12 total posts
Microsoft trades Windows discount for piracy info
By Winston Chai, CNET News.com
Published on ZDNet News: March 3, 2005, 4:35 PM PT
Microsoft has extended its antipiracy olive branch to China, offering users of bootleg copies of Windows a 50 percent discount on a legitimate version if they come clean on how they got their pirated copy.
As part of a two-month promotion that started in February, the company is offering a Chinese version of Windows XP Home Edition and Professional Edition at 786 yuan ($95), and 1,270 yuan ($153), respectively. According to Microsoft's Web site, the two products normally retail for about $199 and $299.
To qualify for this offer, users with unlicensed copies of Windows installed on their machines need to complete an online form in which they disclose how they obtained the bogus software.
For example, they will have to specify whether their existing Windows packages were installed by an independent reseller, bundled with their PCs at the point of sale or purchased from street peddlers. A discount voucher will then be e-mailed to these users following their submissions.
Fixing a hole in security
By Robert Lemos, Special to ZDNet
Published on ZDNet News: March 3, 2005, 12:18 PM PT
Last year was a bad year for the Secure Hash Algorithm. This year has been worse.
A key technology used in digitally signing documents and programs, the Secure Hash Algorithm, or SHA, is used by U.S. federal agencies and by corporations. It's used to reduce long documents to a smaller unique digital fingerprint, or hash, which is then signed using public-key encryption.
Last year, researchers found holes in various techniques used to create the numerical fingerprints. Among the results was a successful attack against the first version of the SHA algorithm, SHA-0.
This year, two of the researchers responsible for finding that attack--Xiaoyun Wang and Hongbo Yu of China's Shandong University--teamed up with Yiqun Lisa Yin, an independent security consultant in the United States. Together, they broke the more popular version of the algorithm, SHA-1. The paper describing that break will likely be published in May.
SurfControl buys anti-spyware tools
By Dan Ilett, ZDNet (UK)
Published on ZDNet News: March 3, 2005, 12:48 PM PT
SurfControl is looking to claim a stake in the anti-spyware market. The London-based security company announced on Wednesday that it had paid $6.8 million for application security company Apreo's anti-spyware technology. The technology is set to feature in SurfControl's Enterprise Threat Shield (SETS), which will go on sale in April.
Security firm trashes customer e-mails
By Dan Ilett, CNET News.com
Published on ZDNet News: March 3, 2005, 4:13 PM PT
An e-mail security scanning company has accidentally deleted thousands of its customers' e-mails.
GFI, a Microsoft "gold certified partner," is offering free upgrades to all its customers, after it trashed their e-mails by sending out incorrect update information.
According to GFI, the problem occurred because of a change in BitDefender's technology, one of the products that GFI uses for its e-mail scanning.
"Unfortunately, some changes had been made to BitDefender," said Angelica Micalleff-Trigona, public relations manager at GFI. "We were not aware of this, and we did not foresee this problem. We are deeply sorry for what happened. It took us by surprise."
When the GFI MailSecurity update mechanism tried to install BitDefender updates on customer networks, the service started to delete all e-mails by default. BitDefender and GFI then rolled back the updates.
Anti-virus expert claims spyware does not exist
Reports of spyware's life have been greatly exaggerated, according to anti-virus expert Eugene Kaspersky.
Kaspersky, head of his self-titled company, claimed spyware has been around for years, and recent scare stories are simply the result of marketing men profiteering.
"The term spyware is basically a marketing gimmick," said Kaspersky on the company weblog. "Just to separate new ersatz-security products from traditional ones, just to push almost zero-value products to the security market."
According to Kaspersky programs now called spyware, in one form or another, has been around for years.
"The first malicious software designed to spy and steal confidential information was detected back in 1996 – the AOL password stealing trojans," he said. "Have we already seen other malicious programs which can be described as spyware? Certainly!"
Some industry watchers take a slightly different view.
Read more in SC Magazine
Website owners with .us domains can't shield their name
Wired News reported:
"The U.S. Commerce Department has ordered companies that administer internet addresses to stop allowing customers to register .us domain names anonymously using proxy services.
The move does not affect owners of .com and .net domains. But it means website owners with .us domains will no longer be able to shield their name and contact information from public eyes."
Read more in Wired News website, entitled Domain Owners Lose Privacy
Email security firm deletes thousands of emails
An email security scanning company has accidentally deleted thousands of its customers' emails.
GFI, a Microsoft "gold certified partner", is now offering free upgrades to all its customers after it trashed their emails by sending out incorrect update information.
According to GFI, the problem occurred because of a change in BitDefender's technology, one of the products that GFI uses for its email scanning. When the GFI MailSecurity update mechanism tried to install BitDefender updates on customer networks, the service started to delete all emails by default. BitDefender and GFI then rolled back the updates.
A BitDefender spokesman said: "We've learned our lesson. From now on we'll try to give more support to our integration partners. The other companies that integrate our scanning engine did not have the same problem."
A reader of silicon.com's sister site ZDNet UK affected by the problem says a GFI salesman told him the update had not been tested.
Complete article in Silicon.com
Related article: Aussies saved from security software glitch
"Customers down under have been saved from a bug in BitDefender that was responsible for trashing emails worldwide.
The fault came about because an update, which was sent from the company’s automatic upgrading server, was a little too rigorous in deciding which emails were too dangerous and wiped the lot.
However, according to the Sydney Morning Herald, the company’s Australian customers have mostly escaped the problem because their software was set to upgrade 24 hours later than the rest of the world."
The above is from The Inquirer
It's official: Spammers are hijacking ISPs
An email security company says it has found evidence that spammers are tricking Internet service providers into helping them evade anti-spam security measures.
ZDNet UK reported last month that spammers are using software tools that force virus-infected PCs to relay spam attacks through their ISP's own mail server. Traditionally, infected computers have been used as mail servers to send spam directly to recipients. But the new technique means the spam appears to come from the ISP itself, making it hard for an anti-spam blacklist to block the spam without also blocking legitimate mail from the ISP.
More in ZDNet
Tracking PCs anywhere on the Net
Published: March 4, 2005, 10:56 AM PST
By Renai LeMay
Special to CNET News.com
A University of California researcher says he has found a way to identify computer hardware remotely, a technique that could potentially unmask anonymous Web surfers by bypassing some common security techniques.
Tadayoshi Kohno, a doctoral student, wrote in a paper on his research: "There are now a number of powerful techniques for remote operating system fingerprinting, that is, remotely determining the operating systems of devices on the Internet. We push this idea further and introduce the notion of remote physical device fingerprinting...without the fingerprinted device's known cooperation."
The potential applications for Kohno's technique are far-reaching. For example, it could be possible to track "a physical device as it connects to the Internet from different access points, counting the number of devices behind a NAT even when the devices use constant or random IP identifications, remotely probing a block of addresses to determine if the addresses correspond to virtual hosts."
Microsoft takes a patch breather
Published: March 4, 2005, 8:59 AM PST
By Dawn Kawamoto
Staff Writer, CNET News.com
Microsoft plans to forgo its regular monthly patch release next Tuesday, after having taken the more unusual step of issuing a dozen updates in last month's release.
System administrators may appreciate the reprieve, after facing a broad swath of updates last month, eight of which were rated "critical," the company's highest severity rating. Critical updates included fixes for vulnerabilities in Microsoft's Office XP, Internet Explorer 6 and MSN Messenger.
"I suspect that Microsoft feels there is no need for a critical patch that needs to be pushed out," said Charles Kolodgy, an IDC analyst. "That's a good sign there is no need for critical patches every month."