Oracle’s latest update fails to tackle a database flaw that has already been exploited, a security researcher has warned.

Last week, the business software maker issued its quarterly Critical Patch Update, addressing more than 30 flaws in its software. However, the update for Oracle 10g Release 2 does not plug a hole that allows published attack code to run, according to a message sent to the Full Disclosure security list on Wednesday by David Litchfield, a researcher at Next Generation Security Software.

The exploit, released on the Internet last week, isn’t for a flaw that Oracle patched, but for a new problem. Initially, experts believed it was for one of the patched vulnerabilities.

Source: News.com

The British Broadcasting Corp. is revamping its Web site to incorporate more user-generated content such as blogs and video, features already available through the popular social networking site MySpace. The broadcaster also has long-term plans to create broadband portals in such areas as sports, music, health and science.

The BBC’s plans, however, drew criticism from Rupert Murdoch’s News Corp. media conglomerate, which owns MySpace.

James MacManus, an executive director of News Corp.’s subsidiary News International, accused the state-funded BBC on Wednesday of “blatantly commercial ambitions … that can only damage the development of commercial digital media.”

He said the BBC, which receives about $5.3 billion a year in public funding, was trying “to create a digital empire.”

Source: AP

Chinese scientists have succeeded in cloning a cow with gene cells resistant to mad cow disease, the official Xinhua news agency said on Wednesday.

The birth of the 55-kg (121-lb) calf in the eastern province of Shandong comes three years after a team led by now-disgraced South Korean scientist Hwang Woo-suk cloned cows with a protein structure resistant to bovine spongiform encephalopathy (BSE).

Source: Reuters

Walt Disney Co. will try a new type of advertising when it begins showing prime-time ABC television shows on the Web, using a single, interactive ad during each break rather than the flurry of short spots that are the norm on network TV.

Ten major advertisers have delivered new interactive online commercials as part of Disney’s two-month test of whether consumers will watch ads if they can download hit TV shows on abc.com for free.

The test, which starts May 1, offers streaming video of “Desperate Housewives,” “Alias,” “Commander in Chief” and “Lost” about 12 hours after each episode airs on the East Coast.

Source: Reuters

In perhaps the first official marketing experiment with approved derivatives of the HD DVD format, Warner Home Video announced late yesterday its plans to release on 9 May one movie - the Rob Reiner-directed comedy Rumor Has It - on a “combo” format disc, featuring single-layer HD DVD on one side, and standard-resolution DVD on the flip side.

In a statement, Warner’s senior vice president for marketing management, Steve Nickerson, said this particular release would give consumers the option to purchase the movie now - albeit at a suggested retail price of $39.99 - while they are considering the possible future purchase of an HD DVD player.

Source: tgdaily.com

Microsoft Israel is set to make substantial changes to its R&D activities in Israel. The company has appointed former IPTV division VP Moshe Lichtman as R&D president in Israel. Lichtman will oversee the expansion of Microsoft Israel’s technological investments and R&D activities in the Israeli market. He will also head Microsoft Israel’s new R&D center in Tel Aviv, in addition to overseeing activities at the existing R&D center in Haifa.

Microsoft CEO Steve Ballmer said, “Microsoft Israel’s R&D centers will play an important role in our global R&D strategy.

Source: Globes

Microsoft announced a new web site that will help users to find add-ons to IE7. From the IE blog “On the new site we partnered with CNET to compile an extensive list of add-ons that make browsing with IE more productive, fun and safe. At the same time, we’ve worked to streamline the search and download process, added web feeds for the most popular and newest add-ons, and included editorial and user reviews to provide as much feedback to you as possible before you install an add-on. Customers can access the add-on site from the “Tools�? menu and from the “Manage Add-ons�? interface.”

Add-Ons for Internet Explorer can be found here.

The firewall in Windows Vista will, by default, have half its protection turned off because that is what enterprise customers have requested, according to the software giant.

When Windows Vista is released early next year its firewall will be set to only block incoming traffic, even though it will also be capable of blocking outgoing traffic. According to a statement from Microsoft, the firewall’s protection will be curbed in order to make life easier for the company’s enterprise customers.

Source: ZDNet

A two-legged robot being developed by Japanese scientists could one day carry the elderly and handicapped up stairs or inclines.

Standing 1.28 meters (4 ft), the robot is essentially a seat that walks on two mechanical legs. A person hops on the seat and controls its movements using two joysticks.

The researchers say it could take another five years before the robot can be used by the elderly. At present, the device is slow and needs modifications to carry heavy loads.

Source: Reuters

AT&T Inc. said on Wednesday it will offer its high-speed Internet subscribers a movie delivery service in partnership with Starz Entertainment Group, a unit of Liberty Media Corp..

Vongo, the service from Starz, will feature a co-branded AT&T and Vongo Web site at http://www.att.vongo.com with a 14-day free trial to AT&T high-speed Internet subscribers.

Source: Reuters

McAfee SiteAdvisor , which is pioneering Web safety by testing and rating nearly every trafficked site on the Internet has news for Internet users who think Web sites with clean, appealing graphics and national advertisers on the home page are always safe: “Think again.”

According to the first-ever Spyware Quiz conducted by SiteAdvisor, a staggering 97% of Internet users are just one click away from infecting their PCs with spyware, adware or some other kind of unwanted software. Even though the threat of spyware has received extensive media coverage, just 3% of the 14,000-plus consumers who took SiteAdvisor’s spyware quiz received perfect scores.

The survey challenged Web surfers to test their ability to detect which sites in a number of popular categories were free of adware or spyware. The examples in the quiz are taken from more than three million Web sites which SiteAdvisor has independently tested and rated for Web safety issues like spyware and spam. The first part of the quiz presented users with pairs of sites and asked them to pick which one of the pair was safe. The second part presented a series of file sharing software sites and asked which ones were spyware and adware free. The test has been available since March.

Among the survey’s most sobering conclusions:

• Based on their choices, a majority of users (65%) would have been infected with adware or spyware many times over
• The presence of national advertisers and a clean, uncluttered design seem to trick respondents into thinking a site is safe
• Even users with a high “Spyware IQ” have a nearly 100% chance of visiting a dangerous site during 30 days of typical online searching and browsing activity
• Users often miss the fine print that allows a dangerous Web site to claim it installs unwanted software legally

To take McAfee’s SiteAdvisor Spyware quiz, go to http://www.siteadvisor.com/spywarequiz .

Oracle today introduced Oracle Database Vault, an advanced security product to protect and limit access to sensitive data and applications. Oracle Database Vault enforces preventive controls to help meet compliance requirements by restricting powerful users, such as database administrators (DBAs), from unauthorized access to specific information.

The increasing need to mitigate insider security threats coupled with the growing number of regulatory and privacy mandates such as the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act (HIPAA), Japan’s Personal Information Protection Act and the European Union Privacy and Electronic Communications Directive, have made protecting data against unauthorized access a top priority. Oracle Database Vault is designed to help customers secure sensitive information from internal threats and to implement separation-of-duty mandates that require more than one person to complete a sensitive task. The product’s flexible security controls also enable customers to implement incremental restrictions on data access even for regular users. The controls maintain high database performance without requiring changes to existing applications or administrators’ routine responsibilities.

The product’s security mechanisms are based on realms and rules that further control the scope of an authorized user’s access. Realms are established to encapsulate an existing application or a set of database objects inside a protection zone while rules further restrict operations based upon business specific operational requirements using environmental or domain-specific decision factors such as database, machine, IP addresses, time-of-day and authentication modes. For example, an organization can prevent an administrator from making changes to the database while outside of the corporate intranet and after normal working hours. Rules can also be applied to all SQL commands. Oracle Database Vault features a variety of detailed security reports that can be used by administrators to help satisfy auditors when undertaking compliance audits.