Introduction
Sûnnet Beskerming Pty. Ltd. occasionally produces small reports that are for free (gratis) distribution. The free content may cover any area that Sûnnet Beskerming operates in. Examples may include generic security advice, specific security warnings, development practices, and application tuning. The only caveat on reuse of information from this site is in accordance with the following paragraph.
Use and reuse of information from this site requires written acknowledgement of the source for printed materials, and a hyperlink to the parent Sûnnet Beskerming page for online reproduction. Content from this page can not be reused in a commercial context without negotiating an appropriate licence with the site owner. Personal and educational use is granted without additional restriction beyond an amount in accordance with the principle of "fair use". Fair judgement is encouraged from site users as to what amounts to "fair use". Please contact us if you reuse our content, so that we may be able to provide more specific advice when necessary to improve your reproduction.
Sûnnet Beskerming do not normally offer services and products direct to the consumer, with this weekly column as the primary exception. One of the primary difficulties with a weekly column is ensuring that the content being reported remains fresh and relevant, even when it may be more than a week out of date at time of publishing. To remedy this situation, and to provide more timely information for people who desire up to the minute news, Sûnnet Beskerming is announcing the establishment of a mailing list which will provide up to the minute news on emerging threats, advice on good security practices, analysis and explanation of technical news items which may have an impact on your future IT purchases, and collation and distillation of multiple news sources to provide you with a brief, accurate, non-biased synopsis of technology trends, with a focus on security. Sûnnet Beskerming do not restrict the focus of their services to only one operating system or hardware platform, which allows you an equal level of service even if you do not run the leading Operating Systems.
Having as little as a few hours warning is enough to protect your systems against rapidly emerging threats. Some of the most prolific worms and viruses in existence can infect all vulnerable systems within a matter of hours, so every second counts. This is where having Sûnnet Beskerming services helps.
As a recent example, you would have been informed of the recent network compromise which resulted in up to 40 million credit card details being compromised a full 12 hours before it was being reported in the major Information Technology news sites, and more than four days before it was being reported in the mainstream media.
Sometimes we are even faster than Google, being able to deliver timely, accurate information before any related content appears in the Google search results.
Not many people can afford to be dedicated full time to searching and identifying this information, and so tend to find out once something bad has already happened to their systems. Let Sûnnet Beskerming use their resources to bring you this information before you find it out the hard way.
Sûnnet Beskerming are offering a free trial membership period for consumer subscribers to the mailing list (Businesses have their own, similar list, with added services). For subscription information, or more information, please send an email to info@skiifwrald.com.
A Week For Holes - 26 September 2005
Perhaps this week's column is best read in conjunction with last week's, in order to gain an understanding of what drives some people to release vulnerability reports, and the vitriol that tends to follow the publication of reports that affect software that people have formed a strong emotional attachment to.
The last several days have been busy as far as security vulnerability releases go, particularly in terms of Internet browsers, with the Mozilla family of browsers attracting some increased attention.
Even companies that release vulnerability patches have run into trouble in the last several days. Customised Linux vendor, Debian, announced to a security mailing list that it has been suffering bandwidth problems following the release of security updates for the XFree86 components of their Linux distribution. Due to the large size of the patches, and the number of files directly involved, the 100 MBit / s connection to the vendor's servers has been saturated by users who have rushed to patch their systems. In the security list message, Debian has advised that a new security infrastructure will soon be in place, which should help avoid similar situations in the future, and that users should expect some delays until the rush for patches subsides.
While the security vulnerabilities that the patches addressed were moderate, the admission of difficulties in providing patches to end users could provide hackers with an extended attack window.
The Mozilla browser family vulnerabilities which were first reported on in last week's column have been joined by several more. They include vulnerabilities which can provide a remote attacker an ability to gain complete control of a vulnerable system, through to standard denial of service and data theft attacks. Due to the flaws affecting the browsers across all platforms, it is expected that the exploits (when they are released) will only target one or two specific platforms, those which are deemed to be the most vulnerable (most likely Windows).
The flaws range from problems with URLs which have different encoding, through specific image handling issues, AJAX (Asynchronous JavaScript And XML) problems, and startup problems on specific platforms, amongst other issues. According to the software developers, the vulnerabilities are all fixed by upgrading to the latest version of the browsers (Firefox 1.0.7, Mozilla Suite 1.7.12).
Arguments about the relative strength of the competing browsers (Internet Explorer vs. all others) were only fueled by recent announcements from Symantec that accompanied their latest Internet Security Threat Report. Claims that alternative Internet browser security was worse than Internet Explorer's, and that Apple Macintosh users were living in a 'false paradise' were met by derision and disbelief from the non-Internet Explorer using community of users and developers. The claims by Symantec that the Open Source development model contributes to extended delays between vulnerability disclosure and patch release also drew sharp criticism from Open Source developers.
In addition to the claims of bias, those countering Symantec's comments claimed the methodology used to generate the reports was questionable at best, and that the comments reflected an apparent lack of business for Symantec in those areas (non Internet Explorer using systems, or non-Windows based systems).
Microsoft's Internet Explorer did not escape the week unscathed, with suspicion that the XMLHttpRequest attacks will extend to it, and light reporting beginning to surface of a potentially deadly flaw with the browser. As far as Internet Explorer users go, the good news is that the vulnerability doesn't appear to have been picked up on by most of the hacker community, but the bad news is that it re-introduces a major threat that was supposed to have been neutralised over several previous security updates. The issue in question has been confirmed by multiple independent sources, a number of whom have workable exploit code ready for release, but Microsoft remains tightlipped on the issue (and is expected to do so until they release a security patch, if at all).
While discussing the XMLHttpRequest vulnerabilities for the Mozilla browsers, and the suspected attacks against Internet Explorer, it is important to highlight that the issues being raised are due to fundamental flaws which affect nearly every implementation of XMLHttpRequest. The cornerstone of the current Internet buzz, AJAX, XMLHttpRequest was initially introduced by Microsoft, before being picked up by the competing browsers, and is an ActiveX (Internet Explorer) or core JavaScript functionality (other browsers) which is used to pass content to and from a web page, without the need to reload the page completely. Current online tools which use this approach, and are very popular, include Google Maps, and Google Suggest.
Vulnerabilities which affect this AJAX component include referer spoofing (which allows for unmetered content grabs, and for complete man-in-the-middle attacks on the client), HTTP Request Smuggling, Response Splitting and cache poisoning attacks (which gets malicious content past filtering applications, and affects the online activity of the user). While some of the vulnerabilities are new, some of the others have been referred to in the past by other security researchers, and have been mentioned in concerns about AJAX security.
In a departure from the normal response to announced vulnerabilities, there has been cautious optimism to the announcement of a buffer overflow in the version 2.0 firmware for the PlayStation Portable. Affecting the photo viewer, the buffer overflow can only be used at this stage to modify the appearance of some menus. The reason why it is being approached with cautious optimism is that it might be the entry point which allows users to run their own code on PSPs with that version of firmware. In the absence of a Software Development Kit (SDK), it is vulnerabilities in the standard software which allows users to gain access to develop and run their own code. It is also the first step towards discovering where the cheats and modifiable codes are for games that run on the platform.
Sometimes it is the odd differences to expected results that indicates the presence of vulnerabilities. Over the last couple of weeks there have been occasional reports of Google searches returning odd sponsored results and advertising. The initially scattered reports were dismissed as being localised caching problems, user error in reporting, or as nothing serious. Further investigation showed that it was actually due to a new piece of malware, dubbed P2Load-A.
Designed to target Google searches, the malware achieves the redirection by modifying the local HOSTS file (like a local telephone book which links website names with IP numbers), and also the user's homepage (which is probably its biggest flaw). The hacker Google equivalent supports the 17 languages that Google does, and even catches some mistyped requests (such as wwwgoogle.com), which makes it difficult to pick up from visual identification (and it will also pass most antispyware / antiphishing toolbars). Spreading through various P2P applications, the worm passes itself off as a copy of 'Knights of the Old Republic 2', a recent PC game. When executed, it claims that it is missing some files, and needs to download them. By this stage the victim is infected.
The rationale behind the worm is expected to be completely financial.
Finally, for credit card holders who may have been affected by the 40 million credit card breach at CardSystems recently, there has been an interesting turn in the class action suit which has been brought against CardSystems, VISA and MasterCard which is claiming that the companies neglected their responsibilities under Californian law (SB 1386) to notify Californian residents of a breach in their online financial and identity data. The San Franciscan Judge sitting on the case has disagreed with the class action, passing down a ruling which effectively permits credit card companies (and third party processors) to withhold disclosure of identity theft cases that affect their customers. The judge felt that there was no 'emergency', and that he '... [didn't] think that there is any immediate threat of irreparable injury'. This is likely to be cold comfort to almost a quarter of a million consumers whose credit card details were directly stolen in the CardSystems breach.
Why the Techno - Arrogance ? - 19 September 2005
A behaviour pattern that many have had the unfortunate luck to experience first hand is that of techno-arrogance, usually from those who are believed to be more skilled with Information Technology. For a mix of reasons, people with Information Technology knowledge and skill often come across as arrogant, and in possession of several anti-social traits which makes them difficult to relate to, including poor personal hygiene and defensiveness. In many cases, it appears that the newest appointed Information Technology professionals are the worst offenders for displaying the arrogance.
It is more difficult when they view themselves as Subject Matter Experts, and are unwilling to admit the gaps in their knowledge, and lack of overall understanding of technology. Information Technology Certificate mills (e.g. guaranteed MCSE, CCNA, RHCE) are notorious for producing these arrogant people, who see their little piece of paper as the ticket to financial success, and consider a 3 month course enough to become the global expert on the matter.
On the other hand, people who are drawn to Information Technology from a young age may have done so due to underdeveloped social skills which perpetuate into adulthood. The introverted nature of those who are generally drawn to the technology at a young age provides a natural barrier to future social interaction, which makes effective distribution of their knowledge difficult, particularly in a work environment where key decision makers do not necessarily understand the technology.
The fixation by the techno-arrogant on a certain platform, software choice, or particular technology can lead to online 'flame wars' - arguments which are risky for non-technical people to interrupt, and can led to them forgetting what it is like to not know about technology. This forgetfulness leads them to be dismissive of requests and queries from non-technical people, oftentimes shooting back a terse response such as 'RTFM', and leaving it there.
One of the most common interactions with techno-arrogance that most people find, is with helpdesk staff that are uniformly unhelpful - refusing to deviate from planned scripts, even after the customer has waited on the telephone for extended periods and demonstrated that the problem is not a basic one. This builds the impression that helpdesk personnel are arrogant. However, the helpdesk staff will then complain privately about the arrogance of customers who think that they know more about the system than the people they have called for help, when the solution is the first or second item in the script, or on the first page of the manual that the user has conveniently ignored.
Unfortunately, this sets a baseline of incompetence, which is viewed by non-technical people as the standard for Information Technology people (whether or not that is a fair assessment). Because Information Technology is such a broad field, with an immense level of detail required in order to just remain current with knowledge and the technology, it creates traps for the unwary. Having learned one way that works, it becomes the only way to do things for many people, which creates problems when they are hit with problems such as infection by worms or viruses, which are designed to sidestep the common methods to protect them.
It is this same problem which results in technology advice from the random 12 year old appearing to be as valuable as that from the technology professional (and frustrating when it is selected over that of the professional). This trap leads to the non-technical person underestimating the value of accurate advice, considering a several thousand dollar analysis and consult to be on a par with a 30 second sound bite from the neighbour's 12 year old. The fact that many of the multi-thousand dollar solutions are actually on a par with the 12 year old suggests that there is more snake oil than substance in a lot of the offerings on the market, which is an argument for another day.
This assumption of incompetence from the non-technical person creates a real problem as it means that any dialogue with a technical person has already been discounted due to this assumption. For the technical person this constant denigration will eventually lead to frustration and responses in kind (which only further reinforces for the non-technical person the arrogance of the technical person).
When the advice of the technical person is ignored continually, and they are blamed for the problems even after warning that certain actions will result in problems, they will eventually respond with frustration.
A certain 'covered' vocabulary eventually evolves amongst technical people in order to express these frustrations in a manner which appears to be non-confrontational, but still provides some relief. Terms such as 'PEBKAC', 'PICNIC', 'CKI' and 'One Delta Ten Tango' may be used occasionally to express this, and all Information Technology users are liable to be labeled with one or more of these terms from time to time (including the supergeeks themselves).
The presentation of new technology, or new inventions, is a threat to the techno-arrogant as it threatens their position as the alpha Geek, and they will go out of their way to belittle the new products or technology in order to maintain their superiority. Information Security is probably the field where this is most apparent, with new advancements being dismissed as unworthy by those who probably most need to make use of the protection offered by them. When major worms and viruses hit, those who have risked their reputations to provide early warning are accused of not doing more to help, when the information they were presenting was being uniformly ignored.
Similar trends can be seen amongst those who notify website administrators that their sites have been hacked. Probably two thirds of notifications are ignored, with probably ninety percent of the remainder (i.e almost a third of the original number) accusing the notifier of having hacked the site, including verbally abusing them and accusing them of impropriety. Distressingly, a number of these verbal attacks come from major companies who are responsible for hundreds of professional websites, and who should have a better understanding of the technology they are responsible for. The remaining administrators, who haven't ignored the alert, and aren't abusing the notifier, are glad to receive the notification, and work towards improving their services.
Techno-arrogance is not just limited to local support staff, with some fairly significant online arguments in the last several days taking place over responsible vulnerability disclosure.
Internet browsers derived from the Mozilla codebase, including the Mozilla suite, FireFox, and Netscape, were disclosed to have a vulnerability which could be remotely exploited to execute code of choice on the system. This particular vulnerability could be exploited across all platforms that the browsers ran on (Windows, Linux, OS X), and required a simple URL link (no more than 12 characters) to exploit.
The researcher who claimed discovery of the vulnerability, and who disclosed it publicly, has been accused of arrogance and irresponsibility in his disclosure method. The open source browsers have a fairly well known vulnerability reporting method (Bugzilla), which the researcher failed to utilise, claiming instead that the companies refused to acknowledge existence of the vulnerability. Leaking of the vulnerability to a major IT news website at the same time that it was released to security mailing lists, before it had been entered into the vulnerability database for the browsers, was widely condemned as irresponsible. The researcher then went on to release exploitation code which was copied from the eventual Bugzilla entry, which had been created by another person, and refused to cite the source - claiming responsibility for the code himself.
Once the bug had been fixed (within 6 hours of disclosure), the researcher claimed that the fix did not correct the issue which he had reported on. To back this claim, he released another advisory a few days later, which detailed a slight variation to the original vulnerability, and which would work against versions of the browser which had the previous fix applied.
The researcher in question has a fairly good track record of discovering vulnerabilities, including one unidentified vulnerability in Internet Explorer, but his differential approach to disclosure for Microsoft products, and the open source developed products, drew sharp criticism from others in the security community.
An excellent solution for resolving techno-arrogance is personal responsibility. If people take responsibility for their actions, and admit the shortcomings in their own knowledge, it will go a long way to ensuring that problems can be resolved, and advice sought, without the need for frustration and tension. While this will not overcome those where the aggression comes from a personality defect, it will mean that people will have less reason to antagonise them. It might even show non-technical people the value of the advice being provided by technical people, and show technical people the importance of the requests coming from the non-technical people.
While this would be the case in a perfect world, there is no reason not to at least make an effort. Who knows, it might even result in a better working relationship between people.
Kazaa, China and Microsoft - 12 September 2005
Last week, the long-awaited verdict was finally handed down in the Australian court case against the Kazaa filesharing application. The verdict that was handed down appears to be inline with what the US Supreme Court handed down in the recent Grokster decision, where the actual software itself is not illegal, but the promotion of the software for illegal usage by the developers is illegal. In the Kazaa case, the argument was that the developers were licencing users to access a network which they knew was being used for copyright infringement purposes. The numerous corporate reshuffles and ownership rearrangements did not help, either, as it suggested an elaborate attempt to avoid liability.
In the greater scheme of things, the decision will not change much in terms of file sharing or copyright infringement. The relevancy of Kazaa as one of the primary file trading networks has been in decline for some time, with numerous alternatives surfacing to take its place. Some of these tools have also drawn attention, such as BitTorrent, where tracker sites (sites which host the .torrent files which point to the actual content) have been under legal pressure to close, when they have been hosting .torrents which point to files which have compromised copyright (such as the suprnova.org site). The ongoing efforts by content owners to prosecute, and shut down, file trading efforts will only continue to pick off the low hanging fruit. There will be new filesharing technologies and anonymous access methods which will emerge, which will only serve to make it more difficult to track down copyright infringers. Anonymous networking applications and initiatives, such as Tor and Freenet, will be a part of this approach.
Unfortunately, Australia still does not have suitable provisions for fair use in legislation, which might be leading end users to seek content via copyright infringement purposes. What this means, in practical terms, is that iPod owners can not legitimately fill their portable devices with their music collections, as there is no legal download service for MP3 formatted files in Australia, and media shifting of their existing CD collections is not permitted under the current fair use laws.
As the Kazaa verdict is being sorted out, Sharman Networks (the company responsible for Kazaa) has indicated that it will be appealing the ruling, but the appeal is not likely to start before the end of the year. In order for the appeal to take place, they need to lodge their request within three weeks of the verdict date. With the music companies that led the prosecution calling for damages of billions of dollars to be paid by Sharman Networks (or Kazaa users), it has yet to be determined what the financial cost will be, and who will have to pay it. Sharman Networks have also indicated that they will fight the sections of the ruling which they do not agree with.
The hyperbole and irrational fear that this case has resulted in appears very similar to that which surrounded the Grokster decision, and the Napster decision before that. Decisions such as this seem to polarise responses, and allows people marginally involved with the case to use the outcome as a platform to forward their own agendas. While the arguments being put forward by the various interest groups have their own merit (or lack of), the underlying dichotomy between technical advancement / acceptance and the knowledge held by law makers and major corporations about such technology continues.
China is also facing similar issues, as the government seeks to manage the access of residents to external information sources. Reports started circulating towards the end of the week of moves by China Telecom to block Skype VoIP services to their customers. Currently only affecting the southern city of Shenzen, the blockage has drawn the conspiracy theorists out of the woodwork, claiming that the Chinese are doing this to prevent unregulated information access by residents. While this is a possibility, it appears that the reason behind the move may be more commercial than anything else. The presence of VoIP services allows users to bypass most calling costs for telephone calls, buy using the existing network connection. When the incumbent telecommunications providers charge in the order of $1 - $2 USD per minute for international telephone calls, the presence of an alternative which is essentially free can threaten the viability of the existing services. A China Telecom representative observed that the current legislation in China strictly regulates VoIP style services, and only China Telecom and China Netcom are permitted to conduct trials. Concerns have been raised by telecommunication companies in other countries over similar issues, and it represents an ongoing concern for them.
Activities of foreign companies within China have also drawn some news in the last week. Yahoo! has been accused of complicity in supplying information to the Chinese authorities which was used to jail a Chinese journalist for ten years. According to the claims made in an Associated Press article, the Internet Search Engine giant provided information on the content of a a Yahoo! mail message that was then traced to the journalist's computer. The Chinese authorities claim that the message contained state secrets, and the journalist was illegally passing them to foreign interests. The message in question apparently contained the journalist's notes on a government information circular which outlined media restrictions. Claims were also made that it is a symptom of the Chinese Government's difficulty in controlling information flow in the digital era, and other Chinese journalists have faced similar charges.
Remaining with news from China, and in a followup to last week's details on the Microsoft - Google court case details, claims have been made that the Microsoft executive that Google hired away was engaged in corporate espionage prior to his departure from Microsoft. The claim is that he was passing Microsoft secrets to Google, even before he had accepted the new job at Google - even that the passing of the secrets was critical to him gaining the role at Google.
The executive has since lashed out at Microsoft with claims of 'Incompetence' by the software giant in its attempts to establish a presence in China. He also claimed that Microsoft chairman, Bill Gates, verbally attacked him, but declined to provide adequate details as to what prompted the outburst. If true, it would place on record significant outbursts from both the chairman and CEO of Microsoft within the space of a week. Other reports suggested that the outburst was targeted at the bureaucracy in China, and the difficulties that Microsoft was facing in establishing viable business in the country.
Microsoft has also launched an appeal against the EU ruling which dictated that they have to open up various elements of their software to open sourced competition, in an effort to promote interoperability from the competing software. Microsoft is seeking an overturning of the original ruling, and are expected to launch an appeal against the fine levied by the EU.
Microsoft also ran into further difficulty last week, when the Commonwealth of Massachusetts, in the United States promulgated that all official electronic documents will have to adhere to the OpenDocument format, as is implemented by applications such as OpenOffice.org. Due to Microsoft Word not supporting this document format, it is apparent that the Commonwealth will be moving away from Microsoft's format, focussing, instead, on alternative office suites. It does not mean that they will be moving away from the Windows platform, as some observers suggested.
Open Source advocates are celebrating the announcement, and have even suggested that such a move should be pre-requisite for all Governmental levels. One of the leading arguments is that matters of public record should be held in a format which is not proprietary, and which adheres to agreed standards. Taking such an approach should ensure that the data is future-proofed, and easy to extract in the future.
Other advantages to this sort of approach become apparent when it is understood that most of the alternate formats are nearly human readable, and rely upon conditional formatting which isn't binary. This means that data mining suddenly becomes much easier, and it is possible to operate on the data in multiple files with ease, opening the way for a wide range of future uses. The other benefit to a standardised storage format is that the files will almost certainly be useable in any future version of the office suite in use, which is an issue that Microsoft Office has struggled with over the years, and which continues to plague installations of Microsoft Office.
Microsoft's monthly security patch release (dubbed 'Black Tuesday' by some), has been delayed for September. Patches are normally released on the second Tuesday of every month, and earlier this week, Microsoft announced that they would be releasing a single patch which was rated as critical. According to news issued by Microsoft, the patch has been withdrawn due to difficulties which were encountered late in the Quality Assurance cycle.
It is rumoured that the patch will be for Internet Explorer, and will fix the earlier reported vulnerability for that product, although Microsoft's information only indicates that Windows will be affected. Internet Explorer is a critical component of the Windows Operating System, as was discovered during the anti-trust court proceedings against Microsoft. Black Tuesday will still see updates for the Microsoft Malicious Software Removal Tool, along with a non-security, highly critical update for Windows.
One thing which has taken the attention away from Microsoft last week was the disclosure of vulnerabilities affecting Mozilla-derived Internet browsers. The vulnerabilities caused the browsers to crash, and it has been confirmed that they can now be used to execute code of choice (on all platforms). The flaws are buffer overflows caused by failures in IDN character set support in the URL. The IDN character set is used to display non-English characters, and in this specific case it is the handling of the character represented by the 0xAD hexadecimal code.
The announcement has ignited yet more argument about the practice of vulnerability disclosure. The researcher who has claimed the discovery of the vulnerabilities is the same one who recently uncovered a vulnerability fixed in last month's Microsoft patch updates (MS05-041), and who has claimed discovery of an Internet Explorer vulnerability which can be exploited, irrespective of patches and security updates. With disclosing information on the Mozilla-derived browsers, the researcher included sample exploit code, which marks a different approach to the handling of Microsoft-related vulnerabilities. Some observers are crying foul, that the researcher failed to alert the developers, and of the apparent bias in the approach to information disclosure between Microsoft-related, and other vulnerabilities.
Google Going Evil? - 05 September 2005
As we warned in the days that followed the July London bombings, computer users should apply caution to any email received in their inbox which claims to represent a charity that has been established to help the victims of the recent Hurricane Katrina that affected the Gulf Coast region of the United States. Obviously named domains such as katrinahelp.com, katrinarelief.com, and katrinacleanup.com are believed to be attempts by fraudsters to obtain financial details, or theft of donations. It is recommended that people who wish to donate to valid relief organisations refer to the fema.gov website (US Federal Emergency Management Agency) for links to the appropriate sites. There has also been news that PayPal has locked accounts of people who have been legitimately collecting for hurricane relief.
To many people, Google's corporate mantra of 'Don't Be Evil' is starting to wear a bit thin. The beta release of talk.google.com is the latest in a series of product releases and company acquisitions that are causing people to start asking questions about Google itself. Although there is little in Google's history which would suggest that the company is about to head off on the track of being evil, the fact that it has become a publicly traded company means that it is forced to endure more public disclosure than a private company is held to, and the control of the company slips to the shareholders.
It is some of these shareholders, and market analysts who are complaining the loudest, being very concerned at the inflated (in their minds) Price to Earnings ratio of Google. Often used as a metric for how a stock is valued, the P/E ratio for Google's stock is stratospheric, when compared to companies that have been listed for a longer period. This could indicate artificial inflation of the stock price, and has some worried that a second "Internet Bubble" has begun.
At the same time, the practices of Google are being called into question, especially in respect to "click fraud", where a company pays someone to repeatedly click through on a competitor's Google ads, without making any purchases. This has the effect of driving up the costs of the victim, without them seeing any tangible benefit.
Because Google has become to be seen as the arbiter of what does and doesn't exist on the Internet, they have a unique social responsibility, which they have taken up with pleasure, to ensure that the results their search engine provides are as accurate and unbiased as possible.
People who have watched the progression of Google, from startup through to publicly traded behemoth, have noticed that the big shift in attitude towards Google took place around the time that they announced they were going to go public. For a company that keeps its research closely guarded, the evolution to publicly traded entity means more scrutiny and oversight, which is likely to force Google to give up at least some of its 'black box' approach to research, where money goes in at one end, and a product arrives at the other, but what happens in between is hidden from view. An extremely critical view of the products from the company shows that there are few revenue streams, but they are huge.
The primary income stream for Google comes from advertising, both amongst the results on their search engine, and also through the AdSense program, which delivers contextual text ads in a banner format to other sites. Google search hardware is also available, which provides companies with a means to have their own localised search engine for the electronic documents within their network. The purchase of other companies has yet to see a significant revenue stream be added (at least nothing to rival the advertising revenues). Google have also recently announced their move into print advertising, purchasing large amounts of print advertising, possibly to allow smaller companies access to print advertising opportunities they otherwise would not be able to afford.
For many users, so long as Google is not explicitly evil in their interactions with the company, then they are fine with the business practices that they use. If they perceive no evil, and the services being received are satisfactory, then the users are quite happy to continue with their use of the services that Google offers.
The ongoing race to become the primary search engine used by Internet surfers has resulted in a lawsuit between Google and Microsoft (MSN Search). Apparently, Google's hiring of an executive away from Microsoft contravened the contract that the employee had signed with Microsoft. While the details of the case are still being argued out, many have pointed to historical cases where Microsoft have done exactly the same thing, in order to limit competition. One such case was the hiring away from Borland of a number of key developers, which resulted in the effective neutralisation of Borland's software offerings which were competing with Microsoft.
Documents supplied in the current Microsoft / Google lawsuit suggest that Microsoft CEO, Steve Ballmer, was subject to a violent outburst over the hiring away of the Microsoft executive. This outburst included several profanities and damage to office furniture. Observers have expressed their concern that this outburst is indicative of an underlying personality trait. Steve Ballmer is not alone in outbursts among high technology company executives. Steve Jobs, of Apple, Pixar, and NeXT, is famous for his outbursts when confronted over various matters.
A study was recently released which suggested that corporations (and by extension, the CxO level) exhibited Sociopathic tendencies in their actions, and this recent outburst by Steve Ballmer continues this concept. While the anthromorphisation of corporations doesn't always work, it does provide an interesting metric in this case.
As search engines begin to offer more content to mobile phone users, viruses targeted at that platform will become a larger risk. According to Finnish security firm, F-Secure, the first major outbreak of a mobile-phone based virus has affected an unnamed European firm. The worm, a variant of Commwarrior, can spread via a number of mechanisms (depending upon the variant), spreading through Multimedia Messaging Service (MMS), and through Bluetooth. The first variant of Commwarrior (A) only attempts to spread during specific hours of the day, from 8 am through to midnight, and then attempts to erase evidence of activity between 7 am and 8 am. The second variant (B), which infected the company, attempts to spread for 23 hours a day, giving a much greater chance of infection. Apparently an employee received the virus on their phone, and decided to activate the application, which then set the virus into active mode, allowing it to spread to the other phones in the local area (the office).
Viruses and other malware attacking communication devices can start to cause problems when communicating with outsourced business operations. Outsourcing has long been a sore point amongst technical workers in a number of Western countries, as they watch their jobs being shipped internationally, primarily to India, where the cost of living and employment is cheaper. With the massive influx of capital, inflation is starting to have an effect in the high-tech regions of India, and there is speculation as to the next location for major outsourcing. For major Western corporations to outsource significant levels of work, the receiving country will need to have a large English speaking population, cheap labour and a relatively advanced technical sector (or one that can be rapidly scaled). Countries such as China, Vietnam and Russia currently do not have a sufficiently large English speaking population, and countries in Africa may not be stable enough politically in order to be outsourced to.
An interesting development has seen a United Kingdom based company move their outsourced operations to the Philippines. As a country that has been under the control of Spain, and the United States of America, it has a fairly large population of English speakers, cheap labour, and a relatively advanced technical sector. An added benefit is that it is one of the first countries to enter the new day (along with Australia, New Zealand and Japan), and can rapidly respond to time-based issues. When a number of anti-virus companies had problems with their definition file updates earlier this year, it was a Philippines-based office which was the first to respond, and provide appropriate technical fixes.
One person who is unlikely to be outsourced is notorious Scandinavian hacker, DVD Jon (Jon Lech Johanson), who has published details on removing the protection which is provided to NSC formatted Windows Media streaming files. His stated motive for performing such an action is to allow other media players to view content that has been streamed for Windows Media Player. Previously known for his publication of methods to defeat FairPlay (the protection on iTunes Music Store files), and CSS (the protection which prevents DVDs from being copied), DVD Jon is believed to be the spokesperson for a group of hackers who are working on defeating Digital Rights Management techniques.
Finally, several thousand Zen MP3 players from Creative were shipped to the Japanese market with a nasty surprise for the new owners. The software that accompanied the players was infected with the W32.Wullik.B@mm. Updating to the latest Anti-virus definition files should help remove any infection, and Creative have issued a press release (in Japanese) which covers the issue.