Copy@Rights

Copy@Rights
My © Logo

Thursday, September 18, 2008

World's Worst Internet & Email Scams

* ) The Nigerian scam, also known as 419

Most of you have received an email from a member of a Nigerian family with wealth. It is a desperate cry for help in getting a very large sum of money out of the country. A common variation is a woman in Africa who claimed that her husband had died, and that she wanted to leave millions of dollars of his estate to a good church.In every variation, the scammer is promising obscenely large payments for small unskilled tasks. This scam, like most scams, is too good to be true. Yet people still fall for this money transfer con game. They will use your emotions and willingness to help against you. They will promise you a large cut of their business or family fortune. All you are asked to do is cover the endless “legal” and other “fees” that must be paid to the people that can release the scammer’s money. The more you are willing to pay, the more they will try to suck out of your wallet. You will never see any of the promised money, because there isn’t any. And the worst thing is, this scam is not even new; its variant dates back to 1920s when it was known as 'The Spanish Prisoner' con.

*) Advanced fees paid for a guaranteed loan or credit card

If you are thinking about applying for a “pre-approved” loan or a credit card that charges an up-front fee, ask yourself: “why would a bank do that?” These scams are obvious to people who take time to scrutinize the offer. Remember: reputable credit card companies do charge an annual fee but it is applied to the balance of the card, never at the sign-up. Furthermore, if you legitimately clear your credit balance each month, a legitimate bank will often wave the annual fee. As for these incredible, pre-approved loans for a half-a-million dollar homes: use your common sense. These people do not know you or your credit situation, yet they are willing to offer massive credit limits.Sadly, a percentage of all the recipients of their “amazing” offer will take the bait and pay the up-front fee. If only one in every thousand people fall for this scam, the scammers still win several hundred dollars. Alas, far too many victims, pressured by financial problems, willingly step into this con man's trap.

*) Lottery scams

Most of us dream of hitting it big, quitting our jobs and retiring while still young enough to enjoy the fine things in life. Chances are you will receive at least one intriguing email from someone saying that you did indeed win a huge amount of money. The visions of a dream home, fabulous vacation, or other expensive goodies you could now afford with ease, could make you forget that you have never ever entered this lottery in the first place. This scam will usually come in the form of a conventional email message. It will inform you that you won millions of dollars and congratulate you repeatedly. The catch: before you can collect your “winnings”, you must pay the “processing” fee of several thousands of dollars. Stop! The moment the bad guys cash your money order, you lose. Once you realize you have been suckered into paying $3000 to a con man, they are long gone with your money. Do not fall for this lottery scam.

*) Phishing emails and phony web pages

Phishing email will be a result of the private web pages that may be registered to unauthorized ISP's and the domain names by themselves may be faulty and may mislead the user (i.e. redirect ) to another webpage which when visited installs the exploit on the user's machine. This is the most widespread Internet and email scam today. It is the modern day "sting" con game. "Phishing" is where digital thieves lure you into divulging your password info through convincing emails and web pages. These phishing emails and web pages resemble legitimate credit authorities like Citibank, eBay, or PayPal. They frighten or entice you into visiting a phony web page and entering your ID and password. Commonly, the guise is an urgent need to "confirm your identity". They will even offer you a story of how your account has been attacked by hackers to lure you into entering your confidential information. The email message will require you to click on a link. But instead of leading you to the real login https: site, the link will secretly redirect you to a fake website. You then innocently enter your ID and password. This information is intercepted by the scammers, who later access your account and fleece you for several hundred dollars.This phishing con , like all cons, depends on people believing the legitimacy of their emails and web pages. Because it was born out of hacking techniques, “fishing” is stylistically spelled "phishing" by hackers. Tip: the beginning of the link address should have https://. Phishing fakes will just have http:// (no “s”). If still in doubt, make a phone call to the financial institution to verify if the email is legit. In the meantime, if an email seems suspicious to you, do not trust it. Being skeptical could save you hundreds of lost dollars.

*) Items for sale overpayment scam

This one involves an item you might have listed for sale such as a car, truck or some other expensive item. The scammer finds your ad and sends you an email offering to pay much more than your asking price. The reason for overpayment is supposedly related to the international fees to ship the car overseas. In return, you are to send him the car and the cash for the difference. The money order you receive looks real so you deposit it into your account. In a couple of days (or the time it takes to clear) your bank informs you the money order was fake and demands you pay that amount back immediately. In most documented versions of this money order scam, the money order was indeed an authentic document, but it was never authorized by the bank it was stolen from. In the case of cashier's checks, it is usually a convincing forgery. You have now lost the car, the cash you sent with the car, and you owe a hefty sum of money to your bank to cover for the bad money order or the fake cashier's check.

*) Disaster relief scams

What do 9-11, Tsunami and Katrina have in common? These are all disasters, tragic events where people die, lose their loved ones, or everything they have. In times like these, good people pull together to help the survivors in any way they can, including online donations. Scammers set up fake charity websites and steal the money donated to the victims of disasters. If your request for donation came via email, there is a chance of it being a phishing attempt. Do not click on the link in the email and volunteer your bank account or credit card information. Your best bet is to contact the recognized charitable organization directly by phone or their website.

*) Turn Your Computer Into a Money-Making Machine

Although not a full blown scam, this scheme works as follows: You send someone money for instructions on where to go and what to download and install on your computer to turn it into a money-making machine… for spammers. At sign-up, you get a unique ID and you have to give them your PayPal account information for the “big money” deposits you’ll “soon” be receiving. The program that you are supposed to run, sometimes 24/7, opens multiple ad windows, repeatedly, thus generating per-click revenue for spammers. In other scenario, your ID is limited to a certain number of page clicks per day. In order to make any money whatsoever from this scheme, you are pretty much forced to scam the spammers by hiding your real IP address with Internet proxy services such as “findnot”, so you can make more page clicks. I won’t even go into the discussion about what this program will do to your computer’s performance... it is a true tragedy if you get conned into this scam.

These were some of the most comman frauds that have been tried and tested on users ( i would like to say DUMB user's ) of internet. To gain more knowlegde in this regard is always recommended and it is also advised to install Secure Antivirus and Firewall systems on your end machines so that any attempts to get into your system or possibility of your system being compromised can be thwarted.

Sunday, September 14, 2008

Deadlock issues in Sql Server

Deadlocking occurs when two user processes have locks on separate objects and each process is trying to acquire a lock on the object that the other process has. When this happens, SQL Server identifies the problem and ends the deadlock by automatically choosing one process and aborting the other process, allowing the other process to continue. The aborted transaction is rolled back and an error message is sent to the user of the aborted process. Generally, the transaction that requires the least amount of overhead to rollback is the transaction that is aborted.

As you might imagine, deadlocks can use up SQL Server's resources, especially CPU power, wasting it unnecessarily. Most well-designed applications, after receiving a deadlock message, will resubmit the aborted transaction, which most likely can now run successfully. This process, if it happens often on your server, can drag down performance. If the application has not been written to trap deadlock errors and to automatically resubmit the aborted transaction, users may very well become confused as to what is happening when they receive deadlock error messages on their computer.

Here are some tips on how to avoid deadlocking on your SQL Server:
· Ensure the database design is properly normalized.
· Have the application access server objects in the same order each time.
· During transactions, don't allow any user input. Collect it before the transaction begins.
· Avoid cursors.
· Keep transactions as short as possible. One way to help accomplish this is to reduce the number of round trips between your application and SQL Server by using stored procedures or keeping transactions with a single batch. Another way of reducing the time a transaction takes to complete is to make sure you are not performing the same reads over and over again. If your application does need to read the same data more than once, cache it by storing it in a variable or an array, and then re-reading it from there, not from SQL Server.
· Reduce lock time. Try to develop your application so that it grabs locks at the latest possible time, and then releases them at the very earliest time.
· If appropriate, reduce lock escalation by using the ROWLOCK or PAGLOCK.
· Consider using the NOLOCK hint to prevent locking if the data being locked is not modified often.
· If appropriate, use as low of an isolation level as possible for the user connection running the transaction.
· Consider using bound connections

When a deadlock occurs, by default, SQL Server choose a deadlock "victim" by identifying which of the two processes will use the least amount of resources to rollback, and then returns error message 1205.
But what if you don't like default behavior? Can you change it? Yes, you can, by using the following command:

SET DEADLOCK_PRIORITY { LOW NORMAL @deadlock_var }
where:
Low tells SQL Server that the current session should be the preferred deadlock victim, not the session that incurs the least amount of rollback resources. The standard deadlock error message 1205 is returned.
Normal tells SQL Server to use the default deadlock method. @deadlock_var is a character variable specifying which deadlock method you want to use. Specify "3" for low, or "6" for normal. This command is set a runtime for a specified user connection. To help identify deadlock problems, use the SQL Server Profiler's Create Trace Wizard to run the "Identify The Cause of a Deadlock" trace. This will provide you with the raw data you need to help isolate the causes of deadlocks in your databases. To help identify which tables or stored procedures are causing deadlock problems, turn on trace flag 1204 (outputs basic trace data) or trace flag 1205 (outputs more detailed trace data).

DBCC TRACEON (3605,1204,-1)

Be sure to turn off this trace flag when you are done, as this trace can eat up SQL Server's resources unnecessarily, hurting performance. Ideally, deadlocks should be eliminated from your applications. But if you are unable to eliminate all deadlocks in your application, be sure to include program logic in your application to deal with killed deadlock transactions in a user-friendly way. For example, let's say that two transactions are deadlocked and that SQL Server kills one of the transactions. In this case, SQL Server will raise an error message that your application needs to respond to. In most cases, you will want your application to wait a random amount of time after the deadlock in order to resubmit the killed transaction to SQL Server. It is important that there is a random waiting period because it is possible that another contending transaction could also be waiting, and you don't want both contending transactions to wait the same amount of time and then both try to execute at the same time, causing another deadlock.

Saturday, September 13, 2008





























































































these were some of the snap shots of the sql triages that i deleivered recently @ Microsoft.