60938
submission
mr_mischief writes:
Got Firefox? Get it updated!
The Mozilla Foundation has released an important security update for Firefox 2.0 which fixes eight vulnerabilities (five of them rated critical) among other things.
Patches are also available for Firefox 1.5.0.x and Thunderbird 1.5.0.x as well.
See Secunia's advisory to find out more about security issues with memory corruption in the JavaScript and layout engines, a heap-based buffer overflow handling Windows bitmaps, a couple of arbitrary HTML/script vulnerabilities and what appear to be a couple of arbitrary native code vulnerabilities.
57538
submission
mr_mischief writes:
It turns out that circumcision, which some berate as a cruel and primitive practice while others say helps in cleanliness and disease control, may actually have a significant impact on the spread of certain diseases. In particular, the BBC is reporting a US National Institutes of Health study in whichthe practice cut HIV transmission rates from women to heterosexual men by about 50%.
While doctors understandably don't want to promote promiscuous sex and 50% is still too strong a chance of transmitting such a serious disease, the recommendation is that circumcision be part of a plan to combat the disease.
Although every disease is different, I wonder if it's clear enough to people that if one disease is slowed by this practice that it probably has some effect in slowing some other diseases as well.
57390
submission
mr_mischief writes:
EETimes reports Microsoft is working on standardizing a robotics platform and development for it. They want to make it easier to develop robots, starting with the IDE and development environment and continuing through specifying acceptable hardware, just like for PCs and Windows CE devices.
What's next, the MS directives of robotic behavior, including "Do not allow Microsoft to be harmed through your actions or inactions", and "Do not play music, movies, or games that are not from cartel-approved suppliers?"
10621
submission
mr_mischief writes:
Microsoft has a bulletin about a vulnerability for something called Vector Markup Language. Security Focus has one too.
Vector Markup Language was a proposed web standard that was passed on by the standards bodies and which was both subsumed and superseded by Scalable Vector Graphics.
Despite VML being passed over and another alternative being made a standard, Microsoft implemented it anyway. In the implementation there is a security problem that MS says can allow an attacker total control of a target system.
If it's nonstandard, duplicating functionality offered by a standard, and they can't be bothered to do it right the first time, perhaps they shouldn't preinstall it on millions of computers around the world. How could Microsoft actually get enough of an edge from undercutting a fairly widely implemented standard with a dangerous implementation that it is financially worthwhile for them? Wouldn't be better for them in the long run to just implement the standard, or is there some huge installed base of VML somewhere that I'm just missing?
