Attackers zero in on Yahoo Jukebox's ActiveX flaw

Just one day after hackers showed how to exploit a number of flaws in the ActiveX software used by Internet Explorer, Symantec has spotted online criminals using one of the attacks.

The attack, which was first observed in the last few hours, is not widespread at present. Symantec Security Response Director Oliver Friedrichs said Tuesday that the company had identified just three Web sites that were hosting the attack code, all of which seem to be linked to the same criminals. But he believes that more attacks are inevitable as the bad guys work the code into their malicious toolkits of software. "Given the fact that the proof of concept is available and works, it's not exactly rocket science for someone to plug this into [a toolkit]," he said. "That's likely to happen in short order."

Security researchers Elazar Broad and Krystian Kloskowski have disclosed a slew of ActiveX bugs affecting MySpace and Facebook over the past few days, but the attack reported by Symantec takes advantage of a flaw in an ActiveX control used by Yahoo's Music Jukebox.

After the attackers are able to install software on the victim's machine, they then begin installing a number of malicious files on the victim's computer, Symantec said.

Broad and Kloskowski also discovered a second ActiveX bug in Yahoo Jukebox, but that flaw is not yet being exploited by attackers, according to Symantec. Another major source of problems is the Aurigma ImageUploader ActiveX control, which is used by Web sites such as Facebook and MySpace to upload pictures into Internet Explorer.

Because of all the ActiveX bugs, Security experts are warning users to be cautious while Web browsing. On Tuesday, US-CERT (United States Computer Emergency Readiness Team) published a note encouraging users to disable ActiveX controls, which can be done by setting Internet Explorer's security level to "high" for the Internet zone.

That may not be a realistic option for many consumers, who will find their Internet Explorer browsing experience hobbled without ActiveX, Friedrichs said. But tech-savvy users and corporate IT shops can take steps to disable the untrusted ActiveX controls. In fact, the SANS Internet Storm Center has published free software that disables the controls.

Another option for enterprise users is to create a whitelist of approved ActiveX controls, Friedrichs said.

Security problems with browser add-ons are very common. In the first half of 2007, Symantec identified 237 browser plugin security flaws. About 89 percent of centered on ActiveX.

Yahoo did not immediately respond to an e-mail message requesting comment for this story.

Source

Yahoo Board Chairman Quits

Terry Semel is stepping down as Yahoo's non-executive chairman, six months after handing over his CEO title to Jerry Yang.

Semel is leaving the board effective immediately, Yahoo announced Thursday. He will be replaced as non-executive chairman by another board member, Roy Bostock, the company said.

Semel was chairman and CEO of Yahoo for six years until he was replaced in a management shuffle last June. Yang, one of Yahoo's co-founders, was made CEO, and Semel was demoted to non-executive chairman.

As CEO, Semel helped to build Yahoo's audience from 170 million to more than 500 million users. But he was also blamed for missteps that allowed Google to build a commanding lead in online search and advertising, prompting last year's reorganization.

"With the Company moving forward under new leadership, I believe this is an appropriate time for me to step down from the board," Semel said in the statement.

He approached the board several months ago about leaving once a replacement could be found, Yahoo said.

Bostock has a long history in the advertising industry, "an area that is more important than ever to Yahoo's business and our long term success," the company said.

On Tuesday Yahoo reported that net income for its fourth quarter declined to $206 million, from $269 million a year earlier. It also announced plans to lay off about 1,000 staff.

Semel's departure from the board appears to mark the end of his tenure at Yahoo. Yang thanked him for "his many contributions to Yahoo over the years and for helping to lay a firm foundation for future success and improved financial performance."

Bostock has been a board member at Yahoo since May 2003 and was elected unanimously by the board to replace Semel. From 1990 to 2000 he was chairman and CEO of D'Arcy Masius Benton & Bowles, and its successor advertising company The MacManus Group.

Source

Microsoft Makes $44.6 Billion Offer for Yahoo

Microsoft has offered to buy Yahoo for US$44.6 billion.

The offer is 62 percent above Yahoo's closing share price on Thursday.

"We have great respect for Yahoo!, and together we can offer an increasingly exciting set of solutions for consumers, publishers and advertisers while becoming better positioned to compete in the online services market," said Steve Ballmer, chief executive officer of Microsoft.

"Our lives, our businesses, and even our society have been progressively transformed by the Web, and Yahoo! has played a pioneering role by building compelling, high-scale services and infrastructure," said Ray Ozzie, chief software architect at Microsoft.

The bid comes hours after Yahoo announced that Terry Semel was stepping down as non-executive chairman, six months after handing over his CEO title to Jerry Yang.

Semel is leaving the board effective immediately, Yahoo announced yesterday. He will be replaced as non-executive chairman by another board member, Roy Bostock, the company said.

Semel was chairman and CEO of Yahoo for six years until he was replaced in a management shuffle last June. Yang, one of Yahoo's co-founders, was made CEO, and Semel was demoted to non-executive chairman.

As CEO, Semel helped to build Yahoo's audience from 170 million to more than 500 million users. But he was also blamed for missteps that allowed Google to build a commanding lead in online search and advertising, prompting last year's reorganisation.

"With the Company moving forward under new leadership, I believe this is an appropriate time for me to step down from the board," Semel said in the statement.

He approached the board several months ago about leaving once a replacement could be found, Yahoo said.

Bostock has a long history in the advertising industry, "an area that is more important than ever to Yahoo's business and our long term success," the company said.

This week Yahoo reported that net income for its fourth quarter declined to $206 million, from $269 million a year earlier. It also announced plans to lay off about 1,000 staff.

Source

Check It Out !! marulez's blog

Want brand new movies to watch free.. Check it out my buddy marulez's blog..he got most of the latest movies in dvdrip in his blog and ya u rite..for free..just download the movies which you want to see...from "I am Legend", "No Country For Old Men" to "The Great Debaters" he got most of the best movies of 2007. So don't forget 2 check it out!!..
Here is the link:
www.marulezz.blogspot.com

Apple Patches iPhone, iPod, QuickTime Security Flaws

Apple has released its first security updates of the new year, fixing bugs in its QuickTime media player and iPhone and iPod touch devices.

As with previous updates, the iPhone 1.1.3 software patch sent those who had installed the unauthorized Jailbreak software -- used to run third-party applications on the iPhone -- scrambling to get their phones up and running. That's because Apple's updates have so far always rendered Jailbreak unusable, forcing users to go through a complex re-installation process.

According to the Unofficial Apple Weblog, it is possible to run third-party software following this latest update, but the process is complex. A simpler Jailbreak 1.1.3 script is expected to be posted eventually at the iPhone Wiki, which is the hub of much iPhone hacking.

The iPhone update fixes two flaws in the Safari browser, including a critical bug that could be exploited to run unauthorized software on the device. A third bug could let an unauthorized user bypass Passcode Lock and launch iPhone applications. The iPod touch is susceptible to the Safari bugs, Apple said.

These updates will be rolled out to customers over the next week via the devices' iTunes update mechanism.

The QuickTime 7.4 update fixes four critical flaws in the software that could be exploited by attackers to crash the media player or even run unauthorized software on a victim's computer. The update is available for both the Windows and Mac OS X operating systems.

However, the software does not fix a serious flaw in the player that was disclosed over the weekend.

Security experts are particularly concerned over this flaw because attack code showing how it can be exploited has also been published. Apple is still working to fix the vulnerability, which has to do with QuickTime's use of the Real-Time Streaming Protocol (RTSP).

Source

Microsoft Warns of New Excel Vulnerability

Attackers are exploiting a vulnerability that lies within several versions of the Excel spreadsheet program, Microsoft warned late Tuesday.

The problem in Excel allows a hacker to create a malicious Excel document that when opened can compromise a computer, Microsoft said in an advisory. The vulnerability could allow remote code to be executed on a computer, which means a user risks having their personal data exposed.

Microsoft downplayed the risk, saying only targeted attacks have been seen. But since Microsoft Excel documents are commonly used for business, vulnerabilities such as this pose a greater risk.

"Users are familiar with the document being sent to them and are likely to open it," wrote security analyst Maarten Van Horenbeeck, in a commentary on the Web site for the SANS Internet Storm Center, which monitors Internet threats.

The vulnerability is within the Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000 and the Mac version, Microsoft Excel 2004.

Those who have installed Office Service Pack 3, which includes updates for Excel as well as other products in the office productivity suite, are not affected, Microsoft said. That service pack was released last September.

Also not affected are Microsoft Office Excel 2007, Microsoft Office Excel 2007 Service Pack 1 and Microsoft Excel 2008 for the Mac.

A PC user could be attacked a couple different ways. An e-mail with a malicious Excel attachment could be sent, upon which a user would have to download and open it to be exposed, Microsoft said. A hacker could also create a Web site hosting the file and try to persuade people to download it.

Microsoft did not indicate when it would issue a patch for the problem. People who think they may have been attacked can contact Microsoft and their national law enforcement agency.

Source

Sun to buy MySQL for $1 billion

Sun Microsystems Inc. plans to buy open-source software maker MySQL AB for $1 billion, beefing up the server maker's database offerings with a company whose technology is used by some of the world's biggest Web sites.

Sun, in a separate announcement before the market opened, said its second quarter revenue would narrowly exceed Wall Street estimates. It also said profit would fall at the high end of analysts' expectations. The company revealed its preliminary results ahead of schedule.

Santa Clara-based Sun is paying $800 million in cash and assuming $200 million in options to acquire MySQL. The Swedish company makes open-source database software used by companies such as online search leader Google Inc., popular Internet hangout Facebook Inc. and Finnish phone maker Nokia Corp.

Sun said the deal will help spread MySQL's software to large corporations, which have been the biggest customers of Sun's servers and software, and boost its distribution through Sun's relationships with other server makers such as IBM Corp. and Dell Inc.

Sun has tied its fortunes to open-source software. It believes it can sell more server computers and ring up higher maintenance fees by also offering software whose source code is publicly available for free.

MySQL competes with non-open-source offerings from Microsoft Corp. and Oracle Corp., which dominate database software for traditional businesses.

However, MySQL is the rapidly growing market leader in open-source database software, particularly among Web-based companies, where it commands about 80 percent of the global market, according to Sun Chief Executive Jonathan Schwartz.

Microsoft is less than 10 percent of that market, Schwartz said.

"We are really acquiring a database that customers and Web companies across the world have moved to at a breathtaking clip," Schwartz said in an interview. "The titans of the Web all use MySQL - banks, automobile companies, pretty much all of the Fortune 500 runs MySQL in their shops."

The acquisition, expected to close in the third or fourth quarter, takes pressure off Sun to spend some of the cash it's been accumulating. It also bolsters its software offerings with a well-known known name in Internet data retrieval.

"This gives us access to every hot Web company on earth, and every company that will be hot 5 years from now," Schwartz said. "For us, this is completely landscape-changing."

Sun also said it expects net income of between $230 million to $265 million, or 28 cents to 32 cents per share. Analysts surveyed by Thomson Financial were expecting profit of between 22 cents and 38 cents.

Sun predicts $3.6 billion in sales during the second quarter. Analysts were expecting, on average, $3.58 billion in sales.

The company was expected to release its results January 24.

Despite financial difficulties that have plagued Sun since the dot-com meltdown in 2001, the company has been accumulating a cash horde that reached $5.9 billion at the end of the 2007 fiscal year.

In recent quarters, as Sun has returned to profitability under new management and tightened cost controls, investors have pressured the company to spend some of its war chest in ways that boost its value.

Still, some shareholders remain skeptical about the company's prospects.

Sun's stock price has slid about 25 percent since the company's 1-for-4 reverse stock split in November, an essentially cosmetic maneuver to remove the stigma of slumping shares.

In a reverse stock split, a company lowers the number of outstanding shares, boosting the value of each share, while keeping total market value unchanged.

As a result, Sun's share price jumped from around $5 to more than $20, but has fallen sharply since then, closing Tuesday at $14.98 before the acquisition and results were announced.

Sun shares rose 76 cents, or more than 5 percent, to $15.74 early Wednesday.

Source

Apple unveils super-thin "Air" laptop, Web movies

Apple on Tuesday launched an aluminum-clad laptop just three-quarters of an inch thick, seeking to bring a new computer to market with the same cachet as its iPod and iPhone devices.

Apple also said it would let people rent films over the Web with upgrades to its iTunes online media store, a technological challenge to a movie industry still largely focused on DVDs.

Shares of movie rental firms Netflix and Blockbuster fell sharply in response, and Apple's own stock lost 5.5 percent since the announcements were widely expected and Chief Executive Steve Jobs failed to conjure up any big surprises.

Jobs set a high bar last year by unveiling the iPhone. In addition, many times he ends presentations with by saying, "One more thing..." as a prelude to something unexpected. This year there was none.

Still, Jobs' talents as a showman were on display when he took the stage at the annual Macworld convention in San Francisco to cheers and applause from a few thousand software developers, customers and Apple employees.

He detailed a series of new products and services but saved the laptop, dubbed the MacBook Air, for last, drawing it out of a standard manila envelope to emphasize its slim dimensions.

Jobs said the new notebook was the thinnest available, measuring 0.76 inches at its thickest point and tapering to just 0.16 inches.

Priced from $1,800, the Air bridges the gap between Apple's entry-level and high-end laptops, but analysts voiced concern that it could steal customers away from pricier products.

"It's not really clear how many more incremental buyers you can drive, and there could be some cannibalization," said Shaw Wu, an analyst with American Technology Research.

MacBook laptops have been one of the company's strongest products, with sales rising 37 percent on the year in the fiscal fourth quarter ended last September.

NEW APPLE USERS SOUGHT

Phil Schiller, Apple's vice president of marketing, said the new laptop could appeal to a large swath of customers, including business travelers, those in education and people who wanted a more attractive computer at home.

"The goal overall is to continue to grow the business, so having another product in the line helps to do that. If the mix (of customers) changes a little bit, it doesn't matter as long as we grow everything," Schiller said.

Apple stock has nearly doubled since last year's Macworld, and in late December topped $200 for the first time, driven by market-share gains by Mac computers, continued iPod strength, and enthusiasm over the iPhone, which Jobs said had sold more than 4 million units since its release last June.

Jobs showed off new iPhone features such as displaying a user's location on a map and a way to customize the main screen with icons linking directly to specific parts of a Web site.

"The iPhone is not standing still. We keep making it better and better and better," Jobs said.

But the company has struggled to find a big audience for Apple TV, a product originally designed as a Mac accessory for watching Internet video on a television and unveiled alongside the iPhone a year ago.

"It's not what people wanted. We learned what people wanted was ... movies, movies, movies," Jobs said.

A new version of Apple TV will be able to connect to the Internet directly and download TV shows, movies and music through iTunes. Viewers will be able to choose movies directly from their TVs and Apple said viewers could start watching within seconds if they had a fast Internet connection.

Jobs announced deals with all six major movie studios and several smaller ones to offer movies for rental through iTunes, with new releases costing $3.99 and library titles $2.99. High-definition movies will also be available.

The revamp of Apple TV hardware combined with a broad selection of movies would give Apple an edge over competitors such as Amazon.com Inc, Netflix and Microsoft Corp, American Technology Research's Wu said.

News Corp's 20th Century Fox, Walt Disney Co, Time Warner Inc's Warner Bros, Viacom Inc's Paramount, General Electric Co's Universal, Sony Corp's Sony Pictures, Lionsgate, MGM and New Line have all signed on to Web rentals, Apple said.

"It's too early to declare that this is going to be a big hit but this is arguably the best offering out there right now," Wu said.

Apple shares fell to $169.04, while mail rental firm Netflix Inc shed 3.2 percent, and top video rental chain Blockbuster Inc dropped nearly 17 percent.

Source

Mac Air Video

IBM to Add Software for Apple Devices

E-mail software from IBM Corp. will be available on Apple Inc. iPhones and iPod Touch devices under a new partnership that brings together two big rivals of Microsoft Corp.

IBM plans a formal announcement of the Lotus Notes e-mail package for Apple's portable devices at its Lotusphere conference in Orlando, Fla., next week. The software, which requires use of IBM's Domino e-mail server program, will be free for users who already have a Lotus Web-access license and start at $39 per year for new users.

IBM also plans to release Lotus Notes and the free Lotus Symphony "productivity" package - which includes documents, spreadsheets and other Microsoft Office-like software - for Apple's Macintosh computers.

With these moves, IBM is trying to find more avenues for its software and take advantage of Apple's natural affinity for Microsoft alternatives.

The iPhone already can connect users to Web-based e-mail services and to corporate e-mail sent over Microsoft's Exchange e-mail platform, though businesses rarely enable the setting that makes it possible.

If IBM, which counts 135 million Lotus users worldwide, can get companies to let their employees check Lotus e-mail on iPhones, the partnership could make Apple's gadget more competitive with Research in Motion Ltd.'s BlackBerry and other business-targeted smart phones.

IBM and Apple, competitors in the early years of the PC market, traditionally have not worked closely together in software, though Apple used IBM chips in some Macs for several years until ditching them in favor of Intel Corp. processors in 2005. But now the sides appreciate that "we have a lot in common," IBM spokesman Mike Azzi said. "We're going to cross-pollinate."

One reason for the distance between the two companies is the small overlap between Mac users and the big corporate customers that commonly buy products from IBM.

Now, Apple hardware has become a broader platform with the popularity of the iPhone and Web-enabled iPod Touch devices. However, Apple has delayed fully opening the devices to third-party applications; a "software developers' kit" to enable that isn't due until next month. Apple and IBM have been working together on their own.

Source

Toshiba cuts HD player prices in Blu-ray fight

Consumer electronics maker Toshiba Corp (6502.T: Quote, Profile, Research) said on Monday it is slashing prices of its HD DVD format players by between 40 to 50 percent as major Hollywood studios move to embrace Sony Corp's (6758.T: Quote, Profile, Research) Blu-ray format high definition DVDs.

Toshiba America Consumer Products said it cut prices of its HD DVD players effective January 13 to boost market adoption of its next-generation DVD players by mainstream consumers after what it said was a successful fourth quarter in unit sales.

"While price is one of the consideration elements for the early adopter, it is a deal-breaker for the mainstream consumer," said Toshiba executive Yoshi Uchiyama in a statement.

Toshiba's players will now start as low as $149 going up to $399 for the top-of-range player.

The company said it is also stepping up its marketing drive with major initiatives including joint advertising campaigns with studios and extended pricing strategies. Toshiba said it will continue with on-going promotions including five HD DVD titles for free with any of its HD DVD player.

The battle to dominate the next generation of DVD players appeared to have tipped in Sony's favor earlier this month when the biggest Hollywood studio Warner Bros, a unit of Time Warner Inc (TWX.N: Quote, Profile, Research), said it would exclusively support Blu-ray disc. It had previously supported both next-generation formats.

Analysts saw Warner Bros's move as an end to the next generation DVD war that they say has confused consumers and delayed the development of a multibillion-dollar market.

So far Toshiba has secured agreements with studios including Universal Home Video, Viacom Inc's (VIAb.N: Quote, Profile, Research) Paramount Pictures and DreamWorks Animation SKG.

But Blu-ray has support from News Corp's (NWSa.N: Quote, Profile, Research) 20th Century Fox, Walt Disney Co (DIS.N: Quote, Profile, Research) and Lions Gate Entertainment Corp (LGF.N: Quote, Profile, Research). In addition Sony's PlayStation 3 video game system can play Blu-ray movies while Microsoft Corp's (MSFT.O: Quote, Profile, Research) Xbox 360 works with HD DVD. But Microsoft said at the Consumer Electronics Show earlier this month that it could consider supporting Blu-ray technology should consumers want it.

Source