Microsoft Corp. has slapped a 'buyer beware' tag on a third-party patch for the zero-day Windows Metafile flaw and promised that its own properly tested update will almost certainly ship Jan. 10.

The company's latest guidance comes days after an unofficial hotfix from reverse-engineering guru Ilfak Guilfanov got rare blessings from experts at the SANS ISC (Internet Storm Center) and anti-virus vendor F-Secure Corp.

In a blog entry, Johansson said enterprise IT administrators must carefully consider the risks involved before thinking of applying Guilfanov's hotfix. "The patch is an executable and has to be run on each vulnerable system, meaning cost of implementation is potentially very high."

Coldplay's latest CD provides what may be one of the best tools to use against the onslaught of anti-consumer digital rights management technology. Their most recent album, X & Y, now comes in some regions with an insert that warns users not to expect the CD they just purchased to work with just any old CD player (the following exemplar is from India). Stating that "This CD cannot be burnt onto a CD-R or hard disk, nor can it be converted into MP3 for file sharing," the insert goes on to list 12 bullet-pointed exceptions to what devices can actually play the disc.

You might find this notification honest and perhaps even useful. Think again. Not only is the insert on the inside of the CD jewel case, where you can't see it until you've paid for the disc and cracked it open, but the insert kindly informs you that you can't return the merchandise.

By now you may be wondering how this could be used as a tool against the onslaught of DRM. It's simple: copy this warning text, or get your hands on the actual insert, and mail it to everyone that represents you in government. This is a fantastic example of what industry players will do if they can get away with it. And the best part of it all? This copy protection is a complete waste of time; the album is available all over P2P networks, without DRM. Once again, the industry decides that punishing its paying customers is the best way to go. And one user who ended up with the CD found out that he could rip it anyway.

The Chinese government regularly censors Internet content in an effort to diminish the distribution of politically subversive material, but now the communist state is expanding its control and targetting Internet pornography web sites as well.

With more than 100 million Internet users, China has the second largest population of web content consumers after the United States. Although the Chinese government promotes web use for business, education, and government activity, the communist regime has committed its resources to crushing web sites that challenge government authority, or distribute content that the government considers to be detrimental to society.

The Chinese government also recently increased surveillance of mobile phone text messaging, a popular method of communication in China where 383 million individuals use mobile phones. According to Wu Heping, vice minister of the Ministry of Public Security, Chinese law enforcement agents have found 107,000 illegal text messages since the start of November, and have consequently pulled the plug on approximately 9,700 cell phone accounts.

2005 will be forever seen as the year in which the US government managed to keep unilateral control of the internet, despite widespread opposition by the rest of the world.

However, while this very public spat went on, everyone failed to notice a related change that will have far greater implications for everyday internet users and for the internet itself. That change will see greater state-controlled censorship on the internet, reduce people's ability to use the internet to communicate freely, and leave expansion of the internet in the hands of the people least capable of doing the job.

At that meeting, consciously and for the first time, ICANN used a US government-provided reason to turn over Kazakhstan's internet ownership to a government owned and run association without requiring consent from the existing owners.

ICANN then immediately used that "precedent" to hand ownership of Iraq's internet over to another government-run body, without accounting for any objections that the existing owners might have.

When the US government took over Afghanistan in 2001, it was fortunate in that the current ccTLD owner was killed during bombing of Kabul. It simple forged the man's signature on a piece of paper handing over control to the US-created authority and the job was done.

If you're into reading legal proceedings verbatim, here's a doozy for you. It gets even better if you like to see RIAA lawyers dragging themselves, rather than their chosen targets, through the dirt.

The RIAA sued the Nelsons, who in turn are basically asking for the case to be dismissed and their legal fees reimbursed, because the RIAA lawyers got the testimonies they wanted from some witnesses through coercion and/or extortion.

The transcript of the deposition that followed this motion gives us a glimpse into exactly how far the recording industry is willing to go to justify their crusade against file sharing.

The deposition strongly suggests that the RIAA knew they didn't have a leg to stand on, and that they were perfectly happy to do anything in their power to win anyway. Funny how rather than open their own wallets to settle, they prefer breaking the law themselves.

F-Secure, Bugtraq and a number of other security aware outfits have warned of a zero day vulnerability that's being actively exploited as we write.

Fully patched Windows XP SP2 machines are vulnerable and there's no known fix as yet.

A number of trojans are being distributed using the vulnerability, related to Windows' image rendering.

F-Secure says you can get blatted if you visit a site with an image file containing the exploit. IE users may automatically be infected. Firefox users can get infected if the image file is downloaded.

There is no solid workaround against emerging WMF exploits. Locking down WMF files on the gateway and building network detection signatures may mitigate known threats. The impact of attacks may also increase.

Malware authors have produced a virus which poses as a test version the latest, as yet unreleased, version of MSN Messenger. The Virkel-F masquerades as "MSN Messenger 8 Working BETA" and is available from a bogus site as a supposedly leaked early version of the software.

Windows users who download and run the malware (given the name BETA8WEBINSTALL.EXE by hackers) will fail to get the promised chat client. Instead their existing MSN Messenger client will start to send download links to everyone in their contact lists in a bid to encourage others to become infected. Infected machines will also become clients in a botnet network of compromised PCs.

The social engineering trick uses interest in test version of Windows Live Messenger 8 - access to which is being auctioned on eBay - to hook victims.

A businessman has won what is believed to be the first victory of its kind by claiming damages from a company which sent him e-mail spam.

Nigel Roberts, who lives in Alderney in the Channel Islands, took action against Media Logistics UK over junk e-mails in his personal account.

The Stirlingshire-based firm has agreed to pay £270 compensation to Mr Roberts, who runs an internet business.

Mr Roberts received unwanted e-mail adverts for a contract car firm and a fax broadcasting business and decided to take action against the company.

The company filed an acknowledgement of the claim at Colchester County Court but did not defend it and a judge ruled in favour of Mr Roberts.

Mr Roberts said he had limited his claim to a maximum of £300 in order to qualify to file it as a small claim.

The Recording Industry of America (RIAA) is leaning on the US Senate to take tough action against Russia over music and software piracy in that country.

The RIAA wants Russia to know that unless it submits to its demands to stop acting as a safe haven for pirates then there is no chance of it getting decent trading conditions with the US.

RIAA chairman and CEO Mitch Bainwol said that the U.S.-Russia relationship must be built upon a mutual understanding of shared obligations and the application of the rule of law.

"The effective protection of American intellectual property has been sorely lacking in Russia. We must not enter into political arrangements with countries ill-prepared to adequately protect our greatest economic assets," Bainwol said.

A Californian law that made it illegal to sell or rent violent or sexually explicit games to children has been blocked by a US federal judge.

The ruling comes as US politicians draft national laws to stop the sale of adult-themed games to children.

The Californian law was drafted in October and aimed to make it a crime for games that "depict serious injury to human beings in a manner that is especially heinous, atrocious or cruel" to be sold or rented to those under 18.

Signed into law by California Governor Arnold Schwarzenegger, the measure imposed $1,000 (£575) fines every time it was broken.