Sunday, December 31, 2006

Saturday, December 30, 2006

New Year Themed Malware Expanded

As the New Year approaches, the malware writers have expanded their reach to include additional greeting expressions. F-Secure reported that the New Year theme postcards currently include expressions such as,
  • "Fun Filled New Year"
  • "May Your Dreams Come True!"
  • "Sparkling Happiness And Good Times!"
  • "Sender Happy 2007!"
The attachment name is "greeting card.exe", "Greeting Postcard.exe"

Unless you know the sender, do not open attachments. Even then, if you are not expecting an attachment, check with the sender first.

Have a Safe New Year!

Friday, December 29, 2006

F-Secure Releases BlackLight Beta

The announcement by F-Secure that they have released a new BlackLight Beta for Windows Vista and Windows 2003 Server x64 is good news for the security community. F-Secure's BlackLight rootkit scanner is a popular tool used to determine whether a user's computer has been infected with a rootkit. Let's just hope that the added support for Windows Vista will not be needed!
"Download Trial

Note: Stand-alone BlackLight expiration has been extended until 1st of April 2007. An integrated BlackLight engine has been included in the F-Secure Internet Security 2006 suite.

Click here to download the latest version."

Not familiar with rootkits? See Deep Roots for background information, resources, and advice on what to do if you suspect your computer is infected with a rootkit.

Thursday, December 28, 2006

Got Google Email? Update Firefox!

It has been reported that the problem that resulted in the 60 or so Google email users to lose all email and contacts in their Gmail accounts was a flaw in Firefox

The update to Firefox is available at Firefox. The update included a fixes for a number of vulnerabilities, making it a wise move to update, regardless of the Gmail problem.

See Garett Rogers report, Some Gmail accounts were cleaned out.

Wednesday, December 27, 2006

Vista Compatible Antivirus Software

Update 25 February 2007: See Vista Compatible Antivirus Software in Windows Vista Bookmarks for the most current information.

I discovered that the Microsoft page with Vista Compatible A/V software is now only available as a
cached page via Google. Since Security Garden site statistics indicate this is a popular topic, the cached results are being added here for preservation. Descriptions of Sophos and Avast support for Vista can be found in the original post on Vista Compatible Antivirus Software.

I understand that F-PROT Antivirus, Version 6 is also Vista compatible.

Added 28Dec06: Kaspersky Maintenance Pack 2 is compatible with both 32 and 64 bit versions of Windows Vista.


Free Trial Subscription from CAFree Trial Subscription from CA

CA Anti-Virus 2007 helps provides comprehensive protection against viruses, worms, and Trojan horse programs for Windows Vista RC1 users. The easy-to-use interface and automatic daily updates make it effortless to maximize protection, and with quick scan times and efficient use of system resources, it won't bog down your computer. Certified by independent testing groups ICSA Labs, Virus Bulletin, and West Coast Labs, CA Anti-Virus 2007 is supported by worldwide 24x7 research labs that help ensure protection from the latest threats.

Free Trial Subscription from F-SecureFree Trial Subscription from F-Secure

F-Secure Corporation helps protect individuals and businesses against computer viruses and other threats coming through the Internet or mobile networks. Our award-winning solutions include antivirus, desktop firewall with intrusion prevention and network encryption. Our key strength is the speed of response to new threats. For businesses our solutions feature centralized management.

Free Trial Subscription from GRISOFTFree Trial Subscription from GRISOFT

AVG has provided users with security solutions since 1991. Today, more than 40 million users worldwide trust GRISOFT’s AVG security products to help protect their computers. The unique combination of detection methods with low resource requirements provides maximum protection for your data. We seek to provide freedom for people to explore the Internet safely, so we provide strong antivirus protection to individuals for non-commercial use, free of charge.

Free Trial Subscription from Trend MicroFree Trial Subscription from Trend Micro

Trend Micro is a long-established, global leader in antivirus and Internet content security software and services. Now with Windows Vista Beta support, Trend Micro's PC-cillin Internet Security provides comprehensive and easy to use protection for your computer and smartphone. Its advanced features go beyond standard antivirus and firewall protection, helping to safeguard your computer from new emerging threats like network viruses, spam e-mail, inappropriate Web content, and spyware programs.

Free Beta Trial of Windows Live OneCare from MicrosoftFree Beta Trial of Windows Live OneCare from Microsoft

Get continuous, real-time antivirus protection and more for your Windows Vista-based computer. Windows Live OneCare provides all-in-one service and care of your PC, with antivirus that is integrated with antispyware for an extra layer of security and convenience. In addition, OneCare provides a managed, two-way firewall and activates anti-phishing technology to help protect you from unwanted hackers, identity theft and online scams. Alongside all these powerful security features, OneCare will perform scheduled tune-ups to help optimize your PC's performance while giving you additional flexibility when backing up of all your most important files. Designed to be simple and automated, Windows Live OneCare is the perfect companion to your Windows Vista RC1 computer.

F-PROT Antivirus Support

Do you use FRISK Software's F-PROT Antivirus for your computer? If so, help and answers to your questions has become easier. The FRISK Team has started a support forum for F-PROT Antivirus Discussions. It is simple to register at the forum and post your question. Help is provided by staff from FRISK Software International.

The support forum will be particularly helpful should you have any questions when updating to the recently-released F-PROT Antivirus, Version 6.

Note that in addition to numerous Corporate packages, FRISK provides F-PROT Antivirus Software not just for Microsoft Windows operating systems, but also for open-source Linux and BSD. Both F-PROT Antivirus for Linux Workstations and F-PROT Antivirus for BSD Workstations are FREE for use personal users.

Update: The forum was formally announced at FRISK Software opens the F-PROT Antivirus discussion forum

Tuesday, December 26, 2006

Christmas & New Year Themed Malware

Unfortunately, the malware writers seem to find it amusing to take advantage of the holiday spirit. F-Secure has posted information on three Christmas and one New Year-related infected themes used to entice recipients.
  • CHRISTMAS.EXE -- When run, this IRCBot variant will try to download various malicious executables from web servers.
  • Christmas_Puzzle.exe -- This is a backdoor which uses a rootkit to hide its presence on a system. It displays a Christmas-themed jigsaw puzzle game.
  • Christmas+Blessing-4.ppt -- This exploit has been embedded in what had been a safe Christmas PowerPoint slide show. The PowerPoint file uses MS06-012 or a related vulnerability to drop and execute two embedded programs.
  • -- This is a Warezov e-mail spam that hides behind a "Happy New Year" postcard.
Like a broken record, I will repeat -- please make sure your system is properly secured with a firewall, updated anti-virus protection and Microsoft Updates. Do not click on links or open attachments from sources you do not recognize.

Happy Holidays!

Monday, December 25, 2006

So, You Got a New Computer for Christmas

The boxes have all been opened, the torn wrappings tossed. Lucky you, you have a brand new computer! Now what do you do? Connect to the internet and surf? No, not yet. Before you can connect to the internet you need to make certain that your brand new computer is protected.
  • Click Start > Control Panel > Security Center
Follow the instructions there to make sure that your computer has a firewall and anti-virus software.

Now you can connect to the internet. But, no, you cannot "surf the 'net" yet. Remember, between the time that computer was shipped from production and the carton pulled out from under the Christmas tree, a fair amount of time has passed. You first need to check that your new computer has all the latest security updates. Click this link to go to Microsoft Update where you can get the latest updates for Microsoft Windows, Office and other Microsoft applications all in one place.

Now that Windows is updated, check that the other software on your computer is up-to-date. Read about Secunia Software Inspector.

An important thing to note is that most new computers come with trial versions of anti-virus software. You will need to obtain a permanent anti-virus software. Before the trial period expires, find a permanent anti-virus software. If funds are short after the Holidays, consider the following free anti-virus programs.
Other options to consider are a two-way firewall. There are several to select from:
Next, you need to take a couple preventative steps. Start with SpywareBlaster and SpyGuard to prevent the installation of spyware and other potentially unwanted software, including ActiveX-based spyware, browser hijacker's dialers, and more.

Of course no computer is complete without Scotty on Patrol with WinPatrol. Read about the great features of WinPatrol here.

Lastly, consider the recommendations by Nellie2 in "Christmas is Coming".

Happy Safe Computing!

Sunday, December 24, 2006

Twas the Night Before Christmas

Aslong with one of my favorite poems, this posting brings my wishes to family and friends for a happy, joyous and safe Holiday.

Thehis is dedicated with love to my special girls, Natalie and Nicole.

As very Merry Christmas to all!

Twaswas The Night Before Christmas
(A Visit from St. Nicholas)

By Clement Clarke Moore

Twaswas the night before Christmas, when all through the house
The stockings were hung by the chimney with careNot a creature was stirring, not even a mouse;
The stockings were hung by the chimney with care,
In hopes that St. Nicholas soon would be there;
The children were nestled all snug in their beds,
While visions of sugar-plums danced in their heads;
And mamma in her 'kerchief, and I in my cap,
Had just settled down for a long winter's nap,
When out on the lawn there arose such a clatter,
I sprang from the bed to see what was the matter.

Awayway to the window I flew like a flash,
Tore open the shutters and threw up the sash.
The moon on the breast of the new-fallen snow
Gave the lustre of mid-day to objects below,
When, what to my wondering eyes should appear,
But a miniature sleigh, and eight tiny reindeer,
With a little old driver, so lively and quick,
I knew in a moment it must be St. Nick.
More rapid than eagles his coursers they came,
And he whistled, and shouted, and called them by name;

Now, Dasher! now, Dancer! Now, Prancer and Vixen!
On, Comet! On Cupid! On, Donner and Blitzen!
To the top of the porch! to the top of the wall!
Now dash away! dash away! dash away all!

Ass dry leaves that before the wild hurricane fly,
When they meet with an obstacle, mount to the sky,
Up to the house-top the coursers they flew So up to the house-top the coursers they flew,
With the sleigh full of toys, and St. Nicholas too.
And then, in a twinkling, I heard on the roof
The prancing and pawing of each little hoof.
As I drew in my hand, and was turning around,
Down the chimney St. Nicholas came with a bound.

Hee was dressed all in fur, from his head to his foot,
And his clothes were all tarnished with ashes and soot;
A bundle of toys he had flung on his back,
And he looked like a peddler just opening his pack.
His eyes -- how they twinkled! His dimples how merry!
His cheeks were like roses, his nose like a cherry!
His droll little mouth was drawn up like a bow,
And the beard of his chin was as white as the snow;

TheA wink of his eye and a twist of his headhe stump of a pipe he held tight in his teeth,
And the smoke it encircled his head like a wreath;
He had a broad face and a little round belly,
That shook, when he laughed like a bowlful of jelly.
He was chubby and plump, a right jolly old elf,
And I laughed when I saw him, in spite of myself;
A wink of his eye and a twist of his head,
Soon gave me to know I had nothing to dread;

Hee spoke not a word, but went straight to his work,
And filled all the stockings; then turned with a jerk,
And laying his finger aside of his nose,
And giving a nod, up the chimney he rose;
He sprang to his sleigh, to his team gave a whistle,
And away they all flew like the down of a thistle.
But I heard him exclaim, ere he drove out of sight,
"Happy Christmas to all, and to all a good-night!"

Friday, December 22, 2006

Lavasoft Gave My Email Address to a Marketing Company

Do you subscribe to Lavasoft updates? Did you also receive a sales letter today, reportedly from the The subject is "Gift the Gift of Ad-Aware SE". Take a closer look at that email. What caught my attention was at the bottom of the email:

This message was intended for: corrine@xxx
You were added to the system November 7, 2006. For more information
click here.
Update your preferences | Unsubscribe

If you can read the light, small font, note the date above. The notice indicates I was added to the system on November 7, 2006. I have been subscribed to the receive the updates for several years. I did NOT sign up on November 7, 2006.

Then I checked the full header:
Received: from (

by with ESMTP; 22 Dec 2006 13:29:01 -0600
Message-Id: <53vtd9$>
Date: Fri, 22 Dec 2006 10:59:45 -0800
From: "Lavasoft"

That prompted me to take a closer look at the actual email. Below the sales pitch for Ad-Aware SE Plus, Pro and Enterprise are a few sentences included in the image. The font is rather small and the image is fuzzy.

The first two sentences read:
"Make sure our emails end up in your inbox, not your bulk or junk folders. Simply add to your email address book or trusted-sender list.

"You have received this message because you have registered to get information about Lavasoft and its products."
I am supposed to trust a third-party marketing company masquerading as

Further down in the small print is a link to the Lavasoft Privacy Policy. There are two sections in the Privacy Policy that refer to personally identifiable information, although neither refers to sales pitches. The first applies to purchases from the website:
"2. Contractual Obligation

If you make a purchase from the website, you will be asked to provide your name, billing address, e-mail and credit card information (if you have chosen credit card as payment method). Lavasoft AB will use such information only for processing your order and to send important product specific information such as a receipt, invoice, or license key.

The information you provide will not be used for any other commercial purposes and will not be sold, rented, leased or otherwise forwarded to any third party with the exception of our subcontractor Element 5, who will process your orders and distribute the goods or services that you have requested."

The only other part of the Privacy Policy that could be construed as close is "Information Sharing":
"5. Information Sharing

We do not rent or sell your personally identifiable information to other companies or individuals, unless we have your consent. We may share such information in any of the following limited circumstances:

  • We have your consent.
  • We provide such information to trusted businesses or persons for the sole purpose of processing personally identifying information on our behalf. When this is done, it is subject to agreements that oblige those parties to process such information only on our instructions and in compliance with this Privacy Policy and appropriate confidentiality and security measures.

We may share aggregated information with others. Examples of this include the number of users who downloaded a specific product or how many users clicked on a particular advertisement."

{emphasis added}

I certainly did not give my consent to Lavasoft to give a third party marketing company my email address. Nor was the email for the purpose of processing personally identifying information on Lavasoft's behalf.

Did I unsubscribe? You bet I did. The text from the acknowledgement is transcribed below the image:

Thank you. This e-mail address will be opted out from all marketing e-mail subscriptions within 48 hours. In the interim, you may continue to receive e-mail marketing to which you originally subscribed. If you wish to resume e-mail communications in the future, please click on the subscribe button on the homepage of our site. {Emphasis added}
Marketing e-mail subscriptions? So much for a company that touts privacy.

Update 23Dec06:

In response to the thread at Broadband Reports and Lavasoft, LS-Michael, a Lavasoft employee, replied:
"You can be assured that your e-mails have not been 'turned over' to a 3rd party marketing firm to do with as they please. BlueHornet is simply the mailing engine required to send our monthly newsletter out to the nearly 1 million people on the mailing list now. Lavasoft owns the list and will always own the list, thus the sender as (the same e-mail that is published for our newsletter)."
Since I prefer that an "eMarketing Suite" (as BlueHornet describes their service) not have my e-mail address, I'll forgo any further mailings from Lavasoft.

Does IE7 Slow Down Your PC?

Do you have the Phishing Filter enabled? When you visit some websites in Internet Explorer 7, the filter can slow down your PC by hogging the CPU.

As indicated in Microsoft Knowledge Base Article 928089 :

"This problem occurs when one or more of the following conditions are true:

• The Web page contains many frames.
• You browse many frames in a short time.

Internet Explorer 7 evaluates the whole Web page when you browse a frame. Therefore, CPU usage may be very high."

There is an update that Microsoft has released for this issue. However, because this is not a security issue, it must be manually downloaded. It is available from .

MSRC Reports New Windows Vulnerabiliity

First and foremost, although the Microsoft Security Response Center (MSRC) is reporting that they are monitoring developments with regard to a public posting of POC (proof of concept) code , they have also indicated that they have not been any observed public exploitation or attack activity. Here is the report:
. . . we are closely monitoring developments related to a public posting of proof of concept code targeting an issue with the Client Server Run-Time Subsystem. The PoC reportedly allows for local elevation of privilege on Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista operating systems. Initial indications are that in order for the attack to be successful, the attacker must already have authenticated access to the target system.

Of course these are preliminary findings and we have activated our emergency response process involving a multitude of folks who are investigating the issue in depth to determine the full scope and potential impact to Microsoft’s customers. Currently we have not observed any public exploitation or attack activity regarding this issue.

While I know this is a vulnerability that impacts Windows Vista I still have every confidence that Windows Vista is our most secure platform to date. As always, we here at the MSRC encourage everyone to enable a firewall, apply all security updates and install anti-virus and anti-spyware software. {emphasis added}

Thursday, December 21, 2006

Attention Panda & WinPatrol Users

If you use WinPatrol (well, if you don't, you should!) and also scan your computer with Panda Internet Security 2007 Software, beware. It seems that Panda is detecting WinPatrol.exe as Dialer.IQQ.

I certainly didn't need Bill Pytlovany, the developer of WinPatrol, to tell me that WinPatrol does not, in any way, shape or form, contain a dialer. However, as illustrated by the screen copy of the scan results at VirusTotal in Panda Claims WinPatrol is a Virus, Panda has a incorporated a false/positive in the definitions they are currently using.

So, don't panic if you see WinPatrol.exe identified as Dialer.IQQ by Panda. Add it to your ignore list and notify Panda that they have a false/positive in the definitions.

Wednesday, December 20, 2006

Sun Releases Security Information -- After Fixes

Sun Microsystems released details regarding the security issues in Java that were fixed with the update to Version 9. That is correct -- Java SE 5, Version 9. Even though version 10 and now Java SE 6.0 have both been released, we are now finding out what was previously fixed.

If Microsoft followed Sun Microsystem's policy of providing the details of vulnerabilities fixed at the time of the NEXT or subsequent update, the public and the press would be screaming so loud the walls would reverberate in Redmond. This is just plain irresponsible on the part of Sun Microsystems!

It is also next to impossible to find what has been fixed at the Sun website. I located the details at Heise Security:
"Among other things, two buffer overflows have been resolved in the Java Runtime Environment (JRE) that allowed system resources to be accessed by non-trusted applets, which could then read, write, and execute arbitrary files with the user's rights. Two additional flaws in the serialization of JRE also allowed an applet to gain more rights. Finally, two weak points allow one applet to access the data of another applet. The flaws are found in the DK and JRE versions up to 1.4.2_12, with some even in 1.3.1_18. Updates (1.4.2_13 and 1.3.1_19) have also been made available for these flaws."
"Also see:
It is very important to uninstall prior versions of Sun Java when updating. Please see the illustrated instructions here for updating Sun Java.

Firefox & Thunderbird Security Updates

Mozilla issued security updates for Firefox and Thunderbird. These updates fix critical security vulnerabilities. It is recommended byMozilla that these updates should be installed as soon as possible.

If you have turned off the update notification, you can manually "check for updates" from the Help menu.


The following known vulnerabilities were fixed in Firefox

  • MFSA 2006-69 CSS cursor image buffer overflow (Windows only)
  • MFSA 2006-68 Crashes with evidence of memory corruption (rv:
For other versions of Firefox see the Known Vulnerabilities page.

Tuesday, December 19, 2006

Zune Compatibility With Vista Complete

The Microsoft Windows Vista Blog reported today that there has been update to the Zune software to version 1.2, including compatibility with Windows Vista. This is great news for those last minute Holiday Shoppers who are anticipating upgrading their computer to Windows Vista in the upcoming months.

Regardless of your computer operating system, be sure to get the latest update at See the Release Notes.

Opera Browser Update

The latest Opera Browser update means that now the top three browsers used have anti-phishing software available. Opera calls their version "Fraud Protection".

"When Opera Fraud Protection is enabled, you contact a server at Opera every time you request a Web page. HTTPS sites are checked via an encrypted channel, while IP addresses on the local intranet will never be checked. The server checks the domain name of the requested page against live whitelists compiled by GeoTrust, and blacklists compiled by GeoTrust and Phishtank. Opera's fraud protection server downloads blacklists directly from Phishtank, and sends a query to GeoTrust.

The domain name is forwarded to GeoTrust in plain text, together with a hash of the URL, if the site you are checking is served by HTTP. The full URL is not sent, but a fingerprint of the full URL is needed in case you visit a dangerous page on a site that is otherwise harmless. The reply is an XML document containing the trust level of the domain. This reply will be cached for a time indicated by the Opera's fraud protection server. Information about well-trusted sites can be cached for a longer period than for unknown sites."

In other Opera news, a free trial version of the Opera browser for Wii will be available on Friday, December 22. That should be of interest to the couch potatoes.

Monday, December 18, 2006

Security Garden Spolight -- Sandi Hardmeier

Without a doubt, it is time to turn the spotlight on Sandi Hardmeier. Sandi has been a Microsoft MVP since 1999, specializing in Internet Explorer and Outlook express. However, Sandi does not limit her activities there. She also has a strong interest in security and expends considerable energy in that area.

One area in particular that Sandi is known for is her vehemence when it comes to the Messenger Plus! Sponsor Program. Most particularly, she has devoted considerable energy publicizing dangers such as Winfixer that the Messenger Plus! Sponsor Program has been exposing its users to for quite some time. Examples of Sandi's testing and screen shots can be found in her articles published December 17, December 15, December 12, November 12, June 30, June 26, June 25 and April 7.

Major credit belongs to Sandi for her diligent efforts in documenting and publicizing this issue. Through those efforts, as well as her "nagging" the MessengerPlus! developer, Sandi reported that Circle Development has edited the HOSTS file on machines that are running the Messenger Plus! Sponsor Program to block many Winfixer related URLs! This is most definitely a step in the right direction.

If you do not know Sandi, you can find her not only at her blog, Spyware Sucks, but also at her website devoted to IE7, located at IE-Vista. Sandi's original site, devoted to Internet Explorer, remains a valuable resource.

Sandi, it is certainly people like YOU who seriously fit the description of the
Time "Person of the Year" for 2006. For anyone interested in joining in the celebration of the Time award and want to take up blogging, Sandi can help you with that too. See Sandi's article, Blogging 101.

FileASSASSIN 1.00 from MalwareBytes

The creator of AboutBuster, E2TakeOut, Qoofix and RogueRemover has released a new tool, FileASSASSIN. FileASSASSIN can delete locked malware files on your computer, using advanced techniques to unload modules, close remote handles and terminate processes to allow the removal of the file.

FileASSASSIN is compatible with Windows 2000, NT and XP.

  • Unzip to a new folder; i.e., C:\FileASSASSIN
  • Navigate to the folder and unzip FileASSASSIN.exe
  • Select the file to be unlocked/removed by dragging it to the text area or select the file using the ( . . . ) button to browse to the file location
  • Select a removal method from the optional list
  • Click delete to remove the file.
Links to all MalwareBytes Software:

Sunday, December 17, 2006

Thank You, Time. I accept.

Time has named me "Person of the Year" for 2006. In fact, Time has named YOU person of the year also.

Excerpts from "Person of the Year: You", by Lev Grossman:
". . . look at 2006 through a different lens and you'll see another story, one that isn't about conflict or great men. It's a story about community and collaboration on a scale never seen before.
"The tool that makes this possible is the World Wide Web. Not the Web that Tim Berners-Lee hacked together (15 years ago, according to Wikipedia) as a way for scientists to share research. It's not even the overhyped dotcom Web of the late 1990s. The new Web is a very different thing. It's a tool for bringing together the small contributions of millions of people and making them matter. Silicon Valley consultants call it Web 2.0, as if it were a new version of some old software. But it's really a revolution.
"And we didn't just watch, we also worked. Like crazy. We made Facebook profiles and Second Life avatars and reviewed books at Amazon and recorded podcasts. We blogged about our candidates losing and wrote songs about getting dumped. We camcordered bombing runs and built open-source software.
"Who are these people? Seriously, who actually sits down after a long day at work and says, I'm not going to watch Lost tonight. I'm going to turn on my computer and . . .
"The answer is, you do. And for seizing the reins of the global media, for founding and framing the new digital democracy, for working for nothing and beating the pros at their own game, TIME's Person of the Year for 2006 is you."
From the Dec. 25, 2006 issue of TIME magazine

Congratulations to --
  • the people who post questions in the newsgroups and forums
  • those who respond to the questions and analyze logs
  • the columnists at c|net, ZDNet, The Washington Post, The Register, and all the other online journals
  • all the "vendor" bloggers, including MSDN, Counterspy, F-Secure, Kasperky, Prevx, etc.
  • my many online friends and fellow bloggers
  • you!

Saturday, December 16, 2006

Kids Safe Browser

This Flash-based web browser, "Kids Safe Browser", seems like a great idea to provide young children a safe learning and play area on the internet. As explained on the website,

"Instead of letting the browser have access to the whole world wide web & 'trying' to filter out the bad content, like most childrens internet browsers & filtering software do. We blocked out the entire internet & only let the browser access limited, top quality, child related sites that we programmed into it!"
Because KidRocket is a web browser, you will need to grant permission to your firewall for KidRocket.exe to access the internet for it to work.

Here is a partial list of some of the sites available with this browser:

PBS Kids -
Sesame Street -
National Geographic Kids -
Disney -
Crayola -
Nick Jr -
Cartoon Network -

The complete list is available at on the website.

Friday, December 15, 2006

Chat With Santa on Windows Live Messenger

Parents, if your children are too shy to sit on Santa's lap at the local mall, perhaps they would enjoy a live chat with him on Windows Live Messenger.
"REDMOND, Wash. — Dec. 13, 2006 — Ho, ho, ho! This year there is another way for kids to share Christmas wish lists with Santa Claus. Using Windows Live™ Messenger, parents can spend time with their kids chatting in real time with Santa online. Customers can simply add Santa’s address,, to their Windows Live Messenger contact list and instantly open a conversation window to communicate with Saint Nick. Kids will enjoy immediate responses from the jolly big man himself through an interactive online chat, and they can even visit Santa’s page on Windows Live Spaces at Filling Santa in on Christmas wishes and asking all about how the reindeer are doing or what’s new at the North Pole are a few of the things kids can talk to Santa about. Santa can even tell kids where they stand on his list: naughty or nice.

Starting Christmas Eve morning, kids can check in with Santa through Windows Live Messenger to follow his journey around the world. As Santa circles the globe delivering gifts, kids who ask him where he is or when he will arrive at their house will be directed to the North American Aerospace Defense Command (NORAD) Santa-tracking site through a link in the conversation window. More information on chatting with Santa through Windows Live Messenger can be found at"

Windows Live Messenger is available at


Symantec and Microsoft Vulnerability Reports

While the Microsoft Security Response Center (MSRC) provided an update on the three reported Microsoft Word vulnerability reports, Marc Maiffret, eEye's chief technology officer, took Symantec to task for downplaying the threat of a worm last spring. That worm is now successfully attacking unpatched Symantec enterprise anti-virus software because, according to Maiffret, companies focus too much attention on Microsoft's flaws and ignore those from other vendors. Also pointed out by Maiffret is the lack of a proper update mechanism by such companies.

Maiffret did not limit his criticism to Symantec but also included "short-sighted enterprises". More information on the worm, which also has a botnet component, as well as Maiffret's comments are available in Gregg Keizer's article, "Worm Attacks Symantec Enterprise Anti-Virus".

Returning to the MSRC report on the Microsoft Word vulnerabilities, the recommendation remains. Do not open any document (Word or otherwise) if you do not recognize the sender. The report includes the following:
"1. CVE-2006-5994 – This issue is discussed in Microsoft Security Advisory 929433. Our ongoing monitoring indicates that this is subject to very limited and targeted attacks.

2. CVE-2006-6456 – This issue is discussed in our blog posting from December 10. Our ongoing monitoring indicates that this also is currently subject to very limited and targeted attacks. Our investigation so far indicates that this issue affects Word 2000, Word 2002, Word 2003 and Word Viewer 2003.

3. CVE-2006-6561 – This is a new issue. At this time we’re aware only of Proof of Concept code: we’re not aware of any attacks at this time. Our initial investigation indicates that this issue affects Word 2000, Word 2002 and Word Viewer 2003.

The guidance, as far as steps that customers can take to protect themselves, that we’ve provided in Microsoft Security Advisory 929433 applies to all three issues. Our teams are continuing their research to find additional workarounds and if we have new information we’ll post that updated information in the advisory."

The MSRC also posted an update and apology for any confusion on the "accidental posting of pre-release security updates for Office for Mac".

Google Patent Search

(Click the image to open site in a new tab/window)

Spotted this addition to Google's latest search "portfolio" over at SunbeltBLOG. Having worked with people in the Patent area for many years, I am sure they will find this interesting.

By the way, Patent Friends, Garett Rogers at ZD Net would like to know if Google Patents will make the job easier for patent lawyers. Apparently he doesn't realize that (1) the patent lawyers rely on someone else to obtain the patent copies and (2) there has been services for obtaining patent copies for many years, some free while others are fee-based.

One nice feature I observed is that it is easy to copy/paste the text from the patents in Google Patent. That will at least make it easier when quoting portions of patents the "Description of the Prior Art".

This is what a friend who has "been in the business" for many years had to say about Google Patent:
"Interesting. Nice search page. Nothing "new and improved" though."
It doesn't sound as though Google should bother running to the USPTO with this feature.