Saturday, July 28, 2007

China seizes 18,000 fake Viagra pills in raids...

Thu Jul 26, 2007. BEIJING (Reuters) - Chinese police have seized more than a ton of fake drugs for impotence, bird flu and malaria, including at least 18,000 fake Viagra tablets, state media reported on Wednesday.

The Ministry of Public Security, which launched the national crackdown on counterfeit goods in 2005, announced 10 of its top cases ranging from fake drugs to fake toothpaste on Tuesday, the Xinhua news agency said on its Web site.

More than 30 people were detained on suspicion of either making or selling the drugs.

Police in the eastern province of Zhejiang raided a gang making counterfeit Viagra and selling the tablets to 12 countries, including the United States and Holland, it said, adding that a total of 18,000 pills were seized.

In Guangdong, police had arrested 12 people and seized 1 ton of fake drugs and two production lines and large quantities of raw materials for making "sildenafil citrate", the scientific name of Viagra.

Police detained 19 suspects and shut down six factories in May last year for making fake Tamiflu, a bird flu drug, and selling it to the United States via the Internet, the agency said.

In April last year, police cracked a ring making and selling pirated toothpaste across the country and arrested five suspects, it said.

Chinese media report on scandals involving substandard or fake drug and food almost every day, and the issue burst into the international spotlight when tainted additives exported from China contaminated pet food in North America.

Public fears about food safety grew in China in 2004 when at least 13 babies died of malnutrition after they were fed fake milk power with no nutritional value.

© Reuters 2007. All Rights Reserved.

Maid jailed for serving up urine...

Wed Jul 25, 2007 9:00am ET HONG KONG (Reuters) - An Indonesian maid has been jailed for six days in Hong Kong for serving her boss a cup of water containing urine, a newspaper reported Wednesday.

The 29-year-old pleaded guilty to a charge of "administering poison or other destructive or noxious substance with intent to injure," but insisted she had used the urine to treat a skin condition and its appearance in her employer's cup was a mistake.

Her boss, Szeto Ching-han, smelled the urine after asking for a cup of water, and then asked the maid to drink it -- which she did. Szeto, however, kept the liquid to have it tested in a lab, the South China Morning Post said.

The defense argued that the maid's employer had not drunk the urine and the substance was not poisonous.

"The only contact the former employer had with the so-called poisonous mixture was the smell," her lawyer was quoted as telling the court.

The magistrate who heard the case said there was no evidence that the maid had suffered any harm after drinking from the cup, but still gave the maid a six-day jail sentence, saying the court "must send a message to the public."

Maids from the Philippines, Indonesia and Sri Lanka are often the subject of court cases in richer neighbors such as Hong Kong and Singapore, but usually as the victims of rape or other abuse by their employers.

© Reuters 2007. All Rights Reserved.

Thursday, July 19, 2007

Police red-faced as Porsche stolen-twice...

Reuters.com

Wed Jul 18, 2007. KUALA LUMPUR (Reuters) - Malaysian police were left red-faced after a man who abandoned the theft of a $280,000 Porsche for lack of fuel attempted the crime a second time and drove the sportscar out of a police station, local media said.

The suspect had first attempted the theft on Monday at a luxury car showroom in northern Penang state, local papers said. Dressed smartly in a suit and tie, he asked for the car keys and promptly sped off, smashing through the glass windows.

The car was later found abandoned a short distance away, its fuel tank empty.

The New Straits Times said the man kept the keys and returned with a canister of petrol to a local police station where the car had been towed. He drove off with the Porsche, ditching it later after he discovered roadblocks had been set up to stop him.

Police were hunting for the suspect, the paper said.

© Reuters 2007. All Rights Reserved.

Tuesday, July 17, 2007

Patch or get PWNED in a flash...

Tom Espiner, ZDNet UK

17 July 2007 Recently fixed vulnerabilities in Sun's Java Runtime Environment and Adobe's Flash player mean that unpatched systems are vulnerable and could be infected with spyware or recruited into a botnet by simply visiting a Web page with exploit code -- and Google last month warned that 10 percent of Web sites contain this kind of malicious code.

IT professionals have been warned to patch vulnerabilities in the Adobe Flash Player application and Sun Java Runtime Environment as soon as possible.

The vulnerabilities mean that employees can get "hacked just by viewing a Web page that contains malicious Flash or Java content", warned antivirus company F-Secure in its blog.

Both Adobe and Sun issued patches for the vulnerabilities in updates last week. The Adobe update addresses an input validation error in Flash Player version 9.0.45.0 and earlier versions that could lead to the potential execution of arbitrary code.

The Sun update links to a patch for a buffer overflow vulnerability in the image-parsing code in the Java Runtime Environment that may allow an untrusted applet or application to elevate its privileges.

The flaw in the Java Runtime Environment could be particularly serious if left unpatched, according to Chris Gatford, a security professional from penetration-testing firm Pure Hacking.

"Java runs on everything: cell phones, PDAs and PCs. This is the problem when you have a vulnerability in something so modular -- it affects so many different devices," Gatford told ZDNet Australia.

"Also, this exploit is browser independent, as long as it invokes a vulnerable Java Runtime Environment," Gatford added.

ZDNet Australia's Liam Tung contributed to this report.

Tom Espiner reported for ZDNet UK from London

Saturday, July 14, 2007

Remember your home phone number? Forget it!

Reuters.com

Fri Jul 13, 2007. LONDON (Reuters) - Can't remember life before mobiles? Chances are you'll also struggle to recall your home phone number and family birthdays.

According to a survey released Friday, the boom in mobiles and portable devices that store reams of personal information has created a generation incapable of memorizing simple things.

A quarter of those polled said they couldn't remember their landline number, while two-thirds couldn't recall the birthdays of more than three friends or family members.

The tech-savvy young fared worse than older people. The under-30s could remember fewer birthdays and numbers than the over-50s, according to the survey.

Two-thirds said they relied on their phone or electronic organizer to remember key dates.
"People have more to remember these days and they are relying on technology more for their memory," said Ian Robertson, professor of psychology at Trinity College, Dublin.

Researchers polled 3,000 people over the last two weeks in the survey for Puzzler Brain Trainer magazine.

© Reuters 2007. All Rights Reserved.

Thursday, July 12, 2007

China blames Internet for rise in teen pregnancies...

Reuters Published on ZDNet News:

July 9, 2007, 9:25 PM PT BEIJING--Nearly half of the pregnant teens in China's financial hub, Shanghai, met their partners on the Internet, state media said on Tuesday.

Zhang Zhengrong, a doctor who oversees the city's first-aid hotline for pregnant teens, said 46 percent of the more than 20,000 teenage girls who called the hotline over the past two years said they had had sex with boys they met on the Internet.

"Most of the fathers disappeared after learning about the pregnancy, and some of the mothers did not even know the fathers' names," the China Daily said.

Zhang blamed the situation on adult Web sites, videos and books and appealed to parents, teachers and society at large to pay more attention to sex education.

A survey by Zhang's hospital found that only 7.9 percent of the parents queried talked to their children about sex, and 79 percent of high school and university students said they got their ideas about sex from the Internet.

Chinese attitudes towards sex have relaxed in recent decades, triggering a boom in extramarital relationships which the ruling Communist Party blames on bourgeois mores imported from the West.

Wednesday, July 11, 2007

Vista SP1 beta 1 to launch in mid July 2007....

Vista SP1 beta 1 to launch in mid-July Posted by Mary Jo Foley Categories: Vista, Windows client, Corporate strategy, Service Pack

July 8th, 2007. It’s official: We are now in the under-promise and over-deliver era at Microsoft.

Just when Microsoft had customers, partners and competitors all believing that it was going to delay the first service pack for Vista — not releasing a first beta of it until just before year-end — the company is set to deliver Beta 1 of Vista SP1 in mid-July.

Word (from various sources who asked not to be named) is Microsoft is gearing up to drop Vista SP1 some time the week of July 16. And despite what Microsoft seemingly led Google, the U.S. Department of Justice and other company watchers to believe, the final version of Vista SP1 is sounding like November 2007.

(November 2007 is also the release-to-manufacturing target for Windows Server 2008, sources say. Microsoft won’t provide an RTM date for Windows Server 2008, other than to say it is still on track to RTM before the end of 2007.)

If Vista SP1 is released in November, the Windows client team will be sticking to a schedule company officials outlined a year ago, when the official plan of record was to release Vista SP1 and Windows Server 2008 (Longhorn Server) simultaneously.

Observation: If Microsoft releases Vista SP1 in November, it will have been in beta for an unusually short four months. In the past, Microsoft Windows service packs could be in beta for a year or longer.

Microsoft officials have been wavering over what to say about SP1 for the past year. Throughout that time, a number of company execs wouldn’t even admit they were planning to release a service pack for Vista at all.

Microsoft’s Windows client team, under Director of Windows Engineering Steven Sinofsky, has adopted a much more restrictive information-flow policy. Instead of over-promising and under-delivering, Sinofsky wants the client team to do the opposite. To achieve this, the client team is attempting to institute Apple-like secrecy over anything pertaining to future Windows client directions.

There was a tiny chink in the Windows organization’s armor in June, when Microsoft agreed to Google’s demand that it alter its desktop-search functionality, seemingly to head off another potential antitrust suit. In late June, the Redmondians said they’d have a Beta 1 version of SP1 (which would include alterations to Vista’s search) before the end of calendar 2007. They declined to provide a date for the final Vista SP1 release.

History aside, what’s on tap to be part of Vista SP1?

Microsoft is expected to emphasize that SP1 is more about fixes than new features. Most of the elements of SP1 are expected to enhance or supplement features that are already part of Vista, sources said.

In addition to desktop-search modifications, here’s a list of other fixes likely to make it in:

* Performance tweaks lessening the amount of time it takes to copy files and shut down Vista machines (Yeah, I know Microsoft said Viista shutdown speed wasn’t an issue. Guess users weren’t so crazy, after all.)* Improved transfer performance and decreased CPU utilization via support for SD Advanced Direct Memory Access (DMA)* Support for ExFat, the Windows file format for flash memory storage and other consumer devices*

Improvements to BitLocker

Drive Encryption to allow not just encryption of the whole Vista volume, but also locally created data volumes* The ability to boot Extensible Firmware Interface (EFI) on an x64 machine*

Improved success rate for firewalled MeetingSpace and Remote Assistance connections
I asked Microsoft officials for a response on Vista SP1’s timing and feature set. I did not hear back before posting this blog entry. (If and when I do get a response, I will add it here.)

Update: Here’s the response I got from a Windows client spokesman late in the day on July 9: “The Windows Vista team is working hard on the service pack, and our current expectation is that a beta will be made available sometime this year.”

There may be more in Vista SP1 than what’s on this list. That’s all I’ve heard so far. Anything you’re hoping makes it in that’s not listed here?

Man's smelly feet trigger police raid...

Reuters.com

Mon Jul 9, 2007 BERLIN (Reuters) - German police broke into a darkened apartment fearing they would find a dead body, after neighbors complained of a nasty smell seeping out onto the staircase.

The shutters of the apartment had been closed for more than a week and the mailbox was filled with uncollected mail.

But instead of a corpse, they found a tenant with very smelly feet, asleep in bed next to a pile of foul-smelling laundry, police in the southwestern town of Kaiserslautern said on Sunday.

© Reuters 2007. All Rights Reserved.

Monday, July 09, 2007

Stretch your talents as a condom tester.. 

Reuters.com

Fri Jul 6, 2007. CANBERRA (Reuters) - Condom makers say it's the world's best job, a "sexecutive position." An Australian company is seeking real life testers for its condom products.

"Got what it takes to be an official condom tester?" asks an advertisement launched by Durex Australia next to a photo of a busty young woman in a revealing nurse's outfit.

"With this job on your CV, it really will be a chance to brag to your mates about the special skills you possess, not to mention that your new role will work wonders with the opposite sex," Durex Marketing Manager Sam White told local media.

The "bed-testing" position is unpaid, but 200 selected testers would be up for free pack of Durex products, plus a bonus prize of A$1,000 ($854) for one lucky winner, White said.

In return, testers would have to report back on the feel and performance of the company's products.

Only Australians need apply, and would-be testers will be asked to explain why they should be considered. Humor would help in the application, Durex said.

"To apply, simply explain why you think you're right for the position (missionary is acceptable) and you could be eligible for the employee bonus of $1,000," said the ad on Web site www.durex.com.au.

© Reuters 2007. All Rights Reserved.

Wednesday, July 04, 2007

They don't always wait for the day after 'Patch Tuesday' to strike...

PC World By Gregg Keizer

2nd July 2007.The idea that cybercriminals stockpile exploits, then time their release to do the most damage gives them too much credit, a security researcher said Friday."

We think that [attackers are] all highly skilled and doing careful planning," said Craig Schmugar, a security researcher for McAfee Inc. "It's not always the case."

Schmugar compared the disclosure date of 200 zero-day vulnerabilities affecting Windows against the nearest monthly Microsoft patch day to find out if there was anything to the idea of "Exploit Wednesday" -- the supposed hacker practice of releasing exploits immediately after the release of regularly-scheduled security updates from Microsoft on the second Tuesday of each month.

Under the Exploit Wednesday concept, attackers dispense threats right after a patch day to maximize the window of vulnerability, figuring that they have at least 30 days before the next round of patches is released by Microsoft.

There doesn't seem to be much to the idea, said Schmugar. "I don't see Exploit Wednesday as a strategically-timed release, but that it comes about simply because more information is being made available," he said. Some hackers parse Microsoft's vulnerability disclosures for enough information to put them on an exploit track, Schmugar said, while others reverse engineer an attack after comparing the patched files with their vulnerable predecessors.

The data doesn't prove that's what happens, Schmugar acknowledged, but it did discount the idea that all hackers are patient, intelligent and lucky enough to strategically launch their exploits right after a patch cycle.

In 2005, for example, 18 percent of the zero-day threats were disclosed within a three-day period either side of Patch Tuesday; a normal distribution for that week-long span would be 23 percent, Schmugar pointed out. During 2006, 31 percent were within 3 days of patch day; so far this year, 24 percent fall within the range. "The data suggests that at least in 2005 and 2007 strategic releases were not that common," Schmugar said. "Even 2006 only showed an 8 percent deviation."

Hackers have to weigh any attempt at attack timing against the possibility that the zero-day vulnerability will be discovered, and patched, before they can launch it, said Schmugar. "It's like trying to sell stock at its peak price. Yes, attackers could potentially hold their vulnerabilities, but they could also shoot themselves in the foot by doing that."

Interestingly, a follow-up analysis hinted at a better chance that attackers do hoard the most valuable vulnerabilities -- those originally reported as able to execute remote code. Of that zero-day subset, 41 percent of these most critical vulnerabilities were disclosed within 3 days either way of Patch Tuesday in 2006, and 30 percent so far this year, for a deviation of 18 percent and 7 percent, respectively.

Even here, however, Schmugar was suspicious, since the dates associated with active exploits are inherently inaccurate. "We don't always know right away of a zero-day vulnerability or exploit," said Schmugar. "I've been privy to information that showed by the time a patch was released, the attack had existed two or three weeks."

Schmugar was hesitant to stake out a conclusion because the data could be interpreted more than one way. "I'm somewhere in the middle between thinking attackers are and are not strategically launching exploits. Generally, though, because of the risk that their vulnerabilities will be found, I don't believe they think it's even worth it to hold one."

Tuesday, July 03, 2007

Smokers riled by mid-winter smoking ban...

Reuters.com

Mon Jul 2, 2007. SYDNEY (Reuters) - A smoking ban took effect on Sunday at pubs and clubs in Australia's two most populous states, but it's the timing of the measure that's riling smokers the most.

In future, anyone wanting to light up at pubs and clubs in New South Wales and Victoria has to go outside.

It is the height of winter.

"The weather is against us. Having this in the middle of winter really will have a detrimental effect," said John Thorpe, New South Wales president of the Australian Hotels Association.

Clubs have been running television advertisements to entice drinkers to new "everyone's welcome" outdoor areas built at a total cost of more than A$400 million ($340 million).

The Panania Diggers club in Sydney's western suburbs has even transformed one of its bowling greens into a smoking area.

Australia has been at the forefront of a near-global push for smoking bans for over a decade, first outlawing smoking in Australian airports, on domestic flights and on some international flights in 1992.

Since then Australian smoking bans have been progressively introduced to trams, trains, buses, department stores, cinemas, theatres, art galleries and restaurants.

First one room in multi-room licensed venues was required to be to be smoke-free, with smoking banned in dining areas or near bars. Later, 50 percent of indoor space had to be smoke-free, then the bans were extended to 75 percent of indoor areas of hotels last year.

But some in Australia feel the new law is still too lenient.

Mosman Council, in one of the trendiest and most affluent parts of Sydney on the harbor foreshore, wants smoking banned from pavements, parks and beaches.

© Reuters 2007. All Rights Reserved.

Monday, July 02, 2007

BBC NEWS Paris menswear show...

BBC NEWS - Paris Menswear show

Sunday, 1 July 2007. The Men's Spring-Summer 2008 fashion show is coming to an end in Paris. French fashion designer Agnes B was showing on the final day.

Eye-catching shoes set off creations for Lanvin by Alber Elbaz and Lucas Ossendrijver.

Elbaz came out to take a bow.

This year's creations by British designer John Galliano played on 21 Century conflicts.

Helmets and combat gear figured in his war-inverting designs.

No Paris show would be complete without some Jean-Paul Gaultier creations.

The naval themes beloved of the designer were in evidence.

And uniforms popped up as Gaultier paid tribute to the Beatles' Sergeant Pepper album.

Continued: 1 2 3 4 5 6 7 8

Yahoo IM used to spread phishing scam: News - Yahoo IM users be CAREFUL...

ZDNet Australia Elinor Mills, CNET News.com

02 July 2007. Yahoo Instant Messenger has been used to spread a phishing scam designed to steal username and password information from users. The scam is then spread further using the user's contacts list.

First detected on Friday in the US, the IM arrives from someone in your contact list with a link to a Geocities Web page and smiley faces surrounding the link. When clicked on, the link opens a page that looks like a legitimate Yahoo 360 sign-in page.

Yahoo is investigating the matter and will take down the Geocities Web site if it is perpetrating a scam, a Yahoo spokeswoman said. Geocities is Yahoo's free Web space service. Yahoo also will add filters to the Messenger system to prevent the malicious link from being propagated, she said.

Phishers often use smiley faces and other emoticons to make the victim feel that the IM is safe. Geocities sites are often used in phishing scams. Such scams are not new and are becoming increasingly more common.

IM users should not blindly trust links they receive even if the link comes from a trusted source or friend. Users should confirm that the person behind the IM account actually sent the link and that it is legitimate.

If you are duped, immediately change your password and notify your Yahoo IM contacts about the malicious IM. Yahoo users also can customize their Yahoo log-in page with a security seal so they will know that the site is legitimate. Yahoo has provided more information here.