There's been quite a bit of discussion in the last 24-48 hours on the fact that Microsoft has filed an "adware patent" ( Information Week | ars technica ). I felt that Kurt Wismer's post was by far the most interesting. The post declared the submission of this patent to be unethical given that MS is in the Anti-Malware market now. This was to be expected... just as the majority of my posts seem to be "pro-Microsoft", the majority of Kurt's seem to be "anti-Microsoft". Given that, I completely disagree with Kurt. Would it be unethical for an Anti-Malware company to be involved in the distribution of malware? In most cases... yes; however, I do see legitimate uses of this for Microsoft that I don't see as being unethical.
- This could actually be seen as a form of "Proactive Anti-Malware". By patenting any new or unique means of delivering ads to a customer, Microsoft is effectively prevent other companies from accomplishing the same task. So a malware company comes along and takes advantage of the process that Microsoft is patenting and suddenly Microsoft's lawyers fire off an email and prepare to go to court. This would act to deter certain companies from proceeding. Additionally Microsoft could be preparing to license the technology, allowing them to dictate the usage, providing for stricter regulations around adware distribution. Everyone is quick to jump to the negative, yet no one is willing to look at the possible positive outcomes.
- The second reason, and more likely one, is that Microsoft is finally planning on going ahead with the ad-based versions of Office and Windows that have been discussed for the last 2-3 years. I don't see this as malware. Is it adware, yes... but it's not malicious or unethical. It's providing costly software to users that can't afford it, in exchange for them viewing ads tailored to their likes / dislikes. Users always complain that they pirate software because they can't afford it... they'd no longer have that as a valid excuse. It would be similar to NetZero/3Web (believe were the company names). I had plenty of friends that took advantage of their ad-based free dial-up access because they a) couldn't afford internet access or b) didn't have a credit card so they couldn't get dial-up access.
I don't see any issue with Microsoft filing this patent and am rather eager to see how they utilize it. I am rather unhappy to see that, once again, everyone is jumping to conclusions about Microsoft and assuming the most negative outcome.
Surprisingly I'm not talking about people who are paid to write blog posts on certain subjects... that's better left for another discussion. Instead I'm talking about people that plaster their blogs with ads. I don't get this, I pay for web hosting and domain registration... I consider it part of being a geek... I currently have about 20 domains @ $5.99 USD/year and a $120 USD/year hosting account. I pay these costs myself, and provide my blog (and other sites) without ads plastered all over them. I even provide hosting (web and email) to friends.
So when I look at other people's blogs I have to wonder why they have them plastered with ads. I've complained about ridiculous blog tagging in the past, and others have complained about the large quantities of scripts that are employed on some blogs. Well now I want to gripe about ads. I don't want to point fingers, but a great example of this is Martin McKeay's blog. There are definitely worse offenders, but this happened to be the one I visited tonight that made me think about it. Why do we need to plaster our blogs with Google Ads, blogging is supposed to be about sharing information... originally personal info in journal form and now it's more journalistic... Is that why? We feel that since newspapers place ads, we should as well?
The only thing worse than plastering your website with ads, is placing them all over your RSS feed. Especially those people that provide "summary" articles in their feed, requiring that you visit the site for the full story, yet still insist on tacking an ad below the summary.
I'd love to know why... Do people really make that much money of their ads or are people really that hard up for the few extra cents that these ads bring in? I can get one ad in the side bar, or across the top or bottom of the page, but placing them between each post is excessive and annoying. I'd just love to know why people insist on doing it, especially when I see such little benefit.
Jon Johansen (DVD Jon) has an interesting blog post up over on his website. He gives details on activating the iPhone without having a subscription to AT&T's phone service.
This is nice for anyone who wants the iPhone without the telephone feature... For example individuals in a country where the iPhone isn't even available.
That's right... the United States has had a Do-Not-Call List for 4 years now, and Canada has still yet to launch one, even though the idea was announced 3 years ago.
The Do-Not-Call list, introduced by Bill C-37, is one step closer to becoming a reality as the CRTC announced the rules that will govern the DNC List and began it's search for an operator. Unfortunately, no one will willing to operate the DNC List. The reason? The government expects that money collected via 'subscription fees' collected from businesses accessing the DNC List will be sufficient to pay for the operation of the DNC List. This expectation caused the Canadian Marketing Association (CMA) to back out as the expected operator, stating that they can't operate a project with no clear business model. The CRTC will be responsible for handling complaints related to DNC List violations and can levy fines to a maximum of $1,500 per individual and $15,000 per corporation. These dollar amounts are per violation and not total amounts that can be fined.
Even more interesting is the list of "organizations" that will not be affected by this. The largest amount of telemarketing calls I have are from businesses for which I'm already a customer. Bell Canada is a great example, attempting to up-sell current telephone customers with STS (Smart Touch Services) or Rogers Communication with their attempted up-selling of Rogers Home Phone service to customers with Cable TV and Internet through them. Well guess what, they'll still be able to call you... Bill C-37 has an exception for organizations with whom you are already doing business. Two more annoying groups that call repeatedly and refuse to stop calling even after you talk to them: Charities and Newspapers. The Diabetes Society called me 6 times one month to ask if I had any clothes to donate and the Toronto Star calls at least twice a month asking if we're interested in a subscription. Another group that politicians decided should be exempt is, surprise surprise, politicians. That's right... if they are running for office they are free to call you.
The Do-Not-Call List has been rebranded the Do-Not-Hesitate-To-Call List and that may be more accurate in the end... and that's only if we ever see it. Another interesting point is that DoNotCall.ca closed their doors June 23, 2006 because the CRTC would be introducing the government DNC List within the year... that didn't really happen.
While we wait for the official DNC List, the CMA has a Do Not Contact service. You can subscribe here and all customer lists associated with the CMA will have your name removed.
Canadian DNC List Wikipedia Entry
This is just a quickie...
Apparently SANS ISC has been seeing an increase in activity on port 1433. They are asking for anyone with packet captures to please provide them, and I'm making the request that anyone who passes them on also forward them to me, as I'd love to give them a glance.
Also, has anyone noticed any odd behavior out of their MSSQL Server lately? I'll be interested to see if this is an older threat recirculating or a new threat about to cause trouble.
In the past 24 hours I've received multiple "greeting card emails" telling me to visit the website and view my greeting card. A couple of points for people to keep in mind when receiving e-cards.
- 99% of the time, the e-card email will contain the name of the person who has sent you the e-card. If the email contains phrases like "an e-card from a mate" or "a worshiper has sent you an e-card", it's most likely not a valid email.
- The link that you are clicking on in the email will appear as a valid domain name. This doesn't mean you can automatically trust domain names, but you should instinctively delete any email where the link appears as an IP Address (dotted decimal formation, such as 22.214.171.124).
- The email will appear as either the address of the person sending it, or a generic address from the company providing the e-card. If you see an address such as email@example.com, the e-card is a scam.
Now let's take a look at a real e-card from E-Cards.com vs a malicious e-card spoofing E-Cards.com.
||Jul 2, 2007 6:36 PM
||E-CARD from Tyler Testing
Tyler Testing has sent you an E-Card -- a virtual postcard from
E-Cards.com. You can pickup your card at the E-Cards.com website.
-> If your e-mail is hot-link enabled, click here:
-> You may also point your web browser to: http://www.e-cards.com/
Then, visit the card pickup page and input your pickup code:
Your E-Card will be available for 15 days from the sending date.
To keep your E-Card accessible indefinitely, you may want to join
"My E-Cards" -- an option to do so is provided in your E-Card!
^ Save trees. Learn about wildlife nature and the environment.
^^^ Generate an advertising sponsored donation.
^^^^^ Every E-Card sent helps support wildlife and the environment!
From: E-Cards.Com [mailto:firstname.lastname@example.org]
Sent: Monday, July 02, 2007 12:21 PM
To: Tyler Reguly
Subject: You've received a greeting ecard from a mate!
Your mate has sent you a greeting ecard from E-Cards.Com.
Send free ecards from E-Cards.Com with your choice of colors, words and music.
Your ecard will be available with us for the next 30 days. If you wish to keep
the ecard longer, you may save it on your computer or take a print.
To view your ecard, choose from any of the following options:
Click on the following Internet address or
copy & paste it into your browser's address box.
Copy & paste the ecard number in the "View Your Card" box at
Your ecard number is
Mail Delivery System,
I haven't visited the links in a secure VM to see where they point, so I don't quite feel comfortable providing the links on this page. If anyone wants the links, they can feel free to contact me.
Or at least some of them anyways. It's part of a promotion of sorts and has apparently been done by 7-Eleven and not by Fox.
Not a lot to say on this one... I learned of this via YumSugar.com and took a look at the 7-Eleven Locate a Kwik-E-Mart page. Unfortunately in Canada it seems to only be happening in BC, but I've got my fingers crossed that this will happen in Toronto still.
Those of you near one of these stores can take advantage of mythical food items such as Squishees, Buzz Cola and Krusty-O's
I'm a big fan of mailing lists... or at least I'm a member of enough of them. I figured I might as well join another mailing list, or in this case start one. I'm actually starting a couple but the topic of this one is the Security Bloggers Network. I figure what started as a simple Feedburner Feed to syndicate various blogs should grow. As a result I've created the SBN Mailing list, and soon I'll have a page up displaying the syndicated feed. The webpage will be http:///www.securitybloggers.net, which for now simply points to ComputerDefense.org. In the mean time feel free to join the discussion list. The page link is also permanently on the side bar of this page. For now it is an unmoderated list, however if the need arises, I will change it to a moderated list.
I felt that I should follow up on this, while I haven't heard much else about it (and I'm not a charter customer) based on the continued comments to my last post, I'm guessing that this is still occurring. A number of people who commented have a massive letter writing campaign needs to occur. So this post is my contribution to a fight I'm not overly involved in, to gather the masses of irritated and irked Charter customers. My motivation? If one ISP gets away with this, then others may follow suit.
So I'm suggesting a daily letter writing campaign by Charter customers. I also suggest that those of you that aren't Charter customers write-in... let them know that this is why you won't switch to their server. You don't want to lose your freedom and have your queries hijacked.
Suggested Contact List:
To: email@example.com; firstname.lastname@example.org; email@example.com; firstname.lastname@example.org; email@example.com; firstname.lastname@example.org; email@example.com; firstname.lastname@example.org