Apparently Windows running on a Xeon Server, (about the cheapest Intel server you can buy that isn’t based on a desktop machine) is cheaper to buy and run then Linux on an IBM mainframe. (probably one of the most expensive servers you can buy.)

Now, put your hand up if you believe after reading this that it means that Windows is cheaper then Linux. (If your hand is up right now and you don’t do marketing for Microsoft, turn off your PC, and check yourself into a clinic, because you need help.)

The Advertising Standards Authority in the UK, have agreed that Microsoft’s advertisement comparing Windows on a Xeon server to Linux on an IBM mainframe isn’t exactly a fair comparison and have labeled it potentially misleading advertising. (I’ve always found the poms penchant for understatement curious.)

(more…)

Jasc Software has released a new pair of products. Their popular Paint Shop Pro, a competitor of Photoshop, has become similar in one more way, two versions. One called Studio, is more intuitive and light, much like Photoshop Elements is meant to be I think. The other, Paint Shop Pro 9 (Nine) is meant for the more serious digital worker.

In a recent article in Consumer Reports magazine, PSP didn’t fare too well because the magazine placed emphasis on ease of use. For those wanting that ease of use … there you go. I think I would prefer the features, although I have to admit I have not found PSP 8 (Eight) nearly as easy to use as versions 6 and 7 that I initially “fell in love with.”

SPAM is a huge money earning business, both for the companies using it to sell products, and the companies selling products to stop it.

One of the worries of the spammer is getting caught and being prosecuted. This has been made more of a problem by new laws in many parts of the world outlawing unsolicited commercial email, though this doesn’t just relate to normal spammers, virus writers and phishing scammers use the same techniques to avoid the authorities and they are even more invasive and illegal activities.

In an effort to continue their nefarious activities, while lessoning the risks, the spammers are starting to merge or make deals with proponents of other, even worse online activities, such as cracking and virus writing. The latest trend is to use a world wide network of hacked or virus infected PC’s most of which are running one of the many recent Windows virus’s that installs a back-door into the PC (unbeknownst to their owners) to host websites that are nearly untraceable by conventional means.

(more…)

According to recent research by the Internet Storm Cente, if you buy a flash new computer with Windows XP, take it home, plug it in and connect to the net, you have 20 minutes before it is compromised by malicious code. The malicious code in question is usually a virus like mydoom, sasser or bagle, some of which require no user help at all to infect a PC, just being connected to the net is enough to start the process.

Twenty minutes is not long enough to even begin the process of installing all the Windows updates required to give you some degree of protection, and many people who have just bought a new PC don’t even know that they should run windows update in the first place.

So what is a hapless user to do? Well the first thing is to turn on the ICS firewall. (something that the XP Service Pack 2 now does for you, but that makes no difference to people that don’t yet have SP2.)

You can read more about the problem at isc.sans.org and you can read their “Windows XP, surviving the first day” article here (PDF).

Regards

Franki

Well, that didn’t take long did it? The first bug in IE that has come out after SP2, and that Service Pack 2 for Windows XP doesn’t fix has been found.

Secunia.com has found a new “highly critical” flaw in Internet Explorers “drag and drop” system that allows a malicious site to put an executable file onto the users file system, or as they put it:

“The vulnerability is caused due to insufficient validation of drag and drop events issued from the “Internet” zone to local resources. This can be exploited by a malicious website to e.g. plant an arbitrary executable file in a user’s startup folder, which will get executed the next time Windows starts up.
http-equiv has posted a PoC (Proof of Concept), which plants a program in the startup directory when a user drags a program masqueraded as an image.”

(more…)

Folks in encryption circles are probably a bit nervous with the news that MD5, SHA-0 and possibly also SHA-1 hashing algorithms have been found “crackable”. These algorithms are used for among other reasons, “signing” data or files. If the file or the data changes even a tiny bit, it no longer matches the hash and as a result you can find out when the file or data has been tampered with.

SHA-1 is considered a high end algorithm, even used in SSL connections, so the ramifications of it failing are fairly extreme. Time for the boffins to come up with something stronger. Since cracking algorithms requires lots of horsepower, one of the downsides of our ever increasing computer speed, is that breaking the algorithms becomes within reach of fairly lowtech low cost hardware. So as CPU horsepower increases, so does the need for new stronger encryption technologies.

(more…)

Yet another security flaw has been found in Internet Explorer (versions 5.01, 5.5 and 6). Gee, what a surprise. 🙂

This flaw is related to Phishing, which is the art of replacing the contents of a “trusted” web page with content from an untrusted source, and doing it without changing the address bar URL to reflect the new content source.

This sort of thing is used to trick people into thinking they are logging into their online banking site (for example), when instead they are handing their username and password to some nasty souls who will use it to put all your money into their pockets.

You can read about it here: Secunia. Secunia have also released a demo of the flaw that you can try here.

(more…)