Slashdot

An anonymous reader sends news from The Washington Post's Security Fix blog of a new Trojan horse program that takes click fraud to the next level. The Trojan, dubbed FFsearcher by SecureWorks, was among the pieces of malware installed by sites hacked with the Nine-Ball mass compromise, which attacked some 40,000 Web sites this month. The Trojan takes advantage of Google's "AdSense for Search" API, which allows Web sites to embed Google search results alongside the usual Google AdSense ads. (SecureWorks' writeup indicates that Yahoo search is targeted too, but the researchers saw no evidence if the malware redirecting Yahoo searches.) While most search hijackers give themselves away on the victim's machine by redirecting the browser through some no-name search engine, FFsearcher "...converts every search a victim makes through Google.com, so that each query is invisibly redirected through the attackers' own Web sites, via Google's Custom Search API. Meanwhile, the Trojan manipulates the victim's PC and browser so that the victim never actually sees the attacker-controlled Web site that is hijacking the search, but instead sees the search results as though they were returned directly from Google.com (and with Google.com in the victim browser's address bar, not the address of the attacker controlled site). Adding to the stealth is the fact that search results themselves aren't altered by the attackers, who are merely going after the referral payments should victims click on any of the displayed ads. What's more, the attackers aren't diverting clicks or ad revenue away from advertisers or publishers, as in traditional click fraud: They are simply forcing Google to pay commissions that it wouldn't otherwise have to pay." If FFSearcher were the only piece of malware on the machine, it would have a better chance of staying under the radar.

snydeq writes "Microsoft pulled the plug on Windows XP a year ago today, no longer selling new copies in most venues. Yet according to a report from InfoWorld, various downgrade paths to XP are keeping the operating system very much alive, particularly among businesses. In fact, despite Microsoft trumpeting Vista as the most successful version of Windows ever sold, more than half of business PCs have subsequently downgraded Vista-based machines to XP, according to data provided by community-based performance-monitoring network of PCs. Microsoft recently planned to further limit the ability to downgrade to XP now that Windows 7 is in the pipeline, but backlash against the licensing scheme prompted the company to change course, extending downgrade rights on new PCs from April 2010 to April 2011."

An anonymous reader brings us another bump on the bumpy road of Chris Anderson's new book, Free: The Future of a Radical Price, which we discussed a week ago. Now the Times (UK) is reporting on a dustup between Anderson and Malcolm Gladwell, author of The Tipping Point, Blink, and Outliers. Recently Gladwell reviewed, or rather deconstructed, Anderson's book in the New Yorker. Anderson has responded with a blog post that addresses some, but by no means all, of Gladwell's criticisms, and The Times is inclined to award the match to Gladwell on points. Although their reviewer didn't notice that Gladwell, in setting up the idea of "Free" as a straw man, omitted a critical half of Stewart Brand's seminal quote.

Ponca City, We Love You writes "The NY Times reports that farmers and ranchers oppose a government program to identify livestock with microchip tags that would allow the computerized recording of livestock movements from birth to the slaughterhouse. Proponents of the USDA's National Animal Identification System say that computer records of cattle movements mean that when a cow is discovered with bovine tuberculosis or mad cow disease, its prior contacts can be swiftly traced. Ranchers say the extra cost of the electronic tags places an onerous burden on a teetering industry. Small groups of cattle are often rounded up in distant spots and herded into a truck by a single person who could not simultaneously wield the hand-held scanner needed to record individual animal identities. The ranchers also note that there is no Internet connection on many ranches for filing to a regional database. 'Lobbyists from corporate mega-agribusiness designed this program to destroy traditional small sustainable agriculture,' says Genell Pridgen, an owner of Rainbow Meadow Farms. The notion of centralized data banks, even for animals, has also set off alarms among libertarians who oppose NAIS. One group has issued a bumper sticker that reads, 'Tracking cattle now, tracking you soon.' 'They can't comprehend the vastness of a ranch like this,' says Jay Platt, the third-generation owner of a 22,000 acre New Mexico ranch. 'This plan is expensive, it's intrusive, and there's no need for it.'"

snydeq writes "InfoWorld's Randall Kennedy examines would-be Microsoft Office competitors SoftMaker Office and OpenOffice.org and finds the results surprising. OpenOffice.org — frequently cited as the most viable Office competitor — has pushed for Office interoperability in version 3.1, adding import support for files in Office 2007's native Open XML format. But, as Kennedy found in Office-compatibility testing, that support remains mostly skin deep. 'Factor in OpenOffice's other well-documented warts — buggy Java implementation, CPU-hogging auto-update system, quirky font rendering — and it's easy to see why the vast majority of IT shops continue to reject this pretender to the Microsoft Office throne,' Kennedy writes. SoftMaker Office, however, 'shows that good things often still come in small packages.' Geared more toward mobile computing, the suite's 'compact footprint and low overhead make it ideal for underpowered systems, and its excellent compatibility with Office 2003 file formats means it's a safe choice for heterogeneous environments where external data access isn't a priority.'" Note that SoftMaker Office is not free software — it costs $79.95 — and there is no version for Macintosh.

The_AV8R writes "In a recent interview, Peter Van Loan, the new Canadian Public Safety minister, says ISPs should be able to provide private user information without a warrant. (The only example he gave was cases of child pornography; the interviewer pointed out that in these cases ISPs are already at liberty to divulge customer information without a warrant, but that the proposed rules would make that mandatory whenever the police ask.) He was adamant that in regard to IP addresses, names, cell phone numbers, and email addresses: '...that is not the kind of information about which Canadians have a legitimate expectation of privacy.' The minister denied — even when presented with an audio clip proving otherwise — that his predecessor had promised never to allow the police to wiretap the Internet without a warrant."

Glyn Moody writes "Detractors of free software like to point out it's not really 'free,' and claim that its Total Cost of Ownership is often comparable with closed-source solutions if you take everything into account. And yet, despite their enthusiasm for including all the costs, they never include a very real extra that users of Microsoft's products frequently have to pay: the cost of cleaning up malware infections. For example, the UK city of Manchester has just paid out nearly $2.5 million to clean up the Conficker worm, most of which was 'a £1.2m [$2million] bill in the IT department, including £600,000 [$1 million] getting "consultancy support" to fix the problems, which including drafting in experts from Microsoft.' To make the comparisons fair, isn't it about time these often massive costs were included in TCO calculations?"

As IBM continues to build out, Jazz, their community-oriented development site, technical lead Dr. Erich Gamma has offered to answer questions about Jazz or anything else in his realm of expertise. Among his many accomplishments, Erich worked for Kent Beck on the Java unit testing framework, JUnit, and was actively involved until JUnit 4. Dr Gamma was also one of the fathers of Eclipse and the original lead on the Eclipse Java development tools. Feel free to fire away on Eclipse, Java, JUnit, the Rational suite, the Jazz site, or anything else you think Erich might be able to answer. Usual Slashdot interview rules apply. Update 19:05 GMT by SM: As pointed out by user Hop-Frog, Dr Gamma is also co-author of the influential computer science textbook Design Patterns: Elements of Reusable Object-Oriented Software .

superbubba writes "The Moblin steering committee is happy to release the Moblin v2.0 beta for netbooks and nettops for developer testing. With this release, developers can begin to experience and work with the source code of the visually rich, interactive user interface designed for Intel Atom based netbooks."

SailorSpork sends in a BBC report that "China is delaying a controversial plan requiring all new computers sold in the country to be equipped with an Internet filtering software, state media says. The filter, called Green Dam Youth Escort, was to have been required from Wednesday, but the ministry of industry said computer makers needed more time." The submitter adds: "Except of course for Sony, who as reported earlier lacked the moral fiber to hold off installing the spyware, which reportedly is ridden with security holes and uses stolen code. Sony actually managed to ship ahead of the schedule."