Saturday, April 7, 2007

Cursor flaw gives Vista security a black eye

Microsoft's release of a "critical" patch on Tuesday poked holes in Vista's security promises, but security experts advise against discounting the new operating system.

The software giant broke with its monthly patch cycle Tuesday to fix a bug that cybercrooks had been using since last week to attack Windows PCs, including those running Vista.

"As far as software vulnerabilities go, Vista's cover is blown," said Nand Mulchandani, a vice president at Determina, the company that discovered the latest security bug. "It is not Superman; it is just a human being. It is just software. Vista is going to be very similar to the other operating systems Microsoft has delivered in terms of bugs."

Microsoft officially launched Vista for consumers in January, promoting the operating system as the most secure version of Windows yet. It is the first client version of Windows built with security in mind, meaning that it should have fewer coding errors that might be exploited in attacks, Microsoft has said.

Yet the "critical" hole that affected much older Windows versions also hit Vista. The vulnerability lies in the way Windows handles animated cursors and could let an attacker commandeer a PC when the user views a malicious Web site or e-mail message.

The cursor flaw lies in the operating system code. This means that any application that relies on the operating system to handle animated cursor files could be an attack vector. This includes alternative browsers, such as Firefox.
Click here to Play

Video: Hacking a Vista PC
Determina experts explain how to exploit animated-cursor flaw.

It is a flaw that should have been caught by Microsoft's code-vetting processes for Vista, called the Security Development Lifecycle, some experts said. The flaw is also evidence that faulty code from previous Windows versions has been copied into Vista, they said.

"It is a little premature to attack the whole effort altogether, but this is something that the Security Development Lifecycle should have caught," said Amol Sarwate, a research manager at vulnerability management company Qualys.

The buffer overflow vulnerability in the cursor function in particular should have already been fixed because a bug in the same Windows component was patched two years ago, said Rohit Dhamankar, manager of security research at TippingPoint, a seller of intrusion prevention products. That should have prompted re-examination of the code, Dhamankar said.

Microsoft disputes that it should have caught the cursor bug before. People who say so don't understand security vulnerabilities because not all bugs are created equal, said Stephen Toulouse, senior product manager in Microsoft's Security Technology Unit.

"In the case of the cursor vulnerability, even though something may look similar to the outside, that doesn't mean the code is anything alike to the previous vulnerability," Toulouse said. "The SDL was never meant to catch every single vulnerability, period."

But Dhamankar argues that Microsoft forgot to recheck all the possibilities that could lead to a buffer overflow after the original bug was found and patched in 2005.

Mulchandani agreed. "The dirty little secret is that Microsoft clearly did not write Vista from scratch. They did not completely build a whole new code base for this operating system. Every version of Windows since Windows NT has had this flaw in it," he said.

Microsoft does acknowledge that Vista will have vulnerabilities. "There are going to be other vulnerabilities. The SDL is not a process by which no vulnerabilities will ever occur. There is no process on this planet that can do that," Toulouse said.

The cursor flaw is like a sign post for the bug hunters. Hackers will now be looking for bugs in similar Windows components to find ways to attack Vista.

"This has been a very significant break and it definitely gives a big pointer," Dhamankar said. "If more such errors are found later, Vista is not going to be able to offer the great protection that's claimed."

Still, Microsoft's Vista security promise doesn't fall apart because of this single vulnerability. Vista is more secure than XP or any other Microsoft client operating system, Sarwate said. "If you consider Windows 2000, XP, 2003, I would still say that Vista is more secure than all the other operating systems," he said.

Mulchandani also said that, while Microsoft has taken way too big a bite at the security message, Vista is more secure than its predecessors because of features such as User Account Control and others that limit privileges on the operating system.

And that's just the goal Microsoft was aiming for, Toulouse said.

"You have to look at Vista versus XP. A lot of people are holding Vista up and saying in a vacuum it will reach some nirvana of security," Toulouse said. "Our whole goal with Windows Vista was to create a fundamentally more secure operating system than we have ever created previously."

Trade meaningless action for lasting traction: Adopt these strategies for organizational change and personal success

Too often in the workplace, it seems that being productive is less important than being seen as productive. But we all want and can trade the treadmill of endless, ineffectual action for the lasting value of traction. In this sample chapter from Ignited: Managers! Light Up Your Company and Career for More Power, More Purpose, and More Success, learn how managers can gain real traction in the workplace by creating and nurturing an environment for themselves and their team. Consider the concept of Management Value Added, a powerful tool for course-setting. Explore the difference between traction and slippage and how to build a portfolio of projects that stick rather than slip. Building upon these concepts, investigate how to achieve group traction and discover approaches for ensuring follow-through.

here is the pdf

Good looks vs. runs well

This is another one of those posts that I just hate to have to write. So why do I have to write it? Because I have to be 100% honest with you guys, because you can smell deception from a mile away, and I have a really hard time putting effort into something that I do not believe 100% in, even if I used to. What is this horrible thing in my mind? “Looks good” is more important than “runs well” to most customers, at least the ones who authorized the purchase order.

“Can we get that icon in cornflower blue?” - Richard Chesler (the manager), Fight Club
“Is that server available in black or silver?” – A former manager of mine

This is exactly what I mean. To a T. Customers notice what most developers consider the “silly stuff” long before they see glaring technical problems. If you have a typo in an error message, it won’t occur to them that they should not be seeing the error message at all, they are worried that they see a typo. I see this time and time and time again, from customer to customer, industry to industry. The non-technical folks at your customer (or potential customer) simply do not feel comfortable with testing or even trying out the software; they would much rather watch you, a tester, or someone else go through it while they look for things that do not meet expectations. The network engineer does not care what color the switch is, as long as it is easy to manage and works right. The CIO wants a pretty looking server room when he takes customers on a tour, and tells the networking folks to “make what we bought work somehow”.

Another point along these lines is that nearly everyone from your customer (and even within your organization) will have their pet features. Remember when you all sat down to figure out the requirements, and some features were kept and some were shot down? I promise you, the person who argued the loudest for a particular feature will be the only one who notices if it is not there. And oddly enough, people who argued against something that was shot down will forget that it was shot down, and the person who wanted it will wonder where it is, so all of a sudden, everyone at the customer is asking where the “missing feature” is. So when that initial test comes, these folks check to confirm that their pet feature is there, and completely ignore the rest of the application, and give you sign off on an application that does not truly meet their needs as a whole.

And this is why precise requirement documentation is so crucial. Because a group of people can spend two days arguing over the color of an icon (cornflower blue versus periwinkle) or how a set of data should be displayed (pie chart or bar graph?), meanwhile, the icon does nothing and the numbers being displayed are flat out wrong. It is a lot easier to go back and say, “these are the specs we all agreed to” when they are precisely and concisely written down, instead of being a bunch of vague bullet points in a PowerPoint presentation, or musings in a huge email thread from six months ago, or something that was discussed over the phone but never written down and confirmed.

On top of all of this, the natural developer reaction is to want to focus on the technical issues. We are technical folks, right? It’s what we like to do, which is why we are doing it. Most programmers would rather spend two days trying to debug an intermittent data concurrency issue in an n-tiered application, than to spend two hours with the already made list of UI typos and correcting them. I’ve been guilty of this time and time again.

Ironically, the end users tend to not care nearly as much about presentation as their managers do. To them, functionality is king. A few companies ago, we used an antiquated application which was accessed via a VT100 application. 80 x 40 ACSII mode, you know the kind, where the corners of the boxes are plus signs and the edges are hyphens and pipes. I never once heard a floor worker say anything like, “gee, it would be great if this was a Web app so we could see the company logo or have rounded corners!” Instead, everyone complained that it was slow or had record locking issues.

When I was doing development, I knew this truth in the back of my head intuitively but never consciously put my finger on it. As a result, I always pushed to get the prototypes into the hands of actual, day-to-day end users for the customer testing, not the managers who passed off the requirements to us. I could not stand hearing about the colors of the chart or the placeholder graphics, when I had poured blood, sweat, and sleepless nights into a technical kick butt system that fulfilled every real user need.

At my last job, my manager was very firm about the idea that it is better to give a pretty, yet non-functional prototype to the customer up front that an ugly but working prototype. While I disagreed with him from the standpoint of the development cycle (my coding method is to make the application layer presentation agnostic, so developing features is not dependent upon the presentation, which always seems to shift), I now see his point from the business perspective. When our customer had technical people or end users doing the customer side of the testing, my “features first, looks second” approach was great. Users would make tweaks to the functional requirements, and since no presentation was tightly tied to the features, change was easy. However, for the customers who had the managers doing the testing, it was usually a mess. I would beg them to ignore the presentation and focus on the features. I would ask them, “Does this do what you need it to do?” and get responses like “I suppose so, but this text looks a bit too big.” Then, two days before “go live”, real users would see it and all sorts of unidentified requirements would crop up, and “go live” would get pushed back.

It really is a tightrope. While I would love to drop a great looking and a great working app on the customer for the “first draft”, it often is not feasible. For my last few projects, I have been taking into account who will be doing the initial testing into consideration, and I have found that this makes all of the difference in the world.

The joys of Java

When James Gosling first developed Java he had a great idea: create a tool that would allow device manufacturers to change their hardware as the technology evolved without having to rewrite the software for each new hardware generation. Hence the Java virtual machine separating the application code from the hardware, and ultimately therefore Java's success in the hand held industry.

There are a billion cell phones out there ratifying this idea - along with his application of core compsci teachings about safe memory usage, object reuse, and language structure.

Great, except that now Java also forms the basis for most larger scale programming projects and has become a kind of jack of all trades for the web - but I don't believe any of those applications fit the operational model built into Java.

So what happened? Microsoft happened: specifically the protection the JVM offers handset manufacturers facing the need to adapt quickly to hardware change applies equally well, if inadvertently, to software developers facing the need to adapt quickly to arbitrary changes in the Microsoft client environment. Basically the JVM was designed to protect software developers from external change - and Gosling was thinking hardware, but it turned out that the JVM does the job for software change too.

And then, Microsoft happened again - this time driving server side Java development in response to its attempt to embrace, extend, and extinguish the windows client JVM. They lost in court over that one, but by then Java developers had moved to perpetuate their investment by running it on servers they could control - and Sun had a run away hit on its hands that was starting to drive software strategies in the data center. Unfortunately the fact that Java is the most effective tool we have for protecting code value against Microsoft doesn't say anything about how good it actually is as a programming language - in fact seeing people using Java on Solaris or any other Unix always reminds me of> a sad story about a guy buying a suit:

Izzy goes to a local tailor to have the final fitting on a custom-made suit. Right away, he notices that the right sleeve is too long.

"Ehhh, don't worry about it," says the tailor. "Look, you just hold your arm out in front of you and crook a little like this, and see? It's perfect!"

"Yeah, but the left leg is too long," Izzy moaned. It's dragging on the floor. I could trip over it."

"Not to worry. Just bend your knee a little, like this, and it will ride up just enough to cut right at the ankle."

"OK, fine," Izzy laments, "but look at the collar! It's way up around my ears."

"That's nothing! Come here. Hunch your shoulders up a little. No, a little more? Now look at yourself in the mirror! Did you see such a well-fitting suit?"

And so, all krinked up, Izzy pays the tailor and, wearing his new suit, limps out of the shop into the street, looking like a pretzel. He nearly runs into two old ladies.

"That poor man!" whispers one to the other.

"Yeah," says the other, "but what a magnificently well fitted suit!"

That's general purpose Java: a 105MM howitzer if you happen to be hunting rabbits, but a 0.22 if you're going after bear.

There's another side to this too: many of the features that make Java such a good fit for use in devices like cell phones have applicability to general purpose software only because a lot of the software surrounding those uses is inadequate.

For example, garbage collection and strong typing combine as important contributors to Java's status as a "safe" programming language, and both are wholly appropriate to both Java's intended function and to its use within Windows clients - but are unnecessary from both programming and run-time perspectives in the context of business or research applications running under Unix.

Similarly its embedded object model is of tremendous value to developers working in the context of a multi-function application subject to both frequent change and a single JVM run-time environment - but just adds overheads to both coding and run-time efforts when applied to well designed business applications running against relational databases under Unix.

In other words, the things that make Java great for cell phones, TV set top boxes, and Windows clients are the things that protect application integrity during run-time, protect the developer from external change, and allow the code to run in multiple environments - but those same solutions just become overheads when Java is used in environments where the problems it addresses don't occur.

Applications written in K&R C for a Vax running BSD 4.3 in 1984 compile and run under Sun Studio 11 and Solaris 10 today - unchanged. The FrameMaker and Visual Thought binaries I licensed for use under Solaris 2.5.1 in 1994 run unchanged on Solaris 10 today - 13 years, a major OS re-invention, and three hardware generations later. Would Java have helped? No.

This problem is actually worse when viewed from a developer perspective: hire a new developer into an existing Java shop, and you can expect that person to produce negative returns for many months - because it takes that long to learn what's already been tested locally and anything the new employee works on in the interim will actually reduce the productivity of his peers. Starting a Java project is, in other words, tantamount to betting that your entire team will work, unchanged, through to at least the first significant "maintenance" revisions - and that's a losing bet for projects of any scale; unless, of course you're a manager whose goal is to grow his budget rather than produce a product: then Java's popularity makes it a sure winner.

Is Firefox ALSO affected by the Microsoft ANI vulnerability?

A report on ZDNet (UK) suggests that the animated cursor vulnerability just patched in yesterday's Microsoft Security Bulletin MS07-017 can also make Firefox browsers running in a Windows environment vulnerable to the threat.

The individual who initially reported the ANI vulnerability privately to Microsoft, Alexander Sotirov of Determina, has told, "Firefox uses a Windows API function, which uses the vulnerable code in USER32.DLL, so the .ani vulnerability can be exploited through Firefox."

There has been no response yet from Firefox creator in its Known Vulnerabilities database.

The point of this report, of course, is that anyone who was not using Internet Explorer may have felt they didn't need to apply the .ANI update.

NOTE: One TR member has already notified me of a problem with one of the patches in MS07-017. See the Comments section of my report on the release of MS07-017 for details to offer assistance or to post your own problems.

I believe this is the same problem already noted in version 2.0 of KB925902.

Computer forensics: Securing permission to search

Computer forensics is a scientific approach to collecting, processing, preserving, and presenting electronic evidence. Failure to follow standard practices can make some or all evidence collected inadmissible in court. In this series of posts, I'll look at how to properly collect, process, and preserve evidence from both electronic and traditional sources. The discussion will be restricted to search and seizure practices in an office environment.

The first step in processing a scene is administrative. Permission must be obtained from the owner of the site to be investigated or through the use of a search warrant. In order to obtain permission, the investigator must document probable cause that a crime or security incident has occurred and that either the fruits of the crime or evidence related to the crime or incident exists in the place to be searched. Further, a clear definition of the area to be searched and the evidence to be obtained must be provided.

In medium to large corporate environments, the human resources department is typically involved in all investigations conducted by an internal security team. An investigator can usually rely on HR to obtain the proper permissions from management. In smaller business entities, it's usually more efficient to go directly to the CEO for permission. No matter who grants access to the scene, be sure to secure permission in writing.

Scene processing conducted directly by law enforcement or requested by law enforcement requires a search warrant properly executed by a judge. This applies to non-law enforcement forensic investigators collecting evidence in response to a request from a government or law enforcement agency. Exceptions to the warrant requirement occur when it's possible to obtain the owner's permission to conduct a search. In business environments, this can be an appropriate member of executive management, a company's general counsel, etc. Warrants are usually required when the search is to be conducted of a workspace belonging to a public employee, regardless of the presence of employer permission to search.

There are exceptions to the requirement to obtain prior approval. These exceptions are known as exigent circumstances. From the perspective of evidence preservation, exigent circumstances exist when the person conducting the investigation believes that waiting for proper authorization will result in the destruction of critical evidence. In such cases, the evidence may be obtained without management approval or a warrant. However, processing evidence obtained in this way should wait until permission is actually granted.

The rules pertaining to search and siezure may vary from one legal jurisdiction to another. Be sure you understand the rules governing your actions.

Choosing the right wireless broadband laptop card comes down to service

Wireless broadband access anywhere for your laptop using a PCMCIA card is available from several vendors. After using similar products from Sprint, Cingular, and Verizon, the conclusion is that it's not so much technology as service that determines your best bet.

This article is also available as a TechRepublic download.

What a great idea -- wireless broadband access anywhere, anytime for your laptop using a PCMCIA card and cellular technology and infrastructure, and at a reasonable price to boot. The only question is which service provider to use. I recently tried wireless broadband products from three vendors. The products from Sprint, Cingular and Verizon all tested well in the Louisville, KY, metropolitan area in a very non-rigorous trial using the TechRepublic TestLabs HP Tablet PC running Windows XP. For most users, the determining factor when choosing which service to purchase is going to come down to which is willing and able to offer the best service. Here, in a nutshell, are my observations.
What was tested

I used each of these products in an HP Tablet PC for approximately a week. I attended meetings, surfed the Web, read e-mail -- just general everyday uses. To raise the bar on our experiment, fellow TechRepublic senior editor Jody Gilbert took the devices to her rural Indiana home to see if their respective services would reach.

The products we tested were:

* Sprint -- Sprint Mobile Broadband Card PX-500
* Cingular -- Cingular 3G Laptop Connect Card
* Verizon -- Verizon Wireless PC5750 PC Card

Each of the cards performed admirably in the metropolitan area of Louisville, but only the offering from Cingular could find a signal in the rural Indiana area about 40 miles outside of town.

How they were tested

My non-rigorous testing involved the Flash speed tests found on the DSLReports Web site. For each card, I ran the Flash test on a server located on the East Coast and then ran it again for a server on the West Coast. The complete results are available in First Look photo galleries published several weeks ago, but Figures B, C, and D give you the gist of the results.

As you can see, for the most part, each vendor's card performed more or less the same when downloading data. However, on some of the tests, the Verizon card showed about double the speed as the other two when uploading. That's significant for users like me, who are uploading almost as much as they are downloading.

Because each of the cards performed well with only minor differences in both download and upload speeds, the determining factor for choosing one over another may boil down to service and software.

Each vendor provides the necessary proprietary software to establish a connection for its respective PC cards. The functions provided are the basics of:

* Installing the drivers
* Configuring the device
* Authenticating access to the service, and
* Establishing the connection

Sprint, Cingular, and Verizon all have Web sites where you can manage your account, pay your bill, and do all of the other things you need to do when you purchase services from a cellular provider. Perhaps the most important service they provide on these sites is coverage maps that show where their respective services are available. For most cities of significant size, you will find service is available from all three vendors (and, depending on where you are, probably more). Outside of those areas, the coverage could well be hit or miss, which will require some research on your part.

To help you distinguish one vendor from another, I gave representatives of Sprint, Cingular, and Verizon the opportunity to answer two questions regarding their services:
Question 1

The three wireless cards that I have looked at so far all performed well in my area. For the most part, whichever company one chooses, the actual performance of the physical connection will be similar. This observation would suggest that the criteria for choosing a particular service will come down to several factors other than the actual broadband connection:

* Coverage area
* Reliability
* Customer service

How does your company and its wireless broadband service distinguish itself from the competition now? What is planned in the future to distinguish your product?

Sprint: (Miles McMillin)

Sprint Nextel continues to be the industry's wireless data leader, offering its customers the largest mobile broadband network today with plans to be the first to market with 4th generation technology, WiMAX. On Monday, March 26, Sprint announced that Kansas City will be one of the initial WiMAX markets launched, expected to be completed sometime in 2008. Today, Sprint has the most wireless broadband coverage of any carrier through its Sprint Mobile Broadband Network (EV-DO), which reaches 209 million people nationwide, in 10,783 communities as well as 1,029 airports. The network allows users to access audio, video and data applications with handheld and connection card devices.

Sprint was also the leader in rolling out an EV-DO Rev A network and now covers nearly 125 million people in 5399 communities with the faster EV-DO REV A technology. Sprint expects to upgrade its entire mobile broadband network to EV-DO Revision A by year end. With Revision A technology, peak download data rates increase to 3.1 Mbps (from 2.0 with EV-DO Rev 0) and peak upload data rates increase to 1.8 Mbps (from 144 kbps). Average download speeds improve to 600 kbps to 1.4 mbps (from 400 -700) and average uplink speeds become 350 – 500 kpbs (versus 50 – 70 kpbs). The faster data rates provided by EV-DO Rev A can enable richer applications and services such as high-speed video telephony, music on demand, video messaging, large file uploads and high performance push-to-talk capability.

When it comes to a Rev A portfolio, nobody has a larger one than Sprint. Sprint currently offers five EV-DO Revision A compatible computer cards including the Novatel Wireless U720 USB device and the Novatel Wireless EX720 express card, Sprint's first EV-DO Revision A capable ExpressCardTM. Sprint also offers EV-DO Revision A capabilities in a variety of embedded solutions including laptops like Sony’s VAIO VGN-TXN10 Series and ruggedized stand-alone connectivity devices like Airlink’s PinPoint X and Raven X.

Sprint EV-DO Revision A users with the Novatel Wireless U720, the Novatel S720 and Novatel EX720 now have the power to utilize the first Location Based Services (LBS) capability on a Revision A connection card through an enhanced version of the Sprint Connection Manager software. Users of these cards can perform location based searches to find a nearby restaurant, gas station, bank and other points of interest without having to input their current location.

Sprint provides its customers with added value by offering a free GPS capability with three of its mobile broadband cards, truly unlimited data plans and no requirement that customers also have a separate voice plan.

Experts also recognize Sprint's EV-DO Rev A as a industry leader as it won the PC Magazine Editors' Choice Award.

Cingular: (Ritch Blasi)

The cards today receive average downlink speeds between 400-700kbps -- the network is currently maximized at 1.8mbps, when the network is upgraded to handle 3.6mbps, since the cards are rated for 3.6mbps the average data speeds should increase to 700-1000mbps. Additionally, unlike the data cards for Verizon and Sprint, who use EV-DO technology, our cards can be used to access broadband connections in about three dozen countries and Edge/GPRS data connections in more than 115 countries

Verizon: (Michelle Gilbert)

You are absolutely correct that network coverage and reliability as well as customer service are all important factors when considering wireless service. Let me address each of the three.

Network coverage area/reliability

For Verizon Wireless, network coverage and reliability really go hand-in-hand, as we spend millions of dollars on our network in Kentucky -- and billions across the U.S. -- improving network coverage and overall reliability each year. Let me give you more specifics.

Verizon Wireless has invested $35 billion in the last seven years -- $5 billion on average every year since the company was formed -- to increase the coverage and capacity of its national network and to add new services. More than $183 million of this investment was spent in Kentucky and southern Indiana.

This significant investment is spent in a number of ways, including:

* Activating new cell sites to improve network coverage and capacity;
* Upgrading equipment on existing cell sites to increase network capacity, which enables more users on our network at a time;
* Installing battery back up and permanent generators at our cell sites and switches to ensure network functionality during times of crisis -- be it a tornado, hurricane or thunderstorm;
* Rolling out our next-generation high-speed broadband network, which gives our customers access to the Internet and to their e-mail and corporate data at faster speeds, uploading files five to six times faster than before.

Customer Service

Customer service is an important differentiator in the intensely competitive wireless industry. Improving the overall experience our customers have with us -- whether they visit a store, call us or e-mail us -- is a high priority.

And, we’re very focused on making it as easy as possible for customers to do business with us. Let me explain what I mean.

As wireless service providers vie to convince the public of their network superiority, there’s a lot of creative advertising clutter, which can be confusing for customers. We’ve just introduced a new initiative, called Test Drive, which enables customers to try our network virtually risk-free for 30 days and lets them judge for themselves which company has the best network. If customers decide to switch to another wireless service provider before the end of their 30-day trial period, Verizon Wireless will refund all of their voice charges and activation fees. No other major wireless company offers a 30-day test drive of its network with a money-back guarantee if a customer is not completely satisfied. In other words, we’re putting our money where our mouth is.

Also, last fall, we introduced a declining early termination fee (ETF) for new contract customers. Now, when a customer signs up for or renews Verizon Wireless service, he or she is not required to pay a fixed early termination fee if he or she chooses to terminate service before the end of the minimum term. We became the first wireless company to introduce a declining early termination fee nationwide
Question 2

New technologies are on the horizon such as Wi-Max, which will be marketed at the same customer-base as the wireless broadband services of your company. How do you plan to compete with these new technologies? Do you plan to offer Wi-Max or other similar technology to your customers in the future?

Sprint: (Miles McMillin)

In step with its pioneering technology spirit, Sprint Nextel plans to compete the way it always has, by being a leader. In August 2006, Sprint Nextel announced the selection of WiMAX (IEEE802.16e-2005) technology for a next generation wireless network which would utilize the company’s extensive 2.5GHz spectrum assets, and formation of a unique business ecosystem designed to spur widespread adoption of WiMAX devices and services. At the CTIA Convention in Orlando, Fla., this week, Sprint announced several service areas for a 2008 launch of WiMAX, including Kansas City. This combination creates a time-to-market advantage for implementing the first large scale mobile WiMAX network expected to cover at least 100 million people by year-end 2008. At Sprint, "the Internet is everywhere" vision is becoming a reality.

Sprint’s Mobile Broadband Network (EV-DO) already enables Sprint Nextel customers to enjoy an enhanced mobile broadband experience with a robust portfolio of handsets, pc cards and embedded computers. The next generation wireless broadband network (4G) is expected to further cement Sprint’s data leadership by expanding into a broader array of data-centric devices. Given the complementary nature of the next generation wireless broadband network and our current CDMA mobile broadband, Sprint Nextel will continue with its rollout of EV-DO Rev A and look for opportunities to integrate the benefits of both while exploiting the new business opportunities uniquely provided by a 4G capability.

Cingular: (Ritch Blasi)

Our GSM 3G UMTS/HSDPA network will evolve to something called LTE (long term evolution), which is expected to provide downlink speeds of 100mbps.

Verizon: (Michelle Gilbert)

Finally, you asked about what we have planned for the future to distinguish us from competition, including Wi-Max. While we cannot share a timeframe for future enhancements to our wireless broadband network, I can assure you that we’re always looking to improve the speed and overall capabilities of the service we provide. We never have and never will stay stagnant when it comes to improving our customer’s overall experience and unlocking solutions for their needs tomorrow.
Bottom line

As you can see from the answers each representative gave me, choosing which service provider to use for your wireless broadband access is really a matter of area coverage and service. The other observation you can glean from the responses is that these companies really want your business. The competition is intense, which gives the customer more control over the conversation. Competition also means that each vendor is spending large amounts of capital toward better service.

I found the representatives of Sprint, Cingular, and Verizon I worked with in compiling this article to be very professional and very passionate about the products and companies they represented. It was refreshing. Long gone are the days when Lilly Tomlin's phone operator character could say, "We are the phone company, we don't have to care." The intensity of the competition gives me confidence that all of these vendors will continue to develop better networks that extend to more areas. Which one you decide to use may come down to which one you feel most comfortable dealing with, because in terms of the actual broadband connection, each delivered a solid product and service.

For more information with example of pictures pls referred to the pdf..

Patch Tuesday resumes with 'critical' Windows fix

Microsoft on Tuesday plans to release five security bulletins, four of which will address Windows flaws.

The bulletins, part of Microsoft's monthly patch cycle, will provide fixes for an undisclosed number of security vulnerabilities, Microsoft said on its Web site Thursday.

Earlier this week, the company rushed out a "critical" patch for Windows that fixed seven flaws in the operating system, including one that is being used in cyberattacks.

At least one of the four additional security alerts for Windows will be tagged "critical," Microsoft's highest severity rating. Security issues tagged as critical typically could allow an attacker to gain full control of an affected system with very little, if any, action by the user.

In addition to the Windows fixes, Microsoft plans to offer a patch for its Content Management Server. The product, designed to let organizations manage Web content, has a "critical" vulnerability, Microsoft said.

Microsoft has no patches on tap for Office, despite three vulnerabilities in the software that have been disclosed but have not yet been patched, according to eEye Security's zero-day flaw tracker. There are also two zero-day bugs in Windows, according to eEye. In addition, eEye has reported five flaws to Microsoft that have yet to be patched.

Also on Tuesday, Microsoft plans to release an updated version of its Windows Malicious Software Removal Tool. The program detects and removes common malicious code placed on computers.

Last month, Microsoft did not release any security bulletins. Microsoft gave no further information on the upcoming alerts, other than to state that some of the fixes may require restarting the computer or server.

Wednesday, April 4, 2007

10 Reasons Why You're Not Getting Interviews

No matter how strong your skills or experience are, you won't land a new job without first securing an interview with a prospective employer. Job seekers often consider this step of the hiring process the most difficult -- and perplexing. After all, how many times have you considered your qualifications ideal for an open position only to never hear from the hiring manager about the résumé and cover letter you submitted?

If you're looking for an edge, make sure you're not falling into these common traps:

1. You only focus on the Googles of the world.
Companies that continually grab headlines and are highly recognizable can be exciting places to work. But so are many companies you've never heard of. Keep in mind that organizations that are household names often receive thousands of résumés for each opening. Consider exploring opportunities with small and midsize companies. They make up the vast majority of businesses in the United States and sometimes have trouble locating qualified candidates. If Google is your dream employer, don't give up the good fight, but also keep your eyes and ears open to other opportunities.

2. You don't follow directions.
Each company has a different procedure it asks applicants to follow for submitting employment applications. Some ask that you use a form on their Web sites while others prefer traditional phone calls or faxes. Make sure you understand what the prospective employer seeks by carefully reading the job listing. Then, follow the directions to the letter. If you don't, your application may never reach the hiring manager.

3. You need to revamp your résumé.
Sending out the same cover letter and résumé to all companies isn't likely to capture the attention of prospective employers. Hiring managers want to know why you're a good match for their specific business needs. So take the time to research employers and customize your job search materials by explaining why you're interested in a particular position and how you could make a contribution to the company.

4. Your cover letter isn't enticing.
Think of your cover letter as an appetizer that convinces the hiring manager your résumé, the main course, is worth sampling. The best cover letters take select details from the résumé and expand upon them, explaining in depth how your talents and experience can benefit the prospective employer.

5. You don't reference keywords.
Companies that receive a high volume of résumés often use scanning software that looks for certain keywords to determine which candidates to call for interviews. More often than not, keywords come directly from the job description. Terms such as "Microsoft Office," "accounts payable and receivable" and "Cisco Certified Network Administrator" are examples. As much as possible, ensure your résumé and cover letter contain keywords.

6. Your application materials aren't perfect.
Submitting an application that contains typos and grammatical goofs is perhaps the quickest way to foil your chances of securing an interview. In fact, 84 percent of executives polled in a recent survey by our company said it takes just one or two errors to remove a candidate from consideration. The reason: These types of mistakes show a lack of professionalism and attention to detail. Make sure to carefully proofread your résumé prior to submitting it and ask a friend or family member to do the same.

7. You don't know who to send your résumé to.
Though it's fine to start your cover letter with the generic salutation "To Whom It May Concern," hiring managers pay special attention to applications that are addressed directly to them. If the job advertisement doesn't include the hiring manager's name, call the company and speak to the receptionist or a member of the person's department. More often than not, you can obtain the information fairly easily if you're candid about your reason for wanting it.

8. You don't have an 'in' with the company.
Using the name of a common contact to make the connection between you and the hiring manager is by far the best way to ensure your cover letter and résumé get optimal attention. So, keep in touch with members of your professional network; you never know who has a contact at the company you hope to work for.

9. You don't follow up.
One way to improve the odds a hiring manager gives consideration to your résumé is to follow up with him or her. According to a survey by our company, 86 percent of executives said job seekers should contact a hiring manager within two weeks of sending a résumé and cover letter. Often a brief phone call or e-mail reasserting your interest in the position and strong qualifications is enough.

10. You're not as qualified as you think.
The bottom line may be that you're simply not as perfect for the job as you think. Before submitting your résumé, take a close look at the job description and compare your skills and experience with those required for the position. If a job calls for five years of retail management experience, and you have only two, you might not be as qualified as other applicants. While sometimes it's possible to make up for skills gaps if you excel in other areas, hiring managers frequently have specific criteria in mind, and they use it to determine whom they call for interviews.

By avoiding common pitfalls, you can improve your chances of landing a job interview. Often something small -- fixing a typo, for example -- makes all the difference.

what are your major weaknesses?

One of the trickier questions an interviewer might put to you is "what are your major weaknesses?"

What are you meant to say? If you list all your weaknesses, aren't you just giving the interviewer reasons to think that you aren't up to the job?

If you read most other interview advice guides, they will say that you should list some weaknesses that are just as much strengths. Things like "I am a perfectionist" or "I work too hard".

But these responses are JUST PLAIN WRONG. Let me explain why.

In fact, I'll let you in on a secret. It is my job as an interviewer to form my own opinion on what your strengths and weaknesses are and I will do so without you needing to tell me! But, if I DO ask you "what are your major weaknesses?" then I will be looking for three key things:

Self awareness
Awareness of your impact on others
Self development
So work out what your weaknesses are, and package them with the following three steps to make your interviewer know that you are the right person for the job!

1. Self awareness

As an interviewer, I want to see that you are aware how your 'weakness' really is a weakness. Illustrate with examples where you can.
2. Awareness of your impact on others

Your weakness may also impacting others in a negative way, so it is good to show that you are aware of how your behaviour rubs off on other people.

(By the way, strong candidates, especially in an environment where teamwork is important, will ALWAYS be demonstrating that they are aware of their impact on others.)

Okay, so now you're showing that you're really on top of this weakness, and that you're not trying to show it off as some kind of strength.

Now it's time to go in for the kill! I will be putty in your hands if you go on to step 3!!
Step 3. Self development

Finishing your response off in this way will truly show that you understand that you have a weakness and THAT YOU ARE DOING SOMETHING ABOUT IT!!

Remember, everyone has weaknesses. They are not something to be hidden, but something to be FIXED. So show your interviewer that you have set about FIXING your weaknesses. Again, examples are useful.

So, now do you see how you should REALLY be answering the 'weakness' question?

Follow the three steps above, and your interviewer will know that they are talking to a high quality candidate who will continue to grow and flourish in their company.

How to Conquer the First Impression

When you walk into an interview, remember this: It only takes 30 seconds to make a lasting impression.

Research has shown that the first impression you make on an interviewer really sticks. In one study, untrained subjects were shown 20- to 32-second videotaped segments of job applicants greeting their interviewers. When the subjects rated the applicants on attributes like self-assurance and likeability, their assessments were very similar to the interviewers' -- who had spent more than 20 minutes with each applicant.

Fortunately, there are some actions you can take to help master the first impression:


Few things give a worse impression than showing up late for an important meeting. Allow yourself plenty of time to get to the interview in case you have trouble finding the office.

But earlier isn't necessarily better. If you arrive more than 15 minutes early and beeline for the reception area, your interviewer might feel rushed and you might appear desperate, according to Emily Post's book "The Etiquette Advantage in Business." If you arrive early, go to the restroom to freshen up or have an espresso and muffin at a nearby coffee shop.

Ideally, you should check in five to 10 minutes early, and always be courteous and professional to everyone you meet -- you never know how much influence the receptionist may have on the hiring decision.


Like it or not, people make judgments on appearances, so it's important to arrive at the interview looking like a seasoned professional. But if you dress too formally, you'll look stuffy, and if you dress too casually, the interviewer may think you're not serious about the job.

Never wear anything sloppy, tight or revealing to an interview. High-quality, tailored business suits are always appropriate for both men and women. And don't forget the details: Make sure your shoes and any other accessories are clean and polished. Clothes may make the (wo)man, but hair and hygiene are crucial. You never want an interviewer to smell you before they see you, so always bathe the morning of the interview, use a good-quality bath soap and deodorant, and avoid wearing perfume or cologne.

Be sure your hair is clean and well-groomed -- nothing spiky or wild -- and keep your makeup minimal. Cover any tattoos, and limit visible piercings to one in each earlobe.


According to Emily Post's book, your grip speaks volumes. Offer a limp hand and your partner will think you're hesitant or meek. Give a bone-crunching squeeze and you can appear overly enthusiastic or domineering -- and it hurts! But when you shake with a medium-firm grip, you convey confidence and authority.

Extend your hand and grip when the webs of your palms touch. Then, pump your hand a couple of times.

Body language

Don't underestimate the importance of your posture and subtle movements. A study by Albert Mehrabian of UCLA found that 55 percent of communication is received from body language.

To ensure your body language signals your confidence, sit up straight with your shoulders back. Avoid crossing your legs and don't adopt a casual pose -- even if your interviewer does.

Even if you're nervous, try not to fidget. Don't play with your jewelry, twirl your hair or cross your arms, and try to maintain eye contact with the interviewer. If staring straight into the interviewer's eyes makes you uncomfortable, look at the bridge of his or her nose instead -- it looks like you're still making eye contact, but might be less distracting.

Action Words to be used in resume

Action Words

Nearly every book on article on the topic of résumé writing will advise you to use high-impact action words, and avoid the passive tense.

When you sit down and actually write, it is tough to come up with some original words.

Here is a list of powerful action words.


Assumed responsibility




Carried out






Functioned as



-H- Handled





Met with










Set up







Five Things New Grads Should Know About Job Hunting

The class of 2006 is looking at a bright future with promising job prospects and salary increases.

Seventy percent of hiring managers say they plan to recruit recent college graduates this year, up from 62 percent in 2005, according to’s "College Hiring 2006" survey. Plus, nearly one-in-five hiring managers expect to hire more recent college graduates in 2006 compared to last year and one-in-four plan to increase starting salaries.

College grads can also expect a bigger payoff this year. Twenty-seven percent of hiring managers anticipate increasing starting salaries for recent college graduates in 2006 and only 5 percent plan to decrease them. How much should new grads expect to earn? Thirty-four percent of hiring managers expect to offer between $20,000 and $30,000 and 28 percent expect to offer between $30,000 and $40,000. An additional 10 percent will offer between $40,000 and $50,000 and 7 percent will offer more than $50,000.

New grads won't have to pound the pavement for too long. Thirty-six percent of hiring managers say they will do the majority of their hiring of recent college graduates in the second quarter. Thirty-one percent say the majority of their hiring will take place in the third quarter.

With promising job opportunities, favorable salaries and plenty of free time, new grads should have no reason not to look for that first job. Make sure you know these top five things hiring managers look for when sizing up a candidate:

1. Relevant experience

Twenty-three percent of hiring managers say the candidate's ability to relate their experience to the job at hand is the most important factor in the hiring decision. Unfortunately, new graduates often underestimate the experience they have through internships, part-time jobs and extracurricular activities, but 63 percent of hiring managers say they view volunteer activities as relevant experience.

2. Fit within the company culture

Just because you look good on paper doesn't mean you're a shoo-in for the job. To 21 percent of employers, the trait they most want to see in a candidate is the ability to fit in with co-workers and the company. Offering up a blank stare when the interviewer asks why you are the right fit for the job will not go over well. Just be yourself, but mind your i's -- never insult, interrupt or irritate the interviewer. This can also be evaluated by that "unimportant" small talk at the beginning of an interview or non-job-related questions like "What was the last book you read?"

3. Educational background

Nineteen percent of hiring managers place the most emphasis on your educational background: the institution you attended, major, minor and degree earned. Be sure to also include courses taken and completed projects if relevant to the job. With grade point average, it's tricky. A good rule of thumb is to omit it unless it is 3.0 or higher and denote if it's your overall or major GPA.

4. Enthusiasm

Passion for the job is the top characteristic 19 percent of employers look for in a candidate. Employees who are passionate about their jobs tend to be more productive workers. The answer to "Why do you want to work here?" should always focus on the strengths of the company and the challenge of the position, not the perks. A "take or leave it" attitude about the job will leave the employer feeling the same about you.

5. Preparedness
Eight percent of hiring managers say the ideas you bring to the table and the questions you ask carry the most significance. Come in prepared to discuss how your qualifications can specifically contribute to the success of the company. Actually put yourself in that role and explain how you would perform your work and ways to improve it.

Ten Easy Steps for Email and Web Best Practices

Any time you allow your employees to access the web and email, you put your organizations at risk. Accidental misuse and intentional abuse can create potentially costly and time-consuming legal, regulatory, security and productivity headaches for employers of all sizes and in all industries. View this FREE guide from the ePolicy Institute to developing and implementing Effective Email and Web Acceptable Usage Policies here.

here is the pdf

Tuesday, April 3, 2007

British hacker loses U.S. extradition appeal

Accused by U.S. of being the all-time biggest military hack, Gary McKinnon could face 70 years in prison if convicted.

A British computer expert accused by Washington of the "biggest military hack of all time" lost an appeal on Tuesday against plans to extradite him to the United States to stand trial.

Gary McKinnon was arrested in 2002 following charges by U.S. prosecutors that he illegally accessed 97 government computers--including Pentagon, U.S. army, navy and NASA systems--causing $700,000 worth of damage.

Two of Britain's leading judges rejected a High Court challenge by McKinnon to an earlier court order backed by Britain's Home Secretary that he should be extradited.

"We do not find any grounds of appeal against the decision," said one of the judges, Lord Justice Maurice Kay.

"Mr McKinnon's conduct was intentional and calculated to influence and affect the U.S. government by intimidation and coercion."

"As a result of his conduct, damage was caused to computers by impairing their integrity, availability and operation of programs, systems, information and data on the computers, rendering them unreliable," Kay said.

McKinnon's lawyers had argued that sending him to the United States would breach his human rights and should not be allowed on the basis that his extradition was sought "for the purpose of prosecuting him on account of his nationality or political opinions."

McKinnon, whose hacking name was "Solo," has admitted gaining access to U.S. government computers but denies causing any damage.

At the time of his indictment, Paul McNulty, U.S. Attorney for the Eastern District of Virginia, said "Mr McKinnon is charged with the biggest military computer hack of all time."

If found guilty in the U.S, McKinnon could face up to 70 years in jail and fines of up to $1.75 million.

He is expected to apply to the House of Lords, Britain's highest court, for permission to challenge Tuesday's ruling.

Microsoft targets more software pirates

Legal action aimed at groups that sold copies of Windows and Office discounted for academic use to regular users.

Microsoft said Monday that it is taking action against groups that sold copies of Windows and Office discounted for academic use to regular users.

The Redmond, Wash., software maker has filed nine lawsuits and sent more than 50 letters threatening such action, it said in a statement. The suits were filed in the United States, but they target groups that operate internationally, posing as academic resellers in Jordan and elsewhere in that region and then reselling discounted Microsoft products in the U.S.

"These companies reaped millions of dollars in illegal profits by allegedly selling the software to Internet retailers in the United States rather than supplying it to the students," Microsoft said in the statement.

Many of the Internet retailers, in turn, allegedly made hefty profits by selling the software at retail prices to unsuspecting American consumers who were deceived into buying software that was not licensed for their use, Microsoft said.

One of the largest offenders,, has already agreed to settle Microsoft's lawsuit for more than $1 million in cash and property, Microsoft said. Other merchants that received letters have agreed to stop selling the software, the company said.

Software piracy resulted in a loss of $34 billion worldwide in 2005, a $1.6 billion increase over 2004, according to a study commissioned by the Business Software Alliance. Microsoft has been fighting software piracy for years, taking a multipronged approach that includes action against pirates and tools that check licenses on PCs.

The products for education are marked "Student Media" and "Not for retail or OEM distribution. Not for resale."

Monday, April 2, 2007

interview tips

10 Ways to Blow the Interview

Information abounds regarding what you should say in an interview. But it can be just as important to realize what not to say. It is also imperative to note that what you say say can be communicated through both your words and actions.

1. You arrive late to the interview.
What it means: "I really don't care about getting this position."

Arrive a healthy 15 minutes before your scheduled appointment to give you time to collect your thoughts, review your notes and make a good first impression.

2. You're rude to the receptionist.
What it means: "I'm difficult to get along with."

Receptionists are the gate keepers and it's their job to be the eyes and ears of the company," cautions Lauren Milligan, founder and CEO of ResuMAYDAY, Inc. Besides, if hired, you may need their cooperation one day.

3. You answer questions with trite or cliché responses.
What it means: "I'm just one of the crowd."

Telling the interviewer you are a perfectionist and expect too much of yourself is sure to elicit a yawn, if not a discreet roll of the eyes, Milligan warns. Prepare potential responses ahead of time to avoid relying on the usuals.

4. You don't ask questions.
What it means: "I'm not that interested in your company."

The interview should be a two-way conversation "to determine if you are the right fit for the company, and if the company is the right fit for you," Milligan says. Use the interview to gather as much information about your potential new position as possible.

5. You answer the standard "Tell us about yourself," with "What would you like to know?"
What it means: "I have nothing special to offer this company."

This is your opportunity to steer the conversation into areas where you truly shine. Don't waste this chance by appearing to lack any outstanding qualities you want to share. And please don't start with where you were born. Focus on your career unless your birthplace is relevant to the job.

6. You use inappropriate language.
What it means: "I'm unprofessional and if it shows in the short span of an interview, imagine what I'll be like in the office."

Even if they're only mild and somewhat acceptable words, there still is no place for them in the interview.

7. You trash-talk your former boss.
What it means: "I have no discretion; I'll blab any inside information."

"If you left your prior job on poor terms, you need to put this relationship in a positive light for the interview," Milligan advises. "Even if your boss was to blame." You never want to bring negativity or antagonistic emotions into the interview. Keep it positive and upbeat.

8. You ask the interviewer to not contact your former employer.
What it means: "I have something to hide."

Even if you do not get along with your boss, you can always name someone else in the organization as a reference.

9. You exaggerate your accomplishments or credentials.
What it means: "I'm not good enough on my own merits, so I need to lie to make myself look good."

A skilled interviewer can easily identify fabrications in your background or experience. State your qualifications with confidence. You don't have to be Superman to get hired; you just have to be right for the job.

10. You don't thank the interviewer.
What it means: "I have no manners."

Forgetting to thank your interviewers in writing for their time can take the luster from even the most stellar interviewee.

Interview Tips for Computer Science Students

I interviewed bunch of fresh graduates for number of software development positions. Interview graduates can go two ways - It’s interesting if they’ve done something outside their course work which can show their passions and skills. It’s tiring to hear about what subject they have studied and what are the school projects. Frankly there aren’t any interesting things to talk about school.

Dan Kegel has similar thoughts. Even better, in this article, he helps the fresh grads to understand what interviewers really looking for, and suggests number of quick ways to make you stand out from the pack. As I work in an open source company, I enjoy his suggestion on contributing to an existing open source project as a way to demonstrate your programming skills:

Whether or not you’re in college, nothing is stopping you from contributing to an existing Open Source project. One good way to start is to add unit or regression tests; nearly all projects need them, but few projects have a good set of them, so your efforts will be greatly appreciated.

I suggest starting by adding a conformance test to the Wine project. That’s great because it gives you exposure to programming both in Linux and in Windows. Also, it’s something that can be done without a huge investment of time; roughly 40 work hours should be enough for you to come up to speed, write a simple test, post it, address the feedback from the Wine developers, and repeat the last two steps until your code is accepted.


1. Poor attitude. Many candidates come across as arrogant. While employers can afford to be self-centered, candidates cannot.

2. Appearance. Many candidates do not consider their appearance as much as they should. First impressions are quickly made in the first three to five minutes. (For details regarding Appearance, refer to the message 'Interview Etiquette' which I had posted earlier in "" group).

3. Lack of research. It's obvious when candidates haven't learned about the job, company or industry prior to the interview. Visit the library or use the Internet to research the company, then talk with friends, peers and other professionals about the opportunity before each meeting.

4. Not having questions to ask. Asking questions shows your interest in the company and the position. Prepare a list of intelligent questions in advance.

5. Not readily knowing the answers to interviewers' questions. Anticipate and rehearse answers to tough questions about your background, such as recent termination or an employment gap. Practicing with your spouse or a friend before the interview will help you to frame intelligent responses.

6. Relying too much on resumes. Employees hire people, not paper. Although a resume can list qualifications and skills, it's the interview dialogue that will portray you as a committed, responsive team player.

7. Too much humility. Being conditioned not to brag, candidates are sometimes reluctant to describe their accomplishments. Explaining how you reach difficult or impressive goals helps portray you as a committed, responsive team player.

8. Not relating skills to employers' needs. A list of sterling accomplishments means little if you can't relate them to a company's requirements. Reiterate your skills and convince the employer that you can "do the same for them".

9. Handling salary issues ineptly. Candidates often ask about salary and benefit packages too early. If they believe an employer is interested, they may demand inappropriate amounts and price themselves out of the jobs. Candidates who ask for too little undervalue themselves or appear desperate.

10. Lack of career direction. Job hunters who aren't clear about their career goals often can't spot or commit to appropriate opportunities. Not knowing what you want wastes everybody's time.

11. Job shopping. Some applicants, particularly those in certain high-tech, sales and marketing fields, will admit they're just "shopping" for opportunities and have little intention of changing jobs. This wastes time and leaves a bad impression with employers they may need to contact in the future.



What are Recruiters looking for?

General personality: For many employers, the personality fit with a company is as important as your skills to perform the job!

Personal appearance: A neat, pleasant appearance is important for a good first impression.

Many employers use grades as a way to evaluate candidates. Make sure you can explain marked deficiencies.

Work Experience: Be able to articulate the importance of past job experiences in terms of the job for which you are interviewing.

Verbal communication skills:
This includes the ability to listen effectively, verbalize thoughts clearly, and express yourself confidently.

Skills to perform the job: It is important to emphasize the skills, which you feel the employer is seeking, and to give specific examples of how you developed them.

Employers will assess your ability to articulate your short-term and long-term goals.

Knowledge of the Recruiter's Company and Industry:
You are expected to have read everything the company has put in the placement library. Don't waste interview time asking questions that could have been answered by the printed material.

Responding to a Job Advertisement

Sample Letter:

Responding to a Job Advertisement

Mr. Richard Vega
Director of Human Resources
Berry Berry Good Juice Company
2502 Richmond Blvd.
Dunsbury, Illinois 60629

RE: Customer Service Representative position
Posting #6892-A

Dear Mr. Vega,

I was excited to see your advertisement for a Customer Service Representative on

Berry Berry Good Juice Company has an impeccable reputation as a quality all-natural juice maker and a supporter of the community it serves. I attended the health fair your company sponsored at the Oaks Mall, and it was impressive.

I am very interested in the Customer Service Representative position. My background includes two years as a part-time airline phone Reservationist, and two summers working at Hovendale's department store at the return desk. I pride myself on my ability to empathize with the customers and my sense of urgency when dealing with their concerns.

I would enjoy meeting with you to share what I could do for your customers and I will call you in a week about the possibility of an interview.

Thank you for your time.


< sign here >

Terese Washington

Gain confidence in your presentations by following these tips

For most of us, effective public speaking requires a bit of discipline, preparation, and practice. These suggestions will help you develop your delivery skills and overcome presentation jitters.

here is the pdf

Public speaking can be very stressful. I know that whenever I get up in front of a crowd I go through a panic moment. It takes a lot of discipline, practice, and preparation to put on a good presentation and even knowing what you need to know can be hard.

A year or so ago, I wrote on the subject of first-time speaking. Since that time, I've been able to use many of those tips as well as some new tricks to help get myself ready for speaking engagements. I also had a chance to spend time with a speaking coach, which helped more than I'd have ever guessed.

Now when I'm speaking, while not 100 percent comfortable, I do feel much better. I'm able to make it more fun for me, and I think I pass along that good feeling a bit more to my audience. I've got several useful tips, tricks, and resources I hope will help some of you. These things should help whether you're speaking at a large conference, giving a small internal presentation to you coworkers or classmates, or giving a sales pitch. They're pretty universal.
Mental and physical preparation before your presentation

I've found that the more prepared I am, the more confident I feel. This makes for a better presentation. As you get comfortable speaking, you'll naturally feel more confident and the need to prepare (and time it takes) will not be so important. For newer and first-time speakers, I think you should spend as much time as you can getting ready. Well, don't make yourself crazy; just make sure you know and feel comfortable with your material and practice a few times.

If you've never spoken before, a meeting with a speech coach can really help. They talk with you and get an idea of your style and then offer some specific advice on how to address the crowd, what your particular problems might be, and more. For example, when I went I was told:

* Speak slower.
* Talk to individuals in the crowd.
* Think before you speak. Take pauses.

These things were (and still are) very, very helpful for me to remember when I'm speaking. Going over them before I get up there reminds me and helps me be more calm and confident.

A few other ways to prepare yourself:

* Drink lots of water.
* Get a good night's sleep.
* Avoid the urge to go out drinking the night before. If you do, moderate yourself. (Especially if you're at SXSW.)
* Eat.
* Breathe.
* Visualize a positive outcome.
* Hang out with the other speakers (if there are any) and ask them questions and for advice. This always helps me as they will usually build you up.

Preparing your support materials

The key to preparing your actual presentation is to remember that less is more. If you want to share your information with people who couldn't be there, try writing an article. Even detailed presentations have something missing. A few common, and good to know, guidelines to a good presentation:

* Keep text to a minimum. No more than five bullet points per slide. If you can keep them to one core idea, that's better. People will tend to read this stuff and not pay attention to what you're saying.
* Check the contrast and font size. Make sure that if you have text on the screen, people can read it.
* Use pictures to get your idea across. They're easier to remember, less distracting, and make more impact. Have stories ready and use imagery to set the backdrop.
* Avoid complicated charts and graphs; they're hard for your audience to follow. Keep visual ideas very simple.
* Check the resolution of your presentation. Maybe go with 800 x 600 to be safe. I don't know how many times I've seen slides that don't fit on the screen. You never know for sure how it's going to work out when you get things set up if you don't have full control over the environment.
* Have simple-to-follow notes to go along with your slides and major talking points. They should serve as a reminder, not something for you to read from.
* Prepare more than you can speak to, but also be prepared to get cut short. Time flies up there.

Giving the presentation

Although you don't want to spend too much time while in the midst of your presentation thinking about what to say or do, there are a few things you should remember when speaking:

* Think positive.
* Tell stories. Stories will get your idea across much better than charts and graphs and numbers. They also have the added benefit of helping to engage your audience.
* Don't read your slides. They should support what you are saying, not be what you are saying. The same goes for your notes.
* Keep your intro short and strong. People want to know who you are, but they also want to get into the meat of your talk. A quick, solid, and clear intro is better than a meandering joke or list of accomplishments any day. Chances are, most people in the audience know a bit about you already.
* Keep it slow and steady. Pause when you need to take a breath; you'll think better.
* Don't agonize over mistakes, and don't say your sorry. Keep confident and if you mess up, move on.
* Pause to let strong ideas sink in. This can be hard to remember, but your audience needs time to absorb and take breaks too!
* Smile, joke, and laugh if appropriate. A little humor can go a long way, but don't overdo it.
* Learn from your mistakes. I know that I learn a little every time I get up and speak.
* End strong. Make your finally crisp, clean, and powerful.
* Be prepared for interruptions and questions. If you are doing well, you'll have lots of questions.

I hope this stuff helps some of you. I know that the advice I've been given over the years has helped me quite a bit. I'm still not a great speaker, but I'm getting better and I sure as heck feel more comfortable about it than I used to--which to me is more than half the battle.

D. Keith Robinson is a writer, designer, artist, and publisher living in Seattle. He's been a Web professional for nearly 10 years, and his career has included work with Boeing, Microsoft, and Sony. His Getting To Done column appears on Lifehacker.

the jist is here....
* Visualize a positive outcome.
* Hang out with the other speakers (if there are any) and ask them for advice.
* Avoid complicated charts and graphs; they're hard for your audience to follow.
* Check the resolution of your presentation. Maybe go with 800×600 to be safe. You never know for sure how it's going to work out if you don't have full control over the environment.
* Prepare more than you can speak to, but also be prepared to get cut short.
* Don't read your slides. They should support what you are saying, not be what you are saying.
* Pause to let strong ideas sink in. This can be hard to remember, but your audience needs time to absorb and take breaks too.