Thursday, March 1, 2007

PC World - Vista's UAC Warnings Can't Be Trusted, Symantec Says Windows Vista's User Account Control (UAC), a system that Microsoft says makes the new operating system safer from attack, can be spoofed and shouldn't be completely trusted, a Symantec researcher said on Wednesday. Ollie Whitehouse, an architect at Symantec's advanced threats research team, first used a blog entry Tuesday to point out how a hacker could use a file included with Vista to disguise the UAC warning dialog in the color associated with alerts generated by Windows itself. 10:19:06 PM

Tricking Vista's UAC To Hide Malware. Tricking Vista's UAC To Hide Malware. Vista's User Account Control, love it or hate it, represents a barrier against unwanted software getting run on users' computers. A Symantec researcher has found a simple way to spoof UAC and says that it shouldn't be completely trusted. The trick is to disguise the UAC warning dialog in the color associated with alerts generated by Windows itself.  [Slashdot] 10:14:53 PM

You Can Plead Guilty Here. You Can Plead Guilty Here. The RIAA unveils P2PLawsuits.com, a site that allows people turned in by their universities or ISPs for copyright infringement to settle their cases in advance of due process. In Listening Post. [Wired News: Top Stories] 9:36:31 PM

Solaris Worm Blasts Way Through Operating System. Solaris Worm Blasts Way Through Operating System. "Hi, I'm Casper, I am a bored Sun developer and I wrote this piece of code." [GT: Security and Privacy] 9:02:48 PM

Malware Adopts Disguises in Attempt to Dupe IT Defenses. Malware Adopts Disguises in Attempt to Dupe IT Defenses. Top ten threats and hoaxes reported in February 2007. [GT: Security and Privacy] 8:55:38 PM

Dell Censors IdeaStorm Linux Dissent. Dell Censors IdeaStorm Linux Dissent. thefickler writes "It seems pointless to seek ideas and feedback if you're going to ignore and delete the opinions you don't like. That's exactly what Dell is doing with its IdeaStorm website, which the company set up to solicit such ideas and feedback. Dell deleted a post linking to an article that criticizes its handling of the 'pre-installed Linux' issue." [Slashdot: Your Rights Online] 7:39:34 PM

Manipulating Reputation Systems. Manipulating Reputation Systems. BoingBoing points to a nice pair of articles by Annalee Newitz on how people manipulate online reputation systems like eBay[base ']s user ratings, Digg, and so on. There[base ']s a myth floating around that such systems distill an uncannily accurate folk judgment from the votes submitted by millions of ordinary citizens. The wisdom of crowds, and all that. In fact, reputation systems are fraught with problems, and the most important systems survive because companies expend great effort to supplement the algorithms by investigating abuse and trying to compensate for it. eBay, for example, reportedly works very hard to fight abuse of its reputation system. Why do people put more faith in reputation systems than the systems really deserve? One reason is the compelling but not entirely accurate analogy to the power of personal reputations in small town gossip networks. If a small-town merchant is accused of cheating a customer, everyone in town will find out quickly and [~] here[base ']s where the analogy goes off the rails [~] individual townspeople will make nuanced judgments based on the details of the story, the character of the participants, and their own personal experiences. The reason this works is that the merchant, the customer, and the person evaluating the story are embedded in a complex, densely interconnected network. When the network of participants gets much bigger and the interconnections much sparser, there is no guarantee that the same system will still work. Even if it does work, a large-scale system might succeed for different reasons than the small-town system. What we need is some kind of theory: some kind of explanation for why a reputation system can succeed. Our theory, whatever it is, will have to account for the desires and incentives of participants, the effect of relevant social norms, and so on. The incentive problem is especially challenging for recommendation services like Digg. Digg assumes that users will cast votes for the sites they like. If I vote for sites that I really do like, this will mostly benefit strangers (by helping them find something cool to read). But if I sell my votes or cast them for sites run by my friends and me, I will benefit more directly. In short, my incentive is to cheat. These sorts of problems seem likely to get worse as a service grows, because the stakes will grow and the sense of community may weaken. It seems to me that reputation systems are a fruitful area for technical, economic and social research. I know there is research going on already [~] and readers will probably chastise me in the comments for not citing it all [~] but we[base ']re still far from understanding online reputation. Share This [Freedom to Tinker] 7:25:59 PM

Here comes image spam. Here comes image spam. Image spam--e-mail solicitations that use graphical images of text--is not new. But its rising sophistication has made much of it invisible to spam filters so that it makes up one-third of all spam, according to Doug Bowers, director of antiabuse engineering at Symantec. E-mail traffic--83 percent of which was spam--rose in 2006, according to antispam company BorderWare, and researchers there expect image spam to grow. [CSO Online Data Security Briefing] 7:24:29 PM

War of Words Erupts Between HP Scandal Players. War of Words Erupts Between HP Scandal Players. The attorney for the ousted HP chairman fired back at public comments made by board rival about the HP pretexting scandal. [PC World: Latest Technology News] 7:20:30 PM

© Copyright 2007 Paul Hardwick. Last update: 3/4/07; 10:32:49 AM.