At the Black Hat conference in Las Vegas, Charlie Miller and Collin Mulliner will present their findings about a possible SMS vulnerability present on many platforms, including the iPhone, Android and Windows Mobile. Apparently, most of the SMS vulnerability involves unexpected data, and it looks like SMS is not tested thoroughly because it’s expensive to send messages. It sounds dumb (carriers could send free test messages no?), but hey, why not.
Read more »
Microsoft has finally convinced Yahoo to use its search engine (Bing) in the web’s most trafficked property. For Microsoft, this will be a great way to show its search engine, Bing, to a large internet audience. Yahoo will be able to stop spending in search-related items, including R&D, and expects the deal to boost its annual profit by $500M. Yahoo will continue to sell ads for the Bing-powered Yahoo Search, but also for Bing.com.
If Yahoo stops its efforts on search, will it be able to come back in 10 years, when the deal ends? It seems unlikely, but Yahoo still has the option to use a core team of engineers to research the subject, without any operational hindering.
Read more »
About a year after Microsoft Corp.’s hostile, contentious and unsuccessful bid to buy Yahoo Inc., the two companies appear set to join forces to take on a common rival - Google Inc.
The Wall Street Journal reported tonight that Microsoft and Yahoo are hours away from announcing a search and online advertising deal. According to Kara Swisher, a blogger for The Wall Street Journal, negotiations have been successfully wrapped up on a deal that is expected to have Microsoft’s search technology used on Yahoo sites.
This new Microsoft-Yahoo partnership could give the two companies some much-needed leverage in their ongoing - and until now, separate - battles to chip away at Google’s stranglehold on the search market. With Carol Bartz still new at the helm of Yahoo and focused on making the once-online-pioneer hip and fresh again, and Microsoft’s Bing search service only a few months old, neither company has been able to make a noticeable dent in Google’s well-polished, and well-funded, armor.
Read more »
Who would’ve thought that something as ordinary as a scale would end up with Wi-Fi functionality? The Withings Wi-Fi Body Scale not only looks as though it came out from some sort of science fiction movie, it is also very capable of beaming your current weight and body fat measurements to a Web dashboard, where the latter can be accessed via a free iPhone application.
Read more »
The emergency patches Microsoft plans to rush out this week will fix a flaw that runs through several critical components of Windows and an unknown number of third-party applications, according to a pair of security researchers.
On Tuesday, Microsoft will slap a permanent patch on a video streaming ActiveX control used by Internet Explorer (IE), addressing a vulnerability that it has known about, but not fixed, for more than a year. Two weeks ago, Microsoft issued a “kill bit” update that, rather than address the underlying problem, disabled the ActiveX control to stymie attacks that were already in progress. It’s also slated a fix for Visual Studio, Microsoft’s popular development platform.
Although Microsoft has not spelled out exactly what it will patch with the two “out-of-band” updates — the term for security updates released outside the company’s once-a-month schedule — earlier this month researchers pointed fingers at the Active Template Library (ATL), a code “library” used not only by Microsoft’s own developers, but also by third-party software programmers to access some features within Windows.
Two German researchers — Thomas Dullien, the CEO and head of research at Zynamics GmbH, and Dennis Elser — dug into the bug within the ActiveX control, the “msvidctl.dll” file, that streams video content. They found that it stemmed from a simple programming mistake in a function called “ATL::CComVariant::ReadFromStream.”
“Instead of passing a pointer to a data buffer to IStream::Read, it took the address of a (small) local variable, and passes this address as output buffer to IStream::Read, along with a length read from the stream previously,” said Dullien, who goes by the moniker “Halvar Flake” when writing about security vulnerabilities. “Somebody clearly got confused,” he added in a blog entry posted July 9.
The result? Although Microsoft shut off current attacks against the ActiveX control, the programming mistake is present in several other Windows files — at least five in XP, at least 13 in Vista — including ones crucial to IE, Windows Media Player and Terminal Services.
“The bug is actually much ‘deeper’ than most people realize,” said Dullien, “[and] the kill-bit fix is clearly insufficient, as there are bound to be many other ways of triggering the issue.”
Additionally, said Dullien and Elser, third-party developers may have used the same flawed library to create their own applications. “The bug might have weaseled its way into third-party components, if anyone outside of Microsoft had access to the broken ATL versions,” said Dullien. “If this has happened, Microsoft might have accidentally introduced security vulnerabilities into third-party products.” Dullien claimed that older versions of Adobe’s Flash contained the vulnerability.
Read more »
Motorola has just released its latest Motodev kit that enables developers to obtain early access to tools and programs, allowing such folks to gain an early lead when it comes to developing and programming new applications for Motorola’s future Google Android devices. Inside Motodev one will find the App Accelerator Program and Motodev Studio for Android Beta.
Read more »
Microsoft has offered to provide a choice of Web browsers with its upcoming Windows 7 operating system to ease concerns of competition regulators in the European Union, the EU’s competition authority confirmed Friday.
Microsoft proposed including a “ballot screen” that would make it easy for Windows 7 users to install a competing Web browser, set it as the default and disable Internet Explorer (IE), the European Commission said in a statement. PC makers would also be able to install competing Web browsers and disable IE.
“The Commission welcomes this proposal, and will now investigate its practical effectiveness in terms of ensuring genuine consumer choice,” it said.
Read more »
