Stealth virus warning

By Munir Kotadia, ZDNet Australia

Organized criminals are advertising networks of zombie computers for rent on underground newsgroups and Web pages. When they receive an order for a botnet of a certain size, they set about trying to infect computers using infected email attachments or socially-engineered spam with links to malicious Web pages. As soon as they infect enough computers to fulfill the order, they stop using that particular piece of malware.

“Virus authors are choosing not to create global epidemics--such as Melissa or Blaster--because that distracts them from their core business of creating and selling botnets, according to antivirus experts.

Botnets are groups of computers that have been infected by malware that allows the author to control the infected PCs, and then typically use them to send spam or launch DDoS attacks.

Speaking at the AusCERT conference on Australia's Gold Coast on Tuesday, Eugene Kaspersky, founder of Kaspersky Labs, said that the influence of organised crime on the malware industry has led to a change of tactics, echoing comments made in March of this year by Mikko Hyppönen of F-Secure. Instead of trying to create viruses and worms that infect as many computers as possible, malware authors are instead trying to infect 5,000 or 10,000 computers at a time to create personalized zombie armies.

"Do I need a million computers to send spam? No. To do a DDoS attack, 5,000 or 10,000 PCs is more than enough. That is why virus writers and hackers have changed their tactics of infection--they don't need a global epidemic," said Kaspersky.…”

http://news.zdnet.com/2100-1009_22-5719765.html?tag=nl.e589

Microsoft security guru: Jot down your passwords

By Munir Kotadia, ZDNet Australia

“Companies should not ban employees from writing down their passwords because such bans force people to use the same weak term on many systems, according to a Microsoft security guru.

Speaking on the opening day of a conference hosted by Australia's national Computer Emergency Response Team, or AusCERT, Microsoft's Jesper Johansson said that the security industry has been giving out the wrong advice to users by telling them not to write down their passwords. Johansson is senior program manager for security policy at Microsoft.

"How many have (a) password policy that says under penalty of death you shall not write down your password?" asked Johansson, to which the majority of attendees raised their hands in agreement. "I claim that is absolutely wrong. I claim that password policy should say you should write down your password. I have 68 different passwords. If I am not allowed to write any of them down, guess what I am going to do? I am going to use the same password on every one of them."

According to Johansson, use of the same password reduces overall security.

"Since not all systems allow good passwords, I am going to pick a really crappy one, use it everywhere and never change it," Johansson said. "If I write them down and then protect the piece of paper--or whatever it is I wrote them down on--there is nothing wrong with that. That allows us to remember more passwords and better passwords."

Johansson said the security industry had been giving out the wrong advice about passwords for 20 years.…”

Microsoft security guru wants you to jot down your passwords? by ZDNet's George Ou -- http://blogs.zdnet.com/Ou/wp-trackback.php?p=63

http://news.zdnet.com/2100-1009_22-5716590.html

Windows XP Video Decoder Checkup Utility

“The Windows XP Video Decoder Checkup Utility helps you determine if an MPEG-2 video decoder (also called a DVD decoder) is installed on your Windows XP computer and whether or not the decoder is compatible with Windows Media Player 10 and Windows XP Media Center Edition.

An MPEG-2 decoder is software that allows you to play DVDs and files that contain video content that was encoded in the MPEG-2 format (such as DVR-MS files, MPG files, and some AVI files).

If you encounter a problem while using Windows Media Player 10 to synchronize (copy) recorded TV shows to a Portable Media Center or other device, use this utility to verify that you have a compatible MPEG-2 decoder installed on your computer.

Note: This utility only indicates whether an MPEG-2 decoder is compatible with the synchronization feature of Windows Media Player 10 or whether an MPEG-2 decoder is compatible with the recorded TV playback feature of Windows XP Media Center Edition.

This utility:
• Lists all the MPEG-2 video decoders that appear in your Windows registry (a database that contains information about the hardware and software installed in your computer).
• Indicates whether each decoder listed in the registry is marked as compatible with Windows XP Media Center Edition and whether any decoder listed in the registry is marked as the preferred video decoder.
• Indicates whether each decoder listed in the registry is marked as compatible with the synchronization feature of Windows Media Player 10.
• Lets you designate which installed decoder that you want Windows Media Player 10 to use when synchronizing DVR-MS files to a portable device. This is known as the preferred video decoder.
• Lets you undo any changes the utility makes to your Windows registry.”

http://www.microsoft.com/downloads/details.aspx?FamilyID=de1491ac-0ab6-4990-943d-627e6ade9fcb&displaylang=en

The Characteristics of Spam Email

By Bryan Costales, Marcia Flynt.
“The first step to fighting spam is knowing how to recognize it and, by extension, write code that recognizes it. Unfortunately, spammers realize this and work hard to circumvent detection. This chapter details the many ways that spam filters recognize spam, as well as the ways spammers have gotten around these filters.

It is easy for a person to look at a piece of email and say, "This isn't something I asked for. It looks like an advertisement, and I don't want it, so it must be spam." But although it is easy for humans to recognize spam, it is much harder for software to recognize it. And, after all, the point of spam-blocking software is to eliminate the need for humans to recognize spam.…”

1. Connection Behavior
2. Relaying through MX Servers
3. Falsifying the Envelope Sender Address
4. Disguising the Subject: Header
5. Camouflaging the HTML Body
6. Attempting to Fool Signature Detectors
7. Unnecessary Encoding
8. Grokking the Site
9. Loose Ends
10. Think Like a Spammer

http://www.informit.com/articles/article.asp?p=376874

Apple Patches Widget Malware Hole in Tiger

By Ian Betteridge
“Apple Computer Inc. has quietly patched several security holes in Mac OS X 10.4, also known as "Tiger," including one that allows potentially malicious widgets to be downloaded and installed into Dashboard.

The security patches were released as part of an OS X 10.4.1 update earlier this week, but the company has only just released details of them. The update patches four security holes, the most well-known of which is the problem where widgets—small applications working in the software's Dashboard system—could be downloaded and installed without any specific user confirmation. Under 10.4.1, automatic installation of Widgets is blocked, and users must specifically approve the installation of each Widget.

Although several Web pages appeared that demonstrated how widgets could be installed without user intervention, there have been no reports of malicious widgets being found in the wild. However, because widgets can execute code—including shell scripts—outside the Dashboard environment, the ability for widgets to be downloaded and installed simply by clicking on a Web link looked like a potential route for malware on the platform.…” http://techrepublic.com.com/2100-10595_11-5700982.html
http://concat.blogspot.com/2005/05/mac-malware-door-creaks-open.html

http://www.eweek.com/article2/0,1759,1818272,00.asp

The missing glue in the fight against malware

by ZDNet's David Berlind --
“ …Three years from now, the spyware problem will be worse than it is today and I’ll be writing about one of the reasons that there has been no improvement: the failure of the industry to recognize where technological consensus is needed, and then to build solutions on top of that consensus technology.

So, in the case of spyware, what would that technology be? I’m directing that question rhetorically at the new executive team at Tenebril because it’s simply an extension of the same conversation that I was having with them about personal firewalls while they were at Zone Labs. Personal Firewalls and anti-spyware have quite a bit in common. In some ways, personal firewalls help to solve the spyware problem because they can block spyware from "phoning home" — what happens when malware reports back to its creators or distributors with its findings (eg: logged keystrokes).

But, one reason personal firewalls aren’t always successful in this endeavour is that they often require user inputs. When a personal firewall detects a first time attempt by some process to reach the outside world, it notifies the user that something new is trying to get out and it asks the user if the attempted communication should be permitted. But, as I’ve written before, this allow/disallow inquiry is all too often noticably deficient in the kind of information a user needs to make an informed decision. This is particularly troubling since, regardless of whether it’s trapping malware or legitimate software, the wrong answer might render your software inoperable. "LSASS.EXE is trying to reach 177.24.202.16. Allow Always? Allow this once? Deny?" it asks me. What the heck is LSASS.EXE? What or where is 177.24.202.16? And finally, why isn’t the software answering these questions for me?

The answer to that last question is easy. The software doesn’t know. Nor, considering the number of software components out there (legitimate and not), can it know. For a while, with many personal firewalls, this meant that answering the allow/deny question was guesswork (or, a lot of Googlework). Fortunately, guessing couldn’t get you into too much trouble. Sooner or later, every networked computer loses its connection to its network anyway. When, through a personal firewall, a user denies network access to a particular software component, the net result for that software component is pretty much the same as what happens when the system suddenly loses its network connection for some other reason (the cable get pulled out, the Wi-Fi signal disappears, etc.). If a user mistakenly denies network access to a legitimate software component that needs it, and the system or the software hangs, fixing the problem requires little more than a reboot and a correction to the firewall’s ruleset.

But that’s not how software should work. And when I started dinging Zone Labs and other firewall makers for having this problem, I also recognized that no single firewall developer — not even Symantec — was big enough to develop and maintain the database they’d need in order to provide users with the information required to make an informed decision. How do I know this? Some of them tried. But the information was invariably incomplete. To really do that database right would require the participation of all the software vendors, and for them to participate, it would have to be easy and it would have to be centralized. ”

http://blogs.zdnet.com/BTL/?p=1353

Mac malware door creaks open

"The average user, who can't find their Library folder with two mice and a spotlight, is stuck. It would take all of 30 seconds for me to pick out a nice porn image, make it the icon of a widget, drop it in your dashboard and you're stuck with it. It doesn't even need any Javascript," Stephan added.

by Jo Best ,
“Apple seems to have unwittingly opened a door in its Tiger OS--seen by some as a safer haven from viruses--to malware authors.

Apple has been encouraging developers to create new widgets for Tiger's Dashboard-—a semi-transparent layer of everyday, often-used applications such as a calculator or currency converter that appears over the user's desktop—-but within days of its public release, one developer claims to have already found a way to turn widgets into potential malware. Developer Stephan, who has posted the widgets to his blog, has created two mini-apps which he describes as "slightly evil."

One widget, he says, will automatically install itself on users' desktops when his "Zaptastic" Web site is visited using Apple's Safari browser. This, according to Stephan, is a golden opportunity for porn scammers, enabling them to auto-install widgets that can hijack browsers.

According to Stephan's blog: "I happen to like (auto-install). I think it's a great thing. But, as I have demonstrated here, it has the side effect of setting up a situation where a user can be given an application without their knowledge.

"That's not such a big deal; by default, widgets can't do much damage, and they can't run unless you drop them into your dashboard. The funny thing is that once that widget is there, according to Apple, you CANNOT remove it."

Widgets cannot be removed directly from the toolbar, but they can however be deleted from the Library folder.…”

http://techrepublic.com.com/2100-10595_11-5700982.html

Google Outage Dims OS X Tiger Debut

Before we get too excited, though, it's important to look at Dashboard's capabilities through the lens of the network's imperfections. When Sun trumpets its long use of the mantra, "The Network is the Computer," I bite back the temptation to retort that I'd never pay for a computer that behaves as badly as a network: one where any given memory address, for example, might or might not respond to a read or write operation at any given time, or where devices might come and go without warning.

By Peter Coffee

“You couldn't choreograph a more ironic pas de deux than the debut of Apple's OS X 10.4, with its Web-intensive Dashboard of data-tracking "widgets," followed just nine days later by a multihour outage of several Google services.

The first event illustrated, not just with a developer-conference demo but in an actual shipping product, the difference that results when always-on connections are designed in rather than added on to an end-user environment.

The second event was a rude reminder that "always-on connection" borders on an oxymoron, or at any rate tempts the Fates to rub our noses in technology's fallibility.…

What makes Dashboard much more interesting than I expected is the combination of Web services on the back end, at least for the widgets that I find actually useful, and Web standards-based authoring on the front end. With a user interface defined by HTML and Cascading Style Sheets, and dynamic behavior defined in JavaScript, a widget is relatively straightforward to develop--and robust in operation thanks to the fact that it runs on a real Unixoid operating system. Very cool.

Before we get too excited, though, it's important to look at Dashboard's capabilities through the lens of the network's imperfections. When Sun trumpets its long use of the mantra, "The Network is the Computer," I bite back the temptation to retort that I'd never pay for a computer that behaves as badly as a network: one where any given memory address, for example, might or might not respond to a read or write operation at any given time, or where devices might come and go without warning.

My concerns about network inconsistency and volatility are substantial even in benign environments: Things get much worse when someone actually is out to get you with, for example, a man-in-the middle attack that obtains valuable information just from knowing what questions you're asking.…”

http://www.eweek.com/article2/0,1759,1813991,00.asp

Is search ruining the Web?

By Molly Wood

Search is the big dog; and it, more than standards, usability, or even aesthetics, drives the evolution of Web site design.

“It's easy to overinflate the importance of online search. Sometimes I can't help but wonder how it's even remotely possible that Google's stock is trading at more than $225 (at press time). But then I think of every new small business trying to make it on a shoestring marketing budget--actually every Web-based business, big and small, including CNET--and I realize that they're absolutely dead in the water unless they can somehow show up nice and high in search results. If Google tweaks its algorithms just a little bit, thousands of Web sites either have a very good or a very bad day. Search is the big dog; and it, more than standards, usability, or even aesthetics, drives the evolution of Web site design.

The cottage industry that's sprung up around improving a site's search results is called search engine optimization. At its best, SEO is a discipline that influences Web builders and designers to maximize their search engine results with some simple and uncontroversial changes. At its worst, though, the term includes a collection of questionable business practices, shady companies that promise clicks for cash and only sometimes deliver, and a tool that allows the proliferation of advertising-filled Web sites (free registration required) that do nothing but show up in search results and provide no information in exchange for ad impressions. It's also creating quite a heated debate about standards-based design and usability vs. search methodology. And as much as I'm a fan of standards and efficiency, I think the standards and usability are going to suffer the most.…”

http://www.cnet.com/4520-6033_1-6217815-1.html

Fraud Goes With the Territory

eBay: Let's wait and see on tighter security
By Andrew Donoghue,
“eBay and its customers must accept that fraud goes with the territory of online transactions, a top executive at the auction giant said.

Paul Kilmartin, director of performance engineering and availability at eBay, said the company could introduce security technology such as two-factor authentication, but the sure way to eradicate all fraud from its business would be to stop trading. "The one easy way to stop all the fraud would be to turn off the site tomorrow, and there would be no more illegal activity," he said.

Kilmartin, a 10-year eBay veteran, made the comments at Sun Microsystems' quarterly release event here on Tuesday following questions about whether eBay has any plans to introduce two-factor authentication technology to combat fraud among its users.

Two-factor authentication means requiring a second security device, such as a smart card or fingerprint, in addition to a password, to verify the identity of an IT user.

Kilmartin said that eBay has no plans to alter its authentication process for now. "We have no specific plans in this area yet, unless we start to see real demand for it," he said.

Kilmartin's remarks are at odds with comments made earlier this year by Howard Schmidt, the chief security officer for eBay and former White House cybersecurity advisor, who has called for greater use of two-factor authentication.…”

http://news.zdnet.com/2100-1009_22-5695440.html?tag=nl.e539

Patch Plugs 20 Mac OS X Holes

“Apple Computer late Tuesday released an update to fix a whopping 20 security flaws in its flagship Mac OS X and warned that the most serious bugs could lead to remote code execution attacks.

Apple Computer Inc.'s Security Update 2005-005 includes patches for Mac OS X v10.3.9 and Mac OS X Server v10.3.9. It covers a wide range of vulnerabilities that could be exploited by remote or local attackers to execute arbitrary commands, trigger a denial-of-service condition or obtain elevated privileges.

The mega update comes just two weeks after the Cupertino, Calif.-based computer maker shipped patches for a range of potentially serious kernel and browser flaws. Since April 18, Apple has posted fixes for 28 Mac OS X vulnerabilities.…”

http://www.eweek.com/article2/0,1759,1811817,00.asp?kc=ewnws050405dtx1k0000599

No Remedy for Spyware

By Matt Hines,
“Spyware is a general term used to describe software programs that are secretly deposited on computers to track Internet usage, launch advertising programs or steal users' personal information. Among the most popular of these programs are adware, keystroke loggers and so-called system monitors.

Despite reductions in the number of computers infected by spyware applications, the troublesome software has created a billion-dollar industry that continues to plague both consumers and businesses, researchers said on Tuesday.

In addition to remaining a major threat to personal and business security, Webroot said, spyware applications--specifically the types that generate pop-up advertisements, hijack home pages, redirect Web searches and use so-called DNS poisoning to steal Web traffic--generate an estimated $2 billion in revenue annually. Based on statistics published by the Internet Advertising Bureau, spyware could represent almost 25 percent of the entire online advertising industry.

The growing number of spyware attacks crafted expressly for making money, rather than for tracking Web use for marketing research or other purposes, is another emerging problem, Webroot said. The report contends that spyware exploits have "crippled" some businesses, particularly financial-services companies, in some cases by stealing customer data. Spyware infection also has slowed the growth of e-commerce by eroding consumer trust in online security.

"We can hope that the advertising industry will provide some help in trying to root out the truly malicious forms of spyware, but as long as there is an attractive return on investment on this activity for some people, this isn't going to stop anytime soon," Moll said.

Webroot said that adware continues to be the most pervasive form of spyware, with more than 50 percent of all business computers, and almost 60 percent of consumer machines, running some form of the programs. Of the devices already infected with the advertising applications, each machine averaged nearly seven different forms of the programs, according to the research.

Spying on the spyware makers
Ben Edelman may be spyware's most dangerous enemy.

The 25-year-old researcher has spent years analyzing how spyware and adware programs work and disclosing his findings publicly. That often results in red faces and, occasionally, lawsuit threats from companies like WhenU and Claria, formerly known as Gator.

When testing spyware and adware, Edelman isn't about to sacrifice his own Windows XP computer. So he uses the VMware utility to create a virtual Windows box.

"I infect the hell out of it," he says. "It destroys the infected machine." http://news.zdnet.com/2100-1009_22-5694727.html?tag=nl.e589

The security software maker worked previously with Internet service provider EarthLink to generate its spyware statistics, but Webroot representatives said that relationship has ended. No details were available on the reasons for ending the partnership.”

The remedy for spyware…not anytime soon Between the Lines ZDNet.com
Lydia Parnes, director of the Bureau of Consumer Protection at the Federal Trade Commission, kicked off the CNET Antispyware Workshop saying that in defining spyware “it all depends.” And, a year after the FTC held a spyware workshop, the spyware and adware companies and their anti counterparts are still battling and consumers are caught in the middle. http://blogs.zdnet.com/BTL/?p=1340&tag=nl.e539

http://news.zdnet.com/2100-1009_22-5693730.html

Blogs, Board and Posts

Nathan Weinberg
“When users search for companies, 18% of the results are corporate info and 12% are media coverage, while consumer generated content makes up 26% of the results. Companies spend so much money making sure the media likes them, but it also needs to work to appeal to online pundits, from bloggers to consumer reviewers. One in four engage with "informal media". 34% chat, 23% post or read message boards, 16% read personal pages, 11% go to financial info sites, 8% go to their own created site, 6% read blogs, and 2% blog.

Apple is great at reaching brand advocates. We were shown an iPod ad that looked like one of the professional, broadcast quality, and (most importantly) fun ads Apple runs, and then Gary revealed it was made by a regular guy for his own site, not by Apple.

Final thought: Youth culture is adept at taking what's done by marketing and remixing it in their own way. Nothing makes that possible like the internet.”
http://google.blognewschannel.com/index.php/archives/2005/02/28/search-engine-strategies-blogs-board-and-posts/

Blogs, Boards, and Posts: Capturing Consumer Buzz Online, By Greg Jarboe
A new category of software tools has emerged that uses search engine technology to find and organize consumer-posted thoughts and opinions. These tools not only help marketers discover what is being said about their companies and brands, they also allow them to use that insight to drive new campaigns and even develop new products.

You can't use Google News or Yahoo News to find this content, typically posted to blogs, message boards or opinion sites. The major news search engines don't consider most of these types of sites to be news sources.

This was the main topic addressed by "Blogs, Boards, and Posts: Capturing Consumer Buzz Online" panel. The session featured five speakers: Two bloggers who talked about why monitoring consumer feedback sources such as blogs and message boards is becoming an important task for marketers, and three vendors who talked about how to use their tools to better integrate consumer opinions into marketing and advertising plans.

The two bloggers were JupiterResearch senior analyst Gary Stein, who also moderated the session, and Steve Rubel, Vice President of Client Services at CooperKatz and author of the Micro Persuasion blog. The three vendors were: Jonathon Carson, President and CEO of BuzzMetrics; Mark Fletcher, vice president and general manager of Bloglines at Ask Jeeves; and Mike Nazzaro, Chief Operating Officer at Intelliseek.

Stein opened the session by presenting research that found when users search for companies, 26% of the results are content generated by consumers, 22% by experts, 18% by corporate sources, 12% by media, and 22% by other sources. In other words, when prospects search for your company, the top 10 listings are likely to include:

• 3 listings from consumer posts to blogs, message boards, and opinion sites
• 2 listings from experts
• 2 listings from your own corporate site
• 1 listing from an online publication
• 2 listings from other sources

While virtually all SEO's monitor the ranking of the two corporate listings and most PR departments monitor their press clippings, very few marketers monitor what is being said by consumers on blogs, message boards and opinion sites. What is needed, said Stein, is a Dynamic Attitude Analysis Tool, a way of making opinions measurable and actionable for marketing.

http://searchenginewatch.com/searchday/article.php/3495851

Is Bluetooth past its prime?

Posted by David Berlind

“For over five years, two of the supposedly killer wireless technologies — Bluetooth and Wi-Fi — have been marching to the beats of their own drummers. Whereas before, the two wireless technologies had almost nothing in common with each other and were designed to address distinctly different needs, now the two technologies are addressing some of the same applications (wireless printing for example). Is it time to reconsider whether the market is best served with two wireless technologies where there could be one?

When it comes to Bluetooth — a wireless technology that has the applications it supports practically baked into it (using something called profiles) — and other wireless technologies like Wi-Fi that are application-independent (it’s up to application developers to make sure devices can understand each other), Michael Foley and David Reed are two men who do not see eye-to-eye on the past, the present, or the future.…

Should Wi-Fi and Bluetooth merge and, if so, what would the new radio be called? BlueFi? WiTooth? In this edition of ZDNet’s IT Matters podcast series, I moderate as Foley and Reed go head-to-head in a debate over the merits of Bluetooth. The interview is available as both an MP3 download and as a podcast that you can have downloaded to your system and/or MP3 player automatically (see ZDNet’s podcasts: How to tune in). ”

http://blogs.zdnet.com/BTL/?p=1327

Experts Foresee End of e-mail viruses

By Will Sturgeon, Silicon.com
Published on ZDNet News: April 28, 2005

“The end is coming for viruses sent by e-mail, security experts at a London conference predicted on Thursday, saying the problem has had its day.

The most severe issue Internet users now face is the growing problem of spyware, said some attendees at the Infosecurity Europe conference, noting that the malicious software is ready to fill the void.

Dan Hubbard, senior director of Websense Security Labs, told CNET News.com's sister site Silicon.com that the number of e-mail-borne viruses is falling and will continue to do so. David Perry, global director of education at antivirus software maker Trend Micro, said these things come in ages and the age of e-mail viruses has simply come to an end.

Larry Bridwell, content security programs manager at ICSA Labs, added, "If you look at virus history, I liken it to the ocean. You stand by the ocean in California and see these great big waves coming in, getting bigger and bigger before they hit the shore. People are always going to surf each of those waves as it comes in."

"There's only so much you can do with e-mail. The problem people face now in using that to carry out any criminal act is that we know how e-mail works and we know how to stop it," he said.

Bridwell warned the problem of malicious code in other forms won't go away. "These waves don't die, that water goes back out into the ocean, and people will surf in on the next big wave."

Many at this week's Infosecurity Europe said they believed that spyware is the next wave. Pete Simpson, ThreatLab manager at Clearswift, said, "Spyware definitely seems to be the theme of the show."

But Simpson is not convinced the end of the e-mail virus has come just yet. ‘It's difficult to say whether it's not just a lull,’ he said. ‘We've certainly seen a stop in the large numbers.…’ ”

http://news.zdnet.com/2100-1009_22-5688726.html?tag=nl.e539

The State of New York vs. The Adware Mob

By Larry Seltzer

Opinion: It's about time someone called a fraud a fraud. Adware vendors who install programs on users' computers without their true permission are stealing from those users.

“The main job of all state Attorneys General is to grandstand as part of a campaign for the Governorship, and Elliot Spitzer of New York is the king of this technique.

There have been many cases where, IMHO, he has gone way overboard. But give credit where credit is due. It's about time someone with heavy-duty prosecutorial authority took on the lowlifes in the adware business.

Given the vigilance with which Spitzer has prosecuted legitimate businesses, one would hope that he will leave no stone unturned in the pursuit of spyware and adware, which he describes as equally objectionable.…”

http://www.eweek.com/article2/0,1759,1790956,00.asp?kc=EWRSS03129TX1K0000614

Type Carefully!

Beware How You Google
By Ryan Naraine
“A simple misspelling of Google's domain name could lead to a Web surfer's worst nightmare.

In a new twist to the old practice of "typosquatting," virus writers have registered a slight variation of Google Inc.'s popular search-engine site to take advantage of any users who botch the spelling of the google.com URL.

The malicious site, googkle.com, is infested with Trojan droppers, downloaders, backdoors and spyware, and an unsuspecting user only has to visit the page to be at risk of computer hijack attacks, according to a warning from Finnish anti-virus vendor F-Secure Corp.

When googkle.com is opened in a browser, two pop-up windows are immediately launched with redirects to third-party sites loaded with scripts. One of the sites, ntsearch.com, downloads and runs a "pop.chm" file, and the other, toolbarpartner.com, downloads and runs a "ddfs.chm" file, F-Secure said.

"Both files are downloaded using exploits and they contain exploits themselves to run embedded executable files. One of the Web pages of the 'toolbarpartner.com' website downloads a file named 'pic10.jpg' using an exploit. This JPG file is actually an executable that replaces [the] Windows Media Player application," the warning reads.

The typosquatters also launch a steady stream of pop-up Web pages with different .exe files.

One batch of exploits loads a malware package that includes two backdoors, two Trojan droppers, a proxy Trojan, a spying Trojan and a Trojan downloader.

The exploits appear to be targeting users of Microsoft Corp.'s Internet Explorer browser. A spokeswoman for Microsoft told Ziff Davis Internet News that the rogue site was attempting to exploit some vulnerabilities that were fixed in past security updates.

"[Users running] Windows XP SP2 are protected from this. Also, users who are up to date on supported platforms are protected," the spokeswoman said.…”

http://www.eweek.com/article2/0,1759,1790348,00.asp?kc=ewnws042805dtx1k0000599

Current calls for video submissions

“Current, the new cable network being launched by former Vice President Al Gore, has begun soliciting contributions and launched a contest that will award the winner a development deal, including $3,000, to produce three short-form segments for the station. ”

Courtesy of CyberJournalist at http://www.cyberjournalist.net/

http://www.current.tv/

Crypto-Gram Newsletter

April 15, 2005 by Bruce Schneier

“In this issue:

• More on Two-Factor Authentication
• Mitigating Identity Theft
• Crypto-Gram Reprints
• New Risks of Biometrics
• News
• Student Hacks System to Alter Grades
• Security Notes from All Over: Camouflage in Octopodes
• Hacking the Papal Election
• Counterpane News
• The Doghouse: ExeShield
• Secure Flight is in Trouble
• Comments from Readers ”

http://www.schneier.com/crypto-gram-0504.html

The Lame Blame of ActiveX

By Larry Seltzer
“Opinion: ActiveX gets a bad rap as the cause of all of Internet Explorer's security woes. But it's just not so.…

Old myths die hard! There's no doubt that Internet Explorer has more than it's fair share of security holes, but very few of them have to do with ActiveX. Seriously, of the perhaps hundreds of vulnerabilities of any import reported in Internet Explorer over the years, I bet you could count on two hands the number related to ActiveX.

As with programs that have nothing to do with ActiveX, the really serious bugs in Internet Explorer have been due to insufficient input validation between security zones or traditional buffer overflows. These are the staples of the vulnerability research business, and Mozilla and Firefox—and let's not forget Opera—have had their share of these, too.

While there has been a striking lack of actual evidence that ActiveX is unsafe, there has been no shortage of baseless assertions and cheap shots against it.

Let's review: What exactly is ActiveX and what does it do that's supposedly so dangerous? ActiveX controls are packages of code that can run in the context of the browser. They are installable through a link on a Web page. Exactly how different is this from having a link to an executable file that you have to explicitly run? Essentially not at all, except that the ActiveX version is more convenient. Even with Firefox you can download and run an executable file. Does this make Firefox unsafe? In fact, Mozilla and Firefox's support for XPCOM, a plain text and platform-independent software model, is very comparable to ActiveX once you get the user to click "Yes."

The complaint against ActiveX has always centered around the ability to install native code from across the Internet, but this is less unusual than it seems, and ActiveX arguably makes things more secure. When you encounter an object tag referencing a control that you do not have installed, you then have the opportunity to install it. Under the default security settings, you will be warned before this happens and given an opportunity to approve or reject the installation. There's more.

Sun actually paid someone to write a malicious ActiveX control. I was there at JavaOne when they demonstrated it (I think it was 1997). The test system brought up all the warning dialogs about the program that you usually get and the Sun employee actually had the nerve to keep whacking on the enter key quickly so they would close as quickly as possible and didn't mention that there were any such warnings.

From the very beginning, ActiveX has supported digital signatures of the code, and the user gets a chance to inspect the signature. The point of the signature is not to prove that the program is safe or honest, but that the authors of the program are who they claim to be. In a way this has been a failure because it needs to be easier to follow all the signature information provided by ActiveX to understand exactly what it proves. But the information is there for whoever wants to confirm it.…”

http://www.eweek.com/article2/0,1759,1785769,00.asp

Microsoft has created an online patch search that you can use.

“As information security awareness has grown over the past few years, the number of patches and updates being released has increased considerably. Although this is a positive step in plugging security holes, all of the patches and updates can overwhelm administrators.…”

http://www.microsoft.com/technet/security/current.aspx

Mozilla flaws could allow attacks, data access

By Munir Kotadia, CNET News.com

“Multiple vulnerabilities that could allow an attacker to install malicious code or steal personal data have been discovered in the Mozilla Suite and the Firefox open-source browser.

Details of the nine flaws were published on Mozilla's security Web site over the weekend.

Ian Latter, senior security consultant at Internet security specialist Pure Hacking, said most of the vulnerabilities are based on the way the applications handle JavaScript.

"There are some permission issues related to running JavaScript at an escalated privilege level. They remove some of the security measures used to keep JavaScript sandboxed and allow it to potentially do malicious things to your computer," Latter said.

Another issue could allow malicious scripts to gain access to random pieces of memory, he said.

"This random memory may or may not contain pieces of information about where you have been browsing. The worst-case scenario is that it could contain some personal or login information," said Latter.…”

http://news.zdnet.com/2100-1009_22-5674883.html?tag=nl.e589

Protecting your computer from spyware:

Video: Protecting your computer from spyware:
This video requires Macromedia Flash Player 7.0 .

http://www.microsoft.com/athome/security/spyware/video1.mspx

New threats show browser vulnerabilities don't play favorites

“Browser vulnerabilities are making the rounds this week, as different threats have surfaced for Mozilla, Firefox, Netscape, and Internet Explorer. In this edition of the IT Locksmith, learn more about these various threats, find out how you can best protect your organization from these vulnerabilities, and see what else has recently surfaced in the security world.

New vulnerabilities are haunting Mozilla, Firefox, and Netscape browsers, while different threats have surfaced in Outlook and Internet Explorer. Meanwhile, IM and P2P threats surge.

Details

Secunia has reported, and Mozilla has confirmed, an information disclosure vulnerability in the Firefox browser—including the latest update (version 1.0.2), which is only a few weeks old (released March 21). In fact, troubles for the increasingly popular browser are coming so fast and furious that mozillaZine has reported that a new Firefox release candidate has already replaced the Firefox release candidate 1.0.3, which became available on April 5.

Mozilla released the new release candidate (also designated 1.0.3) the very next day. Be forewarned that this release candidate 1.0.3, and probably the eventual release version as well, will likely cause problems with a number of extensions.

Below are links to Secunia's reports about each threat:

• Mozilla
• Mozilla Firefox
• Netscape

The information disclosure vulnerability exposes random memory areas to malicious Web sites, and users would never be aware of it. As you would expect, it's mostly ASCII garbage, but there are definitely real information disclosures too, so this is a very real threat.

Secunia offers a Mozilla Products Arbitrary Memory Exposure Test to help you determine if your system is vulnerable to the new vulnerability.… ”

http://techrepublic.com.com/5100-10595-5659001.html?tag=fdlead1

Reporters' Tools

“These sites offer a range of reportorial aids from guidelines for searching the Internet to lists of quotable experts, from tips on using public opinion polls to video feeds for television newscasts. e.g.

• Freedom of Information Center
• Independent Press Councils
• John Bartletts' Quotations
• Journal Storage
• JournalismTraining.org
• Journalist's Guide to the Internet
• Journalist's Toolbox
• Pew Research Center For The People & The Press

and there's more… ”

http://www.ajr.org/News_Wire_Services.asp?MediaType=13

Bigger phishes ready to spawn

By Matt Hines, CNET News.com
“There's good news about phishing: The growth of new attacks has slowed. But that's only because attackers are building more sophisticated traps and using advanced technology to perpetrate online fraud, researchers say.

Last week, the Anti-Phishing Working Group, an online fraud watchdog, reported that the number of phishing e-mails it tracked between January and February grew by only 2 percent.

That figure seems to mark a significant lessening of the threat, given that the average growth rate has been 26 percent per month since July 2004. But during the January-February period, phishing attacks also became dramatically more complex, experts said.

Whatever form they take, phishing fraud schemes--including offshoots such as pharming, cross-site scripting and DNS poisoning--are getting smarter.

"Phishers are thieves, and thieves in the online world, as in the real world, are working very hard to separate personal financial information and other data from their victims," Microsoft attorney Aaron Kornblum said.…

"People will continue to think up news ways to apply phishing techniques and deceive consumers," he said. "The sophistication is growing, and it's not that surprising at all."

New crooks, more-effective tricks
The first wave of phishing attacks played on the ignorance of unsuspecting consumers, spamming their in-boxes with e-mails that looked like they linked to Web sites belonging to banks, investment companies and e-commerce businesses such as eBay. In reality, they were fake pages designed to lure people into divulging account login data, or other sensitive personal information that could enable the crooks to commit identity fraud.

Recent attacks have gotten more sophisticated, with advances in phishing schemes that use e-mail and the creation of fraudulent Web pages that appear almost identical to their legitimate counterparts.

And new threats have arisen: Attacks based on instant messaging; ploys that use JavaScript technology to hide threats on legitimate Web pages; and new social-engineering strategies.

One of the most telling examples of improved social-engineering techniques is a recent attack that didn't seek to nab victims' names, addresses or Social Security numbers.

Instead, the scheme targeted customers of Salesforce.com, with the aim of stealing information stored on the company's databases.…

Attacks designed to hit specific groups of people who hold valuable information will likely increase, said Jayne Hitchcock, a cybercrime specialist who advises law enforcement agencies and company executives about online fraud and author of the book "Net Crimes & Misdemeanors: Outmaneuvering the Spammers, Swindlers and Stalkers Who Are Targeting You Online."

"Sending a phishing e-mail out to everyone on the Web has had some effect, but not the kind of impact you imagine that some of these more custom-made attacks might have," Hitchcock said. "When you know that a certain group behaves a certain way, or is accustomed to getting information from a known source over e-mail, there's a greater opportunity to play on people's habits and get them to hand over the goods."

Schemes that use instant-messaging services rather than e-mail to distribute fake links are another new way of phishing, Hitchcock said. She pointed to an attack launched via Yahoo Messenger last month as an example. The messages often appear to be sent to IM users from someone on their contact list.…

"The message is coming to them from someone on their buddy list," Hitchcock said. "That's a different level of threat than an e-mail sent from someone you don't communicate with on that medium, and it presents a much greater risk as well. Our research tells us that teens are fast and loose on the Internet and will share information more readily than most adults, so their information could get out via something like IM phishing and ruin their credit before they even get started in life."

Another twist on the old formula keeps the tried-and-true e-mail messages but hides a spoofed URL in a legitimate Web site address.…

Pushing the tech envelope
Online criminals have also begun adopting more-advanced technology. These more-sophisticated phishing methods range from the relatively simple (such as using unprotected URLs maintained by real businesses to redirect users to phishing sites) to the extreme (such as using JavaScript code to add content on top of legitimate pages, a practice known as cross-site scripting).

In… "pharming," online thieves try to redirect people from legitimate sites to malicious ones using "DNS poisoning." The scammers target the servers that act as the white pages of the Internet--a key part of cyberspace that's known as the domain name system, or DNS--and replace the numeric addresses of legitimate Web sites with the addresses of their malicious sites.

There is evidence that when a new form of phishing is reported, another variation on the theme appears, as criminals try to stay one step ahead of the law. Shortly after cross-site scripting began to garner media coverage, researchers at Internet security company Netcraft saw fraudsters loading their content into the internal frame rendering on Web pages, which would allow attackers to victimize people who had turned off JavaScript applications to protect themselves.

This rapid adjustment is proof that more professional criminals and technologists have turned their attention to phishing, according to Paul Mutton, Internet services developer at Netcraft.… ”

http://news.zdnet.com/2100-1009_22-5656070.html?tag=nl.e539

The Search Engine Report - Number 101

By Danny Sullivan, Editor
“In This Issue
SES International!
Top Stories
More From The Search Engine Watch Blog
About The Newsletter”

What the lsass.exe? Searching for Windows Processes
SearchDay, April 4, 2005

Ever wonder what all of those mysteriously-named Windows 'processes' are doing, and how they got loaded on your computer in the first place? Use the helpful ProcessLibrary.com to find out. This article explores more. (Search Types: Computers)

Looking for Links In All The Wrong Places?
SearchDay, March 29, 2005

In their frenzy to build links to curry favor with the major search engines, web site owners miss a far more important audience that's increasingly turning to topical search sites. (Link Building)

Writing for Search Engines
SearchDay, March 23, 2005

Success in search engines almost always means striking a delicate balance between applying search optimization techniques to web pages and creating high-quality, meaningful content. Effective writing for search engines is the key to achieving this balance. (SEO SEO: Meta Tags SEO: Site Design)…

http://searchenginewatch.com/sereport/article.php/3495881

Webopedia's Quick Reference Area

“Ever encounter an unknown error on your way to a Web site? Don't know the
difference between a LAN and a WAN? Do you know the different server types?
How about modem standards? What is that 'code' someone text messaged to
you? Use this fantastic reference section for information on common
Internet and computer facts and occurrences.
Topics include:

* Computer Certifications
* Data Formats and Their File Extensions
* Removable Storage Reference
* A Guide to System Memory
* The Digital Camera Picture
* A Guide to Combating Spam
* BIOS Beep Codes
* File Size Conversion Table
* Small Business Computing Essentials
* internet.com's Technology Forums
* Wireless LAN Standards
* Ethernet Designations
* IRQ Numbers
* Dial-Up Modem Standards
* Well-Known TCP Port Numbers
* Text Messaging Abbreviations
* N-Tier Application Architecture
* Network Topology Diagrams
* The 7 Layers of the OSI Model
* Who's Who in Internet and Computer Technology
* Server Types
* Maximum Bandwidths
* Microprocessor Comparison Chart
* Characters and ASCII Equivalents
* Countries and Their Domain Extensions
* Web Server Error Messages
* Brief Timeline of the Internet”

http://webopedia.internet.com/quick_ref/

If You're Users Can Leave Comments, You Have the Problem of Comment Spam.

By Ajit Monteiro

“Spam is no longer limited to email. If you run a Website on which you allow users to leave comments, you have undoubtedly faced the problem of comment spam.

The spammers' aim is not to redirect some of your traffic to their site, which is the obvious initial conclusion; it is to increase their (or their clients') ranking in search engines. Most search engines now count in a site's ranking how many other Websites have linked to it. By leaving comments on your site, the spammers' sites can achieve a slightly higher search engine ranking.

The spammers' job is to get around spam-blockers and target the security of individual Websites; though occasionally they do so on a manual basis, by far the most common forms of comment spam are achieved with spam "bots" or scripts. Unfortunately, many site owners don't focus on their Websites as their day job, which can make adapting to spam bots difficult.

Rules of Thumb

When you find that your site is the victim of comment spam, it's easy to react strongly, on a per-case basis, rather than look at the bigger picture. These Rules of Thumb should help you keep things in perspective.

The most important of these rules is: don't take it personally. Spammers don't want to degrade your site. They simply want to get people to their sites and make a larger profit.…”

http://www.sitepoint.com/print/stop-comment-spam

Symantec details flaws in its antivirus software | Tech News on ZDNet

By Matt Hines, CNET News.com

“Symantec has reported glitches in its antivirus software that could allow hackers to launch denial-of-service attacks on computers running the applications. In a notice posted on its Web site this week, Symantec detailed two similar vulnerabilities found in its Norton AntiVirus software, which is sold on its own or bundled in Norton Internet Security and Norton System Works. The flaws, which could lead to computers crashing or slowing severely if attacked, are limited to versions of the software released for 2004 and 2005.

The Information-Technology Promotion Agency of Japan, a government-affiliated tech watchdog group, identified the first instance of the problem in the AutoProtect feature of the Norton AntiVirus consumer product, Symantec said. AutoProtect is used to scan files for viruses, Trojan attacks and worms.”

The Information-Technology Promotion Agency of Japan, a government-affiliated tech watchdog group, identified the first instance of the problem in the AutoProtect feature of Norton AntiVirus. AutoProtect scans files for viruses, Trojans and worms.

Essentially Symantec's software crashes when it is asked to inspect a file specifically designed to exploit the flaw. The file could be submitted remotely from outside a system, or, internally by someone with physical access to a computer.

The second flaw, discovered by the Japan Computer Emergency Response team, can be used to launch denial-of-service attacks by scanning specific file modifications via the SmartScan feature of Norton AntiVirus. Malicious use of that vulnerability would specifically require someone with authorized access to a computer to exploit the issue. SmartScan is designed to scour for viruses hidden in file extensions, as well as in executable and document files.

No attacks related to either problem have been reported so far, according to Symantec.…

http://news.zdnet.com/2100-1009_22-5646871.html?tag=nl.e539

Boys Wreck Ignition Part 2, Beyond Recognition

I don't understand the need to send messages to the other side of the planet to arrange to fix problems that can only be worked on by someone within the one to five thousand feet between your system an what they call a “central office.”

Over the last few years nearly 30,000 jobs at SBC have been lost. Virtually all of the growth jobs in Internet data services, installation of Wi-Fi hotspots, voice over the Internet (VOIP), DSL broadband and other areas, SBC work, amounting to thousands of jobs, is being outsourced, including going offshore to countries such as India and the Philippines.

"SBC continues to refuse to give this work to our members, the frontline workers who have built SBC into the nation's most profitable telecom company," said CWA President Morton Bahr. SBC's profits in 2003 were more than $8 billion.

http://www.cwa-union.org/news/PressReleaseDisplay.asp?ID=427

Google the terms SBC offshoring DSL and “voice recognition,” and my experience is almost mild compared to say Amanda Brenner's , but , strangely parallels her's, right down to the promise to call back that disappeared from the world as we know it.…

…Or nopaper.net :: start/2004-07-31/1 ...SBC's automated apologies. Our DSL is out right now (11am, ... SBC has implemented a voice recognition menu system, so I was asked to speak my…

It's truly amazing how complicated getting service can be.

It's going to get harder with the FCC helping the Big Guys crush their competition.

The FCC voted 3-2 to suspend public utility commission regulations in Florida, Georgia, Kentucky and Louisiana that had forced BellSouth to sell DSL service to other telephone operators, separate from its local phone service. In the past, the two services had been inextricably linked.…

“"This FCC order continues progress on clearing out regulatory underbrush that handicaps rolling out broadband," Jonathan Banks, BellSouth vice president of federal executive and regulatory affairs, said in a statement. "By affirming a single national policy in this area, this FCC action will increase the speed and efficiency of bringing to consumers new and innovative broadband service offerings over wireline networks. This order is an important step in achieving the president's goal of increased broadband deployment."

A BellSouth spokesman couldn't immediately be reached Friday to discuss the fate of 8,000 or so BellSouth DSL customers in the four states. Aside from users of naked DSL services, an FCC decision would also affect "cord-cutters," a group of about 20 million U.S. residents who don't have local phone lines and go solo instead with their cell phones. As a result of the FCC ruling, cord-cutters may have to buy a local phone line to get DSL.

Providers of voice over Internet Protocol software--which lets an Internet connection serve as a telephone line--will also feel some pain, for the same reason as cord-cutters. VoIP calls are meant to replace phone lines sold by the Bells; and while they're possible with a dial-up connection, most VoIP operators require that users have a broadband connection to make full use of their offerings. As a result of the FCC ruling, some VoIPers must get DSL and a local phone line from a Bell, should a cable operator's more expensive broadband be unavailable in their area.…”

Meanwhile, my state representative's DSL line is down again, and I'm getting better at this Boy's Wreck Ignition thing.

http://techrepublic.com.com/2100-10587_11-5637790.html?tag=nl.e048

Microsoft Baseline Security Analyzer (MBSA) version 1.2.1 is available

“This article contains information about the Microsoft Baseline Security Analyzer tool (MBSA). This tool centrally scans Windows-based computers for common security misconfigurations and generates individual security reports for each computer that it scans. MBSA runs on computers that run Windows Server 2003, Windows 2000, and Windows XP. MBSA can scan for security vulnerabilities on computers that run Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003. MBSA scans for common security misconfigurations in Windows, Internet Information Services (IIS), SQL Server, Internet Explorer, and Microsoft Office. MBSA also scans for missing security updates in Windows, IIS, SQL Server, Internet Explorer, Windows Media Player, Exchange Server, Microsoft Data Access Components (MDAC), Microsoft XML (MSXML), Microsoft virtual machine (VM), Content Management Server, Commerce Server, BizTalk Server, Host Integration Server, and Office (local scans only). A graphical user interface (GUI) and command-line interface are available in version 1.2.1.

MBSA version 1.1 replaced the stand-alone HFNetChk tool and fully exposes all HFNetChk switches in the MBSA command-line interface (Mbsacli.exe). For additional information about MBSA, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/tools/mbsahome.mspx

Download Information

English, French, German, and Japanese versions of MBSA are available from the Microsoft Download Center. Visit the following the MBSA Web page for direct links to download these versions:

http://www.microsoft.com/technet/security/tools/mbsahome.mspx#XSLTsection124121120120

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. ”
‘’…
http://support.microsoft.com/default.aspx?scid=kb;en-us;320454

Back up, Edit, and Restore the Registry in Windows XP

“SUMMARY

Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

NoteThe registry in 64-bit versions of Windows XP and Windows Server 2003 is divided into 32-bit and 64-bit subkeys. Many of the 32-bit subkeys have the same names as their 64-bit counterparts, and vice versa. The default 64-bit version of Registry Editor that is included with 64-bit versions of Windows XP and Windows Server 2003 displays the 32-bit subkeys in the following registry subkey, or "hive":

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node

For additional information about how to view the registry on 64-bit versions of Windows, click the following article number to view the article in the Microsoft Knowledge Base:

305097 How to view the system registry by using 64-bit versions of Windows

REFERENCES

314837 How to manage remote access to the registry

310595 Description of HKEY_CURRENT_USER registry subkeys

310593 Description of the RunOnceEx registry key

307545 How to recover from a corrupted registry that prevents Windows XP from starting

286422 How to back up and restore a Windows Server 2003 cluster

104169 Files that are automatically skipped by the backup program (NTBackup.exe) during the backup and restore processes

310426 How to use the Windows XP and Windows Server 2003 Registry Editor features ”

For a Microsoft Windows 2000 version of this article, see 322755.
For a Microsoft Windows NT 4.0 version of this article, see 323170.

For a Microsoft Windows 95, 98, and Millennium Edition version of this article, see 322754.

http://support.microsoft.com/kb/322756

The six dumbest ways to secure a wireless LAN

by ZDNet's George Ou

“ For the last three years, I've been meaning to put to rest once and for all the urban legends and myths on wireless LAN security. Every time I write an article or blog on wireless LAN security, someone has to come along and regurgitate one of these myths. If that weren't bad enough, many "so called" security experts propagated these myths through speaking engagements and publications and many continue to this day. Many wireless LAN equipment makers continue to recommend many of these schemes to this day. One would think that the fact that none of these schemes made it in to the official IEEE 802.11i security standard would give a clue to their effectiveness, but time and time again ...”

http://blogs.zdnet.com/Ou/index.php?p=43

Mozilla fixes risky Firefox flaw

By Robert Lemos, CNET News.com

“The Mozilla Foundation issued a patch for a major security flaw in its Firefox browser on Wednesday and advised people to update their software.

The problem is caused by a buffer overflow in legacy Netscape code still included in the browser for animating GIF images, Chris Hofmann, director of engineering for Mozilla, said. Similar memory problems have affected Mozilla's browsers and Microsoft's Internet Explorer in the past. A malicious attacker could exploit them by creating carefully crafted image files that, when viewed by a victim in a browser, execute a program and compromise the system.

The flaw was discovered by Internet Security Systems, a network protection company, and patched before the public learned of the issue, Hofmann said.

"We are staying ahead and being proactive in fixing the code," he said. "The deciding factor, in this case, was the potential for this: It's a little easier for hackers to turn it into an exploit that could be dangerous."

The Mozilla Foundation released version 1.02 of Firefox on Wednesday to fix the problem and asked that all users to download and apply the patch.

Recently published data has prompted questions about the security of Firefox. Security technology provider Symantec said in this week's Internet Threat Report that during the second half of last year, 21 vulnerabilities affected Mozilla browsers and 13 flaws affected Internet Explorer.

However, only seven of the flaws in Firefox were considered "highly severe," compared with nine in Internet Explorer.”

http://news.zdnet.com/2100-1009_22-5632148.html?tag=nl.e589

Father of Word and Excel shoots for three-peat with Intentional Software

by ZDNet's David Berlind
“ Father of Word and Excel shoots for three-peat with Intentional Software

-- Like the blockbuster movie producer or director who works behind the scenes but whose celebrity is often confined to Hollywood insiders, Dr. Charles Simonyi is a giant among giants here at PC Forum in Scottsdale, Ariz. If you strike up a conversation with the easily approachable, mild-mannered, Hungarian-born software legend and passers-by such as Jeff Bezos (founder of Amazon.com) or Tim O'Reilly detect that Simonyi is even slightly engaged, they'll stop and tune-in.After leaving Xerox PARC, Simonyi joined Microsoft in 1981 and fathered two of the three biggest franchises in Microsoft's history -- Word and Excel. After a storied 21-year tenure with the Redmond, Wash.-based company, Simonyi is looking for a three-peat. But this time, it's not with Microsoft....
Trackback URL for this post: http://blogs.zdnet.com/BTL/wp-trackback.php/1190 ”

http://blogs.zdnet.com/BTL/index.php?p=1190&tag=nl.e539

“Description of the undiscovered tips about Excel

•	Join text in multiple columns
•	Set the print area
•	Exclude duplicate items in a list
•	Multiply text values by 1 to change text to numbers
•	Use the Text Import Wizard to change text to numbers
•	Sort decimal numbers in an outline
•	Use a data form to add records to a list
•	Enter the current date or time
•	View the arguments in a formula
•	Enter the same text or formula in a range of cells
•	Link a text box to data in a cell
•	Link a picture to a cell range
•	Troubleshoot a long formula
•	View a graphical map of a defined name
•	Fill blank cells in a column with contents from a previous cell
•	Switch from a relative reference to an absolute reference
•	Use the OFFSET function to modify data in cells that are inserted
•	Use the Advanced Filter command
•	Use conditional sums to total data
•	Use conditional sums to count data
•	Use the INDEX function and the MATCH function to look up data
•	Drag the fill handle to create a number series
•	Automatically fill data
•	Use the VLOOKUP function with unsorted data
•	Return every third number
•	Round to the nearest penny
•	Install and use Microsoft Excel Help
•	Do not open and save directly from a floppy disk
•	Use one keystroke to create a new chart or worksheet
•	Set up multiple print areas on the same worksheet”

http://support.microsoft.com/default.aspx?scid=kb;en-us;843504

They should call it "Boys Wreck Ignition"

By Alfred Ingram

Remember when ‘touch tone terror’ first entered our lives?

In all innocence we called a bank, or a pharmacy, or, most likely, the dtmf (dual tone multi frequency)-ing phone company itself, got a menu of choices too long to remember, started over and became even more confused the second time around.

Remember finally giving up in total frustration, perhaps even paying a charge we just knew was wrong?

Well they've fouled it up beyond all “wreck ignition,” again.

SBC has managed to do the barely possible, crossbreed help desk hell with touch tone hell, add a not ready for public technical capability, and give birth to voice recognition that has a hard time recognizing standard english.

Anyway, that's what I discovered when I had both a dead router and a bad DSL line and had to contact SBCYahoo for service at my State Representative's office.

Of course, now that I, along with the rest of the industrializedworld, am used to punching the keypad for menu selections, I wasn't able to do so.

The first day a total waste because SBC couldn't identify the state representative as a DSL customer. I'd say the number of the phone I was calling from (whatever happened to caller id?) and the machine consistently read back a number I'd never given it, finally driving me to hang up to try again the next day.

On day two I decided to call on from the half of the line (DSL splits a standard line) that wasn't hooked to the router and wound up talking to someone with an Indian accent who “insisted” that his name was “Matt.” That's when I discovered that I had a bad router, a bad line, and a help desk on another continent. After checking the line “Matt” told me they'd known of the problem for a week, but, apparently, doing anything about it called for someone on this side of the planet.

“Matt” arranged for SBC to call the next day at eleven, (so somone here in the United States could analyse the problem) so of course no one called. When I called to find out why, they claimed to be waiting for my call. “Matt” from India was not available to verify or deny either side of this foul up.…

more coming soon…