Monday, August 20, 2007

The true effect of Windows Update

This one is too good to keep.

Apparently Skype is claiming that their recent outage was due to a lack of network resources prompted by lots of people rebooting their PCs at once after a windows update. Skype's network had previously been though to be resilient to attacks due to the distributed nature of the network, but it seems like the old adage "It works better if you turn it on" is applicable here.

Skype's comment on the situation is here. Looks like this situation also brought to light a previously unknown bug in their network resource allocation algorithm, so finding and fixing the bug might be a silver lining to all the abuse they've taken over the outage.

Yes, I know, this isn't strictly spyware-related, but I consider update-related issues to be relevant, as most of the patches distributed by Windows Update are security fixes.

Zango's at it again

Looks like there's another example of spyware publishers desperately trying to protect their business model using the courts as a bludgeon. Zango seems to have a knack for finding the little guys in the community (in this case, a single individual effort, not for profit) and threatening them with all kinds of nastiness. Granted, in this case the domain in question is http://zingozango.com which might, if you squint real hard, and you knock your ruby slippers together three times, and dance naked under the harvest moon, and said moon is in the fifth house of Aquarius with a retrograde Mercury, potentially be misinterpreted as use of Zango's legitimately registered trademark. More than likely, it's simply fair use. Here is something I found on the web that relates to the case, at least obliquely; it refers to cases in which companies have used the courts to attempt to silence critics on the web.

Posted on Sunbelt's blog first. *shakes fist* You're too quick for the rest of us, Alex.

Tuesday, August 14, 2007

TJX to take $118 million charge for data breach

Personally, I think they're getting off easy. These folks lost 45.6 million credit and debit card accounts from their customers, so that works out to about $2.59 per lost account. That won't even cover a late charge for each person affected.

While strictly speaking this isn't spyware-related news, from time to time I'll be posting security related items that I think are significant. TJX is based here in Framingham, and is responsible for employing a whole lot of people.

What I kind of find unbelieveable is the fact that TJX's profits were actually UP 31% over the same quarter last year. You would think people would want to avoid doing business with a company that doesn't look out for its customers' personal information. Looks like we've all got a lot of work to do educating people.

Monday, August 13, 2007

DirectX vulnerability found

Look at that, not even 10 minutes, and I've got a new post.

Alex Eckleberry's posts over at the Sunbelt Software blog should be required reading for anyone concerned with security; I read everything over there.

Today he's got something in an ActiveX control that seems to be potentially dangerous, allowing for arbitrary code execution (really bad) and crashing any app using the control (also quite bad.)

Yet another reason to use Firefox. ActiveX was a good idea, but now, not so much in my opinion.

We've updated our look

Blogger made us change the template, so I've chosen this one to coincide with the renewal of new posts to the blog. I'm Zach, the Lead Research Engineer for SpyCatcher here at Process software (who purchased Tenebril about a year ago.) I'll be trying to get the word out about topics that I think will benefit the community, as well as asking the community for opinions/help with other issues.

I'll be blogging at you soon!