Infoworld has an interesting article this afternoon, that suggests that Microsoft may pay users of their MSN search out of the ad revenue that Microsoft earns from their new adertising service. Speaking of Google, Bill Gates says…
But they don’t share these advertising revenues with the end users who help them get the revenue, Gates said. “Google keeps all of the money with itself,” he added.
ZDnet has this article today of an ebay auction for information on a Microsoft Excel vulnerability that the auction-seller had notified Microsoft of.
An online auction of a “brand new vulnerability” in Microsoft Excel had reached about $60 when eBay pulled the item late Thursday.
A seller using the name “fearwall” started the auction Wednesday evening at 1 cent. It was up to $56 on Thursday afternoon with 21 bids placed, and eBay quashed the auction soon after that.
An editor at tech republic gave a challange not too long ago to Linux users to step up and offer articles along the lines of the top 10 things to do before hooking a linux pc up to the internet. Click to read the first of these submissions (I don’t know if there will be more featured, but more are viewable here.)
Freedom-to-tinker once again has continued analysis of the whole Sony DRM mess. They basically have taken a look at the ways of protecting an audio cd. Active protection (using software to prevent the duplication of music) is currently the main practical solution if you’re pursuing DRM. But what’s interesting is how much in common they have with spyware writers.
There’s a bit more detail in this betanews article on the sober worm. They basically say that the next expected “release” is January 8th, that f-secure has cracked the “code” of the worm. You see it appears that the URL’s that new versions of the worm are downloaded from are not hardcoded, but “psuedorandom” and they’ve cracked the algorithm the worm uses.
I put vulnerability in quotes because it’s looking less like a problem. (Correct me if I’m wrong.) Here’s the situation. Both Sans and Mozilla have failed to duplicate the crash although have duplicated extremely slow browser performance. Here’s the official response from mozilla.org…
We have investigated this issue and can find no basis for claims that variants of this denial-of-service attack can cause an exploitable crash, and no evidence for this claim has been offered. There does not appear to be any risk to users or their computers beyond the temporary unresponsiveness at startup.
The internet was developed essentially with a couple of goals in mind. One of those goals was to have a distributed means of communications that would be resilient to nuclear attack. The idea was this, if we have traffic, (data) that can take one of several paths to a destination, then a fatal attack on one of the communication hubs does NOT have to take down the whole connection. Anyway… there’s an article over at the Register with an interview with one of the individuals that had this groundbreaking idea.
December’s rendition of Microsoft’s monthly Patch Tuesday will feature two critical security fixes. The malicious software removal tool will also be updated…
Additionally, Microsoft will issue two non-security high-priority updates through Windows Update and Software Update Services, and three non-security high-priority updates through Microsoft Update and Windows Server Update Services. It is standard Microsoft procedure to not disclose the nature of the updates beforehand for security reasons.
Surprise!!… ummm wait, no… This article has come out while I’ve been in the midst of cleaning up a Windows ME pc that has been “0\/\/ned” (owned/controlled…) by someone other than the owner for a bit over 15 months. The system had NO antivirus, no firewall (no antispyware) and used dialup for internet. (That much said, this is probably the most infected dialup system I’ve seen… 30-100 virii, 230+spyware remnants/etc.) Anyway…. the article from cnet news claims that a recent survey found 81% of home pc users lacked either
at least one of three types of critical security–a firewall, updated antivirus software or anti-spyware protection
According to a GAO report one of the reasons that phishing and scam websites are because of a lack of enforcement and policing by registrars of accurate contact information. According to their study over 5% of sites had been registered with false data. ~2.5% had been registered with incomplete information. These findings come from a random sample of 300 domain names that they then did lookups on the domains.
Bookmark this site now by pressing Ctrl+D
