OOGLE have introduced and released cross-desktop search, which is an extension of their popular Google Desktop. That piece of software was recently embraced by IBM and it was included in a Windows ‘distribution’ from Google. It already raises many questions and privacy concerns. Not only your trusted colleagues will be able to gain access to your data.

Google Copies Your Hard Drive – Government Smiles in Anticipation

Consumers Should Not Use New Google Desktop

Related items:

• Google Controversies
• Google Blind to Controversy
• Google and Pet Peeves
• Death of Privacy
• Search Engines and Spying
• Remote Data
• Nanny Country Snatches Search Logs
• Cookie-Based Search Results
• Is Google the Next Microsoft?

ICROSOFT have announced officially their intent to enter the anti-virus market a couple of months ago. They now unveil a service called OneCare (homonym of “wanker”) Live, which is paid for annually. In simple words, the customer gets protection for the operating system’s own flaws and pays $50 per year for the service from no-one but the O/S vendor. As reported by CNN:

Microsoft Corp. said on Tuesday it plans to launch a new computer security service in June, marking the world’s biggest software maker’s entry into the fast-growing consumer anti-virus market.

Microsoft’s Windows OneCare Live, a subscription-based, self-updating service, will push the software giant into competition with consumer security providers Symantec Corp. and McAfee Inc.

The article neglects to mention the controversy that is associated with this anti-competitive strategy. Microsoft exploits a monoploy in the desktop market and gives itself motives to create flaws intentionally, then offer the cure for a high cost. I believe Symantec filed an anti-trust lawsuit against Microsoft over a month ago.

‘Smile! Big brother is watching you.”

SN, AOL and Yahoo have handed over log data to the U.S. government. The controversial move has seen strong resistance from Google however.

Yahoo acknowledges handing over search data requested in a subpoena from the Bush administration, which is hoping to use the information to revive an anti-porn law that was rejected by the U.S. Supreme Court.

Exposure of one’s search history is nothing new. In fact, exposure through search giants and third parties extends beyond this . The same companies maintain mail accounts and even statistics from other Web sites (Google Analytics).

Given sheer demand from up above, will they carrying on caving and exposing their customers’ data? Also, what about the new laws regarding data retention by ISP‘s? Everything you do gets logged, unless you use encryption of course. Being watched may be acceptable, but a so-called ‘nanny country’ is not, at least in my humble opinion.

Related items:

• Death of Privacy
• Search Engines and Spying
• The Google Cookie

Business as usual…

Slashdot has revealed to me this mild critique:

Four years ago, Bill Gates dispatched a companywide e-mail promising that security and privacy would be Microsoft’s top priorities. Gates urged that new design approaches must “dramatically reduce” the number of security-related issues as well as make fixes easier to administer. “Eventually,” he added, “our software should be so fundamentally secure that customers never even worry about it.”

The grim reality:

• WMF Exploits (2 new ones discovered yesterday)
• Windows Today Worse Than Windows in 2001
• Microsoft and Windows Zombies
• Yet Another Windows Patch
• Phishing Vulnerability
• 3 More Critical Flaws in Windows
• Internet Explorer Trojan

long time ago I argued that more people ought to digitally sign their E-mail messages. Unfortunately, very few people bother to do so. There are many benefits to encryption-based verification of one’s identity. Ultimately, it can lead to more trust, which can in turn prevent spam and make communication less susceptible to ‘noise’.

There recently emerged a word-of-mouth that signed messages are less likely to be intercepted by spam filters. As to whether this is true or not, I would have to say I doubt it. I am sorry to antagonise some people’s hopes, but several messages that I PGP-signed got flagged as spam (not by SpamAssassin). At least I was informed in all (probably two) occasions, but it was nonetheless worrisome. Quite recently I mentioned a trend whereby banning of autoresponders becomes prevalent. It is very important that moderators up above can discern spammers from those who attempt to fight spam in genuine and effective ways.

AST night, Brad Templeton pointed out that mail servers which run autoresponders or challenge/response filters could get blacklisted by spamcop.net. This is a database-driven Web site, which various spam filters rely on as a knowledgebase-type service. It also banned our LUG‘s mailing list earlier today.

I have been aware of the problems with such anti-spam tactics for quite some time, but never thought it could lead to this. As some commenters pointed out, other services may indirectly abolish anti-spam practices such as challenge/response, as well lead to banishment from people’s inboxes. Put in Brad’s words:

I learned a couple of days ago my mail server got blacklisted by spamcop.net. They don’t reveal the reason for it, but it’s likely that I was blacklisted for running an autoresponder, in this case my own custom challenge/response spam filter which is the oldest operating one I know of.

My personal solution, as posted in reply to the article, is to use a spam filter ‘on top’ of the challenge/response component. The intent: lowering the amount of challenges. One can reduce the likelihood of banishment in this way, as well as become less of a nuisance to the Net. In other words, it is possible to rule out cases when messsages are rather obviously spam. It leads to lower volume of messages being dispatched, which in turn can avoid blacklisting.

I use SpamAssasin, which is active at a layer higher than challenge/response (in this case Apache with BoxTrapper). Whatever gets scored as spam will be put aside in a mail folder which is reserved for spam. Only messages not marked as spam (and not in the whitelist either) will have a challenge delivered. This cuts down the number challenges by about 70% in my case. It never entails any false positive because I set the thresholds rather high.

ERE I am to report about yet another critical Windows bug, which many others have blogged about already. This DLL-based exploit has floated about for quite a while. It has now grown tremendously in terms of its scale though.

The victimised user can be infected merely by opening an E-mail message with a graphics files embedded. Older versions of Outlook, for example, have no protection against that. A short visit to a Web site can lead to a malicious program installed on Windows workstations. This flaw was described can be ‘severe’ and it comes at a rather sensitive time of the year. This whole situation relates to a post of mine from yesterday.

As Matt Cutts put it:

…new exploit of the Windows WMF graphics rendering engine that applies to Windows versions from 98 to XP. This is a pretty nasty exploit… You’ll lose some thumbnail previews and such, but if you want to be safe until a patch is available, click Start->Run and then type “regsvr32 /u shimgvw.dll” to disable the vulnerable DLL.

Older related items:

• Windows Today Worse Than Windows in 2001
• Microsoft and Windows Zombies
• Yet Another Windows Patch
• Phishing Vulnerability
• 3 More Critical Flaws in Windows
• Internet Explorer Trojan