Domain: idg.no
Stories and comments across the archive that link to idg.no.
Stories · 7
-
Microsoft's Ticking Time Bomb Is Windows XP
Hugh Pickens DOT Com writes "Shona Ghosh writes at PC Pro that the final deadline for Windows XP support in April 2014 will act as the starting pistol for developing new exploits as hackers reverse-engineer patches issued for Windows 7 or Windows 8 to scout for XP vulnerabilities. "The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse-engineer those updates, find the vulnerabilities and test Windows XP to see if it shares [them]," says Tim Rains, the director of Microsoft's Trustworthy Computing group. Microsoft says that XP shared 30 security holes with Windows 7 and Windows 8 between July 2012 and July 2013. Gregg Keizer says that if a major chunk of the world's PCs remains tied to XP, as seems certain, Microsoft will face an unenviable choice: Stick to plan and put millions of customers at risk from malware infection, or backtrack from long-standing policies and proclamations." (Read on for more.) "In either case, it will face a public relations backlash, whether from customers who complain they've been forsaken or those angry at Microsoft for pushing them to upgrade when, in the end, they didn't need to." Microsoft makes little or no revenue from customers with old PCs, and desperately wants them to buy a new Windows system of some sort. "It's very easy to say 'just upgrade,' but not all business can do so," says Lawrence Pingree, citing money, resources and mission-critical software. "One of the main reasons why people cannot leave XP is compatibility with other software." Nor is Microsoft blameless. XP has hung around because of the mistakes Microsoft made with Windows Vista, the OS flop that outgoing CEO Steve Ballmer copped to as his biggest regret. If Vista had been more like Windows 7, or had shipped at its original "Longhorn" timetable of 2004, then been followed three years later by Windows 7, XP would not have had the opportunity to lock up the ecosystem for a decade. Pingree has a suggestion for Microsoft. ""If it's such a big problem, maybe they should offer an 'Extended Life' [support] subscription and charge for it."" -
Stuxnet Worms On
Numerous Stuxnet related stories continue to flow through my bin today, so brace yourself: Unsurprisingly, Iran blames Stuxnet on a plot set up by the West, designed to infect its nuclear facilities. A Symantec researcher analyzed the code and put forth attack scenarios. A Threatpost researcher writes about the sophistication of the worm. Finally, Dutch multinationals have revealed that the worm is also attacking them. We may never know what this thing was really all about. -
The Long Shadow of Y2K
Hugh Pickens writes "It seems like it was only yesterday when the entire world was abuzz about the looming catastrophe of Y2K that had us both panicked and prepared. Ten Years ago there were doomsday predictions that planes would fall from the sky and electric grids would go black, forced into obsolescence by the inability of computers to recognize the precise moment that 1999 rolled over to 2000 and for many it was a time to feel anxious about getting money out of bank accounts and fuel out of gas pumps. "Nobody really understood what impact it was going to have, when that clock rolled over and those digits went to zero. There was a lot of speculation they would reset back to 1900," says IT professional. Jake DeWoskin. The Y2K bug may have been IT's moment in the sun, but it also cast a long shadow in its wake as the years and months leading up to it were a hard slog for virtually everyone in IT, from project managers to programmers." "'People were scared for their jobs and their reputations," says CIO Dick Hudson, Staffers feared that if they were fired for failing to remedy Y2K problems, the stigma would prevent them from ever getting a job in IT again. "Then there was the fear that someone like Computerworld would report it, and it would be on the front page," Hudson adds. Although IT executives across the globe were confident that they had the problem licked, a nagging fear followed them right up until New Year's Eve. While most people were out celebrating the turn of the century, IT executives and their staffs were either monitoring events in the office or standing by at home. Afterwards came the recriminations and backlash as an estimated $100 billion was spent nationwide for problems that turned out to be minimal. Others says the nonevent was evidence the Y2K effort was done right. "It was a no-win situation," says Paul Ingevaldson. "People said, 'You IT guys made this big deal about Y2K, and it was no big deal. You oversold this. You cried wolf.' "" -
UN Officials Remove Poster Mentioning Chinese Firewall
At a UN-sponsored Internet Governance Forum in Egypt, anti-censorship group Open Net Initiative was startled by a demand from UN officials to remove a poster mentioning Chinese Net censorship. When ONI refused the request, security personnel arrived and took away the poster. The group was promoting a new book, Access Controlled, a survey of Internet censorship, filtering, and online surveillance. A witness said, "The poster was thrown on the floor and we were told to remove it because of the reference to China and Tibet. We refused, and security guards came and removed it. The incident was witnessed by many." Here is a video of the removal. -
FBI Bringing Biometric Photo Scanning To North Carolina, Via DMV
AHuxley writes "The FBI is getting fast new systems to look at local North Carolina license photos via the DMV. As the FBI is not authorized to collect and store the photos, they use the North Carolina Division of Motor Vehicles. The system takes seconds to look at chin widths and nose sizes. The expanded technology used on millions of motorist could be rolled out across the USA. The FBI's Integrated Automated Fingerprint Identification System is also getting an upgrade to DNA records, 3-D facial imaging, palm prints and voice scans." -
URL Shortener tr.im To Go Community-Owned, Open Source
Death Metal sends word that the owners of URL-shortening service tr.im are in the process of releasing the project's source code and moving it into the public domain. This comes after reports that the service may shut down and that they were entertaining offers from prospective buyers. From a post on the site's blog: "It is our hope that tr.im, being an excellent URL shortener in its own right, can now begin to stand in contrast to the closed twitter/bit.ly walled garden: it will become a completely open solution owned and operated by the community for the benefit of the entire community." They plan to complete the transition by September 15th, and the code will be released under the MIT license. In addition, "tr.im will offer all link-map data associated with tr.im URLs to anyone that wants it in real-time. This will involve a variety of time-based snapshots of aggregated destination URLs, the number of tr.im URLs created for any given destination URL, and aggregate click data." -
Malware Found On Brand-New Windows Netbook
An anonymous reader alerts us to an interesting development that Kaspersky Labs stumbled across. They purchased a new M&A Companion Touch netbook in order to test a new anti-virus product targeted at the netbook segment, and discovered three pieces of malware on the factory-sealed netbook. A little sleuthing turned up the likely infection scenario — at the factory, someone was updating Intel drivers using a USB flash drive that was infected with a variant of the AutoRun worm. "Installed along with the worm was a rootkit and a password stealer that harvests log-in credentials for online games such as World of Warcraft. ... To ensure that a new PC is malware-free, [Kaspersky] recommended that before users connect the machine to the Internet, they install security software, update it by retrieving the latest definition file on another computer, and transferring that update to the new system, then running a full antivirus scan."