Thoughts and links from the crew of the On Computers Radio Show as we wander the Web.
Saturday, May 14, 2005
Is Firefox still safer than IE?
This is an entire newsletter and I'm really just blogging this article about Firefox vs. IE. There has been a lot of press lately about Firefox being no better than IE when it comes to security. While Firefox is not flawless (and what is?) I think this article helps clear up some of the anti-Firefox FUD (fear, uncertainty, doubt) that has been travelling the information superhighway of late.
Audience With the Podfather
Here's an interview with Adam Curry, the "Podfather". This is the first time I've heard him called that, but I have a feeling it will stick.
Court sides with Apple over "Tiger" trademark dispute
We had a big discussion on the show about this a couple of weeks ago. Now the court has ruled. TigerDirect had in the meantime narrowed its request for barring Apple from the use of the term "Tiger".
Friday, May 13, 2005
Microsoft to Deliver Automated, All-in-One PC Health Service for Consumers
Microsoft to Deliver Automated, All-in-One PC Health Service for Consumers: "Windows OneCare will span system performance, PC maintenance, data protection and security in easy-to-manage service."
Are you ready for Microsoft to protect your computer?
Joe
Are you ready for Microsoft to protect your computer?
Joe
Trend Micro Spyware Blog � There Are Spies Among Us - Protect Your Business From Spyware - ZDNet.com
Trend Micro Spyware Blog � There Are Spies Among Us - Protect Your Business From Spyware - ZDNet.com: "Spyware has become one of the top security concerns for businesses. "
This week our guest talks about this, and more on spyware.
Joe
This week our guest talks about this, and more on spyware.
Joe
� If VIA can�t do it (the $100 PC), then nobody can | Between the Lines | ZDNet.com
� If VIA can�t do it (the $100 PC), then nobody can | Between the Lines | ZDNet.com: "Over the recent year, there�s been a lot of talk about the so-called $100 PC. Last fall, during Gartner�s Symposium in Orlando, Microsoft CEO Steve Ballmer talked about why 'we' need a $100 PC. "
Is there a $100 PC out there for you?
Joe
Is there a $100 PC out there for you?
Joe
AMD to star in DreamWorks' films | Tech News on ZDNet
AMD to star in DreamWorks' films | Tech News on ZDNet: "Advanced Micro Devices will continue to play the role of behind-the-scenes hero when it comes to computer-generated films. " They are using HP severs with AMD Opteron CPU's.
Joe
Joe
� How do open source enterprises handle security? | Open Source | ZDNet.com
� How do open source enterprises handle security? | Open Source | ZDNet.com: "Because of Microsoft�s desktop dominance it has made important early moves. (And let�s not get into how much more secure Linux is than Windows. Patches even in the Linux world are no longer questions of if but when and how.)"
Are you updating your Linux box?
Joe
Are you updating your Linux box?
Joe
� Is Microsoft considering acquisition of Red Hat? | Between the Lines | ZDNet.com
� Is Microsoft considering acquisition of Red Hat? | Between the Lines | ZDNet.com: "It's amazing what happens when you step back from the trees for a view of the forest," What Microsoft going open source ?
Joe
Joe
IBM backs Firefox in-house | Tech News on ZDNet
IBM backs Firefox in-house | Tech News on ZDNet: "IBM is encouraging its employees to use Firefox, aiding the open-source Web browser's quest to chip away at Microsoft's Internet Explorer. "
Are you still using Internet Explorer? I am.
Joe
Are you still using Internet Explorer? I am.
Joe
Security gripes? Microsoft feels your pain
MS is now oficially an anti-virus vendor. This is not much of a surprise and has been rumored for months. What will it mean to the other anti-virus vendors is yest to bee seen. It looks like this will only be available as part of a security/computer care suite called OneCare.
Here's the really scary part:
"Analysts said a Microsoft antivirus product would be likely to appeal to the large percentage of consumers--close to 75 percent, by some estimates--who have no virus protection loaded on their computers."
Only 25 percent are currently using virus protection? If true, no wonder the Web is such a mess.
Here's the really scary part:
"Analysts said a Microsoft antivirus product would be likely to appeal to the large percentage of consumers--close to 75 percent, by some estimates--who have no virus protection loaded on their computers."
Only 25 percent are currently using virus protection? If true, no wonder the Web is such a mess.
Coral: The NYU Distribution Network
This is not a news flash. In fact, this is something that's been around for a year. It was off my radar until the past couple of months. Now I keep seeing the term "coralized" with increasing frequency. So I went and did a little (very little) research. If you have been wondering what these "coral" or "coralized" links are, here is the site that explains it all.
Windows for India, others won't run on faster chips
I had all kinds of comments, but I think I'll post this without further comment. Good, bad, indifferent? It's up to you. Just keep in mind this edition is only being sold to PC makers and therefore would ship with new, budget PCs intended for the home market.
Thursday, May 12, 2005
Trend Micro snaps up anti-spyware maker | Tech News on ZDNet
Trend Micro snaps up anti-spyware maker | Tech News on ZDNet: "Trend Micro, the world's third-biggest computer security software maker, on Tuesday said it is buying anti-spyware company InterMute for $15 million, to bolster the security of its own products. "
Have you tried their new scan? http://housecall.trendmicro.com
Joe
Have you tried their new scan? http://housecall.trendmicro.com
Joe
Fix in for Windows flaw | Tech News on ZDNet
Fix in for Windows flaw | Tech News on ZDNet: "Microsoft on Tuesday issued an 'important' Windows security fix as part of its monthly patch cycle, tackling a script injection vulnerability that could allow an attacker to take over a PC. "
Have you done your Window updates this week?
Joe
Have you done your Window updates this week?
Joe
Senate approves electronic ID card bill | Tech News on ZDNet
Senate approves electronic ID card bill | Tech News on ZDNet: "Last-minute attempts by online activists to halt an electronic ID card failed Tuesday when the U.S. Senate unanimously voted to impose a sweeping set of identification requirements on Americans. "
SHOW ME YOUR PAPERS!
Joe
SHOW ME YOUR PAPERS!
Joe
Microsoft, Mass. target spammers in lawsuit | Tech News on ZDNet
Microsoft, Mass. target spammers in lawsuit | Tech News on ZDNet: "Massachusetts Attorney General Tom Reilly filed suit on Wednesday against an Internet spam ring operating near Boston, using information obtained by Microsoft in its fight against unsolicited e-mail touting everything from miracle drugs to get-rich-quick schemes. "
Its about time they did something about SPAM, but is it to little to late?
Joe
Its about time they did something about SPAM, but is it to little to late?
Joe
Senators push for anti-spyware law | Tech News on ZDNet
Senators push for anti-spyware law | Tech News on ZDNet: "Congress didn't quite get around to approving an anti-spyware bill last year--it died while awaiting a Senate floor vote. "
How can Congress control what an offshore company does on the internet?
Joe
How can Congress control what an offshore company does on the internet?
Joe
Mozilla releases Firefox security update | Tech News on ZDNet
Mozilla releases Firefox security update | Tech News on ZDNet: "A security update for the Firefox open-source browser has been released by the Mozilla Foundation, a move that follows the public disclosure of exploit code for two 'extremely critical' vulnerabilities. "
Internet Explorer isn't the only browser you need to udate.
Joe
Internet Explorer isn't the only browser you need to udate.
Joe
Get Your Firefox Update
The fix for last week's security hole is ready. Firefox users should update to the latest version. As of today that is 1.04.
First State of Spyware Report Shows Bad Guys Winning
There's nothing in this TechNewsWorld article that wasn't suspected, but now the numbers are there to prove it. The report is by a company that sells anti-spyware solutions, but it does not look hyped up to any great degree. It's worth a look.
Jack
Jack
Wednesday, May 11, 2005
Y.A.M.S (or Yet Another Music Store), this time from Yahoo
Today marks the debut of Yahoo into the music store business with Y! Music Unlimited. They offer unlimited downloads for a $4.99 per month (based on an annual payment plan) from their music library. As long as you have a current supscription, you can listen to your downloads.
You can also load them on a Play for Sure compatible portable player. According to the Y! Music site Ipod users can transfer music they "already own to an Apple iPod using the Yahoo! Music Engine. Unfortunately, iPods are not currently compatible with the Yahoo! Music Unlimited subscription service." Check it out and see what you think.
You can also load them on a Play for Sure compatible portable player. According to the Y! Music site Ipod users can transfer music they "already own to an Apple iPod using the Yahoo! Music Engine. Unfortunately, iPods are not currently compatible with the Yahoo! Music Unlimited subscription service." Check it out and see what you think.
Microsoft Important Software Update
No critical security updates this month. (Thank goodness).
There are some updates. You will have to choose "Select optional software updates" instead of the normal "Review high priority updates" (since there are none of the latter).
There are some updates. You will have to choose "Select optional software updates" instead of the normal "Review high priority updates" (since there are none of the latter).
New updates include:
- Windows Rights Management (i.e., DRM)
- Cumulative update for Outlook Express
- Update for Windows Media Connect, which supports home media PnP devices such as Media Players
- Update for Windows HoghMAT support in CD writing wizard
Cisco, Major Networks Repeatedly & Successfully Hacked
The Wall Street Journal, New York Times and other sources reported yesterday that major corporations, universities, military, and government sites have been repeatedly and deeply hacked over the past year. Cisco lost source code to its IOS operating system, the brains of many enterprise and Internet infrastructure routers.
This is seriously bad news, for a number of reasons. Cisco has already faced increasing competition form Huawei, a Chinese router start-up that was sued for having used IOS code in its own routers. The hacker apparently replaced the Unix SSH module used for logins with a Trojan horse, capturing login names and passwords from numerous users, and eventually getting root-level privileges that allow any theft or modification without limit.
How can major corporations, universities, the military, and government agencies leave their networks vulnerable to this kind of hacking? The probability of an Internet-based electronic war against the United States just went up appreciably.
The Wall Street Journal online story follows:
Cisco Confirms Hacker Stole Code
By SCOTT THURM
Staff Reporter of THE WALL STREET JOURNAL
Cisco Systems Inc. said a piece of its software that appeared on a Russian Web site last year was stolen as the result of a "breach" in the company's security policy and that an alleged hacker was briefly detained in Sweden.
The stolen code was a portion of the operating system for Cisco's routers, which direct most of the traffic across the Internet. Cisco said it has been cooperating with law-enforcement agencies since the theft was discovered last May.
The New York Times reported late last night on its Web site that the theft of Cisco's code was part of a broader series of attacks on computers at U.S. universities, research laboratories, the National Aeronautics and Space Administration and the U.S. military. The Times said it wasn't known whether data from those computers were stolen or destroyed.
A Cisco spokeswoman said she couldn't comment on the purported computer break-ins at other institutions. In a statement, she said, "We have learned through the investigation that the code posted on the Internet was the result of a breach in our security policy and not the result of any exploitation or vulnerability in any Cisco product or service."
Cisco, of San Jose, Calif., doesn't know of any use of the stolen code to infiltrate or disrupt its customers' systems, the spokeswoman said. "Cisco believes that the stolen code does not create increased risk to customers' networks," she said.
In September, British police arrested a 20-year-old man in Northern England on suspicion of involvement in the theft. That man was never charged, according to a person familiar with the case.
This is seriously bad news, for a number of reasons. Cisco has already faced increasing competition form Huawei, a Chinese router start-up that was sued for having used IOS code in its own routers. The hacker apparently replaced the Unix SSH module used for logins with a Trojan horse, capturing login names and passwords from numerous users, and eventually getting root-level privileges that allow any theft or modification without limit.
How can major corporations, universities, the military, and government agencies leave their networks vulnerable to this kind of hacking? The probability of an Internet-based electronic war against the United States just went up appreciably.
The Wall Street Journal online story follows:
Cisco Confirms Hacker Stole Code
By SCOTT THURM
Staff Reporter of THE WALL STREET JOURNAL
Cisco Systems Inc. said a piece of its software that appeared on a Russian Web site last year was stolen as the result of a "breach" in the company's security policy and that an alleged hacker was briefly detained in Sweden.
The stolen code was a portion of the operating system for Cisco's routers, which direct most of the traffic across the Internet. Cisco said it has been cooperating with law-enforcement agencies since the theft was discovered last May.
The New York Times reported late last night on its Web site that the theft of Cisco's code was part of a broader series of attacks on computers at U.S. universities, research laboratories, the National Aeronautics and Space Administration and the U.S. military. The Times said it wasn't known whether data from those computers were stolen or destroyed.
A Cisco spokeswoman said she couldn't comment on the purported computer break-ins at other institutions. In a statement, she said, "We have learned through the investigation that the code posted on the Internet was the result of a breach in our security policy and not the result of any exploitation or vulnerability in any Cisco product or service."
Cisco, of San Jose, Calif., doesn't know of any use of the stolen code to infiltrate or disrupt its customers' systems, the spokeswoman said. "Cisco believes that the stolen code does not create increased risk to customers' networks," she said.
In September, British police arrested a 20-year-old man in Northern England on suspicion of involvement in the theft. That man was never charged, according to a person familiar with the case.
Tuesday, May 10, 2005
Zero-Day Firefox Exploit Sends Mozilla Scrambling
Zero-Day Firefox Exploit Sends Mozilla ScramblingFirefox Web Browser Under Attack
Do your Updates! Hmm isn't that something you tell IE users all of the time?
Joe
Do your Updates! Hmm isn't that something you tell IE users all of the time?
Joe
Monday, May 09, 2005
Mac malware door creaks open
I found this on ZDNetUK. While hardly a horrifying vulnerability, the fact that there are openings into the Mac OS X (just like every other operating system) doesn't get much press. In fact, while disclosure is good, Apple probably takes advantage of this lack of publicity to quietly get patches out the door. Thus the only publicity the vulnerability gets is the notice that it has been closed.
The trouble is that as Apple increases it's market share, it will get more attention from malware authors. Vulnerabilities will be found. It's inevitable. But with the Mac OS reputation for security, many users may be lulled into not checking for patches and/or not patching their systems.
Jack
The trouble is that as Apple increases it's market share, it will get more attention from malware authors. Vulnerabilities will be found. It's inevitable. But with the Mac OS reputation for security, many users may be lulled into not checking for patches and/or not patching their systems.
Jack
Apache eyes open-source Java project
As this CNet News.com article shows, one has to wonder if an open source implementation of a Java virtual machine (commonly called a "Java Runtime Environment" or "JRE") is really needed. There is no doubt that interest exists, though, and perhaps enough interest to develop one. The Apache Foundation thinks so.
Sun resists calls for open-sourcing the code to Java. Their interest in keeping control is to ensure adherance to the standards and so guarantee the interoperability that is at the heart of Java's attractiveness to developers. Whether you view that as right or wrong, it is a noble and compelling goal. Sun is initially welcoming the development of an open-source implementation, though I'm sure it gives them the willies over future interoperability problems. However; to call it "Java", it has to comply to the standards Sun has set and that one requirement may well stop most problems before they appear in public.
No matter what, this is one to watch. And I'm surprised to find this very controversy makes Java more attractive to developers, not less. This is because all this debate reveals just how deeply folks are committed to Java, it's welfare and it's continued growth. No one I have spoken to is convinced this debate is a bad thing.
Jack
Sun resists calls for open-sourcing the code to Java. Their interest in keeping control is to ensure adherance to the standards and so guarantee the interoperability that is at the heart of Java's attractiveness to developers. Whether you view that as right or wrong, it is a noble and compelling goal. Sun is initially welcoming the development of an open-source implementation, though I'm sure it gives them the willies over future interoperability problems. However; to call it "Java", it has to comply to the standards Sun has set and that one requirement may well stop most problems before they appear in public.
No matter what, this is one to watch. And I'm surprised to find this very controversy makes Java more attractive to developers, not less. This is because all this debate reveals just how deeply folks are committed to Java, it's welfare and it's continued growth. No one I have spoken to is convinced this debate is a bad thing.
Jack
Falling Display Prices
Digitimes has a short blurb about the displays supposed to premier at Softex Taipei, which is coming up. LCD displays are not only still getting cheaper, but performance is being enhanced. Viewsonic is supposed to offer an LCD with 4 millisecond response times, which is a significant boost, as such things go, at a very competitive price.
Even CRTs are getting cheaper, which I didn't think would happen. But a very respectable 19 inch monitor can be had for $135, if you shop hard. I guess they had to cut the prices to differentiate the CRTs from the LCDs a little more.
Jack
Even CRTs are getting cheaper, which I didn't think would happen. But a very respectable 19 inch monitor can be had for $135, if you shop hard. I guess they had to cut the prices to differentiate the CRTs from the LCDs a little more.
Jack
A Little Bit On Video
We spoke a bit about video adapters on the show, Sunday. Normally, I don't follow video developments too closely, for the simple reason they are too complex and confusing. It's just too easy to mislead you all about video.
But Sunday we alluded to how quickly high-end video components move down the market to more affordable prices and new, low or middle priced parts. Remember when 8x AGP was better than $500 a pop and only the most fanatic gamers were willing to pay for it? Well, that's changed, as illustrated by the Digitimes article at the above link. It seems NVidia is gearing up for volume production of 8x AGP parts now, increasing their capacity by over 2 million parts per month. Price cuts on some of these parts have been recently announced and more will surely come in the next few months. Bloated inventories and falling DRAM prices will accellerate this trend.
Just thought you might like to look at how prices are driven down as time goes on and R&D costs are amortized.
Jack
But Sunday we alluded to how quickly high-end video components move down the market to more affordable prices and new, low or middle priced parts. Remember when 8x AGP was better than $500 a pop and only the most fanatic gamers were willing to pay for it? Well, that's changed, as illustrated by the Digitimes article at the above link. It seems NVidia is gearing up for volume production of 8x AGP parts now, increasing their capacity by over 2 million parts per month. Price cuts on some of these parts have been recently announced and more will surely come in the next few months. Bloated inventories and falling DRAM prices will accellerate this trend.
Just thought you might like to look at how prices are driven down as time goes on and R&D costs are amortized.
Jack
Used your ATM today?
Check this out. ATM's are after all computers. Does make one think what happens when you stick your card in the machine.
Craigslist.org Founder Eyes Journalism - Yahoo! News
Craigslist.org Founder Eyes Journalism - Yahoo! News
If you haven't read Craigslist you should look at it. We had them on the show a few years ago. They are even up here in Anchorage now. Are they in your city yet?
Joe
If you haven't read Craigslist you should look at it. We had them on the show a few years ago. They are even up here in Anchorage now. Are they in your city yet?
Joe
Big Firms' Ad Bucks Also Fund Spyware
Big Firms' Ad Bucks Also Fund Spyware: Cash from blue-chip companies "drives much of the spyware polluting the Internet today," said Joe Stewart, a Lurhq Corp. security researcher who traced the attack back to the underlying ads.
We will ask our guest next Sunday about this.
Joe
We will ask our guest next Sunday about this.
Joe
Killer Downloads: Uninstall programs with confidence - CNET reviews
Killer Downloads: Uninstall programs with confidence - CNET reviewsUninstall programs with confidence You may be surprised to learn that when you use the Windows Add/Remove control panel to wipe out unwanted programs on your PC, it doesn't always get rid of everything. Parker picks three of his favorite uninstall alternatives to ensure that program folders, Registry keys, and files aren't left behind.
This is part of the reason I run RegCleaner all of the time.
Joe
This is part of the reason I run RegCleaner all of the time.
Joe
Exploit code chases two Firefox flaws | Tech News on ZDNet
Exploit code chases two Firefox flaws | Tech News on ZDNet Two vulnerabilities in the popular Firefox browser have been rated "extremely critical" because exploit code is now available to take advantage of them.
There are fixes out for them.
Joe
There are fixes out for them.
Joe
Sunday, May 08, 2005
OC Podcast 05-08-2005
This is the On Computers podcast for 05-08-2005. If you prefer, you can download the same file here via ftp.
Google Web Accelerator: Hey, not so fast - an alert for web app designers - Signal vs. Noise (by 37signals)
Just an FYI for those of you who have your own websites.
"..... Here’s the problem: Google is essentially clicking every link on the page — including links like “delete this” or “cancel that.” And to make matters worse, Google ignores the Javascript confirmations. So, if you have a “Are you sure you want to delete this?” Javascript confirmation behind that “delete” link, Google ignores it and performs the action anyway."
Very scary, some other concerns about the Google web accelerator, which I see nothings been mentioned about on the blog yet...
NEVAH forget privacy!
[UPDATE] from http://webaccelerator.google.com/
Thank you for your
interest in Google Web Accelerator.
We have currently reached our
maximum capacity of users and
are actively working to increase
the number of users we can support.
[UPDATE2] Google Hacked? I've not read the entire thing, but thought the relevance required an update.... Does THIS make you feel safer??????????
"..... Here’s the problem: Google is essentially clicking every link on the page — including links like “delete this” or “cancel that.” And to make matters worse, Google ignores the Javascript confirmations. So, if you have a “Are you sure you want to delete this?” Javascript confirmation behind that “delete” link, Google ignores it and performs the action anyway."
Very scary, some other concerns about the Google web accelerator, which I see nothings been mentioned about on the blog yet...
NEVAH forget privacy!
[UPDATE] from http://webaccelerator.google.com/
Thank you for your
interest in Google Web Accelerator.
We have currently reached our
maximum capacity of users and
are actively working to increase
the number of users we can support.
[UPDATE2] Google Hacked? I've not read the entire thing, but thought the relevance required an update.... Does THIS make you feel safer??????????
Live CD paradise
The Register has a short article with lots of links to various live CDs with security tools on them. Knoppix is there, of course, but there are lots of others and, frankly, many that aren't listed. Still, this is a great start for security work on compromised machines and, as we have stated in the past, a very decent toolkit for data recovery in the event a Windows machine goes TU.
Jack
Jack
Subscribe to:
Posts (Atom)