Security experts have discovered vulnerabilities in OpenOffice.org that could allow attackers to remotely execute code on Linux, Windows or Apple Mac-based computers. OpenOffice version 2.0.4 and earlier versions are vulnerable to maliciously crafted TIFF files, which can be delivered in an e-mail attachment, published on a Web site or shared using peer-to-peer software. The next version of OpenOffice (version 2.3) arrived on September 17 and is not affected by the flaw. The vulnerability was discovered by researchers at iDefense, who claim that the OpenOffice TIFF parsing code is flawed.

“When parsing the TIFF directory entries for certain tags, the parser uses untrusted values from the file to calculate the amount of memory to allocate. By providing specially crafted values, an integer overflow occurs in this calculation. This results in the allocation of a buffer of insufficient size, which in turn leads to a heap overflow,” the iDefense team reported last Friday. TrustDefender co-founder Andreas Baumhof said: “This vulnerability allows someone to execute malicious code on your computer. It’s an OpenOffice bug so it doesn’t matter what type of operating system you run; it allows you to run malicious software with the same rights as the user who runs OpenOffice.” “At this stage, it’s only confirmed on Linux,” Baumhof said. “But typically it would affect all operating systems. The only difference with Linux and Windows is that home users typically run Windows as the administrator.”

View: Full Story
News source: ZDNet News

Adobe has joined a growing list of firms offering web-based alternatives to conventional office programs. The software developer has acquired the online word processor Buzzword, which allows users to create and share text documents on the web. Similar programs are already offered as elements of other free office software suites from Google, ajax13 and Zoho.

Microsoft has also announced a new web feature for its Office suite which lets people access documents online. Microsoft Office Live Workspace is currently being offered as free test, or “beta”, software. “Office Live Workspace will provide anywhere-access to Office documents, including Word, Excel and PowerPoint files,” said Jeff Raikes, president of Microsoft’s Business division. “In other words, these documents will go wherever people go when they’re away from their usual desktop.”

People using the new feature will be able to post documents directly to an online workspace where friends or colleagues can be invited to collaborate on a document.

View: Full article
News source: BBC News

Looking at the Gateway One, it’s pretty easy to see where Gateway found their inspiration. At first glance, the thing almost looks like an iMac that fell into some glossy black paint. This is one of the few times, though, where one should look past the obvious copy cat design and look at what the system has to offer.

One of the most obvious details that Gateway loves to point out is the idea of only one single wire running out of the back of your PC. The One uses a single power cable which runs to a larger brick. The power brick has a trick up its sleeve, however. The power brick is home to an Ethernet connection and four USB connections (additional to the three present on the main unit of the One) which are designed to be used with more permanent connections such as a printer or whatever else the kids are connecting these days. It’s a nice idea that can become handy very quickly.

Hey, I have currently opened a RapidShare account and hosted it on http://rapidshared.stormx.info/

Now I need subscribers to it, with the premium account, you can download as much as you want because I have lifted the 25GB 5 day limit. We currently have subscribers but if you guys could help us out it would be great. If you subscribe your premium account username & password will be emailed to you, it’s a great deal for 49 cents for 5 days.

Please help us out, thanks

Microsoft Corporation Chief Executive Officer Steve Ballmer received a $1.3 million pay cheque ($620,000 in salary and a $650,000 bonus) for fiscal 2007, a year which ended June 30 and in which profit at the world’s largest software maker topped $14 billion. Microsoft gave Ballmer a modest $6,750 in matches to his 401K retirement plan and approximately $3,000 worth of life insurance and athletic club memberships. Ballmer, who owns about 4.3% of Microsoft’s shares, received no equity compensation. He didn’t exercise any stock options or vest any stock awards during the year, the company said in the Securities and Exchange Commission filing.

Microsoft’s compensation committee “believes that Mr. Ballmer is underpaid for his role and performance,” according to the filing. Microsoft did not say what Bill Gates was paid in salary and bonus during the year. Gates, who owns about 9.3% of Microsoft shares, did not receive any stock-based compensation. The SEC requires companies to report the compensation details for a handful of highest-paid executives, and Microsoft said Gates’ salary and bonus fell below those of Ballmer, Chief Financial Officer Christopher Liddell and three other executives.

News source: Mercury News

Joining the ranks of the fifth-generation iPod, Apple’s iTunes Store is now selling Tetris, Ms. Pac-Man and Sudoku available for the third-generation iPod nano and the iPod classic. Apple CEO Steve Jobs first indicated that the new iPods would be able to play games at Apple’s “The Beat Goes On” special event held in San Francisco, and said that the games would be available in a few weeks. Users who have already downloaded these games for their fifth-generation iPods need to buy them again for the new iPod nano or iPod classic. So far, only the above mentioned three games have been reworked with the new devices – it is expected that the other downloadable games available for fifth-generation iPods will soon hit the online store.

News source: PC World

On Friday at around 8:40 p.m. EDT, Symantec Corporation sent an e-mail with the subject “DeepSight Increased ThreatCon from 1 to 4 Alert” to enterprise customers of Symantec’s DeepSight advanced alert system. ThreatCon uses a 1-through-4 scoring system and according to the company’s own definition, Level 4 is reserved for those times when “extreme global network incident activity is in progress. Implementation of measures in this Threat Condition for more than a short period probably will create hardship and affect the normal operations of network infrastructure.”

Symantec has never set ThreatCon to Level 4 and even a Level 3 is rare. In the body of the e-mailed alert, however, careful readers found the words: “Summary: threatcon test threatkhanh otrs” buried among several links. The alert was a false alarm, Symantec said just over an hour later in a follow-up message at 9:45 p.m. EDT. “The DeepSight Threat Management System is NOT at ThreatCon 4. At 18:40 MST on September 21, 2007 an erroneous ThreatCon 4 update was issued through DeepSight TMS due to product testing. This ThreatCon 4 update should be disregarded.”

News source: ComputerWorld

If all goes well, the next time your phone dies at a friend’s house you’ll no longer be left cursing the gods regarding the lack of standards for USB phone cables.

Last week, at the Open Mobile Terminal Platform, mobile phone manufacturing leaders such as Nokia, Samsung, Motorola, Sony Ericsson and LG discussed the future of phone charging and data exchange. The companies agreed to adopt a new USB standard called Micro-USB, hopefully putting an end to the mess of incompatible proprietary power connectors that has plagued the cell phone industry for years. The move will likely be first implemented in next year’s cell phone designs. The Micro-USB standard was develop early this year and introduced by the USB Implementers Forum (USB-IF), the group responsible for new USB standards.

Until a new standard is adopted, consumers will finally be able to use their old charger when they purchase a new phone. Companies will no longer have to pay for part of the user disposal and recycling fees for chargers as certain environmental laws worldwide have forced them to do in the past. Another financial benefit for the cell phone companies is that they won’t have to include a charger with phones they sell, possibly cutting a major cost. This will in turn allow for smaller, lighter phone boxes, which will cost less to ship and store. Overall, both companies and consumers should end up spending less money once the new standard is implemented.

News source: DailyTech

Legislation in the US Senate which would limit damages for patent infringement and allow patents to be more easily challenged has sparked protests among some inventors. Dean Kamen, inventor of the Segway and holder of 440 patents, was one of a group of inventors who have testified to the US Senate against the proposed law. The bill is being supported by Microsoft and Cisco, which claim that they are at the mercy of companies that own a patent on small portions of much larger applications and use this to reap substantial pay outs. Kamen, however, warned that the legislation, if passed, would be disproportionately harmful to inventors.

“You do not shut down the national pastime of baseball because some players are using steroids,” Kamen told the San José Mercury News. “You can go after ‘trolls’ and other bad actors without unintended consequences that are harmful.”

View: Full Story on vnunet.com

Citgroup has confirmed that it’s investigating a data breach involving the names, Social Security numbers and credit information of 5,208 customers inadvertently leaked by an employee of its ABN Amro Mortgage Group unit onto the LimeWire peer-to-peer file-sharing network. Ad Tiversa, a company that monitors P2P networks on behalf of clients, told eWEEK that it found Excel spreadsheets from the desktop of a financial analyst ABN Amro Mortgage Group running LimeWire. Although Tiversa found over 10,000 files, deduplication revealed only 5,208 unique Social Security numbers, along with names and what type of mortgage each customer had: conventional, 30-year or conforming, for example.

The information is likely to have been exposed to millions of LimeWire users, given that there are at least 10 million nodes online in a P2P file-sharing network at any point in time, said Chris Gormley, Tiversa’s chief operating officer. “As an identity thief, [that gives you] the keys to [those individuals'] digital life,” Gormley said. According to a Dow Jones Newswire report, the ABN employee responsible for posting the data signed up last year to use a LimeWire-like P2P service and inadvertently exposed not only the spreadsheet but also personal documents, including her resume and a Travelocity confirmation of a family trip. The woman told the news service that she was laid off this summer and wasn’t aware of the breach before Dow Jones contacted her on Sept. 20.

View: Full Story on eWeek