SCO – are you dead yet?

The ether has been strangely quiet about SCO’s recent defeat at the hands of a jury, on the issue of suing IBM for copyright infringement. After 2 judges and 1 jury decision, it was found comprehensively, that Novell never sold the copyrights to UNIX as part of its sale of UnixWare to SCO in 2003. Therefore SCO could not sue anyone for copyright infringement when it did not own the copyrights.

The 1st big fact here is that SCO ( Caldera at the time ) was using GPL’d code in its Linux product, and under that license you forgo the option to sue someone for copyright infringement because any GPL source code has to be made freely available. No other license can exceed the use of GPL if GPL is applied to those works. When you use Linux or FOSS, you can’t sue for copyright infringement – period. If you adopt the GPL license, you are telling everyone that they are allowed to use your work and derive it, if you want. The only situation under which someone can sue under the GPL, is where the GPL and copyright notices are not distributed along with the code ( something that happens more often than you’d imagine – don’t people learn? ).

By selling and using a GPL’d product, SCO in effect shot itself in the foot – it would be just as guilty under this lawsuit as IBM if SCO won the suit. Which is a paradox. Which means SCO could not win the lawsuit under any circumstance.

The 2nd big fact is of course that SCO never showed any infringing code in Linux. Not a thing. In 7 years. Nada, nil, nothing!!! If they had such a watertight case, why keep the reason for suing, from everyone?

SCO has essentially wasted 7 years of time and countless millions of dollars for a lawsuit which had no foundation to begin with. In retrospect, it can only be seen as a pure money-making scheme on the back of nothing. And yes, many a stock was sold between 2003 ( when the suit was started ) and 2004. The SCO Group wanted billions of dollars from IBM for work that, assuming all of the SCO Group’s claims had been accurate, SCO only spent a few million dollars developing and were only able to realize a few million from its own products.

Finally, we have to listen to SCO shills like Paul Murphy and Maureen O Gara espouse theories on why SCO was right and the rest of the world wrong. Huh? Are they that ignorant of the facts or just stuck so far up SCO’s arse that the rest of the world no longer exists. Half and half methinks. Paul says “Overall this is a case in which the next surprise has almost always seemed a red herring to those judging on the basis of the underlying issues – and red meat to those using any available means or information to attack SCO.” SCO has been attacking Linux for 7 years and wasting everyone’s time – does it expect anything less in return?

So is SCO dead? Well it should be. But somehow I think Darl and friends will be hovering in a corner trying to make a quick buck. Good luck to them in the meantime, the rest of us will get on with our lives.

AT&T’s Ipad data leak

Further on from my previous articles on online data storage and services ( On-line storage – safe or not?,
Windows and online banking, Local insurance company loses client data, Data loss for Sidekick users Part 2 and
Apple and data leakage? ) AT&T have had a massive data leak of email addresses and ICC-IDs (unique serial numbers that identify each SIM card ). And the information could apparently be used for more than snding the users a little extra spam.

Attackers can use the information to learn the names and phone numbers of the leaked users, and can even track their position. The iPad’s SIMs are going to be used for data, rather than voice, connectivity, which does reduce the impact of the problem a bit—attackers can’t eavesdrop on phone calls that don’t even exist, and encrypted Internet traffic will remain protected—but the breach does still leave iPad users trackable, and vulnerable to hijacking or eavesdropping of any unencrypted traffic.

The FBI has previously said they are looking into how the details of approximately 114000 users were compromised. The list includes officials from the FCC, FAA, NASA, and the Army members as early technology users.

Facebook worms have free reign

A new worm is spreading rapidly via Facebook. The cause is a problem disclosed weeks ago which Facebook seems unable to fix. As a result, there has been another wave of crafted status messages – this time they refer to a web page which allegedly presents the “101 hottest women in the world”. Those who click on the link are directed to a fairly neutral page with a picture of Jessica Alba and the message “Click here to continue”. At this point nothing bad has happened, however, in the background the web page has opened an iFrame which posts the link to Facebook. This works because users are already logged into Facebook when they read their messages.

The basic problem has been known for several weeks and Facebook has been hit by waves of attacks exploiting the flaw. Those who want to protect themselves can, at least in Firefox, enable the NoScript extension. This extension not only filters out JavaScript, it also detects transparent iFrames and warns of potential “clickjacking attacks”.

Those using IE unfortunately have no protection if they click through and will be compromised.

Microsoft installs software without permission

It seems that Microsoft just can’t help itself. As part of its regular Patch Tuesday, Microsoft released an update for its various toolbars, and this update came with more than just documented fixes. The update also installs an add-on for Internet Explorer and an extension for Mozilla Firefox, both without the user’s permission.

The update is listed as “Update for Microsoft Search Enhancement Pack” which doesn’t have any relation to browser add-ons or extensions. In addition, the update is marked as Important instead of Optional which means that it’s likely to be installed automatically, depending on the users’ update settings.

Users starting seeing this item as installed due to the fact that Firefox will show newly installed extensions on restart ( IE does not do this ). Apparently Microsoft is not even aware of the issue …

Windows 7 SP1 due in July

Microsoft anounced a public beta of SP1 for Windows 7 and Server 2008 R2 at TechEd in New Orleans this week. Yes that’s right – the same package is used to update both platforms due to them using the same kernel. While Windows 7 doesn’t gain any new functionlity from this update, Server 2008 R2 will gain RemoteFX which allows acceleration of graphics and audio for Remote Desktop sessions.

Another new feature added to Server 2008 R2 is Dynamic Memory which allows memory to be dynamically allocated to Hyper-V guests –  this is equivalent to KVM’s memory ballooning feature.

Adobe get’s hacked ( again )

It didn’t take long for someone to start exploiting zero-day vulnerabilities in Adobe’s software. In fact, having the the honour of designing the most hacked software on the planet, means that Adobe’s products are always going to be on the front-line of attacks. Since late Friday attackers have been exploiting a critical vulnerability in the company’s most widely-used software: Flash Player and Adobe Reader.

?Adobe said that the bug affects Flash Player 10.0.45.2, the most up-to-date version of the popular media player, as well as older editions on Windows, Macintosh, Linux and Solaris. Also vulnerable: PDF viewer Adobe Reader 9.x and PDF creation software Adobe Acrobat 9.x on Windows, Macintosh and Unix.

The threat has been rate as ‘extremely critical’ by security firm Secunia and US-CERT have also posted a warning of the vulnerability. Ironically, the newest warning came just days after Brad Arkin, Adobe’s director of security and privacy, said the company is in the security spotlight , but had taken several countering steps, including emphasizing development practices that have resulted in more secure code.

Meanwhile Adobe has recommended users switch to the unfinished 10.1 RC which is available here.

UPDATE: Adobe has indicated that a fix for this issue will be made available tomorrow, Thursday 10 June.