Search My Blog

Monday, October 31, 2011

Internet Security Threat Report Volume 16 - Build Your Report - Symantec

I try to keep up with Internet Security and Breach Trends. But, the past two years 2010-2011 have had so much going on, that I have almost lost track of what is going on and what the biggest threats are. I found this Custom Report Generator on the Symantec Site today (10-31-11). And while the Report I generated by my selections, is long. It is very helpful info. And it could have been allot longer!:O After reading this over. You may want to go there and generate a Report of your Own...
http://www.symantec.com/business/threatreport/build.jsp

Don

Internet Security Threat Report Volume 16

Custom Report


Threat Activity Trends

During this reporting period, the United States had the most overall malicious activity, with 19 percent of the total—down slightly from 20 percent in 2009, when it also ranked first.

The United States was the top country for originating network attacks in 2010, with 22 percent—down from 24 percent in 2009.

The average daily volume of Web-based attacks observed in 2010 was 93 percent higher than in 2009.

Attacks related to the Phoenix toolkit were the most prominent of the Web-based attack activities observed in 2010, with 39 percent of the top 10 activities observed.

Of the search terms that resulted in visits to malicious websites, 49 percent were in the adult entertainment category.

In 2010, the healthcare sector had the highest percentage of data breaches that could lead to identity theft, with 27 percent—an increase from 15 percent in 2009.

The financial sector was the top sector in 2010 for identities exposed in data breaches, with 23 percent—a decrease from 60 percent in 2009.

The leading cause of data breaches that could lead to identity theft in 2010 was the theft or loss of a computer or other data-storage device, with 36 percent of the total; this is nearly unchanged from its 37 percent total in 2009.

Hacking was the leading source of reported identities exposed in 2010 with 42 percent of the total—down from 60 percent in 2009.

The most exposed type of data in deliberate breaches (hacking, insider breaches, or fraud) was customer-related information, accounting for 59 percent of the total. Customer data also accounted for 85 percent of identities exposed in deliberate breaches.

Of malicious URLs observed on social networking sites during a three-month period in 2010, 66 percent made use of a URL shortening service; of these, 88 percent were clicked at least once.

The United States had the most bot-infected computers in 2010, accounting for 14 percent of the total—an increase from 11 percent in 2009.

Taipei was the city with the most bot-infected computers in 2010, accounting for 4 percent of the total; it also ranked first in 2009, with 5 percent.

In 2010, Symantec identified 40,103 distinct new bot command-and-control servers; of these, 10 percent were active on IRC channels and 60 percent on HTTP.

The United States was the location for the most bot command-and-control servers, with 37 percent of the total.

The United States was the most targeted county by denial-of-service attacks, with 65 percent of the total.

Vulnerability Trends

The total number of vulnerabilities for 2010 was 6253—a 30 percent increase over 4814 vulnerabilities documented in 2009 and the most of any year recorded by Symantec.

The number of new vendors affected by vulnerabilities increased to 1914 in 2010 from 734 in 2009—a 161 percent increase.

Among the new vendors affected by vulnerabilities in 2010, 76 vulnerabilities were rated as being high severity—a 591 percent increase over the 11 such vulnerabilities in 2009.

There were 191 vulnerabilities documented in Chrome in 2010, versus 41 in 2009.

Internet Explorer had the longest average window of exposure to vulnerabilities in 2010, with an average of four days in 2010 (based on a sample set of 47 vulnerabilities).

In 2010, 346 vulnerabilities affecting browser plug-ins were documented by Symantec, compared to 302 vulnerabilities affecting browser plug-ins in 2009.

The highest number of plug-in vulnerabilities affected ActiveX controls, with 117 of the total; this is a decrease from 134 in 2009.

Symantec identified 14 zero-day vulnerabilities in 2010, an increase from 12 in 2009. Eight of these affected Web browsers and browser plug-ins.

In 2010, there were 15 public SCADA vulnerabilities identified; in 2009, the total was 14.

Malicious Code Trends

The top three malicious code families in 2010 were Sality, Downadup, and Mabezat, all of which had a worm component.

The top 10 malicious code families detected in 2010 consisted of five families with worm and virus components, one worm with a backdoor component, two worms, one virus with a backdoor component, and one Trojan.

The top three new malicious code families detected in 2010 were the Ramnit worm, the Sasfis Trojan, and the Stuxnet worm.

In 2010, 56 percent of the volume of the top 50 malicious code samples reported were classified as Trojans—the same percentage as in 2009.

In 2010, Sality.AE was the most prevalent potential malicious code infection in every region except for North America, where Ramnit was the most prevalent.

The percentage of threats to confidential information that incorporate remote access capabilities increased to 92 percent in 2010 from 85 percent in 2009.

In 2010, 79 percent of threats to confidential information exported user data and 76 percent had a keystroke-logging component; these are increases from 77 percent and 74 percent, respectively, in 2009.

In 2010, propagation through executable file sharing accounted for 74 percent of malicious code that propagates—up from 72 percent in 2009.

In December 2010, approximately 8.3 million malicious files were reported using reputation-based detection.

The percentage of documented malicious code samples that exploit vulnerabilities decreased to 1 percent in 2010 from 6 percent in 2009.

Fraud Actvity Trends

The most frequently spoofed organization was banks, which accounted for 56 percent of phishing attacks blocked in 2010.

Credit cards were the most commonly advertised item for sale on underground servers known to Symantec, accounting for 22 percent of all goods and services advertised—an increase from 19 percent in 2009.

The United States was the top country advertised for credit cards on known underground servers, accounting for 65 percent of the total; this is a decrease from 67 percent in 2009.

The top three spam botnets that delivered the highest volume of spam in 2010 were Rustock, Grum, and Cutwail.

India was the leading source of botnet spam in 2010, with 8 percent of the worldwide total.

Approximately three quarters of all spam in 2010 was related to pharmaceutical products.

Threat Activity Trends Introduction

The following section of the Symantec Internet Security Threat Report provides an analysis of threat activity, as well as other malicious activity, and data breaches that Symantec observed in 2010. The malicious activity discussed in this section not only includes threat activity, but also phishing, malicious code, spam zombies, bot-infected computers, and attack origins. Attacks are defined as any malicious activity carried out over a network that has been detected by an intrusion detection system (IDS) or firewall. Definitions for the other types of malicious activities can be found in their respective sections within this report.

This section discusses the following metrics, providing analysis and discussion of the following trends:
  • Malicious activity by source
  • Web-based attack prevalence
  • Web-based attack activity
  • Malicious websites by search term
  • Data breaches that could lead to identity theft
    • By sector
    • By cause
    • Type of information exposed in deliberate breaches
  • Malicious shortened URLs on social networking sites
  • Bot-infected computers

Malicious Activity by Source

Background

Malicious activity usually affects computers that are connected to high-speed broadband Internet because these connections are attractive targets for attackers. Broadband connections provide larger bandwidth capacities than other connection types, faster speeds, the potential of constantly connected systems, and typically a more stable connection. Symantec categorizes malicious activities as follows:

Malicious code: This includes viruses, worms, and Trojans that are covertly inserted into programs. The purposes of malicious code include destroying data, running destructive or intrusive programs, stealing sensitive information, or compromising the security or integrity of a victim’s computer data.

Spam zombies: These are compromised systems that are remotely controlled and used to send large volumes of junk or unsolicited emails. These emails can be used to deliver malicious code and phishing attempts.

Phishing hosts: A phishing host is a computer that provides website services for the purpose of attempting to illegally gather sensitive, personal and financial information while pretending that the request is from a trusted, well-known organization. These websites are designed to mimic the sites of legitimate businesses.

Bot-infected computers: These are compromised computers that are being controlled remotely by attackers. Typically, the remote attacker controls a large number of compromised computers over a single, reliable channel in a bot network (botnet), which is then used to launch coordinated attacks.

Network attack origins: This measures the originating sources of attacks from the Internet. For example, attacks can target SQL protocols or buffer overflow vulnerabilities.

Methodology

This metric assesses the sources from which the largest amount of malicious activity originates. To determine malicious activity by source, Symantec has compiled geographical data on numerous malicious activities, including malicious code reports, spam zombies, phishing hosts, bot-infected computers, and network attack origin.

The proportion of each activity originating in each source is then determined. The mean of the percentages of each malicious activity that originates in each source is calculated. This average determines the proportion of overall malicious activity that originates from the source in question and the rankings are determined by calculating the mean average of the proportion of these malicious activities that originated in each source.

Data

Table 1. Malicious activity by source: overall rankings, 2009–2010
Source: Symantec Corporation


Table 2. Malicious activity by source: malicious code, 2009–2010
Source: Symantec Corporation


Table 3. Malicious activity by source: spam zombies, 2009–2010
Source: Symantec Corporation


Table 4. Malicious activity by source: phishing hosts, 2009–2010
Source: Symantec Corporation


Table 5. Malicious activity by source: bots, 2009–2010
Source: Symantec Corporation


Table 6. Malicious activity by source: network attack origins, 2009–2010
Source: Symantec Corporation


Commentary

Frontrunners continue to pull away from the pack: In 2010, the United States and China were once again the top sources for overall malicious activity. The United States saw an increase in spam zombies, phishing hosts, and bot-infected computers during this reporting period, which are all related to botnet activity. The United States is the main source of bot-infected computers for Rustock, one of the largest and most dominant botnets in 2010, and for the botnet associated with the Tidserv Trojan. At the end of 2010, Rustock was estimated to have 1.1 million to 1.7 million bots and accounted for 48 percent of all botnet spam sent out during the year. The Tidserv Trojan uses an advanced rootkit to hide itself on a computer, and over half of all infected computers that were part of this botnet were located in the United States in 2010. As such, these factors would have contributed to the increases in spam zombie and bot-infection percentages for the United States. China's rise as a source of malicious activity is related to a spike in Web-based attacks originating from compromised computers and Web servers based there. Much of this activity was linked to ZeuS activity. Symantec will monitor this activity and provide more detail in future reports if the activity continues.
Jockeying for position after the frontrunners: The bottom eight of the top 10 sources continue to be separated by a narrow margin. Beyond the United States and China, there was only a 4 percent difference (after rounding) for overall malicious activity between the remaining eight sources of the top 10 during this reporting period. The same limited percentage difference was also the case in 2009. This suggests that it would only take a small shift in the overall malicious activity landscape to affect the rankings. As such, it may be likely that the rankings of the countries in this bottom eight group for malicious activity will vary for the next reporting period without any dramatic shifts in malicious activity occurring.

Spam zombies drop significantly in China: China’s rank in spam zombies dropped from eighth in 2009 to 23rd in 2010. This drop in spam zombie activity may be related to the drop in spam originating from China in 2010, which, in turn, may be due to increased regulations governing domain registration there. Potential registrants can no longer register a .cn domain name anonymously and are required to provide paper application forms, official business seals, and an identity card. The amount of spam originating from .cn domains has decreased from over 40 percent of all spam detected in December 2009 to less than 10 percent by March 2010. The decrease in spam originating from China may also be due to new regulations issued by China’s Ministry of Information Industry (MII) in March 2010. These regulations require all ISPs to register the IP addresses of their email servers with Chinese authorities and to maintain logs of all email traffic for at least 60 days.
Spam zombies dominant in Brazil: Brazil has ranked first in spam zombies for the past three reporting periods. Factors that influence this high ranking may include the prominence of large, dominant botnets in Brazil. Brazil is a strong source of bot-infected computers for major botnets that send out spam email messages, including Rustock, Maazben, and Ozdok (Mega-D).

Web-Based Attack Prevalence

Background

The circumstances and implications of Web-based attacks vary widely. They may target specific businesses or organizations, or they may be widespread attacks of opportunity that exploit current events, zero-day vulnerabilities, or recently patched and publicized vulnerabilities against which some users are not yet protected. While some major attacks garner significant attention when they occur, examining overall Web-based attacks provides insight into the threat landscape and how attack patterns may be shifting. Moreover, analysis of the underlying trend can provide insight into potential shifts in Web-based attack usage and can assist in determining the likelihood of Web-based attacks increasing in the future.

Methodology

This metric assesses changes to the prevalence of Web-based attack activity by comparing the overall volume of activity and the average number of attacks per day in each month during the current and previous reporting periods. These monthly averages are based on telemetry data of opt-in participants and, therefore, may not be directly synonymous with overall activity levels or fluctuations that occurred as a whole. However, underlying trends observed in the sample data provide a reasonable representation of overall activity trends.

Data

Read More and See Graphics...
http://www.symantec.com/business/threatreport/print.jsp?id=threat_activity,vulnerabilities,malicious_code,fraud_activity,threat_activity_trends_introduction,malicious_activity_by_source,web_based_attack_prevalence,web_based_att ack_activity,malicious_websites_by_search_term,data_breaches,malicious_shortened_urls,bot_infected_computers,vulnerability_trends_introduction,total_number_of_vulnerabilities,browser_vulnerabilities,browser_window_of_exposure,browser_plug_in_vulnerabilities,zero_day_vulnerabilities,scada_vulnerabilities,malicious_code_trends_introduction,top_malicious_code_families,malicious_code_features,malicious_code_types_by_region,confidential_information_threats,propagation_mechanisms,enterprise_best_practices,consumer_best_practices

Symantec tagged Attack Nitro July - mid-September infecting 48 firms Poison Ivy remote-access Trojan (RAT)
'Nitro' hackers use stock malware to steal chemical, defense secrets - Computerworld
symantec - Google Search
Symantec - AntiVirus, Anti-Spyware, Endpoint Security, Backup, Storage Solutions
Viruses - Spyware - Internet Protection - Latest New Computer Viruses | Security Response
Symantec - Wikipedia, the free encyclopedia
Search Results: The Nitro Attacks
Symantec Survey Finds Global Critical Infrastructure Providers Less Aware and Engaged in Government Programs
W32.Gaobot.BQJ Technical Details | Symantec
What a Difference a Year Makes: Changing Attitudes and Participation in Government Critical Infrastructure Protection Programs | Symantec Connect Community
W32.Gaobot.CII Technical Details | Symantec
Internet Security Threat Report | Symantec
Build Your Report | Symantec
Build Your Report | Symantec
Threat Explorer - Spyware and Adware, Dialers, Hack tools, Hoaxes and other risks
nitro attacks stealing secrets from the chemical industry - Google Search

The Nitro Attacks Stealing Secrets from the Chemical Industry

The Nitro Attacks Stealing Secrets from the Chemical Industry.




By Eric Chien and Gavin O’Gorman.

Introduction

This document discusses a recent targeted attack campaign directed primarily at private companies involved in the research, development, and manufacture of chemicals and advanced materials. The goal of the attackers appears to be to collect intellectual property such as design documents, formulas, and manufacturing processes. In addition, the same attackers appear to have a lengthy operation history including attacks on other industries and organizations. At-tacks on the chemical industry are merely their latest attack wave. As part of our investigations, we were also able to identify and con-tact one of the attackers to try and gain insights into the motivations behind these attacks. As the pattern of chemical industry tar-gets emerged, we internally code-named the attack campaign Nitro. The attack wave started in late July 2011 and continued into mid-September 2011. However, artifacts of the attack wave such as Command and Control (C&C) servers are also used as early as April 2011 and against targets outside the chemical industry The purpose of the attacks appears to be industrial espionage, collecting intellectual property for competitive advantage. Targets The attackers have changed their targets over time. From late April to early May, the attackers focused on human rights related NGOs. They then moved on to the motor industry in late May. From June until mid-July no activity was detected. At this point, the current attack campaign against the chemical industry began. This particular attack has lasted much longer than previous attacks, spanning two and a half months. A total of 29 companies in the chemical sector were confirmed to be targeted in this attack wave and another 19 in various other sectors, primarily the defense sector, were seen to be affected as well. These 48 companies are the minimum number of companies targeted and likely other companies were also targeted. In a recent two week period, 101 unique IP addresses contacted a command and control server with traffic consistent with an infected machine. These IPs represented 52 different unique Internet Service Providers or organizations in 20 countries. Companies affected include: Multiple Fortune 100 companies involved in research and development of chemical compounds and advanced materials. Companies that develop advanced materials primarily for military vehicles. Companies involved in developing manufacturing infrastructure for the chemical and advanced materials industry. Attack methodology The attackers first researched desired targets and then sent an email specifically to the target. Each organization typically only saw a handful of employees at the receiving end of these emails. However, in one organization almost 500 recipients received a mail, while in two other organizations, more than 100 were selected. While the attackers used different pretexts when sending these malicious emails, two methodologies stood out. First, when a specific recipient was targeted, the mails often purported to be meeting invitations from established business partners. Secondly, when the emails were being sent to a broad set of recipients, the mails purported to be a necessary security update. The emails then contained an attachment that was either an executable that appeared to be a text file based on the file name and icon, or a password-protected archive containing an executable file with the password provided in the email. In both cases, the executable file was a self-extracting executable containing PoisonIvy, a common backdoor Trojan developed by a Chinese speaker. When the recipient attempted to open the attachment, they would inadvertently execute the file, causing Poi-sonIvy to be installed. Once PoisonIvy was installed, it contacted a C&C server on TCP port 80 using an encrypt-ed communication protocol. Using the C&C server, the attackers then instructed the compromised computer to provide the infected computer’s IP address, the names of all other computers in the workgroup or domain, and dumps of Windows cached password hashes. By using access to additional computers through the currently logged on user or cracked passwords through dumped hashes, the attackers then began traversing the network infecting additional computers. Typically, their primary goal is to obtain domain administrator credentials and/or gain access to a system storing intellectual property. Domain administrator credentials make it easier for the attacker to find servers hosting the desired intellectual property and gain access to the sensitive materials. The attackers may have also downloaded and installed additional tools to penetrate the network further. While the behavior of the attackers differs slightly in each compromise, generally once the attackers have identified the desired intellectual property, they copy the content to archives on internal systems they use as internal staging servers. This content is then uploaded to a remote site outside of the compromised organization completing the attack. Page 2 The Nitro Attacks: Stealing Secrets from the Chemical Industry Security Response Geographic Spread Figure 1 shows the location of infected computers. This data is derived from the IP addresses of machines connecting back to the command and control server The majority of infected machines are located in the US, Bangladesh and the UK; however, overall there is wide geographical spread of infections. Figure 1 Geographic location of infected computers Figure 2 shows the country of origin of the organizations targeted by these at-tacks. While the US and UK again figure highly here, overall the geographical spread is different. This means that the infected computers are rarely located within the organizations’ headquarters or country of origin. Figure 2 Country of origin of targeted organizations* 2 Denmark UK 5 USA 12 Belgium 1 1 Netherlands 1 Italy 1 Japan 1 Saudi Arabia *Additional confirmed infections exist; however, they did not contact the command and control server during the two-week period we were monitoring it. Page 3 Security Response The Nitro Attacks: Stealing Secrets from the Chemical Industry There are two possible explanations for this: The attackers are targeting sites, or individuals in certain sites, which they know have access to certain data that is of interest to the attacker. The attackers are targeting sites or individuals that they believe have less security measures in place and are therefore an easier access point into the victims’ networks. We can conclude that the attackers are not targeting organizations in a particular country. Attribution The attacks were traced back to a computer system that was a virtual private server (VPS) located in the United States. However, the system was owned by a 20-something male located in the Hebei region in China. We internally have given him the pseudonym of Covert Grove based on a literal translation of his name. He attended a vocational school for a short period of time specializing in network security and has limited work experience, most recently maintaining multiple network domains of the vocational school. Covert Grove claimed to have the U.S.-based VPS for the sole purpose of using the VPS to log into the QQ instant message system, a popular instant messaging system in China. By owning a VPS, he would have a static IP ad-dress. He claims this was the sole purpose of the VPS. And by having a static IP address, he could use a feature provided by QQ to restrict login access to particular IP addresses. The VPS cost was RMB200 (US$32) a month. While possible, with an expense of RMB200 a month for such protection and the usage of a US-based VPS, the scenario seems suspicious. We were unable to recover any evidence the VPS was used by any other authorized or unauthorized users. Further, when prompted regarding hacking skills, Covert Grove immediately provided a contact that would perform ‘hacking for hire’. Whether this contact is merely an alias or a different individual has not been determined. We are unable to determine if Covert Grove is the sole attacker or if he has a direct or only indirect role. Nor are we able to definitively determine if he is hacking these targets on behalf of another party or multiple parties. Technical details As mentioned above, the threat used to compromise the targeted networks is Poison Ivy, a Remote Access Tool (RAT). This application is freely available from poisonivy-rat.com. It comes fully loaded with a number of plug-ins to give an attacker complete control of the compromised computer. Delivery The method of delivery has changed over time as the attackers have changed targets. Older attacks involved a self-extracting archive with a suggestive name, for example: “Human right report of north Africa under the war. scr”. The most recent attacks focusing on the chemical industry are using password-protected 7zip files which, when extracted, contain a self-extracting executable. The password to extract the 7zip file is included in the email. This extra stage is used to prevent automated systems from extracting the self-extracting archive. Some example file names using this technique include: AntiVirus_update_package.7z acquisition.7z offer.7z update_flashplayer10ax.7z Page 4 The Nitro Attacks: Stealing Secrets from the Chemical Industry Security Response An example of an email used to send the attachment can be seen in figure 3. Figure 3 Malicious email The email is quite generic, applicable to any corporate user. Some of the subject lines will vary and may include the name of the targeted company in an attempt to be more convincing.



Threat details...


Download the PDF from Symantec to Read more and see Graphics...
In a paper published today, 10-31-2011 (download PDF). Symantec researchers spelled out their analysis of the Nitro attacks and the use of Poison Ivy.


Build Your Own Report | Symantec (my selections)...
http://www.symantec.com/business/threatreport/print.jsp?id=threat_activity,vulnerabilities,malicious_code,fraud_activity,threat_activity_trends_introduction,malicious_activity_by_source,web_based_attack_prevalence,web_based_att ack_activity,malicious_websites_by_search_term,data_breaches,malicious_shortened_urls,bot_infected_computers,vulnerability_trends_introduction,total_number_of_vulnerabilities,browser_vulnerabilities,browser_window_of_exposure,browser_plug_in_vulnerabilities,zero_day_vulnerabilities,scada_vulnerabilities,malicious_code_trends_introduction,top_malicious_code_families,malicious_code_features,malicious_code_types_by_region,confidential_information_threats,propagation_mechanisms,enterprise_best_practices,consumer_best_practices

Don

Symantec tagged Attack Nitro July - mid-September infecting 48 firms Poison Ivy remote-access Trojan (RAT)
'Nitro' hackers use stock malware to steal chemical, defense secrets - Computerworld
symantec - Google Search
Symantec - AntiVirus, Anti-Spyware, Endpoint Security, Backup, Storage Solutions
Viruses - Spyware - Internet Protection - Latest New Computer Viruses | Security Response
Symantec - Wikipedia, the free encyclopedia
Search Results: The Nitro Attacks
Symantec Survey Finds Global Critical Infrastructure Providers Less Aware and Engaged in Government Programs
W32.Gaobot.BQJ Technical Details | Symantec
What a Difference a Year Makes: Changing Attitudes and Participation in Government Critical Infrastructure Protection Programs | Symantec Connect Community
W32.Gaobot.CII Technical Details | Symantec
Internet Security Threat Report | Symantec
Build Your Report | Symantec
Build Your Report | Symantec
Threat Explorer - Spyware and Adware, Dialers, Hack tools, Hoaxes and other risks
nitro attacks stealing secrets from the chemical industry - Google Search

Creating PCBs with the toner transfer method

Creating PCBs with the toner transfer method

There are many webpages explaining how to create printed circuit boards (PCBs) without having to use UV light and photoresist. However, most of them are bloated, unsurveyable or incomplete. This page is an attempt to document the process in a concise way. If you want to have more details, this may be a good place to look.

Requirements

  • A blank PCB, without a photoresist layer. If you only have boards with such a layer, you need to remove it first with a solvent like acetone.
  • A type of paper, coated with a thin wax-like layer on one side, and easily dissolvable in water. Most inkjet 'photo-paper' is good. Some are better than others. Some companies like PulsarProFX produce special toner-transfer paper which has a kind of sugar-based coating. The toner sticks to this coating, which dissolves completely when soaked in water. The result is a very clean transfer that can also be used to transfer colour laser prints onto various surfaces. The method can also be extended to produce decals that will stick to about any surface, even curved. However, this paper is pretty expensive and hard to get outside the US.
  • A laser printer with ordinary toner, 600dpi is recommended.
  • A clothes iron.
  • Acetone.
  • A kind of abrasive sponge, like a scotchbrite pad, or steel wool. Some people say that steel wool may contaminate the copper, but others have used it without problems.
  • Paper towel
  • A toothbrush or similar semi-soft brush
  • An etchant. The traditional etchant for copper is Ferric Chloride, but a cheap and very good alternative is a mixture of Hydrogen Chloride (HCl) and Hydrogen Peroxide (H2O2). Contrary to FeCl3, it's completely transparent, and very cheap (depending on where you get the chemicals).
  • Safety goggles and gloves.

Method

Creating the design

Your final PCB design should consist of a mirrored black-and-white bitmap of the copper pattern of the bottom of the PCB. This can be made in any way, ranging from the output from an expensive professional program to something you draw in the GIMP. A 300dpi image will do fine, anything above 600dpi is overkill.
Strictly spoken, holes are not necessary because you'll drill them anyway, but small holes in your design will make drilling a lot easier, first because you can see where to drill and second because the small hole in the copper will 'guide' the drill when biting into in the PCB. For this last effect to work, you should keep holes small, I use a diameter of 1/60" (0.42mm or 5 pixels in a 300dpi image).

Speaking about holes, if you're going to drill them manually, try to align as many holes on the same lines parallel with the edges of the PCB as possible. This will make it a lot easier and faster to drill them with a drill press, if it has a guide system (improvised or built-in).

Theoretically, everything you can print in a 300dpi image can end up as a copper trace, pad or letter on your print. In practice, anything thinner than 2/300 inch (2 pixels in a 300dpi image) can be problematic. Avoid using 1/300 inch lines or spacings for structures that are supposed to conduct electricity.
1/300 inch lines may actually work if you keep them away from the edges of the PCB. As a general rule, either avoid putting any fine structures near the edges, or cut the PCB to a size slightly larger than required for the design (and saw off the redundant parts after the transfer). This is because it's harder to properly transfer the toner near the edges. Fine edges may smear, and/or not stick. You can see this below in the photos of the test PCB I made, of which the design is shown at the right.

If you're going to create a double-sided PCB, you will need to include some reference points that match on both sides. It's a good idea to include the edges of the PCB, but you may also put some extra marks outside the PCB area. This will make it easier to verify that the patterns are still aligned once you have sandwiched the PCB between them. You can slightly reduce the need for perfect alignment, by making the 'via' solder pads of one of the sides slightly larger and not drawing drill holes in them.

Printing the design

Read More and see Detailed Instructions...
http://www.dr-lex.be/hardware/tonertransfer.html

Dr. Lex' Site

Other potentially useful pages: the sitemap and the contact page.


Great info and well written instructions. I will want to come back to this one, when I get around to making my own PCB...

Don


Boeing to establish center in Florida for new spaceship program - latimes.com

Money & Company

Tracking the market and economic trends
that shape your finances.

« Previous Post | Money & Company Home

Boeing to establish center in Florida for new spaceship program

Aerospace giant Boeing Co. announced plans to establish a headquarters for its new spaceship program at NASA’s Kennedy Space Center in Cape Canaveral, Fla.

The Chicago company is in the process of developing a seven-person spaceship, dubbed the Crew Space Transportation-100, for the job of ferrying astronauts to and from the International Space Station now that the space shuttle program is over.

Boeing will consolidate the program’s engineering and manufacturing operations, which are now spread across the country in space-centric cities like Huntington Beach, Houston and Huntsville, Ala. Boeing’s decision is expected to bring back high-paying aerospace jobs to the nation’s “space coast,” near Cape Canaveral, which lost thousands of jobs when the shuttle program was retired this year.

"We selected Florida due to the cost benefits achieved with a consolidated operation, the skilled local workforce and proximity to our NASA customer,” John Mulholland, Boeing’s program manager of commercial programs, said in a statement.

Boeing estimated that the workforce at Kennedy Space Center will ramp up to 550 local jobs by December 2015. Although that's a relatively small number compared with the tens of thousands employed during the shuttle program, the announcement was heralded by state officials.

Read More...
http://latimesblogs.latimes.com/money_co/2011/10/boeing-nasa-florida-space.html


News 10-29-11
Google takes another shot at the TV market | Reuters
Linux Today - The Linux Desktop: Rich with educational software
Linux Today - Apple open sources its ALAC lossless audio codec
Ants duke it out in the AI challenge - Hack a Day
Upgrading a solar lamp to charge an iPad - Hack a Day
Halloween Hacks: Arc reactor costume - Hack a Day
HowStuffWorks "Top 10 Filming Locations to Visit"
Diabetes and Weight Loss: Diet Plan and Exercise Recommendations
Diabetes: Tips for Daily Foot Care
Diabetes Body Care: Feet, Skin, Eyes, Teeth, and Heart
How to Make Tea Using a Coffee Pot - wikiHow
A first look at Google TV 2.0 - YouTube
Crawling zombie is shockingly creepy - Hack a Day
Linux Today - A Puppy for Slackers
Linux Today - Interview: Eagle Genomics, open source solution provider for genome content management
Linux Today - Open Source Clouds: Linux Distributions Choose Sides
DIY thermostat keeps the harsh winter cold at bay - Hack a Day
3D printed electromechanical computer - Hack a Day
HP has another crack at fondleslab market • The Register
Obama ‘Bundlers’ Have Ties to Lobbying - NYTimes.com
Cord Cutters: A first look at Google TV 2.0 - YouTube
New CPR technique revives man after 63 minutes without pulse | Video | Reuters.com
Myspace Music And Songtrust - For a nominal monthly fee...
Linux Today - The Kernel Panel at LinuxCon Europe
Linux Today - Linux Foundation proposes to use UEFI to make PCs secure and free
DonsDeals: Cellphone battery booster built at the checkout counter - Hack a Day
Games & Mods | Desura
DESURA! Steam like Client for Linux Gaming! - YouTube
A place to learn about computer software, security and games, popular physics, life, 3d art, models, and more

News 10-30-11
Asteroid may have core of hot melted metal - Technology & science - Space - Space.com - msnbc.com
Two DJ Hero controllers turned into a giant Etch A Sketch - Hack a Day
Haqqani Network Sends Message With Kabul Attacks - NYTimes.com
Storm Leaves More Than 2 Million Without Power - NYTimes.com
Snow Comes Early to East Coast - Slide Show - NYTimes.com

News 10-31-11
3G connected hotspot hangs out at your house - Hack a Day
Insanely kludgy pen plotter actually works - Hack a Day
Boeing to establish center in Florida for new spaceship program - latimes.com
Automated CD ripper build from Lego and other parts - Hack a Day
One Million Still in Dark After Snowstorm - NYTimes.com
Officials Bust Drug-Smuggling Ring Linked to Mexican Cartel - NYTimes.com
Rich text editor, CommentHeaderMessage, press ALT 0 for help.
NASA: NASA awards $269.3 million to four firms to privately develop rockets and spacecraft - Los Angeles Times

Sunday, October 30, 2011

Hewlett Packard: What's going on with HP Now? (10-30-11)

From the Article:

(Saab, Hewlett Packard: Deals to Watch

Skipping on down to the HP info...

After two months of uncertainty, HP's(HPQ_) new CEO Meg Whitman has made her second decisive stamp on the world's largest computer maker in a month, by announcing the company will retain its division. HP announced on Thursday, after spending the last few months considering a spinoff of its computer business - that it was too important to overall revenue and the company's supply chain to be cut.

"HP objectively evaluated the strategic, financial and operational impact of spinning off PSG. It's clear after our analysis that keeping PSG within HP is right for customers and partners, right for shareholders, and right for employees," explained HP CEO Meg Whitman, in a statement released after market close on Thursday.

HP rose nearly 5% to $28.34 a share in early trading. The stock, which is down over 30% year to date and is one of the Dow Jones Industrial average's worst performer, has recovered over a quarter of its value since Whitman's CEO nomination.

Read more...
http://www.thestreet.com/story/11292527/1/saab-hewlett-packard-deals-to-watch.html

Related Videos on HP...

Visit msnbc.com for breaking news, world news, and news about the economy






  1. HP's Bradley Says WebOS Report `Unfounded Rumor'

    youtube.comNew2 days ago - 8 min - Uploaded by Bloomberg
    Oct. 28 (Bloomberg) -- Todd Bradley, executive vice president of the personal systems group at Hewlett-Packard ...
  2. Video: HP Keeps Its Computers

    msnbc.msn.comNew2 days ago
    Hewlett-Packard has been on a wild ride since news went public that former CEO Leo Apotheker was considering ...
  3. White Says HP Should Move to Cloud Computing ...

    youtube.comNew3 days ago - 8 min - Uploaded by Bloomberg
    Oct. 27 (Bloomberg) -- Brian White, an analyst at Ticonderoga Securities LLC, talks about Hewlett-Packard Co ...


The Original Report I found on Friday, August 19, 2011

HP to 'Reinvent' Company With Return to Roots

Q


By spinning off Hewlett-Packard Co. (HPQ)'s personal-computer business, Chief Executive Officer Leo Apotheker is shedding a unit the founders never liked anyway.

David Packard only reluctantly agreed to focus on PCs in the early 1990s. And Walter Hewlett, a board member and son of co-founder Bill Hewlett, mounted an unsuccessful campaign to block the 2002 acquisition of Compaq Computer Corp., a deal that vaulted Hewlett-Packard to the top of the PC industry.

From Hewlett-Packard's beginnings in 1939, the company's founders set out to invent one-of-a-kind products and tools for engineers. They never intended to become the biggest provider of a commodity product, said Michael Cusumano, a professor at the Massachusetts Institute of Technology's Sloan School of Management. Now that PC profits are waning amid competition from Asian rivals, Apotheker is poised to return to that philosophy.

"Their DNA never included being a commodity consumer products manufacturer, which is what the PC has become," Cusumano said. "It's certainly not where the action and innovation is in the business these days. They can reinvent themselves. They may have the capability to do it."

While the PC unit accounted for 30 percent of sales last quarter, it only generated a 5.9 percent operating margin. That's less than at any other division in the company.

Hewlett-Packard, based in Palo Alto, California, dropped $5.91, or 20 percent, to $23.60 at 4 p.m. on the New York Stock Exchange, the biggest decline since October 1987.

IBM's Deal

Read More...
http://www.bloomberg.com/news/2011-08-19/hp-s-pc-spinoff-would-reinvent-company-with-return-to-roots.html

Go to my Previous Post on, "HP to ‘Reinvent’ Company With Return to Roots - Bloomberg" to Read More and See Video...
http://donsdeals.blogspot.com/2011/08/hp-to-reinvent-company-with-return-to.html


Hewlett Packard - What's going on with HP now? (10-30-11)
hp bankruptcy - Google Search
HP Media Alert: Hewlett-Packard Statement on Comdisco Inc. Bankruptcy Proceedings
Bankruptcy & HP
HEWLETT-PACKARD CO (HPQ:New York): Transactions - BusinessWeek
Is HP going bankrupt? Stock crashed and layoffs? - Yahoo! Answers
hp bankruptcy - Google Search
HP Will Not Close PC Division, Will Keep On Making Computers For Years To Come
Google Custom Search
HP leases Chelsea Art Museum building for 10 years - NYPOST.com
Saab, Hewlett Packard: Deals to Watch - TheStreet
Hewlett Packard - Google Custom Search on DonsDeals Blpg
hp bankruptcy - Google Search
hewlett packard bankruptcy - Google Search
HP's Bradley Says WebOS Report `Unfounded Rumor' - YouTube
msnbc video: HP Keeps Its Computers
White Says HP Should Move to Cloud Computing, Drop PCs - YouTube