Yeah. It’s true. For the first time, Mac users have a significant malware problem. But, hey, it could be worse. You could be running Windows. After all, Microsoft, not some third-party anti-virus company trying to drum up business, has just admitted that based on analysis gained from IE 9 use that, “1 out of every 14 programs downloaded is later confirmed as malware.”
If I may quote from Matthew 7:5, the King James Bible, “First cast out the beam out of thine own eye; and then shalt thou see clearly to cast out the mote out of thy brother’s eye.”
Windows has far, far more malware trouble than Macs, and I can’t resist mentioning that after in twenty-years of Linux, we’ve seen a real-world example of Linux malware. Ironically, this latest appalling Windows malware numberis shared in a Microsoft blog about how well SmartScreen Application Reputation is working in IE9.
A trio of German security researchers from the University of Ulm have looked into the question of whether “it was possible to launch an impersonation attack against Google services and started our own analysis. The short answer is: Yes, it is possible, and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs (application programming interface).” In other words: We are so hosed.
The problem is in the way that applications which deal with Google services request authentication tokens . These tokens are sometimes not even encrypted themselves and are good, in some cases, for up to two weeks. All a hacker has to do is grab these off an open Wi-Fi connection and you have the “key” to someone’s Gmail account, their Google calendar, or what have you.
It’s not just limited to Android apps though. The researchers also report that “this vulnerability is not limited to standard Android apps but pertains to any Android apps and also desktop applications that make use of Google services via the ClientLogin protocol over HTTP rather than HTTPS.”
Grabbing this information off the air is trivial. While it’s not as easy as using Firesheep to hi-jack a Web session, anyone with a lick of hacking talent and a network protocol analyzer such as WireShark can grab your tokens. With those in hand they can then change your Google passwords or do anything else they want with your various Google accounts.
amela “PJ” Jones, editor and creator of Groklaw, the leading open-source legal news and analysis site, has kept her word. After eight years, PJ is leaving Groklaw. The site though will continue under the guidance of Mark Webbink.
Mark Webbink is also Executive Director of the Center for Patent Innovations, a research and development arm of New York Law School’s Institute for Intellectual Law & Property. Webbink is also a board member of the Software Freedom Law Center (SFLC). Before that, he was Red Hat’s Senior Vice President and General Counsel. In short, Webbink knows intellectual property (IP) law and open source about as well as anyone on the planet.
Still, stepping in for PJ won’t be easy. While “only” a paralegal, her unflagging efforts lead to Groklaw becoming the go-to site first for SCO legal news and analysis and then the whole world of IP law and its effects on open-source software.
Did Skype’s total failure last holiday season get you worried? Are you tired of Skype’s generally poor quality even at its free price-tag? Afraid of what Microsoft might do with Skype? According to ZDNet’s own unscientific survey, 41% of you are less likely to use MS-Skype.
So, what can you use instead of Skype? Here’s my own personal list of Voice over Internet Protocol (VoIP) and video-conferencing favorites. I’ve used all of these at one time or another and I was happy with the results. I also continue to use two of these programs.
What the programs I like all have in common is that they use open-protocols. These are SIP (Session Initiation Protocol) standard and Extensible Messaging and Presence Protocol (XMPP). This means if you have SIP or XMPP client you can use it to talk to anyone using a compatible client; if that is, they’re on the same VoIP network.
For example, Iptel, Ekiga.net, and ippi are all fine SIP networks, but if you’re only on one of them you can’t talk to other SIP VoIP users on the other two and vice-versa. The same is true of XMPP/Jingle networks, and, for that matter all the other VoIP networks.
Skype, the voice over Internet Protocol (VoIP) and video program, is very popular. It’s also pretty bad software. Really, what were you thinking Ballmer when you wrote a check for $8.5-billion for Skype? You do know that not even two years ago Skype was valued at $2.75-billion right?
Here’s the simple truth. Skype has historically had many software problems and late last year the entire Skype network crashed for several days, we can pretty count on these kind of problems showing up on a regular basis.
You see, Skype is a modified peer-to-peer (P2P) network application. Skype started as a variation of the now outdated Kazaa P2P file-sharing program. When you make a Skype call your voice and video is encoded with a 256-bit Advanced Encryption Standard (AES) encryption key and then passed from one Skype PC to another between you and whomever you’re calling.
Fiberlink, an enterprise mobile management company that supports endpoints at companies such as Bank of America, Bayer and Volkswagen, reports that the days when you could support a single mobile platform are history. According to its numbers, only 28 percent of companies support a single mobile operating system, while 22 percent support three and 33 percent support four or more.
Mike Sedehi, senior IT operations manager at Matson Navigation, a major Pacific Rim logistics firm, says the biggest problem with supporting several platforms is “not having a proper device-management tool to effectively secure, monitor and update the devices in a controlled environment. A user can take their device home and update it. Or worse, the service providers simply push updates to the device, bypassing our controls.”
