hairyfeet writes: "Argeniss founder Cesar Cerrudo has found serious design weaknesses that could allow a skilled hacker to take complete control of the Windows Server 2008. These weaknesses could allow a hacker to have complete control over the system and also affects Windows XP,Server 2003,and Windows Vista. To Quote Mr. Cerrudo "[We found] from design issues that were not identified by Microsoft engineers during the Security Development Lifecycle, and allows accounts commonly used by Windows services — NETWORK SERVICE and LOCAL SERVICE — to bypass new Windows services protection mechanisms and elevate privileges". He further stated that on Windows XP and server 2003 it is especially severe as "any Windows service, even when running under a low privileged account, can potentially break through the security protections and fully compromise the operating system.""
hairyfeet writes: "Do you use iTunes on Windows? If so you may be getting the gift of Safari from Apple whether you want it or not, and Mozilla CEO Joe Wilcox is not happy about it. After his daughter was offered Safari as a "bonus update" with a recent update to her iTunes software,Mr. Wilcox is quoted on his blog as saying "What Apple is doing now with their Apple Software Update on Windows is wrong. It undermines the trust relationship great companies have with their customers, and that's bad — not just for Apple, but for the security of the whole Web." He also pointed out the check box is already clicked when you go to update meaning you have to opt out,not in and that it lists Safari as getting an update even if you don't have it installed.
Whether you are a fan of Apple or not most would have to admit installing a new browser during an update to existing software is a not the norm. So is it simply a good business strategy? Or is it a case of Apple trying to use its existing software to help push its way into new markets? You can read and decide for yourself here"
hairyfeet writes: "As there are many of us choosing to skip on Vista(including me) Australian PC World has an interesting article with the slightly overblown title Death Match: Windows Vista VS XP. But while the title may be a little over the top, the article is actually thoughtful,in my opinion. It points out some of the things one should be looking at from a business point of view when deciding whether to skip Vista or not, such as support,security,reliability,etcetera. And for those who would simply like to read the article without flipping through four pages of ads, I humbly present the printer friendly version here."
hairyfeet writes: "President Bush has refused to budge on his stance for teleco immunity,vowing to veto any bill that contains FISA without retroactive immunity. Eweek quotes the House majority leader Steny Hoyer of Maryland in a statement that reads Republicans "prefer to have a political issue rather than a strong new FISA bill in place as quickly as possible. Certainly Republicans do not really believe that the role of the House is to simply rubber-stamp whatever bills the Senate passes." While the EFF, co-lead counsel in the nearly 40 pending lawsuits against the telecos,says that they broke the law by providing the NSA with the contents of billions of emails,text messages,and VOiP conversations,and that guilt should be decided by the courts."
hairyfeet writes: "2spare has managed to compile a look back at how things used to be with ten ads from computing long past. Now we aren't talking the things we have all seen (or remember) like Apple's famous 1984, these start way back in 1971. I especially love the one bragging about 300Mb of storage for under $20,000. These kinds of ads remind me of how I paid $400 for a 1X DVD burner only to have 4X on sale at less than $100 a few months later. So Slashdot readers, how much did YOU pay for high tech only to have it obsoleted right out from under you?"
hairyfeet writes: "Aviv Raff, an Israeli researcher known for his work in hunting browser bugs revealed Thursday a Firefox spoofing vulnerability which could allow Identity thieves to dupe users into giving up their password. According to Mr. Raff Firefox fails to sanitize single quotes and spaces in the "Realm" value of an authentication header. Raff was quoted as saying "This makes it possible for an attacker to create a specially crafted Realm value which will look as if the authentication dialog came from a trusted site."
Mr. Raff then outlined two possible attack vectors. One in which a malicious site that included a link to a trusted site — a well-known bank, say, or a Web e-mail service such as Gmail or Hotmail — that when clicked would display its usual log-on dialog. But in the the background, however, the attacker would have crafted a script that exploited the Firefox vulnerability to redirect the username and password entered by the user to the hacker's server instead of the real deal. The other involved a more classical rigged email image or one embedded in a blog or website which would then present the user when clicked with a legitimate looking login dialog.
This vulnerability was shown to be in the latest Firefox, version 188.8.131.52 and until Mozilla fixes this vulnerability Mr. Raff recommends in his blog "not to provide username and password to Web sites which show this dialog.""
hairyfeet writes: "OSNews is reporting that after an abysmal showing by Vista SP1 in the latest benchmarks that, surprisingly, Windows XP SP3 showed a marked improvement over SP2, gaining around ten percent in performance in the benchmarks. Considering that Microsoft has kept pushing forward the end of life date on XP due to customer and PC manufacturer demand, one has to wonder how wise it is for them to release a service pack that makes the older XP even faster than it already was compared to Vista."
hairyfeet writes: "Just in time for those who don't wish to brave the annual Black Friday ruckus, Linuxtoday is reporting the Everex $199 Linux PC is back in stock. Hopefully after the glowing reviews that it got from customers the first time around Wal Mart has bought enough stock to supply the demand. Its Linux OS gOS, has gotten good reviews on several sites where it has been called "an easy to use Linux Distro for those that want the basics-Email, web browsing, and light office work. So for those that would like to have a cheap new Linux box that is very green, power-wise, or for those who would like to give their relatives an easy to use Linux machine, here it is The $199 Everex PC"
hairyfeet writes: "Despite Microsoft releasing Windows Vista more than nine months ago the adoption rate has not been as Microsoft hoped. Bowing yet again to pressure from OEMs and consumers Microsoft extends the life of Windows XP,which was due to end sale by OEM manufacturers on January first,to a new date of June 30. When asked if this was an indicator of a strong demand for XP,Microsoft representative Kevin Kutz has sought to downplay the extension,stating "We wouldn't term it strong,We would describe this as accommodating a certain element who needs more time." For more information please see the Cnet article at http://www.news.com/Microsoft-extends-Windows-XPs-stay/2100-1016_3-6210524.html?part=rss&tag=2547-1_3-0-20&subj=news"
hairyfeet writes: "Bruce Byfield of Linux.com has just posted his third Office shootout between Microsoft Office and Open Office. This is the first version comparing the new Microsoft Office 2007 with the Latest version of Open Office.The verdict? while there are a few categories where Microsoft Office beats Open Office, overall Open Office wins but by not as large a margin as in the past. The results and final analysis are posted here:http://www.linux.com/feature/118986"
hairyfeet writes: "Sourcefire, Inc, The creator of the Snort intrusion detection for Linux, today announced the acquisition of leading open source gateway anti-virus technology provider, ClamAV. Sourcefire has announced that they will continue to develop ClamAv under the open source (GPL)license and have hired the original ClamAV development team to continue work on the project. Martin Roesch, Founder and CTO of Sourcefire and Creator of Snort is quoted as saying "The success of the ClamAV project is a direct reflection of the talent and dedication of the founding team and the project community. Sourcefire is committed to investing in and advancing the ClamAV technology, just as we have with Snort and Snort.org."