Bob Wallace, inventor of shareware, dies at 53

Posted on by

Bob Wallace, inventor of shareware, dies at 53
“NYT” obituary.

What I hadn’t realised was that he was one of the first Microsoft employees, with 400 of the original shares. He was also the first person to leave Microsoft with stock. John Markoff’s obit hints at Bob’s counter-culture side. He was, er, very interested in mind-altering substances, and once broke into a building site with Bill Gates in order to engage in some unauthorised driving of bulldozers. Whether Billg was likewise anaesthesised is not recorded. Wonder what he died of. His wife mentions an autopsy.

Well, well, well. Open source OS now a serious competitor, says Ballmer

Posted on by

Well, well, well. Open source OS now a serious competitor, says Ballmer

At the Microsoft Most Valued Professionals conference held in London this week, chief executive Steve Ballmer acknowledged the growing threat of Linux.

“We got beaten by Linux in the very high-end systems, but we have a whole development team despatched on that now,” he is reported as saying in the Financial Times: “Linux isn’t going to go away. Our job is to provide a better product in the marketplace.”

He added that Microsoft needed to better explain how its products added value compared with free software.

Pitching the Most Valued Professionals initiative against the open source movement, Ballmer recognised that the appeal of Linux is not just low costs, but the sense of belonging to a development community.

“Linux is not about free software, it’s about community,” he said. “It’s not like Novell: it isn’t going to run out of money. It started off bankrupt, in a way.” [More.]

Google goes into the news aggregation business

Posted on by

Google goes into the news aggregation business

And very good it is at it too.
“NYT” story.

‘Google, the rapidly growing online search engine, introduced a service yesterday that uses its search algorithms [~] but no human editors [~] to create a news page that looks not much different from those of many news Web sites.

“We are trying to leverage the experience of all the editors out there,” said Larry Page, Google’s co-founder and president for products. The site brings together headlines, and makes its automated news judgments, from information appearing on 4,000 sites.’ [
12:33:22 AM    

This cannot be true department

Posted on by

This cannot be true department
Register story.

“Woman falls for Nigerian scam, steals $2.1m from law firm” is the headline on the report by Lester Haines. “A bookkeeper for Michigan law firm Olsman Mueller & James has been taken for $2.1m by Nigerian 419 fraudsters, the Detroit Free Press reports. ” There are links to other fraud stories in the piece. And more here, including the wonderful Scamorama site. Apparently the number ‘419’ refers to the section of the Nigerian Penal Code which specifically outlaws internet scams.

Bruce Schneier on the vulnerability of Word 97

Posted on by

Bruce Schneier on the vulnerability of Word 97

“Here’s the vulnerability. Alice sends Bob a Word document. Bob edits it and sends it back. Unbeknownst to Bob, the document he sends back can contain any file on his computer. All Alice has to know is the file’s pathname.

To make the vulnerability work, Alice embeds a particular code in the Word document she sends Alice. When Bob opens the document, Word scarfs up the file off his hard drive and embeds it into the Word document. Bob can’t see this happening, and he has no way of knowing it has happened. If he looks at the document in Notepad, though, he can see the snooped file. Then, when Bob saves the document, the file becomes part of the saved document. He sends it back to Alice, and she has successfully stolen the file.

This attack works with any file on Bob’s computer, and any file on another server that Bob currently has access to. It’s not a macro, so turning off macros doesn’t help. It’s not a piece of malware that an antivirus program will catch. It’s just a feature of Word 97 being used in a novel way. And Alice can embed hundreds of these codes into the Word document she sends Bob, so if she doesn’t know the exact filename she can make lots of guesses.

This is an enormous security hole, and one that the user is simply unable to close. All Bob can do is 1) refuse to return Word 97 documents he edits, or 2) manually examine them all in Notepad or WordPad.

Another Microsoft vulnerability…so what? There are hundreds of these a year. Why bother writing about it?

To me, the interesting aspect of this is that Microsoft is no longer supporting Word 97. This means the company has an interesting choice: they can patch the vulnerability, or they can demand that users upgrade to the latest version of Word. Doing the latter is sleazy, but it’s in Microsoft’s best interest for people to upgrade. They might think of this simply as added incentive.

We’re seeing more and more of this: vulnerabilities in products that are no longer supported. When the SNMP vulnerabilities were published earlier this year, many products with the vulnerability were no longer supported. Some were made by companies no longer in business.

I first read about this vulnerability in an e-mail newsletter called “Woody’s Office Watch.” Alex Gantman reported the Word 97 vulnerability on Bugtraq, and Woody Leonhard claims that he has discovered similar vulnerabilities in Word 2000 and Word 2002. He’s keeping them quiet for a while, giving Microsoft a chance to fix them.”

Links:
http://online.securityfocus.com/archive/1/289268 http://www.woodyswatch.com/office/archtemplate.asp?v7-n42 http://news.yahoo.com/news?tmpl=story2&ncid=1209&e=4&u=/nm/20020913/wr_ nm/tech_microsoft_word_dc&sid=95573713 http://makeashorterlink.com/?Z2C1218C1

En passant, this also illustrates why closed source software is such a nuisance. Nobody can fix this except Microsoft.