What is the purpose of this alert

	what this alert is to provide you with an overview of the new security bulletin being released (out-of-band) on December 29, 2011.
	NEW SECURITY BULLETIN
	Microsoft is releasing one new security bulletin (out-of-band) for newly discovered vulnerabilities: Bulletin ID Bulletin Title Maximum Severity Rating Vulnerability Impact Restart Requirement Affected Software* MS11-100 Bulletin Title Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420) Critical Elevation of Privilege This update may require a restart All supported versions of ASP.NET on all supported versions of Windows and Windows Server.* * Where indicated in the Affected Software table on the bulletin webpage, the vulnerabilities addressed by this update may affect supported editions of Windows Server 2008 or Windows Server 2008 R2, when installed using the Server Core installation option. Affected software listed above is an abstract. Please see the security bulletin at the link provided for complete details.
	PUBLIC BULLETIN WEBCAST   Microsoft will host a webcast to address customer questions on these bulletins: Title: Information About Microsoft's December 2011 Out-of-Band Security Bulletin Release Date: Thursday, December 29, 2011, at 1:00 P.M. (GMT-08:00) Pacific Time (U.S. & Canada) URL: https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032502798   PUBLIC RESOURCES RELATED TO THIS ALERT   • Security Bulletin MS11-100 - Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420): http://technet.microsoft.com/security/bulletin/MS11-100 • Security Advisory 2659883 - Vulnerability in ASP.NET Could Allow Denial of Service http://technet.microsoft.com/security/advisory/2659883 • Microsoft Security Response Center (MSRC) Blog: http://blogs.technet.com/msrc/ • Microsoft Security Research & Defense (SRD) Blog: http://blogs.technet.com/srd/ NEW SECURITY BULLETIN TECHNICAL DETAILS   In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle website at http://support.microsoft.com/lifecycle/. Bulletin Identifier Microsoft Security Bulletin MS11-100 Bulletin Title Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420) Executive Summary This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an unauthenticated attacker sends a specially crafted web request to the target site. An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. The security update addresses the vulnerabilities by correcting the manner in which the .NET Framework handles specially crafted requests, and the manner in which the ASP.NET Framework authenticates users and handles cached content. This security update also addresses the vulnerability first described in Microsoft Security Advisory 2659883. Affected Software This security update is rated Critical for Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5 Service Pack 1, Microsoft .NET Framework 3.5.1, and Microsoft .NET Framework 4 on all supported editions of Microsoft Windows. CVE, Exploitability Index Rating • CVE-2011-3414: Collisions in Hash Table May Cause DoS Vulnerability (EI = 3) • CVE-2011-3415: Insecure Redirect in .NET Forms Authentication Vulnerability (EI = NA) • CVE-2011-3416: ASP.NET Forms Authentication Bypass Vulnerability (EI = 1) • CVE-2011-3417: ASP.NET Forms Authentication Ticket Caching Vulnerability (EI = 2) Attack Vectors • An unauthenticated attacker could send a small number of specially crafted ASP.NET requests to an affected ASP.NET site, causing a denial of service condition. (CVE-2011-3414) • An attacker could create a specially crafted URL and convince a user to click it. After the user logs on to an expected website, the attacker then redirects the user to a website controlled by the attacker. Once there, the attacker could convince the user to divulge information otherwise intended to remain private. (CVE-2011-3415) • An unauthenticated attacker would need to obtain a valid account name to the site. The attacker could then craft a special web request using a previously registered account name to gain access to that account. (CVE-2011-3416) • An attacker could exploit the vulnerability by sending a specially crafted link to the user and convincing the user to click the link. (CVE-2011-3417) Mitigating Factors CVE-2011-3414 (Collisions in Hash Tables May Cause DoS Vulnerability) • By default, IIS is not enabled on any Windows operating system. • Sites that disallow "application/x-www-form-urlencoded" or "multipart/form-data" HTTP content types are not vulnerable. CVE-2011-3415 (for Insecure Redirect in .NET Form Authentication Vulnerability) • This vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise user information. • By default, installing ASP.NET does not enable Forms Authentication. It has to be explicitly configured per-application to be enabled. • IIS is not installed by default. • By default, ASP.NET is not installed when .NET Framework is installed. Only customers who manually install and enable ASP.NET are likely to be vulnerable to this issue. • The attacker would have to convince the user to click a link in order to exploit the vulnerability. CVE-2011-3416 (Forms Authentication Bypass Vulnerability) • An attacker must be able to register an account on the ASP.NET application, and must know an existing user name. • By default, installing ASP.NET does not enable Forms Authentication. It has to be explicitly configured per-application to be enabled. • IIS is not installed by default. • By default, ASP.NET is not installed when .NET is installed. Only customers who manually install and enable ASP.NET are likely to be vulnerable to this issue. CVE-2011-3417 (Forms Authentication Ticket Caching Vulnerability) • By default, ASP.NET responses are not cached by the OutputCache. The developer of the site has to opt-in to output caching via the OutputCache directive on a page. • An attacker who successfully exploited this vulnerability could gain the same user rights as the target user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. • By default, IIS is not installed on any affected operating system version. Only customers who manually install this are likely to be vulnerable to this issue. • By default, ASP.NET is not installed when .NET is installed. Only customers who manually install and enable ASP.NET are likely to be vulnerable to this issue. Restart Requirement This update may require a restart. Bulletins Replaced by This Update MS10-070 and MS11-078. Publicly Disclosed? Exploited? CVE-2011-3414 (Collisions in Hash Tables May Cause Denial of Service Vulnerability) was publicly disclosed prior to release. The other three vulnerabilities were private. At this time we are not aware of any exploits in the wild for any of these vulnerabilities. Full Details http://technet.microsoft.com/security/bulletin/MS11-100   REGARDING INFORMATION CONSISTENCY   We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Microsoft's security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft's web-based security content, the information in Microsoft's web-based security content is authoritative. If you have any questions regarding this alert please contact your Technical Account Manager. Thank you, Gurbinder Sharma Microsoft CSS Security Team

Difference between Seek Time and Latency

Seek Time

The seek time of a hard disk measures the amount of time required for the read/write heads to move between tracks over the surfaces of the platters. Seek time is one of the most commonly discussed metrics for hard disks, and it is one of the most important positioning performance specifications. However, using this number to compare drives can be somewhat fraught with danger. Alright, that's a bit melodramatic; nobody's going to get hurt or anything. :^) Still, to use seek time properly, we must figure out exactly what it means.

Switching between tracks requires the head actuator to move the head arms physically, which being a mechanical process, takes a specific amount of time. The amount of time required to switch between two tracks depends on the distance between the tracks. However, there is a certain amount of "overhead" involved in track switching, so the relationship is not linear. It does not take double the time to switch from track 1 to track 3 that it does to switch from track 1 to track 2, much as a trip to the drug store 2 miles away does not take double the time of a trip to the grocery store 1 mile away, when you include the overhead of getting into the car, starting it, etc.

Seek time is normally expressed in milliseconds (commonly abbreviated "msec" or "ms"), with average seek times for most modern drives today in a rather tight range of 8 to 10 ms. Of course, in the modern PC, a millisecond is an enormous amount of time: your system memory has speed measured in nanoseconds, for example (one million times smaller). A 1 GHz processor can (theoretically) execute over one million instructions in a millisecond! Obviously, even small reductions in seek times can result in improvements in overall system performance, because the rest of the system is often sitting and waiting for the hard disk during this time. It is for this reason that seek time is usually considered one of the most important hard disk performance specifications. Some consider it the most important.

Latency

The hard disk platters are spinning around at high speed, and the spin speed is not synchronized to the process that moves the read/write heads to the correct cylinder on a random access on the hard disk. Therefore, at the time that the heads arrive at the correct cylinder, the actual sector that is needed may be anywhere. After the actuator assembly has completed its seek to the correct track, the drive must wait for the correct sector to come around to where the read/write heads are located. This time is called latency. Latency is directly related to the spindle speed of the drive and such is influenced solely by the drive's spindle characteristics. This operation page discussing spindle speeds also contains information relevant to latency.

Conceptually, latency is rather simple to understand; it is also easy to calculate. The faster the disk is spinning, the quicker the correct sector will rotate under the heads, and the lower latency will be. Sometimes the sector will be at just the right spot when the seek is completed, and the latency for that access will be close to zero. Sometimes the needed sector will have just passed the head and in this "worst case", a full rotation will be needed before the sector can be read. On average, latency will be half the time it takes for a full rotation of the disk.

soft skills

Soft Skills

26 Soft Skills Training For Job Readiness

View more presentations from kgay228

Dear Friends
This is what happening in the punjab , I am feeling ashamed after seeing the video on facebook  which shows ,how shamelessly a Akali Dal Badal Member & Sarpanch of the Village Slaps a ETT Teacher while she was waiting for the Harsimrat Kaur to tell her their pains & agonies.Watch what the police was doing at the moment.
Pls dare to step up against these kind of bastards.

Best Regards

Gurbinder Sahrma