ZDNet

by

Microsoft restores transfer rights for retail Office 2013 copies

Microsoft restores transfer rights for retail Office 2013 copies – ZDNET – Ed Bott

As part of its shift to a subscription model, Microsoft introduced a controversial “no transfer” restriction with Office 2013. Now, after an intense outcry from customers, the company has reversed course and agreed to allow users to transfer retail Office licenses between devices.

Thank you Microsoft coming through after the public outcry on the changes to the Retail licenses for Microsoft Office 2013!

Office 2013 now transferable – Microsoft’s Office News Blog

A couple weeks ago, I posted this blog to clarify the new Office 2013 licensing terms. Based on customer feedback we have changed the Office 2013 retail license agreement to allow customers to transfer the software from one computer to another. This means customers can transfer Office 2013 to a different computer if their device fails or they get a new one. Previously, customers could only transfer their Office 2013 software to a new device if their PC failed under warranty.

So what Retail Licenses are included:

Office Home and Student 2013

Office Home and Business 2013

Office Professional 2013

and the standalone Office 2013 applications.

Here’s the changed text in the license as noted on Office 2013 now transferrable posting at the Office News blog:

Updated transferability provision to the Retail License Terms of the Software License Agreement for Microsoft Office 2013 Desktop Application Software:

Can I transfer the software to another computer or user? You may transfer the software to another computer that belongs to you, but not more than one time every 90 days (except due to hardware failure, in which case you may transfer sooner). If you transfer the software to another computer, that other computer becomes the “licensed computer.” You may also transfer the software (together with the license) to a computer owned by someone else if a) you are the first licensed user of the software and b) the new user agrees to the terms of this agreement before the transfer. Any time you transfer the software to a new computer, you must remove the software from the prior computer and you may not retain any copies.

Again, I personally thank Microsoft and the Office Team for positively responding to the public outcry regarding the license change for the retail versions. I hope they will not be changing this in a future Retail versions of Office any time soon!

The closing comment by Jack Fark, Office Team on the article:

At Microsoft, we strive to make Office the very best product to help busy people and families get things done. A key ingredient in our formula for success is listening to our customers, and we’re grateful for the feedback behind this change in Office licensing. Thank you.

BOLD emphasis mine.

by

Bye Bye Google Plus

[tweetmeme source=”franscomputerservices” only_single=false]Some of you may have noticed I have removed my Google Plus account today. Others may think good riddance to another person who doesn’t get it.

But nothing could be further from the truth. I was one of Google’s real endorsers. But no more. Their real name policy has turned away many real people and that was never Google’s way before. So why now?

I have to say i loved Google. I generally don’t trust corporations online or off, but Google was one I thought and even through all this i really hoped they would turn this around and once again try to ‘do no evil’.

I guess the old saying is true — especially for corporations — Everyone has their price; even Google.

Sigh…

NOTE: see my last posting entitled A wave out to all my Google+ friends.

by

A wave out to all my Google+ friends

[tweetmeme source=”franscomputerservices” only_single=false]And other Google+ users who might soon be wondering where I went…

EDIT 9/6/2011: In the comments, I continue to add articles. I hope to have this be a pretty inclusive list of articles on this issue. If you know of one I have missed please feel free to leave a comment with the link. Thanks!

I have found that as much as I absolutely love Google+ the ‘social network’ — now known to be an ‘identity service’, I am leaving on 9/9 along with some others that have identified 9/9 as the day to leave. Hopefully it will have some impact even if it’s only a small overall number of users. But more than anything, I hope it will have a lasting impression regardless on how dangerous ‘identity services’ appearing to be ‘social networks’ can be.

Google has determined that Google+ aka Google Plus or G+ is to be an ‘identity service’ and that Google/Google+ require your real/common name not a pseudonym, pen name, stage name but only western style two name real/common names apparently.

Some may say so what. But others will know that this is a major issue and has been since Facebook started this trend. Here‘s my Google+ posting on this and this one reshared from Tom Anderson both which will be gone after 9/9.

Not to mention the fact that Google+ is linked to things like your GMail account, Google Search, Picasa, Youtube, Google maps/location data, Android apps purchases, and so much more — and even more of Google’s offerings as time goes on (and boy do they have a lot of social types of offerings or apps). And if you don’t like that and decide to leave G+, you are prompted to remove all, what they call connections to their ‘social apps’ linked to your G+ GMail account.

“Just go somewhere else” is a fallacy. The name policy stretches far beyond Google+, and here’s why. (Todd Vierling on Google+)

Here’s just a couple early articles the weekend when Google started arbitrarily disabling accounts:

Google+ and the loss of online anonymity by Matthew Ingram (GigaOm)

Update: Complaints mount over Google+ account deletions by Juan Carlos Perez (Computerworld)

Dutch researcher downloads 35 million Google Profiles (State of Search)

So what’s the big deal? First, it’s a great security risk for users. Especially normal/average users since many business users already have their ‘real’ name out there and it’s part of their branding. I actually am one who has done just that. Fran Parker is Fran’s Computer Services and this posting is on my Fran’s Computer Services blog. And technically Fran Parker is a common variation on my real name, but that is ‘allowable’ on G+ because it is how I am commonly known. Also, there is some arbitrariness about it all too. If disabled users can ‘prove’ who they are, or can ‘prove’ that they have a ‘valid’ reason for allowing the ‘pseudonym’ to those at Google/G+ who handle complaints or vetting of those who want to try to get reinstated, you can be back in their good graces.

However I am leaving Google+ — and don’t get me wrong — it would certainly benefit me to stay on G+ and let their new service benefit my business networking online. Instead, I am leaving Google+.

My name is Clo | My Name Is Me

My name is Albatross | My Name Is Me

Why? I am leaving because Google has decided to build G+ as an identity service — in some ways like Facebook, but not really since G+ is a public profile server — yes, you can hide nearly everything but your public posts or responses to public posts, your +1 (think: Facebook Like), AND you can’t hide your real/common name because they make that public — and Google has changed the rules on their services so they can now link you, by name, and even by what you put in the field for ‘also known as’, or ‘nicknames’ field, on every one of their services and boy do they have a lot of services. And if you don’t believe me, try this. Especially if you are a member of Google+, search on your name, particularly your Google+ profile name.

Will cyberthugs exploit Google Plus ‘identity service’ for spear phishing attacks? by Darlene Storm (Computerworld)

What’s the big deal, you say? Oh, nothing much accept that by doing this, they have made each and every one of us a bigger phishing, actually more like spear phishing, and/or unethical hacking/cracking target by linking everything we do or say online. For business users whose names are linked to their branding, they live with that day in and day out and it’s a major pain, but they made that decision to deal with that consciously at some point. But the average user? I don’t think the average or normal user needs or wants those types of hassles. OK, so maybe you say, So what? It’s a greater security risk for users. You can be targeted so much easier by linking so much about yourself online. And there is this to think about:

Google fined in Brazil for refusing to reveal bloggers’ identities (TheNextWeb)

OK, and if that wasn’t bad enough. By limiting the ability to use pseudonyms, stage names, pen names, non-English Western civilization name standards, etc., Google is cutting of their nose to spite their face. And some folks have been known by nothing else but a pseudonym, pen name or stage name online for as much as 20+ years, by the way. But that’s OK, they don’t really want to be everyone’s Google+ friend, they obviously just want to make more money.

Why do I say that? Because all of this linking is data they can market with, sell to others in corporations, governments, highest bidder, whatever — in aggregate form of course, like Facebook does. Facebook makes a bundle on this already and Google apparently wants a piece of that action…well a bigger piece. Besides they already know you. Now they are getting your permission to basically track you further, and use more of your data that you share with them….errr, enter on their services, like Google+.

Also, but many of us have been working against abuse of marketing crap since Steve Gibson created OptOut when he became aware of the crap that was going on in the early days of computing online on the Internet. Marketing which was more like spyware than benign advertising in the newspapers or magazines where they can’t track you!

OK, enough about that side of things. Now on to the other side. The discrimination, the arbitrary decisions to disable accounts and require proof of who they are or the changing of their ‘name’ to something more western or 1st world or whatever you want to call it … two name (first and last name) like western countries do. Which is not at all like real/common names in other parts of the world.

Also, some folks really do need to use a pseudonym, or alternative name, stage name, pen name …whatever you want to call it. And many people in this type of situation would rightfully feel this is a discrimination against women. Many women have been stalked, have had abusive spouses or coworkers/bosses or have spouses or jobs where it would be ‘inconvenient’ (like they could lose their job or their spouses job for them or their position), if they were not able to speak out anonymously through a pseudonym.

There are so many angles on this issue. It was wrong when Facebook did it and it’s even more wrong (if there is such a thing) for Google to do it. Why is it more wrong for Google? Because we have higher expectations of Google. They have always tried to ‘do no evil’ in the past and now they will be right in the middle of it. Was ‘do no evil’ only to get people to trust them? Like Apple with their ‘think different’ and revolution anti-big brother stance in their 1984 commercial? But all the time they had other plans?

If you are not familiar, and it would likely be easy not to be familiar if you are not on G+ aka Google Plus service or have friends that are. Since it is an invite only ‘field test’ at the moment anyway, many would be not involved. But many geeks, technicians, artists, artisans, journalists, etc. are on it to help improve it and try it out as the new kid on the block in social networking. I have been one of these folks for some time now. First with a pseudonym which was quickly squashed through either someone turning me in for having a pseudonym or their algorithm bot got me because the name was obviously not a real name, and after that was disabled, I decided to come back as my business name.

Here are some, and just a few really of the articles that address the issues better than I could ever do:

Understanding the Nym Wars (BoingBoing) with several links and some great commentary


A Case for Pseudonyms (EFF.org)


Google+ Identity Crisis: What’s at Stake With Real Names and Privacy (Wired.com)

Violet Blue: just one of her many postings about Pseudonyms on G+ and she has a legitimate gripe and one of her articles on ZDNet


“Real Names” Policies Are an Abuse of Power (danah boyd blog)

Tracking the Nym Wars (G+ Insider’s Guide)

On Pseudonymity, Privacy and Responsibility on Google+ – Kee Hinkley

Why It’s Important To Turn the Tide on Google’s Real Name Policy (Botgirl’s Second Life Diary blog)

Who is harmed by a “Real Names” policy? (GeekFeminism – Wikia.com) (and related Pseudonymity article).

Who is harmed by a “Real Names” policy?

This page lists groups of people who are disadvantaged by any policy which bans Pseudonymity and requires so-called “Real names” (more properly, legal names).

This is an attempt to create a comprehensive list of groups of people who are affected by such policies.

The cost to these people can be vast, including:

  • harassment, both online and offline
  • discrimination in employment, provision of services, etc.
  • actual physical danger of bullying, hate crime, etc.
  • arrest, imprisonment, or execution in some jurisdictions
  • economic harm such as job loss, loss of professional reputation, reduction of job opportunity, etc.
  • social costs of not being able to interact with friends and colleagues
  • possible (temporary) loss of access to their data if their account is suspended or terminated

The groups of people who use pseudonyms, or want to use pseudonyms, are not a small minority (some of the classes of people who can benefit from pseudonyms constitute up to 50% of the total population, and many of the others are classes of people that almost everyone knows). However, their needs are often ignored by the relatively privileged designers and policy-makers who want people to use their real/legal names.


Nymwars – Wikipedia

The icing on the cake was Eric Schmidt the recent but former CEO of Google stating this (guess he can say anything now, eh?):

Eric Schmidt: Google+ Is An Identity Service; User Your Real Name Or Don’t Sign On (Huffington Post)

Schmidt: G+ ‘Identity Service,’ Not Social Network by David Gerard (slash dot or /.):

David Gerard writes
“Eric Schmidt has revealed that Google+ is an identity service, and the ‘social network’ bit is just bait. Schmidt says ‘G+ is completely optional,’ not mentioning that Google has admitted that deleting a G+ account will seriously downgrade your other Google services. As others have noted, Somewhere, there are two kids in a garage building a company whose motto will be ‘Don’t be Google.‘”

And here’s one I missed that I just saw over at Google+ on Nom DeB‘s profile posts:

Google+ Can Be A Social Network Or The Name Police – Not Both by Bob Blakley at Gartner Blogs

Really all you need to do to find out more about this is to search on Google or any other search engine for any number of combinations of words in this article.

Now we even have a place for Google Refuges to be able to link up after they leave Google+.

EDIT: grammer/clarity and to add Bob Blakley’s Gartner blog article. Also almost forgot my TWEETMEME link, and Added Todd Vierling’s “Just go somewhere else” is a fallacy. The name policy stretches far beyond Google+, and here’s why.”

by

Newest MacDefender installs without password

[tweetmeme source=”franscomputerservices” only_single=false]Newest MacDefender scareware installs without a password (Computerworld)

Criminals ‘give Apple the finger,’ says security researcher, by releasing new version just hours after Apple warned of fake AV software

Joy…This just hours after Apple decided to finally help users defend against these fake AV scams, as well as provide a way to rid the Mac of the problem.

The article notes given the name of the new malware and the timing of its release, they definitely think it does seem like a reactionary message.

And the worst part … now no password needed. Or maybe the worst part will be the new spammer’s URL shortening scheme?

Spammers establish their own fake URL-shortening services (Help Net Security):

Under this scheme, shortened links created on these fake URL-shortening sites are not included directly in spam messages. Instead, the spam emails contain shortened URLs created on legitimate URL-shortening sites.

These shortened URLs lead to a shortened-URL on the spammer’s fake URL-shortening Web site, which in turn redirects to the spammer’s own Web site.


Mac malware authors release a new, more dangerous version (ZDNet):

Yesterday, 25 days after the Mac Defender malware began to appear in the wild, Apple finally responded. In a technical support note, “How to avoid or remove Mac Defender malware,” the company posted instructions for users to follow if they’ve encountered this malware specimen in the wild. It also promised a security update to remove infections automatically.

File that memo under, “Too little, too late.”

Yes….it does seem so.

If you want to keep your money Apple, you should be thinking about protecting your users a whole lot quicker than this from now on.

God help all Apple users, the gloves are off…be on your guard for MacGuard…

by

New Mac Malware – Is Mac no longer safer?

[tweetmeme source=”franscomputerservices” only_single=false]Update: 5/25/2011 – Updates to this posting from Computerworld and USAToday and Apple themselves in the form of a Support document to help users to remove the malware, and promise to provide a tool that will remove it and notify users if they attempt to download the malware. See details below.

With the equivalent of “Security Center 2011” now having a counterpart for the Mac called “MAC Defender, Mac Security, Mac Protector, or any number of knockoff names“, there is a lot of discussion as to how safe the Mac still is compared with Windows.

I have not seen any Windows variant of this type of malware that is as easy to remove from Windows as it is from the Mac.

Sure, Malwarebytes Antimalware will take care of it easily on Windows, even if you somehow are tricked through social engineering to click on it (it can get a little dicier depending on how far you let it get), but with the Mac, you just go to Applications, find Mac Defender and throw it in the trash and flush. What’s easier than that? Here‘s the full instructions in Bleeping Computer’s full removal instructions.

EDIT 5/25/2011 – IMPORTANT REMOVAL INFO: Apple has also now posted removal instructions including killing the process, removing the program, and stopping it from starting on boot, here. This was noted in Computerworld: Apple admits Mac scareware infections, promises cleaning tool and USAToday: Apple to issue Mac update to halt malware attacks, and Arstechnica: Apple acknowledges Mac Defender malware, promises software update, as well as likely other places on the web today.

The Computerworld article above notes:

Andrew Storms, director of security operations with nCircle Security, was surprised that Apple said it would embed a malware cleaning tool in Mac OS X.

“That’s new ground for Apple,” Storms said, pointing out that the move is a first for the company, which until now has only offered a bare-bones malware detection mechanism in Mac OS X 10.6, aka Snow Leopard, and then only populated it with a handful of signatures.

“Not only is Apple going to help customers remove [Mac Defender], but by doing so, they’re also admitting that there are security problems with Mac OS,” Storms said.

Even though it is very easy to remove, with Mac Defender out there, it does mean that malware, particularly on compromised websites, have begun to include other platforms. And you can bet others will follow. And they may not be as easy to remove.

So, does it mean Mac users should be installing Antivirus and/or Antimalware programs? I have, but according to the Wired.com article below:

Charlie Miller, a security researcher who has repeatedly won the annual Pwn2Own hacking contest by hacking Macs and iPhones, told Wired.com he doesn’t think so.

Ultimately, it’s up to the customer because there’s a trade-off involved. Anti-virus software will help protect your system from being infected, but it’s expensive, uses system memory and reduces battery life.

“Mac malware is still relatively rare, but is getting worse,” Miller said. “At some point soon, the scales will tip to installing antivirus, but at this point, I don’t think it’s worth it yet for most people.”

So how is this happening?

Browser choice and settings The first problem I see for Mac users is Safari and it’s settings. First for the same reason I rarely ever use Internet Explorer in Windows, I rarely use Safari on the Mac. Safari by default allows opening of files automatically after download. Bad move. This caused problems in the past with some ‘rogue’ Widgets a few years ago, but folks realized it was easy to fix this and turned it off under Safari preferences. With Safari open, Click Safari on the Menu bar, then click Preferences, on the first tab (General), at the bottom, untick Open ‘safe’ files after downloading. Personally, I prefer to use a variety of browsers, such as Firefox, Google Chrome, Opera for various things. Firefox and Chrome have some some great addons to help protect you. Opera has some as well.

Keeping programs up to date – Keeping Adobe Flash, Adobe Reader, and other addons/plugins, web browsers, and other software that touch the Internet up to date, as well as the operating system itself.

Paying attention The next biggest problem I see are people not paying close enough attention (regardless of their OS), and not familiarizing themselves with their OS as well as they could. This type of malware tries to replicate some sort of a security area on the OS to some degree and scare you into thinking they are finding malware on your system.

This type of malware requires you allow the installation.

On Windows computers, by clicking through the Administrator authentication box, and on the Mac by authenticating with your Admin password.

On Windows, way too many things ask for this kind of authentication (although it is better than it used to be), but on the Mac, which is more like UNIX/Linux in that regard, you are only asked when it could be a potential threat to the system like installing software that wants access to the system, or needs access to system areas. We should always be sure we know what is being installed and why before authenticating with our Admin password. Don’t have a password? Set one up under Accounts in the System Preferences today!

Search results People need to be able to tell the legitimate search results from the bogus ones that have managed to get into the top searches through Black Hat SEO technicques. If you don’t have a way to at least tell whether a site is good, bad or indifferent, it makes it so easy to click on the wrong one. There are programs that can help with this. They are not foolproof, use common sense as well. A free community based one is MyWOT and it works on Windows, Mac, and Linux. There are others that work on Windows as well from antivirus/firewall companies.

Keeping things cleaned up Having and using a temporary files cleaner. I run it after every single browser session, but every day or at worst case once a week would work as long as you don’t notice any issues or weirdness with your OS.

There is a good one for Windows called CCleaner (free and paid versions). For the Mac there are several available. I like MainMenu. It is not free, priced at $15 and a bit more for the Pro version. Main Menu is also available in the MacApp Store. Another favorite is free, OnyX.

You can find out more information about this “Mac Defender” malware in the following articles:

An AppleCare support rep talks: Mac malware is “getting worse” (at Ed Bott Microsoft Report on ZDNet (first article on it)

New Mac Malware Fools Customers, But Threat Still Relatively Small (Wired.com’s Gadget Labs)

Malware on the Mac: is there cause for concern? Ars investigates (Arstechnica)

Modern Mac owners need to ignore the dinosaurs and get protection (Hardware 2.0 at ZDNet)

Microsoft links fake Mac AV to Windows scareware gang (Computerworld)

Don’t Panic Over the Latest Mac Malware Story (SecurityWeek):

Now that we’ve established who benefits from Mac malware predictions — security companies and a certain type of IT professional — the second question is, do we care about the prediction that “serious” malware is coming to Macs? Only a little. It is true that Macs aren’t dusted with some sort of magic unicorn Unix-y pixie powder that makes it less vulnerable to security flaws than Windows. But it is equally true that the Mac remains a less risky platform than Windows because of the fewer strains of malware written for OS X. By “fewer” I mean 99% fewer: a hundred malware samples versus 50 million. The Mac also has a much less evolved malware supply chain. By “less evolved” I mean “nonexistent,” this one example notwithstanding.

And with that, I will close this topic for the time being…

EDIT added Bleeping Computer article on removal of Mac Defender and the last article from Hardware 2.0 at ZDNet and Microsoft links face Mac AV to Windows Scareware Gang at Computerworld and Don’t Panic Over the Latest Mac Malware Story at SecurityWeek.

by

Race Conditions aka TOCTOU and now KHOBE

[tweetmeme source=”franscomputerservices” only_single=false]There is a ‘supposedly new’ threat on the horizon for Windows XP users, and more so on multi-core systems called KHOBE (Kernel HOok Bypassing Engine).

Although this is a threat, it is not a new threat — in fact, this type of thing has been a threat to computing since 1998 when it was written about in PDF format: RaceConditions.pdf, and in 1996 in this PDF: racecond.pdf and many times since then in articles online about TOCTOU (noted below in this posting).

It definitely sounds pretty bad when it is reported that this ‘new’ KHOBE can bypass EVERY Windows security product in an article by the respected Adrian Kingsley-Hughes at ZDNet Blogs and as reported and tested by MATOUSEC here. And it certainly isn’t a non-issue…

However, let’s look at this objectively. First this is not the first, last or only situation that has or will arise. Race Conditions as noted above have been created by TOCTOU (Time of check to time of use) situations since the dawn of computing and yes, they are not easy to test for in all situations/hardware prior to release of software/Operating Systems, but these types of conditions have been a potential threat for a very long time in all kinds of software.

A time-of-check-to-time-of-use bug (TOCTTOU − pronounced “TOCK too”) is a software bug caused by changes in a system between the checking of a condition (such as a security credential) and the use of the results of that check. It is a kind of race condition.

Before Windows was capable of true multi-tasking/multi-threading, it was possible to create these conditions on UNIX machines as noted in this 2001 article at InformationWorld.

So, why the fuss now? Windows 7 is basically claimed to be immune — by its omission in the ‘affected Windows Operating Systems’ list. Apparently only Windows XP (ONLY about 60% of Windows users –eeek! — per Adrian Kingsley-Hughes article above), or earlier Windows OSes are affected and in this particular case, and then only by security software that use the KHOBE (Kernel HOok Bypassing Engine).

Graham Cluely at his Sophos Blog notes,

Because KHOBE is not really a way that hackers can avoid detection and get their malware installed on your computer. What Matousec describes is a way of “doing something extra” if the bad guys’ malicious code manages to get past your anti-virus software in the first place.

In other words, KHOBE is only an issue if anti-virus products such as Sophos (and many others) miss the malware. And that’s one of the reasons, of course, why we – and to their credit other vendors – offer a layered approach using a variety of protection technologies.

In addition, Paul Ducklin’s Sophos blog notes,

The security panic of the week is the widely-reported story of a “vulnerability” called KHOBE. One news headline goes so far as to announce that this “new attack bypasses virtually all AV protection”.

I disagree.

The sample “attack”, which claims to be an 8.0 earthquake for desktop security software, describes a way in which the tamper protection implemented by some anti-malware products might potentially be bypassed. Assuming you can get your malicious code past the anti-malware product in the first place, of course.

Much more in his blog entry. All of these links are must read if you wish to understand as much as is possible what the real threat is.

So, given all this, is the game over on security software because this is now disclosed to be possible (READ: it was always possible) — at least till they figure out how to prevent Race Conditions in security software?

Hardly. But due to the release of the information, this situation may make life interesting security-wise for Windows XP users (earlier Windows OSes like Win2K, Win98, WinME, WinNT shouldn’t even be on the net at this point for many reasons, the least of which is this situation).

So, if you are a Windows user what can you do in the meantime?

  • Keep your systems up to date
  • Make sure you have a hardware NAT or SPI Firewall/Router on your local network, and a software firewall in place and working properly and updated (if it’s a third party firewall – Windows Firewall is updated with your Windows Updates)
  • Keep your browsers up to date
  • Keep your browser plugins (Adobe products, Apple products, Java, etc.) and extensions (like Firefox’s AdBlock Plus, etc.) up to date
  • Keep all Internet facing programs (Adobe, Microsoft, etc.) up to date
  • Run your CCleaner (or other Temporary Files/Temporary Internet Files cleaner program) frequently (I actually run mine several times a day) – Fully close any browsers before running your ‘cleaner’ and then re-open it as needed after you run the ‘cleaner’
  • Make sure your antivirus software is updating as it should and doing its scheduled scans
  • Update and Run any cleaner software and secondary anti-malware programs (like Malwarebytes Anti-malware) at least once a week or more often and immediately if something seems odd on your computer
  • Don’t open suspicious emails, even from known senders
  • Be careful where you go on the Internet. Even some legitimate sites have been hacked
  • Be careful about links and friends on Facebook (if you haven’t deactivated your account yet), Twitter, LinkedIn, and other Web 2.0/dynamic Social Networking sites.

In short, do what you should always be doing to keep yourself safe. Because this isn’t over. It was always a possibility whether we were aware or not, and it will likely be a possibility for a long time to come.

You might also consider installing a preventative program like BillP’s WinPatrol on your system to make you aware of potential changes to your system. *See EDIT below for a note from BillP about WinPatrol and kernel hooks.

And as I noted earlier, the focus of this issue, at this time, is apparently Windows XP, but any operating system is vulnerable to this type of attack and always has been — and that is not likely going to change any time soon.

EDIT: Added the following comment from BillP who developed WinPatrol:

* Thanks! I’m honored by the mention.
It’s a great topic and mentioning WinPatrol is appropriate since I don’t use any kernel hooking to detect changes. Thumbs Up!

Bill

by

Facebook account deactivated today

[tweetmeme source=”franscomputerservices” only_single=false]

Well, today is the day.

As much as I love Facebook, and enjoy the ability to keep in contact with family and friends easily, I have deactivated my account today in protest of their stance on privacy and the apparent lack of concern for their users by changing to the opposite stance on user privacy. It has been one step, after another over the last year or so. Desensitizing users to the changes they have made by doing it slowly.

Facebook sees dollar signs where we users are concerned. They have deluded themselves into thinking that with all the family and/friends connectios, and simplicity of keeping in contact with our Facebook friends, that we won’t be able to stop, that we are now hooked…”we have you now” in Darth Vader’s voice.

Is it true?

Not in my case at least. I let my friends and family know what I was doing. They support and understand. Will any of them do the same thing? I hope so…

We need to stand together to disallow Facebook a pass on the changes from supposed concern for users and user’s security and privacy to what it is today … where they are saying we don’t care about privacy by default. That we only see the connections we can make to other sites?!?! Facebook is saying proudly that they are the next MySpace … “now we control all these users and connections, and you as users have no privacy. Privacy is dead.”

Can we prove them wrong?

===

Edit: added some links to help make your decision:

With Facebook’s security and privacy standards under fire from all sides, suffice it to say that this is not a good time for one of the company’s investors to fall for a Facebook phishing scam. (Facebook phishing scam snares company board member – CNET – May 10, 2010 8:42 AM PDT )

Comparing Facebook’s latest product modifications to deadly natural disasters is probably a little bit inappropriate, but the psychological reaction doesn’t seem all that different. The social network modified its policies for handling user data once again as part of its F8 conference and release of the Open Graph API, and ever since it became clear that more information is being set as public by default and more is being shared with third parties, concerned Facebook users have been on jittery alert, perhaps prone to overreaction, concerned that something even bigger may be about to change. (Understanding Facebook’s privacy aftershocks – CNET May 6, 2010 3:51 PM PDT)

Criticism of Facebook (Wikipedia.com)

Four senators are adding their voices to criticism that Facebook Inc. doesn’t do enough to give its 400 million users easier ways to protect their privacy online. (Senators turn up the heat on Facebook privacy issues – SFGATE.com – April 28, 2010)

More links on my blog post, Bye, Bye, Facebook, Bye, Bye… AND ALL OVER THE WEB! Just do a search on facebook privacy issues on any search engine and read it and weep.

by

Bye, Bye, Facebook, Bye, Bye

[tweetmeme source=”franscomputerservices” only_single=false]

***NOTICE***

BYE, BYE, FACEBOOK, BYE, BYE

This notice is to my friends and family on Facebook

After this weekend (only to give friends and family a chance to know what happened, I will be deactivating my Facebook account, and may ultimately be deleting it in the very near future if A LOT OF THINGS don’t change in the way that Facebook is ‘doing business.’

Facebook has a lot of gall to say Facebook users are not unhappy with their recent changes to Facebook privacy policy changes. I know many who are VERY unhappy with these changes, IF they even realize the changes being made.

To help folks realize what changes are being made, here are some links to do your own research:

Six Things You Need to Know About Facebook Connections (EFF)

Facebook security flaw makes private chats public (Network World)

Consumer groups hammer Facebook privacy violations in federal complaint (Macworld UK) – Facebook privacy violations stemming from recent feature changes

More EFF links over the last week or two on Facebook:

Facebook’s Eroding Privacy Policy: A Timeline

A Handy Facebook-to-English Translator

How to Opt Out of Facebook’s Instant Personalization

If you plan on maintaining your Facebook Account, you also might like to read the following article at ZDNet Blogs:

Contemplating FaceBook Hara-Kiri

by

Microsoft offers ‘fix-it’ workaround for Internet Explorer Zero Day Exploit

[tweetmeme source=”franscomputerservices” only_single=false]Ryan Naraine at his ZDNet blog has an article about Microsoft’s ‘Fix-It’ workaround for the Zero Day Internet Explorer Exploit.

Microsoft did not fix this with the ‘Patch Tuesday’ updates despite the fact that it was being actively exploited! Thankfully, they have now provided a workaround that I highly recommend folks take advantage of, especially if you regularly use Internet Explorer, or even use Windows but use Firefox or another browsers as your default browser.

As Ryan Naraine notes,

The workaround [e]ffectively disables peer factory in the iepeers.dll binary in affected versions of Internet Explorer.

The workaround, available here, comes on the heels of the public release of exploit code into the freely available Metasploit pen-testing framework.

The link goes to the Microsoft website for KB981374.

Microsoft, in that KB article, urges users to upgrade to Internet Explorer 8 because it is NOT vulnerable to this attack.

Of course those still running Windows 2000 will not be able to make use of that suggestion as they are stuck using IE6 and no recourse to fix this issue since it is ‘out of cycle’ now.

Windows 2000 users (or users of — God forbid! — earlier versions of Windows) should have upgraded, or should be actively taking steps to upgrade or replace their outdated operating systems ASAP.

The KB article has two sets of Fix-It buttons:

One to Disable/Enable peer factory in iepeers.dll

This disables peer factory in iepeers.dll” automatically to supported versions of Windows XP and Windows Server 2003 and the other to disable it.

The other set is to enable/disable DEP (Data Execution Prevention) automatically.

According to a Microsoft TechNet article, Microsoft is also considering an out-of-band emergency patch to Internet Explorer to correct the flaw.