Updated: 9/18/2002; 10:55:57 PM


The FuzzyBlog!
Marketing 101. Consulting 101. PHP Consulting. Random geeky stuff. I Blog Therefore I Am.

Friday, August 23, 2002

Microsoft warns of Office, IE risks

Yikes!  Read to the end and you see:

>> The Office-related programs vulnerable to attacks include Microsoft Office 2000, Office XP, Money 2002, Money 2003, Project 2002, as well as server software related to such client software, Microsoft said.

So what you are basically saying is that about $18 billion in (Office is, I think, a $6 billion per year business) revenue over a 3 year span (1999 - 2002) is affected by this.  The obvious questions that come to mind:

  • Shareholder lawsuits against Microsoft for putting such a large portion of their annual revenue at the risk of such obviously fragile, insecure code.
  • Where's the lawsuit for the cost that this causes to corporations forced to update MASSIVE quantities of machines?  Bear in mind that it's pretty much impossible to buy some computers without Office (like Dell). 
  • Class action lawsuits against third parties that supply Office bundled with their hardware since it is obviously insecure and a security risk.  While the EULA may safeguard Microsoft from a lawsuit, what about a third party reseller?
  • Where's my rebate for the costs associated with this update?  Or my discount against future earnings?

As an ISV, I find the prospect of lawsuits like these horrifying to say the least.  But, as someone who has also been partially responsible for corporate IT, the prospect of having to immediately apply a security patch to hundreds if not thousands of machines, often laptops out in the field, it makes me want to take an axe to Christopher Budd's car.  And then gasoline on top of it.  And then a match. 

>> Microsoft, shaken by break-ins to its system and vulnerabilities in its software, launched a "trustworthy computing" campaign earlier this year to improve the security of all of its software.   Since that initiative, which Chairman Bill Gates said had cost the company $100 million so far this year, Microsoft has issued at least 30 security bulletins for flaws in its software.

When you come right down to it, $100 million is pocket change compared to what it will cost an organization to do the updates.  Microsoft gets off dirt cheap on these things and that's just not right.  In any other industry when a manufacturer screws up severely, they bear the costs of fixing it.  Think about car recalls -- why isn't Microsoft required to send an SE out to every machine to update Office?  Or pay the cost for a computer service person to do it?

Makes you think....

By Reuters
August 22, 2002, 9:45 PM PT

From: http://news.com.com/2100-1001-954973.html?tag=fd_top

Microsoft said Thursday that "critical" security lapses in its Office software and Internet Explorer Web browser put tens of millions of users at risk of having their files read and altered by online attackers.

The world's leading software maker said that an attacker, using e-mail or a Web page, could use Internet related parts of Office to run programs, alter data and wipe out a hard drive, as well as view file and clipboard contents on a user's system.

Office, which runs on Windows and is used to write documents and crunch numbers, is a major producer of revenue for Microsoft.

 

"Microsoft is committed to keeping customers' information safe, and is providing a patch that eliminates three vulnerabilities in Office Web Components," Microsoft Security Program Manager Christopher Budd said in an e-mail.

In addition, Microsoft reported vulnerabilities in the three latest versions of its dominant Internet Explorer browser software that allows infiltrators to read files.

Microsoft urged users to fix the glitches by downloading software patches from Microsoft's TechNet Web site.

"It's important that users get the patch," said Russ Cooper, head of security at TruSecure, a computer security company, and editor of NTBugTraq.

"Typically with these types of issues it will be six to nine months until we see a massive attempt to start exploiting it," Cooper said, adding that a preemptive patch was critical.

Since Office is used by at least 100 million users, the risk of widespread attacks was significant, Cooper said.

The security warnings are the latest headaches for the Redmond, Wash.-based software company.

Microsoft, shaken by break-ins to its system and vulnerabilities in its software, launched a "trustworthy computing" campaign earlier this year to improve the security of all of its software.

Since that initiative, which Chairman Bill Gates said had cost the company $100 million so far this year, Microsoft has issued at least 30 security bulletins for flaws in its software.

Last week, security experts reported serious flaws in the Internet Explorer browser and a complementary encryption program that could expose credit card and other sensitive information of Internet users.

The Office-related programs vulnerable to attacks include Microsoft Office 2000, Office XP, Money 2002, Money 2003, Project 2002, as well as server software related to such client software, Microsoft said.

Microsoft said it is not aware of any specific security breaches or the amount of any potential damage that might have occurred due to vulnerabilities in its software.


9:13:46 AM  Google It!  comment []   IM Me About This  

Hit Charade: The music industry's self-inflicted wounds.

By Mark Jenkins
Posted Tuesday, August 20, 2002, at 8:19 AM PT

(Recommended Reading -- And Please Email It to Your Congress Person & Senator)

2001 may not be the year the music died, but the pop biz did develop a nagging headache, and it's not going away. The recorded-music industry's first slump in more than two decades continues this year; the number of discs sold is slipping and so is the appeal of last year's stars. Britney Spears' latest album has moved 4 million copies—a big number, but less than half what its predecessor did.

The Recording Industry Association of America, which represents the five major labels that dominate CD retailing, would like to blame much of the slide on Internet music-file swapping. Yet there are many other causes, including the fact that the big five are all units of troubled multinationals—AOL Time Warner, Vivendi Universal, BMG, EMI, and Sony—that are focused on short-term gain and have no particular interest in the music biz.

Slate: http://slate.msn.com/?id=2069732


7:54:59 AM  Google It!  comment []   IM Me About This  

Marketing 101 : When Good People Do Things That Make Them LOOK Like a Spammer!

One of the very, very, very hard things about using email as a marketing tool is that the first impression (and you know I'm big on first impressions) people get can be wildly different.  Here are the three basic 1st impressions that you get from an email you receive:

  • Subject Line
  • Subject Line with Short Preview
  • Subject Line Above and Preview Pane Below

Now, like many people these days, I have my preview pane turned off to minimize the amount of spam I receive.  What's that?  You didn't know that the preview pane led to spam?  Here's a Public Service Announcement:

==> Read Story <==


7:44:25 AM  Google It!  comment []   IM Me About This  

Look!  Up in the Sky!  It's a Bird!  It's a Plane! It's an Effective Web Ad!!!  (Crowd Goes Wild)

I guess the definition of "effective" would be did it make money for the advertiser.  I have no way to know.  But I actually:

  • Noticed It
  • Read It

First web ad in years I can say that about.

From Slate: http://slate.msn.com/?id=2069732


7:04:48 AM  Google It!  comment []   IM Me About This  

An Option for ISP's receiving MPAA Enforcement Actions

IANAL (I am not a lawyer).  Still this makes logical sense to me (which means that it wouldn't
matter in the grand legal scheme of things) but anyway.  I just saw this from www.scripting.com :

http://db.tidbits.com/tbtalk/tlkmsg.lasso?MsgID=14846

OK, we just had a shot fired across our bow... 
It looks like a client/user on
 our network is running a
 Gnutella client and has some 
"Simpsons" stuff. 
....

Here's what I just emailed this ISP:

Hi there,

I saw the posting there. 

These people are clearly using up your network resources by executing the equivalent of some type of port scanning on your network to confirm that the user belongs to you.  Why don't you simply filter the DNS names and IP addresses owned by "World Wide Internet Enforcement" (or the MPAA) and prevent them from accessing you -- or CHARGE them for the privilege of monitoring you.  Why should you allow your bandwidth to be taken up by people that deningrate your connectivity services and force you to harass your users?

And since receipt of an email may constitute acknowledgement / notification of this problem, set up an automatic email bounce from mpaa@copyright.org and other related addresses back to them.  This would force them to to notify you via paper mail. And then you could have a policy which says "We require this to be filed with us in person at our physical offices on the one day per month that we deal with this." A business is allowed to have its own policies as long as they are justifiable. The rationale here is that you are protecting the privacy of your individuals and making sure that the MPAA takes this seriously by forcing them to do it in person.  It also does drive up the costs of their notification process dramatically but that is your right (at least I believe it is).  After all the Federal government has lots of policies like this (can't renew a drivers license online, etc).  So do big companies all the time.  Why can't a little ISP?

http://db.tidbits.com/tbtalk/tlkmsg.lasso?MsgID=14846

Just my .02.

Scott

Another option is to throw up one of the legal disclaimers all too common in the Internet Porn and Warez sites which states that you cannot enter this site, pursuant to (fill in law here; can't remember) if you are doing so for the purposes of monitoring content. 

Any attorneys out there who have a suggestion?


2:54:15 AM  Google It!  comment []   IM Me About This  




August 2002
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
Jul   Sep





FontFixer!

Click to see the XML version of this web page.

Subscribe to "The FuzzyBlog!" in Radio UserLand.

Click here to send an email to the editor of this weblog.

Scott/Male/31-35. Lives in United States/MA/Boston/Nahant, speaks English. Spends 80% of daytime online. Uses a Fast (128k-512k) connection. And likes Open Source / PHP/Cooking.





See Me Speak at this Conference!



I Might Speak at this Conference!




jenett.radio.console.v1.1
theme designed by
jenett.radio

Contact Info:





"FontSafe" Blogs
Resizable Text

Simon -
 An Absolute Star of a Web Developer


Frank --
 OSX, OSX, OSX


Matt Mower --
 LiveTopic and Much More

Tony -
 Just Plain Smart


Kasia --
 Movable Type, Perl, Being the owner of
www.Unix-Girl.com

Adam --
 No one can debate that this is the coolest blogger of them all.


Ealasaid --
 A Fan (not of me) & Writer


Natrak -
 Quality SW


Eszter -
 Sociology


Nonesuch -
 Funny


Paolo --
 eVectors & Italy


Joe --
 Indonesia and Lots More


John --
 Wow!


Mark --
 Python, Accessibility and More


Andy --
 User Interfaces


kRadio --
 A Damn Good Blogger


Dave --
 Beyond Description


Netcrucible --
 Life at Microsoft


Jeremy --
 Open Source at Yahoo & More


Danger! --
 Will Robinson! Well Hiptop at least


Kalsey Group --
 Consulting, Movable Type and More


Mark --
 Mozilla, UI stuff More


Decafbad --
 Open Source Stuff, Wikis


Garth --
 Audio Blogging


Dewayne --
 Knowledge Management


Camworld --
 What can I say ?


Russell --
 Java, Being an American in Spain



Copyright 2002 © The FuzzyStuff

Force Google to Index This 1 Force Google to Index This 1 Force Google to Index This 1