Experts are lining up to condemn this idea as intrusive, expensive and ineffective. [3] But we know that when the Labour government announced similar plans a few years ago, a huge outcry was needed to make them to back down. [4]

So let’s build a massive petition right away, to show David Cameron that British citizens simply won’t put up with the government spying on their every move. Please click here to add your name now:
https://secure.38degrees.org.uk/stop-the-snooping-plan

A final version of the plan is due to be announced in just one month’s time. [5] We need to move fast if we’re to get this scrapped before then. A big petition right now could persuade David Cameron to rethink before he commits too deeply. His officials will report the rising number of signatures to him. And they will warn him that he can expect voters to challenge him every step of the way.

MPs from different political parties are already expressing unease. [6] One prominent Conservative MP, former shadow Home Secretary David Davis, has been in touch with the 38 Degrees office to say: “These plans would give the state huge new powers to snoop on ordinary people. They’d be expensive, unnecessary, and a huge invasion of everybody’s privacy. If they are to be stopped, public pressure will be critical – including from 38 Degrees members”.

Add your name to the petition today:
https://secure.38degrees.org.uk/stop-the-snooping-plan

David Cameron claims this will make us safer. But this is about spying on all of us, not serious criminals. It’s already perfectly possible for the government to monitor people suspected of serious crimes, with proper permission and oversight. [7] And serious criminals will inevitably find ways to hide their online identities.

Most importantly, this isn’t the kind of Britain we want to live in. We shouldn’t respond to criminals by abandoning our principles and scrapping basic civil liberties. We shouldn’t treat every citizen like a potential criminal who needs to be monitored. Help stand up for our right to privacy when we browse the internet or phone our friends - please sign the petition and spread the word now:
https://secure.38degrees.org.uk/stop-the-snooping-plan

A federal lawsuit filed by Liberty Media Holdings – a San Diego adult content company – promises to keep the lawyers and copyright experts busy in the months ahead. The lawsuit – which accuses around 50 individuals of using their Internet connection, or allowing their connection to be used by a third party to file-share an adult movie – is interesting because it will test whether people who leave their wireless network on open access can be held liable if a third party uses it to download copyrighted content.

 A growing number of businesses are now offering guest access to their company network for site visitors and contractors. This is acceptable if the access is controlled through the use of a password and audit logging system – complete with acceptable usage policies – but many companies avoid the cost of these controls by simply opening up their wireless network on a password-free basis. Although this saves a few dollars a month on subscription fees, it is a very dangerous game because the legal liability risks are quite high.

 This will likely be a test case about the wider use of unsecured wireless networks & could have wide reaching Implications for all of us, not just US based members but worldwide as other legal authorities follow or adopt the  likely US outcome

 Will this end up stopping city wide free wireless or “free” hotspots that don’t ask for user name & password to connect. Could it further go down to the Average clueless user who leaves his/her home wireless unsecured or lets his friend or neighbour connect (without putting explicit restrictions on what that guest can do on the network), even though that is against the majority of ISPs T&C

 http://www.infosecurity-magazine.com/view/24809/comment-businesses-need-to-wake-up-to-open-wireless-access-risks/

Fixit & unfixit here http://support.microsoft.com/kb/2639658

Advisory with manual “fixes”  http://technet.microsoft.com/en-us/security/advisory/2639658

My considered advice is that you won’t need it and you should wait until Microsoft issue a full patch
So far all attacks have been directly targetted against specific companies or Government departments,  That might change as the skiddies get hold of the exploit

Using the fixit might make some applications/ word docs  or websites not display correctly ( or even at all )  if they use embedded True type fonts & they haven’t been set to gracefully fall back on standard system fonts

If we start to see general attacks, then I will update this & suggest using the fixit

An additional workaround to prevent Websites attacking you by using embedded fonts is to set Internet Explorer font downloads to prompt instead of allow . That way you at least get an alert if a font is being downloaded and you can make an educated opinion as to whether it is likely to be malicious

• Open Internet Explorer
• On the Tools menu, click Options and then click the Security tab.
• Select Custom and click Settings.
• Scroll to the Downloads section.
• Change the Font Download setting from  Enable to Prompt

APSB11-16 – Security Advisory for Adobe Reader (v10.1) and Acrobat (v10.1 et al.)
http://www.adobe.com/support/security/bulletins/apsb11-16.html

APSB11-17 – Security Update Available for Adobe Shockwave Player v11.6.0.626
http://www.adobe.com/support/security/bulletins/apsb11-17.html

APSB11-18 – [Yes, yet another] Security update available for Adobe Flash  Player (v10.3.181.26)
http://www.adobe.com/support/security/bulletins/apsb11-18.html

===========================
SUMMARY
===========================
Microsoft is aware of nine fraudulent digital certificates issued by Comodo, a certification authority present in the Trusted Root Certification Authorities Store on all supported versions of Microsoft Windows. Comodo advised Microsoft on March 16, 2011 that nine certificates had been signed on behalf of a third party without sufficiently validating its identity. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer.

Certificates for the following Web properties are affected:

• login.live.com
• mail.google.com
•www.google.com
• login.yahoo.com (3 certificates)
• login.skype.com
• addons.mozilla.org
• “Global Trustee”

Comodo has revoked these certificates, and they are listed in Comodo’s current Certificate Revocation List (CRL). In addition, browsers which have enabled the Online Certificate Status Protocol (OCSP) will interactively validate these certificates and block them from being used.

An update is available for all supported versions of Windows to help address this issue. For more information about this update, see Microsoft Knowledge Base Article 2524375 (http://support.microsoft.com/kb/2524375).

Typically, no action is required of customers to install this update, because the majority of customers have automatic updating enabled and this update will be downloaded and installed automatically. For more information, including how to manually install this update, see the Suggested Actions section of this advisory.

===========================
RECOMMENDATIONS
===========================
Review Microsoft Security Advisory 2524375 for an overview of the issue, details on affected components, suggested actions, frequently asked questions (FAQ), and links to additional resources. MSRA Security Partners who are experiencing issues believed to be related to the issues described in this advisory should contact us via e-mail or by calling 888-HELPSEC with your custom Access ID.

===========================
ADDITIONAL RESOURCES
===========================
• Microsoft Security Advisory 2524375 – Fraudulent Digital Certificates Could Allow Spoofing –http://www.microsoft.com/technet/security/advisory/2524375.mspx

• Microsoft Security Response Center (MSRC) Blog: http://blogs.technet.com/msrc

More details on Comodo blog

Here’s how to disable the Firefox prefetch setting.

1. Type about:config in the address bar and press ENTER. Agree to the warning that changing settings can cause problems

2. Locate and double-click the entry for
network.prefetch-next

3. Set it to false to disable this feature. Double-clicking on the setting will change it.

How to disable prefetch in Firefox

This is how to disable the prefetch function in Chrome:
1. Click the wrench in the upper-right corner.

2. Select Options

3. Select the Under the hood tab.

4. Uncheck “Use DNS pre-fetching to improve page load performance” . and then close the options page

Disable prefetch in Chrome

Once again we need to warn you about a scam involving Microsoft Security Essentials
Security Essentials is a free Antivirus program from Microsoft available to any windows user with a validated copy of a supported desktop version of windows ( XP SP3, Vista SP2 Windows 7 ) You should only download it from the Microsoft Security Essentials website
The scammers have created a look a like site with links to download Security Essentials BUT following the links you have to create a membership with them & pay for the privilege of downloading free software. It is the same scam that I told you about in this post about Adobe Reader
This one appears to be a different bunch of scammers but with the same result. They will clear your credit card & sell all your details to anyone they can.
One malware researcher used their links to download Security Essentials & got a nasty trojan instead of the genuine program

Fake Microsoft Security Essentials site

If you read carefully, you see they do say in the tiny small print that MSE is a free program and you are paying for the benefit and convenience of downloading it from them instead of the approved free Microsoft site

We stress again that http://securityessentials-2011.com is a scam site that is trying to steal your money and is not to be trusted . Only download Microsoft Security Essentials direct from Microsoft

Fake Skype website

Skype email scam

Once again Don’t fall for it only only use the genuine Skype site to download skype & update it

Adobe PDF scam email

If you are foolish enough to follow the links then you end up on a scam site trying to sell you an unknown PDF reader, BUT the sting is that you don’t just download & try it or even buy it outright. Oh no ! you have to create a membership and give all your details before you even find out how much is being taken from your bank or credit card.

Don’t fall for it and only update Adobe reader from the official Adobe site, when the actual Update is released ( It is expected in Early October 2010)
Or of course use an alternative PDF reader of your choice, Just be aware that PDF vulnerabilities do affect all PDF readers and some might not get updated as quickly as others. Just because you use an alternative doesn’t mean that you are immune or safe from vulnerabilities in Adobe products

These quotes from the freenet website illustrate how wrong and dangerous the whole set up is

You cannot guarantee freedom of speech and enforce copyright law

It is for this reason that Freenet, a system designed to protect Freedom of Speech, must prevent enforcement of copyright

Freenet is free software which lets you anonymously share files, browse and publish “freesites” (web sites accessible only through Freenet) and chat on forums, without fear of censorship. Freenet is decentralised to make it less vulnerable to attack, and if used in “darknet” mode, where users only connect to their friends, is very difficult to detect.

On the face of it, this is just another tool to steal copyright material with an added element of privacy, but there is a big sting in the tail

Users contribute to the network by giving bandwidth and a portion of their hard drive (called the “data store”) for storing files. Files are automatically kept or deleted depending on how popular they are, with the least popular being discarded to make way for newer or more popular content. Files are encrypted, so generally the user cannot easily discover what is in his datastore. Chat forums, websites, and search functionality, are all built on top of this distributed data store.

You need to understand the concept of Freenet which is dedicated to the completely free transmission and storage of information. It makes no judgement on any information stored there -and as such there are Freenet sites about many subjects which are illegal in most countries. Because the network is anonymous Freenet hosts Terrorist handbooks, Guides for Preparing Poisons written by Islamic fundamendalists, Guides to cybercrime, activists guides and of course all sorts of pornography including paedophilia.

When you start up your Freenet client, you are a node in the network, an anonymous node and you have absolutely no control over what is encrypted and stored on your little part of the network

This & similar entries are starting to appear in logs on malware help forums and they appear to be from users who have no idea what they have got themself into
S3 freenet;Freenet background service;c:\program\freenet\bin\wrapper-windows-x86-32.exe -s c:\program\freenet\wrapper.conf –> c:\program\freenet\bin\wrapper-windows-x86-32.exe -s c:\program\freenet\wrapper.conf

Do a search in your favorite search engine to get more examples

The concern is

This Network adds encrypted material to the User’s hard Drive and sets it up as a server for any kind of material. That could include Kiddie Pr0n, terrorist handbooks etc.

When people install this trash, they are allowing their computer to be used for possibly illegal activity. Who in their right mind would want to participate in that. We all know the answer, but why should the forums turn a blind eye. We don’t allow cracks , hacks, file sharing. …. etc. This is potentially worse than any of those.

We should warn users with this installed of the potential consequences of it being installed and used