6/28/2006

Yahoo settles ‘click fraud’ lawsuit

Filed under: — Aviran Mordo

Yahoo Inc. will consider refunding money to thousands of advertisers dating back to January 2004 and pay $4.95 million in attorney fees to settle a class-action lawsuit alleging the Internet powerhouse has been profiting from bogus sales referrals generated through a sham known as “click fraud.”

The agreement, given preliminary approval Wednesday by U.S. District Judge Christina Snyder in Los Angeles, doesn’t limit Yahoo’s liability — one of several contrasts to a settlement reached in March by online search engine leader Google Inc. to resolve a class-action lawsuit over the same issue.

Source: AP

Two New IE Bugs Uncovered

Filed under: — Aviran Mordo

Security analysts Wednesday warned users of a pair of unpatched bugs in Microsoft’s popular Internet Explorer browser that may soon be in play because proof-of-concept code has gone public for both.

The two vulnerabilities have been detailed on the Full Disclosure security mailing list, and were the root of alerts issued by the SANS Institute’s Internet Storm Center and Symantec Corp. on Wednesday.

One vulnerability lets attackers execute their code remotely if they can dupe users into double-clicking on a file included in a malicious Web page. The Internet Storm Center claimed that the current proof-of-concept exploit code requires this kind of user interaction, but that went on to warn that “we can expect to find creative use of this exploit in the wild very soon.” According to the ISC, disabling IE’s active scripting capabilities might protect against an exploit of the bug.

The second flaw is due to a failure of IE to enforce cross-domain policies, Symantec said in a warning to customers of its DeepSight threat system. IE, which has been victimized by numerous cross-domain vulnerabilities, could be exploited to hijack usernames and passwords.

Source: InformationWeek

Symantec Launches Attack Preparation Service

Filed under: — Aviran Mordo

Security applications maker Symantec introduced a new package aimed at helping companies prepare for emerging attacks such as so-called zero day exploits on June 28.

Tabbed as the Symantec Threat and Vulnerability Management Program, the offering combines elements of the software manufacturer’s latest anti-virus and network intrusion applications with expertise garnered from its professional services division.

The goal of the service is to create a process for dealing with new attacks as they happen, rather than attempting to address the fallout from such threats after they have already arrived.

Source: eWeek

Dell to offer free recycling for products

Filed under: — Aviran Mordo

Consumers wanting to ditch old printers, personal computers or other electronics gear made by Dell Inc. will soon be able to recycle them for free, chairman Michael Dell announced Wednesday.

“We don’t think the consumer should have to pay for the responsible retirement of used computer equipment,” Dell said.

The new recycling policy, already available in Europe, is slated to launch in the United States by September and the rest of the world by November.

Source: AP

Microsoft and others look to turn users into developers

Filed under: — Aviran Mordo

Microsoft disclosed some details on a new development tool for hobbyists and non-professionals, part of an industry-wide effort to turn end users into developers.

In a blog posting on Tuesday, Microsoft product manager John Montgomery discussed a prototype for a product coming from the Non-Professional Tools Team (NPT).

The idea of the product, code-named Tuscany, is to “take someone with no knowledge of code through to creating simple Web sites with HTML and Javascript or VBscript, teaching them along the way about things like methods, classes, events, properties, loops, and conditionals,” Montgomery wrote.

Source: News.com

‘Blue Pill’ Prototype Creates 100% Undetectable Malware

Filed under: — Aviran Mordo

A security researcher with expertise in rootkits has created a working prototype of new technology that is capable of creating malware that remains “100 percent undetectable,” even on Windows Vista x64 systems.

Joanna Rutkowska, a stealth malware researcher at Singapore-based IT security firm COSEINC, says the new Blue Pill concept uses AMD’s SVM/Pacifica virtualization technology to create an ultra-thin hypervisor that takes complete control of the underlying operating system.

The idea behind Blue Pill is simple: your operating system swallows the Blue Pill and it awakes inside the Matrix controlled by the ultra thin Blue Pill hypervisor. This all happens on-the-fly (i.e. without restarting the system) and there is no performance penalty and all the devices,” she explained.

Rutkowska stressed that the Blue Pill technology does not rely on any bug of the underlying operating system. “I have implemented a working prototype for Vista x64, but I see no reasons why it should not be possible to port it to other operating systems, like Linux or BSD which can be run on x64 platform,” she added.

Source: eWeek

RealNetworks Puts Ads In Free Online Games

Filed under: — Aviran Mordo

RealNetworks Inc. on Tuesday began putting streaming video ads in games through its RealArcade service.

Consumers who download select games to the PC from the RealArcade site will view a 10- to- 15-second advertisement before the game begins. RealNetworks senior vice president of worldwide gaming Michael Schutzler says the site gets between 750,000 and 1 million downloads per day.

Source: InformationWeek

Palm to Pay Xerox $22.5M Settlement

Filed under: — Aviran Mordo

Handheld computer maker Palm Inc. said Wednesday it would pay $22.5 million to Xerox Corp. to settle a patent infringement suit filed in 1997.

The dispute stems from a suit Xerox filed against a predecessor company to Palm Inc., charging that the handwriting-recognition technology sold as “Graffiti” and formerly used in some Palm devices infringed on a Xerox patent, known as the Unistrokes patent.

The $22.5 million payment covers a fully paid-up license for three Xerox patents, including Unistrokes, Palm said. The two sides also agreed to “patent peace,” or a seven-year mutual covenant not to sue within mutually agreed fields of use.

Source: AP

Adobe updates Flash Player, Flex tool

Filed under: — Aviran Mordo

Adobe Systems on Wednesday plans to release upgrades to its Flash Player software and Flex development tool for building Web applications.

Flash Player 9 for Windows and Macintosh, available as a free download, has been rewritten to improve the performance and “expressiveness,” or interactivity, of Flash applications, said Sydney Sloan, group product marketing manager of Adobe’s enterprise and developer business.

In tandem with the Flash Player 9 release, Adobe is making its Flex 2 product line available, including a free, entry-level Flex 2 Software Development Kit meant to encourage development of more Flash applications.

Source: News.com

Experts to form ID theft research center

Filed under: — Aviran Mordo

An alliance of businesses, colleges and federal crime fighters will combine their expertise at a new research center that will study the problems of identity theft and fraud.

Founding partners of the Center for Identity Management and Information Protection include LexisNexis Inc. and IBM Corp., the U.S. Secret Service and the FBI. Participating schools include Carnegie Mellon University, Indiana University and Syracuse University.

The center will be established in upstate New York at Utica College, which pioneered the nation’s first curriculum on white-collar crime in 1988.

Research will focus on critical issues in identity management, information sharing policy and data protection, said Dr. Gary Gordon, a Utica College professor and expert in cybercrime and identity fraud.

Source: AP

Comcast says to keep Internet records for 180 days

Filed under: — Aviran Mordo

An executive with U.S. cable operator Comcast Corp. told lawmakers on Tuesday the company will hold on to Web address records for a longer period of time under a new policy to help law enforcement.

Comcast Vice President Gerard Lewis said at a House of Representatives hearing that Comcast would retain records on Internet protocol addresses assigned to computers connected to its network for 180 days, up from 31 days under its current policy.

“We are confident that this policy will enable Comcast to become more responsive to valid law enforcement requests for IP address information,” Lewis said in a statement before the House Energy and Commerce subcommittee on combating online child pornography.

Source: Reuters

Google pulls student Social Security numbers from index

Filed under: — Aviran Mordo

A North Carolina public school district went to court to get Google to remove Social Security numbers and test scores for more than 600 students after the information was exposed on the Web, according to article in the Winston-Salem Journal online.

Source: News.com

Powered by WordPress