Microsoft on Tuesday again abstained from naming which of its Windows programs, if any, contain bugs that could lead to widespread “DLL load hijacking” attacks.

Also on Tuesday, the company published an automated tool to make it easier for users to block attacks exploiting vulnerabilities in a host of Windows applications.

The DLL load hijacking vulnerabilities exist in many Windows applications because the programs don’t call code libraries — dubbed “dynamic-link library,” or “DLL” — using the full pathname, but instead use only the filename. Criminals can exploit that by tricking the application into loading a malicious file with the same name as the required DLL. The result: Hackers can hijack the PC and plant malware on the machine.

“Microsoft plans to address those of our products affected by this issue in the most appropriate way for customers,” said Jerry Bryant, a group manager with the Microsoft Security Response Center, in a Tuesday entry on that team’s blog . “This will primarily be in the form of security updates or defense-in-depth updates.”

Although Microsoft again declined to call out its vulnerable software, outside researchers have identified as potential targets a number of its high-profile apps, including Word 2007, PowerPoint 2007 and 2010, Address Book and Windows Contact, and Windows Live Mail.

Other vendors’ software may also be at risk, including Mozilla’s Firefox, Google’s Chrome, and Adobe’s Photoshop.

Bryant hinted that some Microsoft software could be exploited. “Due to the fact that customers need to click through a series of warnings and dialogs to open a malicious file, we rate most of these vulnerabilities as Important,” he said, referring to the second-highest threat ranking in the company’s four-step scoring system.

Microsoft typically uses Important to describe bugs that can be exploited remotely — via the Internet or e-mail, for example — but which also require that the user assist the attack in some way, usually by clicking through warnings or opening a malicious file.

In another blog , Jonathan Ness, an engineer with MSRC, and Maarten Van Horenbeeck, an MSRC program manager, described how customers can deploy and use a tool the company first offered Aug. 23 .

That tool blocks the loading of DLLs from remote directories, such as those on USB drives, Web sites and an organization’s network, and is aimed at enterprise IT personnel.

Not surprisingly, Microsoft acknowledged that users have asked for more help with the tool. Shortly after its release, IT professionals complained that the tool was confusing and asked colleagues for advice on how to configure it.

To simplify things, Microsoft has posted a “Fix It” tool on its support site that automatically blocks any DLLs from loading from WebDAV or SMB (Server Message Block) shares, two of the most likely attack vectors. Users must still download and install the original tool, however.

Ness and Van Horenbeeck also downplayed the threat to some extent, saying that DLL load hijacking bugs cannot be exploited via “drive-by” attacks, where a user’s PC is infected as soon as he or she browses to a malicious site.

“A victim would need to browse to a malicious WebDAV server or a malicious SMB server and double-click a file in the Windows Explorer window that the malicious server displays,” they said.

Microsoft has known of the issue since at least August 2009 , when researchers with the University of California Davis notified the company of their work. There’s evidence, however, of reports as far back as 2000, and attacks exploiting the flaw the following year, when the Nimda worm leveraged the bug in Office 2000.

HD Moore, chief security officer at Rapid7 and the creator of the Metasploit penetration testing toolkit, was the first to reveal the potential attacks when, on Aug. 19, he said he’d found 40 vulnerable Windows applications . Moore was followed by other researchers who claimed different numbers of at-risk programs, ranging from more than 200 to fewer than 30.

Some vendors have already patched the problem in their software. Both uTorrent and Wireshark, a BitTorrent client and network protocol analyzer, respectively, have been updated to address the bug.

Others are working on a fix. “We’re testing our own Firefox-specific fixes and plan to get them out to users soon,” Mozilla’s security team said in an e-mail reply to questions last week.

Even so, Microsoft said patches may be long in coming to some users. “We recognize that it may take quite a bit of time for all affected applications to be updated and for some, an update may not be possible,” Bryant admitted.

In lieu of patches, the blocking tool is the best defense, he continued. With that in mind, Microsoft plans to make the tool available “within the next couple of weeks” for downloading and deployment using Windows Server Update Services (WSUS), Microsoft’s most-used business patch management mechanism.

The company is also thinking about pushing the tool to everyone, including consumers, via Windows Update, although it would be switched off by default, said Bryant.

Source

Chrome users yesterday bombarded Google’s Gmail support forum with complaints about music suddenly playing in the background when they reached their inboxes.

Some feared that their machines had been infected with malware.

“Those sound effects are quite unnerving when you first hear it,” said a user identified as “goz3″ on the Gmail support board. “I really thought it was some sort of twisted virus.”

“I thought it was a virus, too,” echoed “bradleyctclarke” on the same thread.

The cause, said a Google representative on the support forum, was a video promoting the e-mail service’s new Priority Inbox feature.

Although the Google support rep said that the company was “working on fixing this” and apologized for the bug, Computerworld confirmed that the background video and its ragtime-style music was still affecting Chrome users on Tuesday.

Other browsers, such as Safari and Firefox, did not automatically fire up the video and its tune.

“I thought my account had been hacked — especially when I heard the scrunching of paper,” added goz3 in an earlier message Monday. “I thought, oh sh*t, my mail is being eaten up.”

The unwanted music played only on machines running Chrome, and then only for users who have had the Priority Inbox feature enabled by Google. The new tool, designed to automatically rearrange messages to put the most important at the top of the inbox, is being rolled out in stages by Google, which yesterday said that it would reach everyone within the next week.

The gaffe is reminiscent of one Google made last May when a JavaScript-based version of the 1980 video game Pac-Man freaked out Firefox users, who heard siren sounds and offbeat music in the background when they were at the search engine’s home page.

“MAKE IT STOP!” shouted someone tagged as “bleepo” on Monday. “If I get some annoying sound or ad every time I open Gmail on Chrome it will be enough to make me not use it.”

To quell the music, Chrome users should click on the Priority Inbox link in the upper right, then stop the video play in the pop-up window.

Source

The 3D architecture and design application AutoCAD, long missing from the Mac platform, is finally making its comeback. Autodesk plans to release a Mac OS X version in October, and versions for the iPhone, iPad and iPod touch are in the works, too.

“The combination of this new version of AutoCAD and the extension of AutoCAD to iPad, iPhone and iPod touch is a big step in Autodesk’s efforts to accelerate design and make design more accessible for an ever-greater number of people,” commented Autodesk senior vice president, Amar Hanspal.

AutoCAD for Mac OS X will support multi-touch trackpad gestures and Cover Flow, along with cross-platform DWG file format sharing.

Autodesk will also release AutoCAD WS for the iPhone, iPad and iPod touch for free. The mobile version will let users edit and share AutoCAD files, but won’t offer the same level of controls found in the Mac OS X version.

Rumors that Autodesk was working on a new version of AutoCAD for the Mac surfaced in May, but the company didn’t offer any confirmation at the time.

Source

by Ed Hansberry

For the early part of its life, Windows Mobile was one of the more powerful mobile platforms, yet it was never known as being the most spry. Microsoft set out to fix that with Windows Phone 7 and early indications are it has succeeded.

I’ve said it many times before, the iPhone turned the smartphone world upside down and set new standards for performance, navigation and web browsing when it launched in 2007. It showed how well a smartphone could perform and it also showed that web browsing didn’t have to be painful on a small screen. Microsoft tried to gain some ground with various iterations of Internet Explorer 6 on its 6.1 and 6.5 versions of Windows Mobile, but it never really came close to the iPhone.

Face it, terms like bloated and slow seemed justifiable on Windows Mobile phones when compared to an iPhone. Now though it looks like Windows Phone is catching up and even surpassing current market leaders Android and iOS. PocketNow has a quick video showing how fast Windows Phone 7 boots up. It takes around 25 seconds for it to go from being powered off to the home screen where it is usable. The iPhone and Nexus One running Android take twice as long at a minute and for comparison, they threw in the Windows Mobile 6.5 powered HTC HD2 and it took over a minute even with Sense disabled.

Now, the goal of course is not to have to boot up your machine all of the time, but the truth is, smartphone are computers and they do need to be rebooted occasionally. In our office we have Blackberrys, iPhones and a few Android devices and they all need to be reset on occasion, so don’t try and suggest that only Microsoft products need rebooting. It is a tired and false argument of the unimaginative.

It is nice to see Microsoft is putting so much effort into speed and responsiveness of their new platform. We’ve already seen where Windows Phone 7 puts the new Blackberry 6.0 browser to shame. PocketNow also did a comparison of how Windows Phone 7′s browser stacked up to the iPhone and Android platform. While there was no clear winner in this category, Windows Phone 7 did perform very well, winning some of the speed contests and showing smoothness in just about all tests where the competition showed some stuttering.

One thing to keep in mind too in all of these tests is Windows Phone 7 isn’t done. It is a near final build, but Microsoft continues to make tweaks. The hardware also a prototype and likely has some rough edges. Worst case scenario though is nothing improves and Microsoft is merely very competitive. Best case scenario is once all of the hardware and software is done, Microsoft ekes out a bit more horsepower and becomes the best all around performing platform to date.

Source

Online retailers have started selling netbooks with Intel’s new dual-core Atom processor, ahead of official product announcementsfrom PC makers.

Intel announced the dual-core Atom N550 netbook chip on Monday. The chip maker said netbooks with the new chip would become available immediately, but major PC makers have not announced products yet.

Intel has said the dual-core processor is faster than its single-core predecessors, which go into most netbooks today. Netbooks will run applications faster and play 720p video, an improvement over earlier models that struggled with high-definition video. Netbooks will remain as thin and light as existing models, and offer similar battery life.

The chip runs at a speed of 1.5GHz and has 1MB of cache. It draws up to 8.5 watts of power.

An Acer Aspire netbook with a 10.1-inch screen is being offered for US$399 on HSN’s website. The netbook offers battery life of up to eight hours, according to the website, which is almost similar to the battery life of many single-core Atom netbooks.

The netbook comes with a 250GB hard drive, 1GB of memory, Wi-Fi capabilities and an integrated webcam. It comes with the Windows 7 Starter Edition OS.

An online retailer in Australia, Penta, is selling Gigabyte’s GA-T1005M multitouch tablet PC for $905, a high price to pay for a netbook — they are usually priced between $200 and $400. The tablet-style netbook comes with a 10.1-inch multitouch screen. It has a 320GB hard drive, 2GB of RAM, webcam and Wi-Fi capabilities. The device weighs 1.48 kilograms (3.26 pounds) with a six-cell battery, and comes with the Windows 7 Home Premium OS.

A Chinese company, Timespad, is offering a netbook with an optional Atom N550 processor for bulk purchase on Alibaba.com. The netbook, priced between $285 and $305, comes with an 11.6-inch screen and an Nvidia graphics controller. The hard drive storage and memory capabilities are not specified.

PC makers are expected to announce products soon, with many possibly coming at the IFA show, which starts next week in Berlin.

Source

A firm owned by Microsoft co-founder Paul Allen has filed a lawsuit against Google, Apple, Facebook, and other companies alleging that they have violated patents related to search, multimedia, screen pop-ups and database management.

Interval Licensing filed the patent lawsuit Friday in U.S. District Court of the Western District of Washington. The companies named in the lawsuit are Aol, Apple, eBay, Facebook, Google, Netflix, Office Depot, OfficeMax, Staples, Yahoo and YouTube.

The four patents cover several technologies related to search, multimedia, databases and screen activity, said David Postman, a spokesman for Allen. Details about how the 11 defendants are allegedly infringing Interval’s patents will come out as the lawsuit progresses, he said.

Interval Licensing holds patents of Interval Research, the now-defunct company founded by Allen and David Liddle in 1992 to research information systems, communications and computer science. The patents in the lawsuit cover fundamental Web technologies first developed at Interval Research in the 1990s, Interval said in a press release.

The patents covered by the lawsuit are:

– U.S. Patent No. 6,263,507, for “Browser for Use in Navigating a Body of Information, With Particular Application to Browsing Information Represented By Audiovisual Data.”

– U.S. Patent No. 6,034,652, for “Attention Manager for Occupying the Peripheral Attention of a Person in the Vicinity of a Display Device.”

– U.S. Patent No. 6,788,314, for “Attention Manager for Occupying the Peripheral Attention of a Person in the Vicinity of a Display Device.”

– U.S. Patent No. 6,757,682, for “Alerting Users to Items of Current Interest.”

Postman called Interval Research a “groundbreaking contributor” to the development of the commercial Internet. The patents are fundamental to the ways leading e-commerce and search companies continue to operate, he said.

Some of the named companies slammed the lawsuit.

“This lawsuit against some of America’s most innovative companies reflects an unfortunate trend of people trying to compete in the courtroom instead of the marketplace. Innovation — not litigation — is the way to bring to market the kinds of products and services that benefit millions of people around the world,” a Google representative said.

Just how fair is the competition in the wireless market? If you are a smaller player, you may find it to be extremely skewed.

According to a recent government report – featured in an  article – the consolidation in this space over the last 20 years has allowed dominance in 90 percent of the market. The study was completed by the Government Accountability Office, an investigative arm of Congress.

There are some who believe the results could help strengthen the Federal Communications Commission’s argument for enhanced oversight of the wireless industry.One of the rules the FCC  is currently considering includes requiring wireless phone companies to alert consumers before they actually reach roaming or data usage limits on a wireless plan. The agency has also been examining common industry practices that may or may not be unfair to consumers.

One thing under closer examination is termination fees that occur when contracts are terminated before expiration. Although the smaller provider may find the industry more challenging, consumers are enjoying the benefits of better wireless coverage and prices that are proving to be roughly half of what they were in 1999.

The GOA report found that at the end of 2009, there were 285 million cell phone subscribers in the United States. In 1989, there were 3.5 million users. In addition, nearly 40 percent of U.S. households rely on a cell phone as their primary phone. As for why the market tends to favor larger providers, there are a number of factors referred to in the report, including early termination fees and handset exclusivity.

It doesn’t help that AT&T is the only provider that can offer the iPhone.

Although this could be challenged in the future as Android is rapidly gaining ground. Special access regulations also garnered some complaints as this element grants access to the vital back-haul lines that connect wireless towers to broader telecommunications networks.

Smaller carriers claim they pay excessive prices for such access due to the fact that most of this infrastructure is owned by companies such as  and Verizon Communications. As to what the FCC might do with the results of this report, time will tell. As to strengthening oversight of the wireless industry, this has proven to be a slow and rocky road. Will it improve in the future? Given the size of this market and the players involved, don’t look for drastic changes anytime soon.

Source

Google could be ready to turn Gmail into a communications hub by adding the ability to make phone calls from the Google Chat interface.

CNET has learned that Google is testing a Web-based service within Gmail that will allow users to place phone calls from their in-boxes. It’s launched from the Google Chat window on the lower left-hand side of a Gmail page and allows users to place and receive calls from within their contacts through a user interface that strongly resembles the one used in Google Voice.

Google has been edging in this direction for some time. Google Talk was released years ago as a VoIP (voice over Internet Protocol) desktop client, and it has also spent a lot of time and money evangelizing Google Voice, a service that transcribes voice mails and allows users to have one phone number that rings multiple phones.

But a Web-based VOIP client–which is what the new service appears to be–is another matter entirely. This is the likely culmination of Google’s work to integrate Gizmo5′s similar product, which it acquired late last year, into its arsenal. Hints that such a service was coming first surfaced in June on the Google Operating System blog, which is not affiliated with Google.

It’s not clear if Google Voice will be changing, or whether this new service is a completely separate offering. The user interfaces appear the same–for example, the same icons are used to label missed calls or placed calls–but Google Voice is not a VoIP service. Users of the new chat/phone call service aren’t required to have a Google Voice account, and calls placed to U.S. or Canadian numbers will be free, with discounts on international calls as compared to standard rates.

Skype is the obvious target of such an application, but there are lots of companies that make both desktop-based and Web-based VoIP clients.

“Google is always testing new features and products, but we have nothing specific to announce right now,” a Google representative said.

Source

Because it is based on the established iOS mobile operating system — and because it is relatively cheap and increases productivity — the iPad has found uncharacteristically quick approval from many information-technology managers at U.S. corporations.

Highlighting the success of the iPad in the business world, The Wall Street Journal on Tuesday noted that while many companies would not approve the iPhone for corporate use when it debuted in 2007, the iPad has quickly found acceptance with IT departments at companies. Part of that is because the iOS mobile operating system, previously only available for the iPhone and iPod touch, has been updated with business-friendly features such as Exchange e-mail and remote erase capabilities.

“Apple has addressed these and other issues, including the ability for companies to encrypt information on iPhones and set up secure ways for employees to connect to corporate networks,” author Ben Worthen wrote. “The latest version of the operating system used by the iPhone and iPad adds features that make the devices easier for a tech department to manage, including the ability for businesses to distribute internally developed apps without going through Apple’s App Store.”

The report noted that more than 500 of the more than 11,000 applications currently available for the iPad are business-oriented. One free application from Citrix, which allows employees to access corporate programs on the iPad, has seen more than 145,000 downloads.

Other advantages to the iPad: its $499 starting price makes it less expensive than a traditional business laptop, and more functional for activities like working standing up or giving a presentation.

The paper recalled that Mercedes-Benz dealers have been equipping employees with iPads to help them sell cars. The car maker began using the iPad at 40 dealerships in May, and earlier this summer said it was considering using the iPad at all 350 of its U.S. locations.

Other specific corporate uses of the iPad mentioned in the Journal’s report include:

• Baush & Lomb Inc., maker of eye-care products, had about 50 employees using an iPad soon after its launch. The company built its own application for salespeople. The company likes the fact that the device starts quickly and has a long battery life.
• Kaiser Permanente, an Oakland, Calif., health-care organization, has been testing the iPad in a 37,000-square-foot technology lab for viewing medical images such as X-rays and CT scans.
• Though Chicago law firm Sonnenschein Nath & Rosenthal LLP banned the iPhone when it first came out, it preordered 10 iPads before it was released. The company now has more than 50 attorneys equipped with iPads, and plans to issue them as an alternative to laptops next year.

Earlier this summer, Apple revealed that the iPad is at use in more than 50 percent of Fortune 100 companies. Companies such as SAP and Wells Fargo.

Source

Hewlett’s Hunger For Acquisitions

Mark Hurd turned out to be a man of hearty appetites — including one for deals. Before resigning as Hewlett-Packard’s chief executive this month under a cloud, Mr. Hurd led a mergers and acquisitions tear that included the purchases of 3Com, Palm, and Electronic Data Systems. But any bankers worried that the tech group’s lust for deals might wane after his departure can breathe easier.

H.P.’s unsolicited bid for 3Par, announced on Monday, could even be taken as a sign the company’s takeover libido has been given a boost. If that were to prove sustainably the case, though, shareholders might find it troubling.

A single $1.6 billion offer by a company with a $90 billion market value is, literally, no big deal. And H.P. says 3Par’s data storage technology fits perfectly into its product portfolio in the arena of cloud computing. Moreover, the tech giant can point to early successes from its 3Com purchase.

But 3Par has been on the block for some time. So it’s surprising suddenly to see an unsolicited offer just a week after Dell, H.P.’s archrival, agreed to a friendly deal at the end of a competitive auction.

And there’s the question of price. Dell agreed to buy 3Par for $18 a share. To make 3Par think again, H.P. is throwing down $24 a share — more than seven times its target’s sales, and nearly two-and-a-half times what 3Par was worth before it went on sale. H.P.’s delayed reaction also means 3Par must pay Dell $54 million if it wants to go with H.P. instead.

Companies often wait to see their competitors’ cards before moving. But H.P.’s comportment in this process is curious. Perhaps unfairly, it leaves the impression that under Mr. Hurd the company was less eager to pay up for 3Par, but that with the penny-pinching boss gone, more spendthrift voices are being heard.

That would be a concern for shareholders. And it could explain why muscling in on 3Par, a small and strategically reasonable deal, albeit at a generous price, wiped nearly $2 billion off H.P.’s market cap.

A Tax on Mining

Nature may abhor a vacuum, but Australia needn’t. The country’s first hung Parliament in 70 years should not frighten investors. The bad news is that a proposed “supertax” on mining, despite its appealing logic, may not survive the political wrangling.

Two days after votes were cast, Prime Minister Julia Gillard’s incumbent Labor Party looks likely to emerge three seats short of a majority in the 150-seat lower house. Australia’s benchmark index has barely budged, and the Aussie dollar has risen slightly. The reason? The economy needs little work. Unemployment is probably as low as it can go, and debt is a meager 6 percent of gross domestic product.

Ms. Gillard must now woo the stragglers, likely to include one Green lawmaker and three independents. With little to play for in terms of economic policy, the bulk of the horse trading will revolve around secondary issues like broadband access in rural areas, water usage and carbon trading.

But the biggest bargaining chip looks to be the proposed mining tax, which would raise an estimated 10.5 billion Australian dollars ($8.94 billion) in two years by applying a levy to mining profits. The opposition National Liberal Coalition is unambiguously against the tax. Labor is in favor, though Ms. Gillard has already watered down the proposal inherited from her ousted predecessor, Kevin Rudd, by cutting the headline rate to 30 percent from 40 percent.

Taxing mining profits rather than levying fixed rents on production, as happens now, is a good idea. It would make the good times less good, but the bad times less bad. It would also capture some of the gains that commodity producers have earned as a result of easy money disgorged by governments, which has helped to push up prices.

While it is too early to call, the odds of independent candidates, who represent rural areas, backing the tax as it stands look slim. That would be a shame. Mining’s contribution to Australia’s economy is easy to overstate — it generates 6.7 percent of the country’s G.D.P. but accounts for just 3 percent of jobs. Yet measured by gross profit margins, it is by far the country’s most profitable industry. If the tax is dumped, the mine operators — not Australia — will have won.

Source