http://www.edbott.com/weblog/archives/000340.html In an earlier post, I pointed to the fast-spreading but suspicious story alleging that a flaw in WMA files can plant spyware on your computer. This is a follow-up. In the extended portion of this post, I provide details and screen grabs. I'm indebted to Eric L. Howes for his assistance. Thanks to Ben Edelman for posting a detailed report on his experiences with earlier operating systems and to Andrew Clover who provided a sample file that ultimately made its way to me. Here's a quick summary of what you need to know: The PC World story contained several errors and some misleading statements. I have not identified any circumstance in which this exploit can install software on a computer that has a properly patched version of Internet Explorer. The victim must specifically click a button to install the spyware. The programs in question are digitally signed and are from known companies. The terms of service make it clear what you're getting. It takes one click and 10 seconds of reading to realize that the correct answer is no. The installation mechanism uses social engineering tricks that could fool a naive user. These are the same tricks that are used... en-us http://www.freedom-to-tinker.com/archives/000742.html The recording industry may be publishing spyware-infested copies of their songs on P2P networks, according to a PC World story by Andrew Brandt and Eric Dahl. The files are encoded in a Microsoft file format. When the user plays such a file, the user's...