Just two quick security-related links:

* Computer security software should secure your computer, right? Here’s one example where a Windows without an antivirus software is more secure than one with AV installed.

* In a previous post, I pointed out McAfee’s Site Advisor. On a more specific anti-phishing education, here is Paypal’s Fight Phishing page. Take the exam; I got 5-of-5. Post your score at the comments.

Anyone up for a ringle?

Not Alec Saunders, Engadget, and TechCrunch. Like them, I agree – it is a stupid move.

Music companies came up with the ringle format – a CD single with 3 tracks and a ringtone – in a bid to control the music download business. The primary question: who would buy it?

Why it won’t work? First, know why music downloads are kings. Instant gratification – you can immediately get the music you want, you just have to know how and where to look. So if I want my music, why should I go to a store and buy a ringle, when I can download it legally?

Second, is there a need for a separate ring tone? Most of the mobile handsets available nowadays can use most digital music formats (MP3 and AAC, for example) as ring tones, alarm tones, message tones. Right? Besides, you can get ringtones for free from several sources. You can even create your own. In the Philippine context, telcos provide ringtone downloads. Heck, in Japan, ringtone download is a big business.

Lastly, no one buys CD singles here in the Philippines. You’d rarely see one in music stores. Filipinos are practical: why buy a single containing at least 2 songs, when you can get more from a pirated source value from an album?

What can you say about the ringle? Discuss at the comments.

F-Secure, Trend Micro, and Symantec reports on a new worm spreading via Skype.

The malware is the usual IM variety, propagating by sending links to Skype contacts. The link at face value points to a purportedly harmless JPEG file. But once clicked, a copy of the worm is downloaded and executed on the user’s computer. It displays the image SOAP BUBBLES.BMP (if it exists on the user’s computer) to hide the malware’s existence.

It also exhibits properties common to bot worms, like shutting down security applications and blocking security-related Web sites via HOSTS file modification.

Skype users are advised not to click on links sent via Skype’s chat feature, unless they are very sure that the link is legitimate.

Incidentally, in a previous post, I discussed the problems in lack of standards in making malware descriptions. Once again, the lack of standards defeat the purpose of obfuscating malicious URL. Both Trend Micro and F-Secure blog posts on the Skype worm published the malicious URLs that the worm sends. Both employed URL obfuscation, but with different output.

(click on the image to view full size)
On F-Secure:

On Trend Micro:

Based on the two posts, we can determine the complete URL.

Speaking of touchscreens, I gave up on Smart giving me that Nokia E61i. Like what happened to my first application for Nokia E61, months had passed and still no phone. So I gave up.

Instead, I went to Smart Wireless Center at Araneta Square-Caloocan (I am forever swearing off SM Megamall Wireless Center) last Sunday after church. Took a number, and waited for more than 20 minutes. My number was 5042. Number currently being handled by agent when I was given a number: 5041. Yes, that long. Why? After serving 5041, the agent heehawed, yawned, looked at his cellphone, went inside the office, chatted with another agent, went back to his table, heehawed, yawned, and looked at his cellphone. Finally, my number was called.

Anyway, I asked him point-blank for the units that were available at that center at that time. So I was shown Sony Ericsson K800i, K610i, P1i, Nokia N73, N92, E90, and one Samsung phone whose model I can’t remember. No Nokia E61i again.

So I settled for this:

This is the Sony Ericsson P1i.

It cost me an arm, but it’s cheaper than the usual retail price, so I guess that’s a bargoon. And I got it on the same day, which was fun. This is my second phone under Smart’s retention program. I got my first one from this Wireless Center also.

Review will follow, after a thorough use. But in a few words: it is the M600i, just add a 3.2mpixel camera and WiFi-B. The package comes with a 1GB Memory Stick Micro (M2).

So, Apple has unleashed amongst us mere mortals new iPods for you to drool on. I am not an Apple fan, and just for disclosure rules, I own a 30GB iPod Video. No, I have not bought it; I won it at the Philippine Blog Awards last March.

With that out in the bag, let me note two products announced last night Manila time that are of interest to me. These are the noteworthy among the lineup.

First is the iPod Classic. From Apple Hot News:

Providing 80GB or 160GB of storage, the new iPod classic lets you carry up to 40,000 songs or 200 hours of video—your entire collection of music, photos, video, podcasts, and games—wherever you go. In addition to the features you already enjoy, the new iPod classic delivers an enhanced user interface, featuring Cover Flow, and a new, thinner and all-metal enclosure. Available immediately worldwide in silver and black, iPod classic costs just $249 and $349 for the 80GB and 160GB models, respectively.

Press release here.

This product is noteworthy for the storage capacity. For me, this is a nice music player/portable storage. Heck, my 30GB iPod is only 10% filled. So, this will be my portable hard drive he he. It being a music player is just a bonus.

And then there’s the iPod Touch. Again, from Apple Hot News:

The new iPod touch introduced today features built-in Wi-Fi networking and a revolutionary multi-touch user interface—first introduced on iPhone—that makes it easy to find all of your music, video, and other digital content and enjoy it on the gorgeous widescreen display on iPod touch. The multi-touch interface uses pioneering new software to present the perfect user interface for Safari, Apple’s YouTube application, and the new iTunes Wi-Fi Music Store—all of which come with iPod touch. An unbelievable 8mm thin, iPod touch features up to 22 hours of audio playback and up to five hours of video playback. Available later this month, iPod touch comes in 8GB and 16GB models for $299 and $399, respectively.

Press release here.

The storage capacity sucks, I know, but the beauty of this product (for me at least) lies on two: the touchscreen and the WiFi. Yes, if given one, the primary use for this one (again, for me), aside from being a music player, is a wireless Web browser.

Now, if only another blogger event would have this up for grabs in a raffle, count me in. As in now.

Oh, BTW, my birthday’s coming up. If you can give me an iPod Touch, I will blog about you everyday for 30 working days in gratitude. Or, free advertisement for your company/product/service in my blogs for a year.

PS3 fanboys, take heart.

In the August figures for consoles sold in Japan, the Nintendo Wii outsold the Sony PS3 – 245,653 to 81,541. Yes, the Wii still outsold the PS3, but this time, it is just 3-to-1. To put things in perspective, the ratio was 4-to-1 in July and 6-to-1 in June.

See, there’s still hope. Sony’s world domination plans are still on track. Now, if only quality games finally appear for PS3…

And, oh, Microsoft’s Xbox 360 sold 11,288 units, if that’s enough consolation to PS3 fanboys. Xbox 360 fanboys, well…. at least you’ll have Halo 3. And the Red Ring of Death.

Now, this is COOL.

Samsung has filed at the US Patent Office a patent for a Bluetooth headset that is integrated in the phone.

You can charge it when the phone charges, and you remove it from the phone when you want to use it. Then, after use, you can return it to the phone.

Yes, this is a Voltes V phone. No, it looks more like the Bio Robot.

(via Unwired View)

The release date of Asus eee PC keeps on moving that I almost lost interest in the gadget. Last July, the release dates was August. Some says it will be September. Well, it seems that September it is.

Cocktales (of all places) has an item about the Asus eee PC:

ASUSTEK is launching next month a $200, seven-inch laptop aimed at developing world, and we here at the Manila Standard Today are among the legions particularly excited about the economic and productivity breakthroughs when technological marvels intersect with affordability.

Eee User had posted a (seemingly) confirmation to the Cocktales post: Asustek to start volume shipments of Eee PCs in September.

However, the changes in the specs and prices from what were announced in July were disappointing. Might pass on this gadget, specially if I cannot install Windows or Ubuntu in that device.

Malware authors are really innovative in pushing the envelop.

The Storm worm is one of the recent malware outbreaks. First pushed in the wild January 17, 2007 via email, the social engineering technique is outright offensive, using current events and tragedies to fool unsuspecting users to install malware.

The Storm worm has evolved. Instead of attaching malware into the email, a “YouTube link” is instead spammed. Of course, the link points to another address, and instead of video, a malware is downloaded.

This method has a variation, and it targets blogs hosted on Blogger. SunbeltBLOG reports about some Blogspot blog postings that contain either the usual Storm links or “YouTube links”. SunbeltBLOG assumes that the mail-to-Blogger feature is being compromised for this tactic.

For one of the compromised sites, I think the blog owner is infected by Storm worm, and then the worm was able to retrieve the email address used to post entries to Blogger. LiveJournal allows posting via email, but the system requires that a certain password/passcode be embedded on the email (either on the subject or the message body). I think it will be wise for Blogger to adopt a system like this.

Blogger users are advised not to use/disable this feature in the meantime.

PS: Some of the blogs pictured (and the links in these blogs) at the SunbeltBLOG posts are still live at this moment. Be careful and refrain from visiting these sites (OK, you may visit them but don’t click on links!).

Joyfulchicken of Chicken Mafia recounts what is purportedly said to be common amongst Citibank credit card users – fraud:

When the Citibank person asked me if I had used my card yesterday, I just sighed knowingly and said, “No. What is it this time?” Well, someone bought 16,231.50 pesos worth of stuff in Ace Hardware SM Manila using a clone of my card. Whoa, that’s around $350. I wonder what the guy bought. 10 of these perhaps?

Anyway, Citibank faxed over a dispute form for me to sign. My card has been canceled, and a new one will be sent to me in a few days. The process is still annoying, but it’s relatively painless. It seems that Citibank is getting more and more efficient at handling credit card fraud. I guess they’ve been getting a lot of practice.

Maybe I share part of the blame for not learning my lesson from four years ago. Last Saturday evening, I foolishly filled up at a random gas station in the middle of nowhere. And now this happens. Hmm, is there a syndicate of credit card-stealing gas station attendants? More evidence that oil companies are vortexes of pure evil….

Well, he’s no joyful chicken at the moment. And you will be joining him, if you are not careful.

The Internet Storm Center reports on vulnerabilities and security problems regarding point-of-sale (POS) devices (PDF of the white paper here). The white paper asserts that while security risks are known since Heaven knows when, credit card companies and retailers are slow in addressing them, and it criticizes the actions taken as either inadequate or too late.

As for now, here are some steps in securely using credit cards:

1. Use credit cards at stores that take several steps in the process. For example, National Bookstore requires the credit card holder to present a valid ID before the transaction is processed. SM Supermarket, SM Department Store, and Music One do not demand for IDs. (If you know retailers who do not demand IDs, list them down in the comments.)

2. When paying using credit cards, make sure you see where it is to be swiped. That means, do not use credit cards in restaurants and gasoline stations.

3. Shop using cash. This way, you can stick to your budget.

Why can’t they require PINs for credit cards?