Microsoft to patch critical Windows, Office flaws

By Dawn Kawamoto
Staff Writer, CNET News.com

Published: October 5, 2006, 2:57 PM PDT

Microsoft plans to issue nearly a dozen security patches on Tuesday, including critical fixes for Windows and Office.

The company will release six updates for the operating system and four for the office suite, according an advance notice sent out Thursday by the software giant. Some of the patches will be deemed "critical," the company's highest severity rating. The company also plans to send out a security bulletin for Microsoft .Net that will be tagged moderate, it said.

The updates, part of Microsoft's regularly scheduled monthly patch cycle, come after sample attack code has surfaced for vulnerabilities in the Windows Shell component of the operating system. Those flaws could enable attackers to use a Web site to load malicious software onto systems.

The past few weeks have seen the arrival of third-party patches for the Windows Shell problem. The Zeroday Emergency Response Team, or ZERT, delivered its own fix, aiming to help people protect their PCs until Microsoft issued an official update. In addition, security company Determina provided an outside patch for the same issue.

Microsoft has said it will provide a patch for the Windows Shell vulnerability in its October bunch of bulletins. It is expected to announce more details regarding the flaws once the patches are released next week.

In September, the company delivered a critical fix for Office, one of three security bulletins in that monthly patch cycle.

 

Torpark v1.5.0.7

Ada senjata baru untuk surfing internet dengan aman tanpa meninggalkan jejak. Beritanya aku dapat dari rubrik 'Digital Internet' Koran Tempo hari ini. Software tersebut bernama Torpark. Dijelaskan bahwa Browser Torpark diciptakan oleh Steve Topletz dan release perdananya adalah tanggal 19 September lalu.

Kalau boleh dibilang sih software ini tidak bisa di sebut Browser. Kenapa? Karena yang aku lihat dia tidak berupa suatu software yang utuh tetapi ternyata disandingkan dengan Mozilla fire fox, bisa juga disebut plugin. Sewaktu aku install di komputer ternyata Firefox yang selama ini selalu menemaniku tidak bisa disandingkan dengan Firefox bawaannya Torpark. Akhirnya ketahuan juga penyakitnya. Ternyata Firefox ku adalah versi desktop sementara Firefox bawaan torpark adalah versi Portable Edition.

Tapi selain itu memang sewaktu Torpark aku jalankan ada beberapa tahapan sebelum firefoxnya muncul. Jadi sewaktu loading tidak serta merta firefox muncul seperti pada browser biasa. Ternyata pada waktu Torpark dijalankan, dia akan menciptakan sebuah koneksi yang ter-encript ke jaringan TOR. TOR sendiri adalah singkatan dari The Onion Router yaitu suatu program yang memungkinkan penggunanya untuk berkomunikasi secara anonim di internet.

Jadi sekarang kita tidak perlu khawatir jejak-jejak penjelajahan kita di dunia maya bisa terendus oleh oknum yang tidak bertanggung jawab. Disebutkan di situs resminya, apabila menggunakan Torpark sewaktu kita menjelajah internet, IP kita akan berubah-ubah setiap menit sesuai data yang dipasok oleh jaringan TOR. Untuk membuktikannya kita bisa mencoba lewat situs yang menyediakan layanan pembacaan IP seperti di www.whatismyip.com . Akan terlihat apabila setelah sekian lama direfresh alamat IP kita akan berubah dengan sendirinya. Bisa saja IP saya yang di indonesia setelah beberapa menit akan berubah menjadi IP negara nun jauh di sana semisal Afrika Selatan. Saya sertakan screenshot.Torpark ketika pertama kali dijalankan.

Ada kelemahan yang sangat kentara apabila kita menggunakan Torpark. Kinerja browser kita akan terasa melambat. Ini disebabkan karena sebelum surfing di internet kita harus melewati dulu jaringan TOR. Tetapi jangan khawatir apabila kita tidak sedang ingin menggunakan Torpark, kita bisa menonaktifkannya sementara lewat tombol yang ada di browser firefox.

Untuk lebih jelasnya bisa dilihat langsung di situs resminya di http://torpark.nfshost.com/.

IBM deal could mean smarter cars, better drivers

By Candace Lombardi
Staff Writer, CNET News.com

Published: September 14, 2006, 2:13 PM PDT

 

IBM will help design software that could lead to self-adjusting headlights on cars and sensors that help avert crashes, as part of a deal signed Wednesday.

Big Blue will design and develop software and handle intellectual property management in a five-year deal with Magna Electronics, an auto electronics division of Canada-based Magna International, that has already begun developing "smart" car parts. Financial terms of the deal were not disclosed.

"Magna Electronics' partnership (with IBM) will be growing and enhancing the capability that we already have. It puts us on a different playing field," said Tracy Fuerst, a spokeswoman for Magna International.

Neither company would comment on specific products. But, Bernie Meyerson, the chief technology officer for IBM Systems Technology, did say that the collaboration could produce things like embedded sensors and cameras that would slow down a car approaching a stop sign if a driver does not react in time. Another system placed inside a car could tell when a driver is drifting off to sleep and sound an alarm, or emit an evergreen scent, to wake him. "Intelligent headlights" could adjust depending on lighting and weather conditions, said Meyerson.

According to one analyst, this deal will create multiple business opportunities for IBM. Whether it's hardware, software, storage, operations or management services, IBM will be able to become a supplier for these kinds of channels to the automotive industry, said Jonathan Eunice, president and principal analyst for Illuminata.

Meyerson said that the collaboration will incorporate the Unstructured Information Management Architecture (UIMA) technology that IBM unveiled in 2003. In this case, the UIMA technology would retrieve real-time data, including a car's speed, the speed of the car in front of it, traffic patterns and the average speed of multiple cars on a particular road. That data could then be used to regulate the car's driving patterns.

Having a car organize all that information and then respond to it accordingly is extremely complex, said Meyerson. It requires several software and hardware components in the car to work together seamlessly.

"To put it in the simplest terms, you need a computer that takes care of itself," said Meyerson. "It becomes like the human body. You don't act to make your heart beat. You don't act to make your immune system fight off bacteria. That level of autonomic function has not gotten there yet" for cars, said Meyerson.

Eunice said that politicians and technology companies like to put forth grand visions of car autonomy, safety and convenience to gain support for technology that is complicated and tedious to explain otherwise. Most likely, said Eunice, you will see such advancements in government and commercial vehicles first.

"We expect these to eventually be pervasive like seatbelts and antilock breaks. But it takes decades to happen," Eunice said. "It does require quite a long time to develop and the progress happens somewhat fitfully."

Sun seeks Solaris security badge

By Stephen Shankland
Staff Writer, CNET News.com

Published: September 14, 2006, 3:33 PM PDT

 

Sun working on a new high-level security certification, Common Criteria Evaluation Assurance Level 4+, for a coming security-enhanced version of Solaris 10 operating system, the server and software company said Wednesday. Sun previously maintained a separate version of the operating system, Trusted Solaris, for high-security environments. But because the demand for its features is expanding to mainstream customers, the company discontinued that product in favor of "Trusted Extensions" folded into ordinary Solaris.

The extensions will be available later this year in the Solaris 11/06 update, Sun said. The current Solaris 10 is under evaluation for two EAL4+ profiles, Controlled Access Protection Profile (CAPP) and Role-Based Access Control Protection Profile (RBACP), and with the extensions, for a third, Labeled Security Protection Profile (LSPP). That third level is required for storing secret or top secret data on the same server as public information, Sun said. The last version of Trusted Solaris was based on Solaris 8, Sun said.

Microsoft wants more Vista testers

By Ina Fried
Staff Writer, CNET News.com

Published: September 14, 2006, 10:34 AM PDT

 

Microsoft said on Thursday that it is looking for more people to give Windows Vista a try.

The software maker said that the Release Candidate 1 version offered up earlier this month is now being opened up to consumers who were not already testing the new operating system.

Microsoft is looking for more testers, as it works to iron out the bugs in Vista. After several delays, the company hopes to release Vista to large business customers in November and start selling it broadly in January.

"RC1 represents a significant industry milestone on the road to delivering Windows Vista, and customer participation and feedback are integral parts of the development process," Microsoft said in a statement. "The feedback received thus far from testers has been extremely valuable, and Microsoft expects that by expanding the (customer preview program) with RC1, the Windows Vista team will gather even more worthwhile input."

In all, Microsoft expects to make the latest test version available to about 5 million people.

Dell: Exploding batteries are Sony's fault

By Tom Espiner
Special to CNET News.com

Published: September 14, 2006, 9:49 AM PDT

Last modified: September 14, 2006, 10:32 AM PDT

 

NEW YORK--Chairman Michael Dell has denied that the way Dell constructs its PCs played a part in a spate of battery-related fires. He instead laid the blame entirely with the manufacturer of the battery cells, Sony.

"We know exactly why there was a problem. Sony had contaminated its cells in the manufacturing process," Dell told ZDNet UK at the company's Technology Day event here on Tuesday.

Dell refuted reports by Sony that the way his company integrates the battery cells into its PC designs made its machines more susceptible to problems than devices from other computer makers.

"The batteries were contaminated and were no good no matter what you did with them," Dell said. "We know the batteries, under rare circumstances, catch fire, (which is why we recalled them)."

Dell recalled the batteries last month after several of its laptops overheated and caught fire. Other manufacturers are known to use Sony battery cells, but only Dell and Apple Computer have been affected by any problems.

Sony has agreed to help financially with the Dell recall and another by Apple resulting from faults with Sony batteries. However, a Sony representative denied that the blame for Dell's battery cell problems lay completely with the Japanese manufacturer.

"It is the configuration. We use the same batteries in our Vaios, and have our own safeguards against potential overheating. Other manufacturers which use the same cells haven't come forward with any issues. On rare occasions, a short circuit can occur, but this is affected by systems configurations found in different laptops," the representative said.

Extra problems for small manufacturers?
But Dell has maintained that other laptop manufacturers may face the same battery problems that forced it to recall 4.1 million cells. The computer giant claimed that it preempted the rest of the market in recalling the batteries.

"We were out in front on this issue, we see this stuff faster. Maybe there are products out on the (reseller) channel that could (have problems). I don't see anything to preclude that," Alex Gruzen, general manager of the Dell product group, told ZDNet UK. "Maybe we're seeing problems ahead of the smaller-volume producers."

Dell said this may be more difficult to rectify for smaller manufacturers that sell through reseller channels, as those manufacturers, because they had not sold directly to customers, would have to take extra steps to trace and recall faulty batteries.

"We can identify who has the faulty batteries in a way our competitors cannot, because they sell through the channel," added Gruzen.

Gruzen added that the recall was progressing well but admitted the company had little control over any damage to its reputation following the battery problems.

"It's really up to you (the consumer), to be honest. Customers will have to decide for themselves. We're going to worry about what's under our control. We are executing the recall extraordinarily well," Gruzen said.

Jeff Kimble, European marketing manager for Dell, said that the faulty batteries were a problem Dell wasn't proud of, but that it was "proud of its response."

Sony said the recalls had arisen because of microscopic metal particles in the recalled battery cells coming into contact with other parts of the battery cell, leading to a short circuit within the cell.

"The potential for this to occur can be affected by variations in the system configurations found in different notebook computers," Sony said.

Sony currently estimates that the overall cost of supporting the recall programs of Apple and Dell will amount to between 20 billion and 30 billion yen ($170 million and $255 million). The estimate is based on the cost of replacement battery packs and any related costs to be incurred by Sony.

Tom Espiner of ZDNet UK reported from New York.  

Behind Google's German courtroom battle

By Anne Broache
Staff Writer, CNET News.com

Published: September 14, 2006, 4:00 AM PDT

 

Google's free Web e-mail offering may be available for correspondence in 40 languages, but efforts at worldwide expansion using the moniker "Gmail" continue to face complications.

Last October, the search giant grabbed headlines--and miffed some British users--when it voluntarily renamed its service "Google Mail" in the United Kingdom, following an out-of-court trademark dispute.

The woes don't end there. Across western Europe, a quiet battle rages on between Google and Daniel Giersch, a German-born venture capitalist who insists he'll never relinquish his 6-year-old trademark registration of "G-mail...und die Post geht richtig ab" (translation: G-mail...and the mail goes right off).

"Google's behavior is very threatening, very aggressive and very unfaithful, and to me, it's very evil," he said in a recent telephone interview with CNET News.com from his part-time Los Angeles home.

A Hamburg, Germany, district court has already handed Giersch victories at both the preliminary and final stages of the litigation. Dismissing Google's arguments that the two names are not confusingly similar, it ordered the company earlier this year to remove all "Gmail" references from its German service and to cease handing out gmail.com aliases to users within the geographic area.

Buoyed by that success, Giersch said he plans new lawsuits to defend more recent registrations of the trademark in Switzerland, Norway and Monaco, where he hopes to expand his electronic postal delivery business that goes by the G-mail (short for "Giersch mail") name. He said he is also considering a suit in the United States based on alleged "investment losses" that the overseas disputes have wrought on the American arm of his venture capital firm. (Google has already encountered competition for the U.S. trademark.)

Google still maintains it has clear rights to use the Gmail name in Germany and in countries throughout the world where it has applied for such trademark rights. It lodged an appeal against the Hamburg district court's decision but claims it has nevertheless been abiding by the orders to restrict all people determined to be German residents to use only of googlemail.com, ever since a preliminary injunction was issued in April 2005.

"In no case do we offer or allow a user to use '@gmail.com' if the user's IP address is German," a company representative said in an e-mail interview.

Google has initiated its own actions against the 32-year-old Giersch in other European countries since the German litigation began, asserting it has prior rights to the Gmail name and that Giersch's registration attempts should be blocked. Giersch's lawyers said the company has filed--so far, unsuccessfully--for a cancellation of his Norwegian holding with the country's trademark office. The Google representative would confirm only that a court challenge is pending against the Swiss trademark, adding that "there are a number of cases outstanding against Giersch in Europe."

For the Mountain View, Calif.-based search market leader, the rationale is simple: "Google will take the action it deems necessary to protect our interests in Europe," the company representative said.

Google v. Giersch
Sergey Brin and Larry Page started Google with a home-brewed data center in a dorm room. For Daniel Giersch's venture, it was a backpack and a bicycle.

When he was 18, Giersch founded his first company, a same-day mail delivery service designed to offer a swifter alternative to the Deutsche Post. Within a few years, by his estimation, the company was delivering 80 percent of the mail within his hometown of Itzehoe, a town of about 30,000 residents near Hamburg.

Giersch ultimately sold control of the physical delivery operations and started on a new venture he called "hybrid mail." The idea is to combine the relative security of physical mail delivery with the speediness of e-mail. A sender's document is scanned into Giersch's system at its origin, transmitted electronically to a G-mail office in the destination city, printed out at the other end and hand-delivered to its recipient. Giersch also offers users a "secure" gmail.de address, which they can obtain only by verifying their identities with a passport or other official ID card--a far different business model from Google's Gmail, he said.

In 2000, Giersch registered "G-mail...und die Post geht richtig ab" with the German trademark office. He was still investing in and developing his hybrid mail service four years later (in Germany, one has five years after registering a trademark to commercialize its use), when he saw news reports that Google planned to launch a Web e-mail service named Gmail. Google's e-mail service debuted in April 2004.

"Knowing Google is very powerful, I liked it at the time; I Googled myself everyday. I said, 'you know what? I want to call these guys,'" Giersch said in a telephone interview. "I did my MBA, and I know what a big company is looking for, and that is international growth. I knew sooner or later they would go to Germany."

After rebuffing his initial attempts to talk over the situation, Google eventually offered to buy the German trademark rights for $250,000, Giersch said. But by then, turned off by what he deemed "arrogance" on the search giant's part, he had decided never to settle. When Google started offering the Gmail service in German in 2005, Giersch believed he had grounds under German trademark law to sue the company for infringement, so he did just that.