SEC Consult reported a condition in Internet Explorer that may lead to an exploitable vulnerability. The advisory points out that Internet Explorer does not properly handle the instantiation of non-ActiveX COM objects from web pages. According to the write-up, “loading HTML documents with certain embedded CLSIDs results in null-pointer exceptions or memory corruption. in one case, we could leverage this bug to overwrite a function pointer in the data segment. it *may* be possible to exploit this issue to execute arbitrary code in the context of IE.”

The published proof-of-concept code demonstrates the issue by invoking the javaprxy.dll COM object and crashing Internet Explorer, as tested in Internet Explorer 6 on Windows XP Service Pack 2. Although there are no patches to address the issue, a work-around is to disable ActiveX support in the browser. For more information about this issue, see the SEC Consult advisory.

Source: SANS

Norwegian hacker Jon Lech Johansen has cracked the lock on Google’s new in-browser video player.

Johansen, also known as ‘DVD Jon’ for his work on decrypting DVD security codes, has created a patch for the Google Video Viewer—less than 24 hours after the search giant shipped the video playback plug-in, a tool based on the open-source VideoLAN media player.

The patch, released on Johansen’s ‘So Sue Me’ blog, effectively disables a modification Google made to the VideoLAN code to prevent users from playing videos that are not hosted on Google’s servers.

Johansen said the patch, which requires the .Net run-time framework, will remove Google’s restriction and allow the playback of video files that aren’t on the video.google.com server.

Source: PCMag.com

After criminals recently accessed ChoicePoint’s database of consumer records, potentially viewing the personal data of about 35,000 Californians, ChoicePoint has engaged the services of Ernst & Young LLP to conduct a best practices study and help the company develop additional, standard-setting privacy, credentialing and compliance practices.

“ChoicePoint is committed to implementing the best policies and procedures in our industry. To do that, we have enlisted the help of Ernst & Young and its respected privacy advisory team,” said Carol DiBattiste, ChoicePoint’s chief credentialing, compliance and privacy officer. Ernst & Young has been assisting companies from various industries with Privacy Assurance & Advisory Services for more than eight years.

“We have gone beyond our announced commitments to make substantial changes in the past 90 days. We have changed our products to restrict the display or delivery of sensitive personally identifiable information across several businesses, not just our public records offerings as we said in March,” DiBattiste said. “We have strengthened our customer credentialing procedures by centralizing the credentialing processes, adding new requirements for accepting an organization as a customer and expanding our site visit program. Large groups of our customer base have been re-credentialed and we have walked away from an entire market segment.

“Now, Ernst & Young will review our current processes and compare them against the best practices in our industry and the general corporate community. Once that phase is completed, Ernst & Young will assist us in further enhancing an industry-leading compliance program.”

The appointment of Ernst & Young is part of ChoicePoint’s previously announced creation of an independent Office of Credentialing, Compliance and Privacy. The office oversees policies regarding the company’s compliance with local, state and federal privacy laws, regulations and company policies, as well as the credentialing of customers.

A spam campaign that poses as a virtual postcard delivery is being used to lure surfers into infecting their PCs with a Trojan horse.

Windows users who follow the web link in the junk emails are roped into visiting a website which exploits well known vulnerabilities to install the Clsldr-D Trojan horse and other malicious code onto vulnerable PCs. The malicious emails are being sent from a variety of domain names.

“There’s a very real risk that some people will think one of these emails is from a long forgotten friend or work colleague and follow the link out of curiosity,” said Graham Cluley, senior technology consultant for anti-virus firm Sophos. “If you receive an unexpected virtual postcard it may prove wise to simply delete it.”

Source: The Register

Web search has gotten amazingly powerful in its ability to surface nearly any kind of information within the billions of pages that comprise the web. However, as powerful and large as today’s web search engines are, they are still limited in their ability to deliver key services to their users including:

- Answering “opinion” queries such as the definition of the best plasma TV review site, or most useful source for information on skin cancer depends on a user’s tastes as well the opinions and recommendations of the friends and authorities they trust. Web search engines don’t have the ability to deliver the right answer because they don’t always capture the trusted and valued sources for that user.

- Personal results - The answer a web search engine delivers is what it believes is the correct answer for the majority of users - often referred to as “the tyranny of the majority”. For example, when you search for ‘apple’, the first result on most search engines is Apple Computer. But you may have been searching for information about the fruit or Apple Records.

- Serendipity - Today’s search engines can deliver great results, especially with very specific queries, but typically do a poor job of connecting you with new items that might be interesting, timely, and personally relevant. Your friends and people who share common interests with you are better sources for this information.

Introducing Social Search

To address these kinds of limits of today’s search experience, Yahoo! released an early beta version of My Web 2.0 for a limited number of users. It is a new kind of search engine - a social search engine - that complements web search by enabling users to search the knowledge and expertise of their friends and community in addition to the web.

Google on Tuesday launched a new version of its personalized search that monitors previous searches to refine future results.

The more users search and build up a search history the better the results will become, said Marissa Mayer, who directs Google’s consumer Web products.

Consumers must have a Google account to use the service. If they have been using the previous version of personalized search they will automatically be switched to the new version. The service will only be available when the person is signed on to the Google account.

The search history feature, launched in April, lets people browse through a timeline of their past Google searches to see the level of activity on any given day, the number of times a user has visited a Web page and the last time it was viewed.

The previous test version of personalized search, launched in March 2004, customized searches only after users selected categories of interest.

Source: News.com

In addition to offering a wealth of news and entertainment content, blinkx, has added Podcast and Video Blog channels to www.blinkx.tv, making these two sources fully searchable for the first time. Bringing thousands of hours of podcasting and video blogging to a single destination, blinkx.tv will find user-generated rich media by simultaneously spidering the Internet, and enabling users to upload their own content to the service.

Microsoft on Tuesday issued what is expected to be its last significant revision of Windows 2000.

The software maker released what it calls an Update Rollup for the 5-year-old operating system, which is due to shift at the end of this month from receiving mainstream support to extended support. Microsoft does not generally add features to a product under extended support, and the Update Rollup is largely a collection of previously released patches as opposed to a batch of new features.

In addition to already released fixes, the collection “may contain fixes for non-public low- and moderate-level security issues that did not warrant individual security bulletins,” a Microsoft representative said.

Source: News.com

The man who sold a CD containing the confidential details of 1,000 British bank accounts to an undercover reporter says he did not know what it contained. The Sun reported last week that the details were obtained by corrupt workers at call centres in India.

According to Reuters, Karan Bahree, 24, from New Dehli, admitted his guilt in a letter to his employers, web development company, Infinity eSearch.

A friend had given him the CD, he said, but he had no idea what was on it.

According to The Sun, the information, which includes addresses, passwords, phone numbers and driving license and passport details, was purchased for £3 per customer. Financial institutions such as Barclays, Lloyds TSB, the Nationwide and HSBC were affected.

Source: The Register

Advanced Micro Devices Inc. has filed an antitrust lawsuit charging that Intel Corp., its chief competitor, used everything from threats to kickbacks in illegally building the world’s largest computer-chip business.

AMD’s 48-page lawsuit, filed in U.S. District Court in Delaware, is the latest shot in a long battle between the two rivals and comes after a recent ruling by Japanese antitrust authorities that Intel had violated anti-monopoly laws and stifled competition with AMD.

The current lawsuit expands those charges, alleging that across three continents Intel coerced 38 companies, including such household names as Dell Inc., Sony Corp. and Gateway Inc. , to win business over a period of years.

In one instance, AMD charged, former Compaq Chief Executive Michael Capellas said in 2000 that “he had a gun to his head” and would have to stop buying from AMD. He said Intel was withholding delivery of critical server chips because of the volume of business he was doing with AMD, according to the lawsuit.

In another, Gateway executives told AMD that Intel had “beaten them into ‘guacamole”‘ in retaliation for doing business with AMD, according to the papers.

Source: Reuters

The Mozilla foundation calls for testers to help testing the next version of Firefox browser.

Announcing BFT QA Day - Tuesday at 10 AM PDT

As we approach the Firefox 1.1 release, we need your help with our basic functional testing. We’ve created a suite of tests and set up a tool where the community can record testing results, and on Tuesday June 28 at 10 AM PDT we’re asking you all to join us on IRC to help us run through these functional tests.

Here are the functional areas we will be testing on Tuesday:

Installation, Migration, Menu Bar, Help, Page Controls, Toolbar Customization, Location Bar and Autocomplete, Search, Printing, Tabbed Browsing, Options (Preferences), Popup and annoyance blocking, Find in Page, Bookmarks, History, Downloading, Extensions, Theme Manager, JavaScript Console, DOM Inspector, Page Info, Password Manager, Form Manager, Cookies, Top Sites, View Source, Software Update, Security and Certs, Import, Plug Ins, Security, Uninstall

For details click here

MOUNTAIN VIEW, Calif. - June 28, 2005 - Google Inc. today announced the launch of Google Earth, Google’s new satellite imagery-based mapping product that combines 3D buildings and terrain with mapping capability and Google search. Based on Keyhole technology, Google Earth enables users to fly from space to street level views to find geographic information and explore places around the world.

Key features of Google Earth include:

• Free software download available at http://earth.google.com
• 3D buildings in major cities across the United States
• 3D terrain showing mountains, valleys, and canyons around the world
• Integrated Google Local search to find local information such as hotels, restaurants, schools, parks, and transportation
• Fast, dynamic navigation
• Video playback of driving directions
• Tilt, rotate, and activate 3D terrain and buildings for a different perspective on a location
• Easy creation and sharing of annotations among users

“Google Earth utilizes broadband streaming technology and 3D graphics, much like a videogame, enabling users to interactively explore the world– either their own neighborhood or the far corners of the globe,” said John Hanke, general manager, Keyhole, Google Inc. “With many ways to access geographic information, Google provides a very rich local search experience for users worldwide.”

Google Earth is the latest innovation within Google’s local search product suite, which currently includes Google Local and Google Maps for web users and mobile phone users. With Google Earth, users have the tools to dive deeper into local information, whether they’re exploring a vacation destination or researching a new home or apartment. They can combine multiple layers of information, such as cross-referencing school districts with address look-ups of available homes, business listings and public transportation, and save their results for later use.

For users interested in more advanced mapping capabilities, Google Earth Plus ($20/year) offers additional features including GPS compatibility, data import, and annotation. Google Earth Pro ($400/year), for commercial use, offers high-resolution printing and GIS data import capabilities.