Introduction                                                                                                         (top) 

The BbyB Beacon is an electronic publication to keep the members of Bit by Bit informed about the current affairs of the company. It contains announcement of important events like training programmes, Management Review Meetings, etc.

We will be including a new column called the Technical Corner from this issue onwards, covering technical articles contributed by the members of Bit by Bit.

Contact Information

Any contribution to the newsletter in the form of technical articles, or items of general interest, are welcome. Please send them to pratima@bbyb.com or sreedhar@bbyb.com

From the Management

From The Editor

Neuro Linguistic Programming

The pioneers of NLP were Dr. Richard Bandler and John Grinder who, in the 1970's, studied the mental processes of people from different disciplines who excelled in their professions. The study proved that excellent people repeatedly use some common systematic steps of behaviour, which gave rise to the concept. This concept has revolutionised various areas of Human Resource Development like training and education.

NLP, or Neuro-Linguistic Programming, is the science of how the brain codes learning and experience. This coding affects communication and behaviour. It affects how you learn and how you experience the world around you. It is a key to reaching goals and achieving excellence.

NEURO: Refers to the neurological system the way one uses one's sight, hearing, touch, taste and smell to translate one's experience into thought process
LINGUISTIC: Means the way we use our language to make sense of our experience more meaningful to oneself and others
PROGRAMMING: Refers to the coding of experience, a series of steps designed to achieve certain specific results

People from all walks of life use NLP personally and professionally.
Businesses can use NLP to foster world-class sales and customer service results - and to implement organizational change effectively.
Educators can study the verbal and non-verbal language of every child to identify how each one learns best. As classrooms become increasingly diverse, NLP skills are becoming more essential.
Counselors can help clients become more functional in a shorter time frame. Today's limited insurance coverage makes it crucial to achieve maximum results in minimum time.
Medical and Dental Professionals can mitigate patients' fears and anxieties about procedures. This translates to higher client satisfaction.

On the personal side, NLP enables you to:
Clarify your dreams for the future and identify barriers that may be holding you back
Change the unwanted habits and behaviours that are standing in your way
Understand you partners and children's needs and communication styles more fully
Enhance rapport and communication with others
Recognise how others are using language to influence you

Pratima.

News From Abroad                                                                                              (top) 

Naveen's Trip to U.K.

Naveen, a member of the MESaLS team, was in UK between the 16th of July and 20th August 2003.

This is what he has to say :-
“The first two weeks at Baum hart office were quite busy. Lot of things had to be incorporated into the version that was being installed at Huntleigh National Care.
Had been to Luton (Huntleigh site) with Chris Reed on 1st August for installing Huntleigh's own version of MESaLS.
It was completed without any hitches. They were supposed to go live in two weeks. But because of lack of testing at their end, they decided to postpone it at least by another two weeks. We are yet to hear from them on GoLive Date as of now.
After installation on 1st August, few errors were reported by their internal testing that were subsequently fixed.
The last two weeks were mainly used for co-ordinating between BbyB MESaLS team and BHP MESaLS team over a few issues in the regular VB and Web versions.

That’s about work. The Weekends there have been memorable. Overall an unforgettable experience, thanks to Raghu and Carol.”

Meetings and Events                                                                                           (top) 

Review Meeting

A review meeting was held on the 7th of August at 6 PM. The attendees were Raghu Shenoy, Usha V K, Jayaraj, Devaki, Santhosh I P, Manjunath, Shashi, Guru, Sreedhar and Chaitanya.

The Agenda of the meeting was as follows:
1.Project Review - MESaLS
2.Manpower requirements - Sepia, CPA
3.Project Management - Discussion on Project metrics and Reports in Project info, change control management and error management

Internal Audit

An internal audit was conducted on 29th August. Sreedhar and Pratima were the internal auditors.

Achievements                                                                                                       (top) 

StaffBank
“Just to let you know we have today won a new order on SB from Leicester Healthcare, small but they are moving from NHSP WYMAS”

Chris Lee – Partner - Baum Hart & Partners

... Baum Hart & Partners, major client of Bit by Bit, won a contract for StaffBank from Leicester Healthcare.

Guest Column                                                                                                    (top) 

Sobig Worm Crawls Again in New Version

The latest version of the Sobig worm (sobig.f) is making its way through computer networks around the world, apparently causing no direct damage but hogging bandwidth and IT resources in its path.
While the virus does no actual harm, the spoofed messages can elicit anger from customers and users who receive the worm. Companies affected by SoBig have said it has been more of a nuisance than a threat.

W32.Sobig.F@mm is a mass-mailing, network-aware worm that sends itself to all the email addresses it finds in the files that have the following extensions: .dbx .eml .hlp .htm .html .mht .wab .txt
The worm uses its own SMTP engine to propagate and attempts to create a copy of itself on accessible network shares, but fails due to bugs in the code.

The new worm is set to automatically time itself out and stop spreading on September 9, 2003. The aforementioned de-activation date applies only to the mass mailing, network propagation, and email address collection routines. This means that a W32.Sobig.F@mm-infected computer will still attempt to download the updates from the respective list of master servers during the associated trigger period, even after the infection de-activation date. Previous variants of Sobig exhibited similar behavior.

Anti-virus software 'causing more headaches than Sobig worm:

Anti-virus software is causing users more headaches than the Sobig.F worm itself.
The worm is on a propagation loop, the Sobig worm composes a message, chooses two random items in the Address Book, and puts the first in the "From:" and the second in the "To:" header. Then all virus messages are spoofed.

The problem is that many e-mail virus scanners send a "You are infected" reply to the address contained in the "From" header. Since the messages are spoofed, an innocent, uninfected user is flooded by automatic complaints from many others regarding the virus that has been sent.

Email spoofing
W32.Sobig.F@mm uses a technique known as "spoofing," by which the worm randomly selects an address it finds on an infected computer. The worm uses this address as the "From" address when it performs its mass-mailing routine. Numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to another individual.

The Evolution of The Sobig worm

Sobig.a - The original worm, introduced in January 2003. Its purpose was to spread a proxy server Trojan. It was quite successful at this until details of the scheme were made public and the sites it relied on to download the second and third stages were shut down. In spite of this, thousands of proxy servers were surreptitiously installed on computers worldwide. It is now largely believed that the purpose of this proxy network is to serve spammers - giving them a way to hide their true IP addresses while they spew spam all over the globe.

Sobig.b - In May 2003, a new worm initially known as "Palyh" set records for the quickness of the initial spread. The Palyh worm was soon renamed to Sobig.b after it was realized from analyzing the code that Sobig was back for another round. This time the worm had a shelf-life; a built-in timer to stop it from spreading after a certain date, unlike the first Sobig, which is still circulating in the wild today even though it is unable to deliver its secondary payload.

Sobig.c - On May 31, the day that Sobig.b "expired", Sobig.c now consulted a list of public NTP (Network Time Protocol) servers around the world. These servers deliver accurate timestamps to clients so they can synchronize their system clock with it. Instead of setting the system clock, Sobig.c merely read the time from the received packet, compared that time with the programmed-in stop date/time, and discarded the packet. All Sobig variants that followed continued to check the time in this way.

Sobig.c still had a dependence on Geocities to host the information the worm needed to find its second and third stages, and Geocities was becoming increasingly quicker in shutting down pages the worm contacted. In order to combat this, the Sobig author began to encrypt the strings inside the executable. The encryption was fairly trivial, but the author hoped it would buy some time while the payload was delivered. But Geocities again removed the sites the worm used with lightning speed.

Sobig.d - Those who were tracking the Sobig variants knew that the author would probably stop using Geocities at this point. They were right - the next variant released a couple of weeks later used a stronger encryption algorithm, and no longer contained references to Geocities, or any other URL. The author moved to a slightly more sophisticated and covert method of getting the information needed in order to prevent the download sites from being shut down too quickly. Between 7:00 PM and 11:59 PM UTC, the worm would periodically send a packet on UDP port 8998 to a list of 22 IP addresses contained in the executable's encrypted strings. The packet contained an 8-byte key identifying itself as coming from a Sobig infectee. These IP addresses were all on cable modems, some or all of which were probably hacked either by the author or the author's cohorts to serve answers to these incoming packets. Upon receiving the magic packet on port 8998, some of the cable host servers returned garbage strings as a further subterfuge, but others returned an encrypted URL. Upon receiving the reply, Sobig.d would decrypt the URL and retrieve a file from that site. This file was the second stage payload.

However, Sobig.d was largely a flop, but not because it had any particular flaws. It just didn't circulate to enough people. Since it used exactly the same spreading mechanisms as the last 2 variants, this may seem strange unless you consider that those variants were probably seeded via a very large initial mass mailing. Since no such mass mailing seemed to occur with Sobig.d, we are left to speculate that it may have either been a test or accidental release.

Sobig.e - This release hit on June 25, before the expiration date of Sobig.d, further evidence that Sobig.d may have been premature. There were no major changes to the functionality since Sobig.d except the attachment was now zipped. This was probably in order to bypass mail gateways that deny executable attachments but allow zip files. Because the initial seeding was so large, the chances of being caught by a virus scanner on the first day were small - only virus scanners that do heuristic scanning as well as signature-based scanning would pick up on the fact that it was a worm and block it.

Since the "b","c" and "d" variants were largely failures, it serves us only to examine the second stage of the "e" variant, which is (unfortunately for the rest of us) very likely to succeed

Sobig.f - On Tuesday, August 19, users across the Internet noticed an increasing flurry of suspicious emails. Sobig.f had set new records in the sheer quantity of email traffic for any single worm variant. This new, more prolific variant was a result of some programming fixes. Instead of trying to send emails one at a time, Sobig.f uses "threading" to allow it to send 7 emails at the same time. The overwhelming number of copies of this worm in people's inboxes show showed the improved efficiency. However, many of those copies were likely sent from the same few addresses, so appearances are not always what they seem. In spite of the flood of worm emails, this variant was probably 100% ineffective at achieving its goal.

The goal of course, is to create spam proxies, as outlined in the two previous papers Sobig.a and the Spam you Received Today and the follow-up paper Sobig.e - Evolution of the Worm. If you haven't read these papers, you should stop now and do so- there is a great deal of complexity to the Sobig worm family, and it has evolved over time. In this paper, we will deal primarily with the changes since Sobig.e.

The worm de-activates on September 10, 2003. The last day on which the worm will spread is September 9, 2003. The aforementioned de-activation date applies only to the mass mailing, network propagation, and email address collection routines. This means that a W32.Sobig.F@mm-infected computer will still attempt to download the updates from the respective list of master servers during the associated trigger period, even after the infection de-activation date. Previous variants of Sobig exhibited similar behavior.

Sobig.f is much like Sobig.e. Sobig.g will probably be much more effective than any previous variant, as the author continues to learn from his/her mistakes. Hopefully the added exposure this variant has received will prompt people to be more careful about opening attachments; after all, this worm cannot spread without manual interaction of end users. Hopefully they'll do a better job at not clicking on Sobig.g.

Next, SoBig worm may trigger torrent of spam

A new version of the SoBig computer worm, expected in September, could not just overwhelm networks with infected mail but also lead to a massive increase in spam, according to some experts. many believe the SoBig.F computer worm, which infected many thousands of computers earlier in August, was designed to turn machines into "zombies" capable of sending out a flood of spam.
Six different versions of SoBig have been released so far, one after another. Each incarnation has sought to install an open proxy server on infected computers, hidden from view. These open proxies are not protected by passwords or other security measures.
They may therefore be used by spammers to reroute junk email, evading efforts to identify and block it at source. Hackers may also use anonymous proxies to cover their tracks.

- Ratan, System Administrator

ISO Overview                                                                                                     (top) 

We received the ISO 9001:2000 certificate from our certification Auditors' M/s. TUV Rhienland India (P) Ltd.

The positive recommendations / scope for improvements noted by them were:

Should streamline the process of training effectiveness evaluation
Should also consider the internal failures while defining the quality Objectives
Should capture the details of sample verified and evaluated to ensure comprehensiveness of the internal Audit

We conducted an audit on 29th August 2003 and I am happy to note the general commitment of the personnel in our organisation to quality. In this audit, only MESaLS and ClubCard were audited. The rest of the projects viz. StaffBank, Sepia, ForeTrans, QTM2002 and Project Info will be audited in the second week of September.

Even though Team MESaLS were late in starting to use Project Info, they are now, one of the most prolific users of the same.

Education & Training                                                                                        (top) 

ASP Training Session

Santhosh I P gave a seminar in ASP on the 6th of August at 6 PM on ‘Built-in Objects in ASP’. The invitees for this session were Arun, Usha V K, Ismail, Devaki, Shubha, Chaitanya, Vinay, Imran and Jayaraj.

The session lasted for one and a half hours.

Project Info

Ismail gave a talk on ‘Enhancements implemented in Project Info Software’ on the 11th of August at 6.30 PM. It lasted for over an hour.

Enhancements on the Huntleigh Version of MESaLS

After his recent visit to UK, Naveen briefed the MESaLS team on the enhancements done on the Huntleigh version on the 25th of August at 5 PM. This was exclusively for the members of the MESaLS team.

Technical Column                                                                                             (top) 

Sub-Reports in ASP

A sub-report is a report within a report. The process for creating a sub-report is similar to the process of creating a regular report. A sub-report can have most of the characteristics of a report, including its own record selection criteria. The only differences between a sub-report and a primary report are that a sub-report:
1. is inserted as an object in a primary report; it can not stand on its own (Although a sub-report can be saved as a primary report),
2. can be placed in any report section and the entire sub-report will print in that section, and
3. cannot itself contain a sub-report.

There are four instances in which a sub-report would typically be used:
1. To combine unrelated reports into a single report.
2. To coordinate data that can not otherwise be linked.
3. To present different views of the same data within a single report.
4. To perform one-to-many lookups from a field that is not indexed on the lookup field.

Working with sub-reports
A sub-report is a free-standing or linked report found within the main report. Currently, Seagate Crystal Report does not support sub-reports inside of sub-reports. The report iterations can not go more than one sub-report deep. However, you can have multiple sub-reports inside the main report.

Opening the primary report
You must first open the primary report. When you do this, the program returns a handle to the primary report.

Retrieving an interim sub-report handle
You must then identify the sub-report you want to open, using the PEGetNSubreportsInSection and PEGetNthSubreportInSection functions to do this. When you run the PEGetNthSubreportInSection function, the Crystal Report Engine returns an interim, double-word handle to the sub-report you specified.

Retrieving the sub-report name
Once you have the handle, use the PEGetSubreportInfo function to retrieve the name of the sub-report. When you run this function, the double-word handle is passed as the subreportHandle argument. The program retrieves the sub-report name as the name member of the PESubreportInfo structure.

Opening the sub-report and retrieving the job handle
Now that you have the name of the sub-report (the name you assigned the sub-report when you created it in Seagate Crystal Reports), use the PEOpenSubreport function to open the sub-report. When using this function, you pass the name (or pointer to the name, depending on your development tool) as the subreportName argument. The program then opens the specified sub-report and returns a job handle.

Running other Crystal Report Engine functions
Once you have the job handle, you can run any of the other Crystal Report Engine functions with the sub-report, passing the sub-report job handle as the printJob argument.

Example:
Set session("oApp") = Server.CreateObject("Crystal.CRPE.Application")

Set session("oRpt") = session("oApp").OpenReport(path & ReportName, 1)

Set Database = session("oRpt").Database
Set Tables = Database.Tables
Set Table1 = Tables.Item(1)

Set oRptOptions = Session("oRpt").Options
oRptOptions.MorePrintEngineErrorMessages = 1

Set session("oRs") = Conn.Execute(sql1)

Table1.SetPrivateData 3, session("oRs")

Set CRP_Sections = session("oRpt").Sections

For i = 1 To CRP_Sections.count
Set CRP_Section = CRP_Sections.Item(cInt(i))
Set CRP_ReportObjects = CRP_Section.ReportObjects

For j = 1 To CRP_ReportObjects.count
'If the current ReportObject that is found within a section is a
'Subreport, process the following:
If CRP_ReportObjects.Item(j).Kind = 5 Then

'From the ReportObjects object CRP_ReportObjects, extract the current
'report object and set it to the CRP_SubObject using the Item property
Set CRP_SubObject = CRP_ReportObjects.Item(j)

Select Case CRP_SubObject.Name
Case "ReportRiskNotes.rpt"
Set session("oRs2") = Conn.Execute(sql2)
Set CRSubreports = session("oRpt").OpenSubreport("ReportRiskNotes.rpt")
Set Database3 = CRSubreports.Database
set Tables3 = Database3.Tables
set Table1s4 = Tables3.Item(1)

CRSubreports.DiscardSavedData
Table1s4.SetPrivateData 3, session("oRs2")

Case "ReportRiskIncidents.rpt"
Set session("oRs3") = Conn.Execute(sql3)
Set CRSubreports = session("oRpt").OpenSubreport("ReportRiskIncidents.rpt")
Set Database4 = CRSubreports.Database
set Tables4 = Database4.Tables
set Table1s5 = Tables4.Item(1)

CRSubreports.DiscardSavedData
Table1s5.SetPrivateData 3, session("oRs3")

Case "ReportClientPD.rpt"
Set session("oRs1") = Conn.Execute(sql4)
Set CRSubreports = session("oRpt").OpenSubreport("ReportClientPD.rpt")
Set Database2 = CRSubreports.Database
set Tables2 = Database2.Tables
set Table1s = Tables2.Item(1)

CRSubreports.DiscardSavedData
Table1s.SetPrivateData 3, session("oRs1")

Case "ReportRiskHarm.rpt"
Set session("oRs7") = Conn.Execute(sql8)
Set CRSubreports = session("oRpt").OpenSubreport("ReportRiskHarm.rpt")
Set Database8 = CRSubreports.Database
set Tables8 = Database8.Tables
set Table1s9 = Tables8.Item(1)
CRSubreports.DiscardSavedData Table1s9.SetPrivateData 3, session("oRs7")

End Select
End If
Next
Next

session("oRpt").DiscardSavedData

session("oRpt").ReadRecords

-Aruna, Sepia Team Member.