What is the Microsoft 70-291 Exam All About?

The 70-291 is the other name for the Microsoft certification exam MCDBA – Managing and Preserving a Microsoft Windows Server 2003 Environment. The MCSA (Microsoft Certified Systems Administrator) on Windows Server 2003 credential (or 70-291 exams) is meant for IT professionals employed in generally complicated computing atmosphere of medium and huge businesses.

To be eligible for taking component in this exam, you will need at least six to 12 months of expertise in managing network and client operating systems in environments getting the following characteristics.

o Network sources and solutions like intranet, messaging facilities, file and print, proxy server, database, firewall, Web, client pc management and remote access.
o 3 and far more physical addresses.
o Connectivity necessities like the need to hyperlink corporate networks to the internet &amp person customers and branch offices in remote places to their corporate network.
o 250 to 5,000 users and much more.
o Three or much more than three domain controllers.

The 70-291 tests assess the capability of the candidates to run and sustain a Windows Server 2003 environment. If you are preparing for the 70-291 exams, you can try creating use of 70-291 Test Questions and 70-291 Practice Exams offered on the world wide web. You can also locate a lot of free demos for the 70-291 exams (MCDBA – Implementing Secure Converged Wide Location Networks) on the net. You can also visit microsoft.com for more info on this exam.

There are simulation tests offered for 70-291 which are created to match with the actual test. These sample exams that arrive with a comprehensive Inquiries and Answers collection, are very good adequate to help you to pass the exam with out difficulty without the require for further study materials or having to take part in pricey preparation classes. Also, passing the exam in the first attempt itself saves a lot of time and stress.

At the finish of this post, I advise to use 70-291 practice exam guide and 70-291 pdf for exam preparation which are developed by Exams Specialist with funds back guarantee incase you fail in exam.

---

Microsoft MCTS Certification, MCITP Certification and over 3000+
Exams with Life Time Access Membership at http://www.actualkey.com

Google's latest Penguin update lets you squeal on spammy websites -- as well as anyone else

Penguin 2.0 makes large-scale algorithm changes, affecting 2.3% of U.S.-English results

The latest version of Google's sophisticated anti-spam algorithm, dubbed Penguin 2.0, was announced yesterday in an official blog post from the company's well-known webspam czar, Mike Cutts.

The 2.0 label was applied, according to Cutts, because the update is a major one -- it includes changes to the underlying algorithms used to evaluate whether a website is spammy or not, not just the dataset Google uses. About 2.3% of queries in U.S. English will be visibly affected by the changes.
Credit: Wikimedia Commons/Felipe Micaroni Lalli

Cutts also posted a link to a webspam report page, where anyone can flag sites they consider spam for the attentions of Google's engineers. The form doesn't ask for any identification by the reporting party, requiring only a copy/pasted URL.

While this appears to present a golden opportunity for abuse -- as several Twitter responses to the announcement noted -- Cutts noted on Twitter that Google has always had an extensive array of options in place to report spammy sites, and that "we'll listen to feedback and look for ways to improve results."

Search Engine Land Editor Barry Schwartz wrote that this is actually the fourth major generation of Google's current anti-spam algorithm. However, its effects have been wider-ranging than all but the initial release of Penguin, which reached 3.1% of queries.

Cutts didn't discuss the algorithm changes in detail, so as not to provide too much information to black hat search engine optimization practitioners, but laid out some broad goals that Google is working toward in a video released earlier this month.

---

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Ericsson makes bus windows part of a Wi-Fi network

Translucent layers of metal inside glass windows could block outside signals and reinforce those inside

Ericsson may have a contender for oddest networking product if it commercializes the wireless bus windows it demonstrated at this week's CTIA Wireless trade show.

The windows would have built-in, translucent antennas connected to an internal Wi-Fi system for passenger use while on the road. In the example Ericsson showed at CTIA, the dual-band Wi-Fi antenna was just a square of barely visible red metal embedded between layers of glass.

The mobile infrastructure giant demonstrated the concept on the upper level of its booth at CTIA, above a showcase of other technologies designed for so-called heterogeneous networks with both Wi-Fi and cellular radios. On Tuesday, the company announced enhancements to its network management software that will allow carriers to do a better job shifting subscribers between the two systems for the best possible coverage.

Ericsson's solution had its origin in a problem for wireless users on buses, cars and trains. For insulation and sun protection, some windows are now being built with thin, translucent layers of aluminum sandwiched between glass. Combined with the metal that covers the rest of a vehicle, those windows essentially create a so-called Faraday cage, a box that blocks all outside radio waves, said Bryan Coley, a marketing program manager at Ericsson.

Travelers in such a vehicle can't get online using the outdoor cell network, because it's signals are blocked. But Ericsson researchers decided to use the metal-in-glass principle to their advantage by building antennas into the windows along with the insulating metal. Though the window antennas are simple passive antennas, each one reinforces the internal network's signal.

The resulting network becomes like an in-flight Wi-Fi system on an airliner. Passengers log in to an internal Wi-Fi network that uses a longer range technology, such as LTE, to connect to the outside world.

At the same time, using signal-blocking windows and internal Wi-Fi prevents a situation that can strain outdoor cellular networks and is one of the problems with cellphone use on planes. If an airline passenger turns on a phone, it can cause cell towers on the ground to try to connect with it, diverting bandwidth that could be used by people on the ground. A train full of passengers unknowingly trying to get on cell towers as they speed past can make it hard for carriers to manage traffic. Plus, it can quickly draw down the battery life of the phones as they work hard to grab faint signals, Coley said.

The concept could also translate from buses and trains to glass-walled office buildings, he said. In addition to strengthening an interior Wi-Fi network, such antennas could improve coverage and capacity on indoor cellular systems while easing the demands on nearby cell towers that people indoors would otherwise be using.

---

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Cloud fight keeps Amazon, Microsoft, Google and Rackspace clamoring for enterprise customers

At a Summit for its cloud services division, Amazon tries to make the case its cloud is more than ready for the enterprise

Amazon Web Services is attempting to distance itself from other cloud providers by enhancing its services to incorporate the differentiating features of its competitors.

But as Amazon sets its sights more keenly on the enterprise market, recent moves by Microsoft, Google and Rackspace to improve their infrastructure as a service (IaaS) cloud offerings are creating an increasingly competitive cloud market, experts say.

"There's a war going on in the IaaS market," says Paul Burns, an analyst at Neovise, a boutique research firm focusing on the cloud. Today in New York, Amazon hosted one of 13 Summits it plans to hold across the world in the coming weeks, touting the success of its platform and trotting out examples of enterprise customers using its services. And it provided the backdrop for Amazon to discuss the recent advancements of its services.

AWS, a division of the Amazon.com e-commerce site, began in 2006 with two basic cloud-computing services: scalable storage (through Amazon Simple Storage Service or S3) and virtual machines on demand (through Amazon Elastic Compute Cloud or EC2). Amazon CTO Werner Vogels says AWS now incorporates 33 major services and products in its cloud. He announced today that S3 now stores more than 2 trillion objects in its cloud, as of last week, and it serves, at its peak, 1.1 million requests for those files per second. The company has hundreds of thousands of customers in 190 countries, and it has reduced prices 31 times since launching in 2007. "And we will continue to do so," Vogels says.

In the last month, Microsoft and Google have made significant announcements for their AWS-competing products. Microsoft made its on-demand virtual machines (which include both Linux and Windows OSes) generally available last week. The week before, the beta tag came off of Google Compute Engine, which offers pay-as-you-go virtual machines.

Burns, the Neovise analyst, says there are two battles going on in the IaaS market right now. One is for basic services: compute, network and storage. With Microsoft and Google making their IaaS offerings more open to customers, they're adding competitive pressure to AWS for some of the company's original services, he says. There is a second battle for higher-level services, like databases, security, disaster recovery and running business applications, though. And on that front, "AWS is the only game in town," Burns says. "They're walking away with the market on the higher end of the stack."

The breadth and depth of AWS services it offers in its cloud all on an on-demand basis are unmatched in the industry, he says. AWS has multiple different database offerings, from its Relational Database Service (RDS) to DynamoDB, a non-relational key-value store database. Last year, the company rolled out a data warehousing offering named RedShift, and the company has a network of Elastic Load Balancers (ELBs), Elastic Block Storage (EBS), and application and management tools for deploying applications and configuring cloud architectures. Its partner system allows customers to run enterprise-grade applications from SAP, Microsoft, Oracle and dozens of other companies in its cloud.

Burns says Amazon could have the potential to take some hits from other providers on the lower end of the market where it is facing increased competition, and there is a growing market of IaaS providers each looking to carve out a niche of its own in the market on these basic services. Microsoft, for example, claims it is one of the only companies to offer a true "hybrid cloud" offering between its on-premises Windows Server and Microsoft Azure cloud. Rackspace offers "fanatical support" and has been broadening its database offerings recently; Joyent and ProfitBricks are among the cloud providers that focus on high-performance computing, while a company like FireHost emphasizes security in its cloud.

AWS is responding in turn, though. During the past few months AWS has begun incorporating the differentiating features of competitors' services into its own cloud offering. In the past few months AWS has rolled out the following updates, for example:

-Trusted Advisor: A service that monitors customers usage, recommends ways to save money by using more appropriately sized resources and provides advice on how to improve security and reliability. AWS launched Trusted Advisor last year, but recently updated it with a new user interface and more detailed reporting information for customers. During the AWS Summit, Vogels said AWS has helped customers save $22 million through Trusted Advisor. "We're actually advising our customers to spend less," he says, explaining that customers who more efficiently use AWS resources will be more successful and be AWS customers longer. This service flies in the face of not just Rackspace, which emphasizes customer support, but also an ecosystem of third-party tools that provide real-time analytics of AWS services.

-AWS OpsWorks: One of the lingering questions about Amazon's moves in recent years: Is the company turning its market-leading IaaS offering into a platform as a service (PaaS)? The biggest difference between the two is that IaaS is where applications run, whereas PaaS is generally where applications are developed.

AWS has a variety of PaaS-like offerings in its cloud, with the latest being OpsWorks, which makes it easier to configure AWS resources to run applications in its cloud. These complement services like AWS CloudFormation, which is helpful for tying various AWS services together, and Elastic Beanstalk, which helps users uploading applications to its cloud.

-CloudHSM: In an effort to beef its security practices, Amazon announced CloudHSM (Hardware Security Module) last month, an appliance used to store encryption keys that only AWS users have access to. The month before, AWS announced that the default setting for new virtual machines in the EC2 service would be "virtual private clouds" (VPC), meaning they are logically isolated virtual machines through network segmentation. Vogels said today at the Summit that security, and encryption especially, would be a focus of the company's moving forward, and the HSM and VPC announcements seem right in line with that.

That doesn't include a variety of other announcements the company has made, including new features for its RDS database, allowing users to scale up and set predefined input/output per second (IOPS) of up to 30,000 per database instance. AWS rolled out support for Hyper-V virtualization platform from Microsoft for its storage gateway, which work to synchronize data between customers' premises and the Amazon cloud. Just today at the Summit, AWS announced new analytics tools for its DynamoDB non-relational database, and new encryption features for Oracle relational databases running in its cloud.

Mark Levitt, who tracks the enterprise cloud market for Strategy Analytics and attended the AWS Summit today in New York, says Amazon trotted out enterprise customers to discuss how they're using AWS cloud services. Representatives from Bristol-Meyers Squibb, General Electric and NASDAQ all spoke about their use of the Amazon cloud. Following up on recent reports that the CIA is paying $600 million to Amazon to help build a private cloud, Levitt says the product enhancements, combined with the customer case studies, give more credibility to Amazon making the case that it is a viable public cloud provider for the enterprise market.

---

Microsoft MCTS Certification, MCITP Certification and over 3000+
Exams with Life Time Access Membership at http://www.actualkey.com

Why aren't Microsoft's competitors joining in on the Windows 8 jokes?

As bloggers and analysts have shown, Windows 8 is pretty easy to make fun of. But Microsoft's competitors aren't putting out any "I'm a Mac" ads this time around.

Motley Fool made a great point late last week: Where are the Windows 8 attack ads? They have their suspicions, and I have mine.

Windows Vista was a stinker and everyone knew it, and along came the "I'm a Mac" ads. These ads were devastating in some ways, but as other, cooler heads noted, they also backfired. "PC" came off as a sympathetic character (played so brilliantly by John Hodgman) while "Mac" came off as a dislikable prick.

The ads disappeared in 2009 when Windows 7 hit and all of Apple's arguments were shot down in flames. By that point, there had been rumors of the end of the ads anyway because "Mac" (played by actor Justin Long) had become more of a liability than anything else.

So Fool contributor Rick Munarriz was right to wonder aloud about the lack of attack ads. If anything, Microsoft is on the offense with absolute comedy gold, the wedding-turned-riot as Apple and Samsung fanatics get into a brawl. I don't know how many Lumias that commercial will sell, but it is genius in its own right.

So where are the attacks? Google, Samsung and Apple should be all over this; instead, they are MIA. Windows 8 is being kicked while its down by an entire soccer team, except the team is almost entirely the press and a few analysts.

For starters, Apple can't say too much because its MacBook sales are down along with PC sales. So it's rather difficult to blame Windows 8 for MacBook sales. Second, "I'm a Mac" wouldn't work anyway, because those ads backfired to begin with.

Google has been strangely quiet, even as Microsoft pounds on it from multiple fronts. There's the Scroogled ads, the Bing It On ads, and now a new ad campaign lambasting Google Docs.

Munarriz didn't speculate as to why, but I will.

In the case of Google, the ads aren't working. Google's lead in search remains untouchable and Bing is settling for scraps. Samsung isn't ready to go to war with Microsoft, although it has taken a jab. Thus far, that's as much as they will do, and that's good.

As for Apple, I suspect it may have written off Microsoft, and perhaps the PC business. The "I'm a Mac" ads were in the pre-iPad days. Tablets have changed things forever, now that Apple has validated the concept.

The Mac is 15% of Apple's revenue. I don't think Apple will ever abandon the Mac, but it could likely fade into the same secondary status as the Mac Classic with the click wheel and Apple TV. So long as it pays for itself, Apple will keep it, but the Mac won't be its emphasis, perhaps ever. It has a solid niche, enjoys great success within the creative community, and perhaps that's all Apple wants.

But beware declarations of a technology's death. The mainframe has been declared dead more often than Kenny from "South Park," and IBM still makes a nice chunk of income from them. It may not be a lot, but it’s still relevant.

People may be looking to ditch PCs for tablets now, but we'll see how it goes. I would not be surprised at all if there is a bit of a backlash against tablets in about two or three years when the batteries start dying and people are left high and dry. Those people will remember how they could pop in a new battery on their laptop and they won't be amused at the inaccessibility of a tablet.

All I can say is if Apple or anyone else is ignoring the obvious vulnerability of Windows 8 because they think Microsoft has become irrelevant, they are going to be very sorry when Microsoft gets back up.

---

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Microsoft's counter-attack against Windows 8 coverage makes it 'look weak'

Apple-esque communication strategy comes home to roost, argues analyst

Microsoft counter-attacked Friday, calling some media coverage of its plans to update Windows 8 sensationalist and an effort to drive website page views.

One analyst dubbed the missive by Frank Shaw, Microsoft's head of communications, as defensive. "It makes Microsoft look weak," said Patrick Moorhead, principal analyst at Moor Insights & Strategy. "Not everyone is going to be fair, but that's life."

In a Friday post to Microsoft's company blog titled "Staying centered," Shaw took swings at coverage that characterized Microsoft's plans for Windows "Blue" -- this year's update to Windows 8 and the first of what will be annual refreshes of the OS -- as a retreat, and that compared Blue to Coca-Cola's 1985 pull-back from "New Coke."

Shaw singled out stories by The Financial Times and The Economist as examples of what he argued used "sensationalism and hyperbole."

He decried negative coverage of Windows 8 in general, Windows Blue in particular. "Let's pause for a moment and consider the center," Shaw wrote. "In the center, selling 100 million copies of a product is a good thing. In the center, listening to feedback and improving a product is a good thing. Heck, there was even a time when acknowledging that you were listening to feedback and acting on it was considered a good thing.

"Windows 8 is a good product, and it's getting better every day," he maintained.

Windows 8 has been panned by many commentators -- bloggers and analysts -- as well as by the mainstream and technical press, starting even before its October 2012 launch. But Shaw seemed especially upset at the recent reaction to a mini-publicity campaign last week by Tami Reller and Julie Larson-Green, the CFO and head of development for the Windows division, respectively.

Both Reller and Larson-Green touted the upcoming Blue -- without revealing any details of its contents -- as Microsoft's response to customer feedback. "The Windows Blue update is also an opportunity for us to respond to the customer feedback that we've been closely listening to since the launch of Windows 8 and Windows RT," Reller said last Tuesday.

Some outsiders didn't see it that way, and instead interpreted Blue as Microsoft's tacit admission of mistakes and that it would backtrack from the radical "Modern" user interface (UI).

Shaw's rebuttal: "In this world where everyone is a publisher, there is a trend to the extreme -- where those who want to stand out opt for sensationalism and hyperbole over nuanced analysis," he said.

"What Shaw is doing is asking for patience," said Moorhead. "He's trying to set expectations. If people think Blue will be a 'swing you around the room' moment, it will not be that. Microsoft doesn't want people to get their expectations raised, and then have another cycle of maligning Windows 8."

But Moorhead also saw Microsoft's predicament as largely self-inflicted, the result of its communications choices coming home to roost.

"This is the result of a sub-optimal communications strategy that goes all the way back to Windows 7," Moorhead said. "Prior to Windows 7, Microsoft had a much more collaborative communication strategy with the press and analysts. But they saw Apple get traction with a much more closed approach, and opted for Apple's strategy. They started to create a more challenging relationship with analysts and the press."

But Microsoft, Moorhead said, is no Apple. "Microsoft doesn't make a good Apple," he said, repeating an argument he used last week, when he pointed out that Microsoft has a much larger ecosystem than Apple, with thousands of hardware partners, herds of resellers, a bigger pool of developers and both enterprise and consumer customers to keep in the loop.

What works for Apple, in other words, is not necessarily what works for Microsoft.

"Microsoft needs to return to their earlier Windows communications strategy," said Moorhead. "They were one of the biggest technology companies that pioneered social media, they were once very collaborative with the press."

But the world's changed since Windows 7, when Stephen Sinofsky took over as head of Windows development and brought the more secretive, closed communications approach he'd used when he ran Office development, to the OS group. Sinofsky was ousted from Microsoft last fall.

"It is an echo chamber," Moorhead acknowledged. "Users, bloggers and the press all have opinions they can easily express. But because Microsoft isn't as close to analysts and the press as they used to be, maybe the result [of last week's blitz about Blue] was a lot different, and more negative, than Microsoft expected."

Other analysts have also noted the changes in how Microsoft interacts with outsiders, including themselves, the press, OEMs and developers. How and what it communicated to OEMs and developers -- and when -- negatively affected Windows 8, they believe.

"The lack of high-quality apps is a direct result of their secrecy," said Michael Cherry of Directions on Microsoft, who knocked the Redmond, Wash. firm for not providing tools, documentation and testing systems far enough in advance of the launch, or getting OEMs on board with innovative designs for the operating system's 2012 debut.

"This wasn't the sole reason for Windows 8's problems," said Cherry, "but it is the price you pay for being secretive."

Microsoft sounds frustrated, Moorhead observed, that its broader business isn't put into perspective, but that outsiders are focused on the Windows division, which contributed 28% of the company's total revenue in the first quarter. The Business group, whose biggest money maker is Office, accounted for 31% in that same period.

---

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

IT pros leave money on the table, job site finds

If IT job candidates were to negotiate higher salaries, they could expect a bump in the 5% range, according to jobs site Dice.com

When a job offer arrives, a majority of tech pros accept it without asking for more pay, according to Dice.com. If candidates were to negotiate higher salaries, they could expect a bump in the neighborhood of 5%, the IT careers specialist estimates.

A majority of hiring managers and recruiters surveyed by Dice.com said that more than half of tech pros accept the first offer without negotiating starting salaries or hourly rates. The national average salary for tech pros is currently $85,619, which means not haggling can cost a person $4,300, on average, per year. When you factor in bonuses and performance pay, which are typically based on a percentage of salaries, the tally is even higher.

Fear is likely the reason IT pros don’t take the opportunity to ask for more money, according to Tom Silver, senior vice president at Dice.com.

“When fear creeps into a negotiation or stops it all together, it’s good to remember negotiation is simply a discussion aimed at reaching an agreement. And, both sides want an agreement,” Silver points out.

“Straight-talk meetings are a standard in tech departments, there’s no reason tech professionals can’t do that with job offers. The company has tapped the talent, but the employer is not tapped out – ask for more.”

The odds of getting more money are in the job candidates’ favor. Dice.com asked 838 hiring managers and how frequently a company will raise an offer when a candidate doesn’t accept the initial salary or hourly rate that’s offered. Six percent said very frequently; 27% said frequently; and 49% said occasionally. The remainder said rarely (11%), very rarely (6%) or never (1%).

As of last month, Dice.com counts 83,610 available tech jobs. The top 10 metro areas for tech hiring, based on the number of job postings, are: New York (8,511 jobs), D.C./Baltimore (7,073), Silicon Valley (5,240), Chicago (3,784), Los Angeles (3,301), Boston (3,190), Atlanta (3,120), Dallas (3,030), Philadelphia (2,495), and Seattle (2,386).

Despite reservations about the overall economy, the IT jobs market remains healthy and IT executives are generally optimistic about hiring.

In a survey by Robert Half Technology, 14% of CIOs said they planned to expand their IT departments in the second quarter of 2013. In addition, 70% said it's challenging to find skilled professionals today. The skill sets in greatest demand are network administration, cited by 51% of CIOs, and database management, also cited by 51% of CIOs.

---

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

FAQ: Phishing tactics and how attackers get away with it

FAQ: Phishing tactics and how attackers get away with it
Latest Anti-Phishing Working Group report shows rise of attacks on virtual-server farms at hosting facilities

Phishing attacks on enterprises can be calamitous in terms of compromised networks or damaged brand names, and the Anti-Phishing Working Group (APWG), which aggregates and analyzes phishing trends data worldwide, offers some of the best insight from industry into what's occurring globally in terms of this cybercrime. The following list of frequently asked questions about phishing is derived from the APWG's April report that covers the period July-December 2012 worldwide.

Q: How many phishing attacks occurred in the second half of last year?
A: There were at least 123,486 unique phishing attacks worldwide. This is more than the 93,462 attacks that APWG observed in the first half of 2012. This is due to an increase in phishing attacks that leveraged shared virtual servers to compromise multiple domains at once.

Q: How many unique domain names were involved in the phishing attacks?
A: Due to the shared virtual server hacking, the attacks used 89,748 unique domain names -- up from the 64,204 domains used in for the first half of 2012. In addition, 2,489 attacks were detected on 1,841 unique IP addresses, rather than on domain names, a trend that has remained steady for three years. None of these phishing attacks were reported on IPv6 addresses though.

Q: How many of these domain names were maliciously registered by phishing attackers versus the number of domains that represent hacked or compromised ones on vulnerable Web hosting?
Of the 89,748 unique domain names, the APWG identified 5,835 domain names that APWG believes were registered maliciously by phishers. This number is down significantly from 7,712 identified in the first half of 2012, a downward trend that's occurred since the count for maliciously registered domain names stood at 14,650 in the first half of 2011. The other 83,913 domains were almost all hacked or compromised on vulnerable Web hosting. The overall use of subdomain services for phishing fell from 14% to 8% of all attacks. Phishers continue to use "URL shortening" services to obfuscate phishing URLs but such use involved only 785 attacks in the second half of 2012. Over 65% of malicious shortened URLS use for phishing were found at a single provider, TinyURL.com.

Q: What top-level domains (TLDs) are the most popular for registration by phishers?
A: 82% of the malicious domain registrations were in just three TLDs: .COM, .TK (Thailand) and .INFO. PayPal is the most targeted brand, with 39% of all phishing attacks aimed at PayPal users. .COM contained 48% of the phishing domains in the APWG's data set, and 42% of the domains in the world. Thailand's .TH domain, which accounts for just over half of the world's malicious registrations made in the .TK registry, continues its high ranking as it has for several years, and it suffers from compromised government and university web servers, according the APWG.

Q: What were the top registrars worldwide used by phishers to purchase domain names?
A: 21 registrars, several of them in China, accounted for 79% of the domains registered maliciously (a total of 2,991). These were Shanghai Yovole Networks; Chengdu West Dimension Digital technology; Hang Zhou E-Business Services; Jiangsu Bangning Science; Intenret.bs; Beijing Innovative; 1API; Bizcn.com; Directl/PDR; Hichina Zhicheng; Melbourne IT; Xin Net technology Corp; Regsiter.com; Name.com; Fast Domain; eNom Inc.; OVH; GoDaddy; Tucows; 1 and 1 Internet AG.

Q: What's being seen in the trend toward mass break-in techniques?
A: Instead of hacking sites one at a time, the phisher can infect dozens, hundreds or even thousands of websites at a time, depending on the server. In the second half of 2011, APWG identified 58,100 phishing attacks that used the mass break-in technique, representing 47% of all phishing attacks recorded worldwide at that time. In February 2012, attacks of this nature started up again, peaking in August 2012 with over 14,000 phishing attacks sitting on just 61 servers. Levels declined in late 2012 but are still high. These attacks, according to APWG, "turn compromised servers at hosting facilities into weapons" because hosting facilities contain large numbers of powerful servers with the type of network access that supports large amounts of traffic. This break-in tactic against virtual-server farms offers the attacker significantly more computing power and bandwidth that scattered home PCs.

Q: What more is evident about the link between shared hosting environments and phishing?
A: In late 2012 and into 2013, the APWG saw increasing use of tools targeting shared hosting environments, and particularly WordPress, cPanel and Joomla installations. For example, beginning in late 2012, criminals hacked into server farms to perpetrate extended DDoS attacks against American banks. In April 2013, there were brute-force attacks against WordPress installations at hosting providers in order to build a large botnet. Tens of thousands to hundreds of thousands of these shared servers have been cracked by such techniques. Access and use of these boxes is then metered out in the criminal underground for all sorts of activities, including DDoS, malware distribution, and phishing. It all highlights the vulnerability of hosting providers, the software they use and weak password management. Rod Rasmussen, president and CTO at Internet Identity and co-chair of the APWG's Internet Policy Committee, says unpatched open-source software is a popular target with attackers hitting the hosting providers that make the software available to their customers.

Q: How long do live phishing attacks typically last these days?
A: The average "uptime" as of the last half of 2012 was 26 hours and 13 minutes. The median uptime was 10 hours and 19 minutes -- said to be almost twice the historically low uptime of five hours and 45 minutes achieved in the first half of 2012. According to the AWPG, the longer a phishing attack remains active, the more money the victims and target institutions lose. The first day of a phishing attack is believed to be the most lucrative for the phisher. The virtual-server-related attacks tended to be mitigated more efficiently if only because they prompted many complaints to the hosting providers that were impacted.

Q: The APWG points out that malicious domain registrations remained under 10% of all phishing domains for the last three quarters of 2012. Any idea why?
A: Some factors may be contributing to the trend -- reputation services are blocking domains and subdomains quickly, registrars and registries are more responsive to malicious registrations and have better fraud controls, and phishers may be relying more on automated scripts to exploit large numbers of Web servers using known vulnerabilities.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter:

---

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com