices " , I shudder to see what they think is bad practices .</tokentext>
<sentencetext>Google is not on the leading edge of adopting performance best practices, at least not for their ad and statistics services.
The ad scripts are designed to be in the middle of the document and they load uncacheable scripts, which stops page rendering completely on a network interaction with a far away server.
If this is supposed to be "best practices", I shudder to see what they think is bad practices.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272498</id>
	<title>Only slightly OT...</title>
	<author>BrokenHalo</author>
	<datestamp>1259609640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I don't know whether or not every<nobr> <wbr></nobr>/. user gets the option to disable ads, but one thing that is apparent to me is that Slashdot page-loads seem to take a VERY much longer time than they used to. Given that I'm not seeing any ads (I would have filtered them anyway), and I view the content in "classic" mode, it is tempting to speculate that unless slashcode itself is somehow responsible, a speed-bump might be a simple ratio of server power to number of users.<br> <br>
It might be interesting to see statistics for average<nobr> <wbr></nobr>/. page-load times as a breakdown on a per-country basis. Here's a starter: mine is just over 5 seconds for a thread with just over 100 posts. (Yikes.) I'm in Australia.</htmltext>
<tokenext>I do n't know whether or not every / .
user gets the option to disable ads , but one thing that is apparent to me is that Slashdot page-loads seem to take a VERY much longer time than they used to .
Given that I 'm not seeing any ads ( I would have filtered them anyway ) , and I view the content in " classic " mode , it is tempting to speculate that unless slashcode itself is somehow responsible , a speed-bump might be a simple ratio of server power to number of users .
It might be interesting to see statistics for average / .
page-load times as a breakdown on a per-country basis .
Here 's a starter : mine is just over 5 seconds for a thread with just over 100 posts .
( Yikes. ) I 'm in Australia .</tokentext>
<sentencetext>I don't know whether or not every /.
user gets the option to disable ads, but one thing that is apparent to me is that Slashdot page-loads seem to take a VERY much longer time than they used to.
Given that I'm not seeing any ads (I would have filtered them anyway), and I view the content in "classic" mode, it is tempting to speculate that unless slashcode itself is somehow responsible, a speed-bump might be a simple ratio of server power to number of users.
It might be interesting to see statistics for average /.
page-load times as a breakdown on a per-country basis.
Here's a starter: mine is just over 5 seconds for a thread with just over 100 posts.
(Yikes.) I'm in Australia.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272126</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273104</id>
	<title>Are web surfers bogging down the web?</title>
	<author>noidentity</author>
	<datestamp>1259612940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I think we'll find that web surfers are the real cause of web slowdown.</htmltext>
<tokenext>I think we 'll find that web surfers are the real cause of web slowdown .</tokentext>
<sentencetext>I think we'll find that web surfers are the real cause of web slowdown.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273240</id>
	<title>Ads? What are these Ads you speak of?</title>
	<author>ameline</author>
	<datestamp>1259613660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I haven't seen any for years. AdBlock Plus is your friend.</p><p>AdBlock increases my "productivity"* while surfing by substabtially increasing the speed with which web pages load, and by removing the unwanted and distracting content, allowing me to read those pages more quickly.</p><p>* In quotes as not everyone would consider surfing productive<nobr> <wbr></nobr>:-)</p></htmltext>
<tokenext>I have n't seen any for years .
AdBlock Plus is your friend.AdBlock increases my " productivity " * while surfing by substabtially increasing the speed with which web pages load , and by removing the unwanted and distracting content , allowing me to read those pages more quickly .
* In quotes as not everyone would consider surfing productive : - )</tokentext>
<sentencetext>I haven't seen any for years.
AdBlock Plus is your friend.AdBlock increases my "productivity"* while surfing by substabtially increasing the speed with which web pages load, and by removing the unwanted and distracting content, allowing me to read those pages more quickly.
* In quotes as not everyone would consider surfing productive :-)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271946</id>
	<title>"Rich" content? That is rich...</title>
	<author>knarf</author>
	<datestamp>1259607240000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>I propose a change of term for this sort of stuff. Instead of "rich" content call it "obese" content or "overloaded" content or "bloated" content. That "rich" term sounds desirable while often the opposite is true. Call the real useful stuff "enhanced" content or something similar...</p></htmltext>
<tokenext>I propose a change of term for this sort of stuff .
Instead of " rich " content call it " obese " content or " overloaded " content or " bloated " content .
That " rich " term sounds desirable while often the opposite is true .
Call the real useful stuff " enhanced " content or something similar.. .</tokentext>
<sentencetext>I propose a change of term for this sort of stuff.
Instead of "rich" content call it "obese" content or "overloaded" content or "bloated" content.
That "rich" term sounds desirable while often the opposite is true.
Call the real useful stuff "enhanced" content or something similar...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30278984</id>
	<title>Re:So I'll ask again</title>
	<author>pdwalker</author>
	<datestamp>1259598900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>So, if you believe in this idea so strongly, create it yourself.</p><p>Just remember that you have to take into account little things like:<br>- fraud prevention<br>- interfacing with wildly varying ad servers with wildly different features and wildly different conventions for ad calls<br>- the need to pull inappropriate ads from the cached ad queue asynchronously<br>- proper reporting of ads actually delivered<br>- proper ad rotation, which will depend on ads have actually been delivered<br>- handling rotation limited ad deliveries<br>- different webserver environments (IIS, apache, yadda, yadda, yadda.)<br>- and many, many more...</p><p>Can most of this be done?  Actually it is possible, although I suspect that the resulting adserver would be feature limited (remember, it needs to work across all kinds of different webservers) and there are some features that cannot be implemented without a central adserver to coordinate the data.)  The end result might be something that is too complex for websites to actually implement.</p><p>One of the biggest barriers would be the website owners.  They don't want to mess with their servers just so they can deliver ads.  Contrast installing something to manage the cached delivery of ads pulled from some ad providers adserver vs doing something like adding two lines of javascript (one to load the ad delivery library and one to make an actual ad call.</p><p>It all seems simple until you actually have to implement it.</p></htmltext>
<tokenext>So , if you believe in this idea so strongly , create it yourself.Just remember that you have to take into account little things like : - fraud prevention- interfacing with wildly varying ad servers with wildly different features and wildly different conventions for ad calls- the need to pull inappropriate ads from the cached ad queue asynchronously- proper reporting of ads actually delivered- proper ad rotation , which will depend on ads have actually been delivered- handling rotation limited ad deliveries- different webserver environments ( IIS , apache , yadda , yadda , yadda .
) - and many , many more...Can most of this be done ?
Actually it is possible , although I suspect that the resulting adserver would be feature limited ( remember , it needs to work across all kinds of different webservers ) and there are some features that can not be implemented without a central adserver to coordinate the data .
) The end result might be something that is too complex for websites to actually implement.One of the biggest barriers would be the website owners .
They do n't want to mess with their servers just so they can deliver ads .
Contrast installing something to manage the cached delivery of ads pulled from some ad providers adserver vs doing something like adding two lines of javascript ( one to load the ad delivery library and one to make an actual ad call.It all seems simple until you actually have to implement it .</tokentext>
<sentencetext>So, if you believe in this idea so strongly, create it yourself.Just remember that you have to take into account little things like:- fraud prevention- interfacing with wildly varying ad servers with wildly different features and wildly different conventions for ad calls- the need to pull inappropriate ads from the cached ad queue asynchronously- proper reporting of ads actually delivered- proper ad rotation, which will depend on ads have actually been delivered- handling rotation limited ad deliveries- different webserver environments (IIS, apache, yadda, yadda, yadda.
)- and many, many more...Can most of this be done?
Actually it is possible, although I suspect that the resulting adserver would be feature limited (remember, it needs to work across all kinds of different webservers) and there are some features that cannot be implemented without a central adserver to coordinate the data.
)  The end result might be something that is too complex for websites to actually implement.One of the biggest barriers would be the website owners.
They don't want to mess with their servers just so they can deliver ads.
Contrast installing something to manage the cached delivery of ads pulled from some ad providers adserver vs doing something like adding two lines of javascript (one to load the ad delivery library and one to make an actual ad call.It all seems simple until you actually have to implement it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272764</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272230</id>
	<title>Re:Why would an ad server slow down a site?</title>
	<author>godrik</author>
	<datestamp>1259608560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I think most website waits for an acknoledgment from the ad service to display the content of the page.</p></htmltext>
<tokenext>I think most website waits for an acknoledgment from the ad service to display the content of the page .</tokentext>
<sentencetext>I think most website waits for an acknoledgment from the ad service to display the content of the page.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272106</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271774</id>
	<title>Google Analytics</title>
	<author>Bigbutt</author>
	<datestamp>1259606520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Slows things down for me most of the time. I'll be loading a page and see that at the bottom of the browser.</p><p>[John]</p></htmltext>
<tokenext>Slows things down for me most of the time .
I 'll be loading a page and see that at the bottom of the browser .
[ John ]</tokentext>
<sentencetext>Slows things down for me most of the time.
I'll be loading a page and see that at the bottom of the browser.
[John]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274822</id>
	<title>AdBlock + NoScript + Flashblock = Solution</title>
	<author>CodeBuster</author>
	<datestamp>1259576100000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I am surprised that so many Slashdot users are actually waiting on ads. Why bother with them at all when you can run <a href="https://addons.mozilla.org/en-US/firefox/addon/1865" title="mozilla.org">AdBlock</a> [mozilla.org], <a href="https://addons.mozilla.org/en-US/firefox/addon/722" title="mozilla.org">NoScript</a> [mozilla.org], and <a href="https://addons.mozilla.org/en-US/firefox/addon/433" title="mozilla.org">Flashblock</a> [mozilla.org] to remove them? I have absolutely no qualms about doing this; the advertisers don't respect us so why should we respect them? Internet ads are for neophytes and chumps, not those with the knowledge and skill to evade them.</htmltext>
<tokenext>I am surprised that so many Slashdot users are actually waiting on ads .
Why bother with them at all when you can run AdBlock [ mozilla.org ] , NoScript [ mozilla.org ] , and Flashblock [ mozilla.org ] to remove them ?
I have absolutely no qualms about doing this ; the advertisers do n't respect us so why should we respect them ?
Internet ads are for neophytes and chumps , not those with the knowledge and skill to evade them .</tokentext>
<sentencetext>I am surprised that so many Slashdot users are actually waiting on ads.
Why bother with them at all when you can run AdBlock [mozilla.org], NoScript [mozilla.org], and Flashblock [mozilla.org] to remove them?
I have absolutely no qualms about doing this; the advertisers don't respect us so why should we respect them?
Internet ads are for neophytes and chumps, not those with the knowledge and skill to evade them.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274924</id>
	<title>Re:Kind of Fitting</title>
	<author>cmburns69</author>
	<datestamp>1259576580000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Flash also provides a convenient packaging system. All multimedia associated with the ad can be downloaded with a single HTTP request. If the ad were HTML+image, two requests would be required, with more requests for additional images/sounds/etc.</p></htmltext>
<tokenext>Flash also provides a convenient packaging system .
All multimedia associated with the ad can be downloaded with a single HTTP request .
If the ad were HTML + image , two requests would be required , with more requests for additional images/sounds/etc .</tokentext>
<sentencetext>Flash also provides a convenient packaging system.
All multimedia associated with the ad can be downloaded with a single HTTP request.
If the ad were HTML+image, two requests would be required, with more requests for additional images/sounds/etc.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271716</id>
	<title>Uselful</title>
	<author>Anonymous</author>
	<datestamp>1259606400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>But ads are useful.</p><p>There are lots of possible solutions.  One that comes it mine is to let the site with the ads server the ads along with the regular content.</p><p>Also its an unfair race.  You enter <a href="http://example.com/" title="example.com">http://example.com/</a> [example.com] in the browser and example.com starts loading then it asks for its ads.  So, of course, the ads arrive after the example.com content.</p></htmltext>
<tokenext>But ads are useful.There are lots of possible solutions .
One that comes it mine is to let the site with the ads server the ads along with the regular content.Also its an unfair race .
You enter http : //example.com/ [ example.com ] in the browser and example.com starts loading then it asks for its ads .
So , of course , the ads arrive after the example.com content .</tokentext>
<sentencetext>But ads are useful.There are lots of possible solutions.
One that comes it mine is to let the site with the ads server the ads along with the regular content.Also its an unfair race.
You enter http://example.com/ [example.com] in the browser and example.com starts loading then it asks for its ads.
So, of course, the ads arrive after the example.com content.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582</id>
	<title>Kind of Fitting</title>
	<author>eldavojohn</author>
	<datestamp>1259605620000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext>

That I should read about this story with an AT&amp;T advertisement next to it done up in Adobe Flash 10 when the exact same thing can be achieved in a few lines of HTML.  Seriously, it's an all black background with four lines of white text at h2 and h3<nobr> <wbr></nobr>... then an AT&amp;T logo in the bottom and maybe an icon for the button to "learn more."  And the article is wondering if advertisers are slowing down the web?  <br> <br>

Give the UI back to the user and leave the flashing marquee tags in Las Vegas.  The only reason you would use a swf is to achieve some display interaction/functionality not suitable for HTML+CSS+Javascript.  This is common sense yet you willing host ads that urinate on common sense.  If you want me to read an article on your site, you don't want moving flashing things annoying my eyes while I try to read text so why serve up only a technology (as all ads on Slashdot seem to be) that is designed just for that?  Ah, of course, it's your biggest revenue stream.  Well then, I guess I'll just dig in and prepare for the cycle to perpetuate ad infinitum.  And these two guys can chat all they want about it but there's no solution; it's never going to end because it's Just the Way Things Are.</htmltext>
<tokenext>That I should read about this story with an AT&amp;T advertisement next to it done up in Adobe Flash 10 when the exact same thing can be achieved in a few lines of HTML .
Seriously , it 's an all black background with four lines of white text at h2 and h3 ... then an AT&amp;T logo in the bottom and maybe an icon for the button to " learn more .
" And the article is wondering if advertisers are slowing down the web ?
Give the UI back to the user and leave the flashing marquee tags in Las Vegas .
The only reason you would use a swf is to achieve some display interaction/functionality not suitable for HTML + CSS + Javascript .
This is common sense yet you willing host ads that urinate on common sense .
If you want me to read an article on your site , you do n't want moving flashing things annoying my eyes while I try to read text so why serve up only a technology ( as all ads on Slashdot seem to be ) that is designed just for that ?
Ah , of course , it 's your biggest revenue stream .
Well then , I guess I 'll just dig in and prepare for the cycle to perpetuate ad infinitum .
And these two guys can chat all they want about it but there 's no solution ; it 's never going to end because it 's Just the Way Things Are .</tokentext>
<sentencetext>

That I should read about this story with an AT&amp;T advertisement next to it done up in Adobe Flash 10 when the exact same thing can be achieved in a few lines of HTML.
Seriously, it's an all black background with four lines of white text at h2 and h3 ... then an AT&amp;T logo in the bottom and maybe an icon for the button to "learn more.
"  And the article is wondering if advertisers are slowing down the web?
Give the UI back to the user and leave the flashing marquee tags in Las Vegas.
The only reason you would use a swf is to achieve some display interaction/functionality not suitable for HTML+CSS+Javascript.
This is common sense yet you willing host ads that urinate on common sense.
If you want me to read an article on your site, you don't want moving flashing things annoying my eyes while I try to read text so why serve up only a technology (as all ads on Slashdot seem to be) that is designed just for that?
Ah, of course, it's your biggest revenue stream.
Well then, I guess I'll just dig in and prepare for the cycle to perpetuate ad infinitum.
And these two guys can chat all they want about it but there's no solution; it's never going to end because it's Just the Way Things Are.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276888</id>
	<title>Re:Flash Ads</title>
	<author>Anonymous</author>
	<datestamp>1259583840000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Hee, I got tired of page to render, what a load of shit.</p></htmltext>
<tokenext>Hee , I got tired of page to render , what a load of shit .</tokentext>
<sentencetext>Hee, I got tired of page to render, what a load of shit.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271708</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271626</id>
	<title>Are Ad Servers Bogging Down the Web?</title>
	<author>Anonymous</author>
	<datestamp>1259605920000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Yes.</p></htmltext>
<tokenext>Yes .</tokentext>
<sentencetext>Yes.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275402</id>
	<title>Firefox bug 487638, fixed for Firefox 3.6</title>
	<author>jdennett</author>
	<datestamp>1259578500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>(Reposting, logged in this time.)</p><p>If you're using Firefox then this bug is/will be fixed in Firefox 3.6, so that it will report the correct website when things are slow instead of saying "Waiting for *.google-analytics.com.  See <a href="https://bugzilla.mozilla.org/show\_bug.cgi?id=487638" title="mozilla.org">https://bugzilla.mozilla.org/show\_bug.cgi?id=487638</a> [mozilla.org] for the details; "status bar blames wrong resource when downloading slow responding resource" is the title of that bug.</p><p>If you're using other browser(s), let me know which.</p><p>Full disclosure: Google is my employer (and I care about making sure Google Analytics isn't slow).</p></htmltext>
<tokenext>( Reposting , logged in this time .
) If you 're using Firefox then this bug is/will be fixed in Firefox 3.6 , so that it will report the correct website when things are slow instead of saying " Waiting for * .google-analytics.com .
See https : //bugzilla.mozilla.org/show \ _bug.cgi ? id = 487638 [ mozilla.org ] for the details ; " status bar blames wrong resource when downloading slow responding resource " is the title of that bug.If you 're using other browser ( s ) , let me know which.Full disclosure : Google is my employer ( and I care about making sure Google Analytics is n't slow ) .</tokentext>
<sentencetext>(Reposting, logged in this time.
)If you're using Firefox then this bug is/will be fixed in Firefox 3.6, so that it will report the correct website when things are slow instead of saying "Waiting for *.google-analytics.com.
See https://bugzilla.mozilla.org/show\_bug.cgi?id=487638 [mozilla.org] for the details; "status bar blames wrong resource when downloading slow responding resource" is the title of that bug.If you're using other browser(s), let me know which.Full disclosure: Google is my employer (and I care about making sure Google Analytics isn't slow).</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271960</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271646</id>
	<title>Most definitely yes</title>
	<author>Anonymous</author>
	<datestamp>1259606040000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The way most pages are written, the ad sites are hit multiple times before the page fully renders.  So, even though a place can have immense bandwidth, but their pages are limited to what the ad slingers can do, and since bandwidth is a cost center for them, serving up 10 meg Flash ads will be done through as poor a connection as possible.</p><p>Solution?  Either firefox/adblock/noscript/Ghostery, Privoxy, some descendent of the Proxomitron (R. I. P. Scott), and the like.  Of course, some advertisers try to start an arms race, but unless they put their complete site in a Flash app (which web schools are training people to do), this can be manually dealt with.</p></htmltext>
<tokenext>The way most pages are written , the ad sites are hit multiple times before the page fully renders .
So , even though a place can have immense bandwidth , but their pages are limited to what the ad slingers can do , and since bandwidth is a cost center for them , serving up 10 meg Flash ads will be done through as poor a connection as possible.Solution ?
Either firefox/adblock/noscript/Ghostery , Privoxy , some descendent of the Proxomitron ( R. I. P. Scott ) , and the like .
Of course , some advertisers try to start an arms race , but unless they put their complete site in a Flash app ( which web schools are training people to do ) , this can be manually dealt with .</tokentext>
<sentencetext>The way most pages are written, the ad sites are hit multiple times before the page fully renders.
So, even though a place can have immense bandwidth, but their pages are limited to what the ad slingers can do, and since bandwidth is a cost center for them, serving up 10 meg Flash ads will be done through as poor a connection as possible.Solution?
Either firefox/adblock/noscript/Ghostery, Privoxy, some descendent of the Proxomitron (R. I. P. Scott), and the like.
Of course, some advertisers try to start an arms race, but unless they put their complete site in a Flash app (which web schools are training people to do), this can be manually dealt with.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273832</id>
	<title>Re:This isn't new</title>
	<author>Taibhsear</author>
	<datestamp>1259572320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>In this regard, AdBlock makes a significant difference if you tell it to not download ads at all</p></div><p>How do you do this? I cannot for the life of me find this in the preferences. I know it doesn't show the ads but if I can just deny any chance for it to even try to access the ad servers it would greatly speed up my browsing.</p></div>
	</htmltext>
<tokenext>In this regard , AdBlock makes a significant difference if you tell it to not download ads at allHow do you do this ?
I can not for the life of me find this in the preferences .
I know it does n't show the ads but if I can just deny any chance for it to even try to access the ad servers it would greatly speed up my browsing .</tokentext>
<sentencetext>In this regard, AdBlock makes a significant difference if you tell it to not download ads at allHow do you do this?
I cannot for the life of me find this in the preferences.
I know it doesn't show the ads but if I can just deny any chance for it to even try to access the ad servers it would greatly speed up my browsing.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271744</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272660</id>
	<title>Re:Kind of Fitting</title>
	<author>ruewan</author>
	<datestamp>1259610660000</datestamp>
	<modclass>None</modclass>
	<modscore>2</modscore>
	<htmltext>I personally hate flash. Games are the only thing that I think flash should be used for. I like gmail and think that most non-game interactive stuff can be doing using GWT or something else. My wife plays a lot of flash games on facebook. I find that these games just eat CPU. I wonder how flash much client resources flash ads consume, but I don't really can't because I block them with adblock plus so they don't show up anyway.</htmltext>
<tokenext>I personally hate flash .
Games are the only thing that I think flash should be used for .
I like gmail and think that most non-game interactive stuff can be doing using GWT or something else .
My wife plays a lot of flash games on facebook .
I find that these games just eat CPU .
I wonder how flash much client resources flash ads consume , but I do n't really ca n't because I block them with adblock plus so they do n't show up anyway .</tokentext>
<sentencetext>I personally hate flash.
Games are the only thing that I think flash should be used for.
I like gmail and think that most non-game interactive stuff can be doing using GWT or something else.
My wife plays a lot of flash games on facebook.
I find that these games just eat CPU.
I wonder how flash much client resources flash ads consume, but I don't really can't because I block them with adblock plus so they don't show up anyway.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272430</id>
	<title>Surprised...</title>
	<author>CrashNBrn</author>
	<datestamp>1259609340000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>That's one reason why we shouldn't be too <b>surprised</b> that we see performance issues in third party ads. The other reason is that ad services are not focused on technology. Certainly companies like Yahoo and Google and Microsoft, we're technology companies. We focus on technology. So it's not <b>surprising</b> that our web developers are on the leading edge of adopting these performance best practices. And it's also not <b>surprising</b> that ad services might lag two, three or four years behind where these web technology companies are.""</p></div></blockquote><p>
I for one, am shocked, astounded, flabbergasted...surprised? er Not Surprised.</p></div>
	</htmltext>
<tokenext>That 's one reason why we should n't be too surprised that we see performance issues in third party ads .
The other reason is that ad services are not focused on technology .
Certainly companies like Yahoo and Google and Microsoft , we 're technology companies .
We focus on technology .
So it 's not surprising that our web developers are on the leading edge of adopting these performance best practices .
And it 's also not surprising that ad services might lag two , three or four years behind where these web technology companies are .
" " I for one , am shocked , astounded , flabbergasted...surprised ?
er Not Surprised .</tokentext>
<sentencetext>That's one reason why we shouldn't be too surprised that we see performance issues in third party ads.
The other reason is that ad services are not focused on technology.
Certainly companies like Yahoo and Google and Microsoft, we're technology companies.
We focus on technology.
So it's not surprising that our web developers are on the leading edge of adopting these performance best practices.
And it's also not surprising that ad services might lag two, three or four years behind where these web technology companies are.
""
I for one, am shocked, astounded, flabbergasted...surprised?
er Not Surprised.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272468</id>
	<title>Re:Slow ads... Hi Bert64 (remember me?): An idea!</title>
	<author>Anonymous</author>
	<datestamp>1259609520000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext><div class="quote"><p><b>"Quite often you will be loading a website, and be staring at a blank screen with "making connection to ads.blablabla" at the bottom.... The page itself has loaded, but won't display until the browser has managed to retrieve the ads. Also you will see ad servers in completely different locations to the site you're viewing, and therefore much slower. Also, some ads are especially large, especially animated flash ones, and can add a noticeable delay to a page load even if the ad server isn't slow or lagged. My pet hate btw, are ads which have sound... I find that EXTREMELY annoying and quickly block access to any ad provider which serves such things.</b> - by Bert64 (520050)  on Monday November 30, @12:31PM (#30271612) Homepage</p></div><p>Per my subject-line, Hello Bert64 (again), &amp; here is a GOOD SOLID WORK-AROUND (especially considering you pay for your linetime out of pocket most likely as I do, you can get back your speed, AND, gain security easily, &amp; from a single easily edited file (which I am sure you know about, but, others may not, so... here goes):</p><p>NO PROBLEM, 110\% agreement here on that account... &amp; more (like more speed online AND more security, via a SINGLE EASILY EDITED + POPULATED FILE, called a HOSTS file):</p><p>I use <b>a custom HOSTS file</b>, in addition to the tools you noted (which only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, &amp; that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", &amp; of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).</p><p>HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&amp;C servers" too!</p><p><b>You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!</b></p><p>(More on that later &amp; WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -&gt; <a href="http://en.wikipedia.org/wiki/Hosts\_file" title="wikipedia.org" rel="nofollow">http://en.wikipedia.org/wiki/Hosts\_file</a> [wikipedia.org] or those from mvps.org (a good one this one))</p><p><b>I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats, via:</b></p><p>----</p><p>A.) Spybot "Search &amp; Destroy" updates (populates HOSTS and browser block lists)</p><p>B.) Sites like ZDNet's Mr. Dancho Danchev's blog -&gt; <a href="http://ddanchev.blogspot.com/" title="blogspot.com" rel="nofollow">http://ddanchev.blogspot.com/</a> [blogspot.com]</p><p>C.) Sites like FireEye -&gt; <a href="http://blog.fireeye.com/" title="fireeye.com" rel="nofollow">http://blog.fireeye.com/</a> [fireeye.com]</p><p>D.) SRI -&gt; <a href="http://mtc.sri.com/" title="sri.com" rel="nofollow">http://mtc.sri.com/</a> [sri.com]</p><p>----</p><p>My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).</p><p>(I combined ALL reputable HOSTS files with one of my own (30,000 entries), &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++". That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller &amp; thus faster than 127.0.0.1 default) or the smallest &amp; fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (&amp; it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (&amp; now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -&gt; <a href="http://www.rootkit.com/newsread.php?newsid=952" title="rootkit.com" rel="nofollow">http://www.rootkit.com/newsread.php?newsid=952</a> [rootkit.com] [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))</p><p><b>Another EXCELLENT benefit of HOSTS file usage? More speed online, &amp; also more security + reliability</b> (especially in the case of DNS servers today, per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...</p><p>SO, to "CIRCUMVENT" THAT WHICH YOU NOTE &amp; to get more speed online (besides/above potentially hijacked adbanners etc. et al)?</p><p>WELL - <b>I use another "technique" called "hardcoding" an IP address to domainname/hostname in my HOSTS files, for my FAVORITE websites:</b></p><p><b>This allows me to FIRST bypass any remote/external DNS lookups, which also would in theory @ least, make me "proofed" vs. DNS request logs by my ISP/BSP also.</b></p><p>(Especially since I use external DNS servers too, OpenDNS ones to be specific, that go beyond my hardcoded favs in my HOSTS file because I can't ping &amp; resolve the ENTIRE internet after all)</p><p>This also makes it harder for others to track me...</p><p>(Sure, they could do a "reverse DNS lookup" via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest, but that is harder to do, than looking up my URL requests via a log on a DNS server))</p><p><b>ALSO, AS ANOTHER "BONUS" in HOSTS FILES</b> (can't stress it enough, &amp; especially above + beyond adbanner blocking)<b>:  It speeds you up, or can!</b></p><p>E.G.-&gt; A buddy of mine named Jack says it has (verbatim quote) "DOUBLED MY SPEED ONLINE, BUT I VALUE THE SECURITY PART MORE", because he used to get over 200++ viruses a week, now? Only maybe 2 a year IF THAT lately, &amp; he is convinced it is largely due to the HOSTS file I send him weekly (he is my "lab rat #1" due to his previous infestation rate), &amp; if that "anecdotal evidence" is not enough? See this then, from a published security guru on a respected site for it:</p><p>====</p><p><b>RESURRECTING THE KILLFILE:</b></p><p>(by Mr. Oliver Day)</p><p><a href="http://www.securityfocus.com/columnists/491" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/columnists/491</a> [securityfocus.com]</p><p><b>PERTINENT EXCERPTS/QUOTES:</b></p><p>"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."</p><p>"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."</p><p>====</p><p>(A nice bonus beyond blocking adbanners via HOSTS too, because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below, several examples thereof no less), because you don't waste between 30-N ms calling out to an external DNS!</p><p>(Again, and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it)</p><p>Thus, you can STILL GET TO YOUR FAV. SITES IF HARDCODED in your HOSTS FILE (a good thing, but one you may have to periodically alter, easily, via notepad.exe edits of your HOSTS file &amp; a ping to update their new address (sites change hosting providers due to better services or prices, rare, but they do &amp; MOST let you know they are about to do so anyhow, so you can amend a HOSTS file)).</p><p>NICEST PART IS, THOUGH, PER YOUR STATEMENT (in addition to the benefits of HOSTS file I note above, alongside others like Mr. Oliver Day of SECURITYFOCUS.COM)?</p><p>I will STILL get to where it is that I WANT TO GO, not the router's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least, because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL, not via my routers' onboard DNS server...</p><p>APK</p><p>P.S.=&gt; Evidences as to WHY you'd want to add on the "extra layered security protection" of a HOSTS file, which extends global security coverage to your webbound apps, AND, allows for a great deal of added extra speed as well? Ok, here are some documented reasons why like:</p><p>a.) DNS servers vulnerable, under attack, failing or being "DNS poisoned" misdirected &amp; more</p><p>b.) Security suites failing vs. modern "blended threats" online</p><p>c.) javascript being used to do most of this via apps)</p><p>d.) adbanners being maliciously coded also...</p><p>(Here we go with documented proofs/examples:)</p><p><b>POISONED MALSCRIPTED ADBANNERS</b></p><p><b>The Next Ad You Click May Be a Virus:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/06/15/2056219" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/06/15/2056219</a> [slashdot.org]</p><p>----</p><p><b>Attackers Infect Ads With Old Adobe Vulnerability:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/02/25/024211" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/02/25/024211</a> [slashdot.org]</p><p>----</p><p><b>Hackers Use Banner Ads on Major Sites to Hijack Your PC:</b></p><p><a href="http://www.wired.com/techbiz/media/news/2007/11/doubleclick" title="wired.com" rel="nofollow">http://www.wired.com/techbiz/media/news/2007/11/doubleclick</a> [wired.com]</p><p>----</p><p><b>Adobe Flash Ads Launching Clipboard Hijack Attacks:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss</a> [slashdot.org]</p><p>----</p><p><b>Slashdot | Americans Don't Want Targeted Ads:</b></p><p><a href="http://yro.slashdot.org/article.pl?sid=09/10/01/1854214" title="slashdot.org" rel="nofollow">http://yro.slashdot.org/article.pl?sid=09/10/01/1854214</a> [slashdot.org]</p><p>====</p><p><b>DNS PROBLEMS:</b></p><p><b>Number of Rogue DNS Servers on the Rise:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212</a> [slashdot.org]</p><p>----</p><p><b>Security Researcher Kaminsky Pushes DNS Patching:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/02/19/2322231" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/02/19/2322231</a> [slashdot.org]</p><p>----</p><p><b>Ten Percent of DNS Servers Still Vulnerable:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235</a> [slashdot.org]</p><p>----</p><p><b>TimeWarner DNS Hijacking:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=07/07/23/2140208" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=07/07/23/2140208</a> [slashdot.org]</p><p>----</p><p><b>Another DNS Flaw Found:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=09/01/09/2348240" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=09/01/09/2348240</a> [slashdot.org]</p><p>----</p><p><b>Attack Code Published For DNS Vulnerability:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254</a> [slashdot.org]</p><p>----</p><p><b>BIND Still Susceptible To DNS Cache Poisoning:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222</a> [slashdot.org]</p><p>----</p><p><b>DDoS Attacks Via DNS Recursion:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209</a> [slashdot.org]</p><p>----</p><p><b>DNS Poisoning Hits One of China's Biggest ISPs:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250</a> [slashdot.org]</p><p>----</p><p><b>DNS Root Servers Attacked:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225</a> [slashdot.org]</p><p>----</p><p><b>DNS Problem Linked To DDoS Attacks Gets Worse:</b></p><p><a href="http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858</a> [slashdot.org]</p><p>----</p><p><b>Are your servers vulnerable to DNS attacks?</b></p><p><a href="http://www.networkworld.com/news/2007/111907-dns-attacks.html" title="networkworld.com" rel="nofollow">http://www.networkworld.com/news/2007/111907-dns-attacks.html</a> [networkworld.com]</p><p>----</p><p><b>Kaminsky On DNS Bugs a Year Later and DNSSEC:</b></p><p><a href="http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC" title="slashdot.org" rel="nofollow">http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC</a> [slashdot.org]</p><p>----</p><p><b>DNS users put higher premium on security:</b></p><p><a href="http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/" title="techworld.com" rel="nofollow">http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/</a> [techworld.com]</p><p>----</p><p><b>BIND, the Buggy Internet Name Daemon:</b></p><p><a href="http://cr.yp.to/djbdns/blurb/unbind.html" title="cr.yp.to" rel="nofollow">http://cr.yp.to/djbdns/blurb/unbind.html</a> [cr.yp.to]</p><p>(Where djbdns was found to have flaw, though it was alleged invulnerable, they paid out $10,000 reward)</p><p>----</p><p><b>DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE:</b></p><p><a href="http://blogs.zdnet.com/security/?p=1520" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=1520</a> [zdnet.com]</p><p>----</p><p><b>DNS REBINDING ATTACKS: MultiPinning Browser JavaScript Vulnerability</b> (how to protect yourself):</p><p><a href="http://crypto.stanford.edu/dns/" title="stanford.edu" rel="nofollow">http://crypto.stanford.edu/dns/</a> [stanford.edu]</p><p>----</p><p><b>Hackers hijack DNS records of high profile New Zealand sites:</b></p><p><a href="http://blogs.zdnet.com/security/?p=3185" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=3185</a> [zdnet.com]</p><p>====</p><p><b>SECURITY SUITE PROGRAMS FAILING:</b></p><p><b>AntiVirus Products Fail to Find Simple IE Malware:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=07/10/29/1747237" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=07/10/29/1747237</a> [slashdot.org]</p><p>----</p><p><b>Most Security Products Fail To Perform:</b></p><p><a href="http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652" title="slashdot.org" rel="nofollow">http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652</a> [slashdot.org]</p><p>----</p><p><b>TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM:</b></p><p><a href="http://secunia.com/blog/29/" title="secunia.com" rel="nofollow">http://secunia.com/blog/29/</a> [secunia.com]</p><p>----</p><p><b>Top security suites fail exploit tests:</b></p><p><a href="http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head" title="computerworld.com" rel="nofollow">http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head</a> [computerworld.com]</p><p>----</p><p><b>Antivirus is 'completely wasted money': Cisco CSO: News - Security - ZDNet Australia:</b></p><p><a href="http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert" title="zdnet.com.au" rel="nofollow">http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert</a> [zdnet.com.au]</p><p>----</p><p><b>Are Routers the Next Big Target for Hackers?</b></p><p><a href="http://blogs.zdnet.com/security/?p=919" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=919</a> [zdnet.com]</p><p>----</p><p><b>Software Firewalls: Made of Straw? Part 1 of 2:</b></p><p><a href="http://www.securityfocus.com/infocus/1839" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/infocus/1839</a> [securityfocus.com]</p><p><b>Software Firewalls: Made of Straw? Part 2 of 2:</b></p><p><a href="http://www.securityfocus.com/infocus/1840/2" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/infocus/1840/2</a> [securityfocus.com]</p><p>----</p><p><b>Brief study shows difficulty in detecting malware (2008):</b></p><p><a href="http://www.securityfocus.com/brief/858" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/858</a> [securityfocus.com]</p><p>----</p><p><b>2007 - Browser vulnerabilities and attacks will continue to mount:</b></p><p><a href="http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679" title="infoworld.com" rel="nofollow">http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679</a> [infoworld.com]</p><p>----</p><p><b>Bug exposes Cisco switches to attacks:</b></p><p><a href="http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news" title="cnet.com" rel="nofollow">http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news</a> [cnet.com]</p><p>&amp;</p><p><b>CISCO "COMES CLEAN" ON EXTENT OF IOS FLAW:</b></p><p><a href="http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/" title="eweek.com" rel="nofollow">http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/</a> [eweek.com]</p><p>&amp;</p><p><b>Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability:</b></p><p><a href="http://secunia.com/advisories/28625/" title="secunia.com" rel="nofollow">http://secunia.com/advisories/28625/</a> [secunia.com]</p><p>+</p><p><b>Computer routers face hijack risk - study:</b></p><p><a href="http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss" title="www.cbc.ca" rel="nofollow">http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss</a> [www.cbc.ca]</p><p>Slashdot Technology Story | Will Mainstream Media Embrace Adblockers?</p><p><a href="http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers</a> [slashdot.org]</p><p>----</p><p><b>Congress May Require ISPs To Block Certain Fraud Sites:</b></p><p><a href="http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078" title="slashdot.org" rel="nofollow">http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078</a> [slashdot.org]</p><p>====</p><p><b>JAVASCRIPT PROBLEMS:</b></p><p><b>Slashdot | Adobe Confirms PDF Zero-Day, Says Kill JavaScript:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/04/29/1823234" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/04/29/1823234</a> [slashdot.org]</p><p>----</p><p><b>Adobe Flash Zero-Day Attack Underway:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss</a> [slashdot.org]</p><p>----</p><p><b>JavaScript flaw reported in Adobe Reader</b> (4th or 5th time already, if not more):</p><p><a href="http://www.securityfocus.com/brief/953" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/953</a> [securityfocus.com]</p><p>----</p><p><b>Another malware pulls an Italian job via JAVASCRIPT:</b></p><p><a href="http://blog.trendmicro.com/another-malware-pulls-an-italian-job/" title="trendmicro.com" rel="nofollow">http://blog.trendmicro.com/another-malware-pulls-an-italian-job/</a> [trendmicro.com]</p><p>----</p><p><b>JavaScript opens doors to browser-based attacks | CNET News.com:</b></p><p><a href="http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news" title="com.com" rel="nofollow">http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news</a> [com.com]</p><p>----</p><p><b>Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secunia</b></p><p><a href="http://secunia.com/advisories/29787/" title="secunia.com" rel="nofollow">http://secunia.com/advisories/29787/</a> [secunia.com]</p><p>----</p><p><b>New script outstrips all other drive-by download risks:</b></p><p><a href="http://www.theregister.co.uk/2009/05/15/script\_menace/" title="theregister.co.uk" rel="nofollow">http://www.theregister.co.uk/2009/05/15/script\_menace/</a> [theregister.co.uk]</p><p>----</p><p><b>Researcher to demonstrate attack code for Intel chips via Javascript:</b></p><p><a href="http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036" title="infoworld.com" rel="nofollow">http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036</a> [infoworld.com]</p><p>----</p><p><b>Researcher: JavaScript Attacks Get Slicker:</b></p><p><a href="http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/" title="eweek.com" rel="nofollow">http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/</a> [eweek.com]</p><p>----</p><p><b>Rise Of The PDF Exploits:</b></p><p><a href="http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits" title="trustedsource.org" rel="nofollow">http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits</a> [trustedsource.org]</p><p>----</p><p><b>ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF:</b></p><p><a href="http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219" title="shadowserver.org" rel="nofollow">http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219</a> [shadowserver.org]</p><p>----</p><p><b>AJAX Poses Security, Performance Risks:</b></p><p><a href="http://www.eweek.com/article2/0,1895,1916673,00.asp" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,1916673,00.asp</a> [eweek.com]</p><p>----</p><p><b>Web 2.0 Threats and Risks for Financial Services:</b></p><p><a href="http://www.net-security.org/article.php?id=1004&amp;p=1" title="net-security.org" rel="nofollow">http://www.net-security.org/article.php?id=1004&amp;p=1</a> [net-security.org]</p><p><a href="http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack" title="cbronline.com" rel="nofollow">http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack</a> [cbronline.com]</p><p>----</p><p><b>Cross Site Scripting</b> (GOOGLE) <b>and WHY TO TURN OFF JAVASCRIPT:</b></p><p><a href="http://www.cgisecurity.com/xss-faq.html" title="cgisecurity.com" rel="nofollow">http://www.cgisecurity.com/xss-faq.html</a> [cgisecurity.com]</p><p>----</p><p><b>Why the FBI Director Doesn't Bank Online</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/10/08/0327240" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/10/08/0327240</a> [slashdot.org]</p><p><b>MAJOR ATTACKS (only a small sample) of WHY LAYERED SECURITY IS NEEDED</b></p><p><b>Is the Botnet Battle Already Lost?</b></p><p><a href="http://www.eweek.com/article2/0,1895,2029720,00.asp" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,2029720,00.asp</a> [eweek.com]</p><p>----</p><p><b>IT Pros Say They Can't Stop Data Breaches:</b></p><p><a href="http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD</a> [eweek.com]</p><p>----</p><p><b>Cyber Attacks On US Military Jump Sharply In 2009</b></p><p><a href="http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742</a> [slashdot.org]</p><p>----</p><p><b>Bots Found Inside Many Big Companies:</b></p><p><a href="http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html" title="baselinemag.com" rel="nofollow">http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html</a> [baselinemag.com]</p><p>----</p><p><b>Bot master owns up to 250,000 zombie PCs:</b></p><p><a href="http://www.securityfocus.com/news/11495" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/news/11495</a> [securityfocus.com]</p><p>----</p><p><b>Bots surge ahead (2007):</b></p><p><a href="http://www.securityfocus.com/brief/466" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/466</a> [securityfocus.com]</p><p>----</p><p><b>Chinese Hackers Hit Commerce Department:</b></p><p><a href="http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227" title="informationweek.com" rel="nofollow">http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227</a> [informationweek.com]</p><p>----</p><p><b>CIA Admits Cyberattacks Blacked Out Cities:</b></p><p><a href="http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631" title="informationweek.com" rel="nofollow">http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631</a> [informationweek.com]</p><p>----</p><p><b>Compromised Banks and Investment sites list 2006:</b></p><p><a href="http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679" title="slashdot.org" rel="nofollow">http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679</a> [slashdot.org]</p><p>----</p><p><b>Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Massive IFRAME SEO Poisoning Attack Continuing:</b></p><p><a href="http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html" title="blogspot.com" rel="nofollow">http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html</a> [blogspot.com]</p><p>----</p><p><b>Data at Bank of America, Wachovia, others compromised - May. 23, 2005:</b></p><p><a href="http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm" title="cnn.com" rel="nofollow">http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm</a> [cnn.com]</p><p>----</p><p><b>Fresh Security Breaches at Los Alamos:</b></p><p><a href="http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/" title="msn.com" rel="nofollow">http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/</a> [msn.com]</p><p>----</p><p><b>Infected job search sites lead to info theft for 46,000:</b></p><p><a href="http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000" title="computerworld.com" rel="nofollow">http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000</a> [computerworld.com]</p><p>----</p><p><b>New Mega-Botnet Discovered:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/04/22/2223214" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/04/22/2223214</a> [slashdot.org]</p><p>----</p><p>I think THAT list ought to "enlighten" ANYONE, as to why "layered security" is &amp; has been considered largely to be "THE WAY TO GO", vs. that list above (which is only a SMALL \%-age of what I can come up with in regards to threats online + their causes)... HOSTS files help protect vs. those, on several levels - DO consider their usage!</p><p>apk</p></div>
	</htmltext>
<tokenext>" Quite often you will be loading a website , and be staring at a blank screen with " making connection to ads.blablabla " at the bottom.... The page itself has loaded , but wo n't display until the browser has managed to retrieve the ads .
Also you will see ad servers in completely different locations to the site you 're viewing , and therefore much slower .
Also , some ads are especially large , especially animated flash ones , and can add a noticeable delay to a page load even if the ad server is n't slow or lagged .
My pet hate btw , are ads which have sound... I find that EXTREMELY annoying and quickly block access to any ad provider which serves such things .
- by Bert64 ( 520050 ) on Monday November 30 , @ 12 : 31PM ( # 30271612 ) HomepagePer my subject-line , Hello Bert64 ( again ) , &amp; here is a GOOD SOLID WORK-AROUND ( especially considering you pay for your linetime out of pocket most likely as I do , you can get back your speed , AND , gain security easily , &amp; from a single easily edited file ( which I am sure you know about , but , others may not , so... here goes ) : NO PROBLEM , 110 \ % agreement here on that account... &amp; more ( like more speed online AND more security , via a SINGLE EASILY EDITED + POPULATED FILE , called a HOSTS file ) : I use a custom HOSTS file , in addition to the tools you noted ( which only really function for FireFox/Mozilla products , but do n't extend globally to all other webbound applications , &amp; that is part of what HOSTS files give you above the methods you extoll + utilize : " GLOBAL COVERAGE " , &amp; of ALL webbound apps , not just FireFox/Mozilla ones via the addons you noted + use yourself... ) .HOSTS files can be used to blockout KNOWN " bad " adserves , maliciously coded sites or adbanners , and " botnet C&amp;C servers " too ! You can obtain reliable HOSTS files from reputable lists for more security online , but also for speed !
( More on that later &amp; WHY/HOW ( I use reliable lists for that , such as these HOSTS @ Wikipedia.com - &gt; http : //en.wikipedia.org/wiki/Hosts \ _file [ wikipedia.org ] or those from mvps.org ( a good one this one ) ) I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats , via : ----A .
) Spybot " Search &amp; Destroy " updates ( populates HOSTS and browser block lists ) B .
) Sites like ZDNet 's Mr. Dancho Danchev 's blog - &gt; http : //ddanchev.blogspot.com/ [ blogspot.com ] C. ) Sites like FireEye - &gt; http : //blog.fireeye.com/ [ fireeye.com ] D. ) SRI - &gt; http : //mtc.sri.com/ [ sri.com ] ----My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online ( by blocking adbanners , which have been compromised many times the past few years now by malscripted exploits ( examples below ) ) .
( I combined ALL reputable HOSTS files with one of my own ( 30,000 entries ) , &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called " APK HOSTS File Grinder 4.0 + + " .
That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter ' IP address to either 0.0.0.0 ( for VISTA/Windows Server 2008/Windows 7 , smaller &amp; thus faster than 127.0.0.1 default ) or the smallest &amp; fastest 0 " blocking 'IP ADDRESS ' " ( for Windows 2000/XP/Server 2003 which can STILL use it ( &amp; it was added in a service pack on Windows 2000 , only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards ( &amp; now all these " phunny little bugs " are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall , which ROOTKIT.COM has stated ( with code too no less on how it is done ) - &gt; http : //www.rootkit.com/newsread.php ? newsid = 952 [ rootkit.com ] [ rootkit.com ] that it is EASIER TO UNHOOK ( than was the design used in Windows 2000/XP/Server 2003 ) ) Another EXCELLENT benefit of HOSTS file usage ?
More speed online , &amp; also more security + reliability ( especially in the case of DNS servers today , per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now ) ...SO , to " CIRCUMVENT " THAT WHICH YOU NOTE &amp; to get more speed online ( besides/above potentially hijacked adbanners etc .
et al ) ? WELL - I use another " technique " called " hardcoding " an IP address to domainname/hostname in my HOSTS files , for my FAVORITE websites : This allows me to FIRST bypass any remote/external DNS lookups , which also would in theory @ least , make me " proofed " vs. DNS request logs by my ISP/BSP also .
( Especially since I use external DNS servers too , OpenDNS ones to be specific , that go beyond my hardcoded favs in my HOSTS file because I ca n't ping &amp; resolve the ENTIRE internet after all ) This also makes it harder for others to track me... ( Sure , they could do a " reverse DNS lookup " via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest , but that is harder to do , than looking up my URL requests via a log on a DNS server ) ) ALSO , AS ANOTHER " BONUS " in HOSTS FILES ( ca n't stress it enough , &amp; especially above + beyond adbanner blocking ) : It speeds you up , or can ! E.G.- &gt; A buddy of mine named Jack says it has ( verbatim quote ) " DOUBLED MY SPEED ONLINE , BUT I VALUE THE SECURITY PART MORE " , because he used to get over 200 + + viruses a week , now ?
Only maybe 2 a year IF THAT lately , &amp; he is convinced it is largely due to the HOSTS file I send him weekly ( he is my " lab rat # 1 " due to his previous infestation rate ) , &amp; if that " anecdotal evidence " is not enough ?
See this then , from a published security guru on a respected site for it : = = = = RESURRECTING THE KILLFILE : ( by Mr. Oliver Day ) http : //www.securityfocus.com/columnists/491 [ securityfocus.com ] PERTINENT EXCERPTS/QUOTES : " The host file on my day-to-day laptop is now over 16,000 lines long .
Accessing the Internet particularly browsing the Web is actually faster now .
" " From what I have seen in my research , major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade .
The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties .
More recently , projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware .
" = = = = ( A nice bonus beyond blocking adbanners via HOSTS too , because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below , several examples thereof no less ) , because you do n't waste between 30-N ms calling out to an external DNS !
( Again , and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it ) Thus , you can STILL GET TO YOUR FAV .
SITES IF HARDCODED in your HOSTS FILE ( a good thing , but one you may have to periodically alter , easily , via notepad.exe edits of your HOSTS file &amp; a ping to update their new address ( sites change hosting providers due to better services or prices , rare , but they do &amp; MOST let you know they are about to do so anyhow , so you can amend a HOSTS file ) ) .NICEST PART IS , THOUGH , PER YOUR STATEMENT ( in addition to the benefits of HOSTS file I note above , alongside others like Mr. Oliver Day of SECURITYFOCUS.COM ) ? I will STILL get to where it is that I WANT TO GO , not the router 's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least , because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL , not via my routers ' onboard DNS server...APKP.S. = &gt; Evidences as to WHY you 'd want to add on the " extra layered security protection " of a HOSTS file , which extends global security coverage to your webbound apps , AND , allows for a great deal of added extra speed as well ?
Ok , here are some documented reasons why like : a .
) DNS servers vulnerable , under attack , failing or being " DNS poisoned " misdirected &amp; moreb .
) Security suites failing vs. modern " blended threats " onlinec .
) javascript being used to do most of this via apps ) d. ) adbanners being maliciously coded also... ( Here we go with documented proofs/examples : ) POISONED MALSCRIPTED ADBANNERSThe Next Ad You Click May Be a Virus : http : //it.slashdot.org/article.pl ? sid = 09/06/15/2056219 [ slashdot.org ] ----Attackers Infect Ads With Old Adobe Vulnerability : http : //it.slashdot.org/article.pl ? sid = 09/02/25/024211 [ slashdot.org ] ----Hackers Use Banner Ads on Major Sites to Hijack Your PC : http : //www.wired.com/techbiz/media/news/2007/11/doubleclick [ wired.com ] ----Adobe Flash Ads Launching Clipboard Hijack Attacks : http : //it.slashdot.org/article.pl ? sid = 08/08/20/0029220&amp;from = rss [ slashdot.org ] ----Slashdot | Americans Do n't Want Targeted Ads : http : //yro.slashdot.org/article.pl ? sid = 09/10/01/1854214 [ slashdot.org ] = = = = DNS PROBLEMS : Number of Rogue DNS Servers on the Rise : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/02/15/2118212 [ slashdot.org ] ----Security Researcher Kaminsky Pushes DNS Patching : http : //it.slashdot.org/article.pl ? sid = 09/02/19/2322231 [ slashdot.org ] ----Ten Percent of DNS Servers Still Vulnerable : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 05/08/04/1525235 [ slashdot.org ] ----TimeWarner DNS Hijacking : http : //tech.slashdot.org/article.pl ? sid = 07/07/23/2140208 [ slashdot.org ] ----Another DNS Flaw Found : http : //tech.slashdot.org/article.pl ? sid = 09/01/09/2348240 [ slashdot.org ] ----Attack Code Published For DNS Vulnerability : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/07/23/231254 [ slashdot.org ] ----BIND Still Susceptible To DNS Cache Poisoning : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/08/09/123222 [ slashdot.org ] ----DDoS Attacks Via DNS Recursion : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 06/03/16/1658209 [ slashdot.org ] ----DNS Poisoning Hits One of China 's Biggest ISPs : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/08/21/2343250 [ slashdot.org ] ----DNS Root Servers Attacked : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 07/02/06/2238225 [ slashdot.org ] ----DNS Problem Linked To DDoS Attacks Gets Worse : http : //tech.slashdot.org/comments.pl ? sid = 1444354&amp;cid = 30109858 [ slashdot.org ] ----Are your servers vulnerable to DNS attacks ? http : //www.networkworld.com/news/2007/111907-dns-attacks.html [ networkworld.com ] ----Kaminsky On DNS Bugs a Year Later and DNSSEC : http : //it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC [ slashdot.org ] ----DNS users put higher premium on security : http : //news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/ [ techworld.com ] ----BIND , the Buggy Internet Name Daemon : http : //cr.yp.to/djbdns/blurb/unbind.html [ cr.yp.to ] ( Where djbdns was found to have flaw , though it was alleged invulnerable , they paid out $ 10,000 reward ) ----DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE : http : //blogs.zdnet.com/security/ ? p = 1520 [ zdnet.com ] ----DNS REBINDING ATTACKS : MultiPinning Browser JavaScript Vulnerability ( how to protect yourself ) : http : //crypto.stanford.edu/dns/ [ stanford.edu ] ----Hackers hijack DNS records of high profile New Zealand sites : http : //blogs.zdnet.com/security/ ? p = 3185 [ zdnet.com ] = = = = SECURITY SUITE PROGRAMS FAILING : AntiVirus Products Fail to Find Simple IE Malware : http : //tech.slashdot.org/article.pl ? sid = 07/10/29/1747237 [ slashdot.org ] ----Most Security Products Fail To Perform : http : //hardware.slashdot.org/comments.pl ? sid = 1445302&amp;threshold = -1&amp;commentsort = 0&amp;mode = thread&amp;pid = 30114652 [ slashdot.org ] ----TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM : http : //secunia.com/blog/29/ [ secunia.com ] ----Top security suites fail exploit tests : http : //www.computerworld.com/s/article/9117042/Top \ _security \ _suites \ _fail \ _exploit \ _tests ? intsrc = news \ _ts \ _head [ computerworld.com ] ----Antivirus is 'completely wasted money ' : Cisco CSO : News - Security - ZDNet Australia : http : //www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm ? feed = pt \ _auscert [ zdnet.com.au ] ----Are Routers the Next Big Target for Hackers ? http : //blogs.zdnet.com/security/ ? p = 919 [ zdnet.com ] ----Software Firewalls : Made of Straw ?
Part 1 of 2 : http : //www.securityfocus.com/infocus/1839 [ securityfocus.com ] Software Firewalls : Made of Straw ?
Part 2 of 2 : http : //www.securityfocus.com/infocus/1840/2 [ securityfocus.com ] ----Brief study shows difficulty in detecting malware ( 2008 ) : http : //www.securityfocus.com/brief/858 [ securityfocus.com ] ----2007 - Browser vulnerabilities and attacks will continue to mount : http : //www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679 [ infoworld.com ] ----Bug exposes Cisco switches to attacks : http : //news.cnet.com/Bug-exposes-Cisco-switches + to + attacks/2110-7349 \ _3-5902897.html ? part = rss&amp;tag = 5902897&amp;subj = news [ cnet.com ] &amp;CISCO " COMES CLEAN " ON EXTENT OF IOS FLAW : http : //www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/ [ eweek.com ] &amp;Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability : http : //secunia.com/advisories/28625/ [ secunia.com ] + Computer routers face hijack risk - study : http : //www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html ? ref = rss [ www.cbc.ca ] Slashdot Technology Story | Will Mainstream Media Embrace Adblockers ? http : //tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers [ slashdot.org ] ----Congress May Require ISPs To Block Certain Fraud Sites : http : //yro.slashdot.org/comments.pl ? sid = 1432514&amp;cid = 30024078 [ slashdot.org ] = = = = JAVASCRIPT PROBLEMS : Slashdot | Adobe Confirms PDF Zero-Day , Says Kill JavaScript : http : //it.slashdot.org/article.pl ? sid = 09/04/29/1823234 [ slashdot.org ] ----Adobe Flash Zero-Day Attack Underway : http : //it.slashdot.org/article.pl ? sid = 08/05/28/0138247&amp;from = rss [ slashdot.org ] ----JavaScript flaw reported in Adobe Reader ( 4th or 5th time already , if not more ) : http : //www.securityfocus.com/brief/953 [ securityfocus.com ] ----Another malware pulls an Italian job via JAVASCRIPT : http : //blog.trendmicro.com/another-malware-pulls-an-italian-job/ [ trendmicro.com ] ----JavaScript opens doors to browser-based attacks | CNET News.com : http : //news.com.com/JavaScript + opens + doors + to + browser-based + attacks/2100-7349 \ _3-6099891.html ? part = rss&amp;tag = 6099891&amp;subj = news [ com.com ] ----Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secuniahttp : //secunia.com/advisories/29787/ [ secunia.com ] ----New script outstrips all other drive-by download risks : http : //www.theregister.co.uk/2009/05/15/script \ _menace/ [ theregister.co.uk ] ----Researcher to demonstrate attack code for Intel chips via Javascript : http : //www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036 [ infoworld.com ] ----Researcher : JavaScript Attacks Get Slicker : http : //www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/ [ eweek.com ] ----Rise Of The PDF Exploits : http : //www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits [ trustedsource.org ] ----ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF : http : //www.shadowserver.org/wiki/pmwiki.php ? n = Calendar.20090219 [ shadowserver.org ] ----AJAX Poses Security , Performance Risks : http : //www.eweek.com/article2/0,1895,1916673,00.asp [ eweek.com ] ----Web 2.0 Threats and Risks for Financial Services : http : //www.net-security.org/article.php ? id = 1004&amp;p = 1 [ net-security.org ] http : //www.cbronline.com/news/web \ _20 \ _is \ _vulnerable \ _to \ _attack [ cbronline.com ] ----Cross Site Scripting ( GOOGLE ) and WHY TO TURN OFF JAVASCRIPT : http : //www.cgisecurity.com/xss-faq.html [ cgisecurity.com ] ----Why the FBI Director Does n't Bank Onlinehttp : //it.slashdot.org/article.pl ? sid = 09/10/08/0327240 [ slashdot.org ] MAJOR ATTACKS ( only a small sample ) of WHY LAYERED SECURITY IS NEEDEDIs the Botnet Battle Already Lost ? http : //www.eweek.com/article2/0,1895,2029720,00.asp [ eweek.com ] ----IT Pros Say They Ca n't Stop Data Breaches : http : //www.eweek.com/article2/0,1895,2010325,00.asp ? kc = EWNAVEMNL083106EOAD [ eweek.com ] ----Cyber Attacks On US Military Jump Sharply In 2009http : //tech.slashdot.org/comments.pl ? sid = 1452358&amp;threshold = -1&amp;commentsort = 0&amp;mode = thread&amp;cid = 30185742 [ slashdot.org ] ----Bots Found Inside Many Big Companies : http : //blogs.baselinemag.com/security/content001/cybercrime/bots \ _found \ _inside \ _many \ _big \ _companies.html [ baselinemag.com ] ----Bot master owns up to 250,000 zombie PCs : http : //www.securityfocus.com/news/11495 [ securityfocus.com ] ----Bots surge ahead ( 2007 ) : http : //www.securityfocus.com/brief/466 [ securityfocus.com ] ----Chinese Hackers Hit Commerce Department : http : //www.informationweek.com/news/security/government/showArticle.jhtml ? articleID = 193105227 [ informationweek.com ] ----CIA Admits Cyberattacks Blacked Out Cities : http : //www.informationweek.com/news/internet/showArticle.jhtml ? articleID = 205901631 [ informationweek.com ] ----Compromised Banks and Investment sites list 2006 : http : //it.slashdot.org/comments.pl ? sid = 233921&amp;cid = 19035679 [ slashdot.org ] ----Dancho Danchev 's Blog - Mind Streams of Information Security Knowledge : Massive IFRAME SEO Poisoning Attack Continuing : http : //ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html [ blogspot.com ] ----Data at Bank of America , Wachovia , others compromised - May .
23 , 2005 : http : //money.cnn.com/2005/05/23/news/fortune500/bank \ _info/index.htm [ cnn.com ] ----Fresh Security Breaches at Los Alamos : http : //www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/ [ msn.com ] ----Infected job search sites lead to info theft for 46,000 : http : //www.computerworld.com/s/article/9031139/Infected \ _job \ _search \ _sites \ _lead \ _to \ _info \ _theft \ _for \ _46 \ _000 [ computerworld.com ] ----New Mega-Botnet Discovered : http : //it.slashdot.org/article.pl ? sid = 09/04/22/2223214 [ slashdot.org ] ----I think THAT list ought to " enlighten " ANYONE , as to why " layered security " is &amp; has been considered largely to be " THE WAY TO GO " , vs. that list above ( which is only a SMALL \ % -age of what I can come up with in regards to threats online + their causes ) ... HOSTS files help protect vs. those , on several levels - DO consider their usage ! apk</tokentext>
<sentencetext>"Quite often you will be loading a website, and be staring at a blank screen with "making connection to ads.blablabla" at the bottom.... The page itself has loaded, but won't display until the browser has managed to retrieve the ads.
Also you will see ad servers in completely different locations to the site you're viewing, and therefore much slower.
Also, some ads are especially large, especially animated flash ones, and can add a noticeable delay to a page load even if the ad server isn't slow or lagged.
My pet hate btw, are ads which have sound... I find that EXTREMELY annoying and quickly block access to any ad provider which serves such things.
- by Bert64 (520050)  on Monday November 30, @12:31PM (#30271612) HomepagePer my subject-line, Hello Bert64 (again), &amp; here is a GOOD SOLID WORK-AROUND (especially considering you pay for your linetime out of pocket most likely as I do, you can get back your speed, AND, gain security easily, &amp; from a single easily edited file (which I am sure you know about, but, others may not, so... here goes):NO PROBLEM, 110\% agreement here on that account... &amp; more (like more speed online AND more security, via a SINGLE EASILY EDITED + POPULATED FILE, called a HOSTS file):I use a custom HOSTS file, in addition to the tools you noted (which only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, &amp; that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", &amp; of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&amp;C servers" too!You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!
(More on that later &amp; WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -&gt; http://en.wikipedia.org/wiki/Hosts\_file [wikipedia.org] or those from mvps.org (a good one this one))I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats, via:----A.
) Spybot "Search &amp; Destroy" updates (populates HOSTS and browser block lists)B.
) Sites like ZDNet's Mr. Dancho Danchev's blog -&gt; http://ddanchev.blogspot.com/ [blogspot.com]C.) Sites like FireEye -&gt; http://blog.fireeye.com/ [fireeye.com]D.) SRI -&gt; http://mtc.sri.com/ [sri.com]----My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).
(I combined ALL reputable HOSTS files with one of my own (30,000 entries), &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++".
That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller &amp; thus faster than 127.0.0.1 default) or the smallest &amp; fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (&amp; it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (&amp; now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -&gt; http://www.rootkit.com/newsread.php?newsid=952 [rootkit.com] [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))Another EXCELLENT benefit of HOSTS file usage?
More speed online, &amp; also more security + reliability (especially in the case of DNS servers today, per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...SO, to "CIRCUMVENT" THAT WHICH YOU NOTE &amp; to get more speed online (besides/above potentially hijacked adbanners etc.
et al)?WELL - I use another "technique" called "hardcoding" an IP address to domainname/hostname in my HOSTS files, for my FAVORITE websites:This allows me to FIRST bypass any remote/external DNS lookups, which also would in theory @ least, make me "proofed" vs. DNS request logs by my ISP/BSP also.
(Especially since I use external DNS servers too, OpenDNS ones to be specific, that go beyond my hardcoded favs in my HOSTS file because I can't ping &amp; resolve the ENTIRE internet after all)This also makes it harder for others to track me...(Sure, they could do a "reverse DNS lookup" via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest, but that is harder to do, than looking up my URL requests via a log on a DNS server))ALSO, AS ANOTHER "BONUS" in HOSTS FILES (can't stress it enough, &amp; especially above + beyond adbanner blocking):  It speeds you up, or can!E.G.-&gt; A buddy of mine named Jack says it has (verbatim quote) "DOUBLED MY SPEED ONLINE, BUT I VALUE THE SECURITY PART MORE", because he used to get over 200++ viruses a week, now?
Only maybe 2 a year IF THAT lately, &amp; he is convinced it is largely due to the HOSTS file I send him weekly (he is my "lab rat #1" due to his previous infestation rate), &amp; if that "anecdotal evidence" is not enough?
See this then, from a published security guru on a respected site for it:====RESURRECTING THE KILLFILE:(by Mr. Oliver Day)http://www.securityfocus.com/columnists/491 [securityfocus.com]PERTINENT EXCERPTS/QUOTES:"The host file on my day-to-day laptop is now over 16,000 lines long.
Accessing the Internet particularly browsing the Web is actually faster now.
""From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade.
The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties.
More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware.
"====(A nice bonus beyond blocking adbanners via HOSTS too, because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below, several examples thereof no less), because you don't waste between 30-N ms calling out to an external DNS!
(Again, and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it)Thus, you can STILL GET TO YOUR FAV.
SITES IF HARDCODED in your HOSTS FILE (a good thing, but one you may have to periodically alter, easily, via notepad.exe edits of your HOSTS file &amp; a ping to update their new address (sites change hosting providers due to better services or prices, rare, but they do &amp; MOST let you know they are about to do so anyhow, so you can amend a HOSTS file)).NICEST PART IS, THOUGH, PER YOUR STATEMENT (in addition to the benefits of HOSTS file I note above, alongside others like Mr. Oliver Day of SECURITYFOCUS.COM)?I will STILL get to where it is that I WANT TO GO, not the router's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least, because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL, not via my routers' onboard DNS server...APKP.S.=&gt; Evidences as to WHY you'd want to add on the "extra layered security protection" of a HOSTS file, which extends global security coverage to your webbound apps, AND, allows for a great deal of added extra speed as well?
Ok, here are some documented reasons why like:a.
) DNS servers vulnerable, under attack, failing or being "DNS poisoned" misdirected &amp; moreb.
) Security suites failing vs. modern "blended threats" onlinec.
) javascript being used to do most of this via apps)d.) adbanners being maliciously coded also...(Here we go with documented proofs/examples:)POISONED MALSCRIPTED ADBANNERSThe Next Ad You Click May Be a Virus:http://it.slashdot.org/article.pl?sid=09/06/15/2056219 [slashdot.org]----Attackers Infect Ads With Old Adobe Vulnerability:http://it.slashdot.org/article.pl?sid=09/02/25/024211 [slashdot.org]----Hackers Use Banner Ads on Major Sites to Hijack Your PC:http://www.wired.com/techbiz/media/news/2007/11/doubleclick [wired.com]----Adobe Flash Ads Launching Clipboard Hijack Attacks:http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss [slashdot.org]----Slashdot | Americans Don't Want Targeted Ads:http://yro.slashdot.org/article.pl?sid=09/10/01/1854214 [slashdot.org]====DNS PROBLEMS:Number of Rogue DNS Servers on the Rise:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212 [slashdot.org]----Security Researcher Kaminsky Pushes DNS Patching:http://it.slashdot.org/article.pl?sid=09/02/19/2322231 [slashdot.org]----Ten Percent of DNS Servers Still Vulnerable:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235 [slashdot.org]----TimeWarner DNS Hijacking:http://tech.slashdot.org/article.pl?sid=07/07/23/2140208 [slashdot.org]----Another DNS Flaw Found:http://tech.slashdot.org/article.pl?sid=09/01/09/2348240 [slashdot.org]----Attack Code Published For DNS Vulnerability:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254 [slashdot.org]----BIND Still Susceptible To DNS Cache Poisoning:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222 [slashdot.org]----DDoS Attacks Via DNS Recursion:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209 [slashdot.org]----DNS Poisoning Hits One of China's Biggest ISPs:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250 [slashdot.org]----DNS Root Servers Attacked:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225 [slashdot.org]----DNS Problem Linked To DDoS Attacks Gets Worse:http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858 [slashdot.org]----Are your servers vulnerable to DNS attacks?http://www.networkworld.com/news/2007/111907-dns-attacks.html [networkworld.com]----Kaminsky On DNS Bugs a Year Later and DNSSEC:http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC [slashdot.org]----DNS users put higher premium on security:http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/ [techworld.com]----BIND, the Buggy Internet Name Daemon:http://cr.yp.to/djbdns/blurb/unbind.html [cr.yp.to](Where djbdns was found to have flaw, though it was alleged invulnerable, they paid out $10,000 reward)----DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE:http://blogs.zdnet.com/security/?p=1520 [zdnet.com]----DNS REBINDING ATTACKS: MultiPinning Browser JavaScript Vulnerability (how to protect yourself):http://crypto.stanford.edu/dns/ [stanford.edu]----Hackers hijack DNS records of high profile New Zealand sites:http://blogs.zdnet.com/security/?p=3185 [zdnet.com]====SECURITY SUITE PROGRAMS FAILING:AntiVirus Products Fail to Find Simple IE Malware:http://tech.slashdot.org/article.pl?sid=07/10/29/1747237 [slashdot.org]----Most Security Products Fail To Perform:http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652 [slashdot.org]----TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM:http://secunia.com/blog/29/ [secunia.com]----Top security suites fail exploit tests:http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head [computerworld.com]----Antivirus is 'completely wasted money': Cisco CSO: News - Security - ZDNet Australia:http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert [zdnet.com.au]----Are Routers the Next Big Target for Hackers?http://blogs.zdnet.com/security/?p=919 [zdnet.com]----Software Firewalls: Made of Straw?
Part 1 of 2:http://www.securityfocus.com/infocus/1839 [securityfocus.com]Software Firewalls: Made of Straw?
Part 2 of 2:http://www.securityfocus.com/infocus/1840/2 [securityfocus.com]----Brief study shows difficulty in detecting malware (2008):http://www.securityfocus.com/brief/858 [securityfocus.com]----2007 - Browser vulnerabilities and attacks will continue to mount:http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679 [infoworld.com]----Bug exposes Cisco switches to attacks:http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news [cnet.com]&amp;CISCO "COMES CLEAN" ON EXTENT OF IOS FLAW:http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/ [eweek.com]&amp;Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability:http://secunia.com/advisories/28625/ [secunia.com]+Computer routers face hijack risk - study:http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss [www.cbc.ca]Slashdot Technology Story | Will Mainstream Media Embrace Adblockers?http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers [slashdot.org]----Congress May Require ISPs To Block Certain Fraud Sites:http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078 [slashdot.org]====JAVASCRIPT PROBLEMS:Slashdot | Adobe Confirms PDF Zero-Day, Says Kill JavaScript:http://it.slashdot.org/article.pl?sid=09/04/29/1823234 [slashdot.org]----Adobe Flash Zero-Day Attack Underway:http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss [slashdot.org]----JavaScript flaw reported in Adobe Reader (4th or 5th time already, if not more):http://www.securityfocus.com/brief/953 [securityfocus.com]----Another malware pulls an Italian job via JAVASCRIPT:http://blog.trendmicro.com/another-malware-pulls-an-italian-job/ [trendmicro.com]----JavaScript opens doors to browser-based attacks | CNET News.com:http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news [com.com]----Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secuniahttp://secunia.com/advisories/29787/ [secunia.com]----New script outstrips all other drive-by download risks:http://www.theregister.co.uk/2009/05/15/script\_menace/ [theregister.co.uk]----Researcher to demonstrate attack code for Intel chips via Javascript:http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036 [infoworld.com]----Researcher: JavaScript Attacks Get Slicker:http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/ [eweek.com]----Rise Of The PDF Exploits:http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits [trustedsource.org]----ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF:http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219 [shadowserver.org]----AJAX Poses Security, Performance Risks:http://www.eweek.com/article2/0,1895,1916673,00.asp [eweek.com]----Web 2.0 Threats and Risks for Financial Services:http://www.net-security.org/article.php?id=1004&amp;p=1 [net-security.org]http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack [cbronline.com]----Cross Site Scripting (GOOGLE) and WHY TO TURN OFF JAVASCRIPT:http://www.cgisecurity.com/xss-faq.html [cgisecurity.com]----Why the FBI Director Doesn't Bank Onlinehttp://it.slashdot.org/article.pl?sid=09/10/08/0327240 [slashdot.org]MAJOR ATTACKS (only a small sample) of WHY LAYERED SECURITY IS NEEDEDIs the Botnet Battle Already Lost?http://www.eweek.com/article2/0,1895,2029720,00.asp [eweek.com]----IT Pros Say They Can't Stop Data Breaches:http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD [eweek.com]----Cyber Attacks On US Military Jump Sharply In 2009http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742 [slashdot.org]----Bots Found Inside Many Big Companies:http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html [baselinemag.com]----Bot master owns up to 250,000 zombie PCs:http://www.securityfocus.com/news/11495 [securityfocus.com]----Bots surge ahead (2007):http://www.securityfocus.com/brief/466 [securityfocus.com]----Chinese Hackers Hit Commerce Department:http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227 [informationweek.com]----CIA Admits Cyberattacks Blacked Out Cities:http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631 [informationweek.com]----Compromised Banks and Investment sites list 2006:http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679 [slashdot.org]----Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Massive IFRAME SEO Poisoning Attack Continuing:http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html [blogspot.com]----Data at Bank of America, Wachovia, others compromised - May.
23, 2005:http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm [cnn.com]----Fresh Security Breaches at Los Alamos:http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/ [msn.com]----Infected job search sites lead to info theft for 46,000:http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000 [computerworld.com]----New Mega-Botnet Discovered:http://it.slashdot.org/article.pl?sid=09/04/22/2223214 [slashdot.org]----I think THAT list ought to "enlighten" ANYONE, as to why "layered security" is &amp; has been considered largely to be "THE WAY TO GO", vs. that list above (which is only a SMALL \%-age of what I can come up with in regards to threats online + their causes)... HOSTS files help protect vs. those, on several levels - DO consider their usage!apk
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271612</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273540</id>
	<title>Re:Old, old story</title>
	<author>Luyseyal</author>
	<datestamp>1259614620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I have moderation turned off, so just wanted to say "I enjoyed your comment".</p><p>Gold star,<br>-l</p></htmltext>
<tokenext>I have moderation turned off , so just wanted to say " I enjoyed your comment " .Gold star,-l</tokentext>
<sentencetext>I have moderation turned off, so just wanted to say "I enjoyed your comment".Gold star,-l</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272670</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272670</id>
	<title>Old, old story</title>
	<author>rbrander</author>
	<datestamp>1259610720000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>5</modscore>
	<htmltext><p>In 1995, columnist and Ethernet-inventor Bob Metcalfe was again going on about a topic that eventually had him literally eating his words (he had to chop up a column in a blender with water and chug it) - that the Internet was going to collapse from all the heavy bandwidth demands of its exponentially-expanding clientele.</p><p>So I did a "View Source" on the Infoworld page with his column on it.  I've lost the E-mail now, but the stats were something like his column being 2000 bytes and the sum of all the advertising around it, mostly GIF images at the time, was over 20,000 bytes.  The Ad/Content ratio even then was over 10:1.</p><p>Metcalfe, who'd been railing against irresponsible bandwidth consumption in the column, could only plead that he had no control over the magazine's decisions on what went around it.</p><p>The web has always been the reverse of TV, where the ad/content bandwidth is about 1:4 or even 1:5.   It's not far different from some magazines, though, where I swear there are 3 pages of ads for every page of content.  And if you digitized the magazine, the ads would mostly be images, the content mostly text, and the ratio would be at least 10:1.</p><p>This is all prologue to new web content where you are slowed down not so much by download times as the start-up times for various Flash and JavaScript programs that make the ads so much more intrusive, zipping back and forth over the text you're trying to read, or just dancing in the corner of the page.</p><p>This is all necessary: they do what they MUST to get response from the ads.  If the stats don't show a response, they stop buying them and the business model fails.</p><p>Everybody says "Nobody will pay for content on the Internet".  Yes, they will.  The put up with all that crap rather than pull out a credit card. They just pay with their time and attention instead of actual cash.</p><p>Rod Serling, one of the great TV writers of all time, once commented that it is hard to tell a story when you must work it around being interrupted every ten minutes by dancing rolls of toilet paper.  I wonder what he'd think of writing for a medium where the toilet paper literally dances all over your words until you click on it to make it go back to the lower right frame.</p></htmltext>
<tokenext>In 1995 , columnist and Ethernet-inventor Bob Metcalfe was again going on about a topic that eventually had him literally eating his words ( he had to chop up a column in a blender with water and chug it ) - that the Internet was going to collapse from all the heavy bandwidth demands of its exponentially-expanding clientele.So I did a " View Source " on the Infoworld page with his column on it .
I 've lost the E-mail now , but the stats were something like his column being 2000 bytes and the sum of all the advertising around it , mostly GIF images at the time , was over 20,000 bytes .
The Ad/Content ratio even then was over 10 : 1.Metcalfe , who 'd been railing against irresponsible bandwidth consumption in the column , could only plead that he had no control over the magazine 's decisions on what went around it.The web has always been the reverse of TV , where the ad/content bandwidth is about 1 : 4 or even 1 : 5 .
It 's not far different from some magazines , though , where I swear there are 3 pages of ads for every page of content .
And if you digitized the magazine , the ads would mostly be images , the content mostly text , and the ratio would be at least 10 : 1.This is all prologue to new web content where you are slowed down not so much by download times as the start-up times for various Flash and JavaScript programs that make the ads so much more intrusive , zipping back and forth over the text you 're trying to read , or just dancing in the corner of the page.This is all necessary : they do what they MUST to get response from the ads .
If the stats do n't show a response , they stop buying them and the business model fails.Everybody says " Nobody will pay for content on the Internet " .
Yes , they will .
The put up with all that crap rather than pull out a credit card .
They just pay with their time and attention instead of actual cash.Rod Serling , one of the great TV writers of all time , once commented that it is hard to tell a story when you must work it around being interrupted every ten minutes by dancing rolls of toilet paper .
I wonder what he 'd think of writing for a medium where the toilet paper literally dances all over your words until you click on it to make it go back to the lower right frame .</tokentext>
<sentencetext>In 1995, columnist and Ethernet-inventor Bob Metcalfe was again going on about a topic that eventually had him literally eating his words (he had to chop up a column in a blender with water and chug it) - that the Internet was going to collapse from all the heavy bandwidth demands of its exponentially-expanding clientele.So I did a "View Source" on the Infoworld page with his column on it.
I've lost the E-mail now, but the stats were something like his column being 2000 bytes and the sum of all the advertising around it, mostly GIF images at the time, was over 20,000 bytes.
The Ad/Content ratio even then was over 10:1.Metcalfe, who'd been railing against irresponsible bandwidth consumption in the column, could only plead that he had no control over the magazine's decisions on what went around it.The web has always been the reverse of TV, where the ad/content bandwidth is about 1:4 or even 1:5.
It's not far different from some magazines, though, where I swear there are 3 pages of ads for every page of content.
And if you digitized the magazine, the ads would mostly be images, the content mostly text, and the ratio would be at least 10:1.This is all prologue to new web content where you are slowed down not so much by download times as the start-up times for various Flash and JavaScript programs that make the ads so much more intrusive, zipping back and forth over the text you're trying to read, or just dancing in the corner of the page.This is all necessary: they do what they MUST to get response from the ads.
If the stats don't show a response, they stop buying them and the business model fails.Everybody says "Nobody will pay for content on the Internet".
Yes, they will.
The put up with all that crap rather than pull out a credit card.
They just pay with their time and attention instead of actual cash.Rod Serling, one of the great TV writers of all time, once commented that it is hard to tell a story when you must work it around being interrupted every ten minutes by dancing rolls of toilet paper.
I wonder what he'd think of writing for a medium where the toilet paper literally dances all over your words until you click on it to make it go back to the lower right frame.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271720</id>
	<title>./ users be thankful!</title>
	<author>stakovahflow</author>
	<datestamp>1259606400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>We, as<nobr> <wbr></nobr>./ users, have the ability to disable advertising on<nobr> <wbr></nobr>./ forums, etc. Not that this is relevant, but the rest of the world (fark, anyone?) does have serious lag time. Be thankful, guys! Back to the subject matter, though. Is this a "new" revelation?
 --Stak</htmltext>
<tokenext>We , as ./ users , have the ability to disable advertising on ./ forums , etc .
Not that this is relevant , but the rest of the world ( fark , anyone ?
) does have serious lag time .
Be thankful , guys !
Back to the subject matter , though .
Is this a " new " revelation ?
--Stak</tokentext>
<sentencetext>We, as ./ users, have the ability to disable advertising on ./ forums, etc.
Not that this is relevant, but the rest of the world (fark, anyone?
) does have serious lag time.
Be thankful, guys!
Back to the subject matter, though.
Is this a "new" revelation?
--Stak</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273312</id>
	<title>Re:HOSTS FILES ARE THE BEST GLOBAL ANSWER</title>
	<author>Anonymous</author>
	<datestamp>1259613900000</datestamp>
	<modclass>Funny</modclass>
	<modscore>4</modscore>
	<htmltext>Dude - you just gave me eye cancer.</htmltext>
<tokenext>Dude - you just gave me eye cancer .</tokentext>
<sentencetext>Dude - you just gave me eye cancer.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272320</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274328</id>
	<title>Re:Old, old story</title>
	<author>Anonymous</author>
	<datestamp>1259574060000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><i>that eventually had him literally eating his words </i><br>How does one <b>literally</b> eat one's words?</p></htmltext>
<tokenext>that eventually had him literally eating his words How does one literally eat one 's words ?</tokentext>
<sentencetext>that eventually had him literally eating his words How does one literally eat one's words?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272670</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271744</id>
	<title>This isn't new</title>
	<author>mr\_da3m0n</author>
	<datestamp>1259606460000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>Every single time I end up thinking "Geez, this website is taking forever to load", I glance down at the status bar and see "Waiting for adserver3.adcompany.com". Then, I hit refresh and get another ad from another round robin'ed server, and the page loads sucessfully. It's very frustrating to know that the only reason the page is still blank or half-rendered is because of a third party ad.</p><p>In this regard, AdBlock makes a significant difference if you tell it to not download ads at all, but I am not comfortable with denying revenue streams to the websites I visit, after all, they are providing me with a service I enjoy, for free.</p><p>I just wish that all ads could be loaded last in a manner that doesn't affect the rendering of the website you're trying to view...</p><p>On a related note, the same applies to external javascript. Two transactional websites I maintain are sometimes slowed down to a crawl because of the crappy external Javascript marketing made us insert in the page header to track stuff. It's always very frustrating when things end up being slow because of third parties. I wish there was a simple way to cache these things.</p></htmltext>
<tokenext>Every single time I end up thinking " Geez , this website is taking forever to load " , I glance down at the status bar and see " Waiting for adserver3.adcompany.com " .
Then , I hit refresh and get another ad from another round robin'ed server , and the page loads sucessfully .
It 's very frustrating to know that the only reason the page is still blank or half-rendered is because of a third party ad.In this regard , AdBlock makes a significant difference if you tell it to not download ads at all , but I am not comfortable with denying revenue streams to the websites I visit , after all , they are providing me with a service I enjoy , for free.I just wish that all ads could be loaded last in a manner that does n't affect the rendering of the website you 're trying to view...On a related note , the same applies to external javascript .
Two transactional websites I maintain are sometimes slowed down to a crawl because of the crappy external Javascript marketing made us insert in the page header to track stuff .
It 's always very frustrating when things end up being slow because of third parties .
I wish there was a simple way to cache these things .</tokentext>
<sentencetext>Every single time I end up thinking "Geez, this website is taking forever to load", I glance down at the status bar and see "Waiting for adserver3.adcompany.com".
Then, I hit refresh and get another ad from another round robin'ed server, and the page loads sucessfully.
It's very frustrating to know that the only reason the page is still blank or half-rendered is because of a third party ad.In this regard, AdBlock makes a significant difference if you tell it to not download ads at all, but I am not comfortable with denying revenue streams to the websites I visit, after all, they are providing me with a service I enjoy, for free.I just wish that all ads could be loaded last in a manner that doesn't affect the rendering of the website you're trying to view...On a related note, the same applies to external javascript.
Two transactional websites I maintain are sometimes slowed down to a crawl because of the crappy external Javascript marketing made us insert in the page header to track stuff.
It's always very frustrating when things end up being slow because of third parties.
I wish there was a simple way to cache these things.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271730</id>
	<title>Re:I don't even need to read the summary.</title>
	<author>Anonymous</author>
	<datestamp>1259606460000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext>Well, then you missed the part where a guy from Google is making the claim, and saying that it's primarily because ad companies don't have the expertise in-house to keep up with the latest web performance tricks.  Of course, technology companies like Google do, so presumably their ad servers don't bog things down like those other companies' servers do.  Oh, did we mention Google also just happens to have an ad serving platform that you could use instead of the ones run by these Luddite ad companies that can barely keep a web server running?  Let me point you to our AdSense sales team for more information.
<br> <br>
The fact that ad servers tend to screw things up is nothing new.  This guy's primary purpose is not so much to point that out, but rather to claim that Google's ad servers don't have that problem, so maybe web admins should use them instead.</htmltext>
<tokenext>Well , then you missed the part where a guy from Google is making the claim , and saying that it 's primarily because ad companies do n't have the expertise in-house to keep up with the latest web performance tricks .
Of course , technology companies like Google do , so presumably their ad servers do n't bog things down like those other companies ' servers do .
Oh , did we mention Google also just happens to have an ad serving platform that you could use instead of the ones run by these Luddite ad companies that can barely keep a web server running ?
Let me point you to our AdSense sales team for more information .
The fact that ad servers tend to screw things up is nothing new .
This guy 's primary purpose is not so much to point that out , but rather to claim that Google 's ad servers do n't have that problem , so maybe web admins should use them instead .</tokentext>
<sentencetext>Well, then you missed the part where a guy from Google is making the claim, and saying that it's primarily because ad companies don't have the expertise in-house to keep up with the latest web performance tricks.
Of course, technology companies like Google do, so presumably their ad servers don't bog things down like those other companies' servers do.
Oh, did we mention Google also just happens to have an ad serving platform that you could use instead of the ones run by these Luddite ad companies that can barely keep a web server running?
Let me point you to our AdSense sales team for more information.
The fact that ad servers tend to screw things up is nothing new.
This guy's primary purpose is not so much to point that out, but rather to claim that Google's ad servers don't have that problem, so maybe web admins should use them instead.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271618</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272610</id>
	<title>Easy to implement vs. Robust</title>
	<author>gravyface</author>
	<datestamp>1259610360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>With AJAX, caching, and sensible timeouts, this is a non-issue.  The problem lies in the fact that instead of optimizing performance, they've focused on simplicity, allowing you the webmaster to embed their advertisements into your site by copy/pasting a few short lines of code vs. implementing something more robust that doesn't bog down the rendering of your pages.</htmltext>
<tokenext>With AJAX , caching , and sensible timeouts , this is a non-issue .
The problem lies in the fact that instead of optimizing performance , they 've focused on simplicity , allowing you the webmaster to embed their advertisements into your site by copy/pasting a few short lines of code vs. implementing something more robust that does n't bog down the rendering of your pages .</tokentext>
<sentencetext>With AJAX, caching, and sensible timeouts, this is a non-issue.
The problem lies in the fact that instead of optimizing performance, they've focused on simplicity, allowing you the webmaster to embed their advertisements into your site by copy/pasting a few short lines of code vs. implementing something more robust that doesn't bog down the rendering of your pages.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272474</id>
	<title>Re:Kind of Fitting</title>
	<author>Anonymous</author>
	<datestamp>1259609520000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Even if the ad-servers and ads themselves were blazingly fast and required almost no download or processing time<nobr> <wbr></nobr>... it all adds up and it will affect the user's surfing speed.</p><p>While I do wish marketers were more tech-savvy so their ads weren't so intrusive<nobr> <wbr></nobr>... it will never happen. Sometimes you get a savvy production person creating the ads to minimize pain to the servers and users<nobr> <wbr></nobr>... more often you get someone who is just trying to get this quick little banner ad created so they can move on to other tasks<nobr> <wbr></nobr>... they don't care if it's 15k or 2k<nobr> <wbr></nobr>... it's "small enough"</p><p>While at times they annoy everyone, ads are a necessary part of many sites' revenue stream and advertising / marketing is an important part of any successful business<nobr> <wbr></nobr>... you've gotta get the word out. But it would be nice if when the ad-server is bogged down it didn't affect the loading of the content I want to see. I really really HATE it when my page load hangs while my browser says "waiting for ads.doubleclick.com" when the ad has absolutely nothing to do with what i'm trying to get to.</p><p>So, I say, Web Developers take action. The ad servers don't care much about your site's users<nobr> <wbr></nobr>... but if you do<nobr> <wbr></nobr>... load your page content<nobr> <wbr></nobr>... then load the ads afterward. That way if doubleclick hangs<nobr> <wbr></nobr>... your users still have a good experience with your site.</p></htmltext>
<tokenext>Even if the ad-servers and ads themselves were blazingly fast and required almost no download or processing time ... it all adds up and it will affect the user 's surfing speed.While I do wish marketers were more tech-savvy so their ads were n't so intrusive ... it will never happen .
Sometimes you get a savvy production person creating the ads to minimize pain to the servers and users ... more often you get someone who is just trying to get this quick little banner ad created so they can move on to other tasks ... they do n't care if it 's 15k or 2k ... it 's " small enough " While at times they annoy everyone , ads are a necessary part of many sites ' revenue stream and advertising / marketing is an important part of any successful business ... you 've got ta get the word out .
But it would be nice if when the ad-server is bogged down it did n't affect the loading of the content I want to see .
I really really HATE it when my page load hangs while my browser says " waiting for ads.doubleclick.com " when the ad has absolutely nothing to do with what i 'm trying to get to.So , I say , Web Developers take action .
The ad servers do n't care much about your site 's users ... but if you do ... load your page content ... then load the ads afterward .
That way if doubleclick hangs ... your users still have a good experience with your site .</tokentext>
<sentencetext>Even if the ad-servers and ads themselves were blazingly fast and required almost no download or processing time ... it all adds up and it will affect the user's surfing speed.While I do wish marketers were more tech-savvy so their ads weren't so intrusive ... it will never happen.
Sometimes you get a savvy production person creating the ads to minimize pain to the servers and users ... more often you get someone who is just trying to get this quick little banner ad created so they can move on to other tasks ... they don't care if it's 15k or 2k ... it's "small enough"While at times they annoy everyone, ads are a necessary part of many sites' revenue stream and advertising / marketing is an important part of any successful business ... you've gotta get the word out.
But it would be nice if when the ad-server is bogged down it didn't affect the loading of the content I want to see.
I really really HATE it when my page load hangs while my browser says "waiting for ads.doubleclick.com" when the ad has absolutely nothing to do with what i'm trying to get to.So, I say, Web Developers take action.
The ad servers don't care much about your site's users ... but if you do ... load your page content ... then load the ads afterward.
That way if doubleclick hangs ... your users still have a good experience with your site.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272690</id>
	<title>Re:Kind of Fitting</title>
	<author>Anonymous</author>
	<datestamp>1259610960000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>Two ways Flash is used at tracking even individuals who have privacy modes turned on in the browser:</p><p>1:  Flash Shared objects.  Want them gone?  You need to manually clear them out, or link the directory to<nobr> <wbr></nobr>/dev/null.<br>2:  Supposedly, you can use Actionscript to pull specific information about a machine, such as BIOS revision, Windows install ID, and other specific data and send it up to the web server.  This way, even if someone zaps the Flash objects, a website can still use cookies, ActiveX, Java cached objects, or flash shared objects to ensure a box is tracked across websites even with someone who clears stuff out religiously.</p><p>Just look at what gets stored in the "Flash Player" directory sometime.</p></htmltext>
<tokenext>Two ways Flash is used at tracking even individuals who have privacy modes turned on in the browser : 1 : Flash Shared objects .
Want them gone ?
You need to manually clear them out , or link the directory to /dev/null.2 : Supposedly , you can use Actionscript to pull specific information about a machine , such as BIOS revision , Windows install ID , and other specific data and send it up to the web server .
This way , even if someone zaps the Flash objects , a website can still use cookies , ActiveX , Java cached objects , or flash shared objects to ensure a box is tracked across websites even with someone who clears stuff out religiously.Just look at what gets stored in the " Flash Player " directory sometime .</tokentext>
<sentencetext>Two ways Flash is used at tracking even individuals who have privacy modes turned on in the browser:1:  Flash Shared objects.
Want them gone?
You need to manually clear them out, or link the directory to /dev/null.2:  Supposedly, you can use Actionscript to pull specific information about a machine, such as BIOS revision, Windows install ID, and other specific data and send it up to the web server.
This way, even if someone zaps the Flash objects, a website can still use cookies, ActiveX, Java cached objects, or flash shared objects to ensure a box is tracked across websites even with someone who clears stuff out religiously.Just look at what gets stored in the "Flash Player" directory sometime.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272218</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272578</id>
	<title>Really? I have not noticed it much</title>
	<author>140Mandak262Jamuna</author>
	<datestamp>1259610180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>But then I have blacklisted every damn site that loads up a blinking, flashing, animated images. May that has something to do with it. And no script blocks flash on whitelisted sites too!</htmltext>
<tokenext>But then I have blacklisted every damn site that loads up a blinking , flashing , animated images .
May that has something to do with it .
And no script blocks flash on whitelisted sites too !</tokentext>
<sentencetext>But then I have blacklisted every damn site that loads up a blinking, flashing, animated images.
May that has something to do with it.
And no script blocks flash on whitelisted sites too!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272564</id>
	<title>Re:Kind of Fitting</title>
	<author>Sir\_Lewk</author>
	<datestamp>1259610120000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>I got it earlier this year too, I'm under the impression it's some sort of high karma perk though.</p></htmltext>
<tokenext>I got it earlier this year too , I 'm under the impression it 's some sort of high karma perk though .</tokentext>
<sentencetext>I got it earlier this year too, I'm under the impression it's some sort of high karma perk though.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272126</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274132</id>
	<title>huh?</title>
	<author>cas2000</author>
	<datestamp>1259573340000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>huh? what?  there are ads on the intertubes?</p><p>i knew there was a reason i ran adblock and noscript.</p></htmltext>
<tokenext>huh ?
what ? there are ads on the intertubes ? i knew there was a reason i ran adblock and noscript .</tokentext>
<sentencetext>huh?
what?  there are ads on the intertubes?i knew there was a reason i ran adblock and noscript.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276832</id>
	<title>Block the ads?</title>
	<author>Anonymous</author>
	<datestamp>1259583600000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><tt>"curl http://www.mvps.org/winhelp2002/hosts.txt | sudo tee -a<nobr> <wbr></nobr>/etc/hosts" and you're golden.</tt></htmltext>
<tokenext>" curl http : //www.mvps.org/winhelp2002/hosts.txt | sudo tee -a /etc/hosts " and you 're golden .</tokentext>
<sentencetext>"curl http://www.mvps.org/winhelp2002/hosts.txt | sudo tee -a /etc/hosts" and you're golden.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272758</id>
	<title>Ad servers bog down teh interweb?</title>
	<author>rochrist</author>
	<datestamp>1259611320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>No kidding. Who didn't notice this, oh, at least three or four years ago?</htmltext>
<tokenext>No kidding .
Who did n't notice this , oh , at least three or four years ago ?</tokentext>
<sentencetext>No kidding.
Who didn't notice this, oh, at least three or four years ago?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272320</id>
	<title>HOSTS FILES ARE THE BEST GLOBAL ANSWER</title>
	<author>Anonymous</author>
	<datestamp>1259608800000</datestamp>
	<modclass>Redundant</modclass>
	<modscore>-1</modscore>
	<htmltext><div class="quote"><p><b>"Give the UI back to the user and leave the flashing marquee tags in Las Vegas"</b> - by eldavojohn (898314) *  on Monday November 30, @12:27PM (#30271582) Homepage</p></div><p>NO PROBLEM, 110\% agreement here on that account... &amp; more (like more speed online AND more security, via a SINGLE EASILY EDITED + POPULATED FILE, called a HOSTS file):</p><p>I use <b>a custom HOSTS file</b>, in addition to the tools you noted (which only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, &amp; that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", &amp; of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).</p><p>HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&amp;C servers" too!</p><p><b>You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!</b></p><p>(More on that later &amp; WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -&gt; <a href="http://en.wikipedia.org/wiki/Hosts\_file" title="wikipedia.org" rel="nofollow">http://en.wikipedia.org/wiki/Hosts\_file</a> [wikipedia.org] or those from mvps.org (a good one this one))</p><p><b>I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats, via:</b></p><p>----</p><p>A.) Spybot "Search &amp; Destroy" updates (populates HOSTS and browser block lists)</p><p>B.) Sites like ZDNet's Mr. Dancho Danchev's blog -&gt; <a href="http://ddanchev.blogspot.com/" title="blogspot.com" rel="nofollow">http://ddanchev.blogspot.com/</a> [blogspot.com]</p><p>C.) Sites like FireEye -&gt; <a href="http://blog.fireeye.com/" title="fireeye.com" rel="nofollow">http://blog.fireeye.com/</a> [fireeye.com]</p><p>D.) SRI -&gt; <a href="http://mtc.sri.com/" title="sri.com" rel="nofollow">http://mtc.sri.com/</a> [sri.com]</p><p>----</p><p>My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).</p><p>(I combined ALL reputable HOSTS files with one of my own (30,000 entries), &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++". That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller &amp; thus faster than 127.0.0.1 default) or the smallest &amp; fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (&amp; it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (&amp; now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -&gt; <a href="http://www.rootkit.com/newsread.php?newsid=952" title="rootkit.com" rel="nofollow">http://www.rootkit.com/newsread.php?newsid=952</a> [rootkit.com] [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))</p><p><b>Another EXCELLENT benefit of HOSTS file usage? More speed online, &amp; also more security + reliability</b> (especially in the case of DNS servers today, per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...</p><p>SO, to "CIRCUMVENT" THAT WHICH YOU NOTE &amp; to get more speed online (besides/above potentially hijacked adbanners etc. et al)?</p><p>WELL - <b>I use another "technique" called "hardcoding" an IP address to domainname/hostname in my HOSTS files, for my FAVORITE websites:</b></p><p><b>This allows me to FIRST bypass any remote/external DNS lookups, which also would in theory @ least, make me "proofed" vs. DNS request logs by my ISP/BSP also.</b></p><p>(Especially since I use external DNS servers too, OpenDNS ones to be specific, that go beyond my hardcoded favs in my HOSTS file because I can't ping &amp; resolve the ENTIRE internet after all)</p><p>This also makes it harder for others to track me...</p><p>(Sure, they could do a "reverse DNS lookup" via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest, but that is harder to do, than looking up my URL requests via a log on a DNS server))</p><p><b>ALSO, AS ANOTHER "BONUS" in HOSTS FILES</b> (can't stress it enough, &amp; especially above + beyond adbanner blocking)<b>:  It speeds you up, or can!</b></p><p>E.G.-&gt; A buddy of mine named Jack says it has (verbatim quote) "DOUBLED MY SPEED ONLINE, BUT I VALUE THE SECURITY PART MORE", because he used to get over 200++ viruses a week, now? Only maybe 2 a year IF THAT lately, &amp; he is convinced it is largely due to the HOSTS file I send him weekly (he is my "lab rat #1" due to his previous infestation rate), &amp; if that "anecdotal evidence" is not enough? See this then, from a published security guru on a respected site for it:</p><p>====</p><p><b>RESURRECTING THE KILLFILE:</b></p><p>(by Mr. Oliver Day)</p><p><a href="http://www.securityfocus.com/columnists/491" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/columnists/491</a> [securityfocus.com]</p><p><b>PERTINENT EXCERPTS/QUOTES:</b></p><p>"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."</p><p>"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."</p><p>====</p><p>(A nice bonus beyond blocking adbanners via HOSTS too, because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below, several examples thereof no less), because you don't waste between 30-N ms calling out to an external DNS!</p><p>(Again, and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it)</p><p>Thus, you can STILL GET TO YOUR FAV. SITES IF HARDCODED in your HOSTS FILE (a good thing, but one you may have to periodically alter, easily, via notepad.exe edits of your HOSTS file &amp; a ping to update their new address (sites change hosting providers due to better services or prices, rare, but they do &amp; MOST let you know they are about to do so anyhow, so you can amend a HOSTS file)).</p><p>NICEST PART IS, THOUGH, PER YOUR STATEMENT (in addition to the benefits of HOSTS file I note above, alongside others like Mr. Oliver Day of SECURITYFOCUS.COM)?</p><p>I will STILL get to where it is that I WANT TO GO, not the router's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least, because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL, not via my routers' onboard DNS server...</p><p>APK</p><p>P.S.=&gt; Evidences as to WHY you'd want to add on the "extra layered security protection" of a HOSTS file, which extends global security coverage to your webbound apps, AND, allows for a great deal of added extra speed as well? Ok, here are some documented reasons why like:</p><p>a.) DNS servers vulnerable, under attack, failing or being "DNS poisoned" misdirected &amp; more</p><p>b.) Security suites failing vs. modern "blended threats" online</p><p>c.) javascript being used to do most of this via apps)</p><p>d.) adbanners being maliciously coded also...</p><p>(Here we go with documented proofs/examples:)</p><p><b>POISONED MALSCRIPTED ADBANNERS</b></p><p><b>The Next Ad You Click May Be a Virus:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/06/15/2056219" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/06/15/2056219</a> [slashdot.org]</p><p>----</p><p><b>Attackers Infect Ads With Old Adobe Vulnerability:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/02/25/024211" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/02/25/024211</a> [slashdot.org]</p><p>----</p><p><b>Hackers Use Banner Ads on Major Sites to Hijack Your PC:</b></p><p><a href="http://www.wired.com/techbiz/media/news/2007/11/doubleclick" title="wired.com" rel="nofollow">http://www.wired.com/techbiz/media/news/2007/11/doubleclick</a> [wired.com]</p><p>----</p><p><b>Adobe Flash Ads Launching Clipboard Hijack Attacks:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss</a> [slashdot.org]</p><p>----</p><p><b>Slashdot | Americans Don't Want Targeted Ads:</b></p><p><a href="http://yro.slashdot.org/article.pl?sid=09/10/01/1854214" title="slashdot.org" rel="nofollow">http://yro.slashdot.org/article.pl?sid=09/10/01/1854214</a> [slashdot.org]</p><p>====</p><p><b>DNS PROBLEMS:</b></p><p><b>Number of Rogue DNS Servers on the Rise:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212</a> [slashdot.org]</p><p>----</p><p><b>Security Researcher Kaminsky Pushes DNS Patching:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/02/19/2322231" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/02/19/2322231</a> [slashdot.org]</p><p>----</p><p><b>Ten Percent of DNS Servers Still Vulnerable:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235</a> [slashdot.org]</p><p>----</p><p><b>TimeWarner DNS Hijacking:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=07/07/23/2140208" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=07/07/23/2140208</a> [slashdot.org]</p><p>----</p><p><b>Another DNS Flaw Found:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=09/01/09/2348240" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=09/01/09/2348240</a> [slashdot.org]</p><p>----</p><p><b>Attack Code Published For DNS Vulnerability:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254</a> [slashdot.org]</p><p>----</p><p><b>BIND Still Susceptible To DNS Cache Poisoning:</b></p><p><a href="http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222</a> [slashdot.org]</p><p>----</p><p><b>DDoS Attacks Via DNS Recursion:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209</a> [slashdot.org]</p><p>----</p><p><b>DNS Poisoning Hits One of China's Biggest ISPs:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250</a> [slashdot.org]</p><p>----</p><p><b>DNS Root Servers Attacked:</b></p><p><a href="http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225</a> [slashdot.org]</p><p>----</p><p><b>DNS Problem Linked To DDoS Attacks Gets Worse:</b></p><p><a href="http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858</a> [slashdot.org]</p><p>----</p><p><b>Are your servers vulnerable to DNS attacks?</b></p><p><a href="http://www.networkworld.com/news/2007/111907-dns-attacks.html" title="networkworld.com" rel="nofollow">http://www.networkworld.com/news/2007/111907-dns-attacks.html</a> [networkworld.com]</p><p>----</p><p><b>Kaminsky On DNS Bugs a Year Later and DNSSEC:</b></p><p><a href="http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC" title="slashdot.org" rel="nofollow">http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC</a> [slashdot.org]</p><p>----</p><p><b>DNS users put higher premium on security:</b></p><p><a href="http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/" title="techworld.com" rel="nofollow">http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/</a> [techworld.com]</p><p>----</p><p><b>BIND, the Buggy Internet Name Daemon:</b></p><p><a href="http://cr.yp.to/djbdns/blurb/unbind.html" title="cr.yp.to" rel="nofollow">http://cr.yp.to/djbdns/blurb/unbind.html</a> [cr.yp.to]</p><p>(Where djbdns was found to have flaw, though it was alleged invulnerable, they paid out $10,000 reward)</p><p>----</p><p><b>DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE:</b></p><p><a href="http://blogs.zdnet.com/security/?p=1520" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=1520</a> [zdnet.com]</p><p>----</p><p><b>DNS REBINDING ATTACKS: MultiPinning Browser JavaScript Vulnerability</b> (how to protect yourself):</p><p><a href="http://crypto.stanford.edu/dns/" title="stanford.edu" rel="nofollow">http://crypto.stanford.edu/dns/</a> [stanford.edu]</p><p>----</p><p><b>Hackers hijack DNS records of high profile New Zealand sites:</b></p><p><a href="http://blogs.zdnet.com/security/?p=3185" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=3185</a> [zdnet.com]</p><p>====</p><p><b>SECURITY SUITE PROGRAMS FAILING:</b></p><p><b>AntiVirus Products Fail to Find Simple IE Malware:</b></p><p><a href="http://tech.slashdot.org/article.pl?sid=07/10/29/1747237" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/article.pl?sid=07/10/29/1747237</a> [slashdot.org]</p><p>----</p><p><b>Most Security Products Fail To Perform:</b></p><p><a href="http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652" title="slashdot.org" rel="nofollow">http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652</a> [slashdot.org]</p><p>----</p><p><b>TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM:</b></p><p><a href="http://secunia.com/blog/29/" title="secunia.com" rel="nofollow">http://secunia.com/blog/29/</a> [secunia.com]</p><p>----</p><p><b>Top security suites fail exploit tests:</b></p><p><a href="http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head" title="computerworld.com" rel="nofollow">http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head</a> [computerworld.com]</p><p>----</p><p><b>Antivirus is 'completely wasted money': Cisco CSO: News - Security - ZDNet Australia:</b></p><p><a href="http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert" title="zdnet.com.au" rel="nofollow">http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert</a> [zdnet.com.au]</p><p>----</p><p><b>Are Routers the Next Big Target for Hackers?</b></p><p><a href="http://blogs.zdnet.com/security/?p=919" title="zdnet.com" rel="nofollow">http://blogs.zdnet.com/security/?p=919</a> [zdnet.com]</p><p>----</p><p><b>Software Firewalls: Made of Straw? Part 1 of 2:</b></p><p><a href="http://www.securityfocus.com/infocus/1839" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/infocus/1839</a> [securityfocus.com]</p><p><b>Software Firewalls: Made of Straw? Part 2 of 2:</b></p><p><a href="http://www.securityfocus.com/infocus/1840/2" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/infocus/1840/2</a> [securityfocus.com]</p><p>----</p><p><b>Brief study shows difficulty in detecting malware (2008):</b></p><p><a href="http://www.securityfocus.com/brief/858" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/858</a> [securityfocus.com]</p><p>----</p><p><b>2007 - Browser vulnerabilities and attacks will continue to mount:</b></p><p><a href="http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679" title="infoworld.com" rel="nofollow">http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679</a> [infoworld.com]</p><p>----</p><p><b>Bug exposes Cisco switches to attacks:</b></p><p><a href="http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news" title="cnet.com" rel="nofollow">http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news</a> [cnet.com]</p><p>&amp;</p><p><b>CISCO "COMES CLEAN" ON EXTENT OF IOS FLAW:</b></p><p><a href="http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/" title="eweek.com" rel="nofollow">http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/</a> [eweek.com]</p><p>&amp;</p><p><b>Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability:</b></p><p><a href="http://secunia.com/advisories/28625/" title="secunia.com" rel="nofollow">http://secunia.com/advisories/28625/</a> [secunia.com]</p><p>+</p><p><b>Computer routers face hijack risk - study:</b></p><p><a href="http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss" title="www.cbc.ca" rel="nofollow">http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss</a> [www.cbc.ca]</p><p>Slashdot Technology Story | Will Mainstream Media Embrace Adblockers?</p><p><a href="http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers</a> [slashdot.org]</p><p>----</p><p><b>Congress May Require ISPs To Block Certain Fraud Sites:</b></p><p><a href="http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078" title="slashdot.org" rel="nofollow">http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078</a> [slashdot.org]</p><p>====</p><p><b>JAVASCRIPT PROBLEMS:</b></p><p><b>Slashdot | Adobe Confirms PDF Zero-Day, Says Kill JavaScript:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/04/29/1823234" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/04/29/1823234</a> [slashdot.org]</p><p>----</p><p><b>Adobe Flash Zero-Day Attack Underway:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss</a> [slashdot.org]</p><p>----</p><p><b>JavaScript flaw reported in Adobe Reader</b> (4th or 5th time already, if not more):</p><p><a href="http://www.securityfocus.com/brief/953" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/953</a> [securityfocus.com]</p><p>----</p><p><b>Another malware pulls an Italian job via JAVASCRIPT:</b></p><p><a href="http://blog.trendmicro.com/another-malware-pulls-an-italian-job/" title="trendmicro.com" rel="nofollow">http://blog.trendmicro.com/another-malware-pulls-an-italian-job/</a> [trendmicro.com]</p><p>----</p><p><b>JavaScript opens doors to browser-based attacks | CNET News.com:</b></p><p><a href="http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news" title="com.com" rel="nofollow">http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news</a> [com.com]</p><p>----</p><p><b>Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secunia</b></p><p><a href="http://secunia.com/advisories/29787/" title="secunia.com" rel="nofollow">http://secunia.com/advisories/29787/</a> [secunia.com]</p><p>----</p><p><b>New script outstrips all other drive-by download risks:</b></p><p><a href="http://www.theregister.co.uk/2009/05/15/script\_menace/" title="theregister.co.uk" rel="nofollow">http://www.theregister.co.uk/2009/05/15/script\_menace/</a> [theregister.co.uk]</p><p>----</p><p><b>Researcher to demonstrate attack code for Intel chips via Javascript:</b></p><p><a href="http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036" title="infoworld.com" rel="nofollow">http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036</a> [infoworld.com]</p><p>----</p><p><b>Researcher: JavaScript Attacks Get Slicker:</b></p><p><a href="http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/" title="eweek.com" rel="nofollow">http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/</a> [eweek.com]</p><p>----</p><p><b>Rise Of The PDF Exploits:</b></p><p><a href="http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits" title="trustedsource.org" rel="nofollow">http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits</a> [trustedsource.org]</p><p>----</p><p><b>ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF:</b></p><p><a href="http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219" title="shadowserver.org" rel="nofollow">http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219</a> [shadowserver.org]</p><p>----</p><p><b>AJAX Poses Security, Performance Risks:</b></p><p><a href="http://www.eweek.com/article2/0,1895,1916673,00.asp" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,1916673,00.asp</a> [eweek.com]</p><p>----</p><p><b>Web 2.0 Threats and Risks for Financial Services:</b></p><p><a href="http://www.net-security.org/article.php?id=1004&amp;p=1" title="net-security.org" rel="nofollow">http://www.net-security.org/article.php?id=1004&amp;p=1</a> [net-security.org]</p><p><a href="http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack" title="cbronline.com" rel="nofollow">http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack</a> [cbronline.com]</p><p>----</p><p><b>Cross Site Scripting</b> (GOOGLE) <b>and WHY TO TURN OFF JAVASCRIPT:</b></p><p><a href="http://www.cgisecurity.com/xss-faq.html" title="cgisecurity.com" rel="nofollow">http://www.cgisecurity.com/xss-faq.html</a> [cgisecurity.com]</p><p>----</p><p><b>Why the FBI Director Doesn't Bank Online</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/10/08/0327240" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/10/08/0327240</a> [slashdot.org]</p><p><b>MAJOR ATTACKS (only a small sample) of WHY LAYERED SECURITY IS NEEDED</b></p><p><b>Is the Botnet Battle Already Lost?</b></p><p><a href="http://www.eweek.com/article2/0,1895,2029720,00.asp" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,2029720,00.asp</a> [eweek.com]</p><p>----</p><p><b>IT Pros Say They Can't Stop Data Breaches:</b></p><p><a href="http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD" title="eweek.com" rel="nofollow">http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD</a> [eweek.com]</p><p>----</p><p><b>Cyber Attacks On US Military Jump Sharply In 2009</b></p><p><a href="http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742</a> [slashdot.org]</p><p>----</p><p><b>Bots Found Inside Many Big Companies:</b></p><p><a href="http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html" title="baselinemag.com" rel="nofollow">http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html</a> [baselinemag.com]</p><p>----</p><p><b>Bot master owns up to 250,000 zombie PCs:</b></p><p><a href="http://www.securityfocus.com/news/11495" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/news/11495</a> [securityfocus.com]</p><p>----</p><p><b>Bots surge ahead (2007):</b></p><p><a href="http://www.securityfocus.com/brief/466" title="securityfocus.com" rel="nofollow">http://www.securityfocus.com/brief/466</a> [securityfocus.com]</p><p>----</p><p><b>Chinese Hackers Hit Commerce Department:</b></p><p><a href="http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227" title="informationweek.com" rel="nofollow">http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227</a> [informationweek.com]</p><p>----</p><p><b>CIA Admits Cyberattacks Blacked Out Cities:</b></p><p><a href="http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631" title="informationweek.com" rel="nofollow">http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631</a> [informationweek.com]</p><p>----</p><p><b>Compromised Banks and Investment sites list 2006:</b></p><p><a href="http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679" title="slashdot.org" rel="nofollow">http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679</a> [slashdot.org]</p><p>----</p><p><b>Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Massive IFRAME SEO Poisoning Attack Continuing:</b></p><p><a href="http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html" title="blogspot.com" rel="nofollow">http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html</a> [blogspot.com]</p><p>----</p><p><b>Data at Bank of America, Wachovia, others compromised - May. 23, 2005:</b></p><p><a href="http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm" title="cnn.com" rel="nofollow">http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm</a> [cnn.com]</p><p>----</p><p><b>Fresh Security Breaches at Los Alamos:</b></p><p><a href="http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/" title="msn.com" rel="nofollow">http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/</a> [msn.com]</p><p>----</p><p><b>Infected job search sites lead to info theft for 46,000:</b></p><p><a href="http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000" title="computerworld.com" rel="nofollow">http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000</a> [computerworld.com]</p><p>----</p><p><b>New Mega-Botnet Discovered:</b></p><p><a href="http://it.slashdot.org/article.pl?sid=09/04/22/2223214" title="slashdot.org" rel="nofollow">http://it.slashdot.org/article.pl?sid=09/04/22/2223214</a> [slashdot.org]</p><p>----</p><p>I think THAT list ought to "enlighten" ANYONE, as to why "layered security" is &amp; has been considered largely to be "THE WAY TO GO", vs. that list above (which is only a SMALL \%-age of what I can come up with in regards to threats online + their causes)... HOSTS files help protect vs. those, on several levels - DO consider their usage!</p><p>apk</p></div>
	</htmltext>
<tokenext>" Give the UI back to the user and leave the flashing marquee tags in Las Vegas " - by eldavojohn ( 898314 ) * on Monday November 30 , @ 12 : 27PM ( # 30271582 ) HomepageNO PROBLEM , 110 \ % agreement here on that account... &amp; more ( like more speed online AND more security , via a SINGLE EASILY EDITED + POPULATED FILE , called a HOSTS file ) : I use a custom HOSTS file , in addition to the tools you noted ( which only really function for FireFox/Mozilla products , but do n't extend globally to all other webbound applications , &amp; that is part of what HOSTS files give you above the methods you extoll + utilize : " GLOBAL COVERAGE " , &amp; of ALL webbound apps , not just FireFox/Mozilla ones via the addons you noted + use yourself... ) .HOSTS files can be used to blockout KNOWN " bad " adserves , maliciously coded sites or adbanners , and " botnet C&amp;C servers " too ! You can obtain reliable HOSTS files from reputable lists for more security online , but also for speed !
( More on that later &amp; WHY/HOW ( I use reliable lists for that , such as these HOSTS @ Wikipedia.com - &gt; http : //en.wikipedia.org/wiki/Hosts \ _file [ wikipedia.org ] or those from mvps.org ( a good one this one ) ) I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats , via : ----A .
) Spybot " Search &amp; Destroy " updates ( populates HOSTS and browser block lists ) B .
) Sites like ZDNet 's Mr. Dancho Danchev 's blog - &gt; http : //ddanchev.blogspot.com/ [ blogspot.com ] C. ) Sites like FireEye - &gt; http : //blog.fireeye.com/ [ fireeye.com ] D. ) SRI - &gt; http : //mtc.sri.com/ [ sri.com ] ----My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online ( by blocking adbanners , which have been compromised many times the past few years now by malscripted exploits ( examples below ) ) .
( I combined ALL reputable HOSTS files with one of my own ( 30,000 entries ) , &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called " APK HOSTS File Grinder 4.0 + + " .
That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter ' IP address to either 0.0.0.0 ( for VISTA/Windows Server 2008/Windows 7 , smaller &amp; thus faster than 127.0.0.1 default ) or the smallest &amp; fastest 0 " blocking 'IP ADDRESS ' " ( for Windows 2000/XP/Server 2003 which can STILL use it ( &amp; it was added in a service pack on Windows 2000 , only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards ( &amp; now all these " phunny little bugs " are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall , which ROOTKIT.COM has stated ( with code too no less on how it is done ) - &gt; http : //www.rootkit.com/newsread.php ? newsid = 952 [ rootkit.com ] [ rootkit.com ] that it is EASIER TO UNHOOK ( than was the design used in Windows 2000/XP/Server 2003 ) ) Another EXCELLENT benefit of HOSTS file usage ?
More speed online , &amp; also more security + reliability ( especially in the case of DNS servers today , per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now ) ...SO , to " CIRCUMVENT " THAT WHICH YOU NOTE &amp; to get more speed online ( besides/above potentially hijacked adbanners etc .
et al ) ? WELL - I use another " technique " called " hardcoding " an IP address to domainname/hostname in my HOSTS files , for my FAVORITE websites : This allows me to FIRST bypass any remote/external DNS lookups , which also would in theory @ least , make me " proofed " vs. DNS request logs by my ISP/BSP also .
( Especially since I use external DNS servers too , OpenDNS ones to be specific , that go beyond my hardcoded favs in my HOSTS file because I ca n't ping &amp; resolve the ENTIRE internet after all ) This also makes it harder for others to track me... ( Sure , they could do a " reverse DNS lookup " via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest , but that is harder to do , than looking up my URL requests via a log on a DNS server ) ) ALSO , AS ANOTHER " BONUS " in HOSTS FILES ( ca n't stress it enough , &amp; especially above + beyond adbanner blocking ) : It speeds you up , or can ! E.G.- &gt; A buddy of mine named Jack says it has ( verbatim quote ) " DOUBLED MY SPEED ONLINE , BUT I VALUE THE SECURITY PART MORE " , because he used to get over 200 + + viruses a week , now ?
Only maybe 2 a year IF THAT lately , &amp; he is convinced it is largely due to the HOSTS file I send him weekly ( he is my " lab rat # 1 " due to his previous infestation rate ) , &amp; if that " anecdotal evidence " is not enough ?
See this then , from a published security guru on a respected site for it : = = = = RESURRECTING THE KILLFILE : ( by Mr. Oliver Day ) http : //www.securityfocus.com/columnists/491 [ securityfocus.com ] PERTINENT EXCERPTS/QUOTES : " The host file on my day-to-day laptop is now over 16,000 lines long .
Accessing the Internet particularly browsing the Web is actually faster now .
" " From what I have seen in my research , major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade .
The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties .
More recently , projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware .
" = = = = ( A nice bonus beyond blocking adbanners via HOSTS too , because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below , several examples thereof no less ) , because you do n't waste between 30-N ms calling out to an external DNS !
( Again , and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it ) Thus , you can STILL GET TO YOUR FAV .
SITES IF HARDCODED in your HOSTS FILE ( a good thing , but one you may have to periodically alter , easily , via notepad.exe edits of your HOSTS file &amp; a ping to update their new address ( sites change hosting providers due to better services or prices , rare , but they do &amp; MOST let you know they are about to do so anyhow , so you can amend a HOSTS file ) ) .NICEST PART IS , THOUGH , PER YOUR STATEMENT ( in addition to the benefits of HOSTS file I note above , alongside others like Mr. Oliver Day of SECURITYFOCUS.COM ) ? I will STILL get to where it is that I WANT TO GO , not the router 's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least , because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL , not via my routers ' onboard DNS server...APKP.S. = &gt; Evidences as to WHY you 'd want to add on the " extra layered security protection " of a HOSTS file , which extends global security coverage to your webbound apps , AND , allows for a great deal of added extra speed as well ?
Ok , here are some documented reasons why like : a .
) DNS servers vulnerable , under attack , failing or being " DNS poisoned " misdirected &amp; moreb .
) Security suites failing vs. modern " blended threats " onlinec .
) javascript being used to do most of this via apps ) d. ) adbanners being maliciously coded also... ( Here we go with documented proofs/examples : ) POISONED MALSCRIPTED ADBANNERSThe Next Ad You Click May Be a Virus : http : //it.slashdot.org/article.pl ? sid = 09/06/15/2056219 [ slashdot.org ] ----Attackers Infect Ads With Old Adobe Vulnerability : http : //it.slashdot.org/article.pl ? sid = 09/02/25/024211 [ slashdot.org ] ----Hackers Use Banner Ads on Major Sites to Hijack Your PC : http : //www.wired.com/techbiz/media/news/2007/11/doubleclick [ wired.com ] ----Adobe Flash Ads Launching Clipboard Hijack Attacks : http : //it.slashdot.org/article.pl ? sid = 08/08/20/0029220&amp;from = rss [ slashdot.org ] ----Slashdot | Americans Do n't Want Targeted Ads : http : //yro.slashdot.org/article.pl ? sid = 09/10/01/1854214 [ slashdot.org ] = = = = DNS PROBLEMS : Number of Rogue DNS Servers on the Rise : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/02/15/2118212 [ slashdot.org ] ----Security Researcher Kaminsky Pushes DNS Patching : http : //it.slashdot.org/article.pl ? sid = 09/02/19/2322231 [ slashdot.org ] ----Ten Percent of DNS Servers Still Vulnerable : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 05/08/04/1525235 [ slashdot.org ] ----TimeWarner DNS Hijacking : http : //tech.slashdot.org/article.pl ? sid = 07/07/23/2140208 [ slashdot.org ] ----Another DNS Flaw Found : http : //tech.slashdot.org/article.pl ? sid = 09/01/09/2348240 [ slashdot.org ] ----Attack Code Published For DNS Vulnerability : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/07/23/231254 [ slashdot.org ] ----BIND Still Susceptible To DNS Cache Poisoning : http : //tech.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/08/09/123222 [ slashdot.org ] ----DDoS Attacks Via DNS Recursion : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 06/03/16/1658209 [ slashdot.org ] ----DNS Poisoning Hits One of China 's Biggest ISPs : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 08/08/21/2343250 [ slashdot.org ] ----DNS Root Servers Attacked : http : //it.slashdot.org/article.pl ? no \ _d2 = 1&amp;sid = 07/02/06/2238225 [ slashdot.org ] ----DNS Problem Linked To DDoS Attacks Gets Worse : http : //tech.slashdot.org/comments.pl ? sid = 1444354&amp;cid = 30109858 [ slashdot.org ] ----Are your servers vulnerable to DNS attacks ? http : //www.networkworld.com/news/2007/111907-dns-attacks.html [ networkworld.com ] ----Kaminsky On DNS Bugs a Year Later and DNSSEC : http : //it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC [ slashdot.org ] ----DNS users put higher premium on security : http : //news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/ [ techworld.com ] ----BIND , the Buggy Internet Name Daemon : http : //cr.yp.to/djbdns/blurb/unbind.html [ cr.yp.to ] ( Where djbdns was found to have flaw , though it was alleged invulnerable , they paid out $ 10,000 reward ) ----DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE : http : //blogs.zdnet.com/security/ ? p = 1520 [ zdnet.com ] ----DNS REBINDING ATTACKS : MultiPinning Browser JavaScript Vulnerability ( how to protect yourself ) : http : //crypto.stanford.edu/dns/ [ stanford.edu ] ----Hackers hijack DNS records of high profile New Zealand sites : http : //blogs.zdnet.com/security/ ? p = 3185 [ zdnet.com ] = = = = SECURITY SUITE PROGRAMS FAILING : AntiVirus Products Fail to Find Simple IE Malware : http : //tech.slashdot.org/article.pl ? sid = 07/10/29/1747237 [ slashdot.org ] ----Most Security Products Fail To Perform : http : //hardware.slashdot.org/comments.pl ? sid = 1445302&amp;threshold = -1&amp;commentsort = 0&amp;mode = thread&amp;pid = 30114652 [ slashdot.org ] ----TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM : http : //secunia.com/blog/29/ [ secunia.com ] ----Top security suites fail exploit tests : http : //www.computerworld.com/s/article/9117042/Top \ _security \ _suites \ _fail \ _exploit \ _tests ? intsrc = news \ _ts \ _head [ computerworld.com ] ----Antivirus is 'completely wasted money ' : Cisco CSO : News - Security - ZDNet Australia : http : //www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm ? feed = pt \ _auscert [ zdnet.com.au ] ----Are Routers the Next Big Target for Hackers ? http : //blogs.zdnet.com/security/ ? p = 919 [ zdnet.com ] ----Software Firewalls : Made of Straw ?
Part 1 of 2 : http : //www.securityfocus.com/infocus/1839 [ securityfocus.com ] Software Firewalls : Made of Straw ?
Part 2 of 2 : http : //www.securityfocus.com/infocus/1840/2 [ securityfocus.com ] ----Brief study shows difficulty in detecting malware ( 2008 ) : http : //www.securityfocus.com/brief/858 [ securityfocus.com ] ----2007 - Browser vulnerabilities and attacks will continue to mount : http : //www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679 [ infoworld.com ] ----Bug exposes Cisco switches to attacks : http : //news.cnet.com/Bug-exposes-Cisco-switches + to + attacks/2110-7349 \ _3-5902897.html ? part = rss&amp;tag = 5902897&amp;subj = news [ cnet.com ] &amp;CISCO " COMES CLEAN " ON EXTENT OF IOS FLAW : http : //www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/ [ eweek.com ] &amp;Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability : http : //secunia.com/advisories/28625/ [ secunia.com ] + Computer routers face hijack risk - study : http : //www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html ? ref = rss [ www.cbc.ca ] Slashdot Technology Story | Will Mainstream Media Embrace Adblockers ? http : //tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers [ slashdot.org ] ----Congress May Require ISPs To Block Certain Fraud Sites : http : //yro.slashdot.org/comments.pl ? sid = 1432514&amp;cid = 30024078 [ slashdot.org ] = = = = JAVASCRIPT PROBLEMS : Slashdot | Adobe Confirms PDF Zero-Day , Says Kill JavaScript : http : //it.slashdot.org/article.pl ? sid = 09/04/29/1823234 [ slashdot.org ] ----Adobe Flash Zero-Day Attack Underway : http : //it.slashdot.org/article.pl ? sid = 08/05/28/0138247&amp;from = rss [ slashdot.org ] ----JavaScript flaw reported in Adobe Reader ( 4th or 5th time already , if not more ) : http : //www.securityfocus.com/brief/953 [ securityfocus.com ] ----Another malware pulls an Italian job via JAVASCRIPT : http : //blog.trendmicro.com/another-malware-pulls-an-italian-job/ [ trendmicro.com ] ----JavaScript opens doors to browser-based attacks | CNET News.com : http : //news.com.com/JavaScript + opens + doors + to + browser-based + attacks/2100-7349 \ _3-6099891.html ? part = rss&amp;tag = 6099891&amp;subj = news [ com.com ] ----Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secuniahttp : //secunia.com/advisories/29787/ [ secunia.com ] ----New script outstrips all other drive-by download risks : http : //www.theregister.co.uk/2009/05/15/script \ _menace/ [ theregister.co.uk ] ----Researcher to demonstrate attack code for Intel chips via Javascript : http : //www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036 [ infoworld.com ] ----Researcher : JavaScript Attacks Get Slicker : http : //www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/ [ eweek.com ] ----Rise Of The PDF Exploits : http : //www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits [ trustedsource.org ] ----ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF : http : //www.shadowserver.org/wiki/pmwiki.php ? n = Calendar.20090219 [ shadowserver.org ] ----AJAX Poses Security , Performance Risks : http : //www.eweek.com/article2/0,1895,1916673,00.asp [ eweek.com ] ----Web 2.0 Threats and Risks for Financial Services : http : //www.net-security.org/article.php ? id = 1004&amp;p = 1 [ net-security.org ] http : //www.cbronline.com/news/web \ _20 \ _is \ _vulnerable \ _to \ _attack [ cbronline.com ] ----Cross Site Scripting ( GOOGLE ) and WHY TO TURN OFF JAVASCRIPT : http : //www.cgisecurity.com/xss-faq.html [ cgisecurity.com ] ----Why the FBI Director Does n't Bank Onlinehttp : //it.slashdot.org/article.pl ? sid = 09/10/08/0327240 [ slashdot.org ] MAJOR ATTACKS ( only a small sample ) of WHY LAYERED SECURITY IS NEEDEDIs the Botnet Battle Already Lost ? http : //www.eweek.com/article2/0,1895,2029720,00.asp [ eweek.com ] ----IT Pros Say They Ca n't Stop Data Breaches : http : //www.eweek.com/article2/0,1895,2010325,00.asp ? kc = EWNAVEMNL083106EOAD [ eweek.com ] ----Cyber Attacks On US Military Jump Sharply In 2009http : //tech.slashdot.org/comments.pl ? sid = 1452358&amp;threshold = -1&amp;commentsort = 0&amp;mode = thread&amp;cid = 30185742 [ slashdot.org ] ----Bots Found Inside Many Big Companies : http : //blogs.baselinemag.com/security/content001/cybercrime/bots \ _found \ _inside \ _many \ _big \ _companies.html [ baselinemag.com ] ----Bot master owns up to 250,000 zombie PCs : http : //www.securityfocus.com/news/11495 [ securityfocus.com ] ----Bots surge ahead ( 2007 ) : http : //www.securityfocus.com/brief/466 [ securityfocus.com ] ----Chinese Hackers Hit Commerce Department : http : //www.informationweek.com/news/security/government/showArticle.jhtml ? articleID = 193105227 [ informationweek.com ] ----CIA Admits Cyberattacks Blacked Out Cities : http : //www.informationweek.com/news/internet/showArticle.jhtml ? articleID = 205901631 [ informationweek.com ] ----Compromised Banks and Investment sites list 2006 : http : //it.slashdot.org/comments.pl ? sid = 233921&amp;cid = 19035679 [ slashdot.org ] ----Dancho Danchev 's Blog - Mind Streams of Information Security Knowledge : Massive IFRAME SEO Poisoning Attack Continuing : http : //ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html [ blogspot.com ] ----Data at Bank of America , Wachovia , others compromised - May .
23 , 2005 : http : //money.cnn.com/2005/05/23/news/fortune500/bank \ _info/index.htm [ cnn.com ] ----Fresh Security Breaches at Los Alamos : http : //www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/ [ msn.com ] ----Infected job search sites lead to info theft for 46,000 : http : //www.computerworld.com/s/article/9031139/Infected \ _job \ _search \ _sites \ _lead \ _to \ _info \ _theft \ _for \ _46 \ _000 [ computerworld.com ] ----New Mega-Botnet Discovered : http : //it.slashdot.org/article.pl ? sid = 09/04/22/2223214 [ slashdot.org ] ----I think THAT list ought to " enlighten " ANYONE , as to why " layered security " is &amp; has been considered largely to be " THE WAY TO GO " , vs. that list above ( which is only a SMALL \ % -age of what I can come up with in regards to threats online + their causes ) ... HOSTS files help protect vs. those , on several levels - DO consider their usage ! apk</tokentext>
<sentencetext>"Give the UI back to the user and leave the flashing marquee tags in Las Vegas" - by eldavojohn (898314) *  on Monday November 30, @12:27PM (#30271582) HomepageNO PROBLEM, 110\% agreement here on that account... &amp; more (like more speed online AND more security, via a SINGLE EASILY EDITED + POPULATED FILE, called a HOSTS file):I use a custom HOSTS file, in addition to the tools you noted (which only really function for FireFox/Mozilla products, but don't extend globally to all other webbound applications, &amp; that is part of what HOSTS files give you above the methods you extoll + utilize: "GLOBAL COVERAGE", &amp; of ALL webbound apps, not just FireFox/Mozilla ones via the addons you noted + use yourself...).HOSTS files can be used to blockout KNOWN "bad" adserves, maliciously coded sites or adbanners, and "botnet C&amp;C servers" too!You can obtain reliable HOSTS files from reputable lists for more security online, but also for speed!
(More on that later &amp; WHY/HOW (I use reliable lists for that, such as these HOSTS @ Wikipedia.com -&gt; http://en.wikipedia.org/wiki/Hosts\_file [wikipedia.org] or those from mvps.org (a good one this one))I also further populate &amp; keep current my custom HOSTS file with up to date information in regards to all of those threats, via:----A.
) Spybot "Search &amp; Destroy" updates (populates HOSTS and browser block lists)B.
) Sites like ZDNet's Mr. Dancho Danchev's blog -&gt; http://ddanchev.blogspot.com/ [blogspot.com]C.) Sites like FireEye -&gt; http://blog.fireeye.com/ [fireeye.com]D.) SRI -&gt; http://mtc.sri.com/ [sri.com]----My HOSTS file incorporates ALL of the entries from the HOSTS files shown @ wikipedia as well... gaining me speed online (by blocking adbanners, which have been compromised many times the past few years now by malscripted exploits (examples below)).
(I combined ALL reputable HOSTS files with one of my own (30,000 entries), &amp; I removed duplicates removed via a Borland Delphi app I wrote to do so called "APK HOSTS File Grinder 4.0++".
That program also functions to change the default larger &amp; SLOWER 127.0.0.1 blocking 'loopback adapter' IP address to either 0.0.0.0 (for VISTA/Windows Server 2008/Windows 7, smaller &amp; thus faster than 127.0.0.1 default) or the smallest &amp; fastest 0 "blocking 'IP ADDRESS'" (for Windows 2000/XP/Server 2003 which can STILL use it (&amp; it was added in a service pack on Windows 2000, only on 12/09/2008 MS patch tuesday was it removed for VISTA onwards (&amp; now all these "phunny little bugs" are showing up as FLAWS in this new NDIS6 approach via WFP as well in the firewall, which ROOTKIT.COM has stated (with code too no less on how it is done) -&gt; http://www.rootkit.com/newsread.php?newsid=952 [rootkit.com] [rootkit.com] that it is EASIER TO UNHOOK (than was the design used in Windows 2000/XP/Server 2003))Another EXCELLENT benefit of HOSTS file usage?
More speed online, &amp; also more security + reliability (especially in the case of DNS servers today, per folks like Dan Kaminsky &amp;/or Moxie Marlinspike finding various security vulnerabilities in them the past couple years now)...SO, to "CIRCUMVENT" THAT WHICH YOU NOTE &amp; to get more speed online (besides/above potentially hijacked adbanners etc.
et al)?WELL - I use another "technique" called "hardcoding" an IP address to domainname/hostname in my HOSTS files, for my FAVORITE websites:This allows me to FIRST bypass any remote/external DNS lookups, which also would in theory @ least, make me "proofed" vs. DNS request logs by my ISP/BSP also.
(Especially since I use external DNS servers too, OpenDNS ones to be specific, that go beyond my hardcoded favs in my HOSTS file because I can't ping &amp; resolve the ENTIRE internet after all)This also makes it harder for others to track me...(Sure, they could do a "reverse DNS lookup" via pings &amp;/or traceroutes &amp; the top level domain that does nothing BUT cache reverse DNS lookups does the rest, but that is harder to do, than looking up my URL requests via a log on a DNS server))ALSO, AS ANOTHER "BONUS" in HOSTS FILES (can't stress it enough, &amp; especially above + beyond adbanner blocking):  It speeds you up, or can!E.G.-&gt; A buddy of mine named Jack says it has (verbatim quote) "DOUBLED MY SPEED ONLINE, BUT I VALUE THE SECURITY PART MORE", because he used to get over 200++ viruses a week, now?
Only maybe 2 a year IF THAT lately, &amp; he is convinced it is largely due to the HOSTS file I send him weekly (he is my "lab rat #1" due to his previous infestation rate), &amp; if that "anecdotal evidence" is not enough?
See this then, from a published security guru on a respected site for it:====RESURRECTING THE KILLFILE:(by Mr. Oliver Day)http://www.securityfocus.com/columnists/491 [securityfocus.com]PERTINENT EXCERPTS/QUOTES:"The host file on my day-to-day laptop is now over 16,000 lines long.
Accessing the Internet particularly browsing the Web is actually faster now.
""From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade.
The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties.
More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware.
"====(A nice bonus beyond blocking adbanners via HOSTS too, because these have been shown to harbor malscripted content too &amp; more than just a few times the past 4-5 yrs now no less such as is noted here in my PS below, several examples thereof no less), because you don't waste between 30-N ms calling out to an external DNS!
(Again, and a DNS server that MAY be poisoned per Dan Kaminsky the past few years now &amp; others also noting it)Thus, you can STILL GET TO YOUR FAV.
SITES IF HARDCODED in your HOSTS FILE (a good thing, but one you may have to periodically alter, easily, via notepad.exe edits of your HOSTS file &amp; a ping to update their new address (sites change hosting providers due to better services or prices, rare, but they do &amp; MOST let you know they are about to do so anyhow, so you can amend a HOSTS file)).NICEST PART IS, THOUGH, PER YOUR STATEMENT (in addition to the benefits of HOSTS file I note above, alongside others like Mr. Oliver Day of SECURITYFOCUS.COM)?I will STILL get to where it is that I WANT TO GO, not the router's onboard DNS server doing hostname/domainname resolutions or potential hijacked redirects... in theory @ least, because I am controlling the hostname/dommainname resolutions @ AN OS + IP STACK LEVEL, not via my routers' onboard DNS server...APKP.S.=&gt; Evidences as to WHY you'd want to add on the "extra layered security protection" of a HOSTS file, which extends global security coverage to your webbound apps, AND, allows for a great deal of added extra speed as well?
Ok, here are some documented reasons why like:a.
) DNS servers vulnerable, under attack, failing or being "DNS poisoned" misdirected &amp; moreb.
) Security suites failing vs. modern "blended threats" onlinec.
) javascript being used to do most of this via apps)d.) adbanners being maliciously coded also...(Here we go with documented proofs/examples:)POISONED MALSCRIPTED ADBANNERSThe Next Ad You Click May Be a Virus:http://it.slashdot.org/article.pl?sid=09/06/15/2056219 [slashdot.org]----Attackers Infect Ads With Old Adobe Vulnerability:http://it.slashdot.org/article.pl?sid=09/02/25/024211 [slashdot.org]----Hackers Use Banner Ads on Major Sites to Hijack Your PC:http://www.wired.com/techbiz/media/news/2007/11/doubleclick [wired.com]----Adobe Flash Ads Launching Clipboard Hijack Attacks:http://it.slashdot.org/article.pl?sid=08/08/20/0029220&amp;from=rss [slashdot.org]----Slashdot | Americans Don't Want Targeted Ads:http://yro.slashdot.org/article.pl?sid=09/10/01/1854214 [slashdot.org]====DNS PROBLEMS:Number of Rogue DNS Servers on the Rise:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/02/15/2118212 [slashdot.org]----Security Researcher Kaminsky Pushes DNS Patching:http://it.slashdot.org/article.pl?sid=09/02/19/2322231 [slashdot.org]----Ten Percent of DNS Servers Still Vulnerable:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=05/08/04/1525235 [slashdot.org]----TimeWarner DNS Hijacking:http://tech.slashdot.org/article.pl?sid=07/07/23/2140208 [slashdot.org]----Another DNS Flaw Found:http://tech.slashdot.org/article.pl?sid=09/01/09/2348240 [slashdot.org]----Attack Code Published For DNS Vulnerability:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/07/23/231254 [slashdot.org]----BIND Still Susceptible To DNS Cache Poisoning:http://tech.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/09/123222 [slashdot.org]----DDoS Attacks Via DNS Recursion:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=06/03/16/1658209 [slashdot.org]----DNS Poisoning Hits One of China's Biggest ISPs:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=08/08/21/2343250 [slashdot.org]----DNS Root Servers Attacked:http://it.slashdot.org/article.pl?no\_d2=1&amp;sid=07/02/06/2238225 [slashdot.org]----DNS Problem Linked To DDoS Attacks Gets Worse:http://tech.slashdot.org/comments.pl?sid=1444354&amp;cid=30109858 [slashdot.org]----Are your servers vulnerable to DNS attacks?http://www.networkworld.com/news/2007/111907-dns-attacks.html [networkworld.com]----Kaminsky On DNS Bugs a Year Later and DNSSEC:http://it.slashdot.org/story/09/06/25/1354212/Kaminsky-On-DNS-Bugs-a-Year-Later-and-DNSSEC [slashdot.org]----DNS users put higher premium on security:http://news.techworld.com/networking/10690/dns-users-put-higher-premium-on-security/ [techworld.com]----BIND, the Buggy Internet Name Daemon:http://cr.yp.to/djbdns/blurb/unbind.html [cr.yp.to](Where djbdns was found to have flaw, though it was alleged invulnerable, they paid out $10,000 reward)----DNS Dan Kaminsky DNS SPOOF ATTACK EXPLAINED HOW IT IS DONE:http://blogs.zdnet.com/security/?p=1520 [zdnet.com]----DNS REBINDING ATTACKS: MultiPinning Browser JavaScript Vulnerability (how to protect yourself):http://crypto.stanford.edu/dns/ [stanford.edu]----Hackers hijack DNS records of high profile New Zealand sites:http://blogs.zdnet.com/security/?p=3185 [zdnet.com]====SECURITY SUITE PROGRAMS FAILING:AntiVirus Products Fail to Find Simple IE Malware:http://tech.slashdot.org/article.pl?sid=07/10/29/1747237 [slashdot.org]----Most Security Products Fail To Perform:http://hardware.slashdot.org/comments.pl?sid=1445302&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;pid=30114652 [slashdot.org]----TOP SECURITY SUITES FAIL 64/300 THREATS in 2008 AT SECUNIA.COM:http://secunia.com/blog/29/ [secunia.com]----Top security suites fail exploit tests:http://www.computerworld.com/s/article/9117042/Top\_security\_suites\_fail\_exploit\_tests?intsrc=news\_ts\_head [computerworld.com]----Antivirus is 'completely wasted money': Cisco CSO: News - Security - ZDNet Australia:http://www.zdnet.com.au/news/security/soa/Antivirus-is-completely-wasted-money-Cisco-CSO/0,130061744,339289122,00.htm?feed=pt\_auscert [zdnet.com.au]----Are Routers the Next Big Target for Hackers?http://blogs.zdnet.com/security/?p=919 [zdnet.com]----Software Firewalls: Made of Straw?
Part 1 of 2:http://www.securityfocus.com/infocus/1839 [securityfocus.com]Software Firewalls: Made of Straw?
Part 2 of 2:http://www.securityfocus.com/infocus/1840/2 [securityfocus.com]----Brief study shows difficulty in detecting malware (2008):http://www.securityfocus.com/brief/858 [securityfocus.com]----2007 - Browser vulnerabilities and attacks will continue to mount:http://www.infoworld.com/d/security-central/browser-vulnerabilities-and-attacks-will-continue-mount-679 [infoworld.com]----Bug exposes Cisco switches to attacks:http://news.cnet.com/Bug-exposes-Cisco-switches+to+attacks/2110-7349\_3-5902897.html?part=rss&amp;tag=5902897&amp;subj=news [cnet.com]&amp;CISCO "COMES CLEAN" ON EXTENT OF IOS FLAW:http://www.eweek.com/c/a/Security/Cisco-Comes-Clean-on-Extent-of-IOS-Flaw/ [eweek.com]&amp;Cisco PIX and ASA Time-To-Live Denial of Service Vulnerability:http://secunia.com/advisories/28625/ [secunia.com]+Computer routers face hijack risk - study:http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html?ref=rss [www.cbc.ca]Slashdot Technology Story | Will Mainstream Media Embrace Adblockers?http://tech.slashdot.org/story/09/08/06/1442243/Will-Mainstream-Media-Embrace-Adblockers [slashdot.org]----Congress May Require ISPs To Block Certain Fraud Sites:http://yro.slashdot.org/comments.pl?sid=1432514&amp;cid=30024078 [slashdot.org]====JAVASCRIPT PROBLEMS:Slashdot | Adobe Confirms PDF Zero-Day, Says Kill JavaScript:http://it.slashdot.org/article.pl?sid=09/04/29/1823234 [slashdot.org]----Adobe Flash Zero-Day Attack Underway:http://it.slashdot.org/article.pl?sid=08/05/28/0138247&amp;from=rss [slashdot.org]----JavaScript flaw reported in Adobe Reader (4th or 5th time already, if not more):http://www.securityfocus.com/brief/953 [securityfocus.com]----Another malware pulls an Italian job via JAVASCRIPT:http://blog.trendmicro.com/another-malware-pulls-an-italian-job/ [trendmicro.com]----JavaScript opens doors to browser-based attacks | CNET News.com:http://news.com.com/JavaScript+opens+doors+to+browser-based+attacks/2100-7349\_3-6099891.html?part=rss&amp;tag=6099891&amp;subj=news [com.com]----Mozilla Firefox Javascript Garbage Collector Vulnerability - Advisories - Secuniahttp://secunia.com/advisories/29787/ [secunia.com]----New script outstrips all other drive-by download risks:http://www.theregister.co.uk/2009/05/15/script\_menace/ [theregister.co.uk]----Researcher to demonstrate attack code for Intel chips via Javascript:http://www.infoworld.com/d/security-central/researcher-demonstrate-attack-code-intel-chips-036 [infoworld.com]----Researcher: JavaScript Attacks Get Slicker:http://www.eweek.com/c/a/Security/Researcher-JavaScript-Attacks-Get-Slicker/ [eweek.com]----Rise Of The PDF Exploits:http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits [trustedsource.org]----ADOBE NEW FLAW DOES USE JAVASCRIPT PROOF:http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219 [shadowserver.org]----AJAX Poses Security, Performance Risks:http://www.eweek.com/article2/0,1895,1916673,00.asp [eweek.com]----Web 2.0 Threats and Risks for Financial Services:http://www.net-security.org/article.php?id=1004&amp;p=1 [net-security.org]http://www.cbronline.com/news/web\_20\_is\_vulnerable\_to\_attack [cbronline.com]----Cross Site Scripting (GOOGLE) and WHY TO TURN OFF JAVASCRIPT:http://www.cgisecurity.com/xss-faq.html [cgisecurity.com]----Why the FBI Director Doesn't Bank Onlinehttp://it.slashdot.org/article.pl?sid=09/10/08/0327240 [slashdot.org]MAJOR ATTACKS (only a small sample) of WHY LAYERED SECURITY IS NEEDEDIs the Botnet Battle Already Lost?http://www.eweek.com/article2/0,1895,2029720,00.asp [eweek.com]----IT Pros Say They Can't Stop Data Breaches:http://www.eweek.com/article2/0,1895,2010325,00.asp?kc=EWNAVEMNL083106EOAD [eweek.com]----Cyber Attacks On US Military Jump Sharply In 2009http://tech.slashdot.org/comments.pl?sid=1452358&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30185742 [slashdot.org]----Bots Found Inside Many Big Companies:http://blogs.baselinemag.com/security/content001/cybercrime/bots\_found\_inside\_many\_big\_companies.html [baselinemag.com]----Bot master owns up to 250,000 zombie PCs:http://www.securityfocus.com/news/11495 [securityfocus.com]----Bots surge ahead (2007):http://www.securityfocus.com/brief/466 [securityfocus.com]----Chinese Hackers Hit Commerce Department:http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=193105227 [informationweek.com]----CIA Admits Cyberattacks Blacked Out Cities:http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=205901631 [informationweek.com]----Compromised Banks and Investment sites list 2006:http://it.slashdot.org/comments.pl?sid=233921&amp;cid=19035679 [slashdot.org]----Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Massive IFRAME SEO Poisoning Attack Continuing:http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html [blogspot.com]----Data at Bank of America, Wachovia, others compromised - May.
23, 2005:http://money.cnn.com/2005/05/23/news/fortune500/bank\_info/index.htm [cnn.com]----Fresh Security Breaches at Los Alamos:http://www.msnbc.msn.com/id/19418769/site/newsweek/print/1/displaymode/1098/ [msn.com]----Infected job search sites lead to info theft for 46,000:http://www.computerworld.com/s/article/9031139/Infected\_job\_search\_sites\_lead\_to\_info\_theft\_for\_46\_000 [computerworld.com]----New Mega-Botnet Discovered:http://it.slashdot.org/article.pl?sid=09/04/22/2223214 [slashdot.org]----I think THAT list ought to "enlighten" ANYONE, as to why "layered security" is &amp; has been considered largely to be "THE WAY TO GO", vs. that list above (which is only a SMALL \%-age of what I can come up with in regards to threats online + their causes)... HOSTS files help protect vs. those, on several levels - DO consider their usage!apk
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272412</id>
	<title>Webmasters hate slow ads too</title>
	<author>Badmovies</author>
	<datestamp>1259609280000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>There are quite a few webmasters who run their ads inside of iframes, as that usually avoids a slow ad holding up the rest of the page loading.  The bad thing about that is that expandable ads (even polite, user-initiated) do not work.  There are also some other tricks webmasters use, such as creating division tags and then using a bit of javascript trickery to move the ad loading to a point after the content loads.</p><p>Webmasters do hate slow ads (not to mention bad ads).  I love direct sale campaigns on my site, because they almost always are run from my ad server.  If that is slow, my whole site is slow anyway - and that happens very, very rarely (it has been months).</p></htmltext>
<tokenext>There are quite a few webmasters who run their ads inside of iframes , as that usually avoids a slow ad holding up the rest of the page loading .
The bad thing about that is that expandable ads ( even polite , user-initiated ) do not work .
There are also some other tricks webmasters use , such as creating division tags and then using a bit of javascript trickery to move the ad loading to a point after the content loads.Webmasters do hate slow ads ( not to mention bad ads ) .
I love direct sale campaigns on my site , because they almost always are run from my ad server .
If that is slow , my whole site is slow anyway - and that happens very , very rarely ( it has been months ) .</tokentext>
<sentencetext>There are quite a few webmasters who run their ads inside of iframes, as that usually avoids a slow ad holding up the rest of the page loading.
The bad thing about that is that expandable ads (even polite, user-initiated) do not work.
There are also some other tricks webmasters use, such as creating division tags and then using a bit of javascript trickery to move the ad loading to a point after the content loads.Webmasters do hate slow ads (not to mention bad ads).
I love direct sale campaigns on my site, because they almost always are run from my ad server.
If that is slow, my whole site is slow anyway - and that happens very, very rarely (it has been months).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272810</id>
	<title>Yes</title>
	<author>heneon</author>
	<datestamp>1259611620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>...and a more in-depth analysis: f**k yes.</htmltext>
<tokenext>...and a more in-depth analysis : f * * k yes .</tokentext>
<sentencetext>...and a more in-depth analysis: f**k yes.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271684</id>
	<title>Security?</title>
	<author>Anonymous</author>
	<datestamp>1259606220000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext>Surely the ads are in iframes, and so load entirely asynchronously.  If they're not, then you're giving third-party content access to your site's security zone, which is a terrible idea.</htmltext>
<tokenext>Surely the ads are in iframes , and so load entirely asynchronously .
If they 're not , then you 're giving third-party content access to your site 's security zone , which is a terrible idea .</tokentext>
<sentencetext>Surely the ads are in iframes, and so load entirely asynchronously.
If they're not, then you're giving third-party content access to your site's security zone, which is a terrible idea.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274676</id>
	<title>Re:no-script</title>
	<author>Anonymous</author>
	<datestamp>1259575440000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>no-script + adblock plus = internet bliss.</p></htmltext>
<tokenext>no-script + adblock plus = internet bliss .</tokentext>
<sentencetext>no-script + adblock plus = internet bliss.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271676</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273148</id>
	<title>Re:Why would an ad server slow down a site?</title>
	<author>Anonymous</author>
	<datestamp>1259613180000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Well, see, in an ideal world, that would be true, but sadly browsers somehow suck so badly when it comes to things like this for god knows what reason.<br>I thought all this mess was fixed years ago, but still we have browsers refusing to load pages until it has loaded embedded media because "oh it won't look pretty and nice when it is loading up"</p><p>But the browsers and advertisers aren't the only ones to blame, the idiots making the websites not explicitly stating widths and heights of objects on pages are the BIGGEST offenders in this whole problem.  (which is why browsers refuse to paint the page until certain conditions are met)<br>But sadly we had (still have!) browsers with crappy rendering and differing results for such a basic construct based around simple addition and subtraction.<br>HOW HARD CAN IT BE?!  THERE ARE EVEN ASCII PICTURES ON THE SPECS OF ALL THE COMPONENTS OF AN OBJECT THAT COUNT TOWARDS THE DIMENSIONS!</p></htmltext>
<tokenext>Well , see , in an ideal world , that would be true , but sadly browsers somehow suck so badly when it comes to things like this for god knows what reason.I thought all this mess was fixed years ago , but still we have browsers refusing to load pages until it has loaded embedded media because " oh it wo n't look pretty and nice when it is loading up " But the browsers and advertisers are n't the only ones to blame , the idiots making the websites not explicitly stating widths and heights of objects on pages are the BIGGEST offenders in this whole problem .
( which is why browsers refuse to paint the page until certain conditions are met ) But sadly we had ( still have !
) browsers with crappy rendering and differing results for such a basic construct based around simple addition and subtraction.HOW HARD CAN IT BE ? !
THERE ARE EVEN ASCII PICTURES ON THE SPECS OF ALL THE COMPONENTS OF AN OBJECT THAT COUNT TOWARDS THE DIMENSIONS !</tokentext>
<sentencetext>Well, see, in an ideal world, that would be true, but sadly browsers somehow suck so badly when it comes to things like this for god knows what reason.I thought all this mess was fixed years ago, but still we have browsers refusing to load pages until it has loaded embedded media because "oh it won't look pretty and nice when it is loading up"But the browsers and advertisers aren't the only ones to blame, the idiots making the websites not explicitly stating widths and heights of objects on pages are the BIGGEST offenders in this whole problem.
(which is why browsers refuse to paint the page until certain conditions are met)But sadly we had (still have!
) browsers with crappy rendering and differing results for such a basic construct based around simple addition and subtraction.HOW HARD CAN IT BE?!
THERE ARE EVEN ASCII PICTURES ON THE SPECS OF ALL THE COMPONENTS OF AN OBJECT THAT COUNT TOWARDS THE DIMENSIONS!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272106</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30279174</id>
	<title>Re:Grow up people</title>
	<author>Lord Maud'Dib</author>
	<datestamp>1259600940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>1.  I just block ads:  This is theft, even moreso than pirating music. </p></div><p>There is no contract we must agree to when visiting a site legally requiring ad views, and yet that site is made publicly available. Set up a paywall and see what happens.</p></div>
	</htmltext>
<tokenext>1 .
I just block ads : This is theft , even moreso than pirating music .
There is no contract we must agree to when visiting a site legally requiring ad views , and yet that site is made publicly available .
Set up a paywall and see what happens .</tokentext>
<sentencetext>1.
I just block ads:  This is theft, even moreso than pirating music.
There is no contract we must agree to when visiting a site legally requiring ad views, and yet that site is made publicly available.
Set up a paywall and see what happens.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274574</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273824</id>
	<title>Re:This isn't new</title>
	<author>mujadaddy</author>
	<datestamp>1259572320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>crappy external Javascript marketing made us insert in the page header to track stuff.</p></div><p>Say, "Fuck'em" and put the scripts in your FOOTER, bro.  It will produce a noticeable difference.</p></div>
	</htmltext>
<tokenext>crappy external Javascript marketing made us insert in the page header to track stuff.Say , " Fuck'em " and put the scripts in your FOOTER , bro .
It will produce a noticeable difference .</tokentext>
<sentencetext>crappy external Javascript marketing made us insert in the page header to track stuff.Say, "Fuck'em" and put the scripts in your FOOTER, bro.
It will produce a noticeable difference.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271744</parent>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271684
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272738
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_30</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272320
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273312
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30289948
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271618
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271730
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272080
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271618
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271862
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_57</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271618
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271730
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276334
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_51</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271676
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274676
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271774
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274088
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_47</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271684
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273458
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_50</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272106
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272326
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_52</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274352
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271610
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275888
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271708
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272236
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30277408
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272218
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272510
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271632
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272074
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271612
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272468
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_39</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271618
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272472
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_44</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272106
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275114
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272474
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272106
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272224
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_34</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272126
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272564
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272918
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271612
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273728
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_41</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274574
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30279174
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275500
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271744
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273824
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272670
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274328
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_42</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273472
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_33</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273058
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_56</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271612
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276886
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272320
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273636
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_32</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272106
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272230
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272106
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273148
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271612
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30277220
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_60</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272126
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272446
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271624
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_48</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271720
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276474
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272764
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30278984
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_55</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271716
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275958
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_38</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271632
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272434
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275586
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_31</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271684
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273062
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_54</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271716
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275846
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271744
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273832
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_45</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272660
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271774
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271960
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275402
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271676
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272370
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271676
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275734
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_46</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271708
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276888
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_37</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271612
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272304
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_53</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272218
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272690
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271618
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272636
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_36</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272670
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273540
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272670
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30296298
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_43</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271708
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272008
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272764
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274950
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271744
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276176
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271684
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273654
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272126
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272498
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_59</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272670
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276858
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_35</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271744
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276814
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_58</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274924
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_49</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271716
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271934
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_30_166218_40</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272218
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272486
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272464
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271632
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272434
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275586
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272074
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271610
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275888
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272340
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271676
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274676
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275734
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272370
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271726
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273204
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271668
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271708
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272008
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272236
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30277408
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276888
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272640
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271774
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274088
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271960
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275402
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271720
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276474
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272106
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273148
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275114
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272224
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272326
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272230
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276142
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271812
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271612
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276886
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273728
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272304
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272468
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30277220
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274916
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271618
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271862
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271730
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276334
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272080
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272636
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272472
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271744
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276814
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273832
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276176
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273824
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272670
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276858
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273540
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30296298
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274328
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271716
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275846
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271934
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275958
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274822
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30276502
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272764
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274950
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30278984
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271684
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273062
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272738
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273654
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273458
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274574
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30279174
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_30_166218.16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271582
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272474
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274352
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30275500
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272660
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272218
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272690
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272486
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272510
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273472
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30271624
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272126
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272564
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272918
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272498
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272446
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30274924
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30272320
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273312
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30289948
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273636
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_30_166218.30273058
</commentlist>
</conversation>
