Phishy Google Toolbar

Facetime’s senior researcher Chris Boyd warned that two URL links are in circulation over instant messaging (IM) and internet relay chat (IRC) channels. Both links lead the nave to a page which, among other actions, installs and launches a phony Google toolbar, hijacks the Windows HOSTS file, and adds the anti-spyware program known as “World Antispy”. The toolbar, in connection with the rewritten HOSTS file, redirects most Google addresses and pops up a window asking for credit card information.

IMlogic, another IM security vendor, said in its alert that the IM side of the attack was limited to Yahoo Messenger users, and the hack was using some of the same vulnerabilities in Microsoft‘s Internet Explorer as the infamous CoolWebSearch, the broad name given to a line of sneaky software that has in the past been dubbed “the Ebola of adware”. This is the first known instance of a CoolWebSearch-style attack being propagated over an IM network.

October Patches

On 11 October 2005 Microsoft is planning to release:

Security Updates

8 Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. Some of these updates will require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer (MBSA) and the Enterprise Scanning Tool (EST).

1 Microsoft Security Bulletin affecting Microsoft Windows and Microsoft Exchange. The highest Maximum Severity rating for this is Important. These updates will require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer (MBSA).

Microsoft will release an updated version of the Microsoft Windows

Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.

Note that this tool will NOT be distributed using Software Update Services (SUS).

TechNet Webcast: Information about Microsoft‘s Security Bulletins

(Level 100) Wednesday, 12 October 11:00 AM (GMT-08:00) Pacific Time (US & Canada)

Mod chips ruled legal in Australia

After a protracted case involving a couple of appeals, the High Court of Australia today ruled that ‘mod-chips’ are not breaches of copyright. Sony had been trying to push the line that they were a technology used to breach copyright.

Initially the defendant,  Eddy Stevens, won the case in the Federal Court. Sony appealed and had the decision overturned. Stevens then appealed to the High Court and won.

All six judges of the High Court held that ‘mod-chips’ were legal.

The Australian Competition and Consumer Commission argued that Sony was using the copy control mechanism to erect artificial trade barriers between Australian and overseas games and DVD markets.

Region coding is a technology for segregating markets, not protecting copyright. Anything I can buy here I can get cheaper overseas. So if I pay for a genuine copy of a DVD in the USA why can’t I watch it? Why do I have to pay a higher price?

In the end, as always, it is about money. Sony doesn’t give a stuff about consumers. They just want to milk us for every dollar possible.

Halo – The Movie – God help us

Hot on the heels of Doom – The Movie comes an adaption of Halo.
Imagine the rivetting storylines.

The Oscar-winning creative team behind the “The Lord of the Rings” films, including director Peter Jackson, has been named to run the production of the upcoming film based on Microsoft‘s blockbuster “Halo” video game, the company said on Tuesday.

Is that to try and con people into watching it?

Jackson and his wife, Fran Walsh, will serve as the executive producers for “Halo,” which is targeted for worldwide release in mid-2007 by Universal Pictures and Twentieth Century Fox film studios.
The “Halo” movie will be shot in Wellington, New Zealand, and will use Jackson’s production and post-production facilities there.

Is it just me or are we all being treated like fools. I haven’t paid to see a movie in years. If the Studios want me to go to a movie they need to write some decent screenplays. Putting out a continuous stream of dross won’t get my ass on a chair.

Vulnerability found in Kaspersky AV

Kaspersky Labs on Tuesday confirmed that its anti-virus scanning engine was flawed, and said it was working on a fix. The Moscow-based security vendor also said a stop-gap measure, signatures for its software that will detect possible exploits, is already in place.

Monday, a researcher known for spotting bugs in security software disclosed one in Kaspersky’s AV engine that could be used by attackers to grab complete control of a PC protected by the company’s Windows products.

Kaspersky’s scanning engine can be tricked by malformed .cab files — a format used by Microsoft to hold compressed files on distribution disks and PCs — into causing a heap overflow, said Alex Wheeler.

Kaspersky claims to have added detection to its updates on Sept 29 and priomise a fix by the end of Oct 5

Yahoo announce Online Library

I posted a few weeks ago about Google’s library and their “opt-out” practices.
Yahoo and a group of others announced their own version. They have chosen an opt-in model.

The non-profit Internet Archive, libraries at the University of California and the University of Toronto and technology suppliers Hewlett-Packard Co. and Adobe Systems Inc. are among the founders of the group.

The organization, known as the Open Content Alliance (OCA), plans to create a unified storehouse of both public domain and copyrighted materials, hosted by the Internet Archive.

Google’s program only excludes material from publishers who contact it to “opt-out” — a policy that has drawn opposition from commercial publishers and led to a lawsuit by The Authors’ Guild and several of its member authors.

I look forward to both of these projects coming to fruition. The ability to find and read any book, at any time would be a remarkable thing.