Looks like T-Mobile has been hacked

A post on the Full Disclosure site seems to indicate that somebody has broken into the T-Mobile servers in the US and copied all of the data:

Tmobile has been owned for some time. We have everything, their databases, confidental [sic] documents, scripts and programs from their servers,financial documents up to 2009.

We already contacted with their competitors and they didn’t show interest in buying their data -probably because the mails got to the wrong people- so now we are offering them for the highest bidder.

Please only serious offers, don’t waste our time.

There’s a lot of data on the post that would lead most people (including me) to believe that the boast is real.

Scary.

Which patches should I avoid?

Reader JB just wrote to say:

I know you listed what to patch and what not to patch, but I’m still confused. I don’t know much about computers so please bear with me. When I go to the update page there are several things listed under Microsoft Office 2007 updates, but they do not all have numbers listed. I have not installed the following: update for Office System (KB967642), Security update for Power Point “07 (KB957789),Security update for Office System (KB969618), Security PP Viewer 2007 (KB970059).

Then there are three Service Pack 2 items listed, but no numbers. One for Compatibility, one for Power Point viewer, and one for MS office suite. So when you say not to take sp2, I don’t know which of the three not to take because they do not have numbers listed next to them. Could you please be very specific in telling me what to take and not to take. I’ve read your blogs and I’m still not sure.

Microsoft makes this much more confusing than it should be.

If you ever wonder about a specific patch, go to Google and type the KB number. For example, typing KB967642 brings up a description about an error message that many people see when they try to install Vista SP2.

In general, though, you should install all of the patches you see except for the specific patches mentioned in my posting. In this case, I recommend that you hold off on any patch marked “Vista Service Pack 2″  or “Office 2007 Service Pack 2.”

Windows 7 Home Premium for $50?

Engadget reports that is has a leaked memo from Best Buy detailing Windows 7 pricing. If the memo’s correct – and it certainly looks real – here’s what we can expect:

> any PC sold with Vista Home Premium, Business or Ultimate between June 26th and the Windows 7 launch day (October 22nd) will be eligible for a free upgrade to Win7.

> starting on June 26th, Best Buy will begin “pre-selling” the Windows 7 Home Premium Upgrade ($49.99) and the Windows 7 Professional Upgrade ($99.99)

It isn’t clear if the upgrade pricing applies to those who own any version of Windows XP or any version of Vista, but that appears likely. Man, if those prices are for real, Microsoft has all the makings of a runaway hit on its hands.

MS-DEFCON 4: Get patched, but avoid these stinkers

With ten patches on the way next Tuesday, and many of the problems with older patches fixed, it’s time to get patched up. Unfortunately, there’s a long list of  problematic patches that you should studiously avoid.

Here are the ones I suggest you pass by:

Windows Vista Service Pack 2/KB 948645 is causing problems. Dennis O’Reilly talks about some of them in the latest Windows Secrets Newsletter. There’s no pressing need to install Vista SP2, and the PC you toast may be your own. Hold off for now. If you really want to install SP2 and it isn’t offered by Automatic Update, check out KB 948343 for a list of potential problems. Worth noting: that KB article is up to version 14.0. And you trust this stuff?

Office 2007 Service Pack 2 / KB 953195 has a few problems – just look at the “Known Issues” list at the end of the KB article. Again, there isn’t enough new stuff to justify putting your computer at risk. Patience.

KB 951847 is a mess of a patch of a patch of a patch of the .NET Framework in Windows XP. The Knowledge Base article is up to version 5.0. This is the one that includes the drive-by installation of a difficult-to-remove add-on for Firefox. I’m beginning to think that it’ll never get fixed – you’re better off waiting until you upgrade to Vista or (better) Windows 7, which have .NET baked in, or wait until Microsoft releases a new version of .NET.

KB 960715, the ActiveX killbit update, still breaks many programs. I don’t think the cure is any better than the disease. Of course, you’re using Firefox (or Chrome) – or any Web browser that doesn’t directly expose your machine to ActiveX infections, right?

KB 967715, the Conficker-killer that doesn’t work, is worth installing, but make sure you understand its limitations, as I posted in mid-March.

I’m still ambivalent about Windows XP Service Pack 3, KB 936929. If you’ve been keeping up on all of your patches, it’s a toss-up. If you decide to install it, and you have problems, be sure to check out Microsoft’s Knowledge Base article KB 950718.

I’m also ambivalent about Internet Explorer 8. Mark Edwards has a good analysis of the situation on the Windows Secrets web site.

Sorry to leave you with such a patchwork quilt of good and problematic patches, but I think you’d be well advised to apply all outstanding patches except the ones listed above.

Windows Secrets: get rid of the drive-by .NET Framework Firefox add-on

The new Windows Secrets Newsletter is out.

Nice lead article about the Windows 7 Starter Edition and what it means for the future of netbooks, at least in the near term.

In the same issue, also in the free content, Brian Livingston has dissected that nasty patch Microsoft applied to Firefox, without your knowledge or consent. Brian shows you how to tell if you have the add-on, and if you do, how to get rid of it.

Check out the article, then check out your system.

Windows 7 to RTM mid- to late-July, official launch October 22

It looks like Ina Friend at Cnet broke the story:

Microsoft confirmed on Tuesday that it is planning for Windows 7 to hit retail shelves and start showing up on new PCs on October 22.

To reach that milestone, Microsoft plans to wrap up development of the operating system by the middle or end of next month.

The RC is certainly solid enough – and I hear that an unofficial RC 2 may become available in the next week or two.

I bet that we see Win7 available on new machines long before October 22.

Looks like I lost my bet, that Win7 would be on store shelves by September 1. Ah well.

Oh. TechARP reports that people who buy Vista after June 26 will be eligible for a free upgrade to Windows 7.

More .NET Framework patch stupidities

Several of you have written, pointing to an article by Brian Krebs in the Washington Post, adding yet more fuel to the pyre that is known as the .NET Framework patch or KB 951847.

Quoth Brian:

[T]he .NET update automatically installs its own Firefox add-on that is difficult — if not dangerous — to remove, once installed.

The so-called .NET Framework Assistant for Firefox is difficult, but not impossible to uninstall. Details appear on Brad Abrams blog.

Thie particular piece of Microsoft “support” shouldn’t come as a big surprise to anyone who follows .NET Framework updates religiously. Microsoft employees have been blogging about it since May 12, at least.

Still, it’s a bit disconcerting to have Microsoft install a drive-by Firefox add-in as part of a “security update.”

I hope that the folks at Microsoft return the favor. I would love to see Firefox 3.0.11 – the next security update to Firefox – automatically, silently install a hard-to-remove add-on to Internet Explorer that makes IE infinitely more secure by, oh, disabling ActiveX controls.

The fact that Microsoft released such a patch – and installs it silently as part of a “security” update – should give you pause. But also consider the corporate culture that allows such blatant acts of hubris to take place. Repeatedly.

The old Microsoft is with us still.

Hold off on your Microsoft patches, folks. Beware of Redmond Geeks bearing gifts. The PC you wreck may be your own.

Bing vs Live Search

Bing just went, uh, live. (Thanks, Andy.)

I decided to compare Bing with Live search results. Looked up the word “gar” – the name of a fish. (I just saw a school of gar in an estuary near where I live.) The results? Except for the title on the results page, both Bing and Live produced precisely the same results.