Advertising - Instant Ads Set the Pace on the Web: Via NYTimes.com .

Now, companies like Google, Yahoo and Microsoft let advertisers buy ads in the milliseconds between the time someone enters a site’s Web address and the moment the page appears. The technology, called real-time bidding, allows advertisers to examine site visitors one by one and bid to serve them ads almost instantly.

For example, say a man just searched for golf clubs on eBay (which has been testing a system from a company called AppNexus for more than a year). EBay can essentially follow that person’s activities in real time, deciding when and where to show him near-personalized ads for golf clubs throughout the Web.

If eBay finds out that he bought a driver at another site, it can update the ad immediately to start showing him tees, golf balls or a package vacation to St. Andrew’s, Scotland, often called the home of golf. If a woman was shopping, eBay could change the ad’s color or presentation. [ Read more ... ]

Hackers exploit latest IE zero-day with drive-by attacks: Via Computerworld Cybercrime/Hacking News.

Hackers are exploiting the just-disclosed unpatched bug in Internet Explorer (IE) to launch drive-by attacks from malicious Web sites, security researchers said today.

"This attack appears to be rather targeted at the moment, but as with other unpatched vulnerabilities in the past, this has the potential to explode now that the word is getting out," said Craig Schmugar, a threat researcher at McAfee, in a blog post today.

Attacks are launched from Web sites in a classic drive-by fashion, said Schmugar and others. "Visiting the page is enough to get infected," Schmugar said.

Symantec also confirmed that it has spotted in-the-wild attacks exploiting the critical vulnerability in IE6 and IE7 that Microsoft acknowledged yesterday. "We're still seeing just limited attacks," said Ben Greenbaum, a senior research manager on Symantec's security response team. "The exploit is carried out simply by visiting a Web page hosting the vulnerability. When the browser opens the page, the exploit causes the user's computer to download and execute another piece of malware." [ Read more ... ]

The Weakest Link Redux: Via EFF.org Updates.

We often criticize DMCA takedown abuse here at EFF, but last week's Cryptome snafu highlights another facet of the problem: how a DMCA takedown for one item can result in the removal of lots of lawful material.

To recap, Cryptome posted Microsoft’s global criminal compliance manual. Microsoft sent a DMCA takedown notice to Cryptome’s domain name registrar and web hosting provider, Network Solutions, alleging that the post infringed copyright. Under the DMCA, a web hosting provider is protected from copyright infringement liability if, among other things, it “expeditiously” disables access to material properly identified in a DMCA takedown notice. Network Solutions asked Cryptome to remove the Microsoft compliance manual. Cryptome refused explaining that the document was posted in order to help the public better understand Microsoft's practices, and followed up with a DMCA counternotice. Network Solutions promptly shut down the entire Cryptome website. Thus, a complaint about a single document caused significant collateral damage to the perfectly legal material on Cryptome. [ Read more ... ]

U.S. Declassifies Part of Secret Cybersecurity Plan: Via Threat Level.

The Obama administration declassified part of the government’s cybersecurity plan Tuesday, publishing parts of it that discuss intrusion detection systems for federal computer networks and the government’s role in securing critical infrastructure.

The declassification announcement was made by Howard A. Schmidt, a former Microsoft security executive who in December was appointed cybersecurity coordinator by President Barack Obama. Schmidt was speaking at the RSA Security Conference in San Francisco, an annual industry conference for computer security professionals.

The government’s Comprehensive National Cybersecurity Initiative was launched in 2008 by President George W. Bush under a shroud of secrecy. The plan has 12 directives that cover the government’s strategy to protect U.S. networks — including military, civilian,  government networks and critical infrastructure systems — as well as the government’s offensive strategy to combat cyber warfare.

Civil libertarians criticized the Bush administration for failing to disclose the contents of the plan or allowing independent oversight of its implementation. Schmidt said that Obama recognized the need for some transparency. [ Read more ... ]

Cryptome's Publication of Microsoft's Compliance Manual is a Fair Use: Via EFF.org Updates.

Yesterday, Microsoft used a Digital Millennium Copyright Act (DMCA) takedown notice to demand that a copy of the "Microsoft® Online Services Global Criminal Compliance Handbook" (the Compliance Manual) be removed from Cryptome, a security website. As a result, Network Solutions felt obliged to takedown the entire Cryptome.org domain, a repository for thousands of important and controversial documents.

As is often the case, the ensuing uproar simply called more attention to the document in question. Yesterday evening, Microsoft wrote to Network Solutions and withdrew its takedown demand, while insisting that its copyright concern was nevertheless legitimate.

We appreciate that Microsoft acted quickly to correct its error, but are still disappointed that Microsoft nonetheless insists that, in the words of Evan Cox, outside counsel for Microsoft, "Microsoft has a good faith belief that the distribution of the file that was made available at that address infringes Microsoft's copyrights."

To the contrary, as we explain below, Cryptome's publication of the Compliance Manual is a clear fair use under the Copyright Act. [ Read more ... ]

Microsoft's new 'phone home' anti-piracy practice unacceptable, says critic: Via Computerworld Privacy News.

'At what point is one free of this' perpetual checking, asks Lauren Weinstein

The Internet advocate who blasted Microsoft in 2006 over the daily "phone home" habits of its anti-piracy software took the company to task again today for a new practice that will examine consumers' Windows 7 PCs every 90 days to make sure they're running legitimate copies of the OS.

Lauren Weinstein, the co-founder of People For Internet Responsibility (PFIR), urged Windows 7 users not to accept the option update to Windows Activation Technologies (WAT) when Microsoft begins seeding it to the Windows Update service later this month.

"The approach that Microsoft is now taking doesn't seem to make sense, even for honest consumers," Weinstein argued in a post to his blog. "Microsoft will trigger forced downgrading to non-genuine status if they believe a Windows 7 system is potentially pirated based on their 'phone home' checks that will occur at (for now) 90 day intervals during the entire life of Windows 7 on a given PC, even months or years after purchase. [ Read more ... ]

Report Details Hacks Targeting Google, Others: Via Threat Level.

It’s been three weeks since Google announced that it and numerous other U.S. companies were targeted in a recent sophisticated and coordinated hack attack dubbed Operation Aurora.

Until now we’ve only known that the attackers got in through a vulnerability in Internet Explorer and that they obtained intellectual property and access to the Gmail accounts of two human rights activists whose work revolves around China. We also know a few details about how the hackers siphoned the stolen data, which went to IP addresses in Taiwan, and about 34 mostly undisclosed companies were breached.

Now a leading computer forensic firm is providing the closest look so far at the nature of the attacks, and attackers, that struck Google and others. The report never mentions Google by name, or any other companies, but focuses on information gathered from hundreds of forensic investigations the firm has conducted that are identical to what we know about the Google hack. [ Read more ... ]

Microsoft Learned of IE Zero-Day Flaw Last September: Via Threat Level.

Microsoft was aware months ago of a critical security vulnerability well before hackers exploited it to breach Google, Adobe and other large U.S. companies but did not patch the hole completely until Thursday.

The software giant had intended to release a patch for the flaw in February — more than four months after learning about it, but had to speed up that plan and role it out this week in the wake of news that Google and others had been hacked through the flaw, the world’s largest software maker acknowledged Thursday.

Meron Sellen, a security researcher at BugSec, an Israeli firm, quietly reported the vulnerability to Microsoft in September, according to security firm Kaspersky.

Microsoft confirmed it learned of the so-called “zero-day” flaw months ago.

According to Microsoft, “An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. [ Read more ... ]

Adobe will be top target for hackers in 2010, report says: Via Computerworld Security News.

Adobe Systems' Flash and Acrobat Reader products will become the preferred targets for criminal hackers in 2010, surpassing Microsoft Office applications, a security vendor predicted this week.

"Cybercriminals have long picked on Microsoft products due to their popularity. In 2010, we anticipate Adobe software, especially Acrobat Reader and Flash, will take the top spot," security vendor McAfee said in its "2010 Threat Predictions" report (PDF).

Hackers usually target the most widely used products in order to achieve the maximum impact. [ Read more ... ]

Obama Appoints Former Microsoft Security Chief New Cyber Security Czar: Via Threat Level.

It took seven months but President Obama has finally found someone to take the cybersecurity czar job no one wanted.

Howard Schmidt,  a former Microsoft security executive and a one-time cybersecurity adviser to President George W. Bush, has been appointed to the position of cybersecurity coordinator, according to a White House announcement on Tuesday.

Schmidt served as vice chair, and then chair, of the President’s Critical Infrastructure Protection Board and as Special Adviser for Cyberspace Security for the White House from December 2001 until May 2003, when he reportedly left the position out of frustration that the government wasn’t making cybersecurity a priority. After leaving the White House, he became chief information security officer at eBay. [ Read more ... ]

Hackers Brew Self-Destruct Code to Counter Police Forensics: Via Threat Level.

Hackers have released an application designed to thwart a Microsoft-packaged forensic toolkit used by law enforcement agencies to examine a suspect’s hard drive during a raid.

The hacker tool, dubbed DECAF, is designed to counteract the Computer Online Forensic Evidence Extractor, aka COFEE. The latter is a suite of 150 bundled, off-the-shelf forensic tools that run from a script. Microsoft combined the programs into a portable tool that can be used by law enforcement agents in the field before they bring a computer back to their forensic lab. The script runs on a USB stick that agents plug into the machine.

The tools scan files and gather information about activities performed on the machine, such as where the user surfed on the internet or what files were downloaded. [ Read more ... ]

Google Adds Social Search to Labs: Via Reviews by PC Magazine.

On the heels of Google and Microsoft's decisions to incorporate Twitter postings into Google.com and Bing, Google on Monday announced an experimental Labs feature that will peruse a user's social networks for search results.

Google Social Search is intended to "find more relevant public content from your broader social circle," Google said in a blog post.

Social Search will pull from Google services like Gmail and Reader, as well as social networks like Twitter, Facebook, or LinkedIn. To participate, create a Google Profile and add links to social networking sites you want Google to search. You can then activate Social Search via Google Experimental Labs. [ Read more ... ]

Sneaky Microsoft plug-in puts Firefox users at risk: Via computerworld.

Patches critical bug, exploitable because of add-on silently slipped into Firefox last February

An add-on that Microsoft silently slipped into Mozilla's Firefox last February leaves the browser open to attack, Microsoft's security engineers acknowledged earlier this week.

One of the 13 security bulletins Microsoft released Tuesday affects not only Internet Explorer (IE), but also Firefox, thanks to a Microsoft-made plug-in pushed to Firefox users eight months ago in an update delivered via Windows Update.

"While the vulnerability is in an IE component, there is an attack vector for Firefox users as well," admitted Microsoft engineers in a post to the company's Security Research & Defense blog on Tuesday. "The reason is that .NET Framework 3.5 SP1 installs a 'Windows Presentation Foundation' plug-in in Firefox."

The Microsoft engineers described the possible threat as a "browse-and-get-owned" situation that only requires attackers to lure Firefox users to a rigged Web site. [ Read more ... ]

Microsoft Recovers Lost Sidekick Data - WSJ.com: Via WSJ-Wall Street Journal.

Microsoft Corp. said Thursday that it has been able to recover the personal customer data lost from many of T-Mobile USA's Sidekick devices.

The Redmond, Wash., software giant said that most, if not all, customer data was recovered, and that the company would begin restoring data as soon as it has validated it. The company said it will start with personal contacts, and move on to the lost calendar, notes, tasks and pictures as quickly as possible.

The fix comes as Microsoft suffers through a public backlash after mishandling the information found on the Sidekick line of messaging phones, which are popular with teenagers. T-Mobile already has offered affected subscribers a free month of data services and a $100 gift card. At least one customer has filed a lawsuit against both companies. [ Read more ... ]

Microsoft Loses Sidekick Users' Personal Data: Via Business Center - PC World.

Contacts, calendar entries, photographs and other personal information of Sidekick users has almost certainly been lost for good following a service disruption at Sidekick provider Danger, the Microsoft subsidiary said on Saturday.

The amount of data and number of users affected wasn't disclosed by Microsoft or T-Mobile, but the Sidekick support forums are buzzing with pleas from users looking for tips on how to restore their devices or get their data back.

On Saturday, Microsoft said any data that users had on their devices and is no longer there has almost certainly been permanently lost. [ Read more ... ]

Microsoft Security Bulletin MS09-048 - Critical: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723): Via Microsoft Security Bulletin.

This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. [ Read more ... ]

Michael Geist - Microsoft Misleads on Copyright Reform - Via Michael Geist:

The Hill Times this week includes an astonishingly misleading and factually incorrect article on Canadian copyright written by Microsoft. The most egregious error comes in the following paragraph which attempts to demonstrate why Microsoft thinks reform is needed: [ Read more ... ]

PC World - Privacy Groups Oppose Microsoft-Yahoo Deal - Via PC World:

Regulatory agencies in both the U.S. and Europe must approved the proposed acquisition, which is already drawing ire.

Privacy groups are promising a fight before U.S. regulatory agencies if Microsoft 's offer to buy Yahoo for $44.6 billion is accepted, and the deal could face significant hurdles in Europe as well.

Microsoft announced that it sent an offer to Yahoo' s board of directors on Thursday, going public with the news Friday morning. Immediately, the executive directors of the Center for Digital Democracy (CDD) and the Electronic Privacy Information Center (EPIC) said the acquisition would raise serious privacy concerns. [ Read more ... ]

Microsoft Tells Congress That Google-DoubleClick Would Create Panopticon Monopoly: "

Allowing text-ad giant Google to purchase banner-ad giant DoubleClick would let Google become the 'overwhelmingly dominant pipeline' for online advertising, creating a monopoly that would harm consumers, advertisers and publishers alike, Microsoft counsel Brad King told a Senate panel Thursday. [ Read more ... ]

Google and Microsoft Look to Change Health Care - New York Times: By combining better Internet search tools, the vast resources of the Web and online personal health records, both companies are betting they can enable people to make smarter choices about their health habits and medical care.

“What’s behind this is the mass consumerization of health information,” said Dr. David J. Brailer, the former health information technology coordinator in the Bush administration, who now heads a firm that invests in health ventures.

It is too soon to know whether either Google or Microsoft will make real headway. Health care, experts note, is a field where policy, regulation and entrenched interests tend to slow the pace of change, and technology companies have a history of losing patience.

And for most people, typing an ailment into a Web search engine is very different from entrusting a corporate titan with personal information about their health. [ Read more ... ]

Macworld: News: Hacker strips DRM from streaming Netflix movies: A hacker has posted instructions for how to save streamed movies from the Netflix service, undermining Microsoft’s copy protection technology designed to prevent people from saving the content.

The hack is the latest in an escalating technical war by hackers against DRM (Digital Rights Management) technologies, which limit how music and movies can be used in order to prevent piracy. [ Read more ... ]

Microsoft DRM Code for Netflix Streams Hacked: "reddburn writes 'Macworld has posted a story by IDN News Service about a hacker who posted instructions for saving streaming movies from Netflix, defeating Microsoft's DRM code designed to prevent users from saving the content. [ Read more ... ]

E-Commerce News: Privacy: Microsoft Joins Privacy Parade: "Closely following announcements regarding privacy policies from competitors Google and Ask.com, Microsoft has trumpeted a new strategy of its own for its Live Search utility. The company has enacted what its says are enhanced steps to protect the privacy of Windows Live users. It also called for an industry-wide discussion to develop global privacy principles for data collection. [ Read more ... ]

Ask.com Takes the Lead on Log Retention; Microsoft and Yahoo! Follow: "

We've often regretted that the most popular search engines have been keeping a dossier of everything you search for -- forever. It's easy to forget just how intrusive this kind of record can be until something like the AOL search history leak occurs and confronts users with even a portion of the search logs that track their everyday on-line activities. These logs are a tempting target for subpoenas (although most search companies refuse to reveal how often they receive subpoenas or how much data they disclose); they imply an on-going risk that this sensitive data may be stolen or leaked. [ Read more ... ]

Microsoft Patents the Mother of All Adware: An anonymous reader writes "Ars Technica has an article on the mother of all adware patents filed by Microsoft: 'It's such a tremendously bad idea that it's almost bound to succeed. Microsoft has filed another patent, this one for an "advertising framework" that uses "context data" from your hard drive to show you advertisements [ Read more ... ]