Wednesday, November 29, 2006

Get Vista & Office for Free, Just For Watching Webcasts

Want a free copy of Windows Vista and Office 2007? Got a few hours to kill? More like 6 hours to be exact. If you don't mind jumping through a few hoops to get it Microsoft is offering up free copy's of Vista Business or Office 2007 Pro just for watching a couple of Microsoft propaganda videos.

All you've got to do is register at Power Together, and "participate in at least three (3) qualifying web casts and/or virtual lab sessions within 30 days of registration," and then, 6-8 weeks after that, you'll apparently get a real, licensed DVD in the mail. Skeptical yeah I was too, I didn't really want to throw 6 hours down the tubes for nothing. But I've seen the post on several well known sites as well as on Microsoft's own Channel 9 blog by Mark Brown, a Microsoft developer and platform marketing employee, who confirms that this odd website is his doing.

These webcasts aren't really meant for the average user, more so for programmers and the sort and they are dull and rather boring even to a technophile like me . Personally I was bored after the first one, which by the way was the shortest of the three I chose at a mere 54mins. However if in the end it means a freebie copy of the latest great Microsoft has to offer then what the heck, lets try it out.

**Please not the site is very slow today from experiencing high traffic, I recommend waiting a day or two to allow for some of the congestion to subside**

Sunday, November 26, 2006

Devastating mobile attack under spotlight

By Peter Judge, Techworld

All mobile phones may be open to a simple but devastating attack that enables a third-party to eavesdrop on any phone conversation, receive any and all SMS messages, and download the phone's address book.

The attack, outlined by a German security expert, would amount to the largest ever breach of privacy for billions of mobile phone users across the world. But it remains uncertain exactly how easy and how widespread the problem could be thanks to a concerted effort by mobile operators to muddy the issue while they assess its extent.

The official response of the mobile phone operators when asked about the threat is that the attack is phoney. But despite three days of inquiries by Techworld, none have provided any evidence that there is an adequate defence to it. One operator told us all its security experts were at a meeting in Denmark, although, oddly for mobile company employees, they were also incommunicado.

Wilfried Hafner of SecurStar claims he can reprogram a phone using a "service SMS" or "binary SMS" message, similar to those used by the phone operators to update software on the phone. He demonstrated a Trojan which appears to use this method at the Systems show in Munich last month - a performance which can be seen in a German-language video.

Phone operators use SMS messages to make changes to their customers' phone without user intervention. These changes can vary from small tweaks to an overhaul of the phone's internal systems. Hafner claims however that phones do not check the source of such messages and verify whether they are legitimate, so by sending a bogus message he is able to pose as a mobile operator and re-program people's mobiles to do what he wants.

"I found this on a very old Siemens C45 phone, and then tried it on a Nokia E90 and a Qtek Windows Mobile 2005 phone," said Hafner. "None of them authenticated the sender of the service SMS. We could not believe no one had found this possibility before us."

On all these phones, Hafner was able to launch an example Trojan called "Rexspy", which he says ran undetected. Rexspy copies all SMS messages to the attacker, and allows the attacker to eavesdrop on any phone conversation by instructing the phone to silently conference the attacker into every call.

However, Hafner's demonstration does not constitute proof - it was done with his own phones, which could have been prepared. Known software such as Flexispy does the same job as Rexspy, but has to be installed manually on a phone. Hafner has also refused to provide Techworld with a demonstration, claiming that he does not want the code put into the wild. Hafner has also put out a press release about his alleged discovery which heavily pushes his company's products.

Although unproven, Hafner's claim is simple to understand - as are the obvious security steps with which operators could prevent such an attack. Despite this, the operators have refused to discuss their strategy to prevent such an attack.

"We have been aware for some years of the potential for SMS's of all types to be subverted, and we are confident that have all the necessary measures in place to counter any such attack through our network," said a Vodafone spokesman who then declined to discuss what these measures are.

A spokesman for the GSM Association was equally unforthcoming: "It is impossible to tell from the information provided whether the claims are theoretically or practically possible or not. The GSMA's Security Group will look into the claims as a matter of course."

Orange said in a statement: "We take the security of our customers communications very seriously and are investigating the claims made by SecurStar regarding the capabilities of this Trojan Horse. Pending the outcome of this investigation, we are unable to comment on the validity of the specific claims that SecurStar have made. We can confirm that we have no evidence to suggest that any of our customers have had the security of their voice or SMS communications compromised using the mechanism SecurStar claim to be used by 'RexSpy'. Should our investigation show that there is any validity to the claims of SecurStar, we will take action to ensure that our customers are protected."

As those familiar with the details of the Watergate affair in the 1970s will recognize, the responses fit the classic pattern of a "non-denial denial".

"The telephone should ask who is sending a service SMS, and the operators should change the way they are sending these messages and put in signatures," said Hafner. The operators we have spoken to have refused to say whether they did this or not.

All operators have been keen to point out however that such an attack would be illegal. The GSMA warning that "if this were demonstrated in the UK it would be a serious criminal offence, which could be prosecuted under the Regulation of Investigatory Powers Act 2000 for over the air interception".

Hafner's eavesdropping Trojan is just a sample of what could be done, he says. It could cover its tracks by using a free number for the conference calls. "There's a further step I haven't demonstrated, but the Trojan has full access, so I can extract the contact details from the address list," said Hafner. "If I wanted, I could decide to reproduce service the SMS to all your contracts. This would transform the Trojan to a virus."

Security experts are skeptical, and question Hafner's motives: "Our experts believe that service providers should be able to block service SMSs coming from any unauthorized location because the communication would have to go through the official communication centre," said Carole Theriault, senior security consultant at Sophos.

SecurStar makes encryption software to scramble voice calls made on Windows Mobile phones, to prevent eavesdropping."It seems to me to be questionable that [SecurStar] would actually write a Trojan in order to market their product," said Theriault.

Friday, November 24, 2006

Madness on Black Friday isn't worth it

Michelle Singletary
The Washington Post

The madness has begun.

One man was shot when he refused to give up his wallet while standing in line to buy the new Sony PlayStation 3. Other shoppers across the country were crushed in the rush to buy the video game console that Sony shipped in limited supply to stores last week.

The ugly vignettes from the front lines of holiday shopping give a sense of what has become a holiday ritual. Change the toy or game or consumer item but the result is the same - shoppers get a little wild in their quest to either be the first to get something or get deep discounts.

And few days of the year offer a better picture of that rowdiness than Black Friday, the day after Thanksgiving.

Nearly a third of respondents - or an estimated 62.7 million adults - will go shopping sometime on Black Friday, according to a Consumer Reports holiday shopping poll. Black Friday traditionally is viewed as a time when retailers go from being in the red (unprofitable) to being in the black (profitable). During the Thanksgiving holiday weekend, many people will leave the company of their friends or families to go shopping, while others will bring the kids along and make hitting the stores a part of the holiday entertainment.

Although Black Friday signals a hallelujah for retailers, it doesn't for me. I want no part of a mall or any retail store from Thanksgiving Day to the Sunday afterward. But if Black Friday excites you, here are a few things you should know:

* The best bargains aren't necessarily on Black Friday. Retailers heavily market the day after Thanksgiving as the time you should get up and out to the stores before sunrise to be the first in line to get the best sales. Black Friday is frequently referred to as the busiest shopping day of the year.

But it isn't.

Last year, Black Friday did not even rank in the top five busiest holiday shopping days, according to a report issued recently by MasterCard Worldwide. The busiest shopping day is either Christmas Eve or the Saturday before Christmas. You have 31 days between Thanksgiving and Christmas to shop. The discounts aren't going anywhere.

* The early bird doesn't always get the worm. Black Friday has turned into Frustrating Friday for an increasing number of shoppers. That's because many stores offering deeply discounted items have only a limited number of those items on hand. So many shoppers go home frustrated. But the retailers still win. Once shoppers are in the stores, they'll likely buy something even if they don't find what they got up so early to purchase.

* That 10 percent discount can cost you. Retailers really put on the full-court press to get shoppers to sign up for their store credit card, often offering a 10 percent discount on that day's purchase or purchases. But don't do it. I know. It's hard to resist. Let's say you are buying a high-priced item for $1,000. You reason you can save $100, which is a pretty penny. But let's look at what that store card can cost you. First, credit cards offered by retailers typically carry a high interest rate - 20 percent or higher. And the stores are well aware that people promise to themselves that they will pay the bill off as soon as it comes in January. But many don't.

So let's say you can't pay off that $900. Cardholders now are typically required to pay at least 1 percent of their balance plus the interest charge. Under that scenario, with an interest rate of 20 percent your first minimum payment would be $23.85 with a starting balance of $900 (I didn't include a sales tax). Pay just the minimum and you end up with $1,108.32 in interest charges over 12 years. Puff. There goes your $100 savings.

OK, so what if you don't take 12 years. What if you find the money to make a lump-sum payment on the item but not until after making minimum credit-card payments for 10 months? In that case, you would have paid $143.54 in interest during the 10-month period.

And what if you do pay it off come January? Well, signing up for another credit offer can lower your credit score.

* Watch out for those no-interest/no-payment-for-six-months-or-a-year deals. Only the most disciplined of consumers should take advantage of these schemes. If you are just one day late in paying off the balance as part of a no-interest/no-payment offer, you will be hit with back interest, which is typically 18 percent to 20 percent or more. Lots of folks don't realize that the interest starts accumulating from the date of purchase, not when the interest-free period ends.

Respondents to the Consumer Reports' poll estimated they would spend an average of 13 hours shopping during the holidays. Retailers are giving people more and more time to buy.

A few retailers - CompUSA and BJ's Wholesale Club, for example - have abandoned the tradition of closing on Thanksgiving and are opening their doors. Other stores don't think customers can wait for sunrise to shop on the Friday after Thanksgiving, so their doors will be unlocked at midnight.

Perhaps, just so people can really shop with ease, retailers should have sleepovers. Sections of the store could be redesigned with private rooms with nice comfy beds and showers so their customers won't even have to go home.

Think I'm mad? It's only a matter of time.

© Washington Post Writers Group

Tuesday, November 21, 2006

FireFox Password Vulnerability Found

Severe Firefox vulnerability uncovered
By Percy Cabello

A vulnerability in Firefox handling of saved passwords has been announced today. The vulnerability allows Firefox to autofill saved credentials no matter where they are being submitted.

As shown in a test case attached to the relevant bug, as long as similar forms are published in the same web site credentials are retrieved. Robert Chapin, the original reporter, encountered this vulnerability while surfing around, the popular social web site. He visited a user’s profile and was prompted there with a web form resembling MySpace’s typical log on form. Since the form was hosted at MySpace, Firefox autofilled the fake form. A glitch in the fake web form alerted Chapin and saved him from a, somewhat trivial in this case, identity theft.

Users must me aware and act cautiously. Double check autofilled forms and don’t submit credentials from atypical locations, specially where another user may have edited the content such as a web forum post, user profile.

However if you prefer to stay in the safe side of this issue, you better disallow password saving in Firefox:

  • In the Tools menu, select Options…

  • In the Security page, uncheck Remember passwords for sites

I checked other browser and found that SeaMonkey 1.0.6 has the exact same behavior, which is no surprise having so much in common with Firefox. Internet Explorer 7 doesn’t automatically fills the fake form in the test case, but lists the credentials as if it was the real one. Opera 9.02 Wand, its password management tool, correctly differentiates them and doesn’t autofill the fake form.

Sunday, November 19, 2006

ResellerRatings launches new hot deal site

Dealighted.Com, launched this week. Created by the founders of and ResellerRatings , Dealighted.Com is a hot deal site which sifts through all new deal discussions posted to other top deal sites such as; Slickdeals, Fatwallet, Anandtech, and GottaDeal. Then the most liked or "hottest" threads are reported which keeps you from having to search several sites and hundreds of other deals just to get to the good ones.

Saturday, November 18, 2006

$20 off a $50 pay-pal purchase

This offer is available to new and current pay-pal customers so there is no need to open a new account. Persoanlly I think this deal will be best used at some of the merchant partners such as or others. A complete list can be found by clicking here!


Receive free shipping when you make a purchase using your PayPal account from a participating merchant. Participating PayPal merchants will be displayed on the PayPal Holiday landing page starting 11/23/06. Offers may be limited to shipments within the 48 contiguous United States. See merchants' websites for additional terms & conditions.

Receive a $20 USD Cash Rebate by registering for this Cash Rebate offer on and purchasing items in a single online payment of $50 USD or more using your PayPal account. To qualify for this offer, purchases must meet the following requirements: 1. Purchases must be made on, or on merchants' sites in the US or Canada. 2. and purchases must be made through the eBay checkout flow via the eBay website and must not be made through the PayPal send money tab. 3. Purchases must be made between 11/23/06 12:01 PST and 12/31/06 11:59 PST. The following transactions are excluded from this Cash Rebate offer: Send Money transactions, payments to Personal Accounts, eBay payments made to Personal accounts, donations, Text to Buy and payments for services. The Cash Rebate will be deposited into the participants' PayPal accounts within 6 to 8 weeks after 12/31/06. Limit one registration and one $20 rebate per person and/or PayPal Account.

Offer available for a limited time. Offer is limited to US and Canada registered users. PayPal conversion rates apply. PayPal account must be in good standing prior to and throughout the offer period to qualify.

PlayStation 3 debuts in North America, demand high

Some buyers will have a fun weekend, many won't
Martyn Williams November 17, 2006 (IDG News Service) -- A week after it first appeared in Japan, Sony Computer Entertainment Inc.'s PlayStation 3 console went on sale in the U.S. and three other countries today.

The console is likely to have immediately sold-out. Many stores stopped taking reservations weeks ago and the device is already selling for more than $2,000 on the eBay Inc. online auction site. That's about three times its U.S. retail price of $599.

Demand for the console is high because Sony is short of the blue-laser diode that sits at the heart of the console's Blu-ray Disc drive. Without the diode, the console can't be completed and problems starting up production of that part pushed Sony to scale back the launch.

There were supposed to be about 2 million PlayStation 3 consoles ready for the worldwide launch, but that figure was slashed to about 500,000 units.

It's not clear if Sony managed to even ship that many. The company said 100,000 of the consoles would be in Japanese stores for last weekend's launch but data from a recognized local gaming magazine said the PlayStation 3 sold-out on launch day with 88,400 units.

There were reports of sporadic violence across the U.S. and Canada, where it also launched, as people waited in line to snap up one of the consoles. The most serious reported incident happened in Putnam, Conn., where a man was shot while waiting for the console to go on sale. The man apparently confronted two armed men who were trying to rob those in line, according to news reports.

Dozens of police were called to Boston's Copley Place Mall after security guards lost control of a crowd of about 400 people today, The Boston Globe reported in its online edition, and a 19-year-old man was injured after running into a pole while racing others to get a place in a queue outside a Wal-Mart store in Wisconsin, said the Associated Press.

In Ottawa, Canada, one man was arrested for being intoxicated after a fight broke out at 2 a.m. Friday among people waiting for a game store to open, according to the Canadian Broadcasting Corp.

The console also went on sale in Hong Kong and Taiwan today. It will hit Europe and Australia in March 2007, according to Sony's current plans.

Tuesday, November 14, 2006

Review: Zune's fascinating potential

Microsoft's media player is sometimes compelling, and largely incomplete
David Haskin

Looking at Microsoft Corp.'s much-discussed, just-released Zune as just another media player misses the point. The player itself has its virtues, but it is clearly only one part of Microsoft's effort to replicate Apple Computer Inc.'s wildly successful iPod/iTunes media ecosystem.

While Apple has sold millions of iPods, their real value to Apple is how tightly intertwined the devices are with the iTunes music service and iTunes software. If you own an iPod and want to download music, you must use iTunes, which has sold more than a billion tracks in its relatively short life.

The Zune, which was released today, isn't yet a compelling enough device to pull many customers away from the iPod. But if you look at Zune in combination with the Zune Marketplace online store and the software that connects the device with the store, Microsoft's effort is more compelling. It's still a work in progress, but in a few ways it already equals and even surpasses the iPod/iTunes juggernaut.

Beautiful interface

Zune is, overall, a competent 30GB player that is particularly attractive in some areas, misses the target in others and strikes out entirely with one of its most visible features.

To start with the positive, Microsoft succeeded at something no other media player vendor has: It has created a graphical user interface that is, subjectively, as compelling as the iPod's. To do that, Microsoft took a minimalist approach, offering relatively few options but giving users fast, easy and eye-catching access to media.

The main menu offers the top-level options such as access to music, videos, images and FM radio (which is one of the few features the Zune has that iPod doesn't). To move through the list, you press the up and down arrow buttons in the circular central controller, then press the larger button in the middle to accept the option.

If you select music, for example, a list of all CDs appears on-screen with additional options, such as switching to a list of artists or genres, that are displayed horizontally at the top of the screen. You use the right and left arrow keys to cycle through those options. The end result is that you can move through a specific path of options a bit faster than you can with an iPod, which requires you to cycle through more separate screens. 2 pg3

Monday, November 13, 2006

Make Money Fast? Site Pays Bloggers For Product Reviews

By Antone Gonsalves, is offering bloggers up to $250 for reviews of advertisers products or Web sites. And, as part of a promotional offer, the company set aside $25,000 to pay bloggers to review itself.

"The $25,000 is almost used up, and we want to keep the promotion alive, so we're probably going to extend it," said Andy Hagans, president of ReviewMe,, on Friday.

The Web site launched on Thursday, and within 24 hours had lined up more than a thousand bloggers to review products in categories ranging from autos and books to real estate and sports, Hagans said.

ReviewMe joins privately held PayPerPost, which launched in July, in playing broker between advertiser and blogger. Among the differences in the two sites is that advertisers with PayPerPost dictate the kind of review or write-up they want. ReviewMe, on the other hand, requires that bloggers be allowed to write responsible reviews based on their honest opinion.

ReviewMe also requires bloggers to disclose that their reviews are paid for, while PayPerPost encourages the practice. PayPerPost, based in Orlando, Fla., has been criticized for not requiring disclosure.

ReviewMe pays bloggers from $20 to $250 per review, based on the reach of their blogs. To determine that, ReviewMe uses metrics gathered from online news aggregator Bloglines, blog search engine Technorati, and Web traffic tracking service Alexa. Bloggers are rejected if they don't meet a minimum requirement that ReviewMe doesn't disclose.

"If the blog doesn't meet a general threshold of at least having a significant amount of readers, than it doesn't have much value for the advertiser," Hagans said. "And even though the three measurements are inexact, it's better to get the numbers from third parties, rather than from bloggers, since they're prone to exaggerate."

Bloggers who cross the bar are placed on a list that advertisers browse in looking for a reviewer, who must agree to write a minimum of 200 words. Hagans believes advertisers will be served just as well by positive and negative reviews, because the latter will provide constructive criticism.

"No one is trashing advertisers, and they're still getting buzz in the blogosphere," Hagans said. "It's a low cost way to get feedback from people in your industry."

All reviews are checked to make sure they discuss the right product and meet the word requirement before they are posted. Advertisers are billed after the review is on the blog.

ReviewMe was in development for six months before the launch. The site was owned by Text Link Ads, which was recently bought by MediaWhiz Holdings.

49 Million U.S. Adults Notified Of Data Breaches

By Antone Gonsalves,

An estimated 49 million U.S. adults have been told over the last three years that their personal information has been lost, stolen, or improperly disclosed, a research firm said Friday.

Most of the notifications came from government agencies and financial institutions, according to a national survey conducted by Harris Interactive in October. While many of the respondents didn't believe there was any harmful result of the data breaches, a small but significant number thought they may have seen some damage.

More than one in five adults surveyed said some organization had notified them that their personal information was improperly disclosed. Among those adults, 48% were notified by a government agency, 29% by a financial company, and 12% by a commercial company. Other organizations that had made notifications included educational institutions (6%) and health-care facilities (5%).

Fully 81% of adults notified of trouble perceived nothing harmful happening as a result, Harris said. The remaining 19%, or 9.3 million people, believed they suffered harm. Within that group, 78% said either merchandise was charged in their name, or some kind of fraud was committed that cost them money. The remainder said cash was taken from their bank accounts, a credit card was taken out in their name, or someone posed as them to receive a government benefit or service.

Much of the damage suffered by victims was caused by friends and family, stolen wallets or purses, pilfered information from mailboxes or trash containers, and insider theft of personal data by employees of organizations, said Alan Westin, the Columbia University professor who helped design the survey.

Nevertheless, enough people were harmed through mistakes by businesses, government, and other types of organizations to warrant stronger data security measures to retain the trust of customers, members, and citizens, Westin said in a statement.

Spyware Threat Marches On

By Matt Hines
November 13, 2006

Despite having technology and procedures in place to prevent and remediate attacks from spyware, many companies still have difficulty stopping the threats, researchers report.

According to a new study published by Ponemon Institute, based on interviews of over 500 North American IT security professionals, a resounding majority of workers admit that their companies are still plagued by problems related to spyware.

Some 47 percent of respondents to the survey indicated that their companies are incapable of removing spyware from their networks once attacked, with 35 percent saying their employers cannot prevent many spyware infections in the first place.

Only 19 percent of study respondents indicated that their companies were effective at defeating spyware, with 40 percent of respondents claiming that their firms are able to ward off spyware attacks with frequent success, according to Ponemon, based in Elk Rapids, Mich.

Spyware programs typically attempt to hide inside computer systems in order to track users' Internet habits and provide data to advertisers. In addition, spyware is increasingly being built with the goal of stealing personal information so that the data can be used to commit identity fraud. Business are also dealing with a growing number of spyware programs that steal sensitive corporate data to sell off as valuable intellectual property or to demand ransom payments for the information's return.

According to the Ponemon report, organizations' failures to block and remove spyware cannot be blamed on a lack of effort. In fact, some 83 percent of study respondents said their companies had full-time anti-spyware initiatives in place. However, many of those initiatives appear consist only of attempts to improve workers' computing habits, or the use of anti-virus software to address the issue, as only 24 percent of representatives of those companies said they use security applications specifically designed to stop spyware.

Part of the problem in containing today's increasingly sophisticated spyware, including attacks in the form of rootkits, is that many firms believe that they have already sufficiently defended themselves, said Larry Ponemon, chairman of the research company and author of the report. While many packaged anti-virus products have added anti-spyware capabilities, those tools may not be doing enough to stop the attacks, he said, yet business executives do not appear to see the logic in bringing additional anti-spyware tools in-house.

Of the respondents who said their companies do not have stand-alone anti-spyware technologies in place, 39 percent said they believe their companies are not vulnerable to spyware attacks, with 26 percent saying that manual procedures remain adequate to detect or prevent spyware infections. Another 23 percent reported that the detection of spyware was not a priority for their companies' senior management, while 11 percent said such tools were too expensive.

Of the technologies being used to fight spyware, 48 percent of respondents said they are only using software that seeks out the attacks at the desktop level, while another 18 percent are using only network-based defenses. Only 21 percent of the companies involved in the research said they are using both types of applications, with 13 percent using no spyware-specific protections at all

Another serious problem is that many laptop computers become infected while outside of protected corporate environments. Without near-constant scanning this will allow the most sophisticated programs to slip through the cracks, Ponemon said.

Some 98 percent of companies with anti-spyware technologies in place listed firewalls as their primary line of defense in the survey, which is extremely problematic since most of today's attacks are written explicitly to exploit security vulnerabilities in firewall products, according to Ponemon.

"Several years ago when the spyware program was first widely publicized we saw a lot of firms spending money on tools to fight it, and a lot of those companies have not looked at spyware as a unique problem again since that time," Ponemon said. "We also see a challenge where many companies are viewing adware and other crimeware as unrelated issues, but the methods used by attackers have obviously brought all these elements together, and spyware has become much harder to stop."

Despite the lack of action on the part of these companies to block spyware, 64 percent of respondents to the survey said they do view spyware as a serious concern. By comparison, only 33 percent of IT workers surveyed said that adware was a serious threat.

Some experts have predicted that the inclusion of anti-spyware technologies in Microsoft's next-generation Windows Vista operating system, due out before the end of November, will cripple the market for providers of stand-alone applications. However, Ponemon said the findings of his report indicate that there very well could be a strong market for the products, as spyware attacks continue to arrive in more varied and complex formats.

"I think there will still be a market, even if we do see some consolidation in the anti-spyware space driven by Vista," he said. "The platform approach that integrates anti-spyware with other security technologies is likely the best model for end users going forward, but it's pretty clear that there is a long way to go in terms of convincing people to adopt the tools that are already out there."