Each weekend, SecurityFocus sums up the security, privacy and cybercrime stories from that might have otherwise been overlooked. With the first week of a new year comes a flaw in the Firefox browser, a new start for a controversial chat-logging service and, possibly, the beginning of the end for copy-protected music.
A flaw in Firefox could allow online fraudsters to conduct convincing spoofing attacks on unwary Web surfers, according to security researcher Aviv Raff. Mozilla's chief security "something-or-other" Window Snyder posted a short entry on the flaw in her security blog, saying that the group was investigating the issue.
IRSeek, a service that logs conversations conducted on the public channels of the Internet Relay Chat (IRC), returned on Friday after a month-long shutdown following intense criticism of the privacy implications of its database. The service has attempted to satisfy privacy-sensitive chatters, by removing much of its previous database entries, implementing an opt-in and opt-out request page for IRC operators, and committing to using a common name for its agent programs, or bots, that record conversations on each channel. "Based on the feedback we have received from the community, we have changed our service to meet the concerns of many IRC users," the company stated on its policy page. "It is clear that the support of the community is paramount."
Sony BMG plans to drop copy protection from its songs, BusinessWeek reported last week. The music giant, which got in trouble in 2005 for shipping spyware-like digital-rights management on its music CDs, plans to sell some of its music without any copy protection, inside sources told the business magazine. Sony BMG is the last major music company to announce plans to remove DRM from its digital music.
If you have tips or insights on these topics, please contact SecurityFocus.
Posted by: Robert Lemos