David Clark, who led the development of the internet in the 1970s, is working with the National Science Foundation on a plan for a whole new infrastructure to replace today’s global network.

Clark, who served as chief protocol architect for the government’s internet development initiative in the 1980s, wants researchers to re-imagine the infrastructure that connects computer users around the world.

The problem with today’s internet, according to Clark, is that its 30-year-old design, which allowed for the development of exciting new applications (the world wide web, e-commerce, file sharing, you name it), is now stifling further growth.

A new architecture could allow for ubiquitous embedded wireless communications devices and sensors. It could also provide for more secure and convenient forms of commerce. A super-high-speed internet could even allow people a world apart to collaborate inside elaborate 3-D virtual arenas, a process called tele-immersion.

As for today’s internet, new applications and protocols meant to address security issues and wireless and ubiquitous devices may not be enough to solve its underlying problems.

Even Clark agrees with those who say the internet currently serves most of its users quite well. But he said applications and technologies introduced incrementally to the existing system, such as those springing from engineering working groups and the Internet2 research consortium, cannot solve the internet’s fundamental architectural problems.

Source: Wired

SEC Consult reported a condition in Internet Explorer that may lead to an exploitable vulnerability. The advisory points out that Internet Explorer does not properly handle the instantiation of non-ActiveX COM objects from web pages. According to the write-up, “loading HTML documents with certain embedded CLSIDs results in null-pointer exceptions or memory corruption. in one case, we could leverage this bug to overwrite a function pointer in the data segment. it *may* be possible to exploit this issue to execute arbitrary code in the context of IE.”

The published proof-of-concept code demonstrates the issue by invoking the javaprxy.dll COM object and crashing Internet Explorer, as tested in Internet Explorer 6 on Windows XP Service Pack 2. Although there are no patches to address the issue, a work-around is to disable ActiveX support in the browser. For more information about this issue, see the SEC Consult advisory.

Source: SANS

Norwegian hacker Jon Lech Johansen has cracked the lock on Google’s new in-browser video player.

Johansen, also known as ‘DVD Jon’ for his work on decrypting DVD security codes, has created a patch for the Google Video Viewer—less than 24 hours after the search giant shipped the video playback plug-in, a tool based on the open-source VideoLAN media player.

The patch, released on Johansen’s ‘So Sue Me’ blog, effectively disables a modification Google made to the VideoLAN code to prevent users from playing videos that are not hosted on Google’s servers.

Johansen said the patch, which requires the .Net run-time framework, will remove Google’s restriction and allow the playback of video files that aren’t on the video.google.com server.

Source: PCMag.com

After criminals recently accessed ChoicePoint’s database of consumer records, potentially viewing the personal data of about 35,000 Californians, ChoicePoint has engaged the services of Ernst & Young LLP to conduct a best practices study and help the company develop additional, standard-setting privacy, credentialing and compliance practices.

“ChoicePoint is committed to implementing the best policies and procedures in our industry. To do that, we have enlisted the help of Ernst & Young and its respected privacy advisory team,” said Carol DiBattiste, ChoicePoint’s chief credentialing, compliance and privacy officer. Ernst & Young has been assisting companies from various industries with Privacy Assurance & Advisory Services for more than eight years.

“We have gone beyond our announced commitments to make substantial changes in the past 90 days. We have changed our products to restrict the display or delivery of sensitive personally identifiable information across several businesses, not just our public records offerings as we said in March,” DiBattiste said. “We have strengthened our customer credentialing procedures by centralizing the credentialing processes, adding new requirements for accepting an organization as a customer and expanding our site visit program. Large groups of our customer base have been re-credentialed and we have walked away from an entire market segment.

“Now, Ernst & Young will review our current processes and compare them against the best practices in our industry and the general corporate community. Once that phase is completed, Ernst & Young will assist us in further enhancing an industry-leading compliance program.”

The appointment of Ernst & Young is part of ChoicePoint’s previously announced creation of an independent Office of Credentialing, Compliance and Privacy. The office oversees policies regarding the company’s compliance with local, state and federal privacy laws, regulations and company policies, as well as the credentialing of customers.

A spam campaign that poses as a virtual postcard delivery is being used to lure surfers into infecting their PCs with a Trojan horse.

Windows users who follow the web link in the junk emails are roped into visiting a website which exploits well known vulnerabilities to install the Clsldr-D Trojan horse and other malicious code onto vulnerable PCs. The malicious emails are being sent from a variety of domain names.

“There’s a very real risk that some people will think one of these emails is from a long forgotten friend or work colleague and follow the link out of curiosity,” said Graham Cluley, senior technology consultant for anti-virus firm Sophos. “If you receive an unexpected virtual postcard it may prove wise to simply delete it.”

Source: The Register

Web search has gotten amazingly powerful in its ability to surface nearly any kind of information within the billions of pages that comprise the web. However, as powerful and large as today’s web search engines are, they are still limited in their ability to deliver key services to their users including:

- Answering “opinion” queries such as the definition of the best plasma TV review site, or most useful source for information on skin cancer depends on a user’s tastes as well the opinions and recommendations of the friends and authorities they trust. Web search engines don’t have the ability to deliver the right answer because they don’t always capture the trusted and valued sources for that user.

- Personal results - The answer a web search engine delivers is what it believes is the correct answer for the majority of users - often referred to as “the tyranny of the majority”. For example, when you search for ‘apple’, the first result on most search engines is Apple Computer. But you may have been searching for information about the fruit or Apple Records.

- Serendipity - Today’s search engines can deliver great results, especially with very specific queries, but typically do a poor job of connecting you with new items that might be interesting, timely, and personally relevant. Your friends and people who share common interests with you are better sources for this information.

Introducing Social Search

To address these kinds of limits of today’s search experience, Yahoo! released an early beta version of My Web 2.0 for a limited number of users. It is a new kind of search engine - a social search engine - that complements web search by enabling users to search the knowledge and expertise of their friends and community in addition to the web.

Google on Tuesday launched a new version of its personalized search that monitors previous searches to refine future results.

The more users search and build up a search history the better the results will become, said Marissa Mayer, who directs Google’s consumer Web products.

Consumers must have a Google account to use the service. If they have been using the previous version of personalized search they will automatically be switched to the new version. The service will only be available when the person is signed on to the Google account.

The search history feature, launched in April, lets people browse through a timeline of their past Google searches to see the level of activity on any given day, the number of times a user has visited a Web page and the last time it was viewed.

The previous test version of personalized search, launched in March 2004, customized searches only after users selected categories of interest.

Source: News.com

In addition to offering a wealth of news and entertainment content, blinkx, has added Podcast and Video Blog channels to www.blinkx.tv, making these two sources fully searchable for the first time. Bringing thousands of hours of podcasting and video blogging to a single destination, blinkx.tv will find user-generated rich media by simultaneously spidering the Internet, and enabling users to upload their own content to the service.