A new version of the popular Skype VOIP application has been released to correct a bug that caused Skype to be misread as a potential security threat.

The Skype 2.0.0.73 for Windows update fixes a flaw that triggered a DEP (Data Execution Protection) warning on systems running Windows XP SP2 with DEP-enabled Intel or AMD processors.

DEP is a set of hardware and software technologies that perform additional checks on memory to help prevent buffer overflow attacks.

The Skype bug meant that users running new computers had to manually configure the application as an exception to turn off the DEP warnings.

This, however, created a scenario where users were being lulled into ignoring DEP warnings because of the Skype bug.

"If you added Skype to some DEP exception list before this release, feel free to upgrade to 2.0.0.73 and then remove it from the exceptions list," the company said.

Walt Disney Co. is in serious talks about an acquisition of Pixar Animation Studios, the Wall Street Journal reported on Thursday, citing people familiar with the matter.

The newspaper report said terms under discussion would have Disney pay a small premium to Pixar's current stock market value of $6.7 billion. The deal would be a stock transaction and make Pixar Chief Executive Officer Steve Jobs the biggest individual shareholder in Disney, the newspaper reported.

The talks are at a sensitive stage and other options are possible, including an agreement for Disney to distribute Pixar movies, the report said, citing people familiar with the situation.

The companies have been partners since Pixar began making feature films with "Toy Story". Currently Pixar and Disney split costs, and Disney effectively has sequel rights to Pixar films.

Google Inc. is continuing to expand its advertising capabilities beyond the online world, agreeing to buy a company that automatically connects advertisers with radio stations. The price could top $1.2 billion.

The company, dMarc Broadcasting Inc. of Newport Beach, Calif., creates an automated platform that lets advertisers more easily schedule and deliver ads over radio and keep track of when they air. On the broadcaster side, the dMarc technology automatically schedules and places such advertising, helping stations minimize costs.

Under the deal, announced Tuesday, Google would pay dMarc at least $102 million in cash. If performance targets are met, Google would make additional payments of up to $1.14 billion over three years.

The up-front cash payment will make only a small dent in Google's reserves. Through September, Google had $7.6 billion in cash and marketable securities, though it has since committed to making a $1 billion investment in Time Warner Inc.'s America Online unit.

Google said it plans to integrate the dMarc technology with its highly successful Google AdWords platform, in which third-party Web sites share revenues with Google for carrying the Mountain View., Calif., company's highly profitable search ads.

"Google is committed to exploring new ways to extend targeted, measurable advertising to other forms of media," said Tim Armstrong, Google's vice president for advertising sales.

Oracle Corp. released patches addressing more than 100 separate vulnerabilities in its database and application server software, as well as in its collaboration and e-business suites.

The patches, which are part of Oracle’s scheduled quarterly updates, included fixes for flaws in its PeopleSoft and J.D. Edwards portfolios.

A large number of the flaws affecting Oracle’s databases were listed as having a “wide” impact on database availability, integrity and confidentiality.

For instance, one of the them is a vulnerability in Oracle databases that enables any user with basic access privileges to assume the role of a database administrator. The flaw, first reported to Oracle in October by database security firm Imperva Inc., also allows would-be attackers to prevent illegal activity from being recorded by the database server’s built-in auditing mechanism, said Shlomo Kramer, Imperva’s CEO.

This is the second batch of patches to be released by Oracle since the company moved to a quarterly schedule last fall. Oracle’s next patch update is slated for April 12.

Under its Critical Patch Update program, Oracle has said that it will release highly integrated patches that combine fixes for multiple high-priority vulnerabilities. The patches are cumulative, meaning users who miss applying patches one quarter can apply a cumulative update the following quarter that addresses both the previous problems and any new ones that might have cropped up.

Oracle has made a great deal of improvement over the past year in [its] security response processes, but there is still a long way to go.

Updated: America Online posts a hotfix to correct a buffer overflow vulnerability in its "You've Got Pictures" photo album service.

A critical security flaw in America Online Inc.'s "You've Got Pictures" service could put millions of users at risk of PC takeover attacks, according to a warning from the US-CERT (U.S. Computer Emergency Readiness Team).

In an advisory, US-CERT described the flaw as a buffer overflow in an AOL YPG Picture Finder Tool ActiveX control (YGPPicFinder.DLL) that may be exploited to execute arbitrary code or cause a denial-of-service condition.

The vulnerability affects AOL 8.0, AOL 8.0 Plus and AOL 9.0 Classic. In addition, the vulnerable control was distributed via the "You've Got Pictures" Web site prior to 2004.

A separate alert from FrSIRT (French Security Incident Response Team), rates the bug as "critical" and warned that the vulnerable ActiveX control does not properly handle overly long input strings.

"[This] could be exploited by remote attackers to compromise a vulnerable system by convincing a user to visit a specially crafted Web page."

ESET, a personal favorite provider of security software for enterprises and consumers, announced that its NOD32 solution with ThreatSense(R) technology has been enhanced to protect users and organizations against stealth rootkit applications. Rootkits, which by design are highly undetectable, are widely known to escape discovery by traditional signature-based antivirus methods.
   
   Rootkits recently came to public attention when it was discovered that Sony included a rootkit on some of its music Cds and video DVDs in an effort to prevent illegal copying and distribution of copyrighted material. Designed specifically to be "invisible" to users, rootkits can be used to hide malicious software, giving criminals the opportunity to exploit unprotected computers.
   
   "Rootkit detection is based on the new generation of intelligent signatures, which is a part of the ThreatSense technology," says Richard Marko, chief software engineer for ESET. "Currently, ESET is the only integrated threat protection system known to proactively detect even unknown rootkits."
   
   ESET's NOD32 ThreatSense(R) technology is a sophisticated detection system based on advanced heuristics that proactively identifies previously unknown malware, such as that which exploited the Sony rootkit.
   
   Rootkit protection is available immediately to current NOD32 license holders, and will be automatically installed to computers configured to receive automatic program component updates. To download a free trial copy of NOD32, please visit www.eset.com.

Responding to the rising cybercrime threat, the Federal Trade Commission on Tuesday unveiled an online tool designed to help consumers avoid becoming victims of Internet scams.

At the website, www.onguardonline.gov, consumers can take interactive quizzes designed to enlighten them about ID theft, phishing, spam and online-shopping scams.

If the user selects a wrong answer, the program explains why that particular misconception about Internet security can lead to trouble.

Elsewhere on the site, consumers can find detailed guidance on how to monitor their credit histories, use effective passwords and recover from identity theft.

"We're trying to make the information as accessible as possible, with tips so people can take action," said Nat Wood, the FTC's assistant director for consumer and business education.

The education push comes as the tide of cybercrime continues to rise. Special reports by USA TODAY have detailed how online thieves are sidestepping computer firewalls, anti-virus and anti-spyware programs to conduct elaborate scams centered around use of the Internet.

Inherently difficult to track, evidence of cybercrime nonetheless continues to mount:

•Malicious software. During the first half of 2005, 74% of the top 50 malicious attacks contained code to steal account logons, passwords and other sensitive data, compared with 54% the previous six months, according to security firm Symantec.

•Keystroke loggers. The number of programs designed to directly swipe logons and passwords, as a computer user types them on a keyboard, soared to about 6,191 last year, up from 3,753 in 2004, says iDefense, a division of VeriSign.

•Hijacked online accounts. Computers in an estimated 9.9 million U.S. households that engage in online banking transactions have been infected by keystroke loggers, giving cybercrooks potential access to an estimated $24 billion in deposits, says the tech security think tank The Sans Institute.

1.11.2006 Microsoft Corp. released two patches Tuesday that carry its maximum rating of critical, to fix software problems that could allow an attacker to take control of another person's computer.

Microsoft said one patch is to fix a flaw in Windows desktop and server software that could let an attacker gain control of an Internet-connected computer if a user were tricked into visiting a malicious Web site. The fix is for operating systems dating back to Windows 2000.

The other patch is to fix a flaw in the part of Microsoft's Office business software and Exchange Server software that lets users change and manage language preferences. The fix is for versions of the software dating back to Office 2000.

The patches, released Tuesday as part of Microsoft's regular monthly security update, follow the release last week of another critical fix for a flaw in an element of Windows that is used to view images.

The move to Intel chips will boost Apple's sales and erase the perception that computers lag behind Windows-based PCs in performance, analysts said. "Now consumers can buy a Mac that is three times faster and for the same price," said Nathan Brookwood, an analyst with Insight 64 research firm.

With the success of its iPod players and flashy retail stores, Apple has already begun siphoning customers from the Windows camp. After years of hovering around 3 percent, Apple last year cracked 4 percent of the U.S. PC market.

Apple's historic shift to Intel microprocessors came months earlier than expected as CEO Steve Jobs debuted Tuesday an iMac desktop and a notebook based on the chip makers' new two-brained processor, the Intel Core Duo.

When it first announced plans to switch in June, Apple said it expected to begin making the transition by mid-2006. On Tuesday, Jobs was joined at the Macworld Expo by Intel CEO Paul Otellini to unveil the new jointly designed computers.

Jobs said its entire Mac line will be converted to Intel by the end of 2006.

The shift comes as Apple's hugely popular iPods continue to enthrall the public. Apple brought in a record $5.7 billion in sales during the holiday quarter as it sold 14 million iPods — nearly three times as many units as it did in the same period a year ago, Jobs said. Meanwhile, Apple's online iTunes store has sold more than 850 million songs and 8 million videos to date, he said.  The company's stock shot to a 52-week high on the news.

Anthony Scott Clark, 21, of Beaverton, Oregon, and accomplices collected over 20,000 zombie computers that allowed them to attack the nameservers of eBay.com, causing a denial of service for legitimate users of the targeted system.

Clark, also known by his alias name, "Volkam", was found, and pleaded guilty to knowingly damaging a protected computer. He now faces a maximum statutory penalty of a find or $250,000, 10 years imprisonment, according to the U.S. attorney for the Northern District of California. The sentence following conviction will only be imposed by the court, after considering the US Sentencing Guidelines and Federal Statutes governing imposition of sentences.

Clark, along with his accomplices, infected over 20,000 computers using a worm program which took advantage of a vulnerability in the computers running the Windows Operating System.

The collected "zombies" were passed on to a Internet Relay Chat (IRC) server protected by passwords, where they logged and stayed put for further instructions. After getting instructions from Clark and his accomplices, these bots launched the DDOS attack on computers or their corresponding network connected to the Internet.

The prosecution resulted after investigation from agent of US Secret Service's Electronic Crimes Task Force. This force is overseen by US Attorney's Office's Computer Hacking and Intellectual Property (CHIP) Unit. The Assistant US attorney who was prosecuting the case, Christopher P. Sonderby is the Chief of the CHIP Unit.

The competing technologies are Blu-ray, the high-definition video disc format backed by Sony Corp. and several other major vendors, and HD-DVD, which is backed by the DVD Forum and companies including Toshiba Corp., NEC Corp., Intel Corp. and Microsoft Corp.

The difference in storage space is huge: regular DVDs can hold 4.7GB of music, movies and other data, while Blu-ray can carry 25GB of data and HD-DVD can hold 15GB. But despite some other advantages for each of the two new formats, the companies backing them have been unable to compromise on a single standard.

Now, both groups appear ready to let consumers decide the winner, just like the 1980s video cassette recorder fight between VHS and Betamax.

Howard Stringer, chairman and CEO of Sony, said that talks between the Blu-ray and HD-DVD camps broke down some time ago for a number of reasons and that now the factions are at a point where it's difficult to step back from their positions.

"There's no question that a format war is not a good idea, but I don't see what we can do about it except push on and convince everybody that a revolutionary high-definition disc [Blu-ray] is better than an evolutionary high-definition disc [HD-DVD]," he said during a news conference at the 2006 International Consumer Electronics Show in Las Vegas.

A cut fiber-optic cable knocked out Sprint Nextel Corp. service Monday for almost a third of the geographic United States, according to an alert issued to customers. All calls initiated west of the Rocky Mountains were affected.

After several hours, service began to be restored, the company said. According a memo, a fiber cable was damaged in the line between Phoenix and Palm Springs, Calif., midday.

At the same time, Sprint performed emergency maintenance to its fiber network near Reno, Nev., which required the temporary routing of traffic through the Phoenix network. These two actions resulted in a "dual" fiber cut for traffic passing to and from the western parts of the country.

Customers initiating calls west of the Rocky Mountains received busy signals or an automated message that all circuits were busy.

The outage affected Sprint's wired and wireless customers, including long distance and local services.

Blu-ray, also known as Blu-ray Disc (BD) is the name of a next-generation optical disc format jointly developed by the Blu-ray Disc Association (BDA), a group of the world's leading consumer electronics, personal computer and media manufacturers (including Apple, Dell, Hitachi, HP, JVC, LG, Mitsubishi, Panasonic, Pioneer, Philips, Samsung, Sharp, Sony, TDK and Thomson). The format was developed to enable recording, rewriting and playback of high-definition video (HD), as well as storing large amounts of data. A single-layer Blu-ray Disc can hold 25GB, which can be used to record over 2 hours of HDTV or more than 13 hours of standard-definition TV. There are also dual-layer versions of the discs that can hold 50GB.

While current optical disc technologies such as DVD, DVD±R, DVD±RW, and DVD-RAM use a red laser to read and write data, the new format uses a blue-violet laser instead, hence the name Blu-ray. Despite the different type of lasers used, Blu-ray products can easily be made backwards compatible through the use of a BD/DVD/CD compatible optical pickup and allow playback of CDs and DVDs. The benefit of using a blue-violet laser (405nm) is that it has a shorter wavelength than a red laser (650nm), which makes it possible to focus the laser spot with even greater precision. This allows data to be packed more tightly and stored in less space, so it's possible to fit more data on the disc even though it's the same size as a CD/DVD. This together with the change of numerical aperture to 0.85 is what enables Blu-ray Discs to hold 25GB/50GB.

With the rapid growth of HDTV, the consumer demand for recording HD programming is quickly rising. Blu-ray was designed with this application in mind and supports direct recording of the MPEG-2 TS (Transport Stream) used by digital broadcasts, which makes it highly compatible with global standards for digital TV. This means that HDTV broadcasts can be recorded directly to the disc without any quality loss or extra processing. To handle the increased amount of data required for HD, Blu-ray employs a 36Mbps data transfer rate, which is more than enough to record and playback HDTV while maintaining the original picture quality. In addition, by fully utilizing an optical disc's random accessing features, it's possible to playback video on a disc while simultaneously recording HD video.

Blu-ray is expected to replace VCRs and DVD recorders with the transition to HDTV over the coming years. The format is also likely to become a standard for PC data storage and HD movies in the future.

Microsoft Corp. has slapped a 'buyer beware' tag on a third-party patch for the zero-day Windows Metafile flaw and promised that its own properly tested update will almost certainly ship Jan. 10.

The company's latest guidance comes days after an unofficial hotfix from reverse-engineering guru Ilfak Guilfanov got rare blessings from experts at the SANS ISC (Internet Storm Center) and anti-virus vendor F-Secure Corp.

Guilfanov, author of the IDA (Interactive Disassembler Pro), released an executable that revokes the "SETABORT" escape sequence that is the crux of the problem. The hotfix was tested and approved for use by many security experts, but Microsoft says it cannot vouch for the quality of the fix.

"Microsoft recommends that customers download and deploy the security update for the WMF vulnerability that we are targeting for release on January 10, 2006," the company said in an updated advisory.

Microsoft said its own patch has already been developed and is going through a rigid round of quality assurance testing. "The security update is now being localized and tested to ensure quality and application compatibility." Last-minute glitches in the patch testing process could still delay the update.

As a general rule, the Redmond, Wash., company never recommends third-party updates. Ever since attackers started exploiting the bug to push malware on vulnerable Windows systems (XP SP2 included), the company has thrown all its security resources into the investigation and patch-creation process, making it virtually impossible to validate the third-party code.

Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution.

On Tuesday, December 27, 2005, Microsoft became aware of public reports of malicious attacks on some customers involving a previously unknown security vulnerability in the Windows Meta File (WMF) code area in the Windows platform.

Upon learning of the attacks, Microsoft mobilized under its Software Security Incident Response Process (SSIRP) to analyze the attack, assess its scope, define an engineering plan, and determine the appropriate guidance for customers, as well as to engage with anti-virus partners and law enforcement.

Microsoft confirmed the technical details of the attack on December 28, 2005 and immediately began developing a security update for the WMF vulnerability on an expedited track.

Microsoft has completed development of the security update for the vulnerability. The security update is now being localized and tested to ensure quality and application compatibility. Microsoft’s goal is to release the update on Tuesday, January 10, 2006, as part of its monthly release of security bulletins. This release is predicated on successful completion of quality testing.

The update will be released worldwide simultaneously in 23 languages for all affected versions of Windows once it passes a series of rigorous testing procedures. It will be available on Microsoft’s Download Center, as well as through Microsoft Update and Windows Update. Customers who use Windows’ Automatic Updates feature will be delivered the fix automatically.

Based on strong customer feedback, all Microsoft’s security updates must pass a series of quality tests, including testing by third parties, to assure customers that they can be deployed effectively in all languages and for all versions of the Windows platform with minimum down time.

Microsoft has been carefully monitoring the attempted exploitation of the WMF vulnerability since it became public last week, through its own forensic capabilities and through partnerships within the industry and law enforcement. Although the issue is serious and malicious attacks are being attempted, Microsoft’s intelligence sources indicate that the attacks are limited in scope and are not widespread.

In addition, anti-virus companies indicate that attacks based on exploiting the WMF vulnerability are being effectively mitigated through up-to-date signatures.

Customers are encouraged to keep their anti-virus software up-to-date. The Microsoft Windows AntiSpyware (Beta) can also help protect your system from spyware and other potentially unwanted software. Customers can also visit Windows Live Safety Center and are encouraged to use the Complete Scan option to check for and remove malicious software that takes advantage of this vulnerability. We will continue to investigate these public reports.

If you are a Windows OneCare user and your current status is green, you are already protected from known malware that uses this vulnerability to attempt to attack systems.

Customers who follow safe browsing best practices are not likely to be compromised by any exploitation of the WMF vulnerability. Users should take care not to visit unfamiliar or un-trusted Web sites that could potentially host the malicious code.

Overclocking mad man and explosive AMD Duron. Kids don't try this one at home, seriously no computing can be practicle using this approach.

http://video.google.com/videoplay?docid=5393904704265757054

Holiday shoppers in the United States had spent $25 billion online during one week ending 16 December and electronics and clothing items were their favourites. This represents a 25 per cent increase over the same period in 2004, according to a survey.

The survey, covering 1,000 adults carried out by Goldman, Sachs & Co., Nielsen/NetRatings and Harris Interactive for the Holiday eSpending Report, said shoppers bought computers and consumer electronics worth $3.75 billion and $3.67 billion respectively, the two items together accounting for 28 per cent of online spending.

Clothing items accounted for $4.68 billion, an aspect, which the surveyors said, indicated that more and more people are becoming accustomed to online buying of apparel. Some of the brands that have become popular are Gap and Eddie Bauer, while department stores like Macy's seem to have made an online presence, the surveyors said.

The report said toys and video games were not favourite items and only 7 per cent of the spending went for these items -- $1.91 billion. This is possibly because the shoppers are waiting for the new video game consoles, which are expected in the market soon. This adversely affected the sales of new game titles.

The surveyors said sales during the week ending 16 December as the biggest sales week for the holiday shopping season, which started 1 November.

80% of spam received by Internet users in North America and Europe can be traced via aliases and addresses, redirects, hosting locations of sites and domains, to a hard-core group of around 200 known spam operations ("spam gangs"), almost all of whom are listed in the ROKSO database. These spam operations consist of an estimated 500-600 professional spammers with ever-changing aliases and domains. The vast majority of those listed here operate illegally and move from network to network (and country to country) seeking out "spam-friendly" Internet Service Providers ("ISPs") known for lax enforcing of anti-spam policies.

"The big list"  "Worst Spammers"  "Worst Networks"   "Worst Countries"

Museum of Modern Art: MoMam.org
Pixar: 20 Years of Animation
December 14, 2005–February 6, 2006

Film and Media Gallery, Titus 1 Lobby Gallery, Titus 2 Lobby Gallery, and throughout the first floor.

The Sony BMG rootkit fiasco (aided and abetted by DRM vendors) as the tech blunder of the year. If they do not want to take the award as a blunder then I seriously question their true intent.

It was a security gaffe, creating a major vulnerability. It was a storage screw-up, corrupting users' file systems. It was an offense against developers, misappropriating open-source code. It was an abuse of networks, covertly installing phone-home code.

Then to release an online fix to the problem which only opened you up with the Active-X object that is needed to do it all in a browser. I have to ask are they asleep at Sony or are they drunk? This is a company which once brought fantasic products. Now the question really is if this was a small company, would they have been shut down? Likely all the people at the top would be in jail.

The Sony brand name was already in trouble—it lost 16 percent of its value between 2004 and 2005. This blunder puts their name on everyone's lips though in a rather counterproductive way.

In the past we have pointed at a couple of free templates or starter kits for dotnet 2.0 developers. A Starter Kit is an enhanced project template distributed to other developers to demonstrate a specific technology or implementation. Starter Kits usually include documentation, sample code, and sample data. When a Starter Kit is opened the project can be run without any additional coding, or more features can be added by the user. Starter Kits are a great way to help others learn a language, class features, or a specific programming implementation or technique using a real world project example.

To create a Starter Kit.

Competitive Comparison

E-mail remains the dominant method of communication within organizations and on the web -- an essential collaborative mechanism for groups large and small. We focus on ways to realize the potential of this resource and the underlying messaging infrastructure.

When it comes to e-mail, small (and fast) is beautiful. That is the principle behind ZipOut, our flagship product. The release of ZipOut 2003 continues its evolution from a simple compression utility to an attachment management suite. Now with attachment indexing, quick search, and scheduled compression and indexing tasks, ZipOut 2003 is fully compatible with Outlook 2003. For more information see What's New in ZipOut 2003.

       The Troj/Stinx-E Trojan horse appears to have been deliberately spammed out to email addresses, posing as a message from a British business magazine.

It exploits the controversial Sony DRM (Digital Rights Management) copy protection included on some of the music giant's CDs.

Typical emails look as follows:

Subject: Photo Approval Deadline
Message body:
Hello,
Your photograph was forwarded to us as part of an article we are publishing for our December edition of Total Business Monthly. Can you check over the format and get back to us with your approval or any changes? If the picture is not to your liking then please send a preferred one. We have attached the photo with the article here.

If the attached program is run, the Trojan horse copies itself to a file called $sys$drv.exe. Any file with $sys$ in its name is automatically cloaked by Sony's copy-protection code, making it invisible on computers which have used CDs carrying Sony's copy protection.

"Despite its good intentions in stopping music piracy, Sony's DRM copy protection has opened up a vulnerability which hackers and virus writers are now exploiting," said Graham Cluley, senior technology consultant for Sophos. "We wouldn't be surprised if more malware authors try and take advantage of this security hole, and consumers and businesses alike would be sensible to protect themselves at the earliest opportunity."

Sophos plans to issue a tool later today which will detect the existence of Sony's DRM copy-protection on Windows computers, disable it, and prevent it from re-installing.

"Sophos is acting on customers' concern that the software on Sony's CDs is introducing a vulnerability which hackers and virus writers are able to exploit," explained Cluley. "We will give customers the ability to determine if their computers suffer from the vulnerability and remove it if necessary."