Nerdy News Blog From A Geek To Go!

Striving to deliver a daily dose of the techie trials and tribulations on a 'Need 2 kn0w' basis. U kn0w wh0 u r!

Tuesday, June 30, 2009

Online Safety for Kids webinars

A Geek To Go!

is currently in development of a series of webinars (think web + seminar!) featuring video, animation and Powerpoint presentations that will run online every Saturday, starting in mid-summer. The webinar lasts a little over an hour and is completely free to the first 1,000 registrants. We'll teach parents how to keep your kids safe online by discussing social networking sites, chat rooms, instant messaging, cyberbullying, porn, games, violence, viruses and spyware. We'll show you where to go online to get more information on online safety, plus sites where you can download free security tools to protect your computer. It's a completely interactive seminar that allows you to chat live through a toll-free phone number or via a chat box on your screen to ask questions. Stay tuned to this blog for more updates and schedule postings!

Monday, June 22, 2009

New Facebook Virus!

Look out, a new FB virus is on the rampage courtesy of Yvette Huggins. Don't click on http://rosetours.com/privatetube/

Friday, June 19, 2009

Jury rules against Minn. woman in download case

MINNEAPOLIS – A replay of the nation's only file-sharing case to go to trial has ended with the same result — a Minnesota woman was found to have violated music copyrights and must pay huge damages to the recording industry.

A federal jury ruled Thursday that Jammie Thomas-Rasset willfully violated the copyrights on 24 songs, and awarded recording companies $1.92 million, or $80,000 per song.

Thomas-Rasset's second trial actually turned out worse for her. When a different federal jury heard her case in 2007, it hit Thomas-Rasset with a $222,000 judgment.

The new trial was ordered after the judge in the case decided he had erred in giving jury instructions.

Thomas-Rasset sat glumly with her chin in hand as she heard the jury's finding of willful infringement, which increased the potential penalty. She raised her eyebrows in surprise when the jury's penalty of $80,000 per song was read.

Outside the courtroom, she called the $1.92 million figure "kind of ridiculous" but expressed resignation over the decision.

"There's no way they're ever going to get that," said Thomas-Rasset, a 32-year-old mother of four from the central Minnesota city of Brainerd. "I'm a mom, limited means, so I'm not going to worry about it now."

Her attorney, Kiwi Camara, said he was surprised by the size of the judgment. He said it suggested that jurors didn't believe Thomas-Rasset's denials of illegal file-sharing, and that they were angry with her.

Camara said he and his client hadn't decided whether to appeal or pursue the Recording Industry Association of America's settlement overtures.

Cara Duckworth, a spokeswoman for the RIAA, said the industry remains willing to settle. She refused to name a figure, but acknowledged Thomas-Rasset had been given the chance to settle for $3,000 to $5,000 earlier in the case.

"Since Day One we have been willing to settle this case and we remain willing to do so," Duckworth said.

In closing arguments earlier Thursday, attorneys for both sides disputed what the evidence showed.

An attorney for the recording industry, Tim Reynolds, said the "greater weight of the evidence" showed that Thomas-Rasset was responsible for the illegal file-sharing that took place on her computer. He urged jurors to hold her accountable to deter others from a practice he said has significantly harmed the people who bring music to everyone.

Defense attorney Joe Sibley said the music companies failed to prove allegations that Thomas-Rasset gave away songs by Gloria Estefan, Sheryl Crow, Green Day, Journey and others.

"Only Jammie Thomas's computer was linked to illegal file-sharing on Kazaa," Sibley said. "They couldn't put a face behind the computer."

Sibley urged jurors not to ruin Thomas-Rasset's life with a debt she could never pay. Under federal law, the jury could have awarded up to $150,000 per song.

U.S. District Judge Michael Davis, who heard the first lawsuit in 2007, ordered up a new trial after deciding he had erred in instructions to the jurors. The first time, he said the companies didn't have to prove anyone downloaded the copyrighted songs she allegedly made available. Davis later concluded the law requires that actual distribution be shown.

His jury instructions this time framed the issues somewhat differently. He didn't explicitly define distribution but said the acts of downloading copyrighted sound recordings or distributing them to other users on peer-to-peer networks like Kazaa, without a license from the owners, are copyright violations.

This case was the only one of more than 30,000 similar lawsuits to make it all the way to trial. The vast majority of people targeted by the music industry had settled for about $3,500 each. The recording industry has said it stopped filing such lawsuits last August and is instead now working with Internet service providers to fight the worst offenders.

In testimony this week, Thomas-Rasset denied she shared any songs. On Wednesday, the self-described "huge music fan" raised the possibility for the first time in the long-running case that her children or ex-husband might have done it. The defense did not provide any evidence, though, that any of them had shared the files.

The recording companies accused Thomas-Rasset of offering 1,700 songs on Kazaa as of February 2005, before the company became a legal music subscription service following a settlement with entertainment companies. For simplicity's sake the music industry tried to prove only 24 infringements.

Reynolds argued Thursday that the evidence clearly pointed to Thomas-Rasset as the person who made the songs available on Kazaa under the screen name "tereastarr." It's the same nickname she acknowledged having used for years for her e-mail and several other computer accounts, including her MySpace page.

Reynolds said the copyright security company MediaSentry traced the files offered by "tereastarr" on Kazaa to Thomas-Rasset's Internet Protocol address — the online equivalent of a street address — and to her modem.

He said MediaSentry downloaded a sample of them from the shared directory on her computer. That's an important point, given Davis' new instructions to jurors.

Although the plaintiffs weren't able to prove that anyone but MediaSentry downloaded songs off her computer because Kazaa kept no such records, Reynolds told the jury it's only logical that many users had downloaded songs offered through her computer because that's what Kazaa was there for.

Sibley argued it would have made no sense for Thomas-Rasset to use the name "tereastarr" to do anything illegal, given that she had used it widely for several years.

He also portrayed the defendant as one of the few people brave enough to stand up to the recording industry, and he warned jurors that they could also find themselves accused on the basis of weak evidence if their computers are ever linked to illegal file-sharing.

"They are going to come at you like they came at 'tereastarr,'" he said.

Steve Marks, executive vice president and general counsel of the Recording Industry Association of America, estimated earlier this week that only a few hundred of the lawsuits remain unresolved and that fewer than 10 defendants were actively fighting them.

The companies that sued Thomas-Rasset are subsidiaries of all four major recording companies, Warner Music Group Corp., Vivendi SA's Universal Music Group, EMI Group PLC and Sony Corp.'s Sony Music Entertainment.

The recording industry has blamed online piracy for declines in music sales, although other factors include the rise of legal music sales online, which emphasize buying individual tracks rather than full albums.

Wednesday, June 17, 2009

Google for Kids: SAFETY

What is KidRex and how does it work?

www.kidrex.org

KidRex is a fun and safe search for kids, by kids! KidRex searches emphasize kid-related webpages from across the entire web and are powered by Google Custom Search and use Google SafeSearch technology.

Google's SafeSearch screens for sites that contain explicit sexual content and deletes them from your child’s search results. Google's filter uses advanced technology to check keywords, phrases, and URLs. No filter is 100 percent accurate, but SafeSearch should eliminate most inappropriate material.

In addition to Google SafeSearch, KidRex maintains its own database of inappropriate websites and keywords. KidRex researchers test KidRex daily to insure that you and your child have the best web experience possible.

We do our best to keep KidRex as up-to-date and comprehensive as possible, but inappropriate sites will sometimes slip through the cracks. If you find websites containing offensive content in your results, please visit our webpage removal request tool to tell us about the site you found.

While KidRex is not an 100 percent full proof way to keep kids from bad or malicious sites, we think it's a good start. For more pointers on keeping your family safe on the web, please read KidRex's Tips for Online Safety.

Tuesday, June 16, 2009

Will Microsoft's Free Antivirus App be Worth the Price?

From PC World

Frank Ohlhorst

Jun 11, 2009 11:37 am

Will Microsoft's Free Antivirus App be Worth the Price?Microsoft is getting ready to offer Windows users a free antivirus product (code name Morro), something it should have built into one of its operating systems a long time ago. But, of course, Microsoft never makes things simple. So the big question is will Morro be worth the price?

Microsoft's goal is to offer the antivirus product as a hosted service, which is very different from what users have come to expect, especially when the word "free" is attached to the term "antivirus." After all, Grisoft and Avast have offered free versions of their antivirus products to PC users, and those free products are of the traditional download and install nature.

Microsoft says Morro will be released as a public beta "soon." There is no word on the final release. The big question here becomes will users entrust their security to Microsoft and what may be a half-baked beta product?

It is worth noting that Microsoft is claiming that "Morro" will be more than just a dedicated antivirus product. Microsoft is wrapping the term "real-time anti-malware" around the service. Morro will work by routing all of a users Internet traffic to a Microsoft datacenter, where the Morro application will process the traffic and identify and block malware in real time, by examining all of the rerouted traffic. That will give Morro a leg up on the free competition. The free products from Grisoft and Avast are merely antivirus products and don't address real-time malware threats.

By keeping Morro free, Microsoft has a lot to gain. First off it will help to sell Windows 7 when it hits the market in October. That will give Windows 7 the perception it has anti-malware technology built in (albeit, as a service). Secondly, Microsoft can use Morro as an avenue to force users to patch their systems -- quickly eliminating security flaws that are regularly discovered.

Finally, Morro will help Microsoft to build better products in the future, by being on the leading edge of malware protection. This helps Microsoft gain insight into how malware develops, spreads and infiltrates systems.

Of course a lot of questions remain about Morro. Questions that will need to answered quickly if Microsoft aims to succeed in the hosted antimalware area.

* Will Morro remain free forever?

* What user information will Microsoft gather with a Morro service?

* Will the service still protect when a user is not connected to the web?

* Will Microsoft keep the service as up to date as competing products?

* Will Morro be available for all Microsoft OSes?

* Will Morro noticeably impact performance?

Once there are solid answers to those questions, many will wonder what all of this will mean for the antivirus software market. Will a free security service from Microsoft push vendors such as Symantec, McAffe, Panda, Kaspersky, and others out of the market? The answer is probably not. Most of the security software vendors do a lot more than just desktop anti-malware -- the real expertise lies with protecting networks and providing products that prevent data leaks, kill spam and handle the other multitude of security ills that users can be exposed to.

At the very least, Morro should prove to be a marketing success for Microsoft, whether or not the service will be able to compete with commercial products is yet to be seen. At least the impression will be that Microsoft is concerned with security and is looking to protect their Desktop OS customers.

Thursday, June 11, 2009

Security Patch Palooza: Microsoft Issues 31 Big Fixes Todd R. Weiss Jun 10, 2009 10:46 am

Todd R. Weiss

Jun 10, 2009 10:46 am

Security Patch Palooza: Microsoft Issues 31 Big FixesIt may be June, but Microsoft techies haven't turned their focus to summer vacations yet. Instead, company security engineers have been busy prepping 10 major software patches that fix 31 important security vulnerabilities in Windows, Office, and other Microsoft products. Eighteen of the vulnerabilities are classified by the company as "critical fixes."

Patches were delivered Tuesday via Windows Update and are targeted at Windows XP, and to a lesser degree Vista. Beta users of Windows 7 don't appear to have been included in the update. If your PC isn't set up to receive automatic updates -- it should be. Here is how.

Patches target the usual security suspects, such as new vulnerabilities found in Microsoft's own Internet Explorer Web browser. Also included with the updates is help for computers impacted by a rogue "antivirus" application called Internet Antivirus Pro. The purported antivirus program installs itself onto users' computers, then eats up huge resources as it slows systems down, flashes up constant pop-up messages (see above), and then downloads software that steals passwords and causes other havoc. Tuesday's Microsoft patches include a fix that can detect and help remove this rogue application, according to the security team.

Some Applications Get Patched, Others Not

Also included are patches for Windows, Excel, Word, and much more, all aimed at fixing the latest moderate- to critical-level security vulnerabilities recently uncovered.

One fix that didn't make it into this month's Patch Tuesday release was a patch to fix a generally rare vulnerability that involves DirectX and QuickTime. The security vulnerability can affect Windows XP or Windows Server 2003 users, but not Vista or Windows Server 2008 users, according to the company. The vulnerability can allow an intruder to take over control of a computer using an exploited QuickTime file. In the meantime, here's a workaround you can install to protect your PC from this possible vulnerability.

Tuesday, June 2, 2009

Still think Apple has no wormy holes?

Apple Patches 10 Critical QuickTime Bugs

Gregg Keizer, Computerworld

Jun 2, 2009 9:39 am

Apple on Monday patched 10 critical vulnerabilities in QuickTime, including one that was hinted at in a Mac hacking book three months ago.

Eight of the bugs patched by QuickTime 7.6.2 affect both the Mac and Windows versions, while two others affect only QuickTime for Windows XP and Vista. Apple described all 10 as allowing "arbitrary code execution," a phrase it uses to describe the most serious threats that if exploited, could result in a PC or Mac hijacking. Unlike vendors such as Microsoft and Oracle, Apple doesn't rank the bugs it fixes with a scoring or labeling system.

Monday's update was Apple's second this year for the player, which has been patched a total of 17 times in 2009; last year, Apple patched 30 QuickTime vulnerabilities.

"They're what one would expect for QuickTime, file format processing bugs," said Andrew Storms, director of security operations at nCircle Network Security, in an instant message.

Storms had it right: All 10 vulnerabilities involved a file format issue of one sort or another. Three of the bugs were in how QuickTime parses movie files, two were in its handling of PICT image files and others were traced to problems dealing with JP2 (JPEG 2000), MS ADPCM-encoded (Adaptive Differential Pulse Code Modulation) audio, PhotoShop and animation file formats.

Apple has patched dozens of file format flaws in QuickTime over the years. Last September, for instance, it dealt out patches for problems in parsing PICT images, QTVR (QuickTime Virtual Reality) files, QuickTime movies, H.264-encoded movies and Indeo-encoded video.

File format vulnerabilities, and lots of them, are to be expected with a program like QuickTime, said Pedram Amini, manager of security research at 3com's Austin, Texas-based TippingPoint. "QuickTime has a huge attack surface," said Amini, "because of all the file formats it supports."

Six of the vulnerabilities were reported or co-reported to Apple by TippingPoint's bug bounty program, the second time in the last three weeks that a cash-for-bugs scheme has contributed the majority of a vendor's flaws. Last month, TippingPoint's rival, VeriSign's iDefense, reported 10 of the 14 PowerPoint vulnerabilities patched by Microsoft.

The large number of bugs attributed to TippingPoint were a timing conicidence, said Amini. Although the company typically passes along vulnerability reports to vendors as soon as it's vetted the bugs, there are times it holds them, then presents a batch to the vendor. "If we have several submitted for the same application, we like to get a full view of all the vulnerabilities to make sure there aren't any that overlap," said Amini.

One of TippingPoint's half-dozen, the JP2 handling bug, was credited to Charlie Miller, a researcher with Independent Security Evaluators, and to Damian Put, a researcher who has sold bugs to TippingPoint in the past. Miller is undoubtedly the better known of the pair, having won large cash prizes two years running at the Pwn2Own hacking contest, held every March at the CanSecWest security conference.

Miller had revealed information about the JP2 bug in The Mac Hacker's Handbook, a how-to book he and Dino Dai Zov published in March. In an earlier interview, Miller said that he had not actually disclosed the vulnerability, but he had provided all the information a competent researcher needed to root it out.

TippingPoint, which was unaware of the clues Miller had given, paid Put for the bug, said Amini. "We got that bug about a month after the book came out," said Amini Monday. "That happens about once every two months, where we end up paying twice for the same bug."

However, Put used a slightly different approach to find the vulnerability, Amini argued. "His research was unique and he did some original work. And this wasn't his first Apple bug," he said.

nCircle's Storms warned users to take the QuickTime vulnerabilities seriously, even if bugs in the player have rarely been exploited. "Anytime you can simply open a movie file and inject malware is bad news," Storms said. "Especially given how much of the Internet is now used for multimedia. Most people don't expect to be attacked watching a movie -- unless it's a horror movie."

Apple also updated iTunes Monday, releasing Version 8.2 to fix a single critical vulnerability in parsing "itms:" URLs, and to prep the software for iPhone 3.0, the new operating system expected to launch next week at Apple's annual Worldwide Developers Conference.

As is its practice, Apple skimped on details of the changes rolled into iTunes, although the Mac OS X Software Update noted: "iTunes 8.2 now supports iPhone or iPod touch with the iPhone 3.0 Software Update."

Mac users can upgrade to QuickTime 7.6.2 and iTunes 8.2 using the operating system's built-in Software Update feature, while Windows users can either download the new QuickTime and iTunes from the Apple support site or use the optional Windows update tool.