Synchronized patching plugs DNS hole

 

A DNS cache-poisoning flaw prompted several IT vendors—Microsoft, Cisco, Sun Microsystems, and others—to release patches on Tuesday in a united effort to mitigate possible problems. Dan Kaminsky, a researcher at IOActive, discovered the flaw earlier this year but kept the vulnerability under wraps until vendors could ready their patches. The flaw could let attackers send users to phishing sites even if they typed the right URLs into their browsers. Kaminsky discovered the flaw by accident and plans to present a paper about it at the upcoming Black Hat USA convention in August. (Computer World)

Google and eBay launch antiphishing program

 

Google announced it will work with eBay and PayPal to help protect Gmail users from phishing emails. The companies will use email authentication technology from DomainKeys to keep phony emails from entering Gmail accounts. The technology will authenticate emails coming from the ebay.com and paypal.com domains before passing them to users’ inboxes. Emails that can’t be authenticated will be automatically deleted. (BetaNews)

Google releases its XML alternative

 

Google has released Protocol Buffers, its alternative to XML. According to Google’s documentation, Protocol Buffers differs from XML in that it’s based on procedural logic rather than structural declarations. Unlike XML, Protocol Buffers contain a file with the .proto extension that houses class declarations. The .proto file uses object-oriented languages—C++, Java, or Python—to define structural prototypes for tables. Each default value for members of a class is set to digits or values that determine where the class member falls within a sequence. Google says the buffers offer several advantages over XML, including simplicity and speed. However, the buffers wouldn’t work well to model text-based documents and aren’t human-editable in their native format. (Beta News)

HealthMap trolls Internet to track infectious diseases

 

Researchers from Children’s Hospital Boston and Harvard Medical School have developed an automated data-gathering system that monitors infectious disease outbreaks around the world in real time. HealthMap combs online news sources, discussion forums, and listservs for data on disease outbreaks. It integrates this data with information from official releases from agencies such as the World Heath Organization to provide a comprehensive global view on emerging health issues. The data is displayed by location using Google Maps. (Science Daily)

Microsoft Access vulnerable to ActiveX attacks

 

Microsoft has warned that a vulnerability in the ActiveX control for the Snapshot Viewer in Access 2000, 2002, and 2003 could let attackers gain access to machines and remotely execute code. However, the attack would have to be targeted; users would have to visit a Web site that exploits the flaw for it to work. Microsoft advises users to configure their browsers to disable Active Scripting or ask before running ActiveX controls. (ZDNet)

Google makes internal security scanner available

 

Google has released its internal Web application scanner to the public for free. The tool—Ratproxy—scans Web applications and looks for coding errors that could lead to security vulnerabilities, such as cross-site scripting attacks or caching problems. “We decided to make this tool freely available as open source because we feel it will be a valuable contribution to the information security community, helping advance the community’s understanding of security challenges associated with contemporary Web technologies. We believe that responsible security research brings a net overall benefit to the safety of the Web as a whole, and have released this tool explicitly to support that kind of research,” wrote Michal Zalewski on the company’s security blog. (Google)

IBM’s purchase of mainframe make raises antitrust concerns

 

IBM’s purchase of rival mainframe vendor Platform Solutions has one industry trade group calling the deal a “black hole.” The Computer and Communications Industry Association (CCIA), a nonprofit association of computer and communications firms, has questioned the move and raised concerns that IBM is trying to stamp out the competition. “It sucks the life out of the market and destroys the matter,”transforming a market with latent potential for competition and innovation into a sector “with little prospects for anything but complete domination by IBM,”? said Ed Black, CCIA president and CEO. Neither IBM nor Platform Solutions released the financial terms of the deal. However, as part of the purchase, both companies dropped lawsuits against each other stemming from IBM’s initial patent infringement lawsuit against Platform Solutions in 2006. (CIO)

Robot teaches itself new tools

Researchers at the University of Massachusetts Amherst have developed a robot that teaches itself how to use tools it hasn’t encountered before. The robot—dubbed UMan—uses a webcam to identify tools lying on a table. UMan analyzes differences in pixels; UMan identifies the tool’s shape. Using its robotic arm, UMan prods and pushes the tool along the table and watches how the tool’s parts move in relation to each other. If it encounters a restricted movement, the robot interprets it as a joint. UMan then puts this information together to manipulate the tool. However, UMan can’t pick up tools and use them just yet. Instead, it uses them along the surface of the table. So far, UMan has learned to use scissors, shears, and different kinds of wooden toys. (Technology Review)

Adobe working to better index Flash content in search engines

 

The latest version of Adobe’s Flash Player allows search engines to more easily index Flash-based content. Search engines can already index text and links in Flash animations but will now be able to index information in Flash files, including gadgets such as buttons and menus, and self-contained Flash Web sites. Google has launched its advanced Flash indexing algorithm, and Yahoo is said to be developing its own. Flash Video files (FLV), however, will not be indexed because they don’t contain text elements. (Beta News)

ICANN loosens domain name regulations

 

The Internet Corporation for Assigned Names and Numbers (ICANN) voted unanimously to ease the regulations on top-level domain names and internationalized domain names. Under the relaxed policies, companies can register domain names based on their names, such as .ebay or .amazon, and names in other languages—Chinese or Arabic, for example—will be allowed. Individuals will be allowed to register their own names if they can provide a business plan. For disagreements that arise over registering generic domains such as .sport or .love, ICANN will implement an arbitration process to settle disputes. ICANN expects the final version of the new rules to be published in early 2009; applications for new domain names will follow in the latter half of 2009. (BBC)

Showing 3,751 - 3,760 of 4,515 results.
Items per Page 10
of 452