It appears that Microsoft wants to make sure that its customers feel as if they are being treated with contempt - just in case they didn't already feel that way. Customers who pay up to US$400 for a copy of Vista Ultimate will for their investment be able to transfer their software to another machine just once instead of as many times as they like as is the case with XP.

If your machine packs it in, Microsoft in its benevolence will allow you to transfer the software to another machine. However, if after a year or so you decide to upgrade and pass your old machine on to another family member who only needs a copy of Vista Home Edition, it's just too bad because you'll have to fork out another US$400 because your license is no longer transferrable. This is not piracy prevention. This is pure greed.

Microsoft claims that it is has a huge piracy problem. It has to tighten its rules with measures such as the Software Protection Program that has the power to disable computers deemed to house pirated software. It has to restrict users to the number of times they can re-install their software.

However, one has to ask then how was Microsoft able to build a global monopoly where Windows is installed on 90% or more of desktops despite this so-called piracy? Are they really implying that 50% of these people are priates? Given the numbers it would seem that the 2 + billion people of china and india which could buy microsoft software, why then does the price of the product not drop as the numbers go up. Production of any other material goods are expected to drop as the numbers rise. But at MS they have a sweet deal already by them maintaining high prices throughout the life cycle of a product. One which they define the life cycle as 5 years from day one.

In spite of piracy, how was Microsoft able to achieve revenues of nearly $25 billion and a profit of almost $18.5 billion on its Windows and Office products alone in the fiscal year ended 2006? Already forums are abuzz with outraged users advising to install one of the popular free Linux distributions on their computers. users are advising each other to buy Macs - anything to get away from the restrictions Microsoft intends to impose on the use of its software.

With its higher performance and reduced power, Intel Core microarchitecture is the intel road map they are banking the farm on. While one can spend day's reading the spin on their roadmap since hearing that Intel plans to give a price break which suggests their intent to give 4 cores for the price or two.

Intel plans future quad-core models that consume less power. In the first quarter of 2007, Intel will release mainstream Kentsfield chips, called Core 2 Quad, that consume 105 watts while a gaming version known as "Core 2 Extreme" will soon be shipped to OEMs.

Hoping to push ahead of rival Advanced Micro Devices Inc., Intel Corp. will bring its quad-core chips to market in a new line of Hewlett-Packard Co. workstations to be introduced on Nov. 13. HP has sent out invitations to the event but did not offer any specifics on exact models and prices. The computers will probably use Intel's planned Xeon 5300 chip, and are designed to run high-end applications like seismic analysis and visualization software from Autodesk Inc.

The launch would allow Intel to bring quad-core processors to market before AMD, a crucial win in a year when Intel has made as many headlines for its layoffs and missed earnings targets as for its technology.

AMD plans to release its own quad-core chips in the middle of 2007 and claims that its monolithic design is superior to Intel's plan, which essentially glues two dual-cores chips together. But without having any hardware to test, analysts are divided on whether this detail will significantly affect the chips' performance.

AMD claims to have the advantage in quad-core by using a design superior to Intel's, "which essentially glues two dual-core chips together," he wrote. Without hardware to run tests on and make comparisons, however, it's impossible to know which design performs better.

While we are hearing plenty of information about Kentsfield release in November it will be pricey. The first intel quad-core is specifically aimed at gamers and content creators, which not only indicates a very limited availability but also the usual high tray price ($1000) of the Extreme processor series. Intel will follow up with a quad-core mainstream processor in Q1 of next year. The "Core 2 Quad" will support Intel's revenue of the Core 2 processor series on the higher-end mainstream.

www.baltimore.com has run for two years since its last reboot, and has the longest time since reboot of any Windows 2000 site we find on the Internet.

Baltimore was an early evangelist of enterprise Public Key Infrastructure (PKI) and briefly a FTSE-100 company during 2000. Although its business has considerably reduced in size, the www.baltimore.com site, which Alexa ranks in the busiest 50,000 sites on the internet, will have seen a considerable volume of traffic since it was last rebooted.

The web site's reliability is enabled by "a stable power source, good physical security, a webmaster who cooperates with the networks team and a proper screening firewall," said Keith O'Byrne, a network engineer with Baltimore Technologies.

Baltimore Technologies is based in Dublin, Ireland and provides security products and services to manage user identities and access, and assure the integrity of transactions through digital signatures.

Port80 Software, a Microsoft partner, has released a new survey showing that the Microsoft Internet Information Services 6 Web server has overtaken the Apache open-source Web server among Fortune 1000 Web sites.

In the survey released on Oct. 11, Port80 Software said IIS 6 more than doubled its market share over the last year, to 27 percent. However, IIS 5 remains the most popular Web server among Fortune 1000 users, according to the survey.

The Port80 survey also showed that Microsoft ASP.Net application server environments are used on 48.4 percent of Fortune 1000 sites.

Other platforms, including Java application server environments like IBM's WebSphere, BEA Systems's WebLogic, Sun Microsystems' JSP (JavaServer Pages), the open-source Tomcat platform, and technologies such as PHP and ColdFusion all combined to account for only 21.2 percent of Fortune 1000 site deployments, the survey said.

Port80's most recent and other surveys going back to 2003 can be found here. Also included Netcraft stats for October which take in all world wide stats and not just the Fortune 1000. It shows the same information and if nothing else can be said; It seems now a two server game, Apache or IIS and the others have dropped to barely a blip on the screen.

The Internet Corporation for Assigned Names and Numbers (ICANN) said in a statement 10.11.2006 that it does not have the ability or authority to comply with a proposed court order that it suspend the Internet service of The Spamhaus Project Ltd. Spamhaus is a volunteer-run antispam service.

In a proposed order last Friday, Judge Charles Kocoras of the U.S. District Court for the Northern District of Illinois called on the organizations responsible for registering the Spamhaus.org Internet address to suspend the organization's Internet service. Both ICANN -- the nonprofit organization set up to manage the domain name system of the Internet -- and Toronto-based Tucows Inc., the Spamhaus.org registrar, are named in the order.

The court threatened to shut down Spamhaus for ignoring an $11.7 million judgment against it. The proposed order followed a Sept. 13 ruling in which Spamhaus was required to pay damages and stop listing an e-mail marketing company called E360Insight LLC in its database of known spammers.

ICANN said that in most cases, only the Internet registrar with whom the registrant has a contractual relationship can suspend an individual domain name.

"Even if ICANN were properly brought before the court in this matter, which ICANN has not been, ICANN cannot comply with any order requiring it to suspend or place a client hold on Spamhaus.org or any specific domain name because ICANN does not have either the ability or the authority to do so," the organization said.

Seagate Technology announced today that it will ship a 1.5TB version of its Maxtor OneTouch III Turbo Edition external hard disk drive. The new drive ships this month for $799.99.

The Onetouch III Turbo Edition is preformatted for Macintosh users and comes with FireWire 800, FireWire 400 and Universal Serial Bus 2.0 interfaces. It measures 5.4 by 3.9 by 8.5 in. Inside the drive enclosure are two 750GB hard disk drive mechanisms configured together in a RAID array for a total capacity of 1.5TB. The "OneTouch" refers to the system's ability to back up a Mac's internal hard drive by pressing a button that activates software included with the drive.

Seagate also makes Maxtor OneTouch III systems in other capacities and configurations, including "Mini Editions" for portable users.

Seagate has also enhanced the Maxtor Shared Storage II line of network-attached storage products with smaller systems. Already available in 1TB capacity for $799.99, the Shared Storage II line now comes in single-drive 320GB and 500GB capacities for $349.99 and $449.99, respectively.

The Shared Storage II devices incorporate a single 10/100/1000 RJ-45 Gigabit Ethernet port and two USB 2.0 ports for printer sharing, storage, expansion or off-site data rotation. The drive includes software to enable Mac and PC users to stream digital media and back up their own local files.

Juniper Networks on Oct. 18 2006 will seek to silence critics who complain about the company's lack of an Ethernet edge aggregation switch for service providers by launching its new X-Series product line.

The X-Series switch/router is built to optimize both Layer 2 and Layer 3 functions and provide high-density Ethernet interfaces. The 14-slot X960 chassis can accommodate up to 480 Gigabit Ethernet ports through a 40-port line card. It can also support 48 10 Gigabit Ethernet ports through a four-port 10 Gigabit Ethernet line card, according to sources close to Juniper, who asked not to be identified.

The product line is aimed at shoring up Juniper's position among Metro Ethernet service providers. The financial analysts are all over Juniper's back to get into the Layer 2 switching space.

It also provides a range of QOS (quality of service) features, including support for up to eight queues per port and up to four scheduling priorities as well as per-port shaping. The X960 will run the Junos operating system software.

Juniper is also planning to add a six-slot chassis to the X-Series line that can accommodate existing X960 line cards and other components. Also in the works for a later release are fine-grained queuing line cards supporting per-VLAN (virtual LAN) queuing. Further down the road, Juniper also plans to add support for SONET (Synchronous Optical Network) interfaces as well as a 32-port Gigabit Ethernet line card, sources said.

This is one of the best sorted easy to browse collections of freeware fonts I have personally found. I know the geeks are going, just what the world needs another billion freeware fonts. That is sure what I thought when the link was forwarded on to me. But since I sat browsing fonts for 10 minutes I guess I was taken in. Go to site here.

Koders.com is the leading search engine for open source code. Our source code optimized search engine provides developers with an easy-to-use interface to search for source code examples and discover new open source projects which can be leveraged in their applications.

Koders Enterprise Edition enables organizations to recognize significant productivity gains by improving code reuse. Developers and managers can search, review and report on the enterprise code base in ways never before possible.

In one of its biggest releases in recent months, Microsoft Corp. today issued 10 security bulletins detailing fixes for more than two dozen separate vulnerabilities -- several of which are already being actively exploited in the wild.

But the updates were not immediately available via Microsoft Update, Automatic Update or Windows Update Services because of what the company described as "technical difficulties."

"Technical teams are engaged and have been working around the clock" to make the updates available by the end of day today, the company said in a statement. "To be clear, it's a delay due to the networking for these systems," said a post on Microsoft's security response center blog said this afternoon. "There are no issues with the security updates themselves." The delay does not affect customers using Microsoft's Software Update Services, Windows Update V4 or Office Update.

Those who want to download the patches immediately can do so manually by visiting Microsoft's technet site, the blog post said.

Six of the bulletins announced today are rated as critical by Microsoft and detail fixes for a total of 16 separate flaws. The rest of the bulletins addressed vulnerabilities that were either rated as important or moderate by Microsoft.

The bulletins covered a total of 26 separate flaws and are part of Microsoft's regularly scheduled monthly security updates for October. The list of products affected includes PowerPoint, Excel and Word.

"What's interesting to note here is that six of the flaws [covered by today's bulletins] are being exploited in the wild or have proof-of-concept code available," said Tom Cross, a vulnerability researcher with Atlanta-based Internet Security Systems Inc.'s X-Force threat analysis service.

Examples of active attacks against flaws fixed today include zero-day exploits against Excel and Word, Symantec Corp. said in an advisory released this afternoon. Similar attacks or proof-of-concept attacks are also available against some of the flaws addressed in security bulletins MS06-057, MS06-058 and MS06-63, Cross said.

"Today we are seeing a record high number of vulnerabilities being patched in a single month," said Monty Izerman, a senior manager of the global threat group at McAfee Avert Labs in an e-mailed comment. Sixteen of the flaws patched today were discovered in application software products and continue a trend toward "application-based malware and application-targeted vulnerabilities," he said.

Of the fixes released today, the one described in MS06-057 is perhaps the most critical, McAfee noted. The critical flaw, which exists in Windows Shell, can be used to take complete control of compromised systems and has already been widely exploited in so-called "drive-by install" and "drive-by download" attacks via Internet Explorer, McAfee cautioned.

CBS Corp. and top online video site YouTube Inc. said on Monday they have struck a strategic content and advertising partnership.

The deal calls for CBS to offer YouTube users a variety of short-form video programming including news, sports, and entertainment divisions beginning this month, the companies said.

YouTube and CBS will share revenue from advertising sponsorships of CBS Videos, they said.

PHP:Hypertext Preprocessor (PHP) is a scripting language that is suited for developing Web applications. A PHP script can be embedded in an HTML page and run as a .php script or as a Windows Script Host script (.wsf file). PHP 5.1.6 is the latest version of PHP and includes extensions for various databases including the SQL Server database. The SQL Server database extension in PHP 5 is installed by default when PHP is installed. With the SQL Server database extension, a connection can be established with the SQL Server 2005 database and SQL statements run on the database. The PHP extension supports databases created in different versions of SQL Server. This paper covers configuring the PHP extension with SQL Server 2005 Express Edition databases only. (18 printed pages) Details Here

Click here to download the Word document version of the article, AccessSQLwPHP.doc.

Google Inc. has laid the speculation to rest -- it is buying YouTube for $1.65 billion in a stock transaction announced Oct 9, 2006.

YouTube operates a wildly popular Web site showing original videos that range from amateurish to professional. It will continue to operate independently after the Google acquisition "to preserve its successful brand and passionate community," Google said. The deal is expected to close in the fourth quarter.

Although YouTube CEO and co-founder Chad Hurley had earlier insisted that YouTube wasn't for sale, that view changed because Google will allow YouTube to operate independently, he said during a conference call to explain the acquisition.

Bringing YouTube into the ever-growing Google empire will mean that users have a "better, more comprehensive experience" when they upload, watch and share videos, Google said. It will also provide more opportunities for professional content owners to get their work out to a wider audience, Google and YouTube executives said.

The two companies have similar corporate values in that they are both committed to users first and also to innovation, Google CEO Eric Schmidt said. "Together, we are natural partners to offer a compelling media entertainment service," he said. The deal is "an exciting next step" for Google, he said, adding that the company expects other deals that are related to providing video over the Internet. YouTube has "built a remarkable team" that is "a perfect example of the kind of people we like to work with."

YouTube will benefit from Google's global reach and technology know-how, Hurley said. "We're excited by this announcement and thrilled to join forces with the Google team," he said. The acquisition will boost YouTube's new video content platform, which is expected to launch in the next month, he said.

Microsoft's Vista will not make it more difficult for anti-virus systems to work, Russian computer security group and potential IPO candidate Kaspersky Lab said on Friday, contradicting rivals.

In an open letter this week, U.S. anti-virus provider McAfee accused Microsoft of weakening users protection by no longer co-operating with computer security groups and denying them access to the core of the Vista system.

"From what we have seen of Vista we cannot tell that Microsoft is blocking access to the core," Kaspersky Lab Chief Executive and co-founder Natalya Kaspersky told Reuters in an interview in Paris.  "It would not make any sense for them (Microsoft) to stop working with other computer security companies because it would make their system more vulnerable to attacks," Kaspersky added.

Microsoft, the world's largest software group, entered the computer security market in June with OneCare, a software that aims to protect computers from viruses, spyware and other ailments. The U.S. software giant fired back on Monday, saying that it had worked closely with computer security companies throughout the development of Vista and planned to continue to do so.

"Microsoft would have to change their business completely if what McAfee says was true," Kaspersky said, explaining that Microsoft's business model was based on working with other providers. Kaspersky said Microsoft had held its traditional annual meeting with computer security companies this summer and she had not noticed co-operation was weakening.

In its open letter on Monday McAfee alleged that Microsoft had firmly embedded in Vista its own security system which could not be disabled even when users purchased an alternative security product.  "Microsoft seems to envision a world in which one giant company not only controls the systems that drive most computers around the world but also the security that protects those computers from viruses and other online threats," McAfee said in its letter. Symantec and other computer security companies have backed McAfee's criticism of the Microsoft Vista system.

Microsoft has rejected their allegations and said it wished to deliver a secure version of Windows Vista that would be compliant with EU law.

It’s been a good year for great technologies.  This one is an MIT tool called ASSIST - It will at very least open the creative minds of those who are interested in design. 

Design rationale is often not recorded in mechanical engineering designs because it is not convenient to stop the design process to record every design decision that is made. Designing directly on the computer could assist the process of design rationale capture. At the very least a computer design tool could record all the changes made to a design over its lifetime.

Unfortunately, current computer-based design tools for mechanical engineers are not tailored to early stages of design. Most designers use pencil and paper at first, and input their design into CAD systems only after it is nearly complete. The tradeoff between the ease of drawing and the precision of a CAD tool is too great for engineers who are just sketching out rough designs.

We aim to create a tool that allows the engineer to sketch a mechanical system as she would on paper, and then allows her to interact with the design as a mechanical system, for example by seeing a simulation of her drawing. We have built an early incarnation of such a tool, called ASSIST, which allows a user to sketch simple mechanical systems and see simulations of her drawings in a two-dimensional kinematic simulator.

Video Presentation:

Oct 3, 2006 Google launched a new search engine geared towards the needs of programmers.

"Searchers can seek out specific programming terms or computer languages and dive deep into compressed code to locate specific features. Users also can narrow a search to find software code based on specific licensing requirements, which is a big deal in warding off future patent litigation." (Reuters)

A very useful tool for geeks. "Code search here" Though as with anything there is clearly a downside.

Several software programmers say Google Code Search appears to answer some of the basic nightmares of building software by creating a single place where one can trawl through all the publicly available computer code in the world. Though the downside is that it might be viewed by some as a hackers paradise as the focus is moving off server attacts and toward applications both desktop and web. Below is a couple quotes from the discussions link.

The US Government stunned the online gambling industry over the weekend by passing laws that effectively ban the services from their biggest market.

The $US6 billion ($8 billion) industry went into meltdown over the news, with shares in UK-listed PartyGaming, 888 Holdings and SportingBet - which has operations in Australia - plummeting in early London trading overnight. Also in the line of fire is Betcorp, which is listed on the Australian Stock Exchange and, like the UK-listed companies, counts on US customers for most of its business.

The US Senate, which was expected to block the legislation, sneaked the bill through early Saturday morning US time, following some last-minute manoeuvring ahead of the Senate break for mid-term elections. The bill outlaws the processing of bets for online gaming companies, effectively preventing US banks and credit card companies from doing business with the operators. It could be signed into law by President Bush as early as this week.

The bill excludes US-based online betting on services like horse racing and lotteries and has no impact on American casinos and other gambling operations. The US Government has been in a tussle with the industry for more than a decade, dating back to when foreign operators accepted bets from US citizens over the phone from offshore operations in the Caribbean.

These online sports betting, poker and casino operators have been drawn to the London Stock Exchange, where investors have profited from the explosive growth in US internet wagers, despite their questionable legal status. That is expected to change. According to UK reports, 888 Holdings, PartyGaming, and SportingBet are expected to halt their US-facing operations. Shares in PartyGaming slid 64.5p, or 59 per cent, to 43.5p in early London trading. SportingBet shares were down 69 per cent to 58p and 888 Holdings 48 per cent to 76p.

The latest move is not entirely surprising given the hard line already being taken by US authorities. SportingBet's former chairman, Peter Dicks, was arrested last month on a warrant issued by Louisiana State Police, but was released by a New York court recently. Mr Dicks faced being extradited to the state on charges that include gambling by computer, a charge that could land him a year in jail.

Intel plans to essentially offer two cores for free when it begins rolling out quad-core Xeon 5300 server processors in November. By offering quad-core chips, which contain four processor cores each, for roughly the same price as two-core versions, Intel expects its latest semiconductors will rapidly proliferate in the server space, company executives said here at the Intel Developer Forum on Sept. 26.

Intel executives said they were confident in the new quad-core Xeon chips' design and capabilities. But in order to speed their introduction, the chip maker will tout the chips' performance—Xeon 5300 chips will offer as much as a 50 percent increase in performance versus today's dual-core Xeon 5100s—along with their ability to drop into existing server platforms and their capability to match current power consumption levels, Intel executives said.

Intel's first Xeon 5300 chips will fit into an 80-watt power envelope—the same as dual-core Xeon 5100—while Intel also will offer a 120-watt performance version of the chip. Xeon 5300s will come with either a 1,066MHz or 1,333MHz front-side bus, which shuttles data to and from the chips.

During the first quarter of 2007, Intel will add a 50-watt quad-core Xeon 5300 chip for low-power applications. Still, Intel had to compromise to bring out the Xeon 5300, also known by the code name Clovertown, quickly. The company will create the quad chips by combining a pair of dual-core Woodcrest or Xeon 5100 chips using special packaging. By lowering the clock speed slightly, which cuts down on power consumption and heat production, the chip maker can fit the two dual-core processors into one package.

With 10 Gigabit Ethernet prices coming down and data center performance requirements going up, Cisco Systems is moving to grab broader market acceptance for its high-speed networking technology.

On Sept. 25, Cisco launched a higher-density 10 Gigabit Ethernet module for its Catalyst 6500 that doubles the number of ports, increases performance by 60 percent and reduces the cost per port for its Catalyst 10 Gigabit Ethernet offering by about 30 percent.

Along with the new eight-port, 10 Gigabit Ethernet module, Cisco added the Catalyst Blade Switch 3040 for Fujitsu Siemens Computer servers and created a community interface for users who develop automation scripts based on the Cisco IOS (Internetworking Operating System) Embedded Event Manager to allow the users to share scripts with each other.

To attract data center operators to its switching platforms, Cisco emphasized improved port densities for better scalability, better manageability and greater resiliency, according to Marie Hattar, senior director of network systems marketing at Cisco, in San Jose, Calif.

And although the new module can be over-subscribed, Cisco sought to ensure better availability under heavy loads by increasing the buffer size of the module from 16MB per port to 200MB per port.

It's been primarily a Force10/Foundry race in high-performance computing and data center networking. Cisco has managed to sell product in there as a result of its brand, but they haven't had a competitive product until now.

Futuremark ® Corporation is the leading provider of performance analysis software products for PCs and smartphones, and professional services including technology demos, performance analysis services and data research projects. Futuremark® is known around the world for its benchmark products, including the 3DMark® and PCMark® Series and SPMark™ (with more than 30 million copies distributed worldwide) and value-added services powered by a database of over 13 million real life benchmarking results from over 3 million registered users. Futuremark® maintains offices in Saratoga, California and Helsinki, Finland. For more information, please visit http://www.futuremark.com

AGEIA™ Technologies, Inc., is the pioneer of hardware-accelerated physics for PC games and has developed the world's first dedicated physics processor, the AGEIA PhysX™ processor. The AGEIA PhysX processor powers massive and pervasive real-time interactive worlds that for the first time obey the laws of classical physics. AGEIA provides a world-class cross platform software development kit to simplify advanced physics programming for the PhysX processor, as well next-generation gaming consoles. AGEIA is changing the face of gaming by working with more than sixty leading developers and publishers to deliver the next generation of physically immersive entertainment. The company, headquartered in Mountain View, Calif., is privately-held. For more information visit http://www.ageia.com

Firefox 2.0 Release Candidate 1 show that the new browser will be a worthwhile upgrade, with welcome usability enhancements and improved security controls, but anyone hoping that it would set the Web on fire with innovative new features will probably be a little disappointed.

Firefox 2.0 RC1 changes the way that the browser handles large numbers of open tabbed windows. In previous versions, the browser would squeeze all the tabs onto the screen. Now, the browser leaves the tabs sized normally and adds arrows to the left and right of the tabbed window bar; users can click on these arrows to see tabs that have moved off the screen. This model is much better when it comes to actually seeing what's in the tab, although we kind of miss being able to easily tell how many tabs we have open.

A smaller change in this release provides additional options when clicking on RSS feed links within the browser. Firefox 2.0 RC1 launches an informational screen about the feed and provides subscription options, allowing users to choose among adding the feed to a feed-reading service or a feed-reader application, or adding it as a Live Bookmark in Firefox.

Protection against fraudulent phishing Web sites has been enhanced in Firefox 2.0 RC1. The browser can now subscribe to a Google-based service that checks a site against a known list of phishing sites. Firefox 2.0 RC1 also can use a periodically updated list that is downloaded to the browser. We liked that the latter method is the default because the live Google service involves sending surfing information to Google—something that the browser smartly warns users about when the Google-based anti-phishing features are turned on.

While Firefox 2.0 RC1 is most likely very close to what will be the final version of the browser, it is still intended mainly for those testing the browser and is not considered suitable for everyday use. Those interested in testing out the browser can download it at developer.mozilla.org.

While AJAX is the current rage for building interactive browser-based client applications, the action on the server side has focused on Web services. In fact, Web services have become the de-facto standard for exposing business functions at the server level. Given these conditions, a central development question becomes: How do you enable your AJAX-based applications to communicate with Web services? This article explores how you can use Microsoft Atlas (recently renamed to ASP.NET AJAX) to achieve just that.

To follow along, you'll need Visual Studio 2005 and Microsoft Atlas downloaded and installed. If you don't have Visual Studio 2005 installed, you can download a free Visual Studio Express version. This article explains how to interact with Web services through Atlas using an application I've called "ZipCodeRUs." The ZipCodeRUs application retrieves detailed ZIP code information such as the names of cities, counties, and their latitude, longitude, area code, etc. for up to three ZIP codes entered by the user. It relies on a free and publicly available Web service at tilisoft.com to retrieve the information. Full Article Here

On Thursday, Microsoft warned people about a vulnerability in the Windows Shell, the part of the operating system that presents the user interface. The flaw affects Windows 2000, Windows XP and Windows Server 2003 and could be exploited via the Internet Explorer Web browser through a component called WebViewFolderIcon, the company said in an advisory.

"An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer," Microsoft said. "An attacker who successfully exploited this vulnerability could gain the same user rights as the local user."

While sample exploit code has been published, Microsoft said it has not yet seen any related attacks. The vulnerability was actually discovered two months ago, but the code only surfaced this week, according to the French Security Incident Response Team.

Security monitoring company Secunia deems the issue "extremely critical," its most severe rating. Microsoft said it is working on a fix and plans to release it on Oct. 10 as part of its regular patch cycle. Meanwhile, it suggested several workarounds in its advisory to protect Windows systems.

On Friday, security company Determina provided a third-party fix for the flaw. It is the second time in as many weeks that an outsider has patched a flaw in a Microsoft product. Microsoft does not recommend using such third-party fixes, saying they could cause compatibility problems.

The Windows Shell bug is one of several flaws that are publicly known and for which exploit code is available, but which Microsoft has yet to patch. Cyber crooks are actively exploiting yet-to-be-fixed holes in PowerPoint, Word and IE, Microsoft has acknowledged.

Miscreants are taunting Microsoft with zero-day code, or attack code released immediately after a flaw or patch is made public, experts have said. Some security watchers have started to coin the term "zero-day Wednesday" to come after "Patch Tuesday," Microsoft's patch day on the second Tuesday of each month. Microsoft put its patches on a schedule to give IT managers time to plan and prepare.

Billionaire investor and dot-com veteran Mark Cuban had harsh words on Thursday for YouTube, the online site that lets people share video clips, saying only a "moron" would purchase the wildly popular start-up.

Cuban, co-founder of HDNet and owner of the NBA's Dallas Mavericks, also said YouTube would eventually be "sued into oblivion" because of copyright violations. "They are just breaking the law," Cuban told a group of advertisers in New York. "The only reason it hasn't been sued yet is because there is nobody with big money to sue."

YouTube, based in San Mateo, California, specializes in serving up short videos created by everyday people. Its popularity, with more than 100 million video showings daily, has spurred speculation the firm will be sold or taken public. YouTube company representatives were not immediately available to respond to Cuban's comments.

YouTube, which has nearly one-third of the U.S. Web video audience, three times that of Google Inc., or twice that of News Corp's MySpace, has been working on signing licensing deals with music companies and TV networks to ensure they are paid when users view their content.

This month YouTube unveiled its first deal to distribute music videos legally from a major music company by agreeing a deal with Warner Music Group, home to pop stars James Blunt and Madonna.

In other remarks, meanwhile, the often-controversial Cuban also told advertisers that the reach of YouTube is limited, particularly when it comes to user-generated videos.

Microsoft's maiden entry into the anti-phishing space outperforms similar technologies offered by more established security applications providers, according to a new report commissioned by the software company and conducted by researchers 3Sharp.

Based on a comparative study sponsored by Microsoft that tested anti-phishing applications from eight different software vendors and online specialists, the malicious Web site-blocking capabilities built into the latest beta version of Internet Explorer, specifically when used with the Microsoft Phishing Filter, catch a higher percentage of phishing attempts than rival technologies. Phishing attempts most frequently involve the use of spam e-mail to direct traffic to Web sites built to appear as the online operations of a legitimate business in the name of stealing users' private information.

Common iterations of the attacks have sought to trick people to hand over their password information to sites tailored to look like those of large financial institutions, or popular online businesses such as eBay. According to the APWG (Anti-Phishing Working Group) industry consortium, the number of phishing sites operating online is growing at a rate of 400 percent per year.

3Sharp, which is based in Redmond, Wash., and focuses its research primarily around Microsoft products, said that the IE 7 Beta 3 RC3 browser beat out similar products from anti-phishing technology makers Netcraft, Google, eBay, EarthLink, GeoTrust, Netscape and McAfee, whose product finished in that order in the test.

One day after patching a widely exploited flaw in its Internet Explorer browser, Microsoft Corp. has a new bug to worry about, this time in PowerPoint.

Attackers have been exploiting a newly discovered bug in Microsoft's Office presentation software in extremely targeted attacks, McAfee Inc. reported yesterday. Researchers were made aware of the attacks when a customer submitted two different malicious PowerPoint files, both of which exploited the same vulnerability, said Craig Schmugar, a virus researcher at McAfee. Both files installed malicious remote access Trojan software that then attempted to connect to an outside Web server, he said.

Though McAfee is not releasing technical details of the exploit, the security vendor says that it has confirmed that the attack works on three versions of Office running on the Windows 2000 operating system: Office 2000, Office XP, and Office 2003. Other platforms and other Office applications may also be affected, but McAfee has not yet had time to complete its testing, Schmugar said.

Schmugar has blogged about the issue on the Avert labs site.

Microsoft "has concluded that this issue affects users of Microsoft Office 2000, Microsoft Office 2003, and Microsoft Office XP," the company said in an statement. Microsoft and other security vendors, including Symantec Corp. and McAfee, have added signatures to their security products so that they can detect this malicious code.

Six men have been charged with orchestrating a phishing scheme that targeted AOL users, the Department of Justice said Wednesday.

The men are accused of harvesting thousands of AOL e-mail addresses and then infecting victims' PCs with malicious software that would prevent them from logging on to AOL without entering their credit card numbers, bank account numbers and other personal information. Under the scam, victims would receive fake e-mail greeting cards that would silently infect their computers with the log-on software, according to a grand jury indictment. Victims were also spammed with phoney e-mail messages that claimed to have come from AOL's billing department.

Due to a central server meltdown, your credit card information was lost," one such e-mail read, according to the indictment. "In order to enjoy your AOL experience and keep your account active, you must enter your credit card information within 24 hours." Some of the fake greeting cards claimed to come from Web sites such as Hallmark.com or BlueMountain.com, the indictment states.

AOL users appear to have been the primary targets of the fraud, but others may also have been targeted, according to Tom Carson, a spokesman for the United States Attorney's office for the District of Connecticut. "The investigation is ongoing," he said. "I think we can say the bulk of those targeted were AOL users, but we can't say with 100 percent certainty that they were the only victims," he said.

The accused are believed to have defrauded thousands of individuals, U.S. Attorney Kevin O'Connor said in a statement. "These are insidious crimes that wreak havoc on the lives of victims, and we will seek strict terms of imprisonment." The alleged scam was conducted over a two-year period, beginning in 2004, the U.S. Attorney said. Proceeds from the crime were used to purchase gaming consoles, laptop computers and gift cards, the indictment states.

The men were actually indicted on fraud charges last week by a federal grand jury in New Haven, but the charges were not made public until Wednesday, when three of the men pleaded guilty.