2/1/2008

Image uploader bug blights MySpace

Filed under: — Aviran Mordo

Security flaws in an ActiveX control used in MySpace upload images onto the social networking sites leave users open to attack. Facebook users may also be at risk.

A buffer overflow vulnerability in Aurigma’s Image Uploader Control Library might be used to compromise a user’s system. The affected control is used for uploading images onto social networking sites using Microsoft’s Internet Explorer. Users might be vulnerable if tricked into visiting a specially crafted web page that exploits the vulnerability.

The flaw was first reported by Elazar Broad on a full disclosure mailing list, who said that the vulnerable control was used by MySpace. Facebook also reportedly repackages the Aurigma control, though which version it uses is unclear. Broad reported the problem to Aurigma.

Microsoft Offers $44.6B for Yahoo

Filed under: — Aviran Mordo

Microsoft Corp. has pounced on slumping Internet icon Yahoo Inc. with an unsolicited takeover offer of $44.6 billion in its boldest bid yet to challenge Google Inc.’s dominance of the lucrative online search and advertising markets.

The surprise offer of $31 per share, made late Thursday and announced Friday, comes with Sunnyvale-based Yahoo in a vulnerable position.

In a statement Friday, Yahoo said it will “carefully and promptly” study Microsoft’s bid.

With its profits steadily sliding, Yahoo’s stock slipped to a four-year low earlier this week and a new management team has been trying to steer a turnaround but sees more turbulence through 2008.

The announcement sent Yahoo’s share price up 60 percent in premarket trading, while Google fell 8 percent, weighted down by a fourth-quarter earnings report that missed Wall Street expectations.

RealPlayer named by StopBadware.org

Filed under: — Aviran Mordo

StopBadware.org said Tuesday it has labeled two versions of the RealPlayer media player as “badware,” or spyware.

RealPlayer 10.5, it claims, “fails to accurately and completely disclose the fact that it installs advertising software on the user’s computer.” And RealPlayer 11, it claims, “does not disclose the fact that it installs Rhapsody Player Engine software, and fails to remove this software when RealPlayer is uninstalled.” Ryan Lukin, PR manager for RealNetworks, disputed some of the claims.

Powered by WordPress