Two new security flaws have been discovered in Microsoft’s Internet Explorer, and one could also affect Mozilla’s Firefox, security experts have warned.

Code for both the vulnerabilities has been published, but there have been no reports of attacks taking advantage of the flaws, the SANS Internet Storm Center, which monitors network threats, said in an advisory released Wednesday.

The flaw that affects both IE and Firefox is related to the handling of a technology that is used to access documents delivered from one Web site to another, according to the advisory.

Attackers could exploit the IE or Firefox flaw using cross-site scripting, said Monty Ijzerman, senior manager of McAfee’s Global Threat Group. That technique enables hackers to view the contents of one open browser from a second browser open on the user’s system. The attackers, as a result, could swipe sensitive information, such as online banking data, from one of the sites showing.

Source: News.com

Garett Rogers had this blog about “Google’s secret IPv6 plans”. It appears that Google owns a block of IPv6 addresses numbering approximately 7.9 x 1028 (79 billion billion billion addresses) or 296. Basically Google owns any IPv6 address from:
2001:4860:0000:0000:0000:0000:0000:0000 to 2001:4860:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

Source: ZDNet

A California man has filed a class action lawsuit against Microsoft that charges the company with violating spyware laws with its Windows Genuine Advantage anti-piracy features.

Filed in the U.S. District Court in Seattle by Los Angeles resident Brian Johnson on June 26, the suit claims that Microsoft failed to properly disclose all the details of WGA when the technology, meant to help stop the widespread pirating of Microsoft’s Windows operating system, was upgraded in April.

In the lawsuit, Johnson contends that Microsoft violated the terms of California and Washington spyware laws by failing to adequately inform users that the controversial elements of WGA were being installed as part of one of the software maker’s periodical security updates. Although the company could be subject to some fines if found liable on those claims, the suit primarily seeks to demand that Microsoft be barred from following a similar strategy in the future and that the company thoroughly inform users of all the details of its updates.

Source: eWeek

US Internet giants have suffered a defeat in the US Congress where an amendment on “Internet neutrality” was rejected by a Senate committee studying telecommunications reform.

Aimed at preventing network operators from charging an additional fee to websites seeking quicker and more effective connections for their users, the amendment failed Wednesday to gain a majority in the committee, which deadlocked 11-11.

However, the issue was to be examined by the Senate during its debate on telecommunications reform, the date for which has not been set.

Source: AFP

Microsoft Corp. said on Thursday it will delay the release of its Office 2007 business productivity software, citing a desire to implement improvements from customer feedback received during testing.

The world’s biggest software maker said it will now aim for a launch of Office 2007 to business customers by the end of 2006 rather than an earlier target of October. Microsoft also said it would delay the general availability of the Office upgrade to early 2007 from its previous January target.

Source: Reuters

A company in Sweden is offering file-sharing insurance - they’ll pay your fines if you’re sued by the RIAA. ‘For a mere 140 SEK ($19 USD) per year, they will pay all your fines and give you a t-shirt if you get convicted for file sharing.‘.

Source: boingboing

Frustrated with what he calls a lack of response from Microsoft and Amazon.com, a security researcher has gone public with details of flaws on the two companies’ Web sites.

The flaws could be used by attackers to steal “cookie” data files that would allow them to access Amazon.com and MSN accounts, or to display a fake login page that could be used in phishing attacks, according to Yash Kadakia, the independent security researcher who discovered the flaws.

Although the cross-site scripting flaws he discovered are generally considered to be low-risk problems, Kadakia’s attack involves a technique called CRLF (Carriage Return Line Feed) injection, which can be used in a more serious and widespread attack, he said.

Source: PCWorld

MTV Networks and Apple announced that new television programming from Spike TV, Nick at Nite, TV Land, Logo, MTV and The N is now available at the iTunes Music Store. Adding to the hit MTV Networks content already on iTunes, this new round of programming includes Spike TV’s brand-new action series �?Blade: The Series,�? MTV’s prank-comedy show “Viva La Bam�? and TV Land’s “Sit Down Comedy with David Steinberg.

A new Internet Explorer beta shows that Microsoft is trying to put its browser security woes behind it.

The software maker plans to release the third and last beta version of IE 7 on Thursday, getting closer to final delivery by the end of 2006. It will be the first major update to the popular Web browser in five years, and much of the focus for the new version is on security.

The IE 7 beta 3 makes some feature changes from the beta 2. The new version also provides reliability, compatibility and security fixes–more than 1,000 bugs have been dealt with in total, according to Microsoft.

Source: News.com

The government has recovered the stolen laptop computer containing sensitive data for up to 26.5 million veterans and military personnel, Veterans Affairs Secretary Jim Nicholson announced Thursday.

Nicholson also said there have been no reports of identity theft since the May 3 burglary at the Maryland home of an agency employee.

Related: Thief Steals 26.5 Million Veterans’ Identities
VA to Recall All Agency Laptops

Source: CNN

A Spanish intellectual property law has finally banned unauthorized peer-to-peer file-sharing in Spain, making it a civil offense even to download content for personal use.

But the government is going after Internet service providers; it’s a criminal offense for ISPs to facilitate unauthorized downloading.

The law also introduces a small tax to be levied on all blank media.

Source: tmcnet

A Sun Microsystems Inc. executive said Tuesday said the company is “months” away from releasing its trademark Java programming language under an open-source license.

Simon Phipps, chief open-source officer for Sun, said the company is ruminating over two major issues: how to keep Java compatible and ensure no particular company uses market forces as muscle for its own implementation, a move that would threaten Java’s “write once, run anywhere” mantra.

Source: InfoWorld