In what has to be the oddest arrest of the decade, a man decided to donate money to the tsunami relief effort, so he logged onto the net with his Sun Solaris machine, and fired up Lynx, (a text based browser that has been around for decades on Unix and Linux machines) headed over to the British Telecom (BT) donation site and made his contribution. Not long thereafter, police busted in on him during lunch and arrested him. The reason? well some schmuck at BT read the access log of the server and decided that browsing with Lynx was just odd enough to call it cracking and so raised the alarm. With knowledge like that, I would not be surprised to learn that the unknown tech who raised the alarm was an MCSE. 🙂 Guys, get a grip, there are dozens of web browsers out there, the world doesn’t come down to only IE, Mozilla and Opera, some of these alternative browsers have been around for much longer then IE. The only thing that could have made worse press for BT, would be if they had broken in the door and arrested a blind dude for using his screen reader. Read the full story at BoingBoing

InternetNews has this new story, detailing a new job listing Google have placed looking for (among other things) a project manager experienced in SourceForge (One of the biggest Open Source repositories on the net) as well as experience with Open Source licences and management tools. In the past week Google have employed two other OSS programmers, (both from the Firefox dev team). The new position will be answerable to Chris DiBona, who is known for this work on the SlashDot site. I wonder how long it will be till we find out what the purpose of all this will be. Is this another sign of a forthcoming Google browser (possibly based on Firefox)? Only time will tell.

A new Windows only worm has appeared, and this one uses weak installations of the MySQL database server on Windows running machines. The worm uses a list of 1000 passwords to try and get admin user in MySQL, and if it does, it uses a known exploit to install malicious code onto the server. The “owned” machine will then join an IRC server and await instructions. (apparently the current instructions are to look for other machines to infect, but that could change.) The name of the worm is Forbot, and you can read about it further here.

So folks, if you are silly enough to have a Windows server running MySQL, and that copy of MySQL is not locked down to disallow remote root access, and there is no decent password, (a good password is at least 8 characters, and a mix of letters, numbers and symbols), then now is a good time to scan your system for the exploit. There is no reason to allow remote root access over the net. In fact I go further then that and locked all our users down to all localhost or local network connections only. (We are running Linux servers, so this isn’t applicable anyway, but tight settings are a good basis for any server. ) It seems to me that the main issue that leads to such compromises is people not considering the security implications of a specific action. The best way to set up security, is to lock the machine up totally, so it cannot do anything, and then lower that step by step till you can achieve only exactly what you need.

While working on increasing the search engine findability of a site we worked on recently, I happened on to a new Beta over at Google that I had not seen before. It is not listed off of the front page at Google, nor is it listed on the Google Options page. It is Google Video and it searches the closed caption text from television shows and delivers that text along with a screenshot taken at approximately that time. Interesting little bit if you missed your show this week I guess. Now you can read it.

This is the latest addition to the google labs projects. Keep an eye on these folks, they do some pretty neat stuff.

Want the latest Microsoft Press releases delivered to you? You not only need to register, but you need Passport. Why not RSS Bill? The rest of the world is using it … or doesn’t that allow enough private information to be collected? Why passport and not simply an email address? This is why people don’t trust you guys.

“In the second half of 2005, visitors to the Microsoft Download Center (http://www.microsoft.com/downloads) and Windows Update (http://v5.windowsupdate.microsoft.com/v5consumer) will be required to participate in Windows Genuine Advantage to access all content. To help customers who may require more time to move to genuine Windows software, Microsoft is offering security updates through Automatic Updates in Windows, with or without Windows Genuine Advantage validation.” (Source: Microsoft to Implement Worldwide Anti-Piracy Initiative)

For some time now MicroSoft has been trying to get people to verify that their copy of Windows is valid and licensed. In-and-of-itself, requiring people to be legit to gain services isn’t a truly bad thing. However, it causes difficulty in two specific cases: 1) they say you aren’t valid when you in fact are; and 2) they gather additional information beyond that required to determine validity (historical example). You wouldn’t take your Ford to a GM dealer for warranty service. On the other hand, when you look at it you know it is a Ford.

MicroSoft will begin requiring users in three countries to prove thier validity of license before they can get serviced as of February 7, 2005 … and the rest of the world won’t be far behind.

A new worm doing the rounds called “W32/Cisum.A” has an added twist. If you get infected by this thing, it will tell you how silly you are by playing an MP3 containing the words “You are an idiot” over and over. The worm also tries to shut-down firewalls and anti-virus apps as well as any running copies of the Bagle and Netsky Viruses it happens to fine. It spreads by copying itself to network drives, so it’s not likely to spread too widely. Read InternetNews for more.