MS Details More IE 7 Security Goodies

Filed under: — Aviran Mordo

Microsoft plans to discontinue the use of the SSLv2 (Secure Socket Layer) protocol in the coming Internet Explorer browser refresh.

In its place, he company will fit the stronger TLSv1 (Transport Layer Security) protocol into IE 7 as part of an overall plan to improve the security and user experience for HTTPS connections.

Microsoft Corp. made the announcement on its official IE Blog where a call to action was issued for Web site owners to make the necessary configuration changes to permit the new protocol connections.

Eric Lawrence, a program manager on the IE team, also warned that the new browser will block navigation to HTTPS sites that present problematic digital certificates.

Source: eWeek

Exploit Code Released for Oracle Hole

Filed under: — Aviran Mordo

Exploit code is being circulated that can crash both patched and unpatched Oracle 10g databases.

The code was posted on the Full Disclosure mailing list on Thursday.

David Litchfield, a security researcher with Next Generation Security Software Ltd., said that the code is relatively benign in that the exploit crashes servers but doesn’t run arbitrary code that might issue malicious commands.

Source: eWeek

Most DNS servers ‘wide open’ to attack

Filed under: — Aviran Mordo

Four in five authoritative domain name system (DNS) servers across the world are vulnerable to types of hacking attacks that might be used by hackers to misdirect surfers to potentially fraudulent domains. A survey by net performance firm the Measurement Factory commissioned by net infrastructure outfit Infoblox of 1.3m internet name servers found that 84 per cent might be vulnerable to pharming attacks. Others exhibit separate security and deployment-related vulnerabilities.

Pharming attacks use DNS poisoning or domain hijacks to redirect users to dodgy urls. For example widespread attacks launched in April attempt to fool consumers into visiting potentially malicious web sites by changing the records used to convert domain names to IP addresses. These particular pharming attacks exploited name servers that allow recursive queries from any IP address. Recurssive queries are a form of name resolution that may require a name server to relay requests to other name servers.

Source: The Register

Gates To Make Presentation On New Addition To Office

Filed under: — Aviran Mordo

Bill Gates will make a presentation on the new additions to Microsoft Office software, which will feature technology to filter data out of large corporate databases and to remove clutter, during his first ever visit to Israel this week.

During his trip on Wednesday, Gates will address business and technology leaders on ‘the New World of Work’, his vision for a new generation of productivity software, which is expected to reduce the clutter of data and messages overwhelming many workers over the next decade, business daily ‘Globes’ said in a report today.

The Microsoft chief will be meeting Prime Minister Ariel Sharon, and acting Finance Minister Ehud Olmert, during the visit. He will also be meeting with CEOs of leading Israeli companies using Microsoft products and hold an informal meeting with eleven outstanding high-school aged Microsoft programmers, the report said.

Microsoft Israel will host a number of professional conferences for its business partners, for systems administrators of large, medium and small enterprises on the occasion.

Source: hinduonnet.com

MySQL 5.0 Released

Filed under: — Aviran Mordo

MySQLMySQL AB announced the availability of MySQL 5.0. MySQL 5.0 can be downloaded under the open source GPL license at http:/dev.mysql.com.

“We are quite proud to deliver this new version of MySQL — as it includes the most-requested features from our users, customers and partners,” said Marten Mickos, CEO of MySQL AB. “With their feedback, we have been able to provide important enterprise-class features while staying true to MySQL’s renowned heritage of high-performance, reliability and ease-of-use.”
MySQL 5.0’s Enterprise Database Features

The new MySQL 5.0 combines enterprise-grade reliability and performance with advanced SQL 2003 standard-compliant features, making it the most cost-effective database solution for business-critical applications. The product’s new functionality will be especially familiar to database developers and DBAs of proprietary relational database systems — allowing IT departments to ease the integration and transition of their data, applications and skill-sets.

MySQL 5.0 delivers dozens of new enterprise features, including: (more…)

AMD slashes chip prices by up to 25%

Filed under: — Aviran Mordo

AMD took the axe to its desktop and mobile processor families this morning, chopping up to 26 per cent off what it charges for its chips.

The company reduced prices for its mobile Turion 64, dual-core desktop Athlon 64 X2 series, Mobile Athlon 64 products, and both mobile and desktop Sempron processors.

Athlon 64 and Athlon 64 FX prices remain unchanged, though AMD took the opportunity to drop its two bottom-most Athlon 64 parts, the 3000+ and 2800+. The Mobile Athlon 64 2800+ is also no longer with us.

Source: The Register

Disney To Adopt New Antipiracy Protection For Screeners

Filed under: — Aviran Mordo

Launching an aggressive new effort to combat piracy, The Walt Disney Studios will utilize state-of-the-art encryption technology from Cinea, a subsidiary of Dolby Laboratories, for 2005 DVD awards screeners.

Piracy is one of the biggest threats to the cinema industry, resulting in lost jobs and lost revenues. To combat piracy, Cinea developed its innovative solution, which provides copy protection and piracy tracking for DVDs. Cinea’s solution includes the S-VIEW(TM) DVD player and encryption technology to safeguard content. The S-VIEW DVD player offers the highest-quality picture and sound. It also plays standard DVDs.

In collaboration with the Academy of Motion Picture Arts and Sciences, and the British Academy of Film and Television Arts, Cinea has distributed the SV300 model of its S-VIEW DVD player to nearly 12,000 of the collective voting members. Recipients of the Cinea S-VIEW players simply need to install the player as part of their home entertainment system, as they would install a regular DVD player, and make a phone call or go online to register with Cinea.

Cinea encrypts each disc with a code unique to each member. The Cinea disc delivered to each member will play only on the Cinea S-VIEW DVD player registered by that member. A Cinea encrypted disc cannot be viewed on any other DVD player or computer.

Powered by WordPress