Keep your system patched or else...

Hi folks,

an article here on the fact that attackers are getting faster and faster at using flaws just after the patches are announced.

Attack code comes on heels of Microsoft patches: "Just a day after Microsoft released patches for vulnerabilities in some of its software, code designed to take advantage of those weaknesses appeared on the Internet.
Most of the patches that Microsoft issued were for flaws that were widely known. But at least two flaws were made public for the first time on Tuesday as part of the company's monthly security update.
Security firms reported finding the code on Wednesday. The exploit code for previously unknown flaws means hackers could use the code to pounce on computer systems with managers who are slow to apply patches. "

The conclusion? Ensure your windows system is patched regularly. You can read more at Windows Update Info

Paul.

You may be a Zombie (check in the mirror!)

Here's more proof that botnets, or networks of PCs inadvertantly running zombie software, are still a problem.

Microsoft: Zombies most prevalent Windows threat: "More than 60 percent of compromised Windows PCs scanned by Microsoft's Windows Malicious Software Removal Tool between January 2005 and March 2006 were found to be running malicious bot software, the company said. The tool removed at least one version of the remote-control software from about 3.5 million PCs, it added.

'Backdoor Trojans are a significant and tangible threat to Windows users,' Microsoft said in the report.

A computer compromised by such a Trojan horse, popularly referred to as a zombie PC, can be used by miscreants in a network of bots, or 'botnet', to relay spam and launch cyberattacks. Additionally, hackers often steal the victim's data and install spyware and adware on PCs, to earn a kickback from the spyware or adware maker. "

You can read what I have to say about this on my main site: Are you a Zombie?

Paul.

Paul Quirk

Is One Million Dollars Enough?

Hi folks,

here's an interesting news item reported on ZDNet. See below for my comments.

---

A major spammer who was accused of sending up to 25 million e-mails per day has settled a lawsuit with Microsoft and the state of Texas.

The settlement has cost Ryan Pitylak $1 million, as well as the seizure of many of the assets he accumulated during a short-lived career as one of the world's worst spammers.

At the peak of his spamming activity, the 24-year-old Texas resident was listed as the world's fourth most-prolific spammer by antispam group Spamhaus.

Now Pitylak is claiming something of an epiphany, saying he has seen the error of his ways and will dedicate his efforts to trying to rid the world of nuisance e-mail. He has even taken to referring to himself as an "antispam activist" in an apparent change of heart of epic proportions.

On Saturday, Pitylak wrote in his blog: "Over time I have come to see how I was wrong to think of spam as just a game of cat and mouse with corporate e-mail administrators. I now understand why so much effort is put into stopping it. The settlements with Microsoft and the Attorney General's Office have been a serious reality check: harsh but good, and in the public's best interest."

He added: "I am pleased to announce that I am now a part of the anti-spam community, having started an Internet security company that offers my clients advice on systems to protect against spam. I'm now working earnestly to help other entrepreneurs avoid the traps that deceived me and led me to make questionable business choices."

Reported by Will Sturgeon of Silicon.com reported from London.

---

What do you think of this? Does $1m seem enough? How about if I tell you his earnings from sending spam are reported as in excess of $4m! What's more he has now gained a lot of publicity for his new "legit" business. How does $1m look now? What's more it seems that much of his activity was paid for by large companies to whom he passed on the information he gained. Who's going after them? After all they sponsored his activities! In all this the definate good news is the world now has one less spammer. :-)

What do you think?

Paul.

Paul Quirk

How fast is your network connection?

Hi folks,

ZDNet have created a free to use bandwidth test. It's desperately easy to use, just click the link below and the windows will paint twice. On the second refresh it will show you link speed in the thermometer like red image.

Test you speed!

How did you do? My 2Mbs link showed up correctly as 2M.

Enjoy!

Paul.
Paul Quirk

Microsoft and Adobe squabble over PDF

Here's a fun issue to make the laywers richer...

Microsoft, Adobe squabble over PDF: "Microsoft is bracing for a legal battle in Europe with Adobe Systems, following a breakdown in negotiations last week over the use of Adobe's PDF technology in Microsoft's Office applications suite.
Microsoft, which last October announced it would support Adobe's PDF format in its upcoming Office upgrade, has reached an impasse after four months of talks, a Microsoft attorney said Friday. Adobe wants the software giant to remove the PDF 'save as' feature from its beta version of Office 2007 or to charge a fee for it, whereas Microsoft wants to offer that feature for free, said Dave Heiner, the deputy general counsel who oversees Microsoft's antitrust cases.

'The 'save as PDF' feature is the second most popular request we get from customers,' Heiner said, adding, 'Adobe has told the world that PDF is an open format...and (rival) products OpenOffice, WordPerfect Office and Apple (Computer's applications) already support PDF and tout it as a selling feature. Microsoft should be able to support PDF as well.'

Adobe has threatened to file an antitrust complaint against Microsoft with the European Commission if the software giant includes the PDF 'save as' feature in its Office 2007, Heiner added. "

What do you think about all this? If Adobe has made PDF an open format why shouldn't Microsoft offer a "Save As" feature?

Paul.
Paul Quirk

Internet Explorer 7 New Security Features

Internet Explorer V7 is available as a Beta and can be used on Windows XP. One of the big areas of change is the security features added to the product. Here's a list from Microsoft on the new features - you can use the link to go to the Microsoft page to read more and download a beta copy if you wish.

Internet Explorer 7 Security Features:

• ActiveX Opt-inDisables nearly all pre-installed ActiveX controls to prevent potentially vulnerable controls from being exposed to attack. You can easily enable or disable ActiveX controls as needed through the Information Bar and the Add-on Manager.
  Security Status BarEnhances awareness of website security and privacy settings by displaying color-coded notifications next to the address bar. Internet Explorer 7 changes the Address Bar to green for websites bearing new High Assurance certificates, indicating the site owner has completed extensive identity verification checks. Phishing Filter notifications, certificate names, and the gold padlock icon are now also adjacent to the address bar for better visibility. Certificate and privacy detail information can easily be displayed with a single click on the Security Status Bar.


• Phishing FilterProactively warns and helps protect you against potential or known fraudulent sites and blocks the site if appropriate. The opt-in filter is updated several times per hour using the latest security information from Microsoft and several industry partners.


• Cross-Domain BarriersLimits script on webpages from interacting with content from other domains or windows. This enhanced safeguard will further protect against malware by limiting the potential for malicious websites to manipulate flaws in other websites or cause you to download undesired content or software.


• Delete Browsing HistoryAllows you to clean up cached pages, passwords, form data, cookies, and history, all from a single window.


• Address Bar ProtectionEvery window, whether it's a pop-up or standard window, will present an address bar to the user, helping to block malicious sites from emulating trusted sites.


• International Domain Name Anti-spoofing. In addition to adding support for International Domain Names in URLs, Internet Explorer also notifies you when visually similar characters in the URL are not expressed in the same language, thus protecting you against sites that could otherwise appear as known, trustworthy sites.
  URL Handling SecurityRedesigned URL parsing ensures consistent processing and minimizes possible exploits. The new URL handler helps centralize critical data parsing and increases data consistency throughout the application.


• Fix My SettingsTo help protect you from browsing with unsafe settings, Internet Explorer 7 warns you with an Information Bar when current security settings may put you at risk. Within the Internet Control Panel, you will see certain critical items highlighted in red when they are unsafely configured. In addition to alerts warning you about unsafe settings, you will be reminded by the Information Bar as long as the settings remain unsafe. You can instantly reset Internet security settings to the "Medium-High" default level by clicking the "Fix My Settings" option in the Information Bar.


• Add-ons Disabled ModeTo help troubleshoot difficulties launching Internet Explorer or reaching specific websites, you have the ability to start in "No Add-ons" mode, where only critical system Add-ons are enabled.
  

One other note - all of the features above are available to users of Windows XP. There are a couple more available only on Windows Vista. As that's not yet on general release I haven't included them here.

Dell embraces Google | Tech News on ZDNet

Here's an interesting development in pre-installed software.

Dell embraces Google: "Google and Dell have agreed to a first in a series of deals to preinstall Web and desktop search software on the PC maker's computers, Google CEO Eric Schmidt said Thursday.

Speaking at a Goldman Sachs conference in Las Vegas, Schmidt discussed details of a long-rumored deal between the No. 1 search engine and the No. 1 PC maker, which is a strike against Google rival Microsoft. Under the deal, millions of Dell PCs will be loaded with the Google toolbar for Web and PC search, along with a co-branded home page, before they're shipped to consumers."

What do you think about this?