Microsoft has released a patch for a security flaw in Excel 2000. When symbolic link (SYLK) files containing macros are opened in Excel 2000, users do not receive the usual macro warning dialog box. These macros could potentially delete files or perform other malicious acts on a computer. This patch corrects the SYLK file vulnerability by displaying the macro warning dialog box whenever you open an SYLK file containing macros. Visit Microsoft Office Update for more information and download instructions.

Continue reading →

Although not yet officially announced, Netscape has confirmed that version 4.71 builds of its Communicator software are legit. Located on a normally internal FTP server, links to the new version, dated December 13th, spread across the Internet on Thursday. Version 4.71 fixes bugs and updates the browser's security. An official release is expected Monday. Links to the unofficial 4.71 release may be found at www.mrtech.com.

Continue reading →

Microsoft is sending notice to beta testers and developers regarding the upcoming DirectX Developer Day, scheduled for March 8th, 2000. The event will cover new DirectX technologies and of course, DirectX 8.0. Attendees will be shown inside information regarding new freatures found in DirectX, including photo-realistic graphics, the newest DirectMusic technologies, and Windows 2000 compatibility. The Developer Day will take place in the San Jose Convention Center with a registration fee of $249 USD. Seating is extremely limited and you will have to sign an NDA to attend. To register, visit http://msdn.microsoft.com/events/directx/.

Continue reading →

eBay is taking no chances over the year-end,
announcing plans to close its servers down between 6:30 p.m. and 9 p.m. EST later today, and again, between 2 a.m. and 6 a.m. EST on Jan. 1.

The times correspond to 2:30 p.m. and 6 p.m. PST on Dec. 31, and
again at 11 p.m. PST Dec. 31 and 3 a.m. PST on Jan. 1.

Continue reading →

After a bruising battle with Internet activists who portrayed it as an enemy of art and free speech, online retailer eToys.com is suing for peace. It offered this week to drop its
trademark-protection case against etoy.com, an award-winning European artists' collective, which lost its Web site because of the toy
seller's action.

The case had sparked a boycott against eToys, including
anarchist-backed calls for "digital riots" and "virtual sit-ins"
aimed at crashing the retailer's computer servers. Though the company
reported banner Christmas sales - and no technical problems - a
deluge of angry mail and scores of Internet protest sites lambasted
eToys as a Scrooge at the height of the holiday shopping season.

Continue reading →

The DVD Copy Control Association has taken legal action against the operators of Web sites that link to or host software that is used to defeat the "CSS" encryption used on DVDs. In the suit, filed on December 28th in California Superior Court, the DVD CCA requests the court to prevent Web sites from distributing a software program called DeCSS, which by copying the DVD movie to a hard drive, removes the encryption.

The request for legal injunction, which names 20 individuals and 72 unknown defendants, alleges "Defendants' actions threaten the
financial stability of this new digital video format for viewing movies and other images -- which has thus far been well received by the consuming public." Ironically, the lawsuit may result in the introduction of more DVD decryption software.

Continue reading →

RealNetworks has filed suit against Streambox, Inc., maker of various digital audio software products. The suit alleges that Streambox Ripper, Streambox VCR, and Streambox Ferret allow users to bypass copyright protection when converting RealAudio to other formats, thus violating the Digital Millennium Copyright Act.

Although Streambox claims RealNetworks' goal is "preventing migration of digital media files from RealMedia to other platforms," a U.S. District Court today issued a temporary restraining order banning futher distribution of Streambox software. Streambox CEO Robert Hildeman feels that Real's tactic is "..unfair to both consumers and content providers."

Continue reading →

Microsoft has posted a six year recap of its life on the Web. The article covers the evolution of microsoft.com from underneath the desk of an administrator to the fourth largest Web site on the Internet. It is not chock full of useless information, but instead a "short compilation of history and reminisces by some of the old timers who helped build the foundation for microsoft.com." Read the flashback at microsoft.com.

Continue reading →

Opera Software has released a beta of their upcoming Opera Web browser for Linux. The porting team forecasted a full public beta before Christmas, and has come through. Opera for Linux has the ability to layout Web pages extremely fast, although users are reporting it to be fairly buggy. Although not yet announced on Opera Software's Web site, this beta may be downloaded from Metalab.

Continue reading →

Microsoft has released a patch that will correct a mail attachment vulnerability found in Outlook Express for Macintosh. By design, when an HTML mail is received, the mail content is downloaded onto the user’s machine and processed. However, attachments to the mail should not be downloaded unless the user requests it. A flaw in Outlook Express 5 for Macintosh causes it to download all content, including attachments. Although, the vulnerability does not provide a way for a malicious user to launch the downloaded attachments. This patch will also update several digital certificates set to expire on December 31st. Visit Microsoft's Security Advisor Web site at http://www.microsoft.com/security for more information and to download the patch.

Continue reading →

Microsoft Corp. [NASDAQ:MSFT] Wednesday said that Greg
Maffei, its chief financial officer, has resigned to accept a post
elsewhere and has been replaced by John Connors as senior vice
president of finance and administration and chief financial officer.

Connors will also reportedly become a member of the Microsoft
Business Leadership Team. Maffei will remain at Microsoft
through January.

Continue reading →

Net2Phone version 10, which was launched around a month ago, has now
been updated to support ICQ (Internet conferencing) and full PC-to-PC
Internet Protocol (IP) telephony connections.

The software has been under beta test for several weeks on the firm's
Web site, and Net2Phone says that more than a million Internet
telephony minutes have been clocked up using the package.

Continue reading →

ICQ, Inc. has launched a long awaited Alpha program for their ICQ 2000a software. The test is public, although ICQ may limit the total number of users, so act quickly. Version 2000a includes a new contact list design, redesigned option menus, an ICQ quick launch bar, redesigned preferences, help cards, an answering service, and much more. An advanced address book allows you to easily search through your contacts. Download this latest release from http://www.fileforum.com.

Continue reading →

Microsoft has launched a new Web site, aimed at centralizing all of its beta testing services. The site, located at BetaPlace.com, will offer Microsoft testers a customizable homepage containing the latest news from whichever programs they are currently participating in. In development for a year, Microsoft is just beginning to integrate its betas into the new site, starting with its Baseball 2000 test (comprised of Core Group memers and new invitees). BetaPlace.com will replace many current tools used by testers, including MS Report, a bug reporting application. Full story to follow.

Continue reading →

Microsoft yesterday released two security patches for their Internet Information Server (IIS). The first eliminates an escape character parsing vulnerability, while the second patches a virtual directory naming vulnerability.

The "Escape Character Parsing" vulnerability could allow files on a web server to be specified using an alternate representation, in order to bypass access controls of some third-party applications. RFC 1738 specifies that Web servers must allow hexadecimal digits to be input in URLs by preceding them with the so-called “escape” character, a percent sign. IIS complies with this specification, but also accepts characters after the percent sign that are not hexadecimal digits. Some of these translate to printable ASCII characters, and this could provide an alternate means of specifying files in URLs.

Continue reading →