January 31, 2006
From Computer World...
JANUARY 30, 2006 (IDG NEWS SERVICE) - Users of Advanced Micro Devices Inc.'s microprocessors may want to think twice before looking for technical support on the company's Web site. Customer support discussion forums on the forums.amd.com site have been compromised and are being used in an attempt to infect visitors with malicious software, an AMD spokesman confirmed Monday.
Yep - you read that right - the hackers are going after the geeks with more esoteric attacks. This is the WMF flaw coming back to bite those who haven't patched their systems yet... for whatever reason. (some of those reasons are good - but that doesn't help once you're system has been compromised)
Attackers have figured out a way to use AMD's forums to deliver maliciously encoded WMF images to visitors, which are then used to install unauthorized software on the unpatched systems, he said.
In this case, the software appears to be a number of different malicious tool bars. "Most of the tool bars show pop-ups, follow your search and other keyword activity, and use that to target ads to you," Hypponen said. "It's for-profit hacking. Somebody is making money from each machine that is hit by these tool bars."
Because of the nature of the WMF vulnerability, however, hackers could install any type of software they wanted on unpatched systems, he said.
Interesting and scary thought. Here you wanted some info on an AMD product and who knows what you've picked up! So far they're talking about toolbars... but I wonder if there were any more malicious payloads out there.
These attackers need to be seriously hurt... seriously.
I've just spent a good chunk of time moving my personal email over to Thunderbird. It's time consuming and annoying to make even minor changes like this. The nitpicky details of getting things set up the way I want them and making the rules work for distributing my email. You see... I have specific folders I like to use so I know who the emails are coming from. And even though I still overlook stuff - I "lose" less email in the mess of too many messages when I can distribute to different folders.
What I want to see is if their spam filter actually works.
I've been using the "evil" Outlook for a number of years. Some of this had to do with compatibility issues with my husband's work email. The rest had more to do with laziness than anything else. But in the last couple of months the spam has become intolerable. I spend more time deleting that than actually reading emails. It was either - get a filter for Outlook - requiring much research on what's available and pouring through reviews to see what problems people run into... OR I could try Thunderbird...
So here I am - messing about with my regular email when it occurs to me, I might as well mess about with my blog email too. Why not. I've never been very happy with Hotmail - I just don't like the interface... it's a personal preference. Plus it dawned on me that I have several available email accounts sitting around not being used. So, I created a new account - and thus you see the new and improved email addy on the right sidebar at the top.
I'll see how it goes - I may even try working it out so the sidebar account gets POPped directly to my new Thunderbird setup. If I like this enough - I may end up moving blog comments off gmail and putting them on this account too. But - one thing at a time.
January 30, 2006
As for the show...
I think Bou said it best...
Will the President's wife finally get a clue that he's a weasel and punch him in the face for being a condescending patronizing SOB towards her? (I frickin' hate that in a man. Blech.) The First Lady NEEDS to meet Chloe...
Oh yeah - I want to see Chloe out there with a gun again - that girl has what it takes. Let her give a few lessons to Mrs. President. And while we're at it - Martha Logan can slap her stupid assistant upside the head. (Well, she's either stupid OR has been in cahoots with Walt to take Mrs. Logan out of the picture.)
Now - can we cut the high school love story crap and get back to the mayhem... PLEASE!!!! Un-frickin-believable! My husband warned me that the action scenes are great - but the character interaction is way too juvenile.... how right he is!
Like Bou - I find it beyond credibility that Audrey would call Jack to chat about their love life when he's trying to stop terrorists from exploding nerve gas cannisters. (do the writers get this stuff by watching old reruns of Days of Our Lives?) Jack should've just hung up on her - why would he want to be anywhere near someone so stupendously self-centered? (Audrey - yeah I know that terrorists might kill about a million people any time now, but do you still love me Jack?.... ARG!!! Kill her!)
All in all - there hasn't been NEARLY enough action in the last 2 segments. It better pick up quick, cause this stupid stuff is going to drive me up the wall.
Oh yeah... last but not least...
Bou is right - Bauer and Buchanon - both day pass material. :-)
The NOdometer display shows the outstanding debt owed to the Social Security Trust Fund. Congress will have to raise taxes, reduce Social Security benefits, reduce other spending, or borrow more when it comes time to repay the Trust Fund--starting in 2017, according to the Social Security Administration.
Without reform, future taxpayers will be paying down the Trust Fund debt until 2041. But things don't just get better then. When the trust fund is finally paid off in full, Social Security will face annual deficits just under $400 billion (in 2004 dollars), relative to the benefits that it has promised. Under present law, Social Security would have to cut benefits across the board by about 25 percent. The only alternatives are raising taxes, cutting away entire government departments, or borrowing more money.
Something to consider when the Democrats start screaming about how Social Security reform is going to bring about a total collapse. Looks like we are well on our way to that point now - just by the stalling tactics being used to keep us from investing a miniscule amount of our own hard earned money for our own retirement. Heaven forbid we actually try to help ourselves - especially when we can see the coming train wreck of the current system.
Guess it all adds up.
January 26, 2006
OS X contains unpatched security flaws of a type that were fixed on alternative operating systems more than a decade ago, according to a security researcher credited with finding numerous bugs in Apple's increasingly popular platform.
So, the next time a Mac user laughs at you for being on a Windows platform (maybe even out of necessity)... you may want to tell them to keep an eye on their own systems instead of mocking yours.
"In my experience -- which is also the experience of some of my peers -- Apple has been very slow to respond to reported security vulnerabilities. It expects security researchers to wait indefinitely to release the vulnerabilities and offers no incentive for them to do so," said Archibald.
Apple's impressive security record is likely to be tarnished if the company continues to grow its market share while undervaluing security researchers and not properly auditing its code: "During the small time Suresec researchers spent auditing Mac OS X, many vulnerabilities like this turned up. Suresec is currently aware of many bugs which exist by default in the latest version of Mac OS X, on both the Intel and PPC Architecture."
Yep, just because you haven't heard about a bug - doesn't mean it's not there just waiting to pounce. Keep your eyes open Mac users. Learn how to deal with bugs and security patches or you may be sorry one day.
Jan. 24, 2006 (KRT News delivered by Newstex) -- SAN JOSE, Calif. -- Google announced that it is officially launching its services in China, a move that will require the Internet firm to subject itself to self-censorship.
Google is one of the last large U.S. Internet companies to officially set up shop inside China. The delay reflects months of internal wrangling over how to balance business interests against its distaste at having to comply with China's restrictive speech policies.
Oh they certainly are not alone, Yahoo is in China, Microsoft, News Corp... among others. All of them censoring items that the Chinese government decrees are off limits. They must, that's the only way you can do business in China.
This does make one stop to wonder... all of our search engine companies here in the US are bending right over for the Chinese government - this is something we know about and is publicly being bandied about. My question is... what is being censored over here? I know there are government censorship rules in place on things like bomb making... but it's a simple step from there, to censoring other things.
That's the problem. When you help a repressive government try to maintain it's iron fist over it's own people, you become tarred with the same dreck as those you are helping. It leads people to believe that you will cave in all aspects of your business. (unless of course you are talking about pornography... they won't cave on that one - well that's a relief...)
JANUARY 26, 2006 (COMPUTERWORLD) - The U.S. Federal Trade Commission (FTC) has imposed a $10 million civil penalty against data aggregator ChoicePoint Inc. for a massive data security breach that resulted in the compromise of nearly 140,000 consumer records last year (see "ChoicePoint to tighten data access after ID theft").
In addition to the penalty, which FTC Chairman Deborah Platt Majoras described as the largest ever levied by the agency, ChoicePoint has been asked to set up a $5 million trust fund for individuals who might have become victims of identity theft as a result of the breach.
As part of its agreement with the FTC, Alpharetta, Ga.-based ChoicePoint will also have to submit to comprehensive security audits every two years for the next 20 years.
Do have a look at what ChoicePoint did on it's way to giving out customer information to anyone who claimed to be a legitimate business...
In its decision, the FTC slammed ChoicePoint, saying that it did not have reasonable procedures in place to screen prospective subscribers and that it turned over sensitive personal information to subscribers whose applications raised obvious red flags. The FTC said ChoicePoint approved customers for its service who lied about their credentials and used commercial mail drops as business addresses. In addition, the applicants reportedly used fax machines at public commercial locations to send multiple applications for separate companies.
According to the FTC, ChoicePoint also failed to tighten its application approval procedures or monitor subscribers, even after it got subpoenas from law enforcement authorities alerting it to fraudulent activity that dated back to 2001.
While I'm assuming they have a firewall in place, you almost have to wonder why. They pretty much threw open the information to anyone who asked for it... and television commercials would have you worry about dumpster diving - good grief! Why go to the trouble of going through people's trash, when all you have to do is call ChoicePoint?
They deserved this penalty and far more! The 140,000 names that were disclosed last year as being compromised is simply the tip of the iceberg. I'm sure far more data has left their hands to go to the criminals before it became illegal to cover it up.
Now the question becomes, are they going to levy such huge fines against companies that try their hardest and are still breached? As current systems stand right now, it is impossible to be connected to the internet doing business, and be totally secure. Yes, ChoicePoint deserved it and the ruling will definitely make other companies look very hard at their security. But it remains to be seen if the real punishment will be reserved for those who simply ignore security in the quest for business, or if the penalties get tougher even for those who do all in their power to prevent data theft.
The last couple of days have brought us a frenzy of posts about an LA Times column by Joel Stein, wherein he proclaims to the world that he does NOT support our troops.
When I first stumbled across the story, I was going to blog it along with everyone else, but very luckily, I ran across this interview, wherein Hugh Hewitt shows us a pathetically ignorant Joel Stein. It's so bad, I realized that all I can do is laugh at this guy.
[note JS - Joel Stein... HH - Hugh Hewitt... just want to be clear]
HH: All right. Now who is your...this is a column about the troops that begins, "I don't support our troops." We'll get to the specifics in a second. But who is your closest family member or friend who is on active duty?
JS: That's an excellent question. I wouldn't say I have a very close friend. I would say only acquaintances. No family at all.
HH: All right. Now let me ask you a little bit about...have you ever been to one of the Naval...you know, one of the service academies? Annapolis, West Point, Air Force Academy?
JS: I have never been to any of the academies.
HH: And do you know anyone who went to any of them?
JS: Do I know anyone who...yes. Yeah, I have a cousin at West Point.
HH: You did. Did you think he was crazy?
JS: My cousin who went to West Point?
JS: No, not at all.
HH: What year did he go?
JS: My cousin's like six years younger than me. He has the exact same name as me, so hopefully, he's doing okay today.
HH: Where is he?
JS: He is serving here in the U.S. right now. I'm not sure where.
HH: Has he been deployed abroad?
JS: He has been deployed to Asia.
HH: Did you support him when he was in Asia?
JS: Um, support is an interesting word. Did I support him in Asia? Sure, he wasn't on active military duty. He wasn't fighting.[emph. mine --ed]
Okay, so maybe at the beginning of the interview he simply forgot about his cousin who is a graduate of West Point. I guess I could see how that could happen. After all I have about 50 cousins. I have no idea what any of them do for employment and I seldom think about them.
However, anyone who is so badly informed that he doesn't know the difference between "active duty" and "combat duty"... well, I just can't take him seriously. Why should I care what this guy thinks about the Armed Services when he so obviously knows nothing about it? Why should anyone buy this newspaper to acquire information when the columns they print are written by people who haven't even got enough knowledge of a subject to answer basic questions?
As I noted in Sissy's comments, it's possible that the LA Times hired Stein to show that they don't discriminate against the mentally incompetent in their hiring practices. The problem is that they should have given him a less conspicuous job. After all, if this is the level of knowledge that is standard for LA Times writers, the only reason they can publish a paper is because they can string words together into sentences. They certainly don't understand their subject matter.
We shouldn't be surprised though. In an age where our news people think that "fake but accurate" is just fine, who needs facts about a subject? The only thing that counts is how you "feel" about it. Right?
UPDATE: After reading the Joel Stein ramblings - go read this interview Hugh Hewitt had with Jonathan Alter. Alter has quite clearly done some homework! I have not studied the Federalist Papers - so I don't know who is closer to being right here, but the main point is - you CAN make the effort to educate yourself so you don't sound like a complete imbecile when you are asked questions.
Plus - these are NOT simple questions being thrown at Alter - this is very esoteric stuff. I commend him for looking into the history of the matter and for trying (short of being a law professor) to figure out these things based on the history of our country.
74 queries taking 0.0769 seconds, 277 records returned.
Powered by Minx 1.1.6c-pink.