Microsoft was aware months ago of a critical security vulnerability well before hackers exploited it to breach Google, Adobe and other large U.S. companies but did not patch the hole until Thursday.
The software giant had intended to release a patch for the flaw in February — more than four months after learning about it — but had to speed up that plan and roll it out this week in the wake of news that Google and others had been hacked through the flaw, the world’s largest software maker acknowledged Thursday.
Meron Sellen, a security researcher at BugSec, an Israeli firm, quietly reported the vulnerability to Microsoft in September, according tosecurity firm Kaspersky.
Microsoft confirmed it learned of the so-called “zero-day” flaw months ago.
According to Microsoft, “An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
The flaw, which primarily affected IE6, allowed hackers to download malware to employee computers to gain access to intellectual property at Google, as well as information connected to Gmail users. It’s unknown what the hackers obtained from some 33 other companies — hi-tech, financial and defense — that were also targeted in the attack.
Although Microsoft recognized the severity of the flaw at the time Sellen reported it, the company held off releasing a patch so it could be included in a cumulative update for IE planned next month, the company said.
A zero-day flaw is a vulnerability for which there is currently no patch. It’s also a flaw that is generally unknown to the software vendor, which gives hackers who may be aware of the flaw a jump on developing malware to exploit it.
It’s unknown if other companies were breached through the flaw prior to the high-profile hacks disclosed last week. Most companies are unwilling to acknowledge a breach, let alone provide public details about how they were hacked.
Google disclosed last week it discovered in mid-December that it had been hacked in an attack originating from China, about three months after Microsoft learned of the vulnerability. Adobe followed Google, announcing it, too, was hacked. Security firm iDefense said it had information that at least 34 companies were breached in the coordinated attack.
On Thursday, meanwhile, Microsoft released a cumulative security update for Internet Explorer that fixes the flaw, as well as seven other security vulnerabilities that would allow an attacker to remotely execute code on a victim’s computer.
“Our investigation into this responsibly reported vulnerability began early September,” Jerry Bryant, senior security program manager for Microsoft, said in a statement. “As part of this investigation we began working on an update to help protect customers. We became aware of the recent attacks in mid-January and as part of our investigation determined the vulnerability being used in these attacks was similar to the one investigated in September.”
We know you were put off by the whole Twittercensorshipdebacle last month, but Microsoft and the Zune HD have moved past that (honest) and they want you to come along as well. They’re enticing everyone to forget about that bone-headed move by, well, throwing everyone a bone and adding in Xvid support, part of full compatablity with MPEG-4 part 2 Advanced Simple Profile. DivX will not be coming out to play, but Smart DJ will be, a feature that isn’t so much new but is newly portable, providing a counterpoint to the iPod’s Genius and, since you can use it to stream content from the Zune Marketplace (when connected via WiFi) it begins to approach the functionality of apps like Pandora or Slacker Radio. Tasty, indeed, though at this point we’re not sure when Microsoft will be throwing us this juicy firmware update.
It makes sense to release your mostly-theoretical (so far, anyway) desktop OS-based slider handset with the world’s newest and best version of Windows, but when your slider handset is dubbed “xpPhone” things become a bit more muddled. But that’s the word from Pocketables, who’s been in touch with ITG and learned that the MID / phone will not only ship with a Windows 7 option, but also be available in 4.3-inch, 4.8-inch and 7-inch screen sizes. There’s also rumors of price ranging from $500 to $700, but what we’d really like at this point is a bit of a demo of this thing in action — especially now that there’s a similar ViewSonic-branded device breathing down its neck.
First of all, what is Cloud Computing?
These days, there is so much buzz around cloud computing! The problem is that majority of people out there talking about it can’t define it. They refer to terms like “distributed,” “clusters,” “parallel processing” but ask them to define the purpose and you’ll have them at a loss. FYI Buzz word killers - The purpose of cloud computing is to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software.
Definition of Cloud computing from Wikipedia, the free encyclopedia…
Cloud computing is Internet-based (”cloud”) development and use of computer technology (”computing”). The cloud is a metaphor for the Internet (based on how it is depicted in computer network diagrams) and is an abstraction for the complex infrastructure it conceals. It is a style of computing in which IT-related capabilities are provided “as a service”, allowing users to access technology-enabled services from the Internet (”in the cloud”) without knowledge of, expertise with, or control over the technology infrastructure that supports them. According to a 2008 paper published by IEEE Internet Computing “Cloud Computing is a paradigm in which information is permanently stored in servers on the Internet and cached temporarily on clients that include desktops, entertainment centers, table computers, notebooks, wall computers, handhelds, sensors, monitors, etc.”
Cloud computing is a general concept that incorporates software as a service (SaaS), Web 2.0 and other recent, well-known technology trends, in which the common theme is reliance on the Internet for satisfying the computing needs of the users. For example, Google Apps provides common business applications online that are accessed from a web browser, while the software and data are stored on the servers.
So where does Washington & GE fit in?
Currently, more than 500,000 business and organizations utilize a cloud computing platform for SaaS & Utility Computing. And Washington has decided to ink a deal with Google that plans to move 38,000 municipal employees over to Google Apps. The agreement was signed in June 08 at an estimated cost of $500,000 per year. Included in this all-access-pass for Washington - Gmail, Google Docs, Google Video (for business…yeah?) and Google Sites.
Meanwhile, GE inked a deal with ZOHO (http://www.zoho.com) for use of their collection of online apps.
The real question that you should ask - where does Microsoft stand and what do they have up their sleeve? While the big dog (MS) may be content with the success of their offline Office Suite, right now, what’s going to happen if ‘Cloud Computing’ continues to take off like we all hope it does?
For all of you waiting on the release date for Xbox 360’s creepy avatar dashboard, look no further. It has been announced that we will be able to play, create and scroll around with the new software on November 19th, 2008.
The design looks promising, yet extremely juvenile. We just wonder what MS was thinking when they decided on this route. Considering most 360 gamers are 20 - 25.
However, who are we to complain; the dashboard did need a graphical update since day one.
Do you have an Xbox 360 & a bunch of Hi-Def MKV files that you cannot play on it?
Well if you do, and if you would like to stream your Hi-Def movies, follow this excellent guide.
Thanks to Chris Lynch for creating such a great guide to converting MKV to WMV-HD. His original forum post on http://www.xbox-scene.com can be foundhere
What does this guide do?
It shows the average/experienced computer user how to convert their MKV files to WMV-HD (5.1), using Windows XP or Vista.
Why would you want to do this?
The Xbox 360 is a great piece of hardware (sans red ring of death), that has the ability to consolidate your multimedia experience. However, MS has limited the soft-features available for your use. Whether or not this is because of legal issues or if MS has a master plan for the 360; it’s annoying!
Download the guide here and convert to your hearts content.
