Bounced Email or Backscatter

California Milk Processor Board Threatens PETA with trademark infringement over “Got Pus?”

Choosing A Hosting Provider

If ModSecurity is Turned On via your Web Server , then build a .htaccess file and place it in the root of the folder running the script that may be having issues.

Issues such as Web Scripts and Broken Graphics also any script that use’s the Spaw Editor will break the format of the editor button layout, this is due to Mod_Security in effect.

Building a .htaccess file and / or adding the noted commands below will resolve. this.

ModSecurity is an open source embeddable web application firewall, or intrusion detection and prevention engine for web applications. ModSecurity provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with no changes to existing infrastructure, by operating as an Apache Web server module mod_security or standalone, and thus increase web application security. However, misconfigured or overly strict rule sets, ModSecurity may cause your website to return various errors such as HTTP 403 Forbidden error or access denied error, login problems, or HTTP 412 Precondition Failed error, or HTTP 406 Not Acceptable error and other false positive symptoms.

To make matter worse, the configuration of ModSecurity rules and filters have to be done manually. Although there are free predefined certified rule set which can be used with ModSecurity out of the box, however the rule sets may be not suitable for each and every environment and may interfere with the operation of websites or blogs, and customizing and modifying the rules may be too sophisticated or complicated for some users. And for some websites that hosted on shared hosting service, the mod_security may be enable by default without options. So in this case, the best solution or workaround for mod security related issues is to disable mod_security filtering and rules.

If you’re using Apache web server (which mostly do), mod_security can be disabled by adding a specific in .htaccess file. Locate the .htaccess file in Apache web root directory (public_html or /var/www/ or others), if it does not exist, create a new file named .htaccess, and add in the following code:

SecFilterEngine Off
SecFilterScanPOST Off

The above entries in the .htaccess will disable the ModSecurity (mod_security) module for the domain.

Uninstallation of ModSecurity (mod_security) from Apache module

The easiest way to remove and uninstall mod_security is to comment out or delete the related mod_security entries from httpd.conf Apache configuration file. The lines that should be removed include:

AddModule mod_security.c
LoadModule security_module modules/mod_security.so
Include “/usr/local/apache/conf/modsec.conf” This line may be different depending on what variant of Linux or Unix you used and the installation location

Save the httpd.conf and restart the Apache. ModSecurity will not be loaded and as if uninstalled.

If you’re using WebHost Manager (WHM), uninstallation is even simpler. Just scroll to cPanel section, and click on Addon Modules. Then scroll to module named modsecurity. It should be checked Install and Keep Updated currently. Just click on Uninstall to remove the mod security feature from Apache web server.

http://www.pidgin.im/

Pidgin is a multi-protocol Instant Messaging client that allows you to use all of your IM accounts at once.

Pidgin can work with:

• AIM
• Bonjour
• Gadu-Gadu
• Google Talk
• Groupwise
• ICQ

• IRC
• MSN
• MySpaceIM
• QQ
• SILC

• SIMPLE
• Sametime
• XMPP
• Yahoo!
• Zephyr

Pidgin is free software. It is licensed under the GNU General Public License (GPL) version 2. This means you are free to use it and to modify it, but if you distribute your modifications you must distribute the modified source code as well.

Pidgin is an instant messaging program for Windows, Linux, BSD, and other Unixes. You can talk to your friends using AIM, ICQ, Jabber/XMPP, MSN Messenger, Yahoo!, Bonjour, Gadu-Gadu, IRC, Novell GroupWise Messenger, QQ, Lotus Sametime, SILC, SIMPLE, MySpaceIM, and Zephyr.

Pidgin can log in to multiple accounts on multiple IM networks simultaneously. This means that you can be chatting with friends on AIM, talking to a friend on Yahoo Messenger, and sitting in an IRC channel all at the same time.

Pidgin supports many features of the various networks, such as file transfer, away messages, and typing notification. It also goes beyond that and provides many unique features. A few popular features are Buddy Pounces, which give the ability to notify you, send a message, play a sound, or run a program when a specific buddy goes away, signs online, or returns from idle; and plugins, consisting of text replacement, a buddy ticker, extended message notification, iconify on away, spell checking, tabbed conversations, and more.

Pidgin runs on a number of platforms, including Windows, Linux, and other UNIX operating systems. Looking for Pidgin for OS X? Try Adium!

Pidgin integrates well with GNOME 2 and KDE 3.1’s system tray, as well as Windows’ own system tray. This allows you to work with Pidgin without requiring the buddy list window to be open at all times.

Pidgin is under constant development, and releases are usually frequent. The latest news regarding Pidgin can be found on the news page.

What is Finch?

Finch is the text-based version of Pidgin. It supports the same IM networks, but you can run it in a console window. You can use it on Linux, BSD, and other Unixes.

What is libpurple?

libpurple is the programming library that powers Pidgin and Finch. It’s responsible for connecting to all the IM networks, and for managing your accounts and preferences. It’s written in C and makes heavy use of Glib.

Is all of this free?

We believe in freedom of communication. To support our aspirations of “IM Freedom,” we release Pidgin, Finch, and libpurple as free software under the GNU General Public License (GPL). We believe that giving others the freedom to modify, share, and augment our code contributes to the goal of bringing freedom of communication to the Internet. The GPL allows us to ensure that any modifications to our code remain free, so that everyone may enjoy their benefits.

How can I help?

We always welcome feedback and contributions. You don’t need to be a developer to help out, but if you are, you can help us by fixing bugs in our code or building new functionality into it. Our development site includes numerous resources for getting started with libpurple, Pidgin, and Finch development.

If you are a regular user, we encourage you to let us know about any problems you encounter and to provide us with suggestions for improvement. You can do so via our support system, IRC channel, XMPP conference, or development mailing list. We also encourage users to help one another solve problems and discover new features using any of these media.

Aggregation: ParagonHost, LLC http://www.ParagonHost.com

Content Filtering: Scan Defense http://www.ScanDefense.com

Email Spam Prevention: The Spam Busters http://www.TheSpamBusters.com

For liability concerns, an acquirer should not directly advocate any one ASV or QSA to their merchants, however it is acceptable for the acquirer to tell the merchants what third party company or companies that they have strategic partnerships with.

“Try to seek a partner who you can rely on to assist with your PCI Compliance program, ControlScan offers a number of solutions for merchants, ISOs and acquirers and currently partners with one of the largest acquirers in the United States,” said Stanton.

As well, the PCI Security Council has a list of approved ASVs and QSAs. Visa and MasterCard also offer their own lists on each Web site.

“Acquirers and ISOs should establish a relationship with a trusted, association-approved PCI assessor, and develop a program for all their merchants to establish compliance, and ensure periodic testing so that compliance remains intact moving forward,” wrote Gray.

A model relationshipThird Party ASVControlScan, Inc. is an Atlanta, Ga.-based, PCI Security Standards Council–approved third party vendor (ASV), providing vulnerability scan and assessments, compliance assistance and network security. Their clients include Fortune 500 and billion dollar corporations such as: Travelers Insurance and PBS.The company offers a turnkey, no-software-needed approach to PCI compliance, and its security certificates assist in meeting the criteria for mandates in Europe, Japan, Canada, ISO and the USA, not only for PCI compliance but also for Sarbanes Oxley, HIPAA, GLBA and FISMA fulfillment. AcquirerAccording to ControlScan’s CTO & Founder, Richard Stanton, the company recently became the ASV for PowerPay, LLC, mentioned previously in this article.“PowerPay requested that we [ControlScan] conduct all of their mandated PCI compliance scans, for all 16,500 of their merchants,” said Stanton.“What sets us apart from other vendors, is that we actually call the merchants, directly, and we also provide a secure Web system, so a company like PowerPay can log into our system and check their merchant’s PCI status at any time.”He continued, “ControlScan is very proactive, providing contact with the merchant, in order to make sure each merchant is PCI compliant…we actually make direct phone calls to each merchant.”

According to PowerPay President Ron Greenberg, after meeting representatives from ControlScan at an industry conference, the company decided ControlScan offered the best PCI compliance scanning program.

“They have a very structured program of trained outbound sales agents along with personalized consulting to assist our merchants in complying with PCI DSS,” says Greenberg. “Other vendors typically did limited outbound sales with no technical support to the merchant.”

In addition to offering the quarterly network scans, mandated by PCI DSS, ControlScan offers an automatic submission solution, for merchants sending the 12-section PCI Self-Assessment Questionnaire.  

ISO

e-Online Data is a credit card processor, offering merchant solutions for Internet, Mail Order and Auction sellers. They service e-commerce merchants ranging from startups to billion-dollar companies, according to their Web site.

At the bottom of the e-Online Data homepage, there is a sentence that reads, “e-onlinedata is a registered ISO/MSP of HSBC Bank USA, National Association, Buffalo, NY”

In this model, HSBC Bank USA is the actual acquiring or ‘member bank’, and e-Online Data is considered an ISO.

The partnership between acquirer, member bank, ISO, third party ASV and merchant looks like this:

Who is the acquirer?

It’s a basic question, yet for merchants new to PCI compliance in general, the name ‘acquirer’ may mean several different things.

For some, it means the ‘acquiring bank,’ which is also known as the ‘member bank.’ The member or acquiring bank is the bank that underwrites and issues the credit card from the card associations to acquirers and ISOs. The member bank is just that: a member of the card association-the card association that gives it’s approval and permission for that bank to issue cards with the Visa, MasterCard, Discover or American Express logo.

But an ‘acquirer’ usually refers to the entity-usually a credit card processor–that provides credit card processing services for Visa, MasterCard, AmEx and Discover receipts collected by merchants, directly or through an affiliated ISO.

Moreover, another layer of merchant confusion comes in because there are times when an ISO is considered an acquirer as well, or, in the case of a company like North American Bancard, a Super ISO-an entity that takes the liability responsibility on, that the acquirer would usually take on for the ISO.

The member bank/acquiring bank receives funds from a cardholder when a credit card transaction is completed, and deposits the payment amount, minus any fees, into the merchant’s Merchant Account and from there into his business checking account. From a merchant perspective, knowing the acquirer may be a rather confusing question to even ponder, but it falls to the acquirer to make sure merchants, no matter their level, become compliant. With these new directives in place, it’s incumbent upon the acquirers take their own steps to ensure that they understand what their merchants, ISOs and, in some cases, third party vendors need and to make their merchants understand the PCI compliance process completely.

ISOs and the acquirer

According to an article entitled, “PCI Demands the Attention of Acquirers Now More than Ever Dramatic Non-Compliance Puts ISOs and Acquirers at Risk,” in the May 2007 online edition of “The Exchange” newsletter from the Strawhecker Group-a management consulting company focused exclusively on the merchant acquiring sector of the payments Industry-the relationship between an ISOs and acquirers is very important.

“The liability for non-compliance, when a merchant is breached and/or compromises sensitive data, lies on the acquiring institution; typically, this is passed on to the ISO providing Merchant Services and by that ISO onto the merchant themselves,” wrote Cliff Gray, a PCI expert and associate with The Strawhecker Group.

“Considering that the vast majority of Tier 4 merchants are signed by ISOs, it’s imperative that these ISOs take a stronger stance at ensuring their merchants comply.”

To strengthen the alliance between the ISO and acquirer, Gray offered the following step for moving toward PCI compliance.

“ISOs should carefully review their contract(s) with their sponsor acquirer, to understand exactly what liability they bear upon the event of a merchant breach.”

Greenberg and Richard Stanton, chief technology officer and founder of ControlScan -a leading PCI assessor, who works with US acquiring institutions, merchants, ISOs, weighed in on certain steps that acquirers should take in order to facilitate PCI DSS Compliance for their merchants.

Source: http://www.pcicomplianceguide.org/pcidss/pcidssi-iso-acquirer.html

Aggregation: ParagonHost, LLC http://www.ParagonHost.com/intro.html

“World Class Internet Services”

Merchant Services: Paragon Authrorize: http://www.ParagonAuthorize.com

For Level 4 merchants-brick and mortar or e-commerce sites with Less than 20,000 V/MC e-commerce transactions annually, and all merchants across channels up to 1,000,000 VISA transactions annually-understanding and following the rules of PCI compliance has been murky journey at best.

Despite the copious documentation available at the PCI Security Standards Web site, for many merchants, especially Level 4 merchants, knowing how to introduce and maintain a PCI compliance program is proving to be a puzzling endeavor.

It’s critical that acquirers maintain active and open communication of all policies and procedures with merchants, member banks and the card associations.

Acquirers are the new gatekeepers for PCI compliance information for merchants, but they also serve as information convergence points for card issuers and for third party vendors like ASVs.

It’s up to the acquirers, according to PCI Standards and Security Council, Visa and MasterCard, to ensure that their merchants follow the procedures for compliance.

For acquirers who are not vigilant about merchant compliance, the fines for non-compliance will be steep. Acquirers, whose Level 1 and 2 merchants are not compliant, will be fined between $5,000 and $25,000 a month.

Whether they wish to take on the gate-keeper role or not, Acquirers must step up to the plate, answer and clarify questions that merchants have, concerning the PCI process, or they face the consequences.

According to some merchants, and those working for merchants, how much involvement an acquirer has with the merchant, or the information that is given to the merchant by that acquirer, depends on the acquirer. The acquirer’s information is directly linked to the particular credit card brand’s rules, as well as PCI DSS guidelines. If there is little or no communication between the merchant, acquirer and the card brand, problems begin to accrue.

“The fact that the five major brands have agreed on a single standard is good. Unfortunately, due to federal laws, they do not have full freedom to agree on implementation standards,” said Ron Greenberg, COO of merchant acquirer, PowerPay, LLC.

Based in Portland, ME, PowerPay works with merchants across the US, from retailers, restaurants to convenience stores, all through it’s ‘member bank’ HSBC, and whose business partners include companies like Time Warner Cable, and The California ISP Association.

According to Greenberg, the different credit card brands introduce a whole new level of confusion for merchants and acquirers alike, when it comes to PCI compliance.

“For instance, Visa has defined four levels of compliance for merchants along with a set of fines and penalties,” he explained.

“MasterCard has a different set of rules as well as reporting requirements. Multiply this by five and it creates a mess of rules and compliance issues we need to track.”

When asked, bluntly, whether he felt PCI DSS was going to help or hinder acquirers, his answer was just as blunt.

“They [PCI guidelines] are a necessary evil. Any time you add more procedures it is a headache. Will it help? In the long run it should. But everyone must realize it will not solve the problem.”

Some merchants and employees of merchants, who are charged with facilitating the merchant acquirer relationship, seem to add credence to Greenberg’s assertions.

“I have the feeling, although I can not substantiate it to any degree, that the requirements a merchant is under (particularly absolute compliance dates) varies depending on which Acquirer you are going through,” posted Information Security Manager Andrew Mason, on a PCI Compliance Web forum, recently.

Mason, who works for a merchant company in Spain, is paired with an acquirer based in the United Kingdom; an acquirer that isn’t offering the kind of support he thinks is needed. As well, the answers he’s receiving from the credit cards, themselves, have been nebulous, at best.

“Visa seems happy as long as you can prove ‘progress’ in your PCI Compliance project,” commented Mason. “MasterCard appears to be less clear on the various aspects of compliance, particularly the dates.”

He continued, “I asked a question in a webinar recently which was joint hosted by MasterCard. The question was directed to the MasterCard rep. who was VP of something or other to do with PCI / Compliance. The question was, ‘when is the absolute deadline date for compliance?’ “

“The answer? Any guesses? ‘Speak to your Acquirer’”

 Source: http://www.pcicomplianceguide.org/pcidss/iso-acquirer.html

Aggregation: ParagonHost, LLC http://www.ParagonHost.com/intro.html

Layered Security Approach Helps Small Businesses Protect Information – Overview

As most seasoned mountain climbers know, the key to keeping warm in subzero temperatures is to put multiple layers of insulation between themselves and Mother Nature.

To help protect your company’s data, you should take cues from the climbers. Instead of looking for a magic formula, you should approach data security from the perspective of layers or building blocks. Each safeguard you can place between malicious online threats and your company’s data will provide another layer of security for the lifeblood of your business: information. The layers – or building blocks – that all small businesses should consider are:

Following are some key considerations for these building blocks.

Building Block 1: Physical Security

When a notebook turns up missing, a desktop is stolen or a handheld is lost, the information stored on the devices goes right along with it. For many small businesses, the cost of losing that data can be far more devastating than the replacement costs of the devices. Small businesses whose employees spend most of their time out of the office, where wireless devices are more vulnerable to loss or theft, can be especially impacted and should be sure to have a protection plan as it relates to physical security.

Physical security includes cable locks and asset tagging, as well as recovery services (such as ComputraceComplete¹ from Absolute Software) that are designed to protect your PCs and the data they contain from theft and unauthorized access. Products like those offered by Computrace also can help you remotely track PC configurations and usage.

Building Block 2: User Security

As a small business owner, you should consider your company’s data in much the same way you consider your personal property: You have things you don’t mind sharing with people you know and other stuff that nobody touches but you.

That’s the way you should set up your systems. And with user authorization protocols and software, you can. The first thing to do is to set up your systems so that only authorized users – your employees and, in some cases, your customers – can access the information you want to share with them. The next step is to make sure your employees can readily access information they need in order to do their work efficiently, but are restricted from accessing sensitive company information.

To meet these steps – user authentication, password and encryption technology offer the best solution:

Another important user security precaution is instituting an e-mail and Internet security policy. By getting each employee on the same page about security, you’ll be less likely to experience security problems. Click here for more information on e-mail and Internet security policies.

Building Block3: System Security

More than any other device on your network, the individual PC is the Achilles’ heel in terms of vulnerability because it’s the favored point-of-entry for some of the most common security threats. And the “work-anywhere workforce” enabled by wireless technologies heightens your security challenge. That’s why installing and keeping a current version of security software on all your employees’ computers is a necessary first step to system security. This software helps protect against viruses, worms, spyware, and other threats that are transmitted over the Internet, as well as files imported from USB keys, instant messaging and other means. Click here for a more focused article on spam, viruses and spyware.

Another smart step is to set up your IT structure in a way that enables you to view and manage all of your company’s computers from one central location. This step, which you can achieve by using solutions such as Dell’s OpenManage^TM  Network Manager, will add confidence that all your PCs have the same level of protection.

Dell also helps small businesses protect their systems from unauthorized access, control and damage with a more secure or “hardened” operating system configuration. This service involves more than 50 factory-activated security settings within the operating system designed to meet security benchmarks established by the Center for Internet Security.

Another important area that small businesses would prefer to avoid – but definitely need to consider – is hard drive failures. Specifically, you need to consider what will happen to your data – and how you want to manage it – in the event of a fatal hard drive crash. To that end, Dell offers a “Keep Your Hard Drive”² service that helps small businesses stay in control of important data. Under this program, if a hard drive covered by your Dell limited warranty³ fails, you can keep the defective hard drive that’s being replaced by Dell, helping you protect sensitive, classified or proprietary information.

Building Block 4: Network Security

Without a doubt, network technology drives small business productivity and success. But it also increases vulnerability to security threats. Fortunately, a wide range of technologies in the marketplace today are designed specifically to help small businesses keep your networks safe and secure:

ParagonHost, LLC

http://www.ParagonHost.com

ScanDefense / TheSpamBusters / MyiContact

(866) 412-HOST