http://maps.google.com/maps?client=safari&oe=UTF-8&ie=UTF8&q=Omeonga+Democratic+Republic+of+the+Congo&fb=1&gl=us&ei=dIuYS9PmCpawiwP_8eHMAw&ved=0CBIQpQY&hl=en&view=map&geocode=FT1dyP8dXiF1AQ&split=0&iwloc=A&sa=X

A Cease and Desist letter is a good idea, but I would have a lawyer draft it. It shouldn't cost that much money and your attorney would be careful not to put anything in there that would force you into Court unless you wanted to. Sending legal looking letters on your own is a bad idea, you might accidentally run afoul of laws related to frivolous lawsuits and torturous interference. Something like that shouldn't take more than a couple of hours of a lawyers time and your company probably already has retained a business lawyer, anyway. If you really want to save time, search for standard Cease and Desist letter language, there must be examples all over the internet, probably some specific to this type of action, rework it to your case and give it to your lawyer for review and clean up. If you do file a case, coming up with damages you can defend might be difficult, but you should try to estimate, anyway. That figure could be used in the Cease and Desist letter to help push them over.

Just start watching the ones with Christopher Eccleston and then onto David Tenant. You'll enjoy the series and you don't really need to watch the older ones. You can always take a break mid-series and watch older ones for more context. When I was a kid, I watched old doctors, but they're a bit campy, now. Nothing wrong with them, I'm sure some folks love them more than the new ones. Enjoy the show and catch up quick. BBC is starting up the next doctor soon enough.

I just sent a note off to US-CERT. Anyone else reading this and experiencing these attacks, feel free to list them here.

I've received 1 email from one friend and 4 from another. I've been warning the To: list to not click on the link and suggesting to my friends their machines may be compromised. However, after the second link, I now wonder if its the email account that has been compromised (password hacked or Yahoo has a security hole).

Please go read the Dunning-Kruger Effect on that website. You'll find that you are smack dab in the category of "untrained person thinks they know what they're talking about". Seriously. It's very easy to ridicule a science when you're not well versed in the topic. I'm not saying it's beyond your ability to understand or that you have to spend a year of work to understand it. Just go and really read up on the science. Talking points are fun to use in a debate. They can win applause from the crowd. They are not science.

http://www.skepticalscience.com/microsite-influences-on-global-temperature.htm

http://www.skepticalscience.com/co2-measurements-uncertainty.htm

Your family business should have a lawyer, speak to that person. Consider asking someone for indemnification, like your current employer. You are probably duty bound to bring potential copyright violations to your employer's attention; I bet they have a no violation policy. Send them something formal (email might do, letter is better) advising them of your concern. At least you are on record. If they do nothing or even say they will accept responsibility, then you can request indemnification for you and/or your family's business. All of this, however, should be reviewed with an attorney under confidentiality *before* you take action.

The fundamental problem is that the password (or its material) is sent through the encrypted SSL channel instead of being integrated into it. The SSL negotiation should use the password to (re)generate the shared secret. If the server doesn't have the password (or password derived bits), it won't be able to communicate with the client. Similarly for the client. Why does this matter? A Man In The Middle attack is more difficult to stage because the client can detect that the middle man has no knowledge of the password during the secret key negotiation phase. It is still possible for the MITM to guess the key (at chance) and depending upon the protocol, the MITM might be able to extract information about the password that allows better than chance guessing; this all depends upon the design of the protocol. There are plenty of protocols out there both freely available and patented that solve this problem. The patent for Encrypted Diffie Hellman has just expired and ought to be used by everyone, now. The problem is that SSL hardware accelerators won't work as expected, since they take the server key and pass the client credentials (password or its derived material) back to the application server for login. With an updated (more secure system), the password verifiers will have to be pushed down into the hardware accelerators, which means the hardware accelerator will have to "know" about the users, keep a user database. IT nightmare. Plus, that accelerator is sitting at the network edge, so you've got all of the user/password verifier info residing in close proximity to the internet (and hackers). I still think it's better than sending your password (material, verifier) over a channel to a remote server. Anyone can be tricked into doing it.