7th week of Security Podcast for CERTSTATION

Hello and welcome to the CERTStation Podcast for the 7th week of 2010. I am Jay Johnson and these are the headlines:

Adobe plans Flash 10.1 for smart phones out by midyear (pause)
New Activation Technology from Microsoft to fight pirates while
Spammers get attracted to Google buzz (pause)
Rootkit blamed for Blue Screen patch update and Finally
Intel and Nokia merge software to create Linux-based open source platform for smart phones

And now for this week's newswire details
Adobe Systems Inc. was planning to demonstrate Flash 10.1 at the Mobile World Congress trade show in Barcelona, Spain, this week. Flash is used to play Web videos and games. Mobile systems that will work with the full Flash Player include the BlackBerry, Google's Android, Palm's WebOS, Windows Mobile and Symbian, used on Nokia's smart phones. The San Jose, Calif. Company says Flash 10.1 will also work on many tablet-style computers. But Apple's iPad and iPhone are still off the list. The availability of Flash on smartphones is a big sea change, said Jeff Whatcott, SVP of marketing at Brightcove. The platform, which has been in beta, is already being used by major content companies, like AOL, Atlantic Records, National Geographic and The New York Times. Adobe also plans to unveil its AIR software for mobile devices. It builds Internet applications that can be opened without a Web browser. Adobe AIR, the cross-platform app engine that powers apps like TweetDeck, will also see improvements with the release of Flash 10.1. More notable than even the ability to watch YouTube and Hulu clips on your phone, though, is that Flash 10.1 will support graphic chip acceleration on systems with NVIDIA graphics cards, allowing full-screen viewing on netbooks whose processors might otherwise choke, and giving laptop and desktop users perhaps a bit more performance from low-quality clips. Adobe says it is still on track to launch the latest version of its Flash Player for smart phones in the first half of the year.

(pause)
Anyone who runs Windows as an OS for the past few years will be well aware of what Windows Genuine Advantage (WGA) is. But Microsoft has decided that the name no longer fits the functionality and will be changing it for Windows 7. The new name we’ll have to get used to is Windows Activation Technology (WAT), which was announced via a Q&A session with Joe Williams, general manager for Worldwide Genuine Windows at Microsoft. The update will check every 90 days to see if any new hacks have been installed. Each check will include new signatures aimed at identifying the latest hacks. Some users were unhappy at the prospect of Microsoft’s latest update. One comment on the post noted: “Excuse me but no. Enough is enough. I run a tight ship here. I scan for malware. Microsoft, I'm sorry, you don't get the right to run period validations of my Windows 7s in my office every 90 days.” Other users may be concerned that the update could identify their genuine copies of Windows as pirated, as has occasionally been the case in the past. More recently Microsoft angered Chinese users by updating WGA to take more drastic action when an illegal copy of the OS was identified on a machine. Rather than just telling the user this was the case Microsoft also started wiping any background image being displayed. The Chinese hit back saying Microsoft had no right to take such action and that it put their personal information at risk.

(pause)
Despite only being launched this week, spammers are already targeting Google Buzz, the search engine's social network, says Websense. Google says that Google Buzz offers significant improvements over existing social networks such as Facebook and Twitter, although at this early stage of its development. Google Buzz has been designed as a single dashboard to help users deal with the often massive amount of information they receive through existing social networking sites. Websense said that when Twitter launched it took a little while before it was targeted by spammers. However, in an indictment of how rapidly spammers are learning to abuse social networks, it took only two days before they started to hit Google Buzz."It's worrying that spammers have an improved knowledge of social networks these days that allows them to hit new services like Google Buzz so rapidly," said Carl Leonard, security research manager at Websense. He further said "To embrace social networks like Google Buzz safely, businesses need to protect themselves and their employees with a security solution that keeps up with constantly changing web content in real time." The security firm said Web 2.0 sites allowing user-generated content are a top target for cybercriminals and spammers, and research revealed that 95 percent of user-generated comments to blogs, chat rooms and message boards are spam or malicious.

(pause)
The presence of a hard-to-detect rootkit may have caused Windows XP machines to freeze up after applying a patch from Microsoft last week, according to preliminary analysis of the problem from Microsoft's security team. Microsoft's user’s forums filled up with reports of Windows XP users experiencing the dreaded Blue Screen of Death (BSOD) after applying the 13 patches released by Redmond last week. The problem was later linked to one specific update - MS10-015 - a patch for an "important" kernel flaw - and it was discovered that uninstalling this package unfroze affected machines. What Microsoft has designated "Restart Issues" have been described by some users on forums as the 'blue screen of death', as it is impossible to restart their systems following the update, even in safe mode, – instead they end up with the blue screen. Victims can, however, remedy the problem by using an installation CD to uninstall the patch. Microsoft is asking affected users to send memory dumps in order to aid its ongoing investigation. But it acknowledges this is tricky when users who hit the problem are left with unbootable machines. Redmond's security team suggested on Thursday that users may want to hold off on the potentially troublesome MS010-015 update and apply a workaround for that particular problem instead. Sysadmins following this advice are strongly advised to apply the other 12 patches issued by Microsoft last Tuesday.

(pause)
Intel and Nokia are merging their Moblin and Maemo software platforms, creating a unified Linux-based platform that will run on multiple hardware platforms across a wide range of computing devices, including pocketable mobile computers, netbooks, tablets, mediaphones, connected TVs and in-vehicle infotainment systems. Called MeeGo, the open software platform aims to accelerate industry innovation and time-to-market for new Internet-based applications and services. MeeGo-based devices from Nokia and other manufacturers are expected to be launched later this year. Importantly, MeeGo will support equally ubiquitous ARM-architecture chips, in addition to Intel processors. "It's going to be cross-platform. That means it supports both Intel and ARM," James said. ARM processors are offered by Texas Instruments, Qualcomm, Samsung, and others, while Intel's Atom processor powers Moblin-based devices today. This announcement builds on the companies' broad strategic collaboration announced in June 2009. Intel and Nokia now invite participation in MeeGo from existing Maemo and Moblin global communities and across the communications and computing industries. The MeeGo software platform will be hosted by the Linux Foundation as a fully open source project, encouraging community participation in line with the best practices of the open source development model. Intel and Nokia invite the respective members of Maemo.org and Moblin.org to join the combined community at MeeGo.com, as well as encouraging wider participation from the communications, computing and related industries. Developers can begin writing applications for MeeGo in Qt immediately. The first release of MeeGo is targeted for the second quarter of this year.

If you enjoyed this podcast why not visit CERTStation.com and check out our free Internet Security Dashboard. In the meantime this is your host Jay Johnson wishing you a safe and secure week.