Mozilla has announced that there is a flaw in both its FireFox browser and the SeaMonkey application suite that would allow attackers to bypass security using a regression error in the way the open-source apps handle IMG tags.
The flaw affects Firefox version 18.104.22.168 and 22.214.171.124, and SeaMonkey version 1.0.7. The flaw is repaired in later versions of both applications.
Mozilla released those versions last week, including a fix for more than 10 other flaws in Firefox.
Mozilla’s security chief said the organization tries to release a security upgrade every six weeks or so.
The full version of this story appeared on TechTarget sister site SearchWinSecurity.com.
Microsoft Corp. is revising Windows Vista certification exams to include more information about application support. The additional questions will come in tests to upgrade a Microsoft Certified Desktop Support tag to a Certified IT Professional, in one on troubleshooting applications on a
Vista client, and one on consumer desktop support (specific titles in the story here).
More information will be added on supporting 2007 Microsoft Office System. A Microsoft spokesperson said the company would add the information because it had been left out inadvertently from earlier versions. Those who have taken the beta exams will be notified of the change and the chance to take an additional beta exam free.
The original version of this story appeared on TechTarget sister site SearchWinIT.com.
Imagine Cerf sitting on his Founding Father throne, listening to Wagner, looking back on a long career. This might be a guy whose advice is worth taking.
Cerf says the biggest Internet security threats are the proliferation of spam, botnets, malware, and denial-of-service (DoS) attacks. He has hope for security, though, and cites domain name security (DNSSEC) technology, filtering of source IP addresses, use of IPSec, and two-factor authentication as the promising security measures of the near future.
Didn’t we know this already? Perhaps. But it always helps to hear it from the horse’s mouth.
I’ll leave you with a little Jimi Hendrix this week: “Knowledge speaks, but wisdom listens.” Be a wise VAR. Listen to your dad.
In case you haven’t heard yet, the switch away from standard time this year won’t be, well, standard. The Energy Policy Act of 2005 changed the start of daylight saving time to March 11 this year, meaning that some software written before the act may rely on the wrong algorithms to calculate when to bump the clock up an hour.
Specifically, DST kicks in on the second Sunday of March from now on, instead of the first Sunday of April.
Much of the software out there has already been patched, so it is possible to prepare for the new DST. One program to watch out for is Microsoft Outlook; its automated scheduling feature will be an hour off.
IT departments at larger companies should have already alerted their employees, but workers at smaller companies may not be aware of the potential software glitches, said Patrick Mills, senior software engineer at NeverLand Software & Systems, a system integrator in Arlington, Va.
The good news is that many of those smaller companies don’t rely much on automated scheduling, Mills said. NeverLand has upgraded its clients’ software and given them a heads-up as needed, bit it’s important to keep in mind, Mills said, that in the end, most users will experience nothing worse than a little confusion over when meetings were scheduled.
“Worst case, even if you haven’t updated your machine at all, you can set the time by hand. This is not a Y2k [kind of] issue; this is a time change. You’re talking about being an hour out,” he said.
In mission-critical applications like databases or log files, there may be some issues, Mills said. Most of those should have fixes available, though; it’s just a matter of making sure they’re applied.
Avaya could provide some additional competition to both Cisco Systems Inc. and Vonage, following an agreement to put its voice over IP (VoIP) software on Lenovo ThinkPad notebooks.
Avaya — a solid competitor to Cisco in the international voice systems market, but a distant trailer in the U.S. — made the agreement to expand its VoIP market share by putting its products right on the desktops of highly mobile executives, allowing them to use their office phone numbers while on the road, according to a statement from Avaya.
The products could give channel companies that specialize in systems and network integration the ability to sell basic VoIP systems along with their laptops and without the expense of training or hiring voice networking specialists.
The software includes “click to call” integration with Microsoft Corp.’s Office Communicator and IBM’s Lotus SameTime instant messaging clients, as well as with the systems software on the ThinkPads themselves.
The Avaya IP Softphone will be able to authenticate users with the fingerprint-reading biometric security on ThinkPads, as well as with the system’s message notification system, so the screen will light up when a voicemail arrives.
The first version of the integrated system is due in the third quarter of this year. No pricing was available.
Hackers plant backdoor in blogging software Stop the WordPress. [TheReg]
Connecticut AG investigating Best Buy sales tactics Blog: The attorney general for the state of
Connecticut has opened an investigation into sales tactics used by retailing giant Best Buy. [CNET]
McAfee names ex-EMC executive as new CEO The security company, which has been without a permanent CEO since October, taps Dave DeWalt to be its new chief. [CNET]
Fickle AMD rocked as channel gets revenge AMD’s obsession with top server and PC makers has proved costly. The chip maker claims to have focused on so-called Tier 1 OEMs at the expense of its longtime channel partners and now blames declining channel sales for its expected first quarter revenue miss. [TheReg]
The head of Hewlett Packard‘s Technology Solutions Group (TSG) resigned on Friday, a spokesperson for HP confirmed today.
David Booth, TSG’s senior vice president and U.S. country manager, left the company for “personal reasons,” according to Jane McMillian, director of media relations for TSG. His role will be filled by Jack Novia, senior vice president of and managing director for the Americas region of TSG .
Booth was responsible for all of TSG’s go-to-market operations, McMillian said, including coordinating with channel executives at HP. On Friday, SearchITChannel.com reported that HP appointed Adrian Jones as vice president and general manager of HP’s Solutions Partners Organization in the Americas. Jones would have worked with Booth, McMillian confirmed.
McMillian said operations will not be affected by the resignation. The company has begun a search for Booth’s replacement, she said, and is looking both internally and outside the company. She would not specify a time line for the process.
Not too long ago I wrote about the opportunities that exist for VARs in the RFID market. Today it looks like that market may have come into its own. AeroScout just received $21 million of venture capital. While the details aren’t being disclosed, you can bet this will be a nice boost for the RFID marketplace.
RFID — radio frequency identification — tags can help streamline manufacturing operations and other business ventures that require up to the minute product tracking. I still think it’s a good idea for VARs to begin looking into this field. It’s only a matter of time until SMBs and other small shops start clamoring for the “on demand business” that IBM has been promising in its commercials for the past couple of years. RFID may be one way to provide it.
VARs should be aware of this technology and know it could be applied in a company. RFID tags will allow VARs to provide information about product production and location immediately. This way, when a customer is looking for a missing piece of inventory or a product that is shipping, VARs will have the answers to their questions within minutes. That’s a pretty powerful business advantage.
Federal IT Outsourcing market reflects shortages and shift away from government-owned IT The impending U.S. federal IT workforce shortage, war in
Iraq, and federal contract spending slowdown are resulting in a shift within the federal market away from a government-owned, government-operated model toward a contractor-owned, contractor-operated approach, according to analyst firm INPUT. As a result, the analysts forecast the federal IT outsourcing (ITO) market growth at a compound annual growth rate of 5.9 percent, from $13.3 billion in FY 2006 to $17.7 billion by FY 2011.
Berners-Lee’s talk goes back to the Web’s future Opinion: Tim Berners-Lee, creator of the World Wide Web and director of the World Wide Web Consortium, presents a good argument for net neutrality. [eWEEK]
Social networking’s next phase Next week Cisco Systems, a Silicon Valley heavyweight, plans to announce one of its most unusual deals: it is buying the technology assets of Tribe.net, a mostly forgotten social networking site, according to people close to the companies’ discussions. [NYT]
The stock market took a scary plunge last Tuesday in reaction to a sudden drop in China’s market. According to a Boston Globe Article, Misery in the market, the dow dropped 564 points, losing 200 points in ten minutes in the late afternoon. The market hasn’t seen a decline this drastic since the September 11th terrorist attacks. The photos accompanying the article fall beneath the tagline, “Reverberations around the world” and portray well-suited and panic-stricken financial professionals from Shanghai, New York, San Paulo and Tokyo.
Since Tuesday, the world’s markets appear to be bouncing back. NPR commentators are saying if investors are in it for the long-haul, Tuesdays sudden crash shouldn’t resound in an echo of panic.
How does this yo-yo economy reverberate in the channel and with SMBs? It doesn’t – or so it appears when one is desperately perusing the net for channel blogs addressing market instability. I haven’t found a thing; perhaps the channel is floating by, blissfully unscathed.
However with Dell reporting a 33 percent earnings decline and Novell reporting a first-quarter net loss of $19.9 million I wonder.
Since I can’t find the word on line, write in and let us know.