1,500,000 Facebook users can breathe a little easier

Remember the post last week about the guy who claims he had 1,500,000 Facebook user ids for sale?

Facebook just outed him. Ends up “Kirillos” has some ids, but nowhere near as many as claimed (or so says Facebook). Robert McMillan at ComputerWorld has the details:

According to VeriSign, Kirllos wanted between $25 and $45 per 1,000 accounts, depending on the quality of the Facebook user’s connections.

Kirllos appeared to have sold close to 700,000 accounts, although nobody knew for sure if his claims were legitimate…

“We have determined Kirllos’ identity through IP addresses, online accounts, and other information and believe that he’s very likely a low-level actor,” said Facebook Spokesman Simon Axten, in an e-mail interview.

Axten wouldn’t name Kirllos, but he said that the hacker is based out of Russia.

And while Kirllos does appear to have hacked accounts — probably through a phishing attack or by placing malicious code on victims’ computers — but he probably obtained only a few thousand credentials, Axten said.

Do the math. 700,000 accounts at $25 to $45 per thou adds up to a whole lotta rubles. Not bad for a few days’ work.

Oh. And Facebook apparently paid for some of those 700,000 accounts.

HP and Palm – room for another phone OS?

You’ve probably heard that HP has offered to buy Palm for $ 1,200,000,000. Pending regulatory approval and some other hurdles, the deal should be consummated this summer.

John Fortt at Fortune has the best analysis I’ve seen:

Today, HP’s small portfolio of iPAQ business smartphones and handhelds runs Microsoft’s Windows Mobile OS. Its soon-to-launch HP tablet computer runs Windows 7. Its DreamScreen digital picture frames run a homegrown flavor of Linux, and its netbooks come in both Windows 7 and Linux varieties. And its high-end calculators run another OS. Compare that to Apple, whose iPhones, iPads and iPod touches all run the same OS, and use the same app store.

So now we have iPhone and Android, both strong contenders. Then there’s Windows Mobile, which always struck me as a me-too, but then I’m biased. Now we have webOS getting the money, if not the recognition, it deserves. Is there room in the mobile market for four OSs?

Ya pays yer money and ya takes yer chances…

Write about an Apple product, get your house ransacked

Jason Chen, the head guy at Gizmodo, has made some very powerful enemies by writing about the iPhone 4G. Apparently, Gizmodo received a working prototype of the new iPhone under extenuating circumstances. Jason’s written about it, in spite of Apple’s heated objections.

Officers from the California’s Rapid Enforcement Allied Computer Team, using a court order issued by the Superior Court of San Mateo CA, broke into Jason’s house and took out four computers and two servers.

Makes you wonder about a lot of things, eh?

Jason’s account is on the Gizmodo site.

1,500,000 Facebook users can’t be wrong, can they?

The New Zealand Herald reports that the clown claiming to have 1,500,000 hacked Facebook accounts available for sale is working in Kiwiland.

Detectives from the National Cyber Crime Centre are investigating whether the hacker Kirllos is using New Zealand as a base to commit internet fraud.

Kirllos is offering the user names and passwords of 1.5 million Facebook users for between $35 and $62.70 per 1000 accounts sold on an underground hacker forum.

There are plenty of good reasons to be skeptical about Kirllos’s claims: Dancho Danchev has a good overview on the ZDNet blog. Still, it gives one pause.

McAfee automatic updating sucks, too

If you have McAfee Antivirus running on a Windows XP machine with Service Pack 3 installed, you probably can’t read this.

McAfee has removed the defective update, but I’m hearing estimates that tens of thousands – maybe hundreds of thousands – of PCs got locked up.

Wow. I can’t think of any virus in the history of malware that took out so many machines, so quickly, effectively, and thoroughly. The dead machines are locked up so tight it’s very hard to get them back and working: general approach seems to be disabling McAfee and re-installing svchost.exe. Ah well. Good riddance to bad rubbish, sez I.

The reason? A false positive. The virus definition update released earlier this morning mis-identified the WinXP SP3 system file svchost.exe as being infected with the W32/Wecorl.a virus.

Full details on the SANS Internet Storm Center (I’m having trouble getting into their server – they may be melting down at the moment).

For those of you who haven’t been listening, or reading my books, I’ll repeat it one more time. There’s no reason in the world to be paying for antivirus software. The mainstream packages have turned into big, bloated, pieces of clingy, begging junk. And that’s being charitable. You should use free antivirus, and my favorite at this moment is Microsoft Security Essentials. Fast, free, easy – and it won’t accidentally flag svchost.exe as an infected file.

I hope.

Java 0day infects songlyrics.com

On April 9, Travis Ormandy wrote about a 0day hole in Java. It’s amazingly easy to exploit. Sun didn’t take him seriously:

Sun has been informed about this vulnerability, however, they informed me they do not consider this vulnerability to be of high enough priority to break their quarterly patch cycle.

For various reasons, I explained that I did did not agree, and intended to publish advice to temporarily disable the affected control until a solution is available.

Now comes word that a very popular Web site, songlyrics.com, has been serving up ads that are infected with that specific 0day. The ads feature rogue antispyware applications from Russia.

Thank you, Sun.

UPDATE: Brian Krebs reports that there’s a new version of Java out. I suggest you wait and have it installed automatically: Ryan Naraine discovered that if he installed it manually, Sun oh-so-helpfully offered to install the Bing Toolbar – another piece of crapware from Microsoft – and the installer goes so far as to offer the Bing Toolbar by default.

Open question: is Sun turning into the next Apple?

Happy New Year!

Songkran in Patong

Yes, the water fights.

It’s fashionable for long-term expats like me to be a bit blase about the massive partying going on in Patong, but I’ll readily admit that I love it. Thousands of people dousing each other with water. It’s crazy, it’s wild, and it’s one whole heckuvalot of fun.

The water fights have just started, and they’ll continue for the next three days. In a few hours, there will be rivers of water rolling through the streets of Patong, with traffic snaking and snarled all through our little town. I’ll hop in a truck with my Dad, stick our friends in the back, set ‘em up with barrels and barrels of water, roll out the squirt guns, and go have a blast.

For those of you who have written, concerned about the political problems in Bangkok, not to worry – Bangkok is a thousand miles away, both geographically and politically. In Phuket, everything’s normal, always has been  normal, and it’s time to have fun.

Wish you were here!

That whooooshing sound: Win7 hits 10% and keeps climbing

Emil Protalinski at Ars Technica reports that Windows 7 now enjoys more than a 10% market share. That’s a rather amazing number, considering how many PCs are out there.

Not surprisingly, you folks are more than a bit ahead of the curve: 24% of all the AskWoody.com hits last month were from Windows 7, with Vista at 28% and XP at 42%.

In the browser wars, 44% of you were using Firefox. 28% were using IE, with IE 8 outdistancing IE 7 by two to one.