NBC-Vista copy-protection snafu reminds us why DRM stinks - Via Ars Technica :

Handfuls of Windows Vista Media Center users found themselves blocked from making recordings of their favorite TV shows this week when a broadcast flag triggered the software's built-in copy protection measures. The flag affected users trying to record prime-time NBC shows on Monday evening, using both over-the-air broadcasts and cable. Although the problem is being "looked into" by both NBC and Microsoft, the incident serves as another reminder that DRM gives content providers full control, even if by accident.

Vista MCE users began reporting problems on Monday evening, starting with posts on the popular DVR-enthusiast forum on The Green Button. While trying to record shows like American Gladiator and Medium, Vista users were presented with an error that read, "Recording cancelled. [TV show] cannot be recorded. Restrictions set by the broadcaster and/or originator of the content prohibit recording of this program." The Green Button user justinjas posted a screenshot of the error on his blog. [ Read more ... ]

LAWTECH GURU BLOG by Jeff Beard: Windows Vista Security: Pros and Cons, Third Party Solutions Still Needed: "Vista has a number of new security features, such as a two-way firewall, Windows Defender, UAC (User Account Control), BitLocker Drive Encryption, and more. These are certainly improvements over XP in terms of baking more security into Windows. My thoughts and experiences with them so far, along with recommendations for third-party security apps where needed: [ Read more ... ]

SignOnSanDiego.com > News > North County -- Media plan to fight for open records: "Three news organizations, including The San Diego Union-Tribune, are seeking to join a court fight over whether to keep public the names of employers who hire day laborers in Vista.

The Union-Tribune, Los Angeles Times and the California Newspaper Publishers Association want the names to continue to be released to preserve the public's right to access government records. [ Read more ... ]

Vista Makes Forensic PC Exam Easier for Lawyers: "Katharine writes 'Jason Krause, a legal affairs writer for the American Bar Association's 'ABA Journal' reports in the July issue that Windows Vista will be a boon for those looking for forensic evidence of wrongdoing on defendants' PC's and a nightmare for defendants who hoped their past computer activities would not be revealed. [ Read more ... ]

Forget about the WGA! 20+ Windows Vista Features and Services Harvest User Data for Microsoft - From your machine! - Softpedia: "Are you using Windows Vista? Then you might as well know that the licensed operating system installed on your machine is harvesting a healthy volume of information for Microsoft. In this context, a program such as the Windows Genuine Advantage is the last of your concerns. In fact, in excess of 20 Windows Vista features and services are hard at work collecting and transmitting your personal data to the Redmond company.

Microsoft makes no secret about the fact that Windows Vista is gathering information. End users have little to say, and no real choice in the matter. The company does provide both a Windows Vista Privacy Statement and references within the End User License Agreement for the operating system. Combined, the resources paint the big picture over the extent of Microsoft's end user data harvest via Vista. [ Read more ... ]

Vista Security Claims Debunked: An anonymous reader writes "Apparently Microsoft still hasn't learned that counting vendor acknowledged vulnerabilities isn't a good way to establish the security of an OS. As an analysis of Microsoft's claims on Full Disclosure shows, we see that the methodology used was badly flawed. A bug in Firefox (not to mention emacs), counts as a flaw for Linux, while IE bugs get ignored on Vista's chart. [ Read more ... ]

Microsoft ditches about-face on virtualization restrictions at 11th hour : "The scuttlebutt this week has been that Microsoft was about to relent and allow the virtualization of Windows Vista Home Premium and Home Basic. Since the launch of Windows Vista, only Business and Ultimate editions have been legally approved for virtualization, thanks to the Vista EULA. A change in the EULA was forthcoming, according to embargoed information from the company, and it was a change that I think everyone believed should be made. [ Read more ... ]

Vista Security: Will it Make a Difference?: "In this five-minute, audio-enhanced presentation Dan Blum, Burton Group Senior VP and Research Director in Security and Risk Management Strategies Service, discusses how Microsoft Vista has improved over XP with higher quality code, better protection and isolation of resources and significant authentication improvements. [ Read more ... ]

Dell brings back XP on home systems | CNET News.com: "Amid significant customer demand, the computer maker said on Thursday that it has returned to offering the older Windows version as an option on some of its consumer PCs.

Like most computer makers, Dell switched nearly entirely to Vista-based systems following Microsoft's mainstream launch of the operating system in January. However, the company said its customers have been asking for XP as part of its IdeaStorm project, which asks customers to help the company come up with product ideas.

'We heard you loud and clear on bringing the Windows XP option back to our Dell consumer PC offerings,' Dell said on its Ideas in Action page. Users get to vote on various suggestions, and the notion of bringing back XP got 10,000 'points,' making it among the most popular requests but well below top picks such as adding Linux or OpenOffice.org to its PCs. [ Read more ... ]

Researchers question Vista security after ANI exploit: Microsoft Corp.'s failure to spot the animated cursor bug in Windows Vista is, at best, a flag to hackers that old flaws may abound in the new operating system, researchers said today. At worst, it's a disconcerting sign that Vista's security-oriented development process slipped up.

This week, Microsoft issued an out-of-cycle fix for a vulnerability that's been exploited since at least March 28 by hackers armed with malicious .ani files. Every supported version of Windows contained the bug, including Vista.

The fact that Vista was affected rang alarm bells with security researchers, who recalled that an update more than two years ago addressed the same section of Windows code. That bug, fixed by the MS05-002 patch, also involved animated cursors and icon files, and updated the User32.dll file. That file was also replaced in this week's MS07-017 update. [ Read more ... ]

Microsoft warns of zero-day Windows bug: "Several versions of Windows, including Vista, are vulnerable to a critical unpatched vulnerability that can be used by attackers on PCs when users surf to malicious sites.

[...]

Microsoft Corp. confirmed today that Windows, including Vista, contains a critical unpatched vulnerability that can be used by attackers to usurp PCs when users surf to malicious sites.

In a security advisory posted this morning, Microsoft's Security Response (MSRC) team acknowledged a bug in Windows' animated cursor, a component that lets developers show a short animation at the mouse pointer's location. Animated cursor files typically use the .ani extension, but the MSRC warned that hackers might disguise malicious animated cursors with other extensions. The SANS Institute, in fact, said it had received reports of in-the-wild exploits using files renamed to .jpg. [ Read more ... ]

Security Now 74: Peter Gutmann On Vista Content Protection - Sponsored by Astaro Corp.: "Hosts: Steve Gibson with Leo Laporte

Steve and Leo interview Peter Gutmann about his paper A Cost Analysis of Windows Vista Content Protection.

Running time: 49:58"

(Via Security Now!.)

Security Now 75: Vista DRM - Sponsored by Astaro Corp.: "

Hosts: Steve Gibson with Leo Laporte

We wrap up our discussion of the premium content protection features in Vista and announce Steve's newest free security utility: Securable.

Running time: 49:42"

(Via Security Now!.)

Security Now 83: Vista's UAC - sponsored by Astaro Corp.: "

Hosts: Steve Gibson with Leo Laporte

A closer look at Vista's User Access Control.

Running time: 50:01

"

(Via Security Now!.)

Exploit-for-sale hacker pins bug on Vista's e-mail app: "A bug in Windows Vista's built-in e-mail program, Windows Mail, can be used by hackers to run malicious code on a victimized PC, according to a researcher who just two weeks ago was touting an exploit-for-sale service.

(Via Computerworld Viruses News.)

Vista feature helps VXers trick surfers: "

Insecure by design

Microsoft's trustworthy computing initiative is five years-old but the software giant is still making bone-headed design decisions that favour usability over basic security.…

"

(Via The Register - Security.)

White House issues deadlines to secure Windows: "

(InfoWorld) - Federal agencies have until Feb 1, 2008 to implement a common secure configuration setting for all Windows XP and Vista systems based on standards from the National Institute of Standards and Technology (NIST) and other organizations.

But they have less time, until May 1, to provide details to the White House Office of Management and Budget on how they plan to do so. The deadlines were set by de facto federal CIO Karen Evans in a memorandum to agency CIOs Tuesday.

The standard security settings for XP and Vista Evans was referring to were developed by NIST, the Department of Homeland Security (DHS), Microsoft, and several other organizations. They describe certain basic configuration settings to secure the operating system against common classes of threats. [ Read more ... ]

Exploit-for-sale hacker pins bug on Vista's e-mail app: "A bug in Windows Vista's built-in e-mail program, Windows Mail, can be used by hackers to run malicious code on a victimized PC, according to a researcher who just two weeks ago was touting an exploit-for-sale service.

(Via Computerworld Security News.)