|
|
|
*HOT* Tech News And Downloads, I Would Read This Thread And Post Any Good Info
|
|
AfterDawn Addict
|
9. April 2007 @ 08:38 |
Link to this message
|
How to Secure Your Wireless Network
Following a few easy steps can ensure that no one intercepts your Wi-Fi traffic.
Becky Waring
Monday, April 09, 2007 01:00 AM GMT-08:00
Almost all of us have jumped onto someone else's unsecured Wi-Fi network. There's little harm in that if you're just an honest soul looking for an Internet connection.
But if you're the owner of an unsecured network, you should be aware that the world's not made up entirely of honest souls--and it's not hard for the dishonest ones to see exactly what you're doing on your network. Sound scary? Here's how to fix the problem.
Q. What are WEP and WPA encryption, and which should I use?
A. The first line of defense for your Wi-Fi network is encryption, which encodes the data transmitted between your PC and your wireless router. Unfortunately, most routers ship with encryption turned off, and many users don't turn it on, leaving themselves completely exposed. If you haven't already, enable your router's encryption, and use the strongest form supported by your network. The Wireless Protected Access (WPA) protocol and more recent WPA2 have supplanted the older and less-secure Wireless Encryption Protocol (WEP).
Go with WPA or WPA2 if at all possible, since WEP is relatively easy to crack. (You have to use the same form on all devices on your network; you can't mix WEP and WPA.) The keys used by WPA and WPA2 change dynamically, which make them nearly impossible to hack. Use a strong password for your encryption key, such as a combination of letters and numbers of 14 characters or more.
If you have an older router that supports WEP only, you'll be safest if you use 128-bit WEP keys--but also check the manufacturer's Web site for a firmware update that will add WPA support. If it doesn't look like an update is likely, consider replacing old adapters and routers with newer models that support WPA. Look for a router that supports the hybrid WPA + WPA2 mode, which lets you use the stronger WPA2 encryption with adapters that support it, while still maintaining compatibility with WPA adapters.
Make sure you change the default network name and password on your router. Doing so will make it much more difficult for hackers to break into your router and commandeer its settings.
Q. If my router has a firewall, why do I need these added security measures?
A. The firewall built into your router prevents hackers on the Internet from getting access to your PC. But it does nothing to stop people in range of your Wi-Fi signal from getting onto your network--and with the latest high-performance equipment, your Wi-Fi signal could reach clear down the block. Without encryption and other protective measures, anyone can use readily available tools to see all your Wi-Fi traffic.
For extra protection, you should run software firewalls on the individual PCs on your network. Some good options are Zone Labs' ZoneAlarm, available as a free download or in the ZoneAlarm Internet Security Suite 2006, and Agnitum's Outpost firewall Free.
Q. How can I secure my notebook at public Wi-Fi hotspots?
A. Since public hotspots generally don't use encryption, you should assume that anyone can see your Internet traffic unless you take precautions.
* Make sure it's a legitimate hotspot: Nefarious types have been known to set up pirate routers with familiar SSID names like "wayport" or "t-mobile," and then use them to capture unsuspecting users' log-on information and other private data.
* Verify that your PC's software firewall is turned on, and that Windows' file-sharing feature is off; it's off by default in Windows XP with Service Pack 2. To check this setting, open Control Panel and choose Windows firewall (you may have to click Security Center first in XP or Security in Vista). In XP, select the Exceptions tab, and look in the Programs and Services to make sure "File and Printer Sharing" is unchecked. In Vista, click Change settings, then select the Exceptions tab and follow the instructions for XP.
* Never send bank passwords, credit card numbers, confidential e-mail, or other sensitive data unless you're sure you're on a secure site: Look for the lock icon in the bottom-right corner of your browser, as well as a URL in the address bar that begins with https. Such sites build in their own encryption.
* Always turn your Wi-Fi radio off when you're not at a hotspot: Hackers can use it to create peer-to-peer Wi-Fi connections with your computer and access it directly.
* For better security, consider signing up for a paid subscription to a hotspot network such as Boingo or T-Mobile. Both companies provide connection software that encrypts your sessions automatically.
Q. What's a VPN, and how do I get one?
A. The best way to protect a public wireless link is by using a virtual private network, or VPN. VPNs keep your communications safe by creating secure "tunnels" through which your encrypted data travels. Many companies provide VPN service to their mobile and offsite workers, so check with your IT department for connection instructions.
You can also use a paid service such as Boingo's Personal VPN (free trial with Boingo subscription, $30 to keep), JiWire Hotspot Helper (10-day free trial, $25 per year) or Witopia personalVPN ($40 per year). All three of the services are simple to install and use.
You have one more security option: If you don't mind connecting through your home or office PC, you can log in to a public hotspot securely by using such remote-access programs as LogMeIn or GoToMyPC.
http://www.pcworld.com/article/id,130330/article.html
|
|
Advertisement
|
|
|
|
AfterDawn Addict
|
9. April 2007 @ 08:44 |
Link to this message
|
Top 10 Cell Phones
These are the best standard cell phones today, but ratings and rankings can change quickly due to pricing and technology changes, so check back frequently for the latest info.
By Liane Cassavoy
Wednesday, March 28, 2007, 02:00 PM GMT-08:00
Test Center About the Test Center
How We Test ? What Our Ratings Mean ? How the Charts Work
Compare
Use the Check Boxes to see a Side-by-Side Comparison
Rank Name PCW Rating
1
BEST BUY
RIM Blackberry Pearl
RIM Blackberry Pearl
Design: Candy bar
Carrier: T-Mobile
OS Supported: J2ME
Price When Reviewed: $250
Check latest prices
Bottom Line: This sleek cell phone adds a serviceable camera and multimedia features to BlackBerry's already terrific e-mail capabilities.
(Last Rated: March 26, 2007)
Full Review ? Test Report
84.9Very Good
2
Sony Ericsson W810
Sony Ericsson W810
Design: Candy bar
Carrier: Cingular
OS Supported: Proprietary
Price When Reviewed: $175
Check latest prices
Bottom Line: Sony draws on its Walkman roots to create this impressive cell phone/music player hybrid device.
(Last Rated: March 26, 2007)
Full Review ? Test Report
83.9Very Good
3
Motorola RIZR Z3
Motorola RIZR Z3
Design: Slide
Carrier: T-Mobile
OS Supported: Proprietary
Price When Reviewed: $150
Vendor's Web Site
Bottom Line: This well-designed multimedia phone focuses on user satisfaction, though its keys are a bit sticky.
(Last Rated: March 26, 2007)
Full Review ? Test Report
82.6Very Good
4
Motorola RAZR V3i
Motorola RAZR V3i
Design: Clamshell
Carrier: Cingular
OS Supported: Proprietary
Price When Reviewed: $200
Check latest prices
Bottom Line: Motorola's latest Razr features improved battery life and a built-in version of iTunes, but it won't replace your iPod.
(Last Rated: March 26, 2007)
Test Report
81.5Very Good
5
Samsung SCH-u740
Samsung SCH-u740
Design: Clamshell
Carrier: Verizon
OS Supported: Proprietary
Price When Reviewed: $200
Vendor's Web Site
Bottom Line: This phone features an innovative dual-hinge clamshell design with a QWERTY keyboard that makes for easy typing.
(Last Rated: March 26, 2007)
Full Review ? Test Report
80.5Very Good
Free Cell Phones
Shop free phone deals - Cingular, Sprint, Nextel, Verizon, T-Mobile.
www.wirefly.com
Cell Phones
Up to 5 free Phones with Cingular, Verizon Wireless, T-Mobile, Sprint.
www.cellularchoices.net
Get a New Cell Phone
Cingular, T-Mobile, Verizon & more. Free phones. Compare all providers.
www.LetsTalk.com
6
Sony Ericsson W300i
Sony Ericsson W300i
Design: Clamshell
Carrier: Cingular
OS Supported: Proprietary
Price When Reviewed: $180
Check latest prices
Bottom Line: This budget music phone sports a light, compact design, but is a little hard to navigate.
(Last Rated: March 26, 2007)
Full Review ? Test Report
80.0Very Good
7
Nokia 5300 Xpress Music
Nokia 5300 Xpress Music
Design: Slide
Carrier: T-Mobile
OS Supported: Nokia Series 40
Price When Reviewed: $150
Check latest prices
Bottom Line: This handset offers excellent music playback features and works well as a phone, too.
(Last Rated: March 26, 2007)
Full Review ? Test Report
79.9Good
8
LG EnV
LG EnV
Design: Clamshell
Carrier: Verizon
OS Supported: Brew
Price When Reviewed: $250
Check latest prices
Bottom Line: It isn't the slimmest cell phone around, but the EnV offers excellent messaging features and great multimedia options.
(Last Rated: March 26, 2007)
Full Review ? Test Report
79.0Good
9
T-Mobile SDA
T-Mobile SDA
Design: Candy bar
Carrier: T-Mobile
OS Supported: Windows Mobile
Price When Reviewed: $200
Check latest prices
Bottom Line: This bulky handset offers built-in Wi-Fi, so you can browse the Web and send e-mail and instant messages quickly and easily.
(Last Rated: March 26, 2007)
Full Review ? Test Report
78.8Good
10
Samsung SGH-T719
Samsung SGH-T719
Design: Clamshell
Carrier: T-Mobile
OS Supported: Proprietary
Price When Reviewed: $150
Check latest prices
Bottom Line: This handset offers impressive e-mail features, thanks to its built-in BlackBerry software, in a sleek form factor.
(Last Rated: March 26, 2007)
Full Review ? Test Report
go here to get more info
http://www.pcworld.com/article/id,125396-page,1/article.html
|
AfterDawn Addict
|
9. April 2007 @ 08:51 |
Link to this message
|
Norton Removal Tool (SymNRT) 2007.2.07.3
Author: Symantec
Date: 2007-04-09
Size: 798 Kb
License: Freeware
Requires: Win 2K/03/XP/Vista
The Norton uninstall tool uninstalls ALL Norton 2004/2005/2006/2007 products from your computer. It also uninstalls Norton Ghost 10.0/9.0/2003.
Removes:
- Norton AntiSpam 2004 2005
- Norton Antivirus 2003 - 2007
- Norton Ghost 2003 , 9.0 and 10.0
- Norton GoBack 3.1 - 4.2
- Norton Interet Security 2003 - 2007
- Norton Password Manager
- Norton Personal firewall 2003 - 2007
- Norton SystemWorks 2003 - 2006
- Norton Confidential Online 2007
Windows 98 and ME users should download this version.
download here
http://www.majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html
|
Member
|
9. April 2007 @ 09:35 |
Link to this message
|
|
ireland, Too bad they don't make removal tools for McAfee, HP, AOL and etc. That would make life a lot better. Thanks ireland for the Norton removal tool.
|
AfterDawn Addict
|
9. April 2007 @ 10:04 |
Link to this message
|
McAfee Consumer Product Removal Tool 2.0.109.1
Author: Mcafee
Date: 2007-03-16
Size: 549 Kb
License: Freeware
Requires: Win XP/2K/2003
Running the McAfee Consumer Product Removal tool (MCPR.exe) removes all 2005, 2006, and 2007 versions of McAfee consumer products.
Affected Products:
- McAfee Security Center
- McAfee VirusScan
- McAfee Personal firewall Plus
- McAfee Privacy Service
- McAfee SpamKiller
- McAfee Wireless Network Security
- McAfee SiteAdvisor
- McAfee Data Backup
- McAfee Network Manager
- McAfee Easy Network
- McAfee AntiSpyware
Using McAfee Consumer Product Removal tool:
- Double click the MCPR.exe
- A Command Line window will be displayed, and then close automatically.
- Wait for a second Command Line window to be displayed. Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.
- After the second window appears, the program will begin the cleanup.
- Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window: The machine must reboot to complete the un-installation. Reboot now? [y.n]
- Press Y on the keyboard.
- Wait for the computer to restart.
- All McAfee products are now removed from your computer.
download here
http://www.majorgeeks.com/McAfee_Consume...Tool_d5420.html
|
Member
|
9. April 2007 @ 10:24 |
Link to this message
|
|
Thanks again ireland, I was in Major Geeks to get the Norton removal tool and didn't look for McAfee but will look from now on at any site you post. Thanks
|
AfterDawn Addict
|
9. April 2007 @ 17:28 |
Link to this message
|
The fastest way to defragment your computer?
Apr 09, 2007 - 10:18 AM - by Digital Dave
The main site this was listed on has been "dugg", so a mirror site has been brought up.
Is this really the fastest way?
The never-ending two-step defragmenting process of Vista can soon become a thing of the past. With certain tools, we were able to cut defragmentation time of 25 GBs of files with Vista Ultimate from 82 minutes to 6 minutes!!! That is defragmenting 10X faster than the built-in Vista defragmenter! The tutorial also works with Windows 2000 and XP.
Defragment 10X faster
15Feb07
The never-ending two-step defragmenting process of Vista can soon become a thing of the past. With certain tools, we were able to cut defragmentation time of 25 GBs of files with Vista Ultimate from 82 minutes to 6 minutes!!! That is defragmenting 10X faster than the built-in Vista defragmenter! The tutorial also works with Windows 2000 and XP.
Right now, many things are probably whirling around in your head:
- Is this true? Yes, it is.
- Does it work? Yes. We will show you charts on hard drive fragments before and after defragmentation.
- This has got to cost money. Absolutely free.
These ?certain tools? we will be using are called contig.exe and PowerDefragmenter.
When we used these two programs, the results were as follows:
(Skip to the tutorial.)
Hard drive before defragmenting:
b4dfg1.jpg
8 minutes later:
afterdfg3.jpg
However, using the Windows Vista Defragmentation tool took longer? much longer. To further exaggerate the comparison, we ran the Vista Defragmentation Tool AFTER we had already defragmented that same drive with Contig and PowerDefragmenter. It took 8 minutes alone to analyze the drive. By now, contig.exe and powerdefragmenter would have already finished defragmenting a drive. On top of that, it took Windows Vista 75 more minutes to defragment the hard-drive. As you can easily see, the new tools we will introduce to you will greatly cut your defragmentation time.
Please note a different tool was used to display the charts above. The charts did not come from the programs used in the tutorial.
Tutorial:
The two programs that we have talked about work together to defrag your computer.
Click on the following programs to download them:
contig.exe (scroll to the very bottom of the page)
http://www.microsoft.com/technet/sysinte...isk/Contig.mspx
Power Defragmenter here and its free
http://www.softpedia.com/get/System/Hard...ragmenter.shtml
Once you have finished downloading these files, make sure they are both in the same directory or folder.
samedir.jpg
No installation is required. The next step is to run Power Defragmenter. Click next, and you will arrive at the screen below:
pwrdefgwdw.jpg
You may then select from the following options:
Defragment File(s): Allows you to defragment up to 4 files
Defragment Folder(s): Allows you to defragment up to 4 folders
Defragment Disk: Allows you to defragment a disk
PowerMode(TM) Disk Defragmentation: Defragments at a power equivalent to two consecutive defragmentations. Time does not necessarily double.
After you click next, just choose the desired drive, and you?re good to go.
When you are finished, the command prompt window will read ?Windows Disk Defragmenter??
Update: This is the only down-side to contig. It does not really tell you how well the fragmentation process went but as you could see from the visuals above, it is quite effective. If you wait 3-5 minutes before closing the window after the process is finished, the following statistics will be displayed:
- Hard Drive Space
- Free Space
- Largest free space extent
- Percent File Fragmentation
finish.jpg
Follow-up:
Many are saying that Microsoft said it is unnecessary to defragment NTFS. While that may be true, many are noticing an increase in performance once they defrag their system, including myself. This article is a tutorial on how to speed up the defragmentation process, not one that is asking you to defragment your drive if you don?t think you need to. To defragment or not to defragment is entirely up to you. Sorry for all those confused.
- Albert
Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
http://72.14.253.104/search?q=cache:http...=1&sa=G&strip=1
|
AfterDawn Addict
|
10. April 2007 @ 06:17 |
Link to this message
|
|
|
AfterDawn Addict
|
10. April 2007 @ 06:24 |
Link to this message
|
Ultimate Boot CD 4.0.3
Author: UltimateBootCD.Com
Date: 2007-04-10
Size: 90.4 Mb
License: Freeware
You need the Ultimate Boot CD if you want to:
Run floppy-based diagnostic tools from CDROM drives. More and more PCs are shipped without floppy drives these days, and it is such a royal pain when you need to run diagnostic tools on them.
Free yourself from the slow loading speed of the floppy drive. Even if you do have a floppy drive, it is still much much faster to run your diagnostic tools from the CDROM drive, rather than wait for the tool to load from the floppy drive.
Consolidate as many diagnostic tools as possible into one bootable CD. Wouldn't you like to avoid digging into the dusty box to look for the right floppy disk, but simply run them all from a single CD? Then the Ultimate Boot CD is for you!
This will create an ISO image which you can use to create a bootable CD with your favorite CD burning software.
DOWNLOAD HERE
http://www.majorgeeks.com/download4981.html
|
AfterDawn Addict
|
10. April 2007 @ 06:30 |
Link to this message
|
Ashampoo firewall 1.20
Author: ashampoo GmbH & Co. KG
Date: 2007-04-10
Size: 4 Mb
License: Freeware
If you don?t have a degree in computer science, using a firewall program can be quite frustrating. In addition to all the confusing jargon, current firewalls are getting to be very big programs. Sometimes you have the feeling that you?re installing an entire office suite instead of a basic network tool.
The brand-new Ashampoo firewall is different. It?s Configuration Assistant guides you through every step of the the simple setup process. And Easy Mode makes using it a breeze ? you don?t need any special technical knowledge and everything is explained clearly.
Ashampoo firewall is also amazingly compact. Even with its four additional security tools it?s a tiny program that uses very little memory and computer resources. You get the heavy-duty protection without heavyweight overload on your system.
Here are some key features of "Ashampoo Firewall":
· Heavy-duty firewall protection: Monitors all your computer's network activity and protects you against both incoming and outgoing connections.
· Easy Mode: Get full protection in seconds with Easy Mode and the Configuration Assistant. No expert knowledge required.
· Expert Mode: Experience users can activate this mode for powerful additional capabilities.
· Simple and compact: Self-explanatory user interface. Very small program that uses minimum memory and resources.
· Learning Mode: Automatically identifies programs that try to make connections and lets you decide whether you want to allow them. One-click operation in Easy Mode or full configuration in Expert Mode.
· Rules: Create rules for every program that controls how they can access the network. One-click in Easy Mode or full configuration in Expert Mode.
· Block All: One-click panic button for emergencies that lets you block all traffic, for example if you are under attack or suspect that a malicious program is active.
· Monitor local connections: Ashampoo firewall can also monitor the local connections used inside your computer. Useful for identifying suspicious activity. Can be enabled or disabled.
· Monitor LAN connections: Monitor all the local LAN traffic into and out of your computer. Can be enabled or disabled.
· Connection log: Detailed logging of all internal, LAN and Internet connections with date, time, application, port used and IP address.
DOWNLOAD HERE
http://www.majorgeeks.com/Ashampoo_FireWall_d5241.html
|
AfterDawn Addict
|
10. April 2007 @ 06:35 |
Link to this message
|
AVG Free Edition 7.5.446a991 {HOT)
Author: GRISOFT Inc.
Date: 2007-04-10
Size: 20.2 Mb
License: Freeware
AVG Anti-Virus Free Edition is a free anti-virus protection tool developed by GRISOFT for home use. We invite you to join the millions of satisfied customers worldwide who have downloaded the software and now enjoy the benefits of AVG Anti-Virus Free.
DOWNLOAD HERE
http://www.majorgeeks.com/AVG_Free_Edition_d886.html
|
AfterDawn Addict
|
10. April 2007 @ 08:37 |
Link to this message
|
Patch Tuesday resumes with 'critical' Windows fix
Microsoft on Tuesday plans to release five security bulletins, four of which will address Windows flaws.
The bulletins, part of Microsoft's monthly patch cycle, will provide fixes for an undisclosed number of security vulnerabilities, Microsoft said on its Web site Thursday.
Earlier this week, the company rushed out a "critical" patch for Windows that fixed seven flaws in the operating system, including one that is being used in cyberattacks.
At least one of the four additional security alerts for Windows will be tagged "critical," Microsoft's highest severity rating. Security issues tagged as critical typically could allow an attacker to gain full control of an affected system with very little, if any, action by the user.
In addition to the Windows fixes, Microsoft plans to offer a patch for its Content Management Server. The product, designed to let organizations manage Web content, has a "critical" vulnerability, Microsoft said.
Microsoft has no patches on tap for Office, despite three vulnerabilities in the software that have been disclosed but have not yet been patched, according to eEye Security's zero-day flaw tracker. There are also two zero-day bugs in Windows, according to eEye. In addition, eEye has reported five flaws to Microsoft that have yet to be patched.
Also on Tuesday, Microsoft plans to release an updated version of its Windows Malicious Software Removal Tool. The program detects and removes common malicious code placed on computers.
Last month, Microsoft did not release any security bulletins. Microsoft gave no further information on the upcoming alerts, other than to state that some of the fixes may require restarting the computer or server.
http://news.com.com/Patch+Tuesday+resume...73707&subj=news
|
AfterDawn Addict
|
10. April 2007 @ 08:43 |
Link to this message
|
New Spam mail secretly verifies your email account
spam A new spam campaign doing the rounds looks fairly innocent but its sole purpose is to verify that your email address is active. This will inevitably lead to your email address being added to multiple spam lists. The main problem with this particular spam is that the email is hard to spot and simply opening it will quietly alert the spammer your email address is active.
The email thanks you for using the digital locker at Windows Marketplace and goes on to give you details of how to download your purchase which in this case is Windows Vista Ultimate Upgrade. The spam only has links to msn.com that forward to Windows Marketplace. Computer Security Research - McAfee Avert Labs Blog Linked by shanmuga Tuesday, 10th April 2007 2:12AM
One Spam to Not Open?
Thursday April 5, 2007 at 11:35 am CST
Posted by Kevin McGhee
Trackback
A new spam campaign doing the rounds looks fairly innocent but its sole purpose is to verify that your email address is active. This will inevitably lead to your email address being added to multiple spam lists. The main problem with this particular spam is that the email is hard to spot and simply opening it will quietly alert the spammer your email address is active.
The email thanks you for using the digital locker at Windows Marketplace and goes on to give you details of how to download your purchase which in this case is Windows Vista Ultimate Upgrade. The spam only has links to msn.com that forward to Windows Marketplace.
Hidden in the html there?s a blank white image that tries to load from a link as follows:
The spammer has cleverly used a PHP script to send him your email address when the image tries to load. The script then returns a link to the blank white image (http://xxx.xxx.xxx.xxx/dot_clear.gif) that is barely noticeable in the spammed email.
We have seen this spam from the following:
From: ?Web Useds?
From: ?Web Services?
From: ?Web Help?
From: ?Support Services?
From: ?Sales Depot?
From: ?Digital Plaza?
From: ?Digital Locker?
From: ?Customer Support?
From: ?Buy now?
From: ?Web Depot?
From: ?Ref Depot?
And the subject of the email is usually one of these with random numbers in square brackets:
Subject: [635] Important info regarding your Order
Subject: [7738] Your Order
Subject: [4241] Support Request
Or sometimes just has your email address in the subject:
Subject: youremail@yourdomain.com
So if you notice any emails like these its best to avoid opening them, it?s also advisable to set your email client to ask before downloading images if this feature is available.
This entry was posted on Thursday, April 5th, 2007 at 11:35 am and is filed under Uncategorized, Spam and Phishing. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
http://www.avertlabs.com/research/blog/?p=247
|
AfterDawn Addict
|
10. April 2007 @ 08:49 |
Link to this message
|
Firefox's Lack of Low Privilege Heightens ANI Patch Urgency
ff1 The security researcher who discovered the ANI vulnerability has pointed out that Firefox users who don't install the ANI patch are in danger of files being overwritten in an attack, given that the browser lacks a low privilege mode.
Firefox users have a greater need than do users running IE in protected mode to install the patch for the animated cursor flaw that caused Microsoft to rush out a security bulletin on April 3, given that Firefox lacks a low-privilege mode.
Alexander Sotirov, the security researcher at Determina who first discovered the ANI flaw and reported it to Microsoft in December, has posted a video depicting successful ANI vulnerability exploits on both Internet Explorer 7 and Firefox 2.0 running on Vista in default mode. Firefox's Lack of Low Privilege Heightens ANI Patch Urgency Linked by shanmuga Tuesday, 10th April 2007 2:09AM
Firefox's Lack of Low Privilege Heightens ANI Patch Urgency
By Lisa Vaas
April 5, 2007
Updated: The security researcher who discovered the ANI vulnerability has pointed out that Firefox users who don't install the ANI patch are in danger of files being overwritten in an attack, given that the browser lacks a low-privilege mode.
11 comments posted
Add your opinion
Firefox users have a greater need than do users running IE in protected mode to install the patch for the animated cursor flaw that caused Microsoft to rush out a security bulletin on April 3, given that Firefox lacks a low-privilege mode.
Alexander Sotirov, the security researcher at Determina who first discovered the ANI flaw and reported it to Microsoft in December, has posted a video depicting successful ANI vulnerability exploits on both Internet Explorer 7 and Firefox 2.0 running on Vista in default mode.
PointerClick here to read more about why the ANI vulnerability never should have happened.
In the video, Sotirov notes that turning on Protected Mode works to protect Vista running IE. Although the exploit gives an attacker access to all files on a system, Protected Mode prevents those files from being overwritten.
It turns out that Firefox uses the same vulnerable Windows component to process .ani files, Sotirov says in the video, "Which means it can be exploited in a way similar to Internet Explorer."
Sotirov demonstrates opening a URL exploit while running Firefox and successfully getting a command shell connection. The shell again gives access to all system files, along with the privileges of the currently logged-on user. But because Firefox has no low-privilege mode similar to IE's Protected Mode, an attacker can also overwrite system files as well.
eWEEK.com Special Report: Keeping Pace with Microsoft's Patches
This is only the most recent in a string of security concerns around Firefox. In the past months, a Firefox bug that could allow a malicious Web site to appear authentic was uncovered. Mozilla released updated versions to deal with that vulnerability in February.
Not that Firefox is less secure than IE; MS07-017 will patch the animated cursor vulnerability in both. It's just that Firefox users have no protection from a Protected-Mode style of low privilege setting. But as one reader pointed out, considering that Vista Protected Mode matters only if users have Vista, that makes sitting ducks out of just about everybody.
"For the vast majority, the only real answer is immediate testing and deployment of the MS patch," the reader said.
The Mozilla Foundation, which supports Firefox, said in a statement that the ANI vulnerability can be exploited through both Firefox and IE. Mozilla is encouraging all Windows users to apply Microsoft's update immediately. The foundation also said that it is investigating issuing a workaround within Firefox in an upcoming security release.
Editor's Note: This story was updated to correct the impression,
given by the previous headline and first sentence, that Firefox is more vulnerable to ANI exploits than IE. The author regrets the misimpression.
http://www.eweek.com/article2/0,1759,211...3129TX1K0000614
|
AfterDawn Addict
|
10. April 2007 @ 08:53 |
Link to this message
|
Has the end arrived for desktop antivirus?
desktop Some industry analysts are proclaiming the traditional antivirus method for detecting and eradicating viruses, trojans, spyware and other baneful code by matching it against a signature to be "dead."
They say signature-based checking can?t keep up with the flood of virus variants manufactured by a criminal underworld that is beating the antivirus vendors at their own game. And they are arguing it?s time for companies to adopt newer approaches, such as whitelisting or behavior-blocking, to protect desktops and servers. Is desktop antivirus dead? - Network World Linked by shanmuga Tuesday, 10th April 2007 2:03AM
Is the bell tolling for desktop antivirus technology?
Some industry analysts are proclaiming the traditional antivirus method for detecting and eradicating viruses, trojans, spyware and other baneful code by matching it against a signature to be ?dead."
They say signature-based checking can?t keep up with the flood of virus variants manufactured by a criminal underworld that is beating the antivirus vendors at their own game. And they are arguing it?s time for companies to adopt newer approaches, such as whitelisting or behavior-blocking, to protect desktops and servers.
?It?s the beginning of the end for antivirus," says Robin Bloor, partner at consulting firm Hurwitz & Associates, in Boston, who adds he began his ?antivirus is dead" campaign a year ago and feels even more strongly about it today. ?I?m going to keep beating this drum. The approach antivirus vendors take is completely wrong. The criminals working to release these viruses against computer users are testing against antivirus software. They know what works and how to create variants."
The fundamental problem ?isn?t about viruses, it?s about what should be running on a computer," Bloor says.
Instead of antivirus software, he says, users should be investing in whitelisting software that prevents viruses from running because it only allows authorized applications to run.
Whitelisting products are available from SecureWave, Bit9, Savant, AppSense and CA, the first traditional antivirus vendor to see the light, in Bloor?s view.
Others are joining Bloor?s way of thinking. Andrew Jaquith, a security analyst at Yankee Group, in December published a research paper entitled ?Anti-Virus is Dead: Long Live Anti-Malware." Yankee Group?s research indicates that there?s an "explosion" in cumulative malware variants, with 220,000 cumulative unique variants expected in 2007, a tenfold increase over 2002 levels.
The antivirus vendors simply can?t keep up, Jaquith says, noting that some antivirus lab managers privately complain this flood of virus variants, which force signature changes every 10 minutes, adds up to the equivalent of a denial-of-service attack against them.
http://www.networkworld.com/news/2007/04...virus-dead.html
?Most antivirus labs work the same way; they get more samples than they can handle on a daily basis," Jaquith says. ?They triage based on severity. The antivirus people are like folks with nets trying to catch the big fish, so if you?re a bad guy, you want to be a minnow and get through the driftnet."
The best thing about antivirus signatures is that ?they?re accurate and the false positives are very low," Jaquith says. But the purpose in writing the ?Anti-Virus is Dead" paper is to ?bust everybody?s bubble that this stuff is keeping people safe and the notion it will solve your malware problem."
Jaquith says he?s enthusiastic about behavior-blocker technology incorporated in Sana Security?s Primary Response or Prevx?s Prevx1.
Behavior-blocking antimalware software works by observing the behavior of applications running in memory, and blocking those deemed harmful. Sana Security?s CEO Don Listwin says Primary Response looks at 226 software characteristics deemed to be bad behavior and stops code trying to execute.
?We indict them and take them out," Listwin says. But he acknowledges there can be false positives, adding that antivirus scanning is ?complementary" to what Sana Security provides in behavior-blocking.
Not all analysts are ready to jump on the antivirus-is-dead bandwagon.
?Antiviral on the desktop is certainly still a must have, though mostly as a removal tool," says Gartner analyst John Pescatore. He says his firm advises clients to buy antivirus integrated with some host-based intrusion-prevention system (IPS), noting McAfee, Symantec and others have started adding IPS to block malware where signatures don?t exist.
When is the funeral?
If antivirus is dead, the question is when to hold the funeral.
Jaquith?s paper points out that ?antivirus products enjoy a privileged position in enterprise budgets" and ?no other security product boasts nearly 100% penetration."
Research firm IDC estimates the antivirus market today accounts for $2.1 billion on the consumer side and $3.1 billion for the enterprise. That?s expected to grow to $3 billion and $4.5 billion respectively by 2010. Continued
While traditional antivirus vendors are willing to acknowledge there could be improvements, they are somewhat taken aback to hear industry analysts proclaim antivirus is dead.
?That?s a bit radical," says John Maddison, general manager of network security services group at Trend Micro, which has no immediate plans to adopt whitelisting or behavior-blocking. Trend Micro is innovating with what it calls reputation services to check IP addresses and e-mail to determine if incoming code originated at a reputable source.
?If you asked people to give up antivirus, you?d find few that would do that," Maddison says.
Many corporate security managers concur.
?I wouldn?t let go of our signature-based control," says Doug Sweetman, State Street?s senior technology officer in corporate information security, who adds State Street has licenses with five antivirus vendors because the competition is beneficial during negotiation time. But he adds: ?It?s a commodity."
Sweetman also says State Street has embarked upon a ?desktop lockdown" that will not allow unauthorized applications on employee computers to run.
Kathy Larkin, director of information security at Prudential Financial, said she doesn?t find the argument that desktop antivirus is dead to be convincing. ?I think antivirus is worthwhile and will be around for a long time."
However, some antivirus vendors, when asked how fast it takes to turn around a virus signature, acknowledge it?s tricky.
?It takes two to four hours to turn around a signature for a severe rating," says Brian Foster, Symantec?s senior director of product management. He adds that he can?t say how long it might take for anything else. The majority of antivirus malicious code tracked by Symantec are variants ?where someone has tweaked it, changed the payload," Foster says.
While Symantec?s antivirus software can catch and stop variants through heuristics, a signature is needed to eradicate the specific variant code from the machine.
Foster says Symantec is adapting by incorporating new technologies, such as IPS, into its products and notes the antivirus products of the future will be working through far more than signature-based eradication. Continued
Jaquith is ready to give credit where he thinks it?s due, and his paper cites McAfee and Symantec as traditional antivirus vendors that are moving to augment signatures with adjunct technologies that include behavior-blocking.
Taking the plunge
While most network executives probably wouldn?t be willing to jettison traditional antivirus software for alternatives such as white-listing or behavior-blocking, there?s evidence a few are taking the plunge.
?There is that thought, that you still need antivirus and it?s something you should have," says Brent Rickels, senior vice president at First National Bank of Bosque County, in Valley Mills, Texas. ?It?s been around so long but it?s no longer adequate in this fast-changing world.?
The bank, which has about 6,000 customer accounts, still uses gateway-based antivirus filtering and restricts Web surfing among employees to reduce risk of downloading malware.
But the bank jettisoned its Symantec desktop antivirus about a year ago in favor of SecureWave?s Sanctuary product for the desktop, which Rickels says is less expensive.
?It builds a whitelist of [Dynamic Link Library] files allowed to run, and if it hasn?t authorized the file, it won?t run," Rickels says. The only downside he has found in using it for more than a year is that it takes administrative time to adjust the Sanctuary software to recognize the propriety bank applications or software patch updates from Microsoft.
But Rickels says the tradeoff is worth it. ?We go through those drills, but I can control that vs. the unknown of viruses. Signature-based antivirus is like using a shield with holes in it."
|
AfterDawn Addict
|
10. April 2007 @ 08:56 |
Link to this message
|
Asus Web site harbors threat
www1 It is not such a Good Friday for ASUStek Computer. The main Web site of the Taiwanese hardware maker, known for its Asus branded PCs and motherboards, has been rigged by hackers to serve up malicious software that attempts to exploit a critical Windows flaw, security experts said Friday.
The attackers added an invisible frame, a so-called iframe, to the front page of the Asus.com Web site. When visiting the site, a victim's browser will silently connect to another Web site that tries to install a malicious program. Asus Web site harbors threat | News.blog | CNET News.com Linked by shanmuga Tuesday, 10th April 2007 1:54AM
LINK TO ARTICLE HERE
http://news.com.com/2061-10789_3-6174221.html
|
AfterDawn Addict
|
10. April 2007 @ 08:58 |
Link to this message
|
Quote:
Email Lures for ANI Zero Day
bug Websense Security Labs has discovered a large email spam run that includes links to sites that are hosting ANI exploit code. Users receive an email with the subject line "Hot Pictures of Britiney Speers" that is written in HTML and has anti-spam avoidance text within the HTML comments.
Users who click on the links are redirected to one of several websites that we are tracking. The sites contain obfuscated JavaScript. The decoded JavaScript sends all users to the same website, which is hosting the exploit code. Websense® - Security Labs Alert: Email Lures for ANI Zero-Day Linked by shanmuga Tuesday, 10th April 2007 1:46AM
LINK TO ARTICLE
http://www.websense.com/securitylabs/alerts/alert.php?AlertID=764
|
AfterDawn Addict
|
10. April 2007 @ 09:01 |
Link to this message
|
Quote:
Microsoft First Notified Of .ANI Bug In December
mslogo Microsoft was first alerted to the .ANI vulnerability back in December, but a patch for it didn't come before exploits began hitting the wild last week.
Mark Miller, director of the Microsoft Security Response Center, said in an interview Monday with InformationWeek that the company needed the three-plus months to work on building and testing a good patch. Since the exploit hit last week, he said slightly less than 100 Microsoft technicians have been working "around the clock" to ready the patch.
A security researcher at Determina, a security company based in Redwood City, Calif., reported the vulnerability to Microsoft on Dec. 20, according to Miller. Microsoft First Notified Of .ANI Bug In December -- Windows security -- InformationWeek Linked by shanmuga Tuesday, 10th April 2007 1:36AM
LINK TO ARTICLE
http://www.informationweek.com/story/sho...SSfeed_IWK_News
|
AfterDawn Addict
|
10. April 2007 @ 09:24 |
Link to this message
|
Santangelo vs RIAA: fight over
p2pnet.net news:- As expected, Patti Santangelo's personal battle with Warner Music, EMI, Vivendi Universal and Sony BMG's RIAA (Recording Industry Association of America) is now officially over.
Now Patti can claim attorney's fees.
This just leaves the multi-billion-dollar Big 4 against two of Patti's kids, Michelle and Bobby, now 20 and 16, respectively, but who were only 16 and 12 when the RIAA first attacked their mother.
And, "the RIAA will probably intensify, rather than abandon, its efforts against Bobby and Michelle," p2pnet posted on Sunday, adding:
The only thing likely to give the RIAA serious pause is if RIAA victims and their lawyers launch a concerted campaign through a class action suit, or other type of action where defendants are able to join together.
"I expect now an endless round of filings and counter-filings over the seemingly trivial issue of attorney's fees," posts FanBoi on Recording Industry vs The People, continuing, "From what we've seen so far, this issue of fees alone may run longer than the original case as the RIAA throws everything they have against paying a penny to a person wrongfully sued. (Wrongfully sued, because they never had a valid case to present in the first place, and couldn't find one afterwards no matter how vexatiously they pursued it.)"
p2pnet readers contributed $15,120 to the Fight Goliath fund, but this went towards disbursements. Her lawyer, Jordan Glass, who's stil representing Michelle and Bobby pro bono, didn't receive a dime for his services and actions on Patti's behalf.
And, "I also fear that, if and when Ms. Santangelo recovers her attorney's fees, she'll need to immediately start again to aid the defense of her children," says Megan.
"The fact that Ms. Santangelo has prevailed does not remove the RIAA's interest in her children... if anything, it heightens it."
But there could be more, much more, to come. As we said on Sunday:
Individually, the victims have little weight. But if they were able to stand as a group against the Big 4, with their legions of lawyers and bottomless pockets, it could be another matter.
There might also be similar possibilities for a class action against the units used by the RIAA to extort money from its targets.
In 2005, judge McMahon told the cartel's lawyers she'd, "love to see a mom fighting one of these," referring to the settlement centres routinely employed by the RIAA to get money out of its victims.
However, class actions are expensive costing in the region of a quarter of a million dollars to start, so the RIAA, EMI (Britain), Vivendi Universal (France), Sony BMG (Japan and Germany) and Warner Music (US) may be in effect wagering this alone will be sufficient to stop a class action from being attempted.
Also See:
p2pnet - Patti Santangelo v RIAA: battle won?, April 8, 2007
Recording Industry vs The People - Elektra v. Santangelo -- Case Closed Except for Defendant's Attorneys Fees, April 10, 2007http://p2pnet.net/story/11927
|
AfterDawn Addict
|
10. April 2007 @ 17:34 |
Link to this message
|
AVG gives away free anti rootkit
Horrid burrowing code from hell
By INQUIRER staff: Tuesday 10 April 2007, 14:19
ANTI VIRUS firm AVG said it has introduced a free anti-rootkit piece of software.
Rootkits burrow around and lurk in applications or the kernel of an operating system. They can do nasty nasty things like collect passwords from PCs without you knowing.
AVG reckons they're now more dangerous than the usual malware because AV software can't always detect them.
It's completed a six month beta test and will make the software available for free on its web site, here. µ
Quote:
AVG Anti-Rootkit Free
AVG Anti-Rootkit is a powerful tool with state-of-the-art technology for detection and removal of rootkits. Rootkits are used to hide the presence of a malicious object like trojans or keyloggers on your computer. If a threat uses rootkit technology to hide itself it is very hard to find the malware on your PC. AVG Anti-Rootkit gives you the power to find and delete the rootkit and to uncover the threat the rootkit is hiding.
mportant notice
AVG Anti-Rootkit protects you against a certain kind of threat: Rootkits. To be protected in realtime against all kind of threats that could harm your computer it is recommended to have a look at AVGs fully integrated solutions. Go to product overview
Highlights
* Powerful cleaning due to advanced cleaning driver
* Easy to use interface
* Fast and efficient detection (even for NTFS-ADS objects)
* Special interface for visually impaired people
Minimum system requirements
* MS Windows 2000 (32-Bit) or MS Windows XP (32-Bit)
* AVG Anti-Rootkit is available in English only
Support
* No support can be provided for AVG Anti-Rootkit.
Licensing
* AVG Anti-Rootkit Free is freeware and available free of charge.
* This tool may be used according to the license agreement only.
* AVG Anti-Rootkit Free is absolutely not for use with any type of OEM bundling with software, hardware components, or any service.
DOWNLOAD HERE
http://www.grisoft.com/doc/download-free-anti-rootkit/us/crp/5
|
AfterDawn Addict
|
10. April 2007 @ 17:47 |
Link to this message
|
Symantec Patches 'High' Risk Bug
Apr 10, 2007 - 4:45 PM - by Digital Dave
More patches!
Symantec on Tuesday patched a vulnerability in its Enterprise Security Manager tool that could enable a hacker to remotely control an infected computer.
The security vendor is warning users to update their software as soon as possible, saying this is a "high risk" bug. All versions of ESM are vulnerable, except Version 6.5.3, which includes the fixes and is not vulnerable.
informationweek.com
Symantec Patches 'High-Risk' Bug
No known exploits have hit the vulnerability, which affects every version of Symantec's Enterprise Security Manager but one.
By Sharon Gaudin
InformationWeek
April 10, 2007 06:03 PM
Symantec on Tuesday patched a vulnerability in its Enterprise Security Manager tool that could enable a hacker to remotely control an infected computer.
The security vendor is warning users to update their software as soon as possible, saying this is a "high-risk" bug. All versions of ESM are vulnerable, except version 6.5.3, which includes the fixes and is not vulnerable.
A spokesman for Symantec said in an interview that the company isn't aware of any proof-of-concept code or exploits for this vulnerability.
The ESM tool is designed to discover and report vulnerabilities and security policy deviations, such as inappropriate passwords and missing patches.
The flaw lies in the fact that the tool does not authenticate someone who's making an upgrade request. That means a hacker could use the flaw to infect the system with malware.
"The vulnerability exists in the ESM agent remote upgrade interface," Symantec explained in an online advisory. "The ESM agent accepts remote upgrade requests from any entity that understands the upgrade protocol. The ESM agent does not currently verify that upgrades are from a trusted source. An attacker with knowledge of the agent protocol could deploy a piece of software that allows the attacker to control the host computer."
The ESM agent has administrative privileges.
The patch will be pushed out to users automatically, or they can manually install it, Symantec said.
http://www.informationweek.com/news/198900584
|
AfterDawn Addict
|
10. April 2007 @ 18:32 |
Link to this message
|
EFF in RIAA vs Amurao fray
p2pnet.net news:- In an unusual twist which could have far-reaching, damaging effects for Big 4 music cartel efforts to sue its own customers into becoming compliant consumers, an RIAA victim is accusing the labels of misusing US copyright laws, and the EFF is backing up the assertion.
The cartel's RIAA (Recording Industry Association of America) is levelling its cookie-cutter 'online distributor of copyrighted music' complaint at New Yorker Rolando Amurao, represented by Richard Altman.
But Amurao says Lava Records, Warner Bros Records, Capitol Records, UMG Records, Sony BMG Music Entertainment, Arista Records and BMG Music have misused the copyright act.
With that in the background, Amurao has asked for a declaratory judgment of non-infringement, with the RIAA predictably trying to have the claims dismissed, says Recording Industry vs The People.
And in its amicus curiae brief, the EFF (Electronic Frontier Foundation) says the lawsuit no more than another, "skirmish in the broader war" the RIAA is waging, with "thousands of ordinary people around the country, including grandmothers, grandfathers, single mothers and teenagers...." as the targets.
Says the EFF brief, the RIAA is, "attempting to expand the scope of its copyright protections beyond what the statutes provide. This copyright 'grab' stems from the plaintiffs' erroneous theories of secondary liability in copyright law. These theories, which the RIAA knows are wrong, attempt to put parents, employers, teachers, and other internet account holders on the hook for third-party computer activities?even when the defendant has no knowledge or ability to supervise the actual alleged infringers."
Here's the EFF brief in full >>>>>>>>>>>>>>>>>.
INTRODUCTION AND SUMMARY OF ARGUMENT
Plaintiffs' motion should be denied. There is nothing in the Declaratory Judgment Act that forbids Defendant's claims; indeed, his claims embody the spirit and purpose of the law. And his ability to bring a misuse claim is well-supported by relevant case law.
Moreover, the context of the suit strongly favors keeping these claims in this case. As this Court is doubtless aware, this lawsuit is but one skirmish in the broader war the Recording Industry Association of America ('RIAA') is waging against unauthorized Internet copying. Using questionable methods and suspect evidence, the RIAA has targeted thousands of ordinary people around the country, including grandmothers, grandfathers, single mothers and teenagers. For example, Marie Lindor was sued even though she had never used a computer. Download Suit Defense: 'No PC,' Red Herring, Feb. 3, 2006, available at http://www.redherring.com/Article.aspx?a=15592. An 83-year-old deceased grandmother, Gertrude Walton, was accused of sharing files under the user name 'smittened kitten' even though she hated computers even when she was alive. See Toby Coleman, Deceased Woman Named in File-sharing Suit, Charleston Gazette, Feb. 4, 2005, at P1A. The RIAA itself has likened its campaign to drift net fishing, admitting that '[w]hen you go fishing with a net, you sometimes are going to catch a few dolphin.' Dennis Roddy, The Song Remains the Same, Pittsburgh Post-Gazette, Sept. 14, 2003, available at http://www.post-gazette.com/columnists/20030914edroddy0914p1.asp.
In addition, the RIAA is attempting to expand the scope of its copyright protections beyond what the statutes provide. This copyright 'grab' stems from the plaintiffs' erroneous theories of secondary liability in copyright law. These theories, which the RIAA knows are wrong, attempt to put parents, employers, teachers, and other internet account holders on the hook for third-party computer activities - even when the defendant has no knowledge or ability to supervise the actual alleged infringers. For example, Deborah Foster faced frivolous claims of secondary copyright liability despite the absence of any allegation, much less any fact, showing that she knew third parties were using her Internet account to engage in illegal file-sharing, or substantially participating in such file-sharing. See Capitol Records, Inc. v. Foster, No. 04-1569, 2007 WL 1028532, at *3 (W.D. Okla. Feb. 6, 2007).
The difficulties facing 'the dolphins' are compounded by the challenges that individuals face when attempting to litigate in federal court. When the RIAA threatens suit against an individual, it makes sure to offer her a carefully chosen sum that is substantially smaller than the legal fees required to fight the accusations, even for defendants that are completely innocent non-infringers. Faced with the threat of costly litigation to defend their names and the possibility that many thousands of dollars in damages might be wrongly assessed against them, see, e.g. BMG Music v. Gonzalez, 430 F.3d 888 (7th Cir. 2005) (affirming $22,500 statutory damages award against a mother of five found liable for illegally downloading thirty songs), many innocent people settle because they cannot afford the legal costs to fight back.
Thus, at the heart of Defendant's counterclaims and Plaintiffs' motion to dismiss is the question of consequences - namely, what consequences should attach to plaintiffs who carelessly net 'dolphins' in their mass litigation campaign and then walk away from these cases when a dolphin acts affirmatively to protect itself? Defendant has alleged that Plaintiff's case here has no merit, has been brought to harass him, and that he has not infringed any of its legal rights. He has also alleged that by bringing this case, Plaintiff has illegally misused its government-granted copyright, thus jeopardizing its enforceability under the equitable standards of the law. Amicus EFF takes no position as to the actual facts of this case, but if these allegations are true, then this presents a very serious situation for the Court to consider. If Plaintiffs have, in fact, brought such a frivolous case and are misusing their statutorily-granted copyrights, they should be held responsible for their actions. Moreover, Defendant deserves a final answer and peace of mind, rather than a voluntary dismissal that allows the specter of future litigation to linger. Counterclaims such as those brought by Defendant?for a declaration of non-infringement and a finding of copyright misuse?will promote accountability and bring him out from under that Damoclean sword.
Further, permitting the counterclaims to go forward may ultimately promote judicial economy. Careless copyright plaintiffs will think twice before filing suit if they know that voluntary dismissal will not shield them from the consequences of carelessly dragging individuals into federal court. To disallow such claims, by contrast, would allow Plaintiffs to play a nefarious 'wait-and-see' game: those that expend the money on attorneys' fees and costs to fight back against the bogus suits would find their cases voluntarily dismissed without recompense, while those who did not fight back would end up having to submit to either an unfair settlement or default judgment.
III. ARGUMENT
A. Defendant's Declaratory Judgment Claim Meets the Requirements and Spirit of the Declaratory Judgment Act And Should Not Be Dismissed
Plaintiffs' 'mirror image' theory has no basis in either statutory or case law. There is nothing in the Declaratory Judgment Act ('DJA') or the relevant case law interpreting it to suggest that a court must eliminate that remedy simply because another avenue for making that declaration exists, as is currently the case here. That alternative avenue may disappear at any time, without the concomitant disappearance of a substantial controversy between the adverse parties. As long as that controversy remains, Amurao deserves his day in court. His declaratory judgment claim will ensure that he gets it. Therefore, this Court should deny Plaintiffs' motion to dismiss.
Amurao's declaratory judgment counterclaim is an independent cause of action arising under and fully compliant with the DJA. Under the Declaratory Judgment Act, an individual may file suit in federal court or counterclaim in an existing suit to obtain a declaration of rights with respect to another party - whether or not other relief (such as damages or an injunction) is or could be sought. 28 U.S.C. § 2201 (2006). To maintain a DJ action, a party need only file an 'appropriate pleading' (e.g., a counterclaim) that establishes (1) jurisdiction; and (2) the existence of an actual case or controversy between parties having adverse legal interests. Horton v. Liberty Mut. Ins. Co., 367 U.S. 348, 357 (1961). There is no universal rule for compliance with the latter element; rather, the analysis is necessarily tied to the facts of the case. '[T]he question in each case is whether the facts alleged, under all the circumstances, show that there is a substantial controversy, between parties having adverse legal interests, of sufficient immediacy and reality to warrant the issuance of a declaratory judgment.' Maryland Cas. Co. v. Pac. Coal & Oil Co., 312 U.S. 270, 273 (1941); quoted and affirmed in MedImmune Inc. v. Genentech, Inc. U.S., 127 S.Ct. 764, 771-72 (2007).
Amurao's counterclaim easily meets these requirements. Plaintiffs do not claim, nor could they, that this Court lacks jurisdiction over this controversy. They do not claim?nor could they - that there is no real and substantial controversy between the parties. At this early stage in the litigation, that is enough to warrant denial of Plaintiff's motion.
In addition, the nature of Amurao's claim also weighs against dismissal, for it embodies the guiding purpose of the DJA: to guarantee the target of legal threats an opportunity to obtain a judicial declaration of his or her rights. Numerous courts have held that the DJA 'should be liberally construed to accomplish its intended purpose of affording a speedy and inexpensive method of adjudicating legal disputes without invoking coercive remedies of old procedures, and to settle legal rights and remove uncertainty and insecurity from legal relationships . . . .' Beacon Const. Co. v. Matco Elec. Co., 521 F.2d 392, 397 (2d Cir. 1975); see also Allstate Ins. Co. v. Employers Liability Assur. Co., 445 F.2d 1278, 1280 (5th Cir. 1971) ('[This chapter] is remedial and is to be liberally construed to achieve its wholesome and salutary purpose.')
Relevant guidance may also be found in patent law, keeping in mind 'the historic kinship between patent law and copyright law.' Sony Corp. of America v. Univ. City Studios, Inc., 464 U.S. 417, 439 (1984); see also Texas v. West Pub. Co., 882 F.2d 171, 175 (5th Cir. 1989) (acknowledging Federal Circuit provides a 'wealth of precedent' in the intellectual property field). With respect to the actual controversy requirement, the Supreme Court has recently reaffirmed that it is satisfied in patent as in other cases if the dispute is 'definite and concrete, touching the legal relations of parties having adverse interests' and 'real and substantial' such that it will permit 'specific relief through a decree of a conclusive character.' MedImmune, Inc., U.S., 127 S.Ct. at 771. In Sandisk Corp. v. ST Microelectronics, Inc., No. 05-1300, 2007 WL 881008 (Fed. Cir. Mar. 26, 2007), for example, the Federal Circuit Court of Appeals held that a party had standing to seek a declaratory judgment of noninfringement of patents where a patentee took a position that forced the declaratory judgment plaintiff to choose between pursuing arguably illegal behavior or abandoning that which he claimed to have a right to do. See also Uniform Product Code Council, Inc. v. Kaslow, 460 F. Supp. 900, 903 (S.D.N.Y. 1978) (finding plaintiff had standing to bring DJ action where patentee defendant had publicly asserted its intent to enforce its patent and such enforcement would expose plaintiff to damages and plaintiff would then be guilty of actively inducing such infringement; 'ultimate exposure of plaintiff to an action by defendant for damages clearly gives plaintiff standing to bring an action for declaratory judgment in its own right.')
The converse is also worth noting: courts have recognized that a declaratory judgment counterclaim may not be viable if the 'actual controversy' requirement is extinguished. In Super Sack Manufacturing Corp. v. Chase Packaging Corp., 57 F.3d 1054 (Fed. Cir. 1995), cert. denied, 516 U.S. 1093 (1996), for example, a declaratory judgment counterclaim was dismissed because plaintiff had promised not to sue the defendant for infringement. But see Sandisk Corp. v. ST Microelectronics, Inc., No. 05-1300, 2007 WL 881008 (Fed. Cir. Mar. 26, 2007) ('direct and unequivocal statement' that declaratory judgment defendants had 'absolutely no plan' to sue plaintiffs did not eliminate declaratory judgment jurisdiction).
Thus, contrary to Plaintiffs' implication here, declaratory judgment standing does not depend on whether the declaratory judgment claims are arguably similar to other issues in dispute, but whether the declaratory judgment claims pertain to a real and substantial controversy. Small wonder that patent courts have had no difficulty allowing suits or counterclaims brought by persons charged with infringement against the patent owner for a declaratory judgment of non-infringement and/or invalidity. 6 Donald S. Chisum, Chisum on Patents § 21.02[1][d] (2003); see also, e.g. Altvater v. Freeman, 319 U.S. 359 (1943) (declaratory judgment counterclaim by licensees justiciable); cited with approval in MedImmune, Inc., U.S., 127 S.Ct. at 772; Kemin Foods, L.C. v. Pigmentos Vegetales del Centro, 464 F.3d 1339, 1343 (Fed. Cir. 2006) (DJ counterclaim for patent infringement).
Roland Amurao, like the plaintiff in Sandisk, is exposed to an action by an adverse party. And, unlike the plaintiffs in Super Sack, Plaintiffs have not covenanted to anything, much less not to sue, and thus a substantial controversy between parties having adverse legal interests remains even if the plaintiff's affirmative case is dismissed. Unless and until this court rules on the issue of infringement, Amurao is vulnerable to Plaintiffs? legal threats and, therefore, has standing to seek adjudication of the issue.
B. Defendant's Copyright Misuse Claim Should Not Be Dismissed
This Court should also decline to dismiss Defendant's copyright misuse counterclaim. First, while copyright misuse jurisprudence is still evolving, patent misuse law, to which copyright misuse owes its origin, provides for independent misuse claims such as the one brought here. Further, copyright misuse counterclaims have been recognized as particularly appropriate where, as here, a party seeks a declaratory judgment of noninfringement.
Copyright misuse derives from the patent misuse doctrine, first recognized by the Supreme Court in 1942. See Morton Salt Co. v. G.S. Suppiger Co., 314 U.S. 488, 494 (1942) ('It is the adverse effect upon the public interest of a successful infringement suit in conjunction with the patentee's course of conduct which disqualifies him to maintain the suit'.'). In Lasercomb America, Inc. v. Reynolds, 911 F.2d 970 (4th Cir. 1990), the Fourth Circuit extended the misuse doctrine to copyrights:
The origins of patent and copyright law in England, the treatment of these two aspects of intellectual property by the framers of our Constitution, and the later statutory and judicial development of patent and copyright law in this country persuade us that parallel public policies underlie the protection of both types of intellectual property rights. We think these parallel policies call for application of the misuse defense to copyright as well as patent law.
Id. at 974. The copyright misuse doctrine is now recognized by most federal circuit courts. See, e.g., Practice Mgmt. Info. Corp. v. AMA, 121 F.3d 516 (9th Cir. 1998) (finding copyright misuse where plaintiff engaged in anticompetitive behavior); Alcatel USA, Inc. v. DGI Techs., 166 F.3d 772, 793 (5th Cir., 1999) (finding that plaintiffs used its copyrights to gain commercial control over products it did not have copyrighted); Assessment Techs. of WI, LLC v. WIREdata, Inc., 350 F.3d 640, 647 (7th Cir. 2003) (holding that a copyright misuse does not require a showing of antitrust violations); Broad. Music v. Hearst/ABC Viacom Servs., 746 F. Supp. 320, 328 (S.D.N.Y 1990) (recognizing copyright misuse defense.)
While some early cases declined to treat copyright misuse as an affirmative claim, see Plaintiffs? Mot. at 5, the doctrine is still evolving. Therefore, it is appropriate for the Court to take guidance from patent misuse doctrine from which copyright misuse derives. See, e.g., Video Pipeline, Inc. v. Buena Vista Home Entm't, Inc., 342 F.3d 191, 204 (3d Cir. 2003) (looking to patent misuse law for help in deciding copyright misuse claim). In the patent context, several federal district courts have recognized that misuse can be pled as an independent claim. See, e.g., Matsushita Elec. Indus. Co. Ltd. v. CMC Magnetics Corp., No. C 06-04538, 2006 WL 3290413 (N.D. Cal Nov. 13, 2006) (holding that patent-pooling, licensing, and participation in standard setting organizations can give rise to unlawful activity that is properly challenged with a patent misuse counterclaim); Marchon Eyewear, Inc. v. Tura LP, No. 98 CV 1932, 2002 WL 31253199 (E.D.N.Y Sept. 30, 2002) (denying plaintiff's motion to dismiss defendant's patent misuse counterclaim); Affymetrix, Inc. v. PE Corp. (N.Y.), 219 F. Supp. 2d 390, 398 (S.D.N.Y. 2002) (denying defendants' motion to dismiss plaintiff's patent misuse claim); see also generally Critical-Vac Filtration Corp. v. Minuteman Int'l, Inc., 233 F.3d 697, 703-704 (2d Cir. 2000) ('[C]ounterclaims related to misuse and other more economically oriented antitrust claims would seem generally to be distinct in nature and substance from patent validity and infringement issues.').
In addition, courts have recognized that an affirmative copyright misuse claim may be proper where, as here, a party seeks declaratory judgment of noninfringement. In Open Source Yoga Unity v. Choudhury, 2005 U.S. Dist. LEXIS 10440 at 25* (N.D. Cal. Apr. 1, 2005), for example, the court permitted a declaratory relief plaintiff to assert copyright misuse because the plaintiff was likely to be accused of copyright infringement. See id. at 25* (citing Practice Mgmt Info. v. AMA, 121 F.3d 516, 520 (9th Cir. 1997)). The same reasoning applies here. Defendant seeks declaratory relief because, absent a covenant not to sue, he may be accused of copyright infringement even if Plaintiffs choose to withdraw their current allegations against him. If, as urged above, this court permits Defendant to maintain his declaratory relief claim, his misuse claim should be allowed to stand as well.
Following this clear line of authority permitting IP misuse counterclaims, Plaintiffs? motion to dismiss Defendant's copyright misuse counterclaim should be denied.
C. Granting Plaintiff's Motion Could Have Disastrous Consequences For Innocent Targets of Careless Copyright Claims
Plaintiffs make much of the 'massive and exponentially expanding problem of digital piracy.' Mot. at 1. Whatever the merits of that contention, innocent individuals who find themselves caught in the mass litigation campaign should not be made to suffer for it. Absent some mechanism whereby innocent defendants can vindicate their rights, the RIAA has no incentive to exercise the appropriate level of care before dragging individuals into federal court. Here, Defendant alleges that the claims against him are spurious because he has never copied any music copyrighted by plaintiffs, and in fact was not even present in New York when the alleged downloading occurred, and that the instant action is the product of the operation of a 'cartel acting collusively in violation of public policy.' Answer and Counterclaim at ¶ 20. These allegations, if true, suggest that this case is another instance of a 'dolphin' struggling to get free from the RIAA's litigation driftnet. But Defendant's efforts will accomplish little for defendants or for copyright jurisprudence if Plaintiffs choose to withdraw rather than fight. See, e.g. Capitol Records, Inc. v. Foster, No. 04-1569, 2007 WL 1028532, at *3 (W.D. Okla. Feb. 6, 2007). Absent a concomitant promise not to bring a new suit, the wrongfully accused are continually at risk of being caught up in the driftnet. By ensuring that defendants in the RIAA litigation have a chance to obtain a clear judicial resolution of the dispute, a DJ claim helps ensure that the dolphins who choose to fight their way out of the net are able to stay out.
Stay tuned.
Slashdot Slashdot it!
Also See:
Recording Industry vs The People - Electronic Frontier Foundation Files Amicus Curiae Brief in Opposition to RIAA's Motion to Dismiss Counterclaims in Lava v. Amurao, April 10, 2007
http://p2pnet.net/story/11932
|
AfterDawn Addict
|
10. April 2007 @ 18:39 |
Link to this message
|
Kate Walsh shows how it's done,
p2pnet.net news:- England's Kate Walsh, 23, is about to become a huge star.
And Warner Music, EMI, Vivendi Universal and Sony BMG's RIAA, the members of the Big 4 Organised Music cartel, have had nothing to do with it. Nothing at all.
Forget the Big 4. Thanks largely to their own efforts or, rather, the lack of them, coupled with their continuing vicious attacks on their own customers, they're as good as dead.
But online, independent music is thriving, giving artists a chance to let people see and hear what they can do, and without having to spend a penny on expensive studio demos, made in the hope of catching the ear of some doped-up Big Music exec.
One of the criticisms levelled at online home-made music (often by the labels who definitely don't want so-called 'amateur' musicians to succeed by themselves) is: there's so much of it, how can you hear it all.
But its the same in the 21st century as it's always been. Cream rises to the top, and hard work and imagination help. Kate Walsh, originally from Burnham-on-Crouch, Essex, but now living in Brighton, proves it.
Head on over to her MySpace site for an initial listen, and then tune into her song Fireworks on YouTube.
ye have to go here to see the video
http://p2pnet.net/story/11930
iTunes is about all there is as far as corporate music downloads go, and that isn't saying a lot. But Walsh has, "built up a fan base by putting her music onto her MySpace page," says ThisIsLondon.
Now her Tim's House album has topped the iTunes download album chart, says the story.
And she doesn't even own an iPod.
If there has to be a criticism, it's that she's achieving her success through iTunes, where fans will have to fork out a rip-off $1 for a download.
Hopefully, now she's been able to see what she can do herself, she'll soon realise which way is really up and with the iTunes behind her, literally, will launch her own site, selling her music herself without a corporate middle-man, and without getting involved with one or other of the Big 4.
"I set up my own record label called Blueberry Pie and just got the music out there," ThisIsLondon has her saying. "It's pretty easy. Anyone can do it."
And she's right. Anyone can.
(Cheers, William)
JN
Slashdot Slashdot it!
Also See:
ThisIsLondon - The songbird who's outselling Take That with her homemade album, April 9, 2007
http://p2pnet.net/story/11930
|
AfterDawn Addict
|
11. April 2007 @ 09:16 |
Link to this message
|
I WONDER HOW GOOD THIS IS?
Quote:
GIGA TRIBE..........Lets you share entire folders with friends in a private peer to peer environment. Share all your files (home movies, pictures, documents?) no matter how large they are. It's secure, encrypted?and free.....(free).....GO THERE!
http://www.gigatribe.com/tour/accueil.php
more info
GigaTribe (also known as TribalWeb) is a revolutionary program that lets you share entire folders with friends in a private peer to peer (P2P) environment. Share all your files (home movies, pictures, documents?) no matter how large they are. It's secure, encrypted?and free!
Mac and Linux Coming soon!
EasyConnect is still in Beta
April 5, 2007: official version 2.32 released
Already more than 350,000 GigaTribe users!
Easy, Secure and ?Free!
Easy
# Install GigaTribe, select the folders you want to share and invite your friends to join your private network!
# Share all your files (movies, pictures, documents?) no matter how large they are.
# Interrupted exchanges automatically resume with no data loss.
# All files are exchanged at maximum speed.
Secure
# No one but the users of your network can see the files you share.
# When exchanging a file, only the sender and the receiver are aware of the exchange.
# All data exchanged on your network is encrypted (Blowfish encryption with a 128-bit key).
Free
# All these features are included in the standard version and are totally free.
# GigaTribe contains no adware and can be uninstalled easily.
Thanks to GigaTribe, Nanny can grab all of the movies and pictures of her grandchildren who live far from her.
|
|
Advertisement
|
|
|
AfterDawn Addict
|
11. April 2007 @ 09:48 |
Link to this message
|
EU Copyright Criminal petition,
p2pnet.net news:- It's only 13 days away. On April 24th, the European Parliament will vote on IPRED2, the Second Intellectual Property Enforcement Directive and, "With one stroke, they risk turning thousands of innocent EU citizens and businesses into copycriminals," says the EFF (Electronic Frontier Foundation), declaring on a special petition site.
If IPRED2 passes in its current form, "aiding, abetting, or inciting" copyright infringement on a "commercial scale" in the EU will become a crime.
Penalties for these brand new copycrimes will include permanent bans on doing business, seizure of assets, criminal records, and fines of up to ?100,000.
IPRED2's backers say these copycrimes are meant only for professional criminals selling fake merchandise. But Europe already has laws against these fraudsters. With many terms in IPRED2 left unclear or completeley undefined - including "commercial scale" and "incitement" - IPRED2 will expand police authority and make suspects out of legitimate consumers and businesses, slowing innovation and limiting your digital rights.
IPRED2 and Business
The entertainment industry spent millions suing the makers of the first VCRs, MP3 players and digital video recorders, trying to use copyright law to kill those innovative products because they threatened old business models. Fortunately, the industry was unsuccessful.
IPRED2's new crime of "aiding, abetting and inciting" infringement again takes aim at innovators, including open source coders, media-sharing sites like YouTube, and ISPs that refuse to block P2P services.
With the new directive, music labels and Hollywood studios will push for the criminal prosecution of these innovators in Europe, saying their products "incite" piracy - with EU taxpayers covering the costs.
Under IPRED2, these same entertainment companies can work with transnational "joint investigation teams" to advise the authorities on how to investigate and prosecute their rivals!
IPRED2 and Your Digital Freedoms
Criminal law needs to be clear to be fair. While IPRED2 says that only "commercial scale" infringement will be punished, the directive doesn't define "commercial scale" or "incitement." Even IP lawyers can't agree on what are "private" and "personal" uses of copyrighted works. One step over that fuzzy line, however, and anyone could be threatened with punishments intended for professional counterfeiters and organized criminals.
How can ordinary citizens feel safe exercising their rights under copyright and trademark law when serious criminal penalties may be brought against them if they cross the line?
Tell the European Parliament to Fix IPRED2
The excesses of IPRED2 need to be reined back. Sign our petition now!
Says the petition:
We believe that IPRED2's new criminal sanctions pose a risk to legitimate business and respect for individual freedoms in the EU.
We ask that the European Parliament approve amendments that would remove the new crimes of "aiding, abetting, or inciting" and limit the directive to combat only trademark counterfeiting and true commercial-scale copyright piracy.
http://p2pnet.net/story/11936
|
|
