Best summary of 2005.

At least, as far as I’ve seen today.

You know what’s funny? The press is calling the exploit that’s doing the rounds right now “a bug in windows”. This turns out to be untrue – what the exploit is doing is using windows as designed. Read this article:

[Quote:]

The problem with the WMF (Windows Metafile) file format turns out to be one of those careless things Microsoft did years ago with little or no consideration for the security consequences.

Almost all exploits you read about are buffer overflows of some kind, but not this one. WMF files are allowed to register a callback function, meaning that they are allowed to execute code, and this is what is being exploited in the WMF bug.

This means a picture can tell windows “if you draw me, execute this code for me as well”. Windows is designed to do that. Amazing. What’s even more amazing is that, with the recent “we’re oh so focused on security, believe us” campaign by Microsoft they still didn’t manage to catch this.

And if it’s the anti-virus companies you’re depending on: forget it. This particular malware can do all kinds of crap to your system, an no alarm bells ring. They’re supposed to be another line of defense for this kind of stuff, and they are not.

If you make one new years resolution, let it be this one: switch away from microsoft as the operating system you’re working on!

[Quote:]

Techshout.com reports that a new, deceptive Trojan Horse program has surfaced. The program is engineered to produce fake Google ads that are formatted to look like legitimate ones. The ads are incorporated in Google AdSense, the program that lets website owners display ads from Google’s list of advertisers. The Trojan Horse apparently downloads itself onto an unsuspecting computer through a web page and then replaces the original ads with its own set of malicious ads.

Since the Trojan Horse makes the deceptive ads look like normal Google ads, the program was nearly impossible to detect by the general public. However, Raoul Bangera, an Indian web publisher, discovered the bogus program and contacted the Google AdSense team. Bangera emailed the team a number of cases, including various screenshots, log files of an infected computer and system files as proof. The AdSense team validated the news saying, “We can confirm from the screenshots that these are fake Google ads, formatted to look like legitimate ads. We agree that this phenomenon is likely the result of malicious software installed on your computer.�?

And another one..

Bill Gates’ predictions about speech recognition: a historical review.

You know where to find a place on the map, but you’ve never seen it? Try this.

[Quote:]

Meet Obi-Wan Kenobi, Anakin Skywalker, Chewbacca and Yoda the Jedi Master as you’ve never seen them before! Good and evil clash, and creativity saves the day when the heroic Jedi Knights battle the villainous Sith for control of the galaxy in this mini movie.

Lego style, of course.

[Quote:]

In 2002, Botswana became the first African country to offer free treatment to all who needed it. With more than a third of adults infected, many doubted it could fulfill the promise.

But the largely desert nation now has half the estimated 110,000 people in immediate need on life-prolonging anti-retroviral medicines, showing that treatment is possible on the world’s poorest continent.

“If HIV was left to take its course, this country would be literally destroyed both economically and socially,” said Segolame Ramotlhwa, operations manager for the national treatment program dubbed Masa, or New Dawn. “Not treating is not an option.”

[Quote:]

Another one here

[Quote:]

A Texas golf course, a Nevada tanning salon and an Illinois candy shop were among small businesses that may have improperly received U.S. subsidized loans intended for firms hurt by the September 11 attacks, an internal government watchdog has found.

The Small Business Administration’s inspector general said in a report made public on Wednesday that in 85 percent of the sample of loans it reviewed, a company’s eligibility to receive the money through the program could not be verified.

An Iraqi man looks at the wreck of a car, according to residents the result of a battle tank driving through a narrow street during a pre-dawn raid by the U.S. military, in a neigborhood in Baghdad, Iraq, Thursday Dec. 29, 2005. (AP Photo/Hadi Mizban)

[Quote:]

Girard Gibs and Kamber and Associates sued Sony BMG, First 4 Internet and SunnComm International last month in regard to the Sony rootkit mess.

We have obtained a copy of a preliminary settlement that was filed today seeking judicial approval for a settlement in the Sony case.

The proposed settlement is as follows:  

Under the terms of the settlement, Defendants agree to:

• stop manufacturing SONY BMG CDs with XCP software (“XCP CDs”) and SONY BMG CDs with MediaMax software (“MediaMax CDs”);

• immediately recall all XCP CDs;

• provide software to update and uninstall XCP and MediaMax content protection software from consumers’ computers;

• ensure that ongoing fixes to all SONY BMG content protection software are readily available to consumers;

• implement consumer-oriented changes in operating practices with respect to all CDs with content protection software that SONY BMG manufactures in the next two years;

• waive specified provisions currently contained in XCP and MediaMax software End-User Licensing Agreements (“EULAs”);

• refrain from collecting personal information about users of XCP CDs or MediaMax CDs without their affirmative consent; and

• provide additional settlement benefits to Settlement Class Members including cash payments, “clean” replacement CDs without content protection software, and free music downloads.

Much more reading in the proposed settlement, which you can read here.

As somebody on slasdot correctly notes:

These people literally have their boot on Sony’s throat. This could be a watershed moment in the “IP” war for individual rights. And instead, what do we get?

* Sony does not have to undo their vandalism to anyone’s computers or provide cash compensation for their victims to do so (although they may have to fix unintentionally created security vulnerabillities)
* Future similar DRM schemes are legitimized as long as they are disclosed on the jewel case and in the EULA, and an uninstaller is provided
* The role of the EULA in this fiasco is implicitly legitimized (the entire concept of a “EULA,” for those few who don’t know, is largely an obnoxious legal fiction – sans UCITA, anyway)
* Collection of personal information in media products is legitimzed (“only for purposes of providing enhanced functionality” – LOL!)

This is a love letter to Sony, and a “go ahead” signal to expand “open season on your computer” into the entire market.

Solution: never buy another Sony product for doing what they did, and never buy another MS product for enabling them to do it.

[Quote:]

With Tony Blair and Jack Straw cornered on extraordinary rendition, the UK government is particularly anxious to suppress all evidence of our complicity in obtaining intelligence extracted by foreign torturers. The British Foreign Office is now seeking to block publication of Craig Murray’s forthcoming book, which documents his time as Ambassador to Uzbekistan. The Foreign Office has demanded that Craig Murray remove all references to two especially damning British government documents, indicating that our government was knowingly receiving information extracted by the Uzbeks through torture, and return every copy that he has in his possession.

Craig Murray is refusing to do this. Instead, the documents are today being published simultaneously on blogs all around the world. The first document contains the text of several telegrams that Craig Murray sent back to London from 2002 to 2004, warning that the information being passed on by the Uzbek security services was torture-tainted, and challenging MI6 claims that the information was nonetheless “useful”. The second document is the text of a legal opinion from the Foreign Office’s Michael Wood, arguing that the use by intelligence services of information extracted through torture does not constitute a violation of the UN Convention Against Torture.

Document #1 (PDF)

Document #2

Craig Murray stood up for what many of us believe, and it cost him his Job, his health, and his professional reputation. The least we can do his stand by him as he defies the UK government’s attempts at censorship, and possible prosecution.

Craig Murray comments:

I am in discussion with the FCO over what I am and am not allowed to publish in my book. The FCO is seeking to gut the book of all evidence of complicity with the Uzbek regime.

With Bliar cornered on extraordinary rendition, they are particularly anxious to suppress all evidence of our complicity in obtaining intelligence from Uzbek torture.

In particular, they have demanded I do not publish the attached documents, and that I hand over all copies of them.

The obvious answer to this is to post these documents as widely on the web as possible. This is also potentially very valuable in establishing that I am not attempting to make money from these documents – you don’t have to buy my book to see them, they are freely available. If you buy the book, you are only paying for the added value of my thoughts.

This will only work if we can get the [documents] very widely posted, including on sites in the US and elsewhere outside the UK … there is a chance that those who … post this stuff will get threatened under the Official Secrets Act.

In March 2003 I was summoned back to London from Tashkent specifically for a meeting at which I was told to stop protesting. I was told specifically that it was perfectly legal for us to obtain and to use intelligence from the Uzbek torture chambers.

After this meeting Sir Michael Wood, the Foreign and Commonwealth Office’s legal adviser, wrote to confirm this position. This minute from Michael Wood is perhaps the most important document that has become public about extraordinary rendition. It is irrefutable evidence of the government’s use of torture material, and that I was attempting to stop it. It is no wonder that the government is trying to suppress this.

Craig

(update Changed the links to the documents to copies on my own server. The wider they are distributed, the more difficult it becomes to suppress. -John)

Update 2 This story was give 15 minutes on the BBC Radio4 News today, almost half the programme.
Update 3 There’s the text of an excellent speech by Craig Murray here. It gives a very full background on Uzbekistan and President Karomov’s relations with the USA and the UK.
Disturbing reading…

[Quote:]

Spying on Americans by the super-secret National Security Agency is not only more widespread than President George W. Bush admits but is part of a concentrated, government-wide effort to gather and catalog information on U.S. citizens, sources close to the administration say.

Poindexter admits the program was quietly moved into the Pentagon’s “black bag�? program where it does escapes Congressional oversight.