As someone who flies all too frequently, I'd be lying if I said I wasn't a bit spooked by a report that the Spanair flight 5022 crash from two years ago may have been caused -- at least in part -- by malware on a computer that failed to detect three technical problems. Apparently, the computer which monitored those things got some sort of trojan horse, and may have failed to set off the necessary alarms because of this. As for how the computer got infected... it sounds like investigators still are not sure, but someone sticking in an infected USB stick or some other remote network connection seem like the most likely culprit. Of course, the reports seem woefully lacking in details. It's unclear how a trojan would block some software from alerting the crew that there was a problem with the aircraft. Honestly, the report seems to raise a lot more questions than it answers, and if it's actually true, it makes me wonder why we're relying on software that can be disabled via some random malware to watch for life-and-death safety issues on airplanes...

When we've discussed adblockers in the past, one important point that many people have raised is the growing likelihood of scammers "buying" ads as a method of distributing malware through popular sites. Apparently, that business of "malvertising" is getting more and more popular... and more and more sophisticated. Joshin4colours points us to a story about a super sophisticated "malvertiser" who went to great lengths to appear legit. In another discussion about that case, it's suggested that somewhere around 50% of "self-service" advertising setups may be part of some kind of scam. I'm not sure I quite believe that number, but if the number is even half of that, it does raise questions about how online ad buying and ad placement works, and how it will work in the future. Perhaps this will finally drive companies who insist on banner ads, rather than more effective forms of advertising/marketing, to rethink their position.

Jaime Novoa was the first of a few of you to point us to a series of links about how French ISP Orange has started offering a service to let subscribers pay 2 euros to "block" file sharing services on their connection. The theory, of course, is that this service "protects" you from getting any strikes. Of course, you could also do that for free -- by limiting yourself and encrypting your connection, but that's a separate story. Beyond the fact that this system involves a secret blacklist that could very well block legitimate uses as well, lots of folks started digging into the service and discovered that the software in question is basically malware and ridiculously insecure that more or less broadcasts the private info of anyone who uses it for anyone else to see. So, not only is the program costly, limiting and useless, but it's a massive security and privacy problem as well. All because of three strikes/Hadopi.

With companies like Digiprotect, Davenport Lyons and ACS:Law busy sending out tens of thousands of so-called pre-settlement letters that threaten people (often on very little evidence, if any) of copyright infringement, but allow them to pay up to avoid a lawsuit, is it any surprise that out-and-out scammers are jumping into the game as well? Ben alerts us to a warning from US-CERT of a new email scam, which involves the scammers sending out legitimate looking emails pretending to be from a law firm, telling the recipients they're being sued for copyright infringement. The details are supposedly in a file at a URL provided in the email. When a visitor goes to that URL and downloads the file, they get malware instead. Yes, it appears that the malware scammers are now learning from the best in the business...

Given what the Olympics have become lately, I have to admit to not paying attention to any of it so far. I heard the news of the luger's death, and that's been about it. So perhaps more people already knew about this, but apparently one of the mogul skiers has a bit of a reputation as a spam/spyware purveyor. It sounds like the guy is now out of that business, but what's fascinating is how his reputation has been tarnished over all of this, despite winning Olympic medals. The Canadians wouldn't let him on the team this time around years back, due to their dislike of his activities, so he switched his citizenship to Australia, and basically, it sounds like everyone hates him:

After Begg-Smith's second place finish in Vancouver this week, one Australian news organization published an article calling him--in the headline, no less--a "sourpuss." Another, the Sydney Morning Herald, labeled the Olympic athlete as "Mr. Miserable" and speculated that he was "simply flying a flag of convenience" with no real ties to Oz.

Canadians were more direct. Facebook groups such as "Dale Begg-Smith is a sourpuss" and another calling him a "traitor" have popped up. Twitter messages after the mogul race have included "traitor," "fake Canadian and all-around jerk," plus other phrases entirely unsuitable for a family publication.

Obviously, some of that hatred is due to him switching citizenship, but the article explains why his spamming/spyware activities are a large part of it as well (and may have resulted in the citizenship switch). I find this interesting not just because of the Olympic angle, but because of the reputation angle.

Reputation is a rather valuable "scarce good," and destroying your reputation through shady activities can come back to bite you for a long, long time, even if you do plenty of other amazing things. Just ask Metallica.

Ok, perhaps the title is a bit of an exaggeration, but it certainly appears to be what a Microsoft exec in the Philippines implied in a recent interview concerning Windows 7. Basically, he said that using unauthorized copies of the OS were really unsafe, so doing things like online banking or other sensitive stuff on such software could put users in serious danger. Of course, that makes you wonder what Microsoft has done to make unauthorized copies of the software so dangerous to use...

Security companies love using stats to make something appear to be a bigger problem than it really is. Take for example this claim that links to malware are "abundant" on Twitter. The problem is that this is totally meaningless. Because you only see the tweets of people you follow, if spammers are putting up malware links, it only matters if anyone's following them and then clicking on the links. The number of links that point to malware alone is meaningless, because one "spammer" could just post a ton of malware links, but that won't mean a thing if no one is following them. The real question should be how often are people getting malware because of clicks on Twitter. Unfortunately, that data isn't provided.

One of the benefits of Skype was that, due to the way it works (P2P, encrypted communications), it made it much more difficult to do any sort of wiretap. This has upset various governments who are used to having the ability to wiretap any voice communications. However, it's never impossible. The most obvious way is to simply create some sort of trojan that gets installed on one user's computer that has audio recording abilities -- and Symantec is going around hyping up the fact that source code for just such a trojan has been released. Of course, even Symantec admits that there's no evidence of the code actually being used in the wild -- it seems more like a proof-of-concept. On top of that, it's hardly a new idea. Nearly a year ago, we talked about how German authorities were accused of using something that sounded quite similar. Still, it is a good reminder that even if you're using an encrypted Skype call, at either end of that call, the audio is decrypted, and a well-placed recording system can capture it.

Diebold is pretty well known for being in two separate, though similar, businesses: ATMs and e-voting machines. Its e-voting machines have always had a terrible reputation, with security flaws and bugs galore (the company recently has tried to hide from all the negative publicity by renaming the e-voting division as Premier Election Solutions). However, many people kept asking how the company could get so many things so wrong when it came to e-voting, but still get its ATMs working properly. Of course, as has been noted in the past, the way ATMs work is quite different, and mistakes are likely to be spotted quickly.

However, it's now coming out that Diebold's ATMs also have security problems. Slashdot alerts us to the news that Diebold has issued a patch after discovering that some scammers have been able to install "card sniffing" software on a variety of Diebold ATMs allowing the scammers to get all your card details. Is that Premier Banking Solutions I hear knocking?

By now, you've probably heard the news that Google had a bit of a "glitch" this past weekend, whereby it warned people that every single site in existence (including Google) was rated as potentially dangerous and could put malware on your computer. It lasted for about an hour Saturday morning, causing amused chatter around the web. But, of course, it does highlight one key issue: whenever we end up with various "automated" warning systems, we tend to start believing what the systems tell us -- even when we know they're fallible. It's something worth remembering -- not to say that computer models are bad, just that we almost always underestimate how much weight people put on them once they're in place, no matter how much we intuitively understand that it's just a model.