The Washington Post blog have the story that adverts which recently appeared on popular social networking site MySpace were using a serious exploit recently found in Microsoft Windows to infect target machines with spyware.

The advert used the recently found security flaw in Windows’ handling of Windows Meta File (WMF) images which could allow a malicious WMF image to run any code whatsoever on the target system. One of the worst things about this vulnerability was that it was effective regardless of the user’s browser, as the flaw occured within Windows’ graphocs processing software itself and wasn’t limited to Internet Explorer, for example. The flaw sparked a lot of heated debate about whether it was an intentional backdoor introduced by Microsoft, but no evidence was ever conclusive.
Microsoft had released a patch for the flaw by December 2005, but anyone without the patch could well be infected with the malware if they visited MySpace recently. The spyware (PuritScan/Clickspring), if installed, bombards the user with pop-up advertisements and is a privacy risk.

You can see whether you are vulnerable to this type of attack using this tool. Users of Windows NT4, 2000, XP and Server 2003 (but not Windows 95, 98 or Me) are vulnerable if they’re not patched up.

This is really irresponsible behaviour by MySpace and their advertisers. MySpace should be fully aware of who is advertising on their site and they should have strict policies in place about what things their advertisers can do more than just static banner ads. Especially when you consider that a large proportion of MySpace’s visitors are teenagers who probably don’t actually own themselves the computer they use for browsing, this is ridiculously irresponsible behaviour.

There should be some kind of code of practice in place for web advertisers, or else we’ll inevitably see more attacks like this as more vulnerabilities are discovered.

Everyone knows that the browser wars are escalating. The success of Firefox, which has managed to gain significant market share from Internet Explorer, has forced Microsoft to innovate for their next release. At the same time, who can forget Opera, with unique features such as integrated BitTorrent and widgets?

Extreme Tech has a great roundup of the three most recent releases from the Big Three, Firefox 2.0 Beta 1, Internet Explorer 7 Beta 3 and Opera 9. It sits on the fence somewhat, pointing to advanced features on all sides. My personal opinion is that Firefox is still by far the best, since its extensions provide just about any other functionality that the other browsers might have.

Popular video sharing site YouTube has recently been hit with a lawsuit claiming that YouTube allows copyrighted video to be uploaded.

It’s unlikely this will go anywhere, considering that the US’s Digital Millennium Copyright Act (DMCA) has a clause which protects websites from claims over copyrighted material uploaded by their users. Oh, and if you’re in the UK (or anywhere else) you might be basically immune to the DMCA, but us Europeans have the EU Copyright Directive to guard us from wrong-doing.

Nevertheless, online sharing sites like YouTube have come under scrutiny from organisations like the BBC for hosting their content. While it might seem OK to people in the UK, because they have paid their TV licence and believe that they should be allowed to do whatever they want with the content, when you consider that if BBC content, for example, gets on YouTube, people outside the UK haven’t made any contribution to the BBC and this could be damaging them.

Also a point rased in this BBC blog post about YouTube was that YouTube seems to be getting away with allowing users to host potentially infringing material, where if the BBC were to infringe rights, they would immediately be found out and have to settle.

Whether this lawsuit against YouTube is successful in the favour of the accuser (which personally I don’t think it will be), it will no doubt be the start of more legal battles between the intellectual property owners and the public and companies that host this kind of site.

This is a first for Gizbuzz: we have a podcast. However, the real news is the content. As regular readers will know one of the big areas that Gizbuzz covers is Web 2.0, and one of the most exciting Web 2.0 companies around at the moment is Zoho, who are currently in the process of building an online productivity suite, rivalling that being built by Google and ultimately Microsoft Office.

Peter and I did an interview with the Chief Architect of Zoho, Raju Vegesna, who was kind enough to talk to us for about 45 minutes on the subject of Rich Web Applications, why we want them and where they will go in the future.

Download the Podcast

Subscribe to the podcast [this will let you add it automatically to iTunes as well]

If you still need some convincing, some of the things we covered were:

• Who would want to use Rich Web Applications, and how they are being used at the moment .
• How Zoho will gain users’ trust (remember, with rich web applications the application provider holds the data, not you. See Scoble)
• Nuts and bolts of how rich web apps will be developed in the future - is Ajax enough or will XUL or Flash be leveraged? Is a totally new standard needed?
• The future of web applications. Will we be using them instead of a desktop suite in five years time? Will they have spread outside the ‘geek world’?
• The upcoming launch of Zoho Drive in the next few weeks, a product which certainly sounds extremely disruptive and very exciting. Listen for an explanation!

Techcrunch reports that Feedburner has acquired blog analytics firm Blogbeat. Feedburner has published an FAQ about the acquisition. From the FAQ:

Blogbeat is an online service that provides insight about what’s happening on your blog including who’s reading, what posts are being read, which content is most popular, and much more.

As the world’s largest manager of syndicated content feeds, our mission is to provide our hundreds of thousands of publishers with the most comprehensive view of how their content is being distributed and consumed online. Our publishers want insight into the relationship between their feed subscribers and their site visitors. We aim to please.

Like FeedBurner, the Blogbeat service uses the feed as a foundation for statistics about blog posts and activity, making it a great complement to our existing platform.

The financial terms of the acquisition are not disclosed, discussed, or even whispered in hushed tones among those in the know.

Blogbeat functionality will be incorporated into FeedBurner’s StandardStats service. A small retirement party has been planned for the Blogbeat logo and brand — you may send balloons to the FeedBurner office.

The initial integration of Blogbeat’s core functionality will be completed during Q4 2006.

In some ways this is a good acquisition for Feedburner; it enhances their core functionality and makes them more attractive to a potential user. However, I have extremely good analytics for Gizbuzz through using a combination of Feedburner to understand readership of the feed, and Google Analytics to understand the website. I am therefore unlikely to be particularly interested in looking at Feedburner’s stats for my blog. However I should say that I have not seen Blogbeat and it may offer blog orientated features which are not available in Analytics, in which case it will certainly be worth a look.

Well, we all knew that Microsoft was determined to beat Google ever since the infamous Steve Ballmer chair throwing incident, but now they have gone one step further, and created a job in China with the title ‘Google Compete Lead‘. From the job description:

This role manages all competitive escalations relating to Google and serves as the local/regional spokesperson for Google Compete PR and AR.  The role is responsible for local/regional competitive intelligence and for maintaining a close relationship to the Corp Google Compete team.

This job advert also reveals the fact that Microsoft already has a whole ‘Google Compete team’. Apart from being ridiculous, this is also amusing. As far as I can see this job involves a mixture of copying Google (competitive intelligence), and spreading nasty rumours about Google (PR). Someone should quietly tell Microsoft that they will beat Google by building better products than Google, innovating more widely than Google, and then bringing their products to a wider audience. That doesn’t seem to be the role of the ‘Google Compete Lead’.

[via Google Blogoscoped]

Slashdot have got the story that the Linux NTFS Project are now close to making a beta release of their software to allow easy access to Windows data on a dual-boot Windows + Linux system.

(more…)

ClickTale is a new service for webmasters which is a web statistics service, but with a difference.

ClickTale monitors everything users do on your website, and on compatible browsers, you will end up with a video of exactly what your users were doing - where they clicked and even where they moved the mouse.

Of course, if you’re concerned about the privacy issues you can simply disable JavaScript in your browser, but most users will be completely unaware that everything they do is being monitored.

ClickTale does have legitimate uses of course - for example if your users are clicking something and expecting it to be a link, you can improve the usability of your site. There are serious privacy issues here, and although the website owner won’t be able to see other browser windows/tabs or any other applications you’re running, there’s still a massive privacy issue here.

ClickTale is currently in a closed beta test, but you can sign up to be notified if additional beta testers are needed on their site.

[via]

Mashable is reporting that Google Video has now become available in 7 new European countries, including the UK. According to Mashable:

Google Video has launched a series of European versions and announced deals with partners including AETN, Buena Vista Television International, FC Barcelona, IMG Media, ITN, Premium TV and TalkbackThames.

Many of those names are UK TV companies, and so this may be great news for UK users, who up till now have not had any paid UK content available to them. I, for example, do not have satellite or cable, and might well therefore be interested in good quality programming which I otherwise would not see.

On a sidenote, a big shake-up of the UK online TV space is to come fairly soon, with the launch of the BBC’s iPlayer. The system runs on Microsoft’s PlaysForSure DRM to enable the BBC to allow downloading and playing of TV and radio programmes up to seven days after they have been shown, all covered by the Licence Fee. [For those outside the UK, the Licence Fee is a compulsary fee paid by anyone who wishes to watch television. The whole fee goes to the BBC, and not to any commercial channels.]. This is currently in trial period, but is very likely to go ahead. Once it does, UK users will for once be the envy of the rest of the world!

Slashdot has the story that Microsoft and Yahoo are to allow users of their instant messaging (IM) networks to talk to each other cross-network. This means that if I’m on Windows Live Messenger, I can talk to my friends on Yahoo Messenger directly from my account.

At the moment in the US, AOL Instant Messenger has the dominant market share, and this move could easily be seen as a collaborative move by Microsoft and Yahoo to try and tip the balance in favour of their networks, and share advertising revenue amongst the two services.

One of the interesting things about instant messaging is that the network you use is usually determined by what network your friends are on. It’s this that has probably brought AOL to the dominant position in the USA. With this announcement, this might no longer be the case, but will we see people switching networks? I’m sceptical, I don’t think people are generally prepared to switch networks unless there’s a good reason. This might be a convienience if you’re already on Windows Live Messenger or Yahoo Messenger, and for Microsoft and Yahoo it might be nice, but I doubt it will change AOL’s position as market leader (in the US at least).

UPDATE: I’ve had a little play with the integration (which I need to point out is beta), and after activating the connection service in both Windows Live Messenger and Yahoo Messenger, it works fairly transparently, apart from a small Windows Live or Yahoo icon when talking to people on the opposite network. You can sign up for Yahoo here (click Join Up) and using the latest version of Windows Live Messenger just add your Yahoo contacts as normal.