Report

New Scientist is reporting that a massive database culled from the public profiles of 210 million Facebook users has been destroyed before its anticipated — and controversial — release to researchers. Pete Warden, a former Apple engineer, reluctantly deleted the data after Facebook threatened legal action, saying he could not afford to fight a lawsuit. He said Facebook was not aware that such information was available and that the flaw is being patched. ...

Scum on the run Security blogger Brian Krebs is reporting some good numbers that show spammers are no longer registering their domains in China (.cn) since that country started requiring actual on-paper registrations and business licenses, which precludes anonymous registration. AND their new top-level domain of choice, Russia (.ru), is going to make life for sca/spammers difficult there. “Russia’s Coordination Center for domain registration will require individuals and businesses applying for a .ru address to provide a copy of a passport or legal registration papers.” Krebs wrote. ...

Tom Gallagher, senior security test lead with Microsoft’s Trustworthy Computing group, was extensively quoted in news stories today as he described how his group found 1,800 software flaws in Office 2010 by running millions of “fuzzing” tests. According to ComputerWorld, “Microsoft was able to find such a large number of bugs in Office 2010 by using not only machines in the company’s labs, but also under-utilitized or idle PCs throughout the company. The concept isn’t new: The Search for Extraterrestrial Intelligence (SETI@home) project may have been the first to popularize the practice, and remains the largest, but it’s also been used to crunch numbers in medical research and to find the world’s largest prime number. ...

Don’t run your PC with admin privileges Sometimes in life you know something is a risk, but you don’t know how BIG a risk it is until somebody actually checks it out. There was a German scientist in Russia who repeated Ben Franklin’s kite-in-the-thunder-storm experiment but didn’t live to write up his results. Los Angeles security firm BeyondTrust has released an analysis of Microsoft’s 75 security bulletins last year. They came to the startling conclusion that if users had operated their computers without administrative rights they would have eliminated 64 percent of their risk from Microsoft vulnerabilities! ...

Mozilla.org has made public a report that says its Firefox browser has 30 percent market share worldwide. Assuming it’s true, that is a six percent increase since a news story last November. The Mozilla Metrics report 1Q2010 says the browser has 39.2 percent penetration in Europe (152.7 million users) and 29 percent in the U.S. (100 million users.) Mozilla claims 350 million users worldwide. Adoption is quickest in Russia (20 percent increase in the first quarter) the report said. ...

It seems I prompted an exploration of infection related search terms in Google Trends over on the Forbes.com Firewall blog. “Malware” is becoming a sort of catch-all term for end-users, slowly replacing the various types of Ad/Mal/Spyware classifications. Article here – worth checking out the comment by Andy Hayter, Anti-Malcode Program Manager of ICSA Labs, too. Of course, I like to think I might have contributed in some small way to certain search terms going the way of the Dinosaur… ...

Using a Firefox 3.0 add-on created by developers in Hong Kong, Betanews was able to briefly establish a connection with the Internet via a proxy based in mainland China. With that proxy, we were able to confirm that searches performed using Google’s Hong Kong-based page were effectively blocked. Firefox 3.0 reported the blockage with this message: “The connection to the server was reset while the page was loading” — a message from the browser, not from an ISP. We used version 3.0.16 of Firefox (an older edition) because it is the only version compatible with China Channel, a tool made for the express purpose of testing China’s filtering ability. It has not been upgraded for version 3.6. ...

Could the manufacturers of DVD players (no, not just Blu-ray, but the original DVDs) owe back royalties to Alcatel-Lucent for the use of patented technology by way of the MPEG-2 codec? The MPEG Licensing Authority had asserted that Alcatel may have structured its 2006 merger with Lucent in such a way that it could hide up to five patents in a special trust, and spring their overdue royalties on the video industry long after DVDs already began the march to obsolescence. ...

A few of days ago, we encountered an e-mail with a malicious RTF attachment. It was sent with a supposed lawsuit notification message. The e-mail didn’t mention any company by name and took a shotgun, rather than targeted, approach. Today, a security blogger forwarded us (and others) his version of the e-mail: At this point, it appears that the attachment has been replaced by hyperlink pointing to the Marcus Law Center. ...

In the Pwn2Own hacking contest at the CanSecWest security conference in Vancouver, Canada, security researchers and hackers quickly hacked three of the major browsers to take control of the underline operating systems. — A German hacker who goes by the handle “Nils” used a previously unknown vulnerability in Mozilla’s Firefox to gain control of a 64-bit Windows 7 machine. — Peter Vreugdenhil an independent researcher from the Netherlands, used several vulnerabilities in Internet Explorer to take control of a machine running a patched 64-bit Windows 7 implementation. ...