Security researchers are warning that exploit code has been published that can take advantage of an extremely critical security flaw in a protocol supported by Apple QuickTime.

Apple QuickTime versions 7.2 and 7.3 on Windows Vista and Windows XP Pro SP2 are both affected, according to an advisory originally posted on Milw0rm.com.

And because Apple’s iTunes contains a component of QuickTime, installations of iTunes are also at risk, according to a security advisory by the United States Computer Emergency Readiness Team (US-Cert).

The security flaw is found in the Real Time Streaming Protocol (RTSP) supported by Apple’s QuickTime Streaming Server and QuickTime player, US-Cert notes. As a result, users who load a malicious RTSP stream via a QuickTime Media Link file or by visiting a malicious Web page, may find their systems compromised. Malicious attackers, for example, could execute arbitrary code from users’ systems or launch a denial-of-service attack.

Apple is investigating whether or not faulty Seagate hard drives are to blame for data loss on some MacBooks.

Retrodata, a U.K. data recovery firm, reported earlier this year that certain 2.5-inch Seagate drives used in MacBooks had a manufacturing flaw that causes the drive heads to scratch the surface of the drive and cause major problems. InformationWeek contacted Apple about the problem, and a company representative said, “We’ve received a few reports that some MacBook consumer notebooks may have hard drive issues, and we’re looking into it.

Google Inc. wants to offer consumers a new way to store their files on its hard drives, in a strategy that could accelerate a shift to Web-based computing and intensify the Internet company’s competition with Microsoft Corp.

Google is preparing a service that would let users store on its computers essentially all of the files they might keep on their personal-computer hard drives — such as word-processing documents, digital music, video clips and images, say people familiar with the matter. The service could let users access their files via the Internet from different computers and mobile devices when they sign on with a password, and share them online with friends. It could be released as early as a few months from now, one of the people said.

The Mountain View, Calif., company plans to provide some free storage, with additional storage allotments available for a fee, say the people familiar with the matter. Planned pricing isn’t known.

Israeli court ordered Google to reveal the identity of a blogger that uses Google’s own blogging platform, Blogger.
The blogger accused a Shaarei Tikva comity member of illegal acts all through his blog posts. Google objected to the request claiming freedom of speech, however the court sided with the plaintiff and said that since the plaintiff is a public figure running for reelection, he is allowed to confront his accuser and clear his name.

Google notified the blogger about the case against him and offered him to reveal himself or to defend his anonymity in court. Since the blogger did not respond, Google left to fight the court and lost the case. Google will reveal the blogger’s IP address. This is the first case in Israel where Google is ordered to reveal a user’s identity. It seems strange to me that a company like Google did not fight harder to protect its users and did not appeal this decision

The plaintiff sued the blogger for defamation.

Mozilla has released an update to its Firefox browser, fixing a widely publicized flaw in the open-source software.

The 2.0.0.10 update fixes a handful of memory corruption flaws that crash Firefox, and a cross-site request forgery flaw that could give attackers a way to get unauthorized access to certain Web sites.

But the most anticipated bug fix in this release addresses a problem in the way Firefox processes files that are compressed using the.jar (Java Archive) format.

Firefox does not properly check.jar files, giving attackers a way to launch Web-based cross-site-scripting attacks against Firefox users. The bug was first reported in February, but it gained widespread attention in early November when security researchers showed how it could be used in cross-site scripting attacks to run unauthorized code on the victim’s PC.

Al Qaeda leader Osama bin Laden will address the people of Europe in a message to be posted on the Internet “soon”, an Islamist Web site said on Monday.

“Soon, God willing, (we will post) a new message to the European people from the lion Imam who defeated the Americans and tyrants, Sheikh Osama bin Laden,” said the pro-al Qaeda Web site which regularly posts messages from the militant leader.

“Let this message be posted by various Western Web sites so that we deliver to them the truth of their lost war and (confront) them with the purposely hidden fact,” it said, adding that the message was produced by al Qaeda media arm As-Sahab.

It did not give any further details.