ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Tech News Weekly: Edition 36-09

(1/3) > >>

The Weekly Tech NewsHi all.
Sorry for the lateness, was on a snow trip with work. Also, tech news has sucked pretty hard lately...sorry about that, I hope it picks up soon :(
As usual, you can find last week's news here.
1. Firefox to Warn Users of Insecure Adobe Flash
Starting with the next Firefox update, the browser will warn users when they're using an outdated version of Adobe Flas, since apparently Adobe can't manage that...

Upcoming versions of Mozilla's Firefox browser will automatically warn users running versions of Adobe's Flash Media Player that contain known security bugs, according to a published report.

The check will be invoked each time the popular open-source browser is updated, according to the report which was published Thursday by The H. Users who have out-of-date versions of the Adobe application will be notified in the "What's New" browser page that automatically opens each time an update is installed.

--- End quote ---

2. Microsoft Overturns Word Sale Ban
As anyone may have guessed, Microsoft have managed to keep MS Word on the shelves after a court ruled last week that Microsoft must stop selling copies of the program in Texas.

The block was imposed by a Texan court following a ruling that its use of formatting language XML in Word 2003 and 2005 infringed patents.

Under the ruling Microsoft was ordered to pay Canadian patent owner i4i $290m (£177m) damages and also told to stop sales of the relevant versions of Word.

The ban on sales was due to come in to force in mid-October.

--- End quote ---

3. $32M Louis Vuitton Judgment Shows Limits of ISP Safe Harbors
A US ISP has copped a $32 million damages bill from Louis Vuitton for knowingly hosting a site pedaling fake Vuitton merchandise.

The best feature of the much-maligned Digital Millennium Copyright Act (DMCA) is its "safe harbor" for Internet service providers, who can't be held liable for what customers do using their networks. Mostly. There are limits, and Louis Vuitton found them this week in a federal court. The luxury goods maker won $32 million from two ISPs and the man who ran them after proving to a jury that the ISPs had full knowledge that they hosted mainly websites for counterfeit goods—and refused to take action.

The two ISPs are Akanoc and Managed Solutions Group, both run out of Fremont, California by one Steven Chen. According to Louis Vuitton's July 2008 complaint, Chen's companies "were formed for and exist primarily to facilitate the promotion and advertisement of offers for counterfeit and infringing merchandise." The ISPs hosted a huge array of sites offering fake Vuitton purses, wallets, and bags—sites like, and

--- End quote ---

4. Diebold Impeaches E-voting Unit, Sells It Off for $5 Million
Diebold, makers of the infamous E-Voting machines found across the United States have sold their entire voting machine division Election Systems & Software.

Diebold announced on Thursday that it has sold its voting machine division to Election Systems & Software (ES&S), a former competitor. Diebold's unceremonious departure from the electronic voting machine business will be welcomed by critics of the company's controversial direct-recording electronic voting products.

Diebold, which is primarily an ATM maker, decided to unload its voting machine subsidiary—Premier Election Solutions—for roughly $5 million and change. As a consequence of the deal, the company expects to report a loss of over $45 million. According to a statement issued by Diebold, the company has been looking for a way out of the voting machine racket ("pursuing strategic alternatives to ownership") since 2006 when it realized that the whole endeavor was intractably dysfunctional ("identified its US elections systems business as non-core to its operations").

--- End quote ---

5. New IIS Attacks (greatly) Expand Number of Vulnerable Servers
Microsoft IIS installations have come under attack this week after a new vulnerability was revealed which could allow an attacker with write privileges to an FTP server to execute code on the remote server, and can crash servers that don't permit write operations.

Attackers have begun actively targeting an unpatched hole in Microsoft's Internet Information Services webserver using new exploit code that greatly expands the number of systems that are vulnerable to the bug.

In an updated advisory published Friday, Microsoft researchers said they are seeing "limited attacks" exploiting the vulnerability, which resides in a file transfer protocol component of IIS. Exploit code publicly released in the past 24 hours is now able to cause vulnerable servers to crash even when users don't have the ability to create their own directories.

--- End quote ---

6. Month of Facebook Flaws Gets Underway
STOP USING FACEBOOK APPS!! *ahem* Due to the high level of insecurity in many Facebook apps, 'theharmonyguy' will be revealing one new Facebook app vulnerability each day this month in order to generate awareness.

A security researcher has vowed to reveal technical details of a series of cross-site scripting vulnerabilities involving Facebook applications during September.

theharmonyguy plans to give developers 24 hours' advance notice about flaws involving their web applications before exposing them publicly. The project takes its cue from July's Month of Twitter Bug project, during which security researcher Aviv Raff applied a similar idea to the disclosure of security flaws involving Twitter and associated services.

--- End quote ---

7. Wiretapping Skype Calls: Virus Eavesdrops On VoIP (Thanks 40hz)
I find this less than impressive, but it has generated a lot of press this past week. Apparently, Skype users were laboring under the delusion that Skype's heavy use of encryption made it impervious to bugging. They all got a rude wakeup call when Ruben Unteregger, a Swiss programmer, released the source code for a "virus" which bypasses Skype's encryption by hooking the Windows audio subsystem and directly recording the audio stream to MP3.

Some computer viruses have a crude but scary ability to spy on people by logging every keystroke they type. Now hackers and potentially law enforcement have another weapon: a virus that can eavesdrop on voice conversations that go over computers instead of a regular phone line.

The capability has been shown in a new "Trojan horse" virus that records Voice over Internet Protocol (VoIP) calls through the popular Skype service. Skype calls are free or low cost and can work between two computers or between one computer and a phone.

--- End quote ---

8. Big Fish, Little Fish, Cardboard Box
And just to make sure this week's news *really* sucks, here's Bob the Builder teaching us how to dance!!


as a low-tech user I'm happy about #1 -
I know I occasionally get notice to upgrade but I never keep track - well, every now & again I go to Secunia's site and get them to check.
Java then leaves the older versions (JavaRa is a godsend to tidy up), cant remember does adobe do the same with flash..

hmm hmmmph hmmmm . . . big fish LITTLE fish . .    :)

#1 is a very good idea - they should add it for JVM as well.

#4 :) - perhaps the .us can finally get secure voting machines?

I'm very pleased that Mozilla has taken up the mantle of keeping Flash up-to-date, as Adobe apparently can't manage that themselves, despite Flash being one of most vulnerable and widely deployed pieces of software on the planet. +1 for JVM support.


I hope that flash warning won't work under linux.. Ubuntu systematically keeps outdated packages, but updates them automatically. I wouldn't like firefox to warn me I have flash outdated when I don't have any new version in the repository.

Still, for windows, I think it's a good improvement - that will probably cause a headache for those users who don't know how to update stuff. My father and mother are constantly annoyed by java and hp stuff when they turn their computer on.


[0] Message Index

[#] Next page

Go to full version