eWorld Translations

Today is International Translation Day, which the International Federation of Translators took as an opportunity to proclaim that “The days of the fiercely solitary translator working in splendid isolation are numbered, say many industry observers”, while adding that “in this language-sensitive profession — or, more accurately, set of professions — a large share of added value remains intensely personal.”

On this occasion, we would like wish you a Happy International Translation Day and thank you for your services as translators, proofreaders, editors and linguists in other capacities.

Please take this opportunity to ponder the changes in our industry for a moment:

• Personal interaction between translation providers and buyers leads to better understanding of a text’s purpose. Clients who get involved in the translation process make for better quality texts.
  Question: How can translation users be brought into the process?
• New translation standards emphasize the importance of revision.
  Question: Are too many cooks spoiling the soup?
• Multilingual projects are on the rise; a solution found in one language pair may provide insight for partners around the globe.
  Question: How can translation providers adopt, adapt or create methods for working together quickly and efficiently?
• Practice meets theory meets information management.
  Question: How can insights of this multitude of players, who once worked in relative isolation, be harnessed to best effect?

These are just excerpts from a few of the questions posed by the International Federation of Translators in celebration of the 2009 International Translation Day.

For ourselves, we have already contemplated them and have found that we are well-positioned and properly organized to provide our clients with the quality service they need and deserve.

To get a free quote, contact us today.

The aforementioned memo is a PDF document. If do not have Adobe Reader on your computer, you can download it here.

In mid to late August, the US Department of Homeland Security (DHS) has issued two new directives, CBP Directive No. 3340-049 – “Border Search of Electronic Devices Containing Information” and ICE Directive No. 7-6.1 – “Border Searches of Electronic Devices”, that apply to US Customs and Border Protection (CBP) and US Immigration and Customs Enforcement (ICE), respectively, as reported by the Federal Computer Week and other publications.

They specify the circumstances under which laptop computers and other electronic media can be searched at the border by border and immigration agents.

Please be aware that an officer, subject to various requirements and limitations, may, “with or without individualized suspicion,” examine the electronic device and “review and analyze” the information.

The American Civil Liberties Union (ACLU) considers the new rules to be a good first step but cautions that “the new standards fail to address the fundamental constitutional problems of suspicionless searches that have been occurring at the border.”

Two of the improvements found in the new policies are that a limit has been set on the time that CBP officers can retain the laptop computers and electronic devices they are searching, and that now probable cause is required for the agency to be allowed to keep information gathered from the aforementioned laptops and devices.

In recent months, small and mid-size U.S. companies have increasingly fallen prey to organized Eastern European cyber-criminals, according to a recent report in the Washington Post; due to the extent this multimillion dollar crime spree has taken on, the largest U.S. financial institution have started to get worried.

The Financial Services Information Sharing and Analysis Center, an industry task force focused on sharing data regarding critical threats affecting the financial sector, last Friday provided a confidential alert to its members, notifying them that “in the past six months, financial institutions, security companies, the media and law enforcement agencies are all reporting a significant increase in funds transfer fraud involving the exploitation of valid banking credentials belonging to small and medium sized businesses.”

While these smaller targets typically garner less attention than the higher profile, large scale breaches at government agencies and huge retailers, some firms still end up with sizable losses in the hundreds of thousands or even millions of dollars, according to the industry group.

According to the advisory, the infiltration method employed by the scammers is quite similar in a lot of cases: A targeted email containing a malicious attachment or a link is sent to the controller or treasurer of the company which upon opening install malware designed to steal passwords. Once said credentials have been obtained, funds are withdrawn with the help of “money mules” and sent to Eastern Europe via a series of wire transfers, typically each below the $10,000 threshold that would trigger banks’ statutory anti-money-laundering reporting.

The Treasury Department’s FinCEN (Financial Crimes Enforcement Network) division indicated a 58 percent rise in suspected wire transfer fraud incidences reported by banks, but experts believe the actual figures to be considerably higher given that a lot of incidents go unreported.

Business owners and operators should bear in mind that they are not subject to the same online banking legal protections as consumers. Where consumers tend to have a 60 day period from the receipt of a monthly statement during which they can dispute unauthorized charges, companies banking online are subject to the Uniform Commercial Code which provides approx. for a mere two business days to identify and dispute unauthorized activities.

As a result, few commercial banks have invested in back-end technologies for detecting fraudulent or unusual transaction patterns for businesses, according to Avivah Litan, a Gartner Inc. fraud analyst, who points out that “banks don’t spend the same resources on the corporate accounts because they don’t have to refund the corporate losses.”

While the FBI is investigating some of these cases and working to stem the problem in general, you should make sure that you have applied due diligence in protecting your computers, networks and other assets, e.g. through a defense-in-depth approach including up-to-date firewall, anti-virus, anti-spyware and anti-phishing as well as by assuring that both your operating system and all the applications are up-to-date with respect to available bug fixes and security patches.

As Digital Forensic Examiner of the Year Award holder Rob Lee pointed out in a SANS NewsBites guest editor comment:

We are seeing a lot of these. There are three contributing reasons they are growing so fast:

1. Low threat of arrest in these “safe havens,”
2. High payout for the crime, and
3. Victim sharing data on these attacks has been minimal.

The attacks are amazingly simple and the amount of money taken is large. The firms do not know how to protect themselves. In some cases where credit card theft has occurred, they have had to shut down because they lost the ability to process credit cards. Small businesses are being affected greatly by poor security practices. It isn’t a risk issue. It is a survival one.

If you would like our help in protecting your systems and assets, or to deal with an incident, contact us today.

As the San Francisco Chronicle and others reported, programmer Joey Hess determined more than a week ago that his new Palm Pre was “calling home” to the Palm headquarters all the time, reporting his location.

This “feature” does not just drain the battery faster, it also shows a blatant disregard for cellular users’ privacy.

By default, the Palm Pre collects GPS location/coordinates non-stop and sends this data to Palm all the time. It stands to reason that Palm correlates said information in a database with the subscriber/registration info.

Whereas the GPS function of an iPhone, for all that’s known, requires explicit user approval and provides a prompt whenever an application uses it, Palm apparently elected to continuously track the users’ whereabouts, be it to provide them with localized information or to provide said information to third parties, e.g. for marketing purposes.

For all practical purposes, the Palm Pre becomes the equivalent of an ankle bracelet, usually used to track criminals, unless the user knows about this and turns the function off.

This can be done under Location Services, by switching Background Data Collection to “OFF”, according to Palm. Given that Palm did not take privacy serious the first time around, one might wonder though whether or not this actually stops the collection and transmittal of the information or simply tags it as “private” or “confidential” in their database.

Alternatively, if you’re more of a geek and like to play around with the innards of the Linux-based WebOS operating system, go to the command line and comment out the ‘exec’ line in /etc/event.d/uploadd, then reboot and “disable” the contextupload process (started by dbus) by removing or renaming /usr/bin/contextupload. Just bear in mind that these changes will not necessarily survive an upgrade of the WebOS operating system.

Palm’s privacy policy covers this, but is fails to explain that the “Location Based Services” are activated by default:

• On-Device Services. If you use services we provide through your Palm mobile device, we will collect information relevant to providing the services and as you designate. For example:
• Remote Diagnostics and Updates. When you use a remote diagnostics or software update service, we will collect information related to your device (including serial number, diagnostic information, crash logs, or application configurations) as required to help identify and troubleshoot issues, and to provide such services.

If you would like us to help you assure that your applications don’t commit a similar faux pas, contact us today.

Rogue AntiSpyware or other types of rogue security software purports to be the real thing (read: a proper security application) while actually being the culprit that infects your system and abuses it for more or less nefarious purposes.

One such rogue application is “SystemSecurity, a variant or clone of the quite annoying “Winweb Security”.

Another example is the “Windows Security Suite”:

To further misdirect the application’s victims, it also features a faux Blue Screen of Death (BSOD), the dreaded blue screen Windows users are occasionally faced with when their system crashes, e.g. due to a severe driver error.

But if you pay attention to your computer’s screen, you will notice that said faux BSOD actually does not cover the full screen but is rather displayed inside a web browser’s window, and also accompanied by a pop-up to download, install and run the alleged security software … something you will never see with a regular Blue Screen.

If you would like to get rid of this or other malware feel free to contact us for help in eradicating it.

Yesterday, Microsoft issued a couple of out-of-cycle fixes, addressing a critical vulnerability in versions 5, 6, 7 and 8 of its Internet Explorer (IE) web browser, as well as an important vulnerability in its development tools Visual Studio .NET 2003, 2005 and 2008, and Visual C++ 2005 and 2008.

An exploit of the aforementioned flaws can lead to remote execution of rogue code.

Microsoft’s deviation from its normal practice of issuing these security updates outside its regular schedule of the second Tuesday of each month is a clear indication of how critical and urgently required they are.

Do NOT delay installing them, especially if you are regularly surfing the web using Internet Explorer.

There is speculation that these urgent patches may be related to a presentation at the Black Hat security conference that opened last weekend in Las Vegas. Said presentation focuses on vulnerabilities in the communications between individual browser components.

Presumably the authors found a way to circumvent the so-called kill bit, a mechanism Microsoft had implemented to defuse a multitude of critical security vulnerabilities by disabling the execution of ActiveX controls with known security vulnerabilities in Internet Explorer.

It’s been a great month, and we are celebrating it by setting up our own account.

This way you will have one more up-to-date option to follow what’s going on at our company and within the industry.

To receive our tweets, all you have to do is to become a follower of https://twitter.com/eWorldTrans.

We’ll also gladly help you to setup your personal or company Twitter account and to automate your tweeting of updated pages and posts, as well as the blogging of your tweets, if so desired.

The New York Times calls Twitter “one of the fastest-growing phenomena on the Internet.” TIME Magazine says, “Twitter is on its way to becoming the next killer app,” and Newsweek noted that “Suddenly, it seems as though all the world’s a-twitter.”

For assistance with any of your twittering, translation, web development, web design, transcription and PC support needs, contact us at your earliest convenience.

According to the Washington Post, Computer Security firm Purewire reports that this exploit has been around since at least July 9 of this year, but that Adobe was aware of the bug since at least December 2008.

FireEye provides a detailed look at the concepts behind this vulnerability.

Anybody who is looking for free alternatives to the Adobe Reader may in the meantime evaluate the open-source Sumatra PDF Viewer (even though some users perceive it as too limited) or Foxit Reader (which is less demanding on the system resources than Adobe Reader) or  PDF-XChange Viewer (a little more of a heavy-weight than Foxit Reader, but still not as demanding as Adobe Reader, for those rare occasions when Foxit is lacking a feature).

To prevent automatic execution of Flash content within their browser, Firefox users may also use the free NoScript add-on.

To disable Flash in Adobe Reader 9 on Windows platforms, US-CERT recommends to rename the following files:

• “%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll”
• “%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll”

As Computerworld reports, anybody who is only now installing Adobe Reader should be aware that Adobe’s policy is to only put single dot releases on its download site (e.g. 9.0 and 9.1), which in this particular case contain several security flaws. The double dot releases (e.g. 9.1.1 and 9.1.2) are only available as patches once the applicable full release has already been installed. So, make sure you check for patches by going to

Help > Check for Updates

As the SANS Institute’s Internet Storm Center reported yesterday, there is another 0-day exploit actively being used in the wild. This last one exploits a vulnerability in Adobe Flash Player (versions 9 and 10) as well as Adobe Reader and Acrobat
9.1.2.

Most anti virus and intrusion detection systems do not yet detect this exploit which can be operated as a standalone Flash file or embedded in a PDF file.

Given that such malicious links have been injected in legitimate websites, drive-by attacks can be expected.

So, be careful out there.

Hopefully we’ll see both updated signatures soon. Adobe has announced that updated versions of Flash Player v9 and v10 by July 30, 2009 and an update for Adobe Reader and Acrobat v9.1.2 by July 31, 2009.

A few hours ago, Mozilla released version 3.5 of its Firefox web browser, providing for performance and session restore improvements while also introducing a new private browsing feature.

For an overview of the new Firefox features watch the video below or click here; to download the new browser click here.

Just bear in mind that some of the add-ons and plugins you are using might not yet have been updated to properly work with Firefox 3.5 and will therefore not work in the new browser until their respective authors have updated them.

So, if any of your add-ons and/or plugins are vital to the way you conduct your business, take a minute to check here whether they will work with Firefox 3.5.