A would-be hacker was being investigated by police Monday after threatening to attack the internal computer network of the Turin Olympics organizing committee.

The man — a technical consultant for the TOROC committee — illicitly gained access to off-limits sections of the network, police officer Fabiola Silvestri said.

"This consultant — who is now a former consultant — said in a very strong way that he could do certain things to the network," TOROC spokesman Giuseppe Gattino said. "Nothing has happened and all the passwords have been disabled."

Officials declined to reveal the consultant's identity, and Gattino said he didn't know the reasons for his threatening behavior. No charges were immediately filed against the man.

In a separate case, police found that a Turin antiques dealer had acquired five Internet domains that had similar names to Olympic Web sites. If accessed, the domains redirected users to the dealer's Web site, which also carried Olympic logos and other copyrighted material, Silvestri said.

Once he had been told that what he was doing was illegal, the dealer deleted the material and redirected users from his domains to Olympic Web sites.

Microsoft Corp. has won backing from major cellular networks for a new generation of phones designed to transform mobile e-mail from executive accessory to standard issue for the corporate rank-and-file.

The partnerships, with operators including Vodafone and Cingular, to be announced Monday at a mobile industry gathering in Spain, could spell more trouble for the embattled Blackberry and other niche e-mail technologies, analysts say.

Unlike the Blackberry and its peers, phones running Microsoft's latest Windows Mobile operating system can receive e-mails "pushed" directly from servers that handle a company's messaging — without the need for a separate mobile server or additional license payments.

As costs fall, Microsoft is betting companies will extend mobile e-mail beyond top management to millions more of their employees.

Vodafone Group PLC is to sell the phones under its own brand, in a joint marketing deal, targeting companies that already run Microsoft's Exchange software on their servers. Exchange is the collaborative glue behind Microsoft's popular Outlook application, which manages appointments and electronic address books in addition to e-mail.

Together with Cingular Wireless, Orange and T-Mobile, Vodafone will also deliver phone software upgrades to subscribers who are already running the Windows Mobile 5.0 operating system on their smart phones.

Microsoft laid the groundwork for its e-mail offensive with an October update to Exchange — which led the server software market last year with 48 percent of global sales, according to technology research firm Gartner.

 Microsoft Corp.'s plans to rebrand its free e-mail, instant messenger and Web search products under the name "Live" could be interpreted as a sign that MSN — the unit that previously housed those products — is a sinking ship.

But John Nicol, the executive recently put in charge of MSN, insists that isn't the case. In an interview Thursday, he said the changes will allow MSN, Microsoft's Internet portal, to focus more on providing content such as entertainment and even home videos.

Nicol, a longtime Microsoft executive who took over as general manager of MSN about three months ago, said the revamped MSN will include more opportunities for users to contribute their own content, such as posting their own videos or rating hotels on the unit's travel site.

A major focus will be on providing more video content online, aiming to go beyond just rebroadcasting television. As an example, he cited an MSN Web site, launched last summer, that complemented a reality show search for a new lead singer for INXS.

(In a separate arrangement, The Associated Press is launching an ad-supported online video news network using technology and advertising support from Microsoft.)

Microsoft Corp. announced final licensing and pricing information for its soon-to-be-released Windows OneCare™ Live, the all-in-one, automatic and self-updating PC care service aimed at helping consumers more easily protect and maintain their PCs to keep them running well. Now available free to new beta testers in the United States, at http://ideas.live.com, Microsoft^® Windows OneCare Live will be available in June from retailers and via the Web for an annual subscription of $49.95 MSRP for up to three personal computers. To thank its valuable beta customers and offer an easy transition to the paid service, Microsoft also announced today a promotional deal offering the first year of Windows OneCare Live service for $19.95 to beta customers who become subscribers between April 1 and April 30, 2006.

“Consumers have made it clear they need more assistance than what’s offered today, and we are excited to deliver the value of improved protection and maintenance in one comprehensive solution,” said Ryan Hamlin, general manager of the Technology Care and Safety Group at Microsoft. “Windows OneCare Live eases the frustration of protecting your PC and gives consumers greater peace of mind so they can spend less time worrying and more time doing the things they enjoy.”

Windows OneCare Live helps make it simpler and easier for consumers to enhance the overall health of their personal computers by offering automated protection, maintenance, performance tuning and support in an all-in-one package. Hundreds of thousands of people have tested Windows OneCare Live since the beta was launched in November 2005, and Microsoft has continually added features — such as backup for external hard drives — based on their feedback. People have particularly liked the simplicity of the all-in-one nature of the service and, according to recent surveys conducted by Microsoft with Windows OneCare Live beta testers, the vast majority of testers said they would recommend it to a friend or relative.

Full Article

Google has announced a major update that will affect the ranking of web pages in Google's index. In contrast to the usual algorithm updates, this update will be much bigger because it changes the way Google works behind the scenes. Google has given the update the name "Bigdaddy".

What is Google's Bigdaddy update?

Google uses a network of data centers with different IP addresses to answer search queries. These decentralized servers share the workload of indexing web sites.

The upcoming Bigdaddy update is not an algorithm update but a change in Google's data center infrastructure. It contains new code for sorting and examining web pages. According to Google's search engineer Matt Cutts, the update will be live in February or March.

Less spam, more content and a new Google spider?

Google is updating the data center infrastructure to handle potential spam problems such as 302 redirections or canonical URLs more efficiently. In addition, the new infrastructure will allow Google to develop more advanced algorithms and larger databases.

Another reason for the new data center infrastructure is that Google wants to be able to index different content types. Google is now testing a new search engine spider that is based on the Mozilla browser.

The new spider should be able to index more than traditional search engine spiders, possibly links within images, JavaScripts or Flash files.

How can you test how Bigdaddy will affect your rankings?

Some Google data centers that use the new Bigdaddy system are already online. For example, if you go to 66.249.93.104 you can test Google's new data center.

Google even wants your feedback. Click the "Dissatisfied? Help us improve" link at the bottom right of the result page. Enter your feedback and use the keyword bigdaddy so that Google knows that your feedback is about the new data center.

It's hard to tell how the Bigdaddy update will affect your web page rankings. If you have a spam free web site with good content and many incoming links, the update should have a positive effect on your Google rankings.

Two of the world's biggest e-mail account providers, Yahoo Inc. and America Online, plan to introduce a service that would charge senders a fee to route their e-mail directly to a user's mailbox without first passing through junk mail filters, representatives of both companies said Sunday.

The fees, which would range from 1/4 cent to 1 cent per e-mail, are the latest attempts by the companies to weed out unsolicited ads, commonly called spam, and identity-theft scams. In exchange for paying, e-mail senders will be guaranteed their messages won't be filtered and will bear a seal alerting recipients they're legitimate.

Both companies have long filtered e-mail by searching for keywords commonly contained in spam and fraudulent e-mail. AOL also strips images and Web links from many messages to prevent the display of pornographic pictures and malicious Web addresses. Both practices sometimes falsely identify legitimate messages as junk mail, making life difficult for businesses that rely on e-mail.

"We were hearing not only from members but also e-mail partners that they wanted a different way of delivering e-mail that would stand out in the inbox and would guarantee them delivery," said spokesman Nicholas Graham, adding that AOL, a division of New York-based Time Warner Inc., will start offering the service in the next two months. Company spokeswoman Karen Mahon said Sunday Sunnyvale-based Yahoo will begin offering a similar service in the coming months.

This is too funny, let's get this straight... You want to charge people to not do anything to their mail which has proven unreliable due to your filters which do more harm than good???? If you had built a proper mail system, as we have been stating for months and put this control in the hands of your users none of this would matter. What is so complex about putting the white-listing in the hands of your users where it belongs.

If you developed this software in house the team should be fired. If you paid an outsourcing company to do it, you should get refund. People talk bad about MS when they make a mistake of any kind. Now AOL and Yahoo can dictate whatever foolish policy they want and people say nothing. Where are the M$ Zealots when there is something like this happening right out in the open?

"Full Article Here"

AnonymizerR Inc., the leader in online identity protection technology and software solutions, today announced that the company is developing a new anti-censorship solution that will enable Chinese citizens to safely access the entire Internet filter-free, and also free from oppression and fear of persecution or retribution. This new program expands upon Anonymizer's history of human rights efforts which provide a censor-free Internet experience for those in oppressed nations. Anonymizer's new anti-censorship solution for Chinese citizens will be available before quarter's end. The solution will provide a regularly changing URL that users can access to open the doors to unfettered access of the World Wide Web. In addition, users' identities will be protected from online tracking and monitoring by the Chinese government. 

The communist government has taken a hard line against freedom of the press and access to information on the Internet. Google and others have been forced into a box by the Chinese government's strict requirements, but Anonymizer stands firm on the issue of protecting civil liberties. The company has been protecting basic liberties for more than a decade. It enabled safe Internet communications for families split on either side of the Kosovo conflict; it was used previously by the Voice of America to ensure that news Web sites were not blocked by the Communist government in China. Anonymizer also works in conjunction with the Voice of America today to bring safe Internet access to Iranian citizens. 
       
   Its Web site is home to the world's most popular Internet privacy service, Anonymous Surfing, which defends users from the most prevalent Internet privacy and security threats. Anonymizer identity protection solutions have been used to protect billions of Web pages since the company's inception in 1995. Anonymizer is privately held and headquartered in San Diego, California. (anonymizer.com)

As the world waited for one computer virus to strike on Friday, another wriggled its way into the Russian stock exchange and knocked it offline.

Computer experts had warned that 3 February could bring gloom for many as a computer virus called Nyxem was scheduled to start deleting files on machines it had infected.

Nyxem is programmed to randomly delete Word, Excel and PowerPoint documents as well as pdf files, zip files and several other file types. The virus was released several weeks ago and has spread by forwarding itself to email addresses found on the computers it infects.

But widespread damage failed to materialise and by early evening UK time on Friday several anti-virus companies said they had received no reports of incidents involving Nyxem. Patches against the virus had been released on 16 January.

But a collective sigh of relief was tempered by news that the Russian stock exchange has been subjected to an attack instigated by an unnamed, and apparently unrelated, computer pest.

Dmitry Shatsky, vice president of the Russian Trading System (RTS) said in a statement that a virus had infected a single computer used to test trading software that was connected to the internet. The entire network had to be temporarily shut down on Thursday as experts sought to isolate the infected machine and scanned others PCs for signs of infection.

Russian anti-virus company Kaspersky said sources had revealed that the infected machine was controlled remotely to launch a denial-of-service (DoS) attack against other systems on the trading network.

This involves bombarding a system with huge amounts of irrelevant information in an attempt to bring it down.

"While all the world was in a frenzy over the damp squib that was Nyxem, this attack infiltrated the RTS and could have potentially given hackers access to their systems," adds Graham Cluley, senior technology consultant for computer-security firm Sophos. "A virus which can disrupt a stock exchange can have obvious financial consequences, as well as harm the important credibility of an institution in the public's eye."

Adding Blogging to Your Apps with My.Blogs and Visual Basic 2005

My.Blogs is a collection of sample code that shows how to easily provide programmatic access to blogs in your applications. Chris Mayo shows how easy it is to read and publish blog entries within Visual Basic 2005 using My.Blogs. Full source code is provided under "Related Resources".

"Click Here"

AT&T is slashing its monthly fee for high-speed Internet access to an all-time low: $12.99.

The telecom company had been charging $14.95 a month for its lowest-priced digital subscriber line plan. The new deal, which goes into effect Friday, is aimed at customers who sign up online. It requires a one-year contract.

"This ($12.99 offer) will have a negative impact on cable TV companies, who don't seem to be reacting yet," said Jeffrey Kagan, an Atlanta-based telecom analyst.

AT&T has focused on the low end of the broadband market with its cheap DSL plans. The new $12.99 plan -- like the $14.95 plan before it -- offers a slower service than pricier plans. But it's still seen as an improvement over dial-up services, and AT&T is aggressively trying to convert dial-up users to DSL.

The strategy appears to be working. The company, formerly named SBC Communications, added 1.8 million high-speed Internet customers in 2005. That's the most among phone and cable TV companies.

The company added 425,000 DSL customers in the fourth quarter alone. Three-quarters of them opted for the $14.95-a-month plan.

Verizon Communications which once criticized AT&T for slashing DSL prices too quickly, has been following AT&T's lead. That company added 613,000 broadband customers in the fourth quarter. Fifty percent of them signed up for its lowest-cost offer, also $14.95.

WesternUnion quietly announced; Effective January 27, 2006, Western Union will discontinue all Telegram and Commercial Messaging services. We regret any inconvenience this may cause you, and we thank you for your loyal patronage.

The Mozilla Foundation has shipped the first patch for its flagship Firefox 1.5 browser to plug a series of security vulnerabilities and memory leaks.

The open-source group has started pushing out Firefox 1.5.0.1 as an automatic update and recommended that all users apply the upgrade to protect against a known denial-of-service bug and several undisclosed security issues.

"We recommend that all users upgrade to this latest version," Mozilla said in a note posted online. In addition to security patches and fixes for memory leak issues, Firefox 1.5.0.1 also promises improved stability and improved support for Mac OS X.

The Foundation did not release details on most of the security flaws being fixed. The published list of patched Firefox vulnerabilities has not been updated to reflect the new browser release.

The exploit was confirmed on Firefox 1.5 on Windows XP SP2 (Service Pack 2) and is caused by an error in the way the open-source browser handles large history information. A successful attacker can fill the browser's "history.dat" file with large history information by tricking a user into visiting a malicious Web site with an overly large title.

Win32/Mywife.E@mm is a mass-mailing network worm that targets certain versions of Microsoft Windows. The worm spreads through e-mail attachments and writeable network shares. It is expected to corrupt the content of specific files on the third day of every month. This threat has been assigned CME identifier CME-24. It will be detected as Win32/Mywife.E@mm!CME-24.

Platform: Windows 2000, Windows XP, Windows Server 2003, Windows ME, Windows 98

CME-24  Microsoft Security Advisory (904420)

Having to deal with a million different problems with regard one AOL problem or another, we as many are simply overwhelmed once again with AOL policies. I ask a very simple question what kind of company creates a policy so stringent that even their own users are now being forced to seek a proper mail system? Most proper mail servers offer a means which allow a specific user to whitelist any one they wish to accept delivery from. I have to ask this very basic question. Again, what makes you at AOL think you can impliment something which your own users cannot control?

We have personally got to the point where our own users are making posts that state we are sorry but AOL addresses are no longer acceptable. I found this a bit strong at first but then gave it some consideration. I think the statement is brilliant, administrators world wide dealing with AOL policies have done little to curb spam nor will it. I think that if they are so stupid as to not offer their clients a proper web interface for white-listing a a specific sender then they get everything they deserve. In fact I think the approach of banning AOL addresses might not be such a bad approach at least untill they get the message. Not putting this in the hands of their own users is costing everyone millions in lost time and stupid email requests that are extemely time consuming.

To think that all this time spent by sending support requests to AOL and dealing with their policy could have all been avoided by building a proper interface. Perhaps they could have done this before imposing the policy. It seems logical that if they want to ban servers that are correctly configured. Then I think banning AOL as a acceptable address might just be the right approach. I think that if everyone took this position over night they would have a interface that offered white and black listings to their clients based on their needs.

Radeon® X1800 Series — Ultra-threaded 3D Architecture for Maximum Visual Velocity

This is it. The new Radeon® X1800 Series hands you the visual and performance possibilities you only dreamed of from a PC graphics processor. It has been designed with a radically new ultra-threaded 3D architecture and Shader Model 3.0, unleashing the most mind-blowing gaming effects. What’s more, the X1800 introduces ATI’s revolutionary Avivo™, our new reference for video and display perfection.

Radeon X1800 series’ 90-nanometer process technology and ultra-threaded architecture combine power and efficiency as well as support for Shader Model 3.0 to deliver new High Dynamic Range visual effects, enhanced realism with Adaptive Anti Aliasing and lightning fast performance in OpenGL and DirectX® 9 games.

Users of Advanced Micro Devices Inc.'s microprocessors may want to think twice before looking for technical support on the company's Web site. Customer support discussion forums on the forums.amd.com site have been compromised and are being used in an attempt to infect visitors with malicious software, an AMD spokesman confirmed Monday.

The problem was first reported Monday in a blog posting by Mikko Hypponen, manager of antivirus research at F-Secure Corp. in Helsinki. As of Monday morning, AMD technicians were still working to resolve the problem, according to AMD spokesman Drew Prairie.

Because AMD had just learned of the problem, Prairie could give few details on how the site was compromised or when AMD expected to have the issue resolved.

According to F-Secure's Hypponen, attackers are exploiting a widely reported flaw in the way the Windows operating system renders images that use the WMF (Windows Metafile) graphics format. This flaw was patched on Jan. 5, so users who are running versions of Windows that have the latest patches installed are not at risk.

Because of the nature of the WMF vulnerability, however, hackers could install any type of software they wanted on unpatched systems.

How the attackers were able to compromise the AMD forums is unclear. Hypponen said that the AMD server could have been hacked, but that the problem could also be due to an intrusion at an AMD partner Web site or at an ISP.

These kind of WMF exploits have already been seen on a number of Web sites, but AMD is the most high-profile victim. Because users tend to trust content being served by known Web sites like AMD, the hack is particularly troublesome.

Telecommunications service provider AT&T Inc. on Thursday posted a profit of $1.66 billion in its first quarterly report since it was formed by SBC Communications' purchase of AT&T Corp. last November.

The results were boosted by an increase in customers for AT&T's broadband Internet service and strong customer growth at Cingular Wireless, the AT&T venture with BellSouth Corp. that posted earnings earlier this week.

Like peers BellSouth and Verizon Communications, AT&T Inc. depends on services such as wireless and broadband Internet service for growth as traditional local phone lines decline.

The company said that on a reported basis, including its 60 percent stake in Cingular, it earned 46 cents per diluted share. In the year-ago quarter, SBC alone earned $688 million, or 21 cents a share.

Level 3 Communications announced that it has acquired Progress Telecom, a provider of wireless and land-line phone services in the Southeastern United States, for about $137 million in cash and stock.

Under the terms of the deal, Level 3 will pay $68.5 million in unregistered shares of its stock and $68.5 million in cash to Progress Energy and Odyssey Telecorp, the joint owners of Progress Telecom.

Level 3, which operates one of the nation's largest IP-based fiber-optic networks, said it will not take over some assets of Progress Telecom's wireless tower attachment business, as well as some of the company's interests in marketing distributed antennae systems and providing tower services to other mobile carriers.

The company has also reserved the right to pay cash in lieu of providing common stock as part of the deal, which is expected to close some time during the second quarter of 2006.

Progress, which recorded 2005 sales of roughly $20 million, controls an estimated 9,000 miles of land line, including 29 metropolitan networks ranging from Miami to New York, along with 31 wireless switching hubs in the Southeast. The firm, which primarily serves regional wireless services carriers, also provides connections to international cable landings in Florida.

The kit contains the VIA EPIA 10000 board, the M1-ATX smart vehicle PSU, VoomPC car PC enclosure, wire harness, connectors and jumpers.

VoomPC is a compact, high performance yet affordable x86 vehicle / car PC (car computer) kits specifically designed for the ultra power sensitive conditions of in-vehicle applications. Based on low power VIA EPIA Mini-ITX mainboards the VoomPC is aimed at driving telematics mainstream and provides a versatile, low cost navigation and infotainment platform.

With a footprint of 21cm x 25cm x 6.7cm, the VoomPC is equipped with rich peripheral connectivity, multimedia and telematics options afforded by the feature-packed VIA EPIA Mini-ITX mainboard, including USB2.0, Firewire, Ethernet, PCMCIA types I and II CardBus interface for GPRS/Wifi, S-Video, VGA and six-channel audio. Made our of massive 5.5mm extruded aluminum profile, the voomPC(TM) car PC (carputer) encloure was designed to work with any type of mini-ITX motherboard (170x170mm) from fanless configurations such as VIA mini-ITX or Pentium or low power Pentium-M processors, making it the ideal car PC solution.

Introducing picoPSU-120, world's tiniest 12V DC-DC ATX power supply unit (PSU)

Compact design, less cables. The picoPSU-120 is the smallest snap-in ATX dc to dc power supply. The picoPSU is compatible with an entire range of mini-itx motherboards as well as regular boards. The picoPSU-120 provides a cool, silent 120 Watts of power for small PC designs using a single 12V power source.

By using Patent Pending HyperWatt[TM] technologies , picoPSU-120 packs an impressive amount of power relative with its very small footprint.

Small computer projects start with small power supplies. PicoPSU-120 is a crucial key component that unleashes the ultimate power solution for general purpose computing platforms. PicoPSU-120 is fully ATX compliant, making it an excellent candidate for any silent, 12V DC-DC computer project.

Reduce space. Eliminate 20 unnecessary wires by plugging in directly into the motherboard ATX connector. The picoPSU-120 12V dc-dc ATX converter was designed from ground up to fit small form factor ATX boards, allowing enclosure designers to save space while not compromising power requirements.

Cool power. Operating at only 12V, the picoPSU-120 dc-dc ATX power supply delivers 120 Watts of power. picoPSU provides plenty of power (via ATX connector and HDD cable harness) for CPU and an entire range of peripherals.

100% Silent The picoPSU-120 mini PSU is a 100% silent dc to dc solution. No fans, no noise, just power for small and silent PCs.

picoPSU-120 is a fully compliant DC-DC ATX PSU. It can power VIA mini-ITX boards with C3 or C7 processors, P3, P4, Pentium-M, and AMD processors.

Today a most interesting exploit came to my attention with the unknown service DFind exe in task manager. I admit it did hide pretty well from me for awhile at anyrate. Hidding this inside the hidden folder system volume information was a interesting little twist. After killing the service and deleting it was pretty easy to remove however.

A new version of the popular Skype VOIP application has been released to correct a bug that caused Skype to be misread as a potential security threat.

The Skype 2.0.0.73 for Windows update fixes a flaw that triggered a DEP (Data Execution Protection) warning on systems running Windows XP SP2 with DEP-enabled Intel or AMD processors.

DEP is a set of hardware and software technologies that perform additional checks on memory to help prevent buffer overflow attacks.

The Skype bug meant that users running new computers had to manually configure the application as an exception to turn off the DEP warnings.

This, however, created a scenario where users were being lulled into ignoring DEP warnings because of the Skype bug.

"If you added Skype to some DEP exception list before this release, feel free to upgrade to 2.0.0.73 and then remove it from the exceptions list," the company said.

Walt Disney Co. is in serious talks about an acquisition of Pixar Animation Studios, the Wall Street Journal reported on Thursday, citing people familiar with the matter.

The newspaper report said terms under discussion would have Disney pay a small premium to Pixar's current stock market value of $6.7 billion. The deal would be a stock transaction and make Pixar Chief Executive Officer Steve Jobs the biggest individual shareholder in Disney, the newspaper reported.

The talks are at a sensitive stage and other options are possible, including an agreement for Disney to distribute Pixar movies, the report said, citing people familiar with the situation.

The companies have been partners since Pixar began making feature films with "Toy Story". Currently Pixar and Disney split costs, and Disney effectively has sequel rights to Pixar films.

Google Inc. is continuing to expand its advertising capabilities beyond the online world, agreeing to buy a company that automatically connects advertisers with radio stations. The price could top $1.2 billion.

The company, dMarc Broadcasting Inc. of Newport Beach, Calif., creates an automated platform that lets advertisers more easily schedule and deliver ads over radio and keep track of when they air. On the broadcaster side, the dMarc technology automatically schedules and places such advertising, helping stations minimize costs.

Under the deal, announced Tuesday, Google would pay dMarc at least $102 million in cash. If performance targets are met, Google would make additional payments of up to $1.14 billion over three years.

The up-front cash payment will make only a small dent in Google's reserves. Through September, Google had $7.6 billion in cash and marketable securities, though it has since committed to making a $1 billion investment in Time Warner Inc.'s America Online unit.

Google said it plans to integrate the dMarc technology with its highly successful Google AdWords platform, in which third-party Web sites share revenues with Google for carrying the Mountain View., Calif., company's highly profitable search ads.

"Google is committed to exploring new ways to extend targeted, measurable advertising to other forms of media," said Tim Armstrong, Google's vice president for advertising sales.

Oracle Corp. released patches addressing more than 100 separate vulnerabilities in its database and application server software, as well as in its collaboration and e-business suites.

The patches, which are part of Oracle’s scheduled quarterly updates, included fixes for flaws in its PeopleSoft and J.D. Edwards portfolios.

A large number of the flaws affecting Oracle’s databases were listed as having a “wide” impact on database availability, integrity and confidentiality.

For instance, one of the them is a vulnerability in Oracle databases that enables any user with basic access privileges to assume the role of a database administrator. The flaw, first reported to Oracle in October by database security firm Imperva Inc., also allows would-be attackers to prevent illegal activity from being recorded by the database server’s built-in auditing mechanism, said Shlomo Kramer, Imperva’s CEO.

This is the second batch of patches to be released by Oracle since the company moved to a quarterly schedule last fall. Oracle’s next patch update is slated for April 12.

Under its Critical Patch Update program, Oracle has said that it will release highly integrated patches that combine fixes for multiple high-priority vulnerabilities. The patches are cumulative, meaning users who miss applying patches one quarter can apply a cumulative update the following quarter that addresses both the previous problems and any new ones that might have cropped up.

Oracle has made a great deal of improvement over the past year in [its] security response processes, but there is still a long way to go.

Updated: America Online posts a hotfix to correct a buffer overflow vulnerability in its "You've Got Pictures" photo album service.

A critical security flaw in America Online Inc.'s "You've Got Pictures" service could put millions of users at risk of PC takeover attacks, according to a warning from the US-CERT (U.S. Computer Emergency Readiness Team).

In an advisory, US-CERT described the flaw as a buffer overflow in an AOL YPG Picture Finder Tool ActiveX control (YGPPicFinder.DLL) that may be exploited to execute arbitrary code or cause a denial-of-service condition.

The vulnerability affects AOL 8.0, AOL 8.0 Plus and AOL 9.0 Classic. In addition, the vulnerable control was distributed via the "You've Got Pictures" Web site prior to 2004.

A separate alert from FrSIRT (French Security Incident Response Team), rates the bug as "critical" and warned that the vulnerable ActiveX control does not properly handle overly long input strings.

"[This] could be exploited by remote attackers to compromise a vulnerable system by convincing a user to visit a specially crafted Web page."

ESET, a personal favorite provider of security software for enterprises and consumers, announced that its NOD32 solution with ThreatSense(R) technology has been enhanced to protect users and organizations against stealth rootkit applications. Rootkits, which by design are highly undetectable, are widely known to escape discovery by traditional signature-based antivirus methods.
   
   Rootkits recently came to public attention when it was discovered that Sony included a rootkit on some of its music Cds and video DVDs in an effort to prevent illegal copying and distribution of copyrighted material. Designed specifically to be "invisible" to users, rootkits can be used to hide malicious software, giving criminals the opportunity to exploit unprotected computers.
   
   "Rootkit detection is based on the new generation of intelligent signatures, which is a part of the ThreatSense technology," says Richard Marko, chief software engineer for ESET. "Currently, ESET is the only integrated threat protection system known to proactively detect even unknown rootkits."
   
   ESET's NOD32 ThreatSense(R) technology is a sophisticated detection system based on advanced heuristics that proactively identifies previously unknown malware, such as that which exploited the Sony rootkit.
   
   Rootkit protection is available immediately to current NOD32 license holders, and will be automatically installed to computers configured to receive automatic program component updates. To download a free trial copy of NOD32, please visit www.eset.com.