Categories
Uncategorized

“Thank you for your visit” could mean you’re curious or just gullible

Lisa Vaas of eWeek has an article today on how nearly 500 people took the bait to ‘Click Here to Get Infected.’ It was as simple as setting up an innocent looking domain name (drive-by-download.info), one with an ‘.info’ suffix that is reportedly popular with malware providers, as noted in the article. If you managed to find the ad and click through, you received a “Thank you for your visit” message. Sounds innocent enough. 



“That was evidenced by the 409 people who clicked on an ad that offers infection for those with virus-free PCs. The ad, run by a person who identifies himself as security professional Didier Stevens, reads like this:


Drive-By Download
Is your PC virus-free?
Get it infected here!
drive-by-download.info


“Stevens, who says he works for Contraste Europe, a branch of the IT consultancy The Contraste Group, has been running his Google Adwords campaign for six months now and has received 409 hits. Stevens has done similar research in the past, such as finding out how easy it is to land on a drive-by download site when doing a Google search.”


In other words, be careful what you click on.


Although the site owner and the mock-site owner claims that no PCs were harmed, it goes to show that a significant number of people will click on ads or other interesting tidbits that have the potential harbour potential malware or malicious code. (In a related post, see “ani exploit via e-mail: you’d think hackers would know how to spell ‘Britney Spears’.)


You can read more about this on the site owner’s blog at http://didierstevens.wordpress.com/tag/malware/.


For more, see my past note on how there’s no immunity from security vulnerabilities.



Tags: , , , , , .

Categories
Uncategorized

BusinessWeek’s Wildstrom says the Sansa Connect is slick

Stephen H. Wildstrom of BusinessWeek applauds the new SanDisk Sansa Connect in this article, calling it a “slick Wi-Fi music player.” This new device integrates Yahoo’s subscription music service…



“The $250 Sansa Connect is the result of a collaboration among SanDisk, Yahoo!, and Zing Systems, which is responsible for the software and network infrastructure. The Connect, which is smaller than the standard hard drive iPod and bigger than the nano, has 4 gigabytes of memory, which you can double by adding a memory card. You download music to it—MP3s and copy-protected or unprotected Windows Media files—from a Windows PC. But the important advance is the device’s deft use of Wi-Fi networking.


“To get the best experience with Wi-Fi, you really need an all-you-can-eat subscription plan. The iPod/iTunes pay-per-song approach that forces you to sync with a PC just doesn’t cut it. Apple (AAPL) never believed its customers would spring for subscriptions, which is why there’s no Wi-Fi iPod. Even the upcoming iPhone, which will have Wi-Fi, won’t be able to download content from the iTunes Store over the air.


“It remains to be seen if Wi-Fi plus subscription can give SanDisk, Yahoo, and Zing traction against the iPod juggernaut. But I find the Sansa Connect a welcome addition to the field of music players.”


Cool. I am tripping down to the electronics store this weekend to take a look. Great to hear how the Connect works well with on-line photos, too (it can access Flickr).

Categories
Uncategorized

CNET interview with Ray Ozzie and his “quiet revolution at Microsoft”

No sooner do I talk about how Ray Ozzie is connecting with customers that I see this on CNET News today, discussing SilverLight at Mix and “about the company’s ongoing transition from the age of desktop software to a new era.”


Ozzie’s quiet revolution at Microsoft
Chief software architect Ray Ozzie says nearly everything Microsoft does will include an online services component.



There is this impression that Microsoft is protecting its turf when it comes to Web-based Office-style applications. You see Google doing it and start-ups like Zoho–and there are online ERP applications–and Microsoft hasn’t done that yet. But Microsoft could do it, so why don’t you?


Ozzie: People as far back as Desktop.com have done it. Well, I don’t know how to say it other than to say that we’re running a fairly significant business. Protecting implies setting up barriers–there are no barriers. These people are free to go take whatever solutions they want to put them in a browser. We believe–and I believe this deeply, I’ve been a desktop business for a while–that the deployment environment of using desktop tools on a PC is a really valuable one. Sometimes, just because you can doesn’t mean that you necessarily should. To the extent that there are scenarios that involve the Web that are very useful, we are going to go after those scenarios because it helps our customers–we got to stay focused on those customers.


We’re not going to be in a reactionary mode that just because somebody proves that something can be done, and it has some trade-offs, then we just immediately have to follow suit. I think that there are a lot of lessons they learned right now with those competitors of things that they’ve done that people just aren’t using, and things that they’ve done where people are actually using it in ways that they aren’t using desktop apps today. So I think that we are all learning from this and our product will end up in some hybrid form.

Categories
Uncategorized

Mary Jo Foley’s Daylight Saving Time Tips for Microsoft users

I had the pleasure of speaking today with ZDNet‘s Mary Jo Foley about the upcoming Daylight Saving Time change and her Tips for Microsoft users. She blogs that the change is about a one month away until the new Daylight Saving Time (DST) changes take effect in the U.S. and many other countries, and this was another good article calling attention to the change that seems to be getting more press. (Note that much of Europe won’t switch to European Summer Time until March 25th.)

As Mary Jo noted, Microsoft will start pushing out to Windows users a new update (KB 931836) needed “in order to keep their computer system clocks running on time.” You may’ve already downloaded and installed this currently ‘recommended’ update on Microsoft Update (KB 928388), as we first made it available just after the ‘fall back’ last year.

I noted this week that this new Windows OS update includes a bunch of late-breaking time zones: the new updates include the North American DST 2007 changes as well as other global changes, the change for Western Australia (KB 929120), and several additional changes that have occurred since KB928388 was originally released (such as Newfoundland) to the DST 2007 North American rules.

Turning on Automatic Updates (‘AU’ around the office) ensures that you receive these software updates from Microsoft when they are available next week.  You can configure Automatic Updates to download and install your updates automatically (as I do at home, to run after I go to bed), or you can set AU to download them and then prompt you to install them yourself. (To make sure you have Automatic Updates turned on, visit Microsoft Update).


A note for corporate users with WSUS and SMS: This new update (931836) is a cumulative rollup of prior updates plus additional changes, and will be published on Windows Update and WSUS as an Update Rollup next week on Feb 13th.  Because KB 931836 is an Update Rollup, it will also be available for scanning and deployment using ITMU, the Microsoft Update for IT used by SMS.  Customers who have previously deployed KB928388 and who are not in the newly updated time zone areas do not need to deploy this prior to March 12, but should ultimately roll this update into their environments to ensure complete and accurate time zone databases on all servers and PCs.


Also, there are a few news articles on the DST change that refer to our new site — including USA Today and Cleveland’s First Coast News — and general news coverage in Forbes, PCWorld News and the Houston Chronicle.


Tags: , , , , , . 297,241 & 530,585

Categories
Uncategorized

Daylight Saving Time site on Micorsoft.com: A new look and feel

New MScom DST 2007 SiteIt’s the end of another work week and guess what: it’s time once again to update our Daylight Saving Time 2007 Web page on Microsoft.com. (Please see http://www.microsoft.com/dst2007.)


What do you think?


As I noted previously, this public page on the Microsoft.com site will be revised regularly to include new product updates, compatibility information and links to Knowledge Base articles. This week we have a few new additions, including the latest February 2007 cumulative time zone update for Microsoft Windows operating systems (KB article 931836). 


And here’s an update on the quick search query on Live Search for DST in 2007: there’s now 280,783 results: that’s more than 100,000 additional results added in the last couple of weeks,  with more than 513,000 results (+100K) for DST alone. I’ll go out on a limb and estimate that we eclipse 1,000,000 by March 11, 2007.


In the news: As Dan Farber noted, “Research firm Gartner cautioned that infrastructure and application level disruptions are likely to occur, especially within calendaring, billing applications and security applications, as well as in handling travel and trading schedules, starting March 11.”


A repeat: someone asked me today if I would again provide the links of where to send your feedback on DST: here you go…



Whether you agree or disagree with the change to DST, what can you do? For starters, write your state and federal government officials and let them know: in the States, you can find more information on contacting your senators and representatives in DC by going to http://www.usa.gov/Agencies/Federal/Legislative.shtml. The EFF has a website to help you contact US policymakers: http://www.eff.org/congress/.


And remember: even though you may not live in the US or Canada where the changes will be felt, people around the world will be impacted, particularly companies with operations, offices, subsidiaries or connectivity to systems based in the US, Canada or Mexico. This change to US DST has a global impact, so if you live outside the US and Canada, consider contacting your own government officials and tell them what you think.


Tags: , , , , , , .