A lot of interesting stuff going on today, most of it I don’t have time to comment on, just read.
Internet Explorer 8 and Acid2: A Milestone As a team, we’ve spent the last year heads down working hard on IE8. Last week, we achieved an important milestone that should interest web developers. IE8 now renders the “Acid2 Face” correctly in IE8 standards mode.
Duke Nukem Forever Teaser Debuts on Shacknews Following yesterday’s screenshot release, Shacknews is pleased to premiere the first new Duke Nukem Forever teaser trailer in over six years. According to George Broussard of developer 3D Realms, the approximately minute-long video was originally created internally for the purpose of holiday festivities and marks the beginning of further media unveilings surrounding the notoriously long-in-development first- person shooter.
Antivirus firm: Google text ad Trojan detected Advertisements placed by Google in Web pages are being hijacked by so-called Trojan horse software that replaces the intended text with ads from a different provider, Romanian antivirus company BitDefender says.
The Trojan redirects queries meant to be sent to Google servers to a rogue server, which displays ads from a third party instead of ads from Google, BitDefender said in a statement.
The Ultimate Fate of Supplemental Results In 2003, Google introduced a “supplemental index” as a way of showing more documents to users. Most webmasters will probably snicker about that statement, since supplemental docs were famous for refreshing less often and showing up in search results less often. But the supplemental index served an important purpose: it stored unusual documents that we would search in more depth for harder or more esoteric queries.
Worm Hits Google’s Orkut Google’s Orkut social networking site appeared to have been hit by a relatively harmless worm, but one that demonstrated the continuing vulnerability of Web applications.
The People Inside Google’s Black Box After I wrote about Google’s search technology earlier this year, I got an e-mail from an engineer at another search engine telling me not to believe Google when it said its search results were simply the product of fancy formulas. Google, he said, has human beings helping to pick the best sites for many queries.
Intel to delay launch of three 45nm quad-core CPUs on poor AMD performance Intel has recently adjusted its product strategy and will postpone three 45nm quad-core CPUs that were originally scheduled to launch in January next year, according to sources at motherboard makers.
Intel has already notified its partners that it will push back the launch of the three CPUs to February or March next year, depending on AMD’s schedule for triple-core and the upcoming Phenom CPUs.
Firefox 3 Beta 2 now available for download Firefox 3 Beta 2 is now available for download. This is the tenth developer milestone focused on testing the core functionality provided by many new features and changes to the platform scheduled for Firefox 3. Ongoing planning for Firefox 3 can be followed at the Firefox 3 Planning Center.
Source: tipsdr
Showing posts with label Technology. Show all posts
Showing posts with label Technology. Show all posts
Tuesday, December 25, 2007
Monday, December 3, 2007
IE Expecting Threats from Hackers
Microsoft Corp said Monday that a flaw in the way its Windows operating system looks up other computers on the Internet has resurfaced, and could expose some customers to online attacks.
The flaw primarily affects corporate users outside of the U.S. It could theoretically be exploited by attackers to silently redirect victims to a malicious Web site.
Microsoft originally patched this flaw in 1999, but it was rediscovered recently in later versions of Windows and subsequently publicized at a recent hacker conference in New Zealand. "This is a variation of that previously reported vulnerability that manifests when certain client-side settings are made," said Mike Reavey, a group manager at Microsoft's Security Response Center.
The bug has to do with the way Windows systems look for DNS (Directory Name Service) information under certain configurations.
Any version of Windows could theoretically be affected by the flaw, but Microsoft issued an advisory Monday explaining which Windows configurations are at risk and offering some possible workarounds for customers. The company said it is working to release a security patch for the problem.
Here's how the attack would work: When a Windows system is specially configured with its own DNS Suffix, it will automatically search the network for DNS information on a Web Proxy Auto-Discovery (WPAD) server. Typically this server would be a trusted machine, running on the victim's own network.
WPAD servers are used to cut down on the manual configuration required to get Windows systems working on the network. DNS suffixes are used to associate computers with certain domains of the network and to simplify administration.
To make it easier for the PC to find a WPAD server, Windows uses a technique called DNS devolution to search the network for the server. For example, if an IDG PC was given a DNS suffix of corp.idg.co.uk, it would automatically look for a WPAD server at wpad.corp.idg.co.uk. If that failed, it would try wpad.idg.co.uk and then wpad.co.uk.
And that's where the problem lies. By looking for DNS information on wpad.co.uk, the Windows machine has now left the IDG network and is doing a DNS look-up on an untrusted PC.
Reavey says that this problem only affects customers whose domain names begin with a "third-level or deeper" domain, meaning that even with the DNS suffix, users on networks like idg.com or dhs.gov are not affected.
Attackers who registered "wpad" domains within second-level domains such as co.uk or co.nz could redirect victims to malicious Web sites without their knowledge -- a "man in the middle" attack." An victim might think he was visiting his bank's Web site, but in reality, he could be sent to a phishing site.
"It's particularly insidious because a lot of people don't realize that this is happening," said Cricket Liu, vice president of architecture with DNS appliance vendor Infoblox. To date, Microsoft has heard of no such attacks actually being carried out, Reavey said.
Customers who have set their own proxy server or who have a WPAD server on their network are not at risk, Microsoft said.
Still, according to the New Zealand security researcher who discovered this flaw, many customers could be affected. Beau Butler, who also happens to own the wpad.co.nz, domain estimates that about 160,000 PCs are affected by the problem in New Zealand alone, according to a published report. Butler could not be reached immediately for comment on this story, but in a note on a local Linux group Web site, he said he is collecting Web server data from this domain.
The flaw primarily affects corporate users outside of the U.S. It could theoretically be exploited by attackers to silently redirect victims to a malicious Web site.
Microsoft originally patched this flaw in 1999, but it was rediscovered recently in later versions of Windows and subsequently publicized at a recent hacker conference in New Zealand. "This is a variation of that previously reported vulnerability that manifests when certain client-side settings are made," said Mike Reavey, a group manager at Microsoft's Security Response Center.
The bug has to do with the way Windows systems look for DNS (Directory Name Service) information under certain configurations.
Any version of Windows could theoretically be affected by the flaw, but Microsoft issued an advisory Monday explaining which Windows configurations are at risk and offering some possible workarounds for customers. The company said it is working to release a security patch for the problem.
Here's how the attack would work: When a Windows system is specially configured with its own DNS Suffix, it will automatically search the network for DNS information on a Web Proxy Auto-Discovery (WPAD) server. Typically this server would be a trusted machine, running on the victim's own network.
WPAD servers are used to cut down on the manual configuration required to get Windows systems working on the network. DNS suffixes are used to associate computers with certain domains of the network and to simplify administration.
To make it easier for the PC to find a WPAD server, Windows uses a technique called DNS devolution to search the network for the server. For example, if an IDG PC was given a DNS suffix of corp.idg.co.uk, it would automatically look for a WPAD server at wpad.corp.idg.co.uk. If that failed, it would try wpad.idg.co.uk and then wpad.co.uk.
And that's where the problem lies. By looking for DNS information on wpad.co.uk, the Windows machine has now left the IDG network and is doing a DNS look-up on an untrusted PC.
Reavey says that this problem only affects customers whose domain names begin with a "third-level or deeper" domain, meaning that even with the DNS suffix, users on networks like idg.com or dhs.gov are not affected.
Attackers who registered "wpad" domains within second-level domains such as co.uk or co.nz could redirect victims to malicious Web sites without their knowledge -- a "man in the middle" attack." An victim might think he was visiting his bank's Web site, but in reality, he could be sent to a phishing site.
"It's particularly insidious because a lot of people don't realize that this is happening," said Cricket Liu, vice president of architecture with DNS appliance vendor Infoblox. To date, Microsoft has heard of no such attacks actually being carried out, Reavey said.
Customers who have set their own proxy server or who have a WPAD server on their network are not at risk, Microsoft said.
Still, according to the New Zealand security researcher who discovered this flaw, many customers could be affected. Beau Butler, who also happens to own the wpad.co.nz, domain estimates that about 160,000 PCs are affected by the problem in New Zealand alone, according to a published report. Butler could not be reached immediately for comment on this story, but in a note on a local Linux group Web site, he said he is collecting Web server data from this domain.
Monday, November 26, 2007
Work online on Office Documents with Instacoll
You have a desktop or laptop PC, with a connection to the Internet. You still use earlier versions of Microsoft’s Office tools such as the word processor Word, the presentation tool Powerpoint and the spread sheet Excel. You have not upgraded to the latest — 2007 — versions of MS Office. May be you could no longer afford to do so.
Thirty Indian engineers based in Bangalore have created a suite of online productivity tools that enables such users to enjoy the look, feel and much of the functionality of the newest edition of the three main Microsoft Office tools by downloading for free, a 5-megabyte chunk of software. What’s more, they can work on their files, from any machine anywhere by accessing them from a 100 megabyte storage space that is provided to them on the Web; they can switch seamlessly from desktop to Web and back; they can share their files from chosen friends or colleagues; they can collaborate on a single document, deciding who can share what, and exchanging comments live through text pop-pops… all this on any platform, Windows, Linux, Unix or whatever.
The application is called Live Documents. It was unveiled a few days ago to a lot of global interest and critical scrutiny. It is the work of the Bangalore-based InstaColl, a wholly Indian Internet-driven company whose Chairman and inspiration is Sabeer Bhatia, the man who co-developed Hotmail, the world’s first Web-based e-mail service, which he subsequently sold to Microsoft.
While the ability to use Live Documents is free for individual users (You can apply for an invitation to join at www.live-documents.com but due to the huge number of requests in the last few days, the company is having to beef up its infrastructure and it might take 3-4 weeks to receive your authorisation.)
Thirty Indian engineers based in Bangalore have created a suite of online productivity tools that enables such users to enjoy the look, feel and much of the functionality of the newest edition of the three main Microsoft Office tools by downloading for free, a 5-megabyte chunk of software. What’s more, they can work on their files, from any machine anywhere by accessing them from a 100 megabyte storage space that is provided to them on the Web; they can switch seamlessly from desktop to Web and back; they can share their files from chosen friends or colleagues; they can collaborate on a single document, deciding who can share what, and exchanging comments live through text pop-pops… all this on any platform, Windows, Linux, Unix or whatever.
The application is called Live Documents. It was unveiled a few days ago to a lot of global interest and critical scrutiny. It is the work of the Bangalore-based InstaColl, a wholly Indian Internet-driven company whose Chairman and inspiration is Sabeer Bhatia, the man who co-developed Hotmail, the world’s first Web-based e-mail service, which he subsequently sold to Microsoft.
While the ability to use Live Documents is free for individual users (You can apply for an invitation to join at www.live-documents.com but due to the huge number of requests in the last few days, the company is having to beef up its infrastructure and it might take 3-4 weeks to receive your authorisation.)
Subscribe to:
Posts (Atom)