Tuesday, April 7, 2009


Microsoft for some time has been wanting to kill off XP --- and when Windows 7 hits, the company will finally be able to do it. Here's why Windows 7 will let Microsoft pull the plug.
First off, it's no secret that Vista hasn't been embraced by enterprises, many of whom have treated it like the plague. That's unlikely to be the case with Windows 7. One reason: Vista wouldn't run properly on a fair number of PCs in enterprises when it was initially launched because the hardware wasn't high-powered enough.
Today that's no longer the case. Enterprises have gone through at least one round of hardware refresh since the Vista launch, and so now virtually all of their PCs will run Windows 7.
The same thing holds for printers and other peripherals. One of Vista's biggest problems was that too many peripherals wouldn't run with it.
Again, though, that's no longer true. Enterprises have newer peripherals now than they had years ago. Newer peripherals will work with Windows 7, because it was designed to work with Vista-compatible hardware.
In addition, the Windows 7 beta has been quite solid and stable -- so much so that Gartner has been telling businesses that they don't need to hold off until Windows 7 SP1 to plan for deployment -- they can start planning at launch.
Given all that, Microsoft will be able to move enterprises toward Windows 7 and away from XP, ultimately allowing the company to kill XP.
Windows 7 will run on netbooks, which Vista can't do. Because Vista can't power notebooks, Microsoft has had to keep XP alive for the large and growing netbook market. But when Windows 7 ships, Microsoft will have Windows 7 installed on netbooks, not XP. That also will let it kill XP more quickly.
The upshot? Windows 7 will do something that Vista couldn't -- kill XP.

Stumble Upon Toolbar

Monday, April 6, 2009


Malicious PowerPoint files (.ppt) are currently being used to exploit a newly reported security hole in the Office app. The isn't yet any patch available for the zero-day flaw, but Microsoft says the attacks are currently limited and targeted.
A successful attack would allow for running any command on the victim computer, such as downloading and installing malware. The Microsoft Security Response Center (MSRC) reports that the affected versions of the software are: Microsoft Office PowerPoint 2000 Service Pack 3, Microsoft Office PowerPoint 2002 Service Pack 3, Microsoft Office PowerPoint 2003 Service Pack 3, and Microsoft Office 2004 for Mac.
Microsoft Office PowerPoint 2007 is not affected, according to the MSRC.
Until Redmond releases a patch, your best bet is to upload any remotely suspect PowerPoint e-mail attachments to Virustotal.com for multiple free scans, as these small-scale, zero-day attacks can often be missed by one antivirus program. Also, techies and IT staff can look into using the MOICE converter, which requires installing the Office 2007 compatibility pack and converts binary Office docs into the 2007 XML format. But there are some gotchas with the process, such as losing all macros in converted docs.

Stumble Upon Toolbar

Friday, April 3, 2009


April 1 has come and gone, and the Internet has not disintegrated and no major cyber-attacks were reported. But Conficker still remains a threat. Now don't panic, this doesn't mean cyber-Armageddon could strike at any minute, it just means you need to make sure your computer is fully updated if it isn't already. Feel better? Good, then let's take a look at what's going on.
Why It Ain't Over Yet
The Conficker Working Group -- which is made up of 27 tech companies and agencies including AOL, F-Secure, Facebook, ICANN, Kaspersky, McAffee, Microsoft, Symantec -- says that Conficker, also known as Downup, Downadup, and Kido, is the largest worldwide computer infection since the SQL Slammer in 2003. The CWG estimates anywhere from 3 to 15 million computers are infected worldwide, and says 30 percent of Windows computers across the globe are not updated with the latest patches to protect against Conficker. The virus authors are also still at large and able to communicate with Conficker, although that capability has been significantly reduced.
Problem Spots

As you can see from this map provided by the CWG, Conficker infections in the United States are happening pretty much everywhere you can find an Internet connection. However, despite all that ominous-looking red, only 6 percent of Conficker infections are in North America. The biggest problem areas are actually concentrated in Asia and South America including Vietnam, Brazil, the Philippines, and Indonesia, as well as Algeria.
The hardest hit areas may also have a correlation to the number of unpatched Windows computers since Asia, Eastern Europe, and South America are areas known to have widespread use of pirated Windows software. Since Microsoft automatically blocks illegitimate copies of Windows from receiving critical updates, those computers remain vulnerable to Conficker, thus perpetuating the risk.
What Conficker is Doing
Yesterday, Conficker began its daily exercise of contacting 500 Web sites from a randomly generated list of 50,000 sites. Conficker will continue to do this every day until it receives instructions to do something else. Further instructions could be a simple software update or the infected computers could work as a botnet to commit theft or attack other computer networks. The problem is that while security and IT professionals are working to block Conficker from getting further instructions, they haven't been able to block all Conficker traffic. So some infected machines have gotten through, but luckily further instructions haven't been issued, yet. Conficker's authors may be laying low until publicity surrounding Conficker dies down before contacting their creation.
If Conficker is updated or receives further instructions, that capability could pass between infected machines without further need of a server or Web site, because Conficker uses a peer-to-peer (p2p) protocol to communicate with other infected machines. That's right, Conficker is file-sharing. With p2p, the worm can distribute software updates much faster than if every infected machine had to communicate with a main server.
The Final Countdown?
Does this mean the world could still end? Probably not, and that was never the concern with Conficker despite the doomsday scenarios you may have read. The fact is that most security experts believe that Conficker is just a typical botnet worm that can be used for identity theft or to commit other forms of cybercrime. Conficker is most likely controlled by an organized crime syndicate in Asia, Eastern Europe, or South America, and the group may even rent out Conficker's capabilities if the botnet every becomes active.
Conficker is a threat only if your computer does not have the latest security patches from Microsoft and an up-to-date antivirus program.

Stumble Upon Toolbar

Wednesday, April 1, 2009


The U.S. Library of Congress has begun uploading its audio archives to iTunes, and it will soon begin to post videos on YouTube, in an effort to make its materials easier for the public to access.
The library already offers the materials at its own Web site, LOC.gov, and through interactive exhibitions on its new, personalized Web site at myLOC.gov, but the expansion to YouTube and Apple's iTunes is part of the library's efforts to make its 15.3 million digital items more accessible, said Matt Raymond, the library's director of communications.
"Our broad strategy is to 'fish where the fish are,' and to use the sites that give our content added value -- in the case of iTunes, ubiquity, portability, etc.," Raymond said in an e-mail.
The decision to post audio and video on iTunes and YouTube follows a successful launch early last year of a library photo archive on Flickr. Since January 2008, the library's photos on Flickr have been viewed about 15.7 million times, and more than 20,000 Flickr users have added the Library of Congress as a contact, said Michelle Springer, digital initiatives project manager in the library's Web Service Division.
The library initially uploaded 3,100 photos to Flickr and has added 50 a week since then.
The library has already uploaded 39 podcasts to iTunes and plans more, Springer said. For its YouTube launch, in coming weeks, the library plans to start with about 100 videos.
Among the items Web surfers can expect on iTunes and YouTube are 100-year-old films from Thomas Edison's studio, book talks with contemporary authors, early industrial films from Westinghouse factories, first-person audio accounts of life in slavery, and inside looks into the library's holdings, including the rough draft of the Declaration of Independence and the contents of President Abraham Lincoln's pockets on the night of his assassination.
The library also has a Twitter stream, and library information is available on more than 30 RSS feeds and e-mail alert services. The library also launched one of the first blogs from a federal agency.
Asked why the library chose YouTube and iTunes, Raymond said the library will continue to explore other ways to share its holdings.
"The library is in an exploration stage with these new media distribution channels," Springer added. "These services are a place to start learning, but our agreements are not exclusive, so other services are certainly possible in the future."
On Thursday, the U.S. General Services Administration announced agreements with Flickr, YouTube, Vimeo and blip.tv that will allow other federal agencies to participate in new media, library officials said. GSA plans to negotiate agreements with other providers.

Stumble Upon Toolbar

Tuesday, March 31, 2009


Google Earth 5.0 is a fun and free way to waste time, and now it’s even better with the updated Mars in Google Earth, a 3D mapping tool that lets astronomy buffs and armchair astronauts roam the Red Planet.
You now can view antique maps of Mars from over a century ago, as well as the latest images from today’s Mars spacecraft. In addition, you can go on virtual flybys with NASA’s Mars Odyssey and Mars Reconnaissance Orbiter, and get guided tours of the planet from Public Radio’s Ira Flatow and Bill Nye, the Science Guy.
For a quick tutorial of the new Mars in Google Earth features, check out this Google overview.
Below is a brief summary of the highlights:
To travel to the Red Planet, go to the top toolbar and click “Mars.”

This flies you to the Mars, where you can explore current maps or travel back in time to see antique maps by astronomers Giovanni Schiaparelli, Percival Lowell, and others:

For a present-day look at Mars, select images from a variety of modern spacecraft, including the Phoenix and Beagle2 landers and the Opportunity and Spirit rovers:

Conspiracy buffs will want to try the zoom tool. It’s great for exploring mysterious imagery like the Face on Mars:

A guided audio tour helps you find your way around the planet. You can pause the tour to explore areas of interest like the Valles Marineris, a vast system of canyons that’s 1860 miles long:

You can even see satellite images being taken by the NASA THEMIS camera onboard the Mars Odyssey spacecraft.

Mars in Google Earth is a lot of fun! (Sorry, no GPS navigation yet for the Red Planet.)

Stumble Upon Toolbar

Monday, March 30, 2009


With Hollywood actor Mark Wahlberg failing to impress as the big screen iteration of videogame anti-hero Max Payne, ever-controversial software developer Rockstar Games has this week announced it’s preparing its hard-hitting franchise for yet another all-action outing.
Presently in production at Rockstar’s Vancouver-based studio in Canada, Max Payne 3 has been issued with a scheduled release of “Winter 2009” and will be available on the PlayStation 3, Xbox 360 and Games for Windows, according to an official statement.
“We’re starting a new chapter of Max’s life with this game,” enthused Sam Houser, founder of Rockstar Games. “This is Max as we’ve never seen him before, a few years older, more world-weary and cynical than ever.”
While little is presently known about Max Payne 3’s narrative or gameplay structure, an early poster image suggests adult themes typical of the series thanks to a heavily scarred Max sporting a greying beard and blood spattered liberally across his face and neck.
The only nuggets of information dropped by Rockstar see Max emroiled in a world of corruption, turmoil and intense violence as he leaves New York behind and drifts “from bad to worse” on a search for truth that involves being double crossed and trapped in a city filled with violence and bloodshed – staples of the first two series offerings.
“We experience the downward spiral of his life after the events of Max Payne 2 and witness his last chance for salvation,” added Houser.
Developer Rockstar Games is best known for its often controversial but critically acclaimed Grand Theft Auto games, along with similarly highlighted offerings such as Manhunt, Manhunt 2, and Bully (a.k.a. Canis Canem Edit).

Stumble Upon Toolbar

Sunday, March 29, 2009


Expanding the on-the-go reach of its hugely popular video-sharing Web site YouTube, search giant Google Inc. has this week introduced a mobile application specifically for Windows Mobile and Nokia Symbian Series 60 (S60) handset devices.
Beyond expanding the user base of the YouTube application, an official announcement posted to the Google Mobile blog promises “up to 90%” faster start-up times, searches and video loads, while improved access is likely via the addition of a specific YouTube icon to the host phone’s home screen.
“Our goal is to provide you with a great YouTube experience wherever you want to watch videos – whether it’s on your computers, on your television, or on your mobile phone,” outlined Dave Stewart of YouTube’s product marketing team.
“While YouTube has been available for many mobile phones for over a year, today we’re taking a big step forward with a new version of our mobile YouTube application,” he added.
In terms of mobile video performance, the application automatically detects the user’s assigned network capabilities and selects the highest available streaming quality, which Google claims will provide videos that “will look sharper,” and sound that’s “clearer than ever.”
Other enhancements include improved optimised streaming over Wi-Fi and 3G to support an even wider range of networks, while buffering is similarly pushed in order to ensure video playback is possible even in areas where coverage is weakened.
With Google trumpeting that it has “worked really hard to make video playback ‘just work,’” the YouTube application requires no configuration beyond its initial installation and alerts its users whenever updates or improvements become available for the mobile platform.

Stumble Upon Toolbar

Friday, March 27, 2009


President Barack Obama plans to answer questions on that were submitted to the White House through Google Moderator.
On Monday, Obama posted a message on YouTube, which has received more than 10,000 hits to date, telling Americans that "we're going to take advantage of the Internet to bring all of you to the White House to talk about the economy."
The White House is using Google Moderator, an application that allows users to pose questions
and vote on ones that they like. There are 11 categories on the site including small business, veterans and health-care reform. Nearly 12,000 people had submitted questions and cast more than 420,000 votes by Wednesday.
"We're going to compile those questions and votes and then on Thursday I'll be giving you some answers myself," Obama said in his YouTube address. The administration will have a lot of work, though, as nearly 14,000 questions have been submitted so far.
Under the home ownership category the question with the most votes is: "What benefits from the stimulus plan are there to those of us who are paying our mortgages, but living paycheck to paycheck?"
A younger user from Washington, D.C., posed a question in the retirement security forum, "I'm 19 years old and just beginning to see my earnings deducted for Social Security. Though retirement is a long while away, how can you guarantee that this program remains solvent?"
Calling the project an "experiment" Obama said that "it's also an exciting opportunity for me to look at a computer and get a snapshot of what Americans across the country care about."

For custom essays and solution to your essay making problems...visit New Wave Essays

Stumble Upon Toolbar

Tuesday, March 24, 2009


Microsoft Corp. may be talking up the performance boost it gave to the just-launched Internet Explorer 8 (IE8), but the new browser remains the slowest of the top five on the market, benchmark tests show.
According to JavaScript rendering tests run by Computerworld, the final version of IE8 is only slightly faster than the browser's Release Candidate 1 (RC1), which Microsoft delivered in January.
Computerworld ran the SunSpider benchmark tests in Windows XP three times for each browser, then averaged the scores.
Google Inc.'s Chrome led all browsers with a score of just 1382 -- in SunSpider, lower scores are better -- making it more than four times faster than IE8. Coming in second was Mozilla Corp.'s Firefox 3.0.7, followed by Apple Inc.'s Safari 3.2.2 for Windows and Opera Software's Opera 9.63.
Firefox proved to be 59% faster than IE8, while Safari was 47 faster faster. Opera, the slowest non-Microsoft production browser, was still 38 percent faster than IE8.
Microsoft, however, has continued to downplay benchmarks such as SunSpider, and instead has promoted page-load time trials that pit browsers against each other in rendering the Web's top 25 destinations. Last week, Microsoft claimed that IE8 loaded more sites faster than either Chrome or Firefox.
At the time, however, James Pratt, a senior program manager for IE, acknowledged that the differences were slight. That's another angle the company has taken when it's talked about IE8's performance. In an interview yesterday, for example, Pratt called IE8 "highly competitive" with other browsers, and dubbed it "the fastest version of IE that we have ever released."
But he also acknowledged that speed is important to users. "We know that speed is critical to people who are using browsers today," Pratt said, "and we recognize that users have a choice when it comes to browser."

Stumble Upon Toolbar

Sunday, March 22, 2009


Google has upped the ante in the browser speed wars and added a handful of features with a new 2.0 beta version of its Chrome Web browser (you can download the browser here)
. Though Chrome version 1.0 emerged from beta in December, Google decided to move it back into beta testing and tinker. For those who aren't interested in playing with a beta edition, Google still offers the stable version for everyday Chrome users, as well as a developer version.
According to the official Google Chrome blog, the new beta version processes Javascript 25 percent faster on its V8 (the engine on which Chrome is built) benchmark, 35 percent faster on the Sunspider benchmark, and twice as fast as its original beta. Chrome beta also includes features such as form autofill; a full-page zoom that captures not only text but images; autoscroll when you click your mouse's scroll button; and dragging tabs -- a neat feature that puts your tabs in side-by-side symmetrically-sized windows when you drag a tab outside of the original browser window.
Browsing with the Chrome beta and you will find that its speed boost and add-ons made the browser function like a quicker, cleaner version of Firefox. Downloaders should beware, though: Some reports caution that Chrome 2.0 beta is buggy and users have experienced problems with password management.
Last month Apple introduced a souped-up version of its Safari browser, claiming it was faster than its competitors Internet Explorer, Chrome, and Firefox. If Google's claim that this latest beta version of its browser is twice as fast as the original, It would be interesting to see where this leaves Apple and Google in the faster-is-better browser wars.

Stumble Upon Toolbar

Friday, March 20, 2009


The third Conficker malware variant in infected machines is set to activate April 1, says the director of threat research at CA where the malware sample first discovered last week by Symantec is being examined.
"It's set to go off April 1, 2009 and Conficker will generate 50,000 URLS daily," says Don DeBolt, CA's director of threat research.
Generating that many URLs is a way to hide where it may be calling to download instructions from those who designed it to infected machines. It's not known exactly what those instructions might be but it could involve downloading more malicious code or destroying files.
Antivirus vendor Symantec has also warned of a third wave of Conficker attacks.
CA says it has some ideas about where Conficker originated but isn't discussing that at present.

Stumble Upon Toolbar

Wednesday, March 18, 2009


Microsoft Corp. says that its own speed tests prove Internet Explorer 8 (IE8) is faster than either Firefox or Chrome.
In a report released last week, Microsoft spelled out how it tests browsers in-house, and again stressed that it doesn't buy the idea that benchmarks -- such as those that score JavaScript performance -- accurately compare the players.
"These benchmarks necessarily characterize only a narrow set of the browser functions in a very constrained way," Microsoft's report said. "End users, however, do not operate in a controlled environment."
Microsoft's tests pitted IE8 Release Candidate 1 (RC1), which launched in late January, against Google Inc.'s Chrome 1.0 and Mozilla Corp.'s Firefox 3.0.5, a version from mid-December. The company timed how long it took each browser to completely render the 25 most-popular destinations on the Web, as ranked by the Web metrics firm comScore Inc., which included google.com, facebook.com, amazon.com, and others.
IE8 was fastest in rendering 12 of the 25 sites, said Microsoft, while Chrome took second by beating the others on nine sites. Firefox, meanwhile, was a distant third, coming in first on just four of the 25 domains.
Microsoft did not test other browsers, such as Apple Inc.'s Safari or Opera Software ASA's Opera, said James Pratt, a senior product manager on the IE development team, because it wanted to focus on rivals that "had a good share on the Windows platform."
Both Opera and Safari for Windows have shares of less than 1%, according to the most recent data from Net Applications Inc., with the former, on all platforms, accounting for 0.7% and the latter just 0.3%.
Nor did Microsoft put IE8 in the ring with later versions of Chrome and Firefox. Chrome, for instance, is currently at as a developer-only build, while Firefox just rolled out 3.1 Beta 2. Both browsers boast better performance, specifically faster JavaScript rendering. "IE8 RC1 is a release candidate, and was very close to being done," explained Pratt when asked why newer versions of Chrome and Firefox had not been used. "But Google and Mozilla were still actively working on [those newer browsers], and they weren't super stable."
JavaScript benchmarks have become a point of dispute between Microsoft and its rivals. While Mozilla, Google, Apple and Opera have all updated their JavaScript engines in the last eight months, and have then trumpeted scores in JavaScript test suites like SunSpider, Microsoft executives have dismissed the bragging as so much noise.
Dean Hachamovitch, IE's general manager, has called claims of competitors a "drag race" that Microsoft isn't interested in joining, while Pratt has downplayed comparisons of any kind. "We're at the point, with what people do in the browser, that users can't really tell the difference between browser [performance]," he said in a January interview.
Pratt said that the just-released report backed that up. "As you can see from the scores, the differences between the browsers are actually very small," he said.
When Computerworld last tested the major browsers' JavaScript performance, immediately after the release of the public beta of Safari 4, IE8 ranked last.
Although Google did not respond to a request for comment on Microsoft's benchmarks, Mozilla's Mike Shaver, who heads all development at the company, applauded any attempt to boost IE's performance. "I don't think anyone here has had a chance to really look at their methodology yet or tried to reproduce their results, but to whatever extent Microsoft is working to improve the performance of IE it's a good thing for the Web," said Shaver in an e-mail late Thursday.

Stumble Upon Toolbar

Monday, March 16, 2009


Google knows who you are. It knows what you search for. It knows what you had for dinner last night and exactly where you like your back to be scratched. And, starting Wednesday, it will deliver ads tailored directly to you.
In a blog post titled "Making ads more interesting," VP of Product Management Susan Wojcicki describes Google's decision to move into behavioral advertising. To wit:
We think we can make online advertising even more relevant and useful by using additional information about the websites people visit. Today we are launching "interest-based" advertising as a beta test on our partner sites and on YouTube. These ads will associate categories of interest -- say sports, gardening, cars, pets -- with your browser, based on the types of sites you visit and the pages you view. We may then use those interest categories to show you more relevant text and display ads.
In other words, the ads Google displays won't just pull from the search terms you're using. Google will also look at all the sites you've visited lately. So if you're searching for, say, "baby wipes" and all you see are ads for porn, Google knows you've been a naughty little monkey.
[Note: Porn is not one of Google's officially sanctioned "categories of interest," but you get the idea.]
The concept isn't new; behavioral ad companies were all the rage a few years ago, which is why AOL, Microsoft, and Yahoo all bought one of their very own. But Google is the proverbial 8,000-pound gorilla -- when it does something, there's usually a boatload of banana peels to slip on.
There are limits, of course. Google associates the ads to a cookie in your browser, not your identity; so it will know about the naughtiness, but won't know which monkey is responsible. If you don't like the idea of Google delivering ads based on your surfing habits -- or you want it to know some of your interests, but not all of them -- you can change the settings in Google's Ads Preferences Manager. You can also opt out entirely, and install a plug-in for IE or Firefox that maintains your opt-out choice even when you nuke all your other cookies.

Stumble Upon Toolbar

Sunday, March 15, 2009


Is Nokia looking to play ASUS and Acer at their own hardware game?

Technology companies intent on increasing their product reach by implementing manufacturing crossovers seems to be a habit that’s gathering momentum.
Moreover, while Netbook heavyweights ASUS and Acer have recently expanded into the world of smartphones, mobile phone titan Nokia has announced a shift of focus towards computer hardware.
Speaking in a recent Finnish television interview with YLE, Nokia CEO Olli-Pekka Kallasvuo has said the Espoo-based market leader is considering plans to begin production of its own line of mobile computer systems, describing the new devices as capable of merging the features and functions of a PC along with those of a mobile handset.
“We don’t have to look even for five years from now to see that what we know as a mobile phone and what we know as a PC are in many ways converging,” said Kallasvuo regarding a move towards portable computing. “We are looking very actively also at this opportunity.”
According to tech publication ITProPortal, a related report offered up by the “well-connected” folks at Unwiredview claims Nokia has already progressed its plans to the point of creating a functional mobile computing device built on an open-source Linux operating system.
The report also suggests the platform could ultimately function on Nokia's own Symbian operating system and physically resembles the Nokia N800 touch-screen Tablet (pictured), which, if true, would eliminate a fully-fledged move into the ultra-portable Netbook or traditional notebook computer category.
Other features apparently crammed into the diminutive device, which is supposed to be on schedule for a 2011 arrival, includes ARM’s multi-core Cortex A9 Sparrow processor and a somewhat unusual button-equipped keyboard with diamond-shaped keys.

Stumble Upon Toolbar

Saturday, March 14, 2009


It's not possible to emphasise enough the importance of using sensible passwords on your network.
Not just on the areas of your network that you don't want your users to traipse through, but also on the default network shares that are present on installations of commonly used operating systems like Windows NT/2000/XP/2003.
One of the ways in which the Conficker worm (also known as Confick or Downadup) uses to spread is to try and batter its way into ADMIN$ shares using a long list of different passwords.
As you can see in the list below, it relies upon computers using poorly chosen passwords such as dictionary words, "password", "qwerty" or sequences of letters or repeated numbers:

click on the image for a larger view or save the image for your own guide:

One way to make it harder for password-cracking malware like Conficker from spreading across your network is to ensure that no-one is using a poorly-chosen password.
And, of course, please don't delay installing the critical security patch that Microsoft issued late last year.

Stumble Upon Toolbar

Friday, March 13, 2009


A report by Secunia finds the vulnerabilities in Mozilla Firefox greatly outnumbered those in Internet Explorer, Apple Safari and other browsers in 2008. However, Mozilla was quicker to react than Microsoft when dealing with vulnerabilities disclosed publicly without prior vendor notification, Secunia says.
Mozilla's Firefox Web browser has been gaining market share against Microsoft Internet Explorer for years now. However, in 2008 it surpassed IE in a far less glorious category: number of bugs.
According to browser vulnerability research by Secunia(PDF) 115 security vulnerabilities in Firefox were reported in 2008—nearly twice as many as IE and Apple Safari combined. However, the news is not all bad, as the same report showed that Mozilla was much quicker to respond than Microsoft when flaws were publicly disclosed either prior to or without vendor notification.
Three Firefox vulnerabilities were publicized last year under those conditions. All three were patched, with the longest patch taking 86 days to arrive, according to Secunia. For IE, however, only three of the six such vulnerabilities were patched as of Dec. 31. One of the IE vulnerabilities remained open for 294 days in 2008, according to the report.
The report noted that not all vulnerabilities are created equal. The three aforementioned Firefox flaws were rated "less critical," while the Microsoft vulnerabilities were more of a mixed bag. The three unpatched IE flaws were rated either "not critical" or "less critical." Two of the patched bugs were classified as "moderate" and "high," while the third patched bug was considered "less critical."
On March 4, Mozilla released an update plugging eight security holes in Firefox 3.07, of which six were rated critical. The vulnerabilities affect the browser's garbage collection, PNG libraries, layout and JavaScript engines.
The critical vulnerabilities could enable hackers to run arbitrary code. But there is also a vulnerability rated "high" that could allow a Web site to use nsIRDFService and a cross-domain redirect to steal private data from users authenticated to the redirected Web site.
The update came a day after Opera Software issued a security update for its browser, and roughly a week after Apple released a beta version of Safari 4.

Stumble Upon Toolbar

Thursday, March 12, 2009


Computer games are good for children, according to a Microsoft-commissioned survey in the U.K. that seeks to pacify parents concerned by violence, sex and swearing in games such as Grand Theft Auto IV.
The Play Smart, Play Safe study, which surveyed 2500 parents, found that games are a "great social experience". Sixty-one percent of parents allowed their children to play games labeled with a higher age rating, although 42 percent were worried about their sons and daughters communicating with older users online.
More than fifty percent said games bring families closer together. However, the Microsoft-backed report also surveyed 1000 children, and found 69 percent of them wanted their parents to keep a closer eye on the age certificates of the games they played.
Eight-one percent of British children play computer games at least once a week, according to the research, with more than 75 percent playing against other gamers online.
Mike Rawlinson, director-general of the Entertainment and Leisure Software Publishers Association (ELPSA), told The Telegraph that the fact that so many children are playing games online "reinforces the need for a single age ratings system that protects British children, both on- and off-line, now and in the future".
"This is why the games industry is totally committed to PEGI, the independently regulated Pan-European Game Information System, which we're asking the government to enforce through UK law," he said.

Stumble Upon Toolbar

Tuesday, March 10, 2009


click on the image for a bigger view . . .

Google Earth is once again making news after reports last week that previously blurred images of a British Naval base and images of what are clearly two nuclear subs appeared in the clear. While the images are sensitive, this type of exposure is a fact of life when you consider the nature of the Internet and the availability of satellite imagery.

UK tabloid newspaper, The Sun broke the story of the base located Faslane, Scotland, which had been blurred in the past on Google Earth. However, a recent update kept the images clean and that has caused some to worry, including FUD that terrorists will use images like this to launch attacks. It’s happened before true, but more often than not, the images available from Google and other sources are used as a secondary level of intelligence.

Yet, speaking to The Sun, an MOD spokesman said, “We do everything to protect bases but it’s impossible to control all websites providing satellite imagery. If people are really determined to target these sites they can find these images and there is nothing we can do to stop them.”
It is important to note, the location of the base is well-established. That is not the issue; the problem is the detailed location of the buildings. Google said that they work with governments to blur images if asked, but would not comment on any discussions or why they images are still visible.

Stumble Upon Toolbar

Friday, March 6, 2009


Opera today released an update to its Web browser that closes a number of security holes, including one the company rates "Extremely Severe."
The flaw would allow a specially crafted jpeg image to crash Opera and run any command on your PC, which is about as bad as it gets: If you browsed a site with one poisoned image, you could end up with malware.
The new version, 9.64 (release notes), also adds support for two Windows security mechanisms, Data Execution Prevention (DEP) in Windows XP and Address Space Layout Randomization (ASLR) in Windows Vista. So if you use Opera, get this must-have fix by clicking Help | Check for Updates. Opera still annoys with a lack of an auto-update feature, so you'll have to download and run the 5.4 MB installation file to upgrade.
Meanwhile, Secunia warned today of a security flaw in the Winamp media player that can also allow an attacker to have his way with your PC if you open a malicious CAF audio file. Secunia reports that the flaw exists in the latest downloadable version, 5.55, as well as 5.541 and possibly other versions as well. And there's no word yet of a fix, so be extra careful with CAF files.

Stumble Upon Toolbar

Thursday, March 5, 2009


If the videogame blogosphere is to be believed, the once mighty PlayStation brand is on the verge of flopping thanks to the pennywise dominance of Nintendo and Microsoft hardware and a consumer demographic unwilling to invest greater sums of money in Sony’s Blu-ray-equipped PlayStation 3.
However, Sony Computer Entertainment would beg to differ. Having this week rebuffed analyst claims of an imminent price cut to its PS3 console, and highlighting fiscal performance that’s on track for 10 million unit sales, Sony has also moved to draw attention to the successful spread of its PlayStation Network (PSN).
Sony has today announced it has taken the PlayStation Network just 27 months to amass more the 20 million registered users, a substantial figure that outstrips the 17 million users presently active on Microsoft’s Xbox Live network, which is in its seventh year of service.
While both PSN and Xbox Live offer largely similar platforms, including online multiplayer access, demo and trailer downloads, exclusive add-on content, and global gamer socialising, the two differ massively insofar as Xbox Live costs $50 USD per year for full access, while usage on the PlayStation Network is completely free.
Available around the world in 55 countries, the PlayStation Network currently offers some 14,500 downloadable media items (including game content, movies and TV shows) and has already delivered more than 380 million digital downloads with an accompanying value of $180 million USD.

Stumble Upon Toolbar


There haven't been many brand-new camera announcements thus far at PMA 2009, the big camera trade show, but Kodak jumped into the fray today by unveiling the Kodak EasyShare Z915.
The Z915 is a pocketable, AA-battery-powered, 10x optical zoom camera (35mm wide-angle to 350mm telephoto) for the recession-friendly price of $200. A 10-megapixel sensor, optical image stabilization, automatic scene optimization, and a 2.5-inch LCD screen are also in the mix.
The Kodak EasyShare Z915 is due in April in a variety of color options: black, gray, blue, and red.

Stumble Upon Toolbar

Wednesday, March 4, 2009


Survey reveals kids spend 87 hours per year surfing porn.
If you’re a concerned but trusting parent striving to avoid staring over your child’s shoulder while they’re surfing the Web, the results of a new study into the online habits of teenagers suggests more stringent monitoring would be well worth considering.
More pointedly, a recent survey carried out by software solutions outfit Cyber Sentinel has revealed that teenage Web users in the UK are spending an average of 1hr and 40mins a week looking at online pornography – which equates to some 87 hours per year.
Beyond the draw and easy access of illicit adult material, the survey of 1,000 teens aged between 13 and 19 also discovered that many are keen on perusing diet and weight-loss Web sites for around 1hr and 35mins per week, while investing a further 1hr and 8mins per week into cosmetic surgery sites.
According to Ellie Puddle, marketing director for Cyber Sentinel, the survey results show that UK teens are using easy online access as a way to avoid asking their parents about a range contentious topics brought to their attention “as a result of modern-day pressures.”
When quizzed as to their online habits, most of the teenage survey respondents admitted they were often left alone with Web access for as much as two hours per day, while around a third said they did actively attempt to hide their online activity from their parents.

Stumble Upon Toolbar

Tuesday, March 3, 2009


A researcher has found a convincing way to hack the Secure Sockets Layer (SSL) protocol used to secure logins to a range of Websites, including e-commerce and banking sites.
Using a specially-created app, 'SSLstrip', a researcher calling himself Moxie Marlinspike demonstrated to Black Hat Arlington, Va attendees at last weekend's conference how vulnerable many SSL connections were to an involved but clever man-in-the-middle (MitM) attack where a hacker could proxy traffic from users accessing genuine secure https:// website logins.
To prove the usefulness of the attack to a hypothetical criminal, he claimed the hack had given him access to 117 e-mail accounts, 16 credit card numbers, 7 PayPal log-ins and over 300 other "miscellaneous secure logins" in a 24-hour period. Sites involved included Ticketmaster, Paypal, LinkedIn, Hotmail, and Gmail.
The clever bit is that the attack didn't need to touch the encrypted SSL traffic at all, simply exploit the fact that users almost never call https directly, instead accessing that by calling a conventional http web page first. That fact makes it possible to monitor and map the traffic between the browser and website before the SSL is set up securely, putting itself between the two so that neither site is aware that anything is amiss.
According to Marlinspike, the hack is also able to overcome the possibility that the browser will generate invalid certificate warnings from the fake proxy site, even passing back convincing if bogus favicons such as the traditional https padlock. The only signal that something is wrong would be the lack of the https:// address in the toolbar, something few users would likely notice, he said.

"Lots of times the security of HTTPS comes down to the security of HTTP, and HTTP is not secure," says Marlinspike in his presentation summary . "If we want to avoid the dialogs of death, start with HTTP not HTTPS."
Importantly, the visual indicators that help ordinary users detect such attacks should once again be emphasised, overturning some years in which developers, including browser developers, had downplayed such reinforcement.
"Once we've got control of that, we can do all kinds of stuff to re-introduce the positive indicators people might miss," he says.
An indirect hack on the secure web infrastructure was reported some weeks ago, whereby a flaw in the MD5 encryption algorithm was used to fool certificate authorities into accepting a bogus certificate as the real thing.

Stumble Upon Toolbar

Friday, February 27, 2009


Hackers infiltrated popular tech business site eWeek.com using Google's DoubleClick banner ads as a vehicle. Websense caught the malicious coding and published its results, which spurred eWeek to scour its code and remove all phony advertisements.
The pest, named Anti-Virus-1, is complicated and smart. The advertisements are for antivirus software, and when a user clicked on them, the ads redirect to a pornography Website through a series of iframes. Then a PDF pops up loaded with evil code, exploiting a weakness currently festering in the Adobe systems; or the file index.php redirects to the rogue ad server. The server places a file named "winratit.exe" into the user's temporary files folder and stays there without any user interaction.
If the user tries to cleanse the computer by visiting any of several popular software downloading sites, the hack has a twist of the blade waiting: the host file is modified to redirect to even more malicious Websites offering further rogue downloads.
eWeek may not be the first popular Website to be attacked."Given DoubleClick's tremendous reach,it's possible the rogue ads have shown up on Websites other than eWeek," Websense Vice President of Security Research Dan Hubbard told The Register.

Stumble Upon Toolbar

Wednesday, February 25, 2009


Following the news that hackers took control of Twitter accounts belonging to a number of celebrities including Barack Obama and Britney Spears, security firm Sophos has revealed that Miley Cyrus is the latest celebrity to have her account with the micro-blogging service compromised.
Cyrus, who stars in the Disney Channel show 'Hannah Montana' and is the daughter of country-music legend Billy Ray Cyrus, found hackers had left poorly-spelt offensive messages on her Twitter page, after accessing her account details. The micro-blogging service has since shut down the page.
"This is just the latest hacking incident to happen on Twitter and chances are it's not going to be the last," said Graham Cluley, senior technology consultant at Sophos.
"Cybercriminals are only ever one step behind the latest computer craze and as tweeting has been growing in popularity, the hackers have been quick to realise the potential in hacking these accounts."
"It appears that Miley didn't learn the lesson last year and hasn't been taking enough care over her password security," Cluely added in reference to an incident last year when hackers broke into her email account and stole photographs of the star, which were later posted on the web.

Stumble Upon Toolbar

Tuesday, February 24, 2009


What's the most common type of malware on the Internet? Viruses? Botnet code? How about password-stealing worms, designed to victimize online gamers?
Microsoft said Thursday it had removed nearly 1 million samples of a particularly virulent password-stealing worm in the first half of February. The company's Malicious Software Removal Tool (MSRT) rooted out more than 981,000 copies of a family of programs called Win32/Taterf, best known for stealing usernames and passwords for games such as World of Warcraft, Legend of Mir and Gamania.
Taterf has been especially widespread for months now. Microsoft removed more than 700,000 copies of it in one day alone last year. The worm is a mutated version of another password stealer, known as Win32/Frethog -- Microsoft has zapped nearly 317,000 copies of Frethog this month.
Online passwords are a popular target because they can be turned to cash, often in untraceable ways. The criminals use the hacked accounts to steal characters and virtual gold or other treasures, which are then sold to fans who pay real-world cash.
Although China has traditionally been the top spot for password-stealing infections, that seems to be changing, Microsoft said in a blog posting. In the first week of February, the top three countries, ranked by number of Taterf infections, were the U.S., Taiwan and Korea, respectively.
The MSRT is available free of charge to Windows users, and it gets monthly updates from Microsoft. Because it is so widely used, it can have a major effect on any piece of malware. MSRT is credited with crushing the notorious Storm worm in 2007.
This month Microsoft added MSRT detection for another notorious botnet, called Srizbi. Total number of Srizbi infections removed since the update: 38,697.

Stumble Upon Toolbar

Thursday, February 5, 2009


Mozilla developers released the latest version of their Firefox browser Tuesday, version 3.0.6, which fixes several security bugs in the software.
The most critical issues are bugs in the browser's JavaScript and layout engines that could be exploited by attackers to run unauthorized software on a victim's PC, Mozilla said. The flaws also affect Mozilla's Thunderbird e-mail client and SeaMonkey Internet software suite.
The update, Firefox's first of the year, also fixes five other security bugs in the browser, all of which are considered less critical.
The update includes some other performance and stability improvements, including new code that will help scripted commands, such as those used by Adblock Plus, to work better with plug-ins, and addresses a few display issues reported by users.

Stumble Upon Toolbar

Tuesday, February 3, 2009


A total of 6.37 billion text messages were sent through their messaging systems across Asia Pacific over the 2008/2009 Christmas and New Year period.
According to Acision, the communication solutions provider, short message service (SMS) messages formed a large majority of the traffic with 6.36 billion messages, while multimedia messaging service (MMS) messages were recorded at 9.54 million messages.
Philippines sent most messages
The top five countries with the highest SMS traffic processed over the festive season were the Philippines, again leading the ranking with 2.36 billion messages, closely followed by Indonesia (1.193 billion), Malaysia (1.075 billion) and Pakistan (763 million).
Boudewijn Pesch, managing director of Acision, Asia Pacific, said, "The festive season still remains a favourite high traffic period for operators and consumers alike. Compared to last year's traffic, this year the total messaging traffic in Asia Pacific grew by 40 percent."
MMS picks up
"In addition, we are seeing MMS traffic picking up pace across the region with 9.5 million MMS messages processed during this festive season. MMS traffic is bound to increase as consumers become increasingly savvy in interacting with their personal blog sites and applications such as Facebook", Pesch said.
In terms of year-on-year growth, Pakistan traffic volume grew by 253 percent compared to last year during the same period. Other markets that experienced high messaging growth include Philippines (65 percent), Australia (57 percent), Indonesia (27 percent) and Malaysia (13 percent).
"We are seeing a continued demand for robust and reliable SMS infrastructure and high quality end-to-end SMS solutions, as more and more mobile operators place their trust in the Acision's high performance SMSC", Pesch said.

Stumble Upon Toolbar

Monday, February 2, 2009


The odds are pretty good that this will never happen to you, but should a floating head of U.S. President Barack Obama pop up on your desktop Monday morning, know this: You've been hit with the Obama worm.
The worm was spotted this past Monday after it infected PCs at a preparatory school in Metairie, Louisiana, and was first reported by Walling Data, a value-added reseller in Claremont, North Carolina. Though it is not detected by any antivirus products right now, it is not considered to be a serious threat because it has infected so few systems.
The worm spreads via USB drive, using the Windows autorun feature to install itself automatically on any drive it connects with. Unlike most of today's profit-driven malware, the Obama worm doesn't steal your credit card number or turn your PC into a remote-controlled zombie system. In fact, it isn't designed to do anything besides float a small picture of Obama at the bottom right corner of your desktop all day every Monday.
Unfortunately, it is so badly written that the worm gradually renders any PC it is run on completely useless, according to Rob Koliha, Walling Data's director of innovation. "It will basically prevent execution of any kind of files."
Because antivirus programs don't detect it yet, it's also hard to know when you've been infected, except on Monday.

Stumble Upon Toolbar

Saturday, January 31, 2009


The gales of the Blackberry Storm just weren't strong enough to wash away Apple's iPhone success. Between its average reviews and customer complaints over bugs and OS stability, the Storm seems to have severely underperformed in customer satisfaction. And now, the latest figures from Blackberry maker Research In Motion (RIM) show that it has underperformed in sales, too.
Only half million Blackberry Storm devices were sold in the U.S. since November, according to the Wall Street Journal . During the same holiday period, Apple sold more than two million iPhones, totaling over a quarter of the North American smartphone market. RIM's shares have also dropped more than 5 percent since news broke that Storm users are still unhappy with their experience on the device.
Speculation from various sources blames Blackberry Storm's woes on the phone's software glitches, crashes, and bugs. Many of these these problems occurred because of Research In Motion's eagerness to make the Storm available in time for the 2008 holiday season, starting with Black Friday, the biggest shopping day of the year.
RIM tried to address users' complaints and released a software fix for the Blackberry Storm in December. Despite that fix, many users remained unsatisfied with the device's basic functionality, such as the lack of a conventional QWERTY keyboard when the phone is used in portrait mode-a feature that's available on the iPhone and other touch-screen smart phones. RIM officials acknowledged Storm's further software issues and promised another update that will solve many of the phone's problems.
But the Blackberry Storm will soon face even more competition. A new smartphone battle is coming up this year with the imminent launch of Palm's much-hyped Pre. Nokia is also joining the game with its N97, so RIM should address users' concern quickly.

Stumble Upon Toolbar


Nokia announced three attractive new phones--and they couldn't be more boring. While most phone makers are trying to wow consumers with yet another iPhone killer or some super trendy device based on Google's Android platform, Nokia is launching middle-of-the-pack phones with features we've seen before.
Nokia reported disappointing earnings results last week, and the company expects its market share to decline even further during the first few months of 2009. These "new" phones aren't expected to hit the shelves until at least April, around the same time as Nokia's N97.
Will these new phones be able to revive Nokia's recent sagging fortunes? Well, anything's possible. Nokia currently holds a sizable chunk of the cell phone market--about 37 percent--and hopes to attract customers with usable phones and a variety of online services built around its Ovi portal. And, hey, don't we all love that distinctive Nokia ring?
So without further ado, here is Nokia's sleeper cell (phone) lineup:

Nokia 6700 Classic
This phone is a follow up to its popular 6300 model. It has a sleeker design and sports a new 5 megapixel camera, upgraded from the 6300's 2 MP shutter. The phone also features assisted GPS navigation and high-speed HSPA Internet. Nokia hasn't released official U.S. pricing for this little gem, but it should hover around $300. The 6300 is a very popular device and highly rated by users everywhere, so it's no surprise Nokia has built on this success.

The Nokia 6303 Classic
This one comes with a "large" 2.2-inch screen, a 3.2 megapixel camera, assisted GPS, a 3.5mm headphone jack, and a mobile music player. The 6303 will go for about $175.

The Nokia 2700 Classic
This phone falls in the affordable class coming in under $100. It sports a 2 megapixel camera, a music player, and a removable card slot that can take up to 2 GB of storage.
Despite my criticisms, boring but capable phones could be the right move for one of the world's largest phone makers. A sagging economy might reveal a public unwilling to shell out big bucks for the latest touch screen wonder. So these mild mannered phones just might fit the bill...or not.

Stumble Upon Toolbar

Wednesday, January 28, 2009


The Pope will be taking his 2000-year-old religious message onto the often controversial and irreverent YouTube, the Vatican announced Friday.
The Vatican's dedicated YouTube channel went live at midday on Friday, offering short video news clips of Pope Benedict XVI's activities and links to more in-depth information about the Catholic Church.
There will be no advertising on the channel and the Vatican has not paid Google for a platform on its popular file sharing site, Vatican spokesman Rev. Federico Lombardi told a press conference presenting the new communication initiative.
"The Pope sees it as a positive step," Lombardi said. The Vatican may consider in the future whether it might be possible to carry appropriate advertising on its YouTube site, but would not be doing so immediately, the spokesman said.
"We won't be making money out of the Vatican channel. We believe it is our job to bring important information to our public," Henrique De Castro, managing director of European sales and media solutions at Google, told the press conference.
Initially the channel will carry up to three new videos a day of up to two minutes in length illustrating the Pope's activities or important events taking place in the Vatican, Lombardi said.
The site will offer a number of interactivity options: the possibility of sharing videos with friends, receiving new videos via i-google and a chance to send comments to the Vatican press office, Lombardi said, but he added he could give no guarantee that all messages would be read or receive a reply from his office.
The Vatican's YouTube page will initially operate in English, Italian, Spanish and German and will carry links to its traditional online news outlets. There will be a link to the Vatican's institutional Web site that was founded in 1995, as well as to Vatican TV, Vatican Radio and Vatican State sites, Lombardi said.
"We considered it was a positive thing to be present on Google, to be present where human beings are present," Rev. Claudio Celli, president of the pontifical council for social communications, told the press conference. "This was how the journey of Christianity began."
People had been asking him why the Pope was "lowering" himself by appearing on YouTube, Celli said. "The Pope doesn't lower himself by going on Google. It's a question of having a strategic vision. This is a first small step towards becoming a church that enters into dialogue with today's world."
Asked whether Pope Benedict XVI used the Internet himself, Celli confessed that he wasn't sure. "I presume he does. Knowing the man, my answer would be affirmative."
In a speech on new technologies released Friday, the Pope praised the Internet as offering rich opportunities for dialogue, friendship and spreading the Christian message.

Stumble Upon Toolbar

Saturday, January 24, 2009


The White House on Pennsylvania Avenue isn't the only presidential home getting a renovation today. Barack Obama's virtual home, WhiteHouse.gov, also has a brand new look to go with the brand new presidency.

Inside the New WhiteHouse.gov
A revamped WhiteHouse.gov went live during Obama's inaugural ceremony this afternoon. The site features a modernized interface with rotating news headlines and an official White House blog. Upon its launch, the main headline proclaimed: "Change Has Come To America." The blog section followed suit with the title: "Change Has Come To WhiteHouse.gov."
Obama's WhiteHouse.gov also offers links to various presidential agenda and a "briefing room" that will host clips of the president's weekly video addresses. Photo slideshows and information on appointments, proclamations, and executive orders will be made available in that section as well.

Limited Interaction
Interestingly, given the ongoing focus on interaction and community involvement, the site does not appear to have an open comment function within the blog section or any other area. There is, however, a "contact" page that offers an HTML-based form to submit questions and comments to the president.
"President Obama is committed to creating the most open and accessible administration in American history," the page states. "To send questions, comments, concerns, or well-wishes to the President or his staff, please use the form below."
The introductory blog does suggest more opportunities for interaction could arise as the weeks wear on.
"Citizen participation will be a priority for the administration, and the Internet will play an important role in that," the site says. "One significant addition to WhiteHouse.gov reflects a campaign promise from the president: we will publish all non-emergency legislation to the website for five days, and allow the public to review and comment before the president signs it."

Launch Issues
Of course, no change is without its share of issues. The site offered a link to Obama's inaugural address before it was actually online, and the first blog post stated Obama had been sworn in before the ceremony had been completed. Still, the virtual transition appears to have gone more smoothly than the last (and only other to date): When President Bush first took office in 2001, his WhiteHouse.gov launched with broken links and template messages in place.

Stumble Upon Toolbar

Wednesday, January 21, 2009


Resident Evil 5, Capcom's fifth chapter in their renowned zombie-slaying survival horror franchise and first Resident Evil game on Xbox 360 and PS3, releases on March 13, 2009, but you don't have to wait two months to play the game.
A playable Resident Evil 5 demo will be available for download on Monday, January 26 on Xbox Live and about a week later on PSN. The exact date of the RE5 demo on the PlayStation 3 is unknown, but it's promised to be around February 5 when a new PSN update is scheduled to go up.

Two levels from Resident Evil 5's story mode will be included in the free demo which can be played either online or offline in the game's cooperative mode where players massacre parasitic hordes as series hero Chris Redfield and female newcomer Sheva Alomar.

It's still unconfirmed what stages in particular will be in the demo, but they'll likely be the first two levels where you battle infected villagers, the hulking axe-carrying executioner, and even the new one-eyed chainsaw-wielding madman.

Stumble Upon Toolbar

Sunday, January 18, 2009


Here's a new way to get Microsoft to pay attention to you: Slip a brief message into the malicious Trojan horse program you just wrote.
That's what an unnamed Russian hacker did recently with a variation of Win32/Zlob, a Trojan program victims are being tricked into installing on their computers.
The message is surprisingly cordial, given that Microsoft's security researchers spend their days trying to put people like Zlob's author out of business. "Just want to say 'Hello' from Russia. You are really good guys. It was a surprise for me that Microsoft can respond on threats so fast," the hacker wrote, adding, "Happy New Year, guys, and good luck!"
Zlob is one of the most common types of Trojan programs used to attack Windows these days. In a typical Zlob scam, the victim is sent a link to what looks like an interesting video. When the link is clicked, the user is told to install a multimedia codec file in order to watch the video. That file is actually malicious software.
It's not clear whether the author of this message is the creator of Zlob, according to Joe Stewart, a researcher with SecureWorks. That's because "Zlob is one of those things that gets mislabeled by AV companies a lot," he said via e-mail. "Basically any time they see malware being spread by 'you need this video codec...' messages in multimedia files, it gets the Zlob label."
This isn't the first time this particular hacker has sent a note to Microsoft's security group. Last October he wrote a slightly creepy message, saying, "I want to see your eyes the man from Windows Defender's team."
Unlike the October message, this latest note wasn't caught by Microsoft. It was found Friday by a French security researcher using the hacker handle S!Ri.
According to this latest message, it may be the Zlob hacker's last note to Microsoft. "We are closing soon," he wrote. "So, you will not see some of my great ;) ideas in that family of software."
"It warms my heart that they're 'closing soon,'" wrote Microsoft spokesman Tareq Saade in a blog post.
All things considered, hiding messages in source code may not be the most effective way of reaching the Windows Defender team. "Considering the enormous amount of malware we go through every day, it can be difficult to track follow up samples like this," Saade wrote.
The hacker also claimed that Microsoft had once offered him a job to help improve Windows Vista's security. Microsoft hired a large number of outside security consultants to test Vista's code before it was released in late 2006. "It's not interesting for me," the hacker concluded. "Just a life's irony."

Stumble Upon Toolbar

Friday, January 16, 2009


Paris Hilton's Web site has been hacked and is serving visitors a malicious Trojan program designed to steal sensitive information from their computers.
The hack was discovered by security vendor ScanSafe, which said that Parishilton.com (note: this site is not safe to visit as of press time-Jan. 13-2009) had apparently been compromised since Friday. Visitors to the site are presented with a pop-up window urging them to download software in order to enhance their viewing of the site. Whether they click "yes" or "no" on this window, the site then tries to download a malicious program, known as Trojan-Spy.Zbot.YETH, from another Web site.
"The popup points to a directory on that Web site; that's where the malware is being loaded from," said Mary Landesman, a security researcher with ScanSafe. Once installed, the Trojan steals online information and tries to install more malicious software on the victim's computer.
Landesman believes thousands of other Web sites may also be serving up this variant of the attack her firm uncovered. However, Parishilton.com, the celebrity's official Web site, is the best-known target. "The big thing with Paris Hilton is the number of visitors that she gets," Landesman said. "It's always doubly concerning when we see a high-profile Web site get compromised."
To make things worse, most antivirus products are not identifying the Trojan program being served by Parishilton.com. On Monday afternoon, only 12 of the 37 vendors tested by VirusTotal identified the Trojan.

Stumble Upon Toolbar

Wednesday, January 14, 2009


Users trying the Windows 7 beta who keep their computers safe with McAfee virus protection are in for a bit of disappointment -- and a loss of security. According to a Channel Web report, when you try to run McAfee Total Protection in the Windows 7 beta, an error message pops up. "The version of Windows installed on this machine is not supported. Please refer to the product documentation for a list of supported operating systems."

McAfee's antivirus tool isn't the only one affected by the Windows 7 beta. A thread on Norton's community forums mentions errors that occur when running Windows 7. The official response from Norton? "At this time, we do not support Windows 7. Once Windows 7 is released, we will provide solutions for the OS." In the past, prerelease copies or even early shipping versions of Windows updates were often flagged as "potential viruses" by antivirus programs (prompting lots of jokes about Windows being fingered as a virus).
One popular virus protection software that seems to be immediately compatible with Windows 7 beta is Spyware Doctor, which reports in its forums that the software is running smoothly.
Personally, I use Avast on my PC, although I haven't gotten around to checking out Windows 7 yet. It looks like Avast does have some issues, though for the most part it still runs in Windows 7.
The main problem seems to be that Windows 7 is still in beta, so no virus protection software has been optimized for the OS yet. As always when installing beta software, you do so at your own risk. Just know that this risk could impact your entire PC's security.

Stumble Upon Toolbar

Search Engine Spider Simulator

Enter URL to Spider