Friday, April 09, 2004

RealPlayer 10 Release Supports More Formats:
"RealNetworks Inc. on Wednesday released the latest version of its digital media player with support for all of the major Internet media formats, including those from competitors Microsoft Corp. and Apple Computer Inc.

RealNetworks of Seattle first announced RealPlayer 10 for Windows in January and said it would include support for playing music purchased through Apple's iTunes, working around Apple's digital rights management technology. "

http://www.eweek.com/article2/0,1759,1563416,00.asp
Researcher Claims Online Anti-virus Scanners Buggy:
"Online scanners from Symantec, McAfee and Panda all contain buffer overflows. One researcher claims an attacker could execute arbitrary code, another just that they could crash the browser. Panda reports their software has been fixed and Symantec denies there is a problem at all. "

http://www.eweek.com/article2/0,1759,1563092,00.asp
Authorama - Public Domain Books:
"Authorama.com, featuring completely free books from a variety of different authors, collected here for you to read online or offline. The books may have been published before, but not in this form, which I hope you find enjoyable to read and print."

http://www.authorama.com/

Thursday, April 08, 2004

Tax Center:
"American Express has created a Web site to help small-business owners learn about new tax developments and interact with other entrepreneurs on tax issues."

http://home3.americanexpress.com/smallbusiness/Landing/tax_center_main.asp?openvan=taxcenter

Wednesday, April 07, 2004

Attrition Security Rant: Anti-Virus Companies: Tenacious Spammers:
"For roughly three years, the Internet has seen worms that spread via e-mail, often taking addresses out of the infected machine's web cache, user addressbook or other sources. Some of these worms will also forge/spoof the 'From:' line so the mail appears to be from someone else, in an attempt to make the mail more 'trusted'. To be clear, here is a sample timeline of how these work:

EvilGuy01 writes and releases a new worm.

Fred is a moron and clicks on an attachment from a stranger, infecting his machine.

The worm mails a copy of itself to everyone in Fred's addressbook.

The mail sent out spoofs the headers of the mail so it may be 'From: George' or 'From: Sally'.

Tom gets a copy of the mail 'From: Sally' and clicks on the attachment, infecting himself.

Tom sends mail to Sally complaining about her evil shenanigans.

Sally replies to Tom with 'd00d WTF?! lol' since she never sent the mail. "

How enterprise AV systems add to the Internet traffic

But wait, it gets worse. Even if friends and family understand that I likely did not send them a virus, some enterprise antivirus program with built-in return messages will state emphatically that I have a virus. Here's how that works: As the forged e-mail enters their enterprise system, that system bounces it back to the apparent sender with a message that authoritatively states, "You are infected with XXX virus." I have hundreds of these bounced e-mail messages claiming that I am infected with MyDoom.f, Netsky.d, or Bagle.c. I'm not.

In the middle of an e-mail virus outbreak, messages such as these--originally intended to provide a useful service--only add to the Internet traffic jam. Brian Martin, a.k.a. Jericho at Attrition.org, wrote a thorough critique of the current methods being used, complete with examples. His conclusion? System administrators need to turn off this "helpful" feature if they haven't already.

Unfortunately, the spoofing problem itself lies deep under the hood of the Internet, within SMTP, Simple Mail Transfer Protocol, the Internet protocol used for sending e-mail. SMTP was created many years ago and lacks a modern method for verifying the authenticity of the sender. With a little finesse, almost anyone can manipulate the header information on an e-mail message to disguise its true origin and make it appear as though someone else sent you a message.

http://reviews-zdnet.com.com/AnchorDesk/4520-7297_16-5128975.html?tag=adss

http://www.attrition.org/security/rant/av-spammers.html
Microsoft Releases Source Code on SourceForge:
"On Monday, Microsoft released some of its code under an open-source license, and posted it on SourceForge, the open-source code repository.

To date, Microsoft has made its source code available under a variety of licensing mechanisms, all under its 'shared source' umbrella. But until today, the company had not released code under what is commonly considered a true open-source license."

Microsoft made available an internally-developed product called the "Windows Installer XML" (WiX) to SourceForge. The code is downloadable here.

WiX is a toolset for building Windows installation packages from XML source code. It runs on Windows NT and Windows 2000.…

http://sourceforge.net/projects/wix/

http://www.microsoft-watch.com/article2/0,1995,1561953,00.asp

Tuesday, April 06, 2004

Microsoft Security Newsletter For Home Users- Current Edition

http://www.microsoft.com/security/home/secnews/current.asp
Executive E-Mail: Current Edition:
"Microsoft Progress Report: Security

Malicious software code has been around for decades. But only in the last few years have the Internet, high-speed connections and millions of new computing devices converged to create a truly global computing network in which a virus or worm can circle the world in a matter of minutes.

Meanwhile, criminal hackers have become more sophisticated, creating and distributing digital epidemics like Slammer, Blaster, Sobig and Mydoom that spread almost instantaneously, threatening the potential of technology to advance business productivity, commerce and communication.

The kinds of threats are evolving too. Blaster, for example, hijacked individual computers, turning innocent users into unknowing and innocent worm propagators. These kinds of attacks – "swarming" attacks that are coordinated to cause multiplied, cascading effects – change the landscape of security threats. They put new demands on IT professionals and consumers to take preventative measures, and on the technology industry to continue to innovate and develop new solutions.…

Given human nature, evolving threat models and the increasing interconnectedness of computers, the number of security exploits will never reach zero. But we can dramatically blunt the impact of cybercriminals, and are dedicating a major portion of our R&D investments to security advances.…"

http://www.microsoft.com/mscorp/execmail/
HOAXBUSTERS Home Page:
"Interspersed among the junk mail and spam that fills our Internet e-mail boxes are dire warnings about devastating new viruses, Trojans that eat the heart out of your system, and malicious software that can steal the computer right off your desk. Added to that are messages about free money, children in trouble, and other items designed to grab you and get you to forward the message to everyone you know. Most all of these messages are hoaxes or chain letters. While hoaxes do not automatically infect systems like a virus or Trojan, they are still time consuming and costly to remove from all the systems where they exist. At CIAC, we find that we spend much more time de-bunking hoaxes than handling real virus and Trojan incidents. These pages describe some of the warnings, offers, and pleas for help that are filling our mailboxes, clogging our mailservers, and that generally do not have any basis in fact.…"

http://hoaxbusters.ciac.org/

Monday, April 05, 2004

MSBlast epidemic far larger than believed - News - ZDNet:
"New data from Microsoft suggests that at least 8 million Windows computers have been infected by the MSBlast, or Blaster, worm since last August--many times more than previously thought.… "

http://zdnet.com.com/2100-1105_2-5184439.html
A Heretical View of File Sharing:
"But what if the industry is wrong, and file sharing is not hurting record sales?

It might seem counterintuitive, but that is the conclusion reached by two economists who released a draft last week of the first study that makes a rigorous economic comparison of directly observed activity on file-sharing networks and music buying.

'Downloads have an effect on sales which is statistically indistinguishable from zero, despite rather precise estimates,' write its authors, Felix Oberholzer-Gee of the Harvard Business School and Koleman S. Strumpf of the University of North Carolina at Chapel Hill. "

http://www.nytimes.com/2004/04/05/technology/05music.html