Peeve Farm

g r o t t o 1 1

Peeve Farm
Breeding peeves for show, not just to keep as pets

  Blog \Blôg\, n. [Jrg, fr. Jrg. "Web-log".
     See {Blogger, BlogSpot, LiveJournal}.]
     A stream-of-consciousness Web journal, containing
     links, commentary, and pointless drivel.

On My Blog Menu:

InstaPundit
USS Clueless
James Lileks
Little Green Footballs
As the Apple Turns
Entropicana
Cold Fury
Capitalist Lion
Red Letter Day
Eric S. Raymond
Tal G in Jerusalem
Secular Islam
Aziz Poonawalla
Corsair the Rational Pirate
.clue

« ? Blogging Brians # »

Book Plug:

Buy it and I get
money. I think.
BSD Mall

10/6/2003 -  10/8/2003
9/29/2003 -  10/5/2003
9/22/2003 -  9/28/2003
9/15/2003 -  9/21/2003
  9/8/2003 -  9/14/2003
  9/1/2003 -   9/7/2003
8/25/2003 -  8/31/2003
8/18/2003 -  8/24/2003
8/11/2003 -  8/17/2003
  8/4/2003 -  8/10/2003
7/28/2003 -   8/3/2003
7/21/2003 -  7/27/2003
7/14/2003 -  7/20/2003
  7/7/2003 -  7/13/2003
6/30/2003 -   7/6/2003
6/23/2003 -  6/29/2003
6/16/2003 -  6/22/2003
  6/9/2003 -  6/15/2003
  6/2/2003 -   6/8/2003
5/26/2003 -   6/1/2003
5/19/2003 -  5/25/2003
5/12/2003 -  5/18/2003
  5/5/2003 -  5/11/2003
4/28/2003 -   5/4/2003
4/21/2003 -  4/27/2003
4/14/2003 -  4/20/2003
  4/7/2003 -  4/13/2003
3/31/2003 -   4/6/2003
3/24/2003 -  3/30/2003
3/17/2003 -  3/23/2003
3/10/2003 -  3/16/2003
  3/3/2003 -   3/9/2003
2/24/2003 -   3/2/2003
2/17/2003 -  2/23/2003
2/10/2003 -  2/16/2003
  2/3/2003 -   2/9/2003
1/27/2003 -   2/2/2003
1/20/2003 -  1/26/2003
1/13/2003 -  1/19/2003
  1/6/2003 -  1/12/2003
12/30/2002 -   1/5/2003
12/23/2002 - 12/29/2002
12/16/2002 - 12/22/2002
12/9/2002 - 12/15/2002
12/2/2002 -  12/8/2002
11/25/2002 -  12/1/2002
11/18/2002 - 11/24/2002
11/11/2002 - 11/17/2002
11/4/2002 - 11/10/2002
10/28/2002 -  11/3/2002
10/21/2002 - 10/27/2002
10/14/2002 - 10/20/2002
10/7/2002 - 10/13/2002
9/30/2002 -  10/6/2002
9/23/2002 -  9/29/2002
9/16/2002 -  9/22/2002
  9/9/2002 -  9/15/2002
  9/2/2002 -   9/8/2002
8/26/2002 -   9/1/2002
8/19/2002 -  8/25/2002
8/12/2002 -  8/18/2002
  8/5/2002 -  8/11/2002
7/29/2002 -   8/4/2002
7/22/2002 -  7/28/2002
7/15/2002 -  7/21/2002
  7/8/2002 -  7/14/2002
  7/1/2002 -   7/7/2002
6/24/2002 -  6/30/2002
6/17/2002 -  6/23/2002
6/10/2002 -  6/16/2002
  6/3/2002 -   6/9/2002
5/27/2002 -   6/2/2002
5/20/2002 -  5/26/2002
5/13/2002 -  5/19/2002
  5/6/2002 -  5/12/2002
4/29/2002 -   5/5/2002
4/22/2002 -  4/28/2002
4/15/2002 -  4/21/2002
  4/8/2002 -  4/14/2002
  4/1/2002 -   4/7/2002
3/25/2002 -  3/31/2002
3/18/2002 -  3/24/2002
3/11/2002 -  3/17/2002
  3/4/2002 -  3/10/2002
2/25/2002 -   3/3/2002
2/18/2002 -  2/24/2002
2/11/2002 -  2/17/2002
  2/4/2002 -  2/10/2002
1/28/2002 -   2/3/2002
1/21/2002 -  1/27/2002
1/14/2002 -  1/20/2002
  1/7/2002 -  1/13/2002
12/31/2001 -   1/6/2002
12/24/2001 - 12/30/2001
12/17/2001 - 12/23/2001

Monday, October 21, 2002

11:25 - Sorry, I've sort of been out of the loop.
http://zdnet.com.com/2100-1105-962483.html

(top)

I missed this the first time around. It's certainly worth pointing out, though, especially if people have been hit with it (as one of the machines in my house was, this weekend) and have no idea what it was all about.

"The feature can be used to notify a user when a printer job fails," said Lawrence Baldwin, president of myNetWatchman.com, a company that monitors incidents on the Internet through a network of sensors set up by volunteers. "It was never the intention to let someone halfway across the world send messages that pop up on your screen."

Granted, the messenger service can be turned off. And conceptually, this is no worse a case of "trusting in infrastructure" than Apple's fiasco a while back in which its Software Update mechanism was found not to have any form of authentication, and to depend entirely on the proper resolution of a central server's DNS name. But still, this has the potential to become a major problem-- how many millions of Windows users don't have the slightest clue how to turn off the messenger service? How many will think that these "admin messages" are in fact authoritative missives from Microsoft that they'd better heed or else? Worst of all, this feature can't really be "fixed" except by shutting it off by default, which is what's apparently being done in the XP firewall. But that means IT managers are going to have to make sure employees turn it on (and can't turn it off)...

What surprises me is that it's taken this long for someone to exploit this.

DirectAdvertiser.com, a U.S.-based firm registered in Romania, has created an application that lets users send advertisements via the messenger channel to anyone whose computer is set up to receive messenger-service notes. The program costs $700 and has, in two months, already sold more than 200 copies, company founder Zoltan Kovacs said in an interview.

"You always get some people who don't like the product," Kovacs said, referring to the moderate amount of critical mail he has received. "But many more are interested in the product."

Kovacs stressed in the interview and on his Web site that the application is not for sending spam. However, a testimonial on the Web site says, "If you've been a bulk e-mailer like myself, you owe it to yourself to try DirectAdvertiser."

Why is killing these people still considered murder?

Ah well; now that the genie's out, we can expect this brave new form of technology to ramp up exponentially.

"This is just going to be a whole other delivery vehicle for spam," Baldwin said, adding that the fact the service is turned on by default is another indication that Windows security has a way to go. "But welcome to Microsoft," he said.