Samsung Unpacked Livestream Wednesday New Wordle Strategy Nest vs. Ecobee Thermostat Best Deals Under $25 Fitness Supplements Laptops for High School Samsung QLED vs. LG OLED TV Samsung Unpacked Predictions
Want CNET to notify you of price drops and the latest stories?
No, thank you

Week in review: Here comes the tax man

As Monday--aka tax day--sneaks up on us, more attention is being directed toward goods and music purchased online.

As Monday--aka tax day--sneaks up on us, more attention is being directed toward goods and music purchased online.

Online purchases from sites like and eBay may seem to arrive in a state of untaxed bliss. But the law actually requires shoppers to pay their own state's sales tax rate--the concept is called a "use tax"--and voluntarily cough up the exact amount owed each year at tax time.

Tax bureaucrats for years have lamented the difficulty of collecting use taxes on catalog and mail-order sales. Now, with online shopping growing rapidly and nearing $100 billion a year in consumer sales, tax collectors are adopting more aggressive tactics.

New York state has added a line to income tax returns requiring all residents to calculate how much they should pay on Internet, mail-order or out-of-state purchases. California has taken its thou-shalt-pay-up warnings to the Internet through banner advertisements on four newspaper Web sites.

CNET readers are not particularly pleased by the use tax.

"If they start enforcing this law, I personally won't buy anything on the Net," wrote one reader in's TalkBack forum. "After all, the only way they can enforce it is to audit people. So the end result will be that if you buy via the Net, you're just asking for an audit. That should be good for business."

Also, Internet shoppers accustomed to tax-free purchases from Apple Computer's iTunes Music Store soon may be in for an unpleasant surprise. State legislatures and tax officials, eager to find new ways to boost government spending and curb budget shortfalls, are eyeing the burgeoning market for digital downloads as a potentially lucrative source of revenue.

A CNET analysis shows that 15 states and the District of Columbia now tax downloads of music, movies and electronic books. Some high-tax states such as California do not levy the same charge on iTunes downloads, but that could soon change.

Is your state at risk for the "iTunes tax"? Democratic politicians in state capitals are more likely than Republicans to permit taxes on digital purchases of songs and movies. A CNET analysis of the states that tax digital downloads, such as those from the iTunes Music Store, shows that nine protax states have legislatures controlled by Democrats. By contrast, five of the protax states have Republican-controlled legislatures.

Fixing a hole
Microsoft released a "critical" Internet Explorer update that fixes 10 vulnerabilities in the Web browser, including a high-profile bug that is already being used in cyberattacks. The software giant sent out the IE megafix as part of its monthly Patch Tuesday cycle of bulletins.

In addition, Microsoft delivered two bulletins for "critical" Windows flaws, one for an "important" vulnerability in Outlook Express and one for a "moderate" bug in a component of FrontPage and SharePoint. Eight of the 10 vulnerabilities repaired by the IE update could be abused to gain complete control over a Windows computer running vulnerable versions of the Web browser. In all instances, an attacker would have to create a malicious Web site and trick people into visiting that site to hook into a PC.

Mozilla also made some revisions, releasing an update to its Firefox Web browser that fixes several security flaws and, as expected, adds support for Macs with Intel processors. The most serious bugs in Firefox could allow an outsider to commandeer a vulnerable computer, according to the Burning Edge, a Web site that tracks development of the open-source browser.

The vulnerabilities are fixed in version, which was released on Thursday.

Meanwhile, Oracle accidentally let slip details on a security flaw it has yet to patch. The business software giant is usually secretive about security and critical of researchers who publicly discuss flaws in Oracle products. But on April 6, the company itself published a note on its MetaLink customer Web site with details about an unfixed flaw.

Oracle confirmed the accidental posting. "Information regarding a security vulnerability was inadvertently posted to MetaLink," a representative for the company said. "We are currently investigating events that led to the posting."

Rogues beware
Pirates, typo squatters and tech thieves, beware. There's a new sheriff in town.

With that in mind, Windows Vista plans to offer you spiffy new graphics, as long as you're not a pirate. With the new operating system, Microsoft is offering plenty of new graphics tricks, including translucent windows, animated flips between open programs, and "live icons" that show a graphical representation of the file in question.

But before Vista will display its showiest side, known as Aero, it will run a check to make sure the software was properly purchased. The move is the latest salvo in Microsoft's broad attack on those who use unauthorized copies of its operating system. In the fall of 2004, Microsoft began testing the Windows Genuine Advantage program, designed to verify that a particular copy of Windows is legitimate.

Microsoft is also releasing a new tool that aims to take some of the annoyance--and risk--out of mistyping a URL when browsing Web sites. The company's Cybersecurity and Systems Management group released a prototype of Strider URL Tracer with Typo-Patrol version last week. The tool is designed to seek out and block mistyped versions of domain instead of, for example.

Typo squatters are companies that exploit slips of the fingers by registering for mistyped versions of popular URLs. Some typo domains are parking lots for pay-per-click and syndicated advertising, according to a Microsoft research paper published alongside the tool. The group's researchers found that a mere six services have a presence on between 40 percent and 70 percent of active typo domains.

Feel like you need more protection when you are surfing the Web--especially in public? An entrepreneur has rigged portable computers with a security measure that car owners have relied on for decades.

Randy Green has reconfigured Apple Computer's MacBook Pro so the computer's remote control can activate his security system. Coffee-shop computer users who get up for another latte can hit a button on their remotes and they will hear the classic car-alarm chirp that tells them their systems are armed.

Also of note
America Online apparently began blocking e-mail on its servers containing the Web address of a petition against the company's upcoming certified-mail program, an issue the company called a "glitch"...Google unveiled a free Web-based calendar application that is expected to heat up competition with Yahoo and Microsoft...Lenovo decided to sell its ThinkPad notebooks and new Lenovo 3000 series PCs at Best Buy, in the company's largest move into the U.S. retail market since it acquired IBM's PC business.