8/18/2005

Microsoft Warns of IE Zero-Day Exploit

Filed under: — Aviran Mordo

Microsoft late Thursday issued an advisory with pre-patch workarounds to counter the public release of a zero-day exploit targeting users of its Internet Explorer browser.

The release of the advisory comes less than 24 hours after the FrSIRT (French Security Incident Response Team) published a proof-of-concept exploit that could be used by malicious hackers to target IE users.

The flaw is described as an error in the way IE handles the “Msddds.dll” COM object.

There is no patch available for the vulnerability and, because exploit code has already been released, incident handlers at the SANS ISC (Internet Storm Center) believe a widespread attack is very likely.

Security alerts aggregator Secunia Inc. rates the vulnerability as “highly critical” and warned that a successful exploit may allow the execution of arbitrary code. However, a malicious hacker must first trick a user into visiting a specially crafted Web site to launch an attack.

According to Microsoft Corp.’s advisory, an attacker could target the hole to “take complete control of the affected system.”

Microsoft plans to release a security bulletin with patches for the flaw – either through the monthly update process or with an out-of-cycle release.

In the absence of a patch, the company has published detailed workarounds and mitigation guidance to help block known attack vectors.

Source: eWeek

High School Trades Books for Laptops

Filed under: — Aviran Mordo

VAIL Ariz. - Students at Empire High School here started class this year with no textbooks — but it wasn’t because of a funding crisis. Instead, the school issued iBooks — laptop computers by Apple Computer Inc. — to each of its 340 students, becoming one of the first U.S. public schools to shun printed textbooks.

School officials believe the electronic materials will get students more engaged in learning. Empire High, which opened for the first time this year, was designed specifically to have a textbook-free environment.

Source: AP

Yahoo expands its music service

Filed under: — Aviran Mordo

Yahoo’s subscription-based music service is now widely available to consumers after a three-month trial run.

Yahoo Music Unlimited is designed to let people play songs, transfer tunes to portable devices or share with other subscribers via instant messaging, the company said Thursday. A beta version of the service was unveiled in May.

The service is priced at $4.99 per month for an annual subscription or $6.99 per month for a monthly subscription. It can be accessed by downloading from Yahoo software for importing and managing music and mixing and burning compact discs. The service is available in the U.S. only.

Source: News.com

Google plans big new stock sale

Filed under: — Aviran Mordo

On Thursday, the eve of the first anniversary of its IPO, Google announced plans to sell 14.2 million shares of common stock on the public market, as seeks to raise more capital.

Google, which last year raised $1.7 billion with its long-awaited IPO, is hoping to raise in excess of $4 billion in this secondary offering, based on the current market price of $285 a share, according to its filing with the Securities and Exchange commission.

“We anticipate that we will use the net proceeds from this offering for general corporate purposes, including working capital and capital expenditures,” Google stated in its SEC filing. “In addition, we may use proceeds of this offering for acquisitions of complementary businesses, technologies or other assets.”

Google noted it does not currently have any significant, or “material,” merger agreements pending, according to its SEC filing.

Source: News.com

Apple Fixed 64-bit Problem

Filed under: — Aviran Mordo

After issuing a security update earlier this week that broke 64-bit applications on the company’s operating system, Apple on Thursday issued a new patch to deal with the problem. Security Update 2005-007 v1.1 replaces Security Update 2005-007 v1.0 for Mac OS X v10.4.2. Users who have already installed v1.0 on Tiger systems should install v1.1, according to notes accompanying the update.

Source: macworld

Microsoft Released Zotob Removal Tool

Filed under: — Aviran Mordo

Microsoft added the latest Zotob worm to its Malicious Software Removal Tool.

The Microsoft Windows Malicious Software Removal Tool checks computers running Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom—and helps remove any infection found. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed.

The latest update to the removal tool handles also Zotob.A, Zotob.B, Zotob.C, Zotob.D, Zotob.E, Bobax.O, Esbot.A, Rbot.MA, Rbot.MB, Rbot.MC. (See the complete list of malicious software cleaned by this tool)

Download Malicious Software Removal Tool

Microsoft investigates potential new IE flaw

Filed under: — Aviran Mordo

Microsoft is investigating a report of a new, unpatched flaw in Internet Explorer that could expose users of the ubiquitous Web browser to attacks.

An attacker could craft a malicious Web site that takes advantage of the flaw and gain control over the PCs that visit the Web site or install malicious software on those systems, a representative of the French Security Incident Response Team said in an e-mail interview Wednesday. The organization rates the issue “critical,” its most serious classification.

Exploit code for the flaw is available on the Internet, according to the French security research group. The availability of exploit code typically raises the risk to users because it could aid miscreants in setting up attacks.

Microsoft is investigating the report of the new IE flaw, a company representative said in a statement late Wednesday. The software maker is not aware of attacks that use the reported flaw, the representative said. After the investigation, Microsoft will take the appropriate action to protect users, which could include a security update, she said.

Source: News.com

Google Explains GEICO Ruling

Filed under: — Aviran Mordo

After the recent GEICO vs Google ruling, David Drummond, VP and General Counsel, tries to correct some reports.

Quote:

There have been a few erroneous reports suggesting that a judge ruled against Google in a case involving GEICO. It’s actually the reverse of that, so we thought we’d clarify a few things about that decision.

Last December, the judge in the case ruled decisively in our favor on the issue of keywords. In her oral ruling, she stated that GEICO had failed to prove that using “GEICO” as a keyword to trigger ads was likely to confuse consumers. Then, earlier this month, she issued a written ruling explaining the reasoning behind the December ruling.

In her written ruling, she stated that GEICO’s own evidence “refutes the allegation that the use of the trademark as a keyword, without more, causes a likelihood of confusion.” That is a clear signal that Google’s policy on trademarks and keywords is lawful.

What has generated the confusion is another part of the ruling, of little significance to Google, that relates to the use of “GEICO” in ad text. Google already has a policy that prohibits advertisers from using someone else’s trademark in their ad text when the trademark owner objects. Our policy on that is here.

It’s been our longstanding policy — dating back to well before GEICO filed its lawsuit against us — to block use of a trademark in ad text when the trademark owner objects. GEICO said that there were instances when their trademark appeared in competitors’ ads even after GEICO objected. In her December oral ruling, the judge called this a “narrow issue,” and said that Google and GEICO should “see whether or not there can be a resolution of what is left in the case.” In the recent written decision, she reiterated these points, and explained that while she thought that the ads with “GEICO” in the ad text were confusing, she hadn’t decided whether Google was liable for that.

Judge Brinkema’s decision is consistent with several other court opinions. A court in Austria recently ruled in our favor, concluding that the use of a trademark to trigger ads isn’t likely to confuse consumers. A German court has also ruled in our favor on this issue. And in a case not involving Google, a federal appeals court in the United States recently reached the same result in a keyword-triggered ad case.

We’re very pleased with Judge Brinkema’s decision, which tracks our AdWords trademark policy. The decision is a victory for consumers.

Finally, even though we believe our current policy strikes a good balance between advertisers, users and trademark owners, don’t be surprised if our policy evolves over time. We believe it is possible for an advertiser to create an ad that uses a trademark in a legal and non-confusing way - after all that is what comparative advertising is all about.

New N.Y. Law Targets Hidden Net Tolls

Filed under: — Aviran Mordo

A new law that’s apparently the first in the nation threatens to penalize Internet service providers that fail to warn users that some dial-up numbers can ring up enormous long-distance phone bills even though they appear local.

A long distance call even within the same area code can cost 8 to 12 cents a minute, adding up to hundreds, even thousands of dollars a month.

Companies face fines of up to $500 for each offense, and consumers could pursue civil action claiming an unfair business practice.

The National Conference of State Legislatures said it knows of no similar law elsewhere.

About 700 consumers in the Rochester area alone were billed more than $200,000 combined in unexpected Internet access charges in an eight-month period, while others elsewhere were charged $5,000 to $10,000 more than expected because the Internet connection was left open through a long-distance number.

Consumers, however, must act on the warning that Internet providers must soon post by contacting their phone companies to find out whether a number is truly local.

Source: AP

Nintendo micro console to hit Europe in Nov

Filed under: — Aviran Mordo

Nintendo Co. Ltd will launch its Game Boy Micro, a portable mobile phone-sized games console, in Europe on November 4 for a recommended price of 99 euros, it said on Wednesday.

The Japanese company hopes to attract women and so-called casual gamers — those unwilling or unable to spend hours playing games on a PC or console at home — with the new device, which is available in metallic pink, green, blue and silver.

Nintendo, which announced the European launch at Europe’s biggest computer games fair in Leipzig, said late on Tuesday the Game Boy Micro would be available from the end of September in the United States at $99.

The European price is the same as that for the Game Boy Advance SP, Nintendo’s current console model — which may surprise analysts who believed it should be priced lower.

Source: Reuters

Powered by WordPress