Federal prosecutors are reviewing whether to pursue charges against an Arvada woman who refused to show identification to federal police while riding an RTD bus through the Federal Center in Lakewood.

Deborah Davis, 50, was ticketed for two petty offenses Sept. 26 by officers who commonly board the RTD bus as it passes through the Federal Center and ask passengers for identification. Link .

We have quietly released a new definition set of CounterSpy that decloaks the Sony rootkit. This means that it gets rid of the driver (Aries.sys) that gives the Sony DRM functionalist its hidden rootkit capabilities.

This is the same thing that Windows Antispyware is doing.
However, it does not remove the Sony DRM files themselves, as doing so can wreak by causing the CD drive to become inoperable (thanks Sony). Note that the also just does a decloacking.

I rsquo;m not aware of any utility that actually removes these DRM files (not just decloaking). Microsoft has announced that their Malicious Software Removal tool will remove it, but I suspect it will also be just a decloaking.
Sony provides no way for their DRM files to be removed through Add/Remove programs.

Instead, one has to go to their website to do a full uninstall or go through a .
11/30 UPDATE: Kelly Mackin over at Computer Associates pinged me to let me know that PestPatrol removes the sony rootkit.
So, as far as I know, they are the only ones that actually remove the rootkit completely.

All others (including the Sophos tool and our own CounterSpy) ldquo;decloak rdquo; it, meaning to expose it so it rsquo;s no longer acting as a rootkit.
While I rsquo;m not supposed to be thrilled to promote a competitor, I have to give them grudging respect for this feat, no small technical challenge.
is an alternative to .

BitTorrent portal has licensed their own version of Rufus and is including in it.
Note that if you download , you won rsquo;t get adware.

It rsquo;s currently advertised on the front page of TorrentSpy:
We're proud to announce the release of our official BitTorrent client.

Torrentspy Rufus is a freeware application that will allow you to download the torrents indexed by our site. The Rufus client will make downloading files via BitTorrent a breeze.
Torrentspy Rufus is a powerfull [sic] Python BitTorrent Client.

It supports many advanced options such as speed limits, proxy and port mapping, simultaneous downloads and fast resume, torrent searching and more!
Uninstall those clunkly BitTorrent programs and try out our official Torrentspy Rufus. This application is certified by us and is our reccomended [sic] client.

It is only disclosed when the user downloads the application.
At least they are bundling WhenU, a relatively tame adware program that has decent notice and disclosure and is removable from the add/remove programs. But it does produce pop-ups.

You are right, I'm not liking this. Monk2000 gave me a heads up in an email and I'm now trying to sort it out. I don't want Rufus associated with adware at all.

Here is what is happening:
I'm affraid [sic] to say that this is partly my fault - Torrentspy's client is the prebeta 0.6.8 which I had released to a few people for testing as I wanted to make sure that the fast resume was working correctly.

In this version I also added some code to allow for an image and text to be inserted into Rufus allowing it to be branded - this was requested by torrentspy as they wanted to release Rufus with their logo on it which I had no problems with at the time.

I personally loath adware and it makes me cringe to think that it has been bundled with Rufus. I had no idea that they were going to include adware with their install and have contacted the TorrentSpy admins and am trying to sort it out.

Also as superontvetter said, I'm having computer problems at the moment - I dropped my laptop (main Rufus dev environment) and am waiting on a new motherboard. It should be here any day now.

I'll keep you all posted.

There rsquo;s this new device from (a part of Herman Miller) that obfuscates what you say on the phone so that passers-by or cubicle neighbors can rsquo;t hear what you rsquo;re saying. It rsquo;s marketed at cubicle workers.

To use Babble, which consists of a central device and two speakers, you record a few phrases from a script provided by Babble into the unit.

It then uses those samples to obscure your voice as you speak into the telephone. It broadcasts small, separated portions of the user's speech based on the tone and volume of his or her voice and is supposed to sound like the hum you hear in a busy place, like a shopping mall or a crowded restaurant.

Grasshopper: All is within your reach.
The time has come, children! The enemies are at the gate, and it is time to train in the ways of the Spyware Samurai!

So, you want to kick some Malware-butt? Chew up and spit out all in your path? Invent crazy names for infections like W00tyMcWootalotabot.

VVX!!2?

Well, now is the time!

I even had a friend contact me: ldquo;I rsquo;m getting notes that the FBI has been watching me! rdquo;. Oh boy.

I patiently explained that it was merely a virus.
Some are calling it the biggest email virus outbreak of the year. I agree.

It looks like an e-mail from the FBI, or a note promising pictures of Paris Hilton -- but some anti-virus companies are now calling it the most widespread computer virus outbreak of the year.

The EULA is densely worded legal jargon for Integrated Search Technologies and Enternetmedia. In there is a reference to , a 180 Solutions product that was the precursor to Zango. You can read the EULA
Initial screen.

Note that in the EULA, one sees ldquo;CLICK HERE rdquo; to see the license agreements for three adware programs but there are no actual links.
180 Solutions Zango rsquo;s S3 dialog box now shows up.
Update: See the blog above.

There are is a follow-up from our on LookoutSoft/Visaid Development, makers of software installs spyware without any notice or disclosure.
Please notify us of the removal.
Suzi at Spyware Warrior received a similar email today.

We have indicated to Visaid that we will not post a correction, since there is nothing that we can see to correct.

State of Texas is suing Sony BMG over the rootkits.

The state sued Sony BMG Music Entertainment on Monday under its new anti-spyware law, saying anti-piracy technology the company slipped into music CDs leaves computers vulnerable to hackers.

The lawsuit is over the so-called XCP technology that Sony had added to more than 50 CDs to restrict to three the number of times a single disc could be copied.

By simply replacing it with his own, he was able to create an ad on the Sony BMG player with a warning.

See Ben rsquo;s site for all details, and a screen shot of what an ad might look like. Link .

Sony BMG: Do this. It rsquo;s a good idea.
It rsquo;s implanted in the fatty tissue of the arm.

Applied Digital hellip;also markets the VeriChip as for use in building security and to complete financial transactions. The attorney general of Mexico and 200 people on his staff have already been implanted with the company's chips as part of an effort to control access to areas where confidential documents are kept.

One more step in the Brave New World of RFID, something I rsquo;ve in this blog.
If you rsquo;ve been anywhere near the Internet business community for the past year, you rsquo;ve likely heard the term ldquo;Web 2.0 rdquo;.

It rsquo;s become a sort of catch-all phrase for the web as an application platform (hasn rsquo;t it been for a long time?), and new stuff like , and is being thrown into the pot. (By the way, is it just me or is just the most stupid, awful URL known to mankind?

)
Well it turns out the origins of the term are pretty pedestrian. Book publisher was working with a tradeshow company and they were trying to name a new conference.
So the entire Web 2.

0 thing came out of a couple of people trying to name a tradeshow.
Now, I don rsquo;t blame Tim at all. He was trying to figure out what the evolving web would look like.

But in the meantime, we rsquo;ve got people cropping up all over the place saying ldquo;Web 2.0 rdquo; and the term has apparently evolved to mean ldquo;new stuff on the web rdquo;.
Tim says the phrase "Web 2.

0" first arose in "a brainstorming session between O'Reilly and Medialive International." What is Medialive International? "Producers of technology tradeshows and conferences," according to their site.

So presumably that's what this brainstorming session was about. O'Reilly wanted to organize a conference about the web, and they were wondering what to call it.
So in early 1990, the weather engineering operations over North America were assumed from the FSB/KGB by the Yakuza/Aum Shinrikyo teams, and operations continued with the Yakuza's leased giant scalar interferometers.

The weather engineering against the United States continues today under the rogue Japanese teams on site in Russia, with direct FSB/KGB supervision.
In 2004 we have entered the 2-year "final preparation phase". These operations have been intensified and will continue to be intense, wreaking great economic damage.

Hurricanes Charlie, Frances, Ivan, Jeanne, etc. have been no exception to the Yakuza weather engineering, which included directly influencing and controlling each hurricane's power and behavior, as well as directing its course and speed so as to choose its targeting path. Indeed, Ivan did a 180 degree turn, and Jeanne did a 360 degree loop before reaching Florida, demonstrating the degree of control available.

Please, I rsquo;m not commenting on this. It rsquo;s entertainment, ok?
First, let rsquo;s make sure our definitions are clear.

A rootkit is generally defined as software that is installed secretly and is undetectable. It provides the most powerful level of control to the system without the system owner rsquo;s knowledge. It gives ldquo;root rdquo; privileges, a term used in Unix to denote the highest level of authorization mdash; also called superuser.

A full definition is .
What is a rootkit?
A rootkit is not an attack vector on its own.

It is not a virus, and it is not a worm. It is a cloak or a disguise mdash; something to hide something else. For instance an attacker might want to use a rootkit to put a virus on your system but doesn't want you to be able see that virus.

Is a rootkit malware?
Most people think it is, but it is not always. A sys admin might want to use a rootkit to hide something from the user, to monitor the system in some way.

I treat rootkits neutrally mdash; I don't want to class them as good or bad. You have to make your decision in each case. [My emphasis.

]
The rootkit is not a virus, a worm, or a Trojan horse. It is just the code that hides something. Can it hide worms and spyware etc?

Absolutely it can. The issue in the Sony DRM case is whether Sony properly disclosed that it is installing a rootkit on your system. And what Sony uses is a rootkit: it hides other things.

First is the illogic. How can Denseglio define a rootkit as something acceptable if there is full disclosure? That, by definition, is not a rootkit.

For example, you have those programs that lock down computers (you see them at retail stores like CompUSA and BestBuy). They may be hidden in from the user. However, the administrator can gain access to them.

Commercial keyloggers may be in the same vein mdash; the administrator of the keylogger can get to it.
1. It didn rsquo;t disclose itself.

2. It hid itself from the user.
3.

It provided no means to uninstall itself.
4. Because it was hidden, it created security holes that hackers could use to gain access to a system.

5. It hooked into the .
6.

It provided Sony with superuser/root capabilities.
But if it was disclosed, would it still be acceptable? No.

Denseglio is watering down the definition of rootkits and that is a slippery slope.
Think of all the interested parties who will welcome the news that it is perfectly acceptable to drop rootkits on users' PCs in order to assert control over them, as long as there is some form of disclosure.
And given what passes for "disclosure" these days, we could very well start seeing various parties who regard users' control of their own PCs as a threat or a nuisance simply wait a bit until the Sony uproar dies down a bit and then start rolling out their own rootkits -- with some notice buried in the EULA, of course.

The next step will be to invent a more "friendly" term for "rootkits" -- perhaps "administrative cloaking tool," or even "secure protection utility." The goal here will be to hang a name on the technology so that it actually sounds like a benefit to the user.
It's hard to see how users or consumers or citizens benefit from an approach that regards rootkit technology as "neutral, neither good nor bad in and of itself.

" There is nothing "neutral" at all about the effects that this so-called "neutral" approach will have on users, who will now have to grapple with software companies, advertisers, and content providers vying to use rootkits to LEGALLY assert control over the PCs of users for whatever end.
I don rsquo;t know Denseglio and I don rsquo;t necessarily blame him for his comments and I rsquo;m certainly am not interested in attacking him or his credibility. But his statements merit discussion and debate.

To me, the answer is simple and he may very well agree with me:
Rootkits are unacceptable in any situation.
Ok, so maybe you have to be a marketing wonk to care about all this but I find this mildly interesting.
The Online Publishers Association recently reported on online spending patterns.

Umm hellip; this was done with Comscore (makers of tracking program hellip;we won rsquo;t go there right now hellip;).
Growth in the Entertainment/Lifestyle category, driven by online music sales, has rippled through most every aspect of this report. Not only does growth in the Entertainment/Lifestyles category account for a large portion of the overall growth in online paid content spending; it accounts for the ballooning figures for single purchase content sales (now 20.

1% of all revenue for paid content, up from 11.0% in 2003) as compared to subscriptions, and for the increasing percentage of all online paid content income attributed to low-price-point sales (under $5 per transaction), as compared to mid- and upper-range figures.
So paid online music sales is actually a growth area.

No big news there, but perhaps it will make the feel better.
Now, if you rsquo;re wondering why you get all those popups for online dating, the answer is here. It rsquo;s a big business:

Personals/Dating remained a strong second-highest revenue producer, with online content sales of $245.

2 million in H1 2005.
Conclusions of the report:

• Growth in online content spending in the first half of 2005, as in the full year 2004, was driven primarily by growth in the Entertainment/Lifestyles category as a result of online music sales.
• The two largest categories are Entertainment/Lifestyles (which includes music downloads) and Personals/Dating.

  The Games category also remains strong, further evidence that consumers are increasingly using the Internet for entertainment.

• Although revenue for General News is down for H1 2005, compared to H2 2004, continued strong showings by Business Content/Investment Content (the third-largest revenue-producer) and Research (up 33.8% in H1 2005 over H1 2004) indicate that consumers also readily turn to the Internet for information.

• Paid downloads of digital music are shifting the single-purchase versus subscription mix, but subscription sales continue to be the dominant pricing model for online revenue.
• Consumer penetration (the percentage of the online population that purchases online content) remains steady. Of the 171 million Americans who were online in Q2 2005, about one in nine spent money on online content purchases, so the market has plenty of room to grow.

• Average consumer spending for paid online content appears to be leveling out, showing very little change over the past three years.

Clark, Texas for 10 years in exchange for 55 DISH antennas.
Perhaps the next step is for San Francisco to become the city of Google, CA in exchange for free WiFi.

Of course, we already did all that naming stuff mdash; we have a whole region of the country named after us hellip; the Sunbelt!
If you don rsquo;t know much about Radio Frequency ID (RFID), it rsquo;s time to get up to speed. This is (or will be) a hot topic.

This has pictures and more on RFID if you need to get caught up. I rsquo;ve also blogged a on this issue.
There is activity going on here driven by commercial and government interests.

Companies like WalMart want RFID tags on pallets to track inventory and local governments use them for things like toll-passes.
Well that brings to mind a kind of obvious privacy issue.

Q: Where were you on the night of the 15th?

A: I was at my friend rsquo;s house playing cards.
Q: Oh really hellip; Then why is that you went on this toll-road at 9:12 pm using your smart pass?

So there rsquo;s certainly discussion about the potential privacy implications.

I forwarded a about RFID privacy issues to a friend of mine who is an executive with an RFID company. But his response was more pragmatic: ldquo;Nonsense..

..It's hard enough to get them to work consistently at any distance!

rdquo;
Today, the BBC had an article about RFID.
Changes brought about by the internet will be dwarfed by those prompted by the networking of everyday objects, says a report by a UN body.

hellip;Radio Frequency Identification (RFID), sensors, robotics and nanotechnology will make processing power increasingly available in smaller and smaller packages so that networked computing dissolves into the fabric of things around us.

The result could mean remote controls embedded in clothing, cars that alert their driver when they have developed a fault, managers who check on workers through the RFID devices embedded in their phones, and bags that remind their owners that they have forgotten something.

What do you think about RFID privacy implications? A or a real problem?

hellip;This is huge news for our industry, as this certification program finally levels the playing field by creating a third-party legitimizing mechanism with universally-accepted standards.
hellip;The question will be asked, ldquo;Does this legitimize adware? rdquo;
The answer is categorically yes.

Millions upon millions of consumers around the world have knowingly been saying that for many years. Zealots will continue to disparage targeted advertisements while real-world users and real-world advertisers know they are more effective and helpful than page-embedded advertising. [My emphasis]

hellip;The number of keyloggers unleashed by hackers exploded this year, soaring by 65 percent in 2005 as e-criminals rush to steal identities and information hellip;

In the couple of dozen keyloggers we rsquo;ve found since early August, I would guess that perhaps a total of 8,000 people were actually infected with them.
So while I do want people to be well informed, I rsquo;m getting equally concerned that people are unplugging from the lsquo;net because of the fear of this stuff. There is bad stuff but it rsquo;s not like the sky is falling.

You rsquo;ve probably seen these ldquo;Bots rdquo; on instant messenger programs. My kids all played with the one.
Well, AIM has added a Bots group to the AIM buddy list.

You can ask bots about movies, shopping, etc. Also, it rsquo;s salvation for the delusional ( rdquo;my computer is talking to me! rdquo;) and lonely ( rdquo;why won rsquo;t my computer talk to me?

rdquo;).
Today, TRUSTe a new program to certify software. It rsquo;s focused primarily on adware.

It rsquo;s a whitelist of programs that have passed certification. These programs can then access ostensibly broader networks of distribution because they have passed the certification.
This well-intentioned move does have some meat to it.

You can see the influence of the on the documents. These are not "light" requirements. The requirements are actually fairly stringent and from that standpoint, I rsquo;m impressed.

To be placed on the whitelist, adware and trackware must prominently disclose the types of advertising that will be displayed, personal information that will be tracked, and user settings that may be altered, and must obtain user opt-in consent for the download. An easy uninstall with clear instructions must be provided, and advertisements must be labeled with the name of the adware program. Program participants must maintain separate advertising inventory for users of certified applications.

To move legacy users to certified advertising inventory, they must obtain new opt-in consent.
Executive summary . Full requirements document .

(These are Word docs that I can only presume are safe. I really wish they would have used PDF!)
So what rsquo;s the problem?

I rsquo;m concerned that Truste is, in effect, legitimizing adware and that's a bigger issue.
The larger, "mainstream" adware companies such as Claria and WhenU (assuming they get certified) will now have the ability to greatly increase their distribution network, under the cloak of "certification".
Now, this is not a certification that's outward facing mdash; it's a whitelist used by web sites owners to determine if the app is "acceptable" to put on their site.

Hmmm...

ok. Let's keep in mind that it's still adware that will spawn ads in the user's face.
It's redolent of the Act of 2003.

It turns out that CAN SPAM really did mean that mdash; you could spam. CAN SPAM effectively created a safe-harbor for companies, when in fact, the question should be asked: Why are we getting the spam in the first place?
Who needs adware in the first place?

What is the real quid-pro-quo that the user is getting?
Installing a program like Weatherbug, which displays advertisements inside its application (and is itself something that has real use), is a far cry from an application that spawns pop-ups while the user is surfing. Or provides ldquo;targeted rdquo; search results.

No matter how much disclosure you layer on top of it, the user should be getting a fair exchange and there's a lot of soft factors mdash; will users really understand that search results, for example, might be sponsored and not actual organic results?
Note I rsquo;m not an anti-advertising zealot. But should we be even going down the slippery slope of effectively condoning adware as a concept?

Your thoughts are welcome.
Jeremy Wagstaff at the Wall Street Journal has a good blog today about so-called ldquo;grassroots rdquo; sites that are actually run by corporate interests.

You rsquo;re familiar with the faux blog mdash; a blog launched by a marketing company to look like a grassroots blog to promote a product, but actually maintained by PR drones.

Naff is probably the word that springs to mind. But how about the faux community site? What word springs to mind when you visit YourPointofView.

com, a website set up by marketing company Despite all the flash (and there rsquo;s lots of it), it seems to be community-oriented, interested in your point of view on gorillas, organic food, sports fans and the like. Your point of view is sought, sort of. Click on a window and another window pops up, letting you select from a drop down list of choices (no, you can rsquo;t type anything in) and then you rsquo;re taken to another window where you have to register and then offer some personal information (approach to life?

realist/optimist/surrealist/pessimist) and then it goes on. Call it a survey pretending to be interested in you, so long as your choices are listed among their choices. So what rsquo;s the point?

There rsquo;s a ton of incredibly misleading information out there spawned by corporate interests.
Earlier we about Google Base.
Help the world find your content.

Google Base is a place where you can add all types of information that we'll host and make searchable online.
You can describe any item you post with attributes, which will help people find it when they search Google Base. In fact, based on the relevance of your items, they may also be included in the main Google search index and other Google products like Froogle and Google Local
There rsquo;s been out that Time Warner will be making its back catalog of old TV shows for a new Internet service.

Digital analyst is actually a bit impressed, and has this to say about it:

Congratulations to Time Warner ...

for taking the biggest step yet to launch an "Internet of Video". The plans by Warner Brothers to make their back catalog of old TV shows available for a new Internet service, termed In2TV, early next year is to be vigorously applauded by those of us who want to see Digital Media come-of-age. They have 4,800 episodes from more than 100 old television series that they'll be distributing at the AOL portal.

There are five reasons why we think this is significant.

First, the content has genuine value to consumers. Some of the programs include such formerly popular ones as Maverick, Welcome Back Kotter, Eight is Enough, and The Fugitive.

It is not oddball programming from the lunatic fringe.

Second, they're free. Programs on In2TV will be advertising supported, but will have only one or two minutes per half-hour episode as compared to today's standard of eight minutes on regular network shows.

Third, more than any initiative since satellite television, this one promotes the benefits of competition into the video-to-the-home market where the Cable TV companies have been exercising the power of a gatekeeper for too long. Cable companies have abused their near monopoly power in two ways. First, they sometimes require program originators to pay them money for the privilege of being "carried" on the system.

In such instances they "double dip" by charging the viewers a monthly fee to see the programs. Second, they often structure subscriptions in such a way that the consumer has to pay for things that she doesn't necessarily want in order to gain access to the services she does want. For example, you often cannot get video-on-demand without first becoming a digital cable subscriber.

That means you pay an incremental monthly fee, merely to have the "right" to pay a "pay-per-view" fee as well.

Fourth, AOL will be using Peer-To-Peer technology in order to economically distribute the video. This is significant because it underscores the point that the first uses of a technology are not always good predictors of the ultimate uses.

As anyone not living in a cave for the past five years will recognize, the P2P concept was first popularized by Shawn Fanning's Napster and was universally condemned by the media companies owing to the initial use characterized by the unauthorized sharing of copyrighted music files. Time Warner's intent to employ legitimate P2P distribution via Kontiki's network illustrates how important it is that courts avoid outlawing an entire technology merely because its first user engage in illegal activity.

To see an audio-visual interview with Kontiki's CEO, visit and click on the show for October 24, 2005.

Fifth, it seems almost certain that the initiative will evolve into the first major application of video podcasting. People who want to watch the programs are very likely going to want to subscribe to them. For example, if you are a big fan of James Garner's Maverick, you'd rather have each episode automatically delivered to your computer than to be required to visit the AOL portal to see if additional episodes have been posted.

If In2TV does become the first important instance of video podcasting, it is likely to be good for Microsoft and, not-so-good for Apple. That's because it will promote the awareness that RSS delivery of Digital Media is not exclusive to the iPod. Most subscribers will be viewing these programs on their computers.

It is not yet even known if they will play on the iPod.

Office Letter reader Lyn Hancock wrote to share her list of shortcuts for Word.

She began several years (and several Word versions) ago collecting the information and when she discovered something new would update the list. It's still a work in progress -- but you'll find her years of work helpful. You can download this lengthy set of shortcuts and keyboard templates (this is a Word document, not a PDF).

Thanks to the for this tip.

We took a detailed look at the software and discovered that it is indeed possible for an attacker to exploit this weakness. For affected users, this represents a far greater security risk than even the original Sony rootkit.
The consequences of the flaw are severe.

It allows any web page you visit to download, install, and run any code it likes on your computer. Any web page can seize control of your computer; then it can do anything it likes. That rsquo;s about as serious as a security flaw can get.

And, Sony is recalling the CDs hellip; (USA Today link )

Sony BMG Music Entertainment said Monday it will pull some of its most popular CDs from stores in response to backlash over copy-protection software on the discs hellip;.Sony also said it will offer exchanges for consumers who purchased the discs, which contain hidden files that leave them vulnerable to computer viruses when played on a PC.
"Sony BMG deeply regrets any inconvenience to our customers and remains committed to providing an enjoyable and safe music experience," the company said.

Sony says more than 20 titles have been released with the XCP copy-protection software, and of those CDs, over 4 million have been manufactured, and 2.1 million sold.

Turns out, the uninstaller activex marks itself safe for scripting, and has plenty of interesting methods available for everyone to use. Although I have not analyzed them in depth, I have tested one of them to confirm it really does what I think it does. It's called "RebootMachine".

If you have installed Sony's ActiveX control, follow the link to invoke the RebootMachine method. I don't even want to know what the ExecuteCode method does..

.
The InstallUpdate method seems to download a file in XCP.DAT format, extract a dll from it and then execute stuff.

So far I haven't analyzed the code enough to determine if it's exploitable, but I'm guessing it doesn't do any significant verification - meaning this ActiveX control could have exploitable remote code execution hole in it by design. NEEDS URGENT VERIFICATION! If anyone has working uninstall link, please view the source for page at every step and check the javascript it uses.

I'd like to see how these methods are supposed to be used.
I rsquo;ll see if I can hunt more down on this topic.
Did you know that it rsquo;s the 194th anniversary of the Luddite uprisings?

You rsquo;ve often seen me use the term ldquo;Luddite rdquo; in this blog.
Luddite, of course, refers to the 19th century movement in England that attempted to overthrow advances in technology. It rsquo;s also a term generally used for those who oppose technology.

Luddite: NOUN: 1. Any of a group of British workers who between 1811 and 1816 rioted and destroyed laborsaving textile machinery in the belief that such machinery would diminish employment. 2.

One who opposes technical or technological change
But did you know that November 1811 was when the Luddite uprisings started? From Wikipedia:

The original Luddites claimed to be led by one Ned Ludd (also known as "King Ludd", "General Ludd" or "Captain Ludd") who is believed to have destroyed two large stocking-frames that produced inexpensive stockings undercutting those produced by skilled knitters, and whose signature appears on a "workers' manifesto" of the time. The character seems to be based on a local folk tale about someone whose motives were probably quite different (frustration, and not anti-technology).

The movement began in Nottingham in 1811 and spread rapidly throughout England in 1811 and 1812, with many wool and cotton mills being destroyed, until the British government harshly suppressed them. The Luddites met at night on the moors surrounding the industrial towns, practising drilling and manoeuvres and often enjoyed local support. The main areas of the disturbances were Nottinghamshire in November 1811, followed by the West Riding of Yorkshire in early 1812 and Lancashire from March 1812.

Battles between Luddites and the military occurred at Burtons' Mill in Middleton, and at Westhoughton Mill, both in Lancashire. It was rumoured at the time that agent provocateurs employed by the magistrates were involved in stirring up the attacks. Magistrates and food merchants were also objects of death threats and attacks by the anonymous General Ludd and his supporters.

"Machine breaking" (industrial sabotage) was made a capital crime (Lord Byron, one of the few prominent defenders of the Luddites, famously spoke out against this legislation), and seventeen men were executed after an 1813 trial in York. Many others were transported as prisoners to Australia. At one time, there were more British troops fighting the Luddites than against Napoleon Bonaparte on the Iberian Peninsula.

Three Luddites ambushed a mill-owner, the luddites responsible were hanged and shortly after old style 'Luddism' died away.
However, the movement can be seen as part of a rising tide of English working-class discontent in the early 19th century (see, for example, the Pentrich Rising of 1817, which was a general uprising, but led by an unemployed Nottingham stockinger, and probable ex-luddite, Jeremiah Brandreth).
In recent years, the terms Luddism and Luddite or Neo-Luddism and Neo-Luddite have become synonymous with anyone who opposes the advance of technology due to the cultural changes that are associated with it.

Join the party! Comment away.
Looks like the Sony BMG rootkit contains LAME (an open-source MP3 encoder) and that they (or First 4) are not in compliance with the terms of the LAME license.

This software is licensed under the so called Lesser Gnu Public License (LGPL). According to this license Sony must comply with a couple of demands. Amongst others, they have to indicate in a copyright notice that they make use of the software.

The company must also deliver the source code to the open-source libraries or otherwise make these available. And finally, they must deliver or otherwise make available the in between form between source code and executable code, the so called objectfiles, with which others can make comparable software.
Of course, Sony BMG got this rootkit from First 4, so perhaps First 4 didn’t do their homework.

Eric Howes sent me this earlier. We see a 180 Solutions installer at a site for a 2nd grade class site:
Now, this is because the good teacher Mrs. Hall is hosting her site at Cjb.

net, unwittingly spawning spyware on The Innocent. She has been contacted by us as she has no idea this is going on.
Testing this site on a non-SP2 XP system, I received the same ActiveX dialog box after simply hitting refresh once or twice.

On a patched SP2 system, I did not receive it, instead getting popups for pharmacies, online dating services and casinos.
Suzi has blogged on this as well, .

hellip;there are several problems with this scenario, not the least of which is the misleading text in the security warning (ActiveX) box.

It says ldquo;Website Access By Zango Search Tools rdquo;. There rsquo;s an implied meaning that in order to view the website, one needs to download the ldquo;Website Access rdquo;, whatever that is. Not true!

!
What kind of page is that and who is going to be viewing it? It says ldquo;Come on in to Mrs.

Hall rsquo;s second grade class [...

] rdquo;. It looks to me like a page Mrs. Hall made for her second grade students and their parents.

Nice. I rsquo;m sure Mrs. Hall meant well.

How old are second graders? Six or seven, depending on when their birthday is. Can 6 or 7 year olds enter into contractual agreements?

No. Will 6 or 7 year olds know what that warning means? No.

Will they click yes because they want to see what rsquo;s on the page? Most likely. Are they going to click the link that says ldquo;Website Access By Zango Search Tools rdquo; and read the EULA?

I think not. Here rsquo;s another short clip to show what happens when you click ldquo;Yes rdquo;. .

Notice at 0:58 I click ldquo;Yes rdquo; and the license agreement comes up again. Note the box that says ldquo;I am 18 or older hellip; rdquo; is checked by default. The wide, short window is known to be the most difficult for users to read as well.

The text at the top of the EULA window says ldquo;The content on this site is FREE thanks to Zango rdquo;. There rsquo;s another misleading statement. At CJB.

net, the webhosting is ldquo;free rdquo;. It has absolutely nothing to do with the website content. More about CJB.

net in a bit.

For some reason this event was never listed in the ad:tech program, which is a shame; every single one of the conference attendees could have stood to hear what Edelman had to say mdash;whether to educate themselves on the danger that Spyware poses to the industry at large, or to defend themselves against the claims he rsquo;s made about ad networks rsquo; and affilates rsquo; role in promulgating Spyware (at least one company with a staff member in attendance mdash;Commission Junction mdash;tried to do just that, with somewhat middling success). rdquo;
Ben rsquo;s Powerpoint presentation is, in fact, outstanding and you can see it .
Don rsquo;t forget when you rsquo;re dumping an old PC or server, you need to .

An interesting tool that was mentioned for that purpose over at is Darik rsquo;s Boot and Nuke (DBAN). It rsquo;s apparently especially useful if you rsquo;re looking to nuke a drive using something like DoD compliance. Put it on a floppy and off you go.

Darik's Boot and Nuke ("DBAN") is a self-contained boot floppy that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.

One of its features is the ability to ldquo;bulk delete rdquo; hard drives hellip;
The recent focused on Enternetmedia rsquo;s use of blogs to propagate spyware.
Spyware buster emailed me an absolute treasure yesterday, a great video of something else mdash; Enternetmedia rsquo;s being installed with absolutely no notice and consent and not even an add/remove entry (you have to remove it through the toolbar itself or at Searchmiracle rsquo;s website). In his video, he downloads a game called Balloon Pop from Lookoutsoft.

net ( ) and subsequently got a stealth-install of SearchMiracle.
So last night and today, I tested it and sure enough, Roger is right. This is nasty.

I go to install this stupid Balloon Pop game and get absolutely no EULA. Nothing. Now, we rsquo;re jaded, but this is usually the practice of CoolWebSearch gang types, not this type of operation.

Then, look at my Add/Remove after:
Instant mess. Not only did I get Search Miracle, but I also got 180 Search Assistant and Internet Optimizer mdash; all without any notice, disclosure, consent, anything. Just ldquo;poof rdquo;.

The 180 Search Assistant didn rsquo;t even give me that new little ldquo;S3 rdquo; dialog that they rsquo;re using now (which tells you that 180 is being installed). This shows that Lookoutsoft is using an older version of 180 Search Assistant.
And of course, along the way I get this popup from Adult Friend Finder.

What if a kid had installed this game?
Now, notice there is no add/remove for this install of SearchMiracle/Elite Toolbar. You have to either go to searchmiracle.

com and use their uninstaller, or do it through the toolbar:
*Please note that all software produced by Visaid Development is ad supported. We appologize [sic] for any inconviences [sic] this may cause you. This is necessary to insure that everything produced by Visaid Development, Inc.

may remain free and full version. All ad bundles are created by third party affilliates [sic] and verfied [sic] for your safety by Visaid Development, Inc. Any ad placements bundled with software produced by Visaid Development, Inc.

may simply be removed by going to Start Control Panel Add/Remove Programs. Visaid Development, Inc. accepts no responsibility for any actions taken by it's advertisers and included advertisement bundles.

Right. So you bury the fact that you rsquo;re stealth installing spyware in a Contact page. And you can rsquo;t spell worth a damn.

You guys are jackasses.
Checking around the rest of their site, one sees that their main product is Easy Guitar Tabs Maker Pro, which is also ad-supported. However, at least in the case of downloading that product, you get a EULA (actually a number of them, since a lot of crap is installed with this guitar program).

Daniel Cuthbert, a security expert, was suspicious of a a charity site for Tsunami victims and performed a simple test. He ended up getting convicted of gaining unauthorized access.
Man, that was BS.

Martin O'Neal, director at Corsaire, confirmed Friday that Cuthbert had actually joined the company before his trial. O'Neal, though, isn't worried that one of his employees is a high-profile breaker of the Computer Misuse Act (CMA).
"The reason being, we've known Daniel for a long time.

He was well known in the security industry, even before the case. His integrity has never been called into question," O'Neal told ZDNet UK on Friday.
under the Computer Misuse Act of gaining unauthorized access to an appeal site for victims of the Asian tsunami in December 2004.

Cuthbert said in court that he had made a donation and then became concerned that he'd fallen victim to a phishing scam. To check, he added "..

/../.

./" to the URL in an attempt to access the site's higher directories--an action that triggered an alarm.
Security experts and ZDNet readers have expressed concern about the conviction.

O'Neal shares this view.
"As for the conviction, it's frankly ridiculous. It highlighted how untried and untested the CMA is.

The main problem is how you define unauthorized access and intent in the context of an open Web server," O'Neal said.
Yup.
The story on got posted to .

Unfortunately, Slashdot referred to the situation us being ldquo;sued rdquo;, which is incorrect (the Ziff Davis story didn rsquo;t say that and neither have we).
I made a clarifying the situation and interestingly, got a reply from the Spymon fellow (no name on the post). Here rsquo;s what he said:

hellip;I've been trying to get this Slashdot article amended - but nobody here is apparently listening - maybe you will have better luck.

Looks like you have a lot of supporters (based on the various death threaths [sic] we have had) and ideally we could come to some sort of compromise where antispy/antivirus software would tell the user that (if its a commercial program) that the "trojan" is a non-destructive commercial program. In return the commercial software could tell the anti-virus software house how to safely delete it and put a marker so it will not return.

Nah, no one has to go that far.
Anyway, we ended up having an exchange, which you can view .
Strange day.

Clearly, it rsquo;s because they rsquo;ve been reading my blog that they finally took ! (well, maybe).

hellip;Music publisher Sony BMG said on Friday it would stop making CDs that use a controversial technology to protect its music against illegal copying.

"As a precautionary measure, Sony BMG is temporarily suspending the manufacture of CDs containing XCP technology," it said in a statement.

Fipping through, there are some interesting statements in there, which I rsquo;ve highlighted in bold:

hellip;These terms constitute your license agreement. Please read it and don't wait for the movie version. This is a legal contract between you and iMesh, Inc.

( ldquo;iMesh rdquo;) that governs your use of iMesh's online music services available at www.imesh.com consisting of the iMesh subscription service (the ldquo;Subscription Service rdquo;) and the iMesh download sales service (the ldquo;Download Service rdquo;, together with the Subscription Service, constitute the ldquo;Service rdquo;) hellip;We recommend you grab a glass of water before reading the rest.

To agree to these terms, click ldquo;AGREE rdquo; where indicated. If you do not agree to these terms, do not click ldquo;AGREE, rdquo; and do not use the Service. If you're not sure, think about it a little and then decide.

But you have to decide. Our lawyers worked hard to make this contract understandable. We wanted to take this opportunity and say ldquo;Thank you rdquo;.

hellip;To access the Service, you will need to install or activate from time to time the iMesh proprietary (isn't this a cool word?) software application hellip;Drink milk.

By now you are probably asking yourself, ldquo;what is a Sample? rdquo; Well, here it is - a ldquo;Sample rdquo; is a portion of a Song or, in some cases, an entire Song that you can play directly from and while logged on to the Service on a promotional basis at no cost to you. You may play as many samples as you want.

. In fact, you can even go to bed listening to these Samples hellip;. Please be nice to our Samples, they are very sensitive.

hellip;Any security technology that is provided with a Song is an inseparable part of the Song. Please don't try to separate them. They really like each other.

The burning or transfer capabilities provided for herein shall not operate to waive or limit any rights of the copyright owners in the Songs or any works embodied in them. Don't cheat.
Don't use iMesh to steal music!

If you violate the copyright laws or any other intellectual property laws, fines or criminal charges may be brought against you. You may even go to jail. Do you really want to go to jail?

They may not let you take your iMesh with you.
hellip;In no event will such parties be liable for the removal of or disabling of access to any such products, Content or materials under this Agreement. MusicNet and iMesh and their licensors may also impose limits on the use of or access to certain features or portions of the Service, in any case and without notice or liability.

Sorry.
Customer Support. Please direct any questions concerning the Software, the Service, billing and/or usage rules to an iMesh customer service representative by contacting us from: http://wa.

imesh.com/support/bugreport/ . Questions about the meaning of life, the universe and everything should not be directed to iMesh.

We are totally clueless.
Instant Messaging and Public Areas. iMesh is a community.