Archive for February, 2006

Microsoft Has Confirmed Vista Info on Number of Versions

Microsoft has confirmed the info that was leaked last week from a page on Microsoft’s site about the number of versions of Winows Vista.

Microsoft has officially verified the editions for Windows Vista a week after the information leaked when it prematurely appeared on the company’s Web site.

Vista will have six core editions, four aimed at consumers and two aimed at the enterprise, says Neil Charney, Microsoft’s director of Windows product management. The consumer editions are Windows Vista Starter, Windows Vista Home Basic, Windows Vista Home Premium, and Windows Vista Ultimate; the business editions are Windows Vista Business and Windows Vista Enterprise.

The editions confirmed by Charney are the same ones listed on a Microsoft Web site last week, one the company said was being used for testing and offered “incomplete” information. The only difference between editions reported last week and the ones confirmed by Microsoft is that the starter edition–a stripped-down, low-priced version of the OS aimed at emerging markets–is branded with the “Vista” label. The Web site, which Microsoft shut down after its information appeared in published reports, said Starter would not have the Vista brand. Source: PC World.

Microsoft has said that they will be doing away with the Media Center version and rolling all of it’s features into the Home versions of Vista. They will also be includng the Sidebar, Sidebar is a bar that appears on the desktop that allows user to view information–such as news, stock prices, and weather — through mini-applications Microsoft calls Gadgets.

Symantec and Hotbar Settle Dispute

It appears the lawsuit between Symantec and Hotbar has been settled, they have come to an out of court agreement, in that, Symantec will drop the suit and continue to classify Hotbar as low grade dog food, er, I mean, low risk adware.

Hotbar’s programs allow users to add graphical skins to Internet Explorer, Microsoft Outlook and Outlook Express toolbars and also add its own toolbar and search button. Symantec says that these programs can enable the display of advertisements and track user’s online browsing habits, which can be used to display targeted ads.

Hotbar had repeatedly threatened to sue Symantec for classifying its programs as adware, said Joy Cartun, senior director legal affairs, for Symantec, in Cupertino, Calif. So in June 2005, Symantec filed its own suit with the U.S. District Court of Northern District of California, San Jose Division, to support its right to identify Hotbar’s programs as adware and to provide users with tools to remove the programs. Hotbar protested Symantec’s attempts to classify its files as adware.

Hotbar.com officials were not available for comment Friday morning. Source: ComputerWorld.

You go Symantec.

First Apple Virus?

Just read an article from Times Online about the first virus to attack the Apple’s Mac OS X operating system, it’s called the Leap-A, or Oompa Loompa virus.

The Leap-A, or Oompa Loompa, virus is a potentially malicious program that is disguised as a simple image file. Experts are worried that its discovery will prompt hackers to mount the first serious campaign againt Apple users.

The news is a blow to Apple?s reputation for security and to users of its Macintosh computers, which have long been regarded as far less vulnerable to virus attacks than PCs.

“Some owners of Mac computers have held the belief that Mac OS X is incapable of harbouring computer viruses, but Leap-A will leave them shellshocked,” Graham Cluley, senior technology consultant for Sophos, the web security firm, said.

I always thought it was funny how adament Apple users are about no spyware and no viruses, etc, I always thought that they were asking for trouble bragging about it so much.

The Leap-A worm spreads through Apple?s iChat instant messaging service, which is compatible with America Online?s popular AIM instant messaging program.

It is not considered a serious threat ? partly because Mac users have to activate it by clicking on a file ? but it can still disrupt the running of machines by stalling infected applications.

Sophos said that the program forwards itself to as a file called “latestpics.tgz” to contacts on the infected users’ contacts list. The file then disguises its contents with a JPEG graphic icon in a move designed to fool people into thinking it is harmless.

It may not be too deadly now, but it’s a start, and if Apple’s market share keep’s growing, it is bound to get worse.

Not Using Skype Yet?

Call ordinary phones anywhere in the world from your computer for the price of a local call with SkypeOut. www.skype.com. Skype is a little piece of software that lets you talk through the Internet for free. You can talk to anyone else on Skype, wherever they are in the world, and it won’t cost you a thing. Not bad, eh?

If the people you want to talk to aren’t on Skype yet, you can still make pretty cheap calls to landlines and mobile phones around the world using SkypeOut.

Here are the top ten reasons to use skype:

1) Call friends for free, no matter where they are in the world.
2)Download Skype for free, just takes a second or two to install.
3)With already over 60 million users, some of your friends are probably already using it.
4)Make long distance calls at local rates to landlines and mobile phone with SkypeOut.
5)Make sure you can be reached at all times with Skype voicemail.
6)Forward call to your mobile phone or home phone with SkypeOut.
7)Send instant messages when you don’t feel like talking on the phone.
8)Make conference calls for free with up to 5 people!
9)See if the people you want to call are online before you call.
10)Trasnfer files(really big ones)

If you’re not using Skype now, you will be soon, try it now for Free!

Oracle Buys HotSip, is Rebuffed by MySQL

A couple of interesting articles on News.com about Oracle today, here and here, the first, the have bought another software company that caters to big businesses.

Oracle has agreed to buy communications software maker HotSip, marking the database giant’s second acquisition in as many days.

The messaging technology from Stockholm, Sweden-based HotSip could potentially make it easier for Oracle business software customers to take advantage of telephone or computer instant-messaging features from within Oracle’s existing applications. Oracle announced the acquisition Wednesday.

In the past two years, Oracle has spent some $19 billion buying up rivals to grab a bigger share of the market for software aimed at big businesses that helps automate everything from human resources to accounting to inventory management.

The second, they offered to purchase MySQL, but were turned down by their CEO.

Oracle tried to acquire open-source database maker MySQL, an indication of the profound changes the software giant is willing to make as it adapts to the increasingly significant collaborative programming philosophy.

MySQL Chief Executive Marten Mickos confirmed the acquisition attempt in an interview at the Open Source Business Conference here but wouldn’t provide details such as when the approach was made or how much money Oracle offered.

He did, however, say why he turned down Oracle’s offer: the desire to keep his company’s independence. “We will be part of a larger company, but it will be called MySQL,” Mickos said.

Makes my hart feel good to see some of these “big shots” turned down, can you imagine if they sold to Oracle, soon everyone whould have to buy MySQL I’m sure.

Microsoft Announced Office 2007 Pricing

The software maker said they were loads of new features and no price increases.

Microsoft on Wednesday offered further details on the next version of Office, announcing plans for a new home version as well as new server-based products and a new high-end enterprise edition of the desktop suite.

The software maker also offered pricing details for some, though not all, of the new products. In general, Microsoft said both businesses and consumers should expect to pay about the same for the new Office as they have paid for past versions.

“We do not expect our customers to notice any significant change in our pricing,” said Parri Munsell, a group program manager in Microsoft’s information worker unit. Office Standard, for example, will sell for $399, while Office Professional will sell for $499. Also, as widely expected, the version formerly code-named “Office 12″ will be known as Office 2007 when it ships in the second half of this year. Source: News.com.

The biggest change is they are replacing the Student and Teacher edition with a $149 Home and Student edition, and that it is removing outlook from this version.

CSI Problems

No you’re not on the wrong blog, this is not about the TV show CSI. This is from Mark Minasi’s Windows Networking Tech Page Issue #53 for February 2006, in which he talks about his 28 Rules To Troubleshoot Any Network Problem. Lot’s of these are common sense type of stuff, and things technical people have already covered, but, as Mark says, it’s always good to have a refresher. This will also help some newbies and other people who haven’t learned all of the tricks of the trade yet. As always, Mark is a master of all things windows and never fails to teach me something good in everything I have ever read of his. And this quote below will help explain the title. Oh, and for all of you users out there, you should never assume anything and always try to be as correct as you can when answering questions from the technical support department.

Separate the C and Si Problems
I’ve solved a lot of network problems, but this one was a toughie.

“I’ve got a DHCP server that is delivering IP addresses to two segments. The systems on the same segment as the DHCP server are getting IP addresses with no trouble, but the systems on the other segment, none of them work!”

My first question (and probably yours, if you’re a network techie) is, “does the router between the two segments pass DHCP requests?” (In geek-ese, you may know that the other way to say this is “does the router support RFC 1542 BOOTP forwarding?”) Or alternatively, I ask, “is there a DHCP forwarder on the second segment?”

“Yes,” the person replies, explaining that the router passes BOOTP packets.

Hmmm. So what else might it be? Check IP connectivity — does the router block any particular port? If it’s in a network with an Active Directory and the DHCP server is on a 2000 or 2003 server, has that server been authorized in AD? No port blocks, and yes, it’s been authorized. That’s when I realize that it was a stupid question — if DHCP weren’t working, the first segment wouldn’t have IP addresses. Ah, but what if — a eureka moment! — somehow (1) the DHCP server hadn’t been authorized for the past six days and for some reason all of the systems on the nearby segment still had lease time left but all of the ones on the second segment had their leases run out earlier, and so were the canaries in the coal mine? So I tell the person to try to do an IPCONFIG /RENEW on one system on each segment. The one of the first segment succeeds, the one on the second doesn’t.

Ready for the answer? It’s simple: the guy had no idea what the heck BOOTP forwarding was, figured that his router guys must have allowed for that — after all, they did go to a CCNA boot camp — and just told me what I wanted to hear. In other words, it is always possible that the carbon-based parts of the network (“C” is the symbol for the element carbon) don’t report reliable information, and so the problem lay not in the silicon part of the network (“Si” is the symbol for the element silicon) but in the carbon component. To paraphrase Shakespeare, “the fault, dear Brutus, lay not in the chips but in the people.”

Don’t misunderstand me, I’m not saying that everyone lies or is incompetent. But I am saying that under stress people don’t always think as clearly as they should, and that network support people have had a lot of new things thrown in their laps in the past few years — remember when we “discovered” security in 2001, or that we all need database servers whether we want them or not in 2004? — without receiving a concomitant increase in staffing. We’re all just human. We make mistakes. Think about how we make silicon-based systems more reliable: we cluster them. The same thing works for carbon-based units: more eyeballs looking at a problem often make for a more quickly-solved problem.

And — this is important — remember that we techies tend to think of computer problems in terms of the silicon side sometimes more than we do the carbon side. In fact, sometimes we see the carbon side as being sort of minimal, and only relevant in a few cases. But if you sit back and think about most of the things that you have to fix, you’ll end up seeing that most of those problems have a carbon component that is at least as important as the silicon component. I mean, Trojans don’t write themselves, y’know?

We always referred to them as IO error’s, or Idiot Operator’s, but Mark’s is a lot more “PC”, or politically correct, hehe.

Traditional Fraud Transfering to Computer Fraud

In an article from seattlepi.com,

A federal grand jury in Seattle indicted a California man on two counts of computer misuse, alleging that he and two youths created an illicit computer network that jeopardized patient care in January 2005 at Northwest Hospital.

Christopher Maxwell, 20, of Vacaville, Calif., first compromised computer networks at California State University, the University of Michigan and the University of California-Los Angeles by exploiting their security lapses, according to the U.S. Attorney’s Office in Seattle.

At a news conference Friday morning, that office and the FBI said Maxwell and his unnamed co-conspirators incorporated those systems into a 13,000-computer network known as a botnet. The name refers to the use of penetrated computers as robots under the control of the network’s creator.

Maxwell and the youths are also accused of penetrating the computer network at Northwest Hospital in Seattle, a 187-bed, not-for-profit institution, where the invasion allegedly impaired patient treatment, delayed processing lab tests and surgery scheduling, and shut down computers in intensive-care rooms.

If convicted they could face up to 10 years of prison time and a $250,000 fine. The estimates cost to fix the hospital equipment was $149,000.

But what about the people who created the network? Shouldn’t they be involved in some kind of punishment? What kind of idiots place computers in intensive care rooms, or any hospital room really, on the internet to start with? Unless they connected to them through some other means, this was a bone head move to start with. I guess some computers could’ve been able to connect to the net and others not, but they if they are all interconnected in some way, then there’s a way to get this stuff on there, as well as industrious users who may have figured out that just turning on dhcp on the pc would put them online. I don’t know, but it seems hospitals should be a lot more careful than this one was.

FBI Special Agent Frank Harrill said that botnets have become “legion” throughout the country. In the first half of 2004, the number of botnets grew to more than 30,000 from less than 2,000, the U.S. Attorney’s Office said.

“We’re seeing the migration of what was once traditional fraud to the cyber area,” Harrill said.

NYU Hosting Spyware Workshop

Experts from academia, industry, government, and public interest advocacy organizations will examine spyware, computer software that gathers personal information about a user for marketing or other purposes. The panel will address questions about its nature, prevalence, perpetrators, harm, and victims.

The event is free and open to the public. For more information about the event, visit http://www.law.nyu.edu/ili/colloquia/spywareworkshop/. To RSVP, the public should contact Nicole Arzt at 212.998.6013 or arztn@juris.law.nyu.edu.

WHEN: THURSDAY, MARCH 16 Spyware in Context at 5:00-6:30 p.m. Speaker: Ed Felten, professor of computer science and public affairs, Princeton University.

FRIDAY, MARCH 17
‘State of the Problem’ at 9:00-10:45 a.m. Moderator: Helen Nissenbaum, associate professor, Steinhardt School of Education’s Department of Culture and Communication, and Senior Fellow, NYU’s Information Law Institute Panelists: Justin Brookman, New York State Office of the Attorney General; Mark Eckenwiler, U.S. Department of Justice; Eileen Harrington, Bureau of Competition Federal Trade Commission; Ari Schwartz, Center for Democracy and Technology

‘Motives, Incentives and Causes’ 11:15 a.m. – 1:00 p.m. Moderator: Lucas Introna, professor of organization, technology and ethics, Lancaster University
Panelists: Eric Allred, Microsoft; Markus Jakobsson, associate professor of informatics, Indiana University; Marc Rotenberg, Electronic Privacy Information Center; Tim Wu, professor of law, Columbia University

‘Solution Strategies’; 2:15-4:00 p.m. Moderator: Harry First, professor of law, NYU School of Law
Panelists: Ben Edelman, Student Fellow, Harvard University; Orin Kerr, associate professor of law, George Washington University; Ira Rubinstein, Senior Corporate Attorney, Microsoft; Ka-Ping Yee, doctoral student, UC Berkeley.

WHERE: Furman Hall, Room 212, 245 Sullivan Street New York University School of Law.

FTC Thinking of Exposing Adware Advertisers

The U.S. Federal Trade Commission is thinking of shaming advertisers who user adware to push their products to users,

The FTC would publicly announce and publish the name of a company that advertises using adware that installs itself surreptitiously on consumer PCs or by using spyware, Leibowitz said. He would recommend publicly shaming advertisers to the other FTC commissioners if the adware problem doesn’t decrease, he said.

This sounds like a great idea to me, one that should have probably been started a long time ago, let all the consumers who are buying these products know exactly who is funding all of these programs and popups. Without these advertisers, these programs would not exist, as they would have to actually create some worthwhile software to sell to make money, they could no longer leech it from someone else’s website.

“There are well-intentioned advertisers out there that do not understand where their ads are appearing,” Hughes said. “It is easy to shame those advertisers, but that does not solve the problem.”

The deeper issue, Hughes said, is the way online advertising is handled. Many companies let a third party take care of their advertising and that company may delegate even further, involving many people and companies before an ad gets placed.

This does not matter one bit, if you are going to advertise yourself or your product, then you should want to know where the ad’s are appearing, the merchant is ultimately responsible for their own brand.

Among those who have exposed advertisers is blogger Ben Edelman, a Harvard doctoral student and spyware expert.

AOL has a policy not to advertise using adware. To maintain that policy, the company has to keep close tabs on those companies that handle its advertising, Polonetsky said.

“If you simply rely on a policy that you announce or simply rely on a promise from your partner, you invariably will be burned,” he said. “In today’s networked world you have to do due diligence to ensure your brand does not show up in an offensive location.” Source: News.com

Exactly. Wayne Porter from Revenews.com states,

For a long time myself and many other anti-spyware colleagues have been “shaming” the companies who engage in dubious distribution practices with their ads. But I think it is a good idea. Consumers are slowly but surely catching on and they aren’t happy. As I pointed out at the Summit in San Francisco last year- where are the fan sites lining up to defend these companies? They are, as far as I can see, non-existant. Contrast that with say iPOD owners who advocate their fandom openly and with fervor.

Let’s get to the heart of the problem. Sleazy companies are there to take advantage of DEMAND. If there were no demand they could not exist. Many companies know, or their agencies and brokers know how this so-called sleaze advertising is going on. Cut to the heart of the problem. Put the spotlight on the companies and individuals that fund this activity and let the cards fall where they may. Flowers cannot grow without fertile soil.

A Scarlet Letter is a good first step (I suggest a J for Jerks), but I still feel some up tempo lawsuits from the FTC and private citizens will send an even more clear message that this activity can and will no longer be tolerated. The issue is becoming less grey and more black and white and that’s coming from a guy who specializes in greynets. Could the Crucible be coming?

I have a few other suggestions, but a big red J would work for me too.