Nate Mook

Proof of concept exploit code for an unpatched security flaw in the newly released Firefox 1.5 was publicly posted Wednesday by Packetstorm Security. The problem involves Firefox's history database, which cannot handle extremely long page topics. A malicious Web page could cause a buffer overflow that crashes Firefox each time it is started.

The only way to fix the problem is to manually delete the history.dat file before Firefox is started. "This vulnerability has been tested and does work, and no known patches are available at this time," wrote John Bambenek on the SANS Internet Storm Center. "Presumably, if the topic was more tightly crafted than in the proof-of-concept code, a more malicious attack could be crafted that would install malware on the machine."

Continue reading →

Google this week rolled out a fix to mitigate the risk from a newly discovered vulnerability in Internet Explorer that puts users of Google Desktop at risk even if they are running a fully updated system. Microsoft developers thanked Google for their work and say they are working on a patch for IE.

Uncovered by Israeli hacker Matan Gillon, the security hole involves a problem with the way IE imports cascading style sheets (CSS) from other Web sites, a technique referred to as cross site scripting (XSS). IE will import any type of file with a bracket, regardless of whether or not it's valid CSS.

Continue reading →

Just one day after jointly announcing a patch to correct a security flaw in the SunnComm MediaMax copy protection included on 27 CDs, Sony BMG and the Electronic Frontier Foundation are urging users not to install it. The update includes a vulnerability similar to the one it attempted to fix.

SunnComm's MediaMax version 5 software does not properly protect a directory it installs, opening the door for a privilege escalation attack. Thus, a restricted user account could replace the executables within the MediaMax directory with malicious code, which would then be executed by an administrator upon inserting a CD.

Continue reading →

McDonalds and Microsoft on Wednesday announced a deal to utilize Windows XP Embedded across the fast food giant's stores. Microsoft's componentized version of Windows will take orders and enable Mickey D's to accept new forms of payment such as gift cards, and train employees faster.

Windows XP Embedded has already been deployed across "several thousand" stores in Europe and Asia. Now, McDonalds will roll out the platform worldwide. Microsoft lauded the partnership for bringing an "open technology platform" to the restaurant chain and ensuring "the next generation of customer service innovations."

Continue reading →

Continuing its endeavor to ensure Internet Explorer 7 is safe from the attacks that have plagued its predecessor, Microsoft is making changes to the browser's built-in security zones. Zones are used to classify Web sites into different security levels, but also bring risks themselves.

IE includes four standard zones: Internet, Intranet, Trusted Sites and Restricted Sites. Most browsing is done in the Internet zone, with the Intranet zone reserved for accessing local network sites, often used by businesses. The Intranet zone contains fewer restrictions, and in turn is more vulnerable to attack.

Continue reading →

With plans to double its workforce in India over the next four years to 3,000, Microsoft on Wednesday said it would pump $1.7 billion into the country to develop new facilities for research and development. A special version of Windows for India will also be released in nine Indian languages.

"The growth in employment for Microsoft will be more in India than the United States," Bill Gates told reporters. Microsoft's pledge follows news that Intel will spend $1 billion in India over the next five years, and an announcement by Cisco that will invest $1.1 billion. Microsoft's efforts will focus on bridging the digital divide and provide technology to the poor and those without computers.

Continue reading →

In conjunction with the Electronic Frontier Foundation, Sony BMG said on Tuesday it had issued a patch to fix a security vulnerability within the SunnComm copy protection utilized on 27 CDs. The new problem is separate from the XCP DRM software by First4Internet that included a rootkit.

Specifically, SunnComm's MediaMax version 5 does not properly protect a directory it installs, opening the door for a privilege escalation attack. A restricted user account could replace the executables within the MediaMax directory with malicious code, which would then be executed by an administrator upon inserting a CD.

Continue reading →

UPDATED Less than a month after it reached a $30 million settlement with South Korean Internet portal Daum, Microsoft has been fined another $32 million by the country's Fair Trade Commission. The Korean FTC has also ordered Microsoft to unbundle its instant messaging client and media player from Windows, and link to competing software.

Daum and RealNetworks had previously complained to the country's antitrust watchdog in 2001 about the bundling. Although both companies have recently settled with Microsoft and dropped their claims, the KFTC said it would continue its investigation.

Continue reading →

Those eager to get a taste of the next Internet Explorer release with tabs and RSS support only need to wait a couple more months. A public beta of IE7 for Windows XP is slated to arrive in the first quarter of 2006, IE team head Dean Hachamovitch confirmed on Tuesday.

It's not clear if the public pre-release will be branded Beta 2; however, it does coincide with the expected Beta 2 launch of Windows Vista, which will also be open to the public. "We want to make sure that everyone has an opportunity to try a pre-release version of IE7 and tell us how it works with their web sites, their applications, their add-ons, and how they use the web overall," said Hachamovitch.

Continue reading →

After a year in beta testing, the update to Windows Server 2003 known as "R2" has been released to manufacturing, Microsoft senior vice president Bob Muglia announced in a webcast Tuesday morning. R2 will serve as an interim release between Windows Server 2003 SP1 and Longhorn Server, due in 2007.

R2 delivers many enhancements and several new components that Microsoft says customers have asked for since the operating system was released in April of 2003. However, the core of Windows Server 2003 SP1 has remained unchanged to facilitate faster deployment.

Continue reading →

UPDATED After filing suit against Zone Labs last week for alleged damage to its business, adware provider 180solutions has come under fire from all angles. The company has also been accused of letting partners slip its ad software onto users' PCs through illegal crack and porn sites. Now, 180 is promising to clean up its act.

On Tuesday, 180solutions announced it was ending the distribution of 180search Assistant and releasing Seekmo Search Assistant instead, which it says includes technologies to help reduce the number of unauthorized installations. Asserting its innocence, 180 claims its partners are the ones trying to defraud end-users.

Continue reading →

Microsoft on Tuesday delivered the final release of MSCRM 3.0, which now falls under the company's new Dynamics line of business applications. The update replaces version 1.6 as Microsoft's solution to compete with more established CRM vendors including Oracle, Siebel Systems and SAP.

Dynamics CRM 3.0 comes in two flavors -- Professional and Small Business Edition -- and prices range from $440 to $1,761 USD. Microsoft has retooled the software so it closely integrates with Outlook and Office application interfaces. The release also brings Web access, and Microsoft will also offer a subscription-based hosted CRM service beginning January 1.

Continue reading →

Apple has beefed up its video downloads on iTunes through a deal with NBC Universal. The agreement brings 11 TV shows from NBC, USA Network and the Sci-Fi Channel, which include current primetime hits as well as classics such as 'Dragnet' and 'Knight Rider.'

iTunes now offers more than 300 different episodes for download across 16 television programs. Each show costs $1.99 and can be viewed on a PC or the new fifth-generation iPod, which can output to a TV.

Continue reading →

Nikon has expanded a battery recall for its high-end digital SLR D100, D70, and D50 cameras. In the initial announcement made last month, Nikon had omitted batteries distributed outside of the U.S. The voluntary recall stems from reports of the EN-EL3 battery short-circuiting and possibly melting.

"There have only been four confirmed reports of incidents of the problem worldwide, and while no injuries have taken place, Nikon Inc. has initiated this recall of the affected lot numbers as a reflection of its commitment to safety and product quality," the company said. A full list of affected part numbers and a replacement request form is available on Nikon's Web site.

Continue reading →

Three months after Vonage became the first Internet telephony provider to hit the 1 million subscriber mark, cable giant Time Warner has hit the milestone as well -- in a much shorter period. The company signed up 146,000 users in October and November alone.

Time Warner Cable's blazing entrance into the VoIP market has been aided by its cable markets across 27 states. The company offers the phone service in a "triple-play package" with TV and broadband Internet. Unlimited local and long distance calls run $39.95 USD per month, with E911 service provided at no extra charge to all customers.

Continue reading →