During the recent Black Hat security conference, the Mozilla Foundation publically released an open-source application security testing tool. Security fuzzers are software tools that test an application for problems like buffer overflows, format string vulnerabilities and error handling. Mozilla worked with Microsoft, Apple, and Opera before making their JavaScript fuzzer widely available in order to reduce the possibility that the tool might be used to expose vulnerabilities in the companies' browsers. Mozilla has been using it to detect and fix dozens of security bugs in Firefox, according to Window Snyder, head of Mozilla's product security.

The same security tool was used by Opera Software to find and patch what the company is calling a "highly severe" bug in its flagship browser. Opera noted in an advisory that the flaw could allow a hacker to execute code on the victim's machine. A virtual function call on an invalid pointer, which may reference data crafted by the attacker, can be used to execute arbitrary code. Opera Software released Opera V9.23 to fix the problem. The company publicly thanked Mozilla for providing them the JavaScript fuzzer.

News source: InformationWeek

Amid criticism for its allegedly unreliable voting machines, Diebold Inc. said today that it has failed to sell its voting technology business, which manufactures voting booths used in elections across the country. Instead, the company has decided to allow the unit to operate more independently, giving it a separate board of directors that includes independent members and perhaps a new management structure. Diebold also slashed its revenue outlook $120 million for the year for the unit because of delays by several states in purchasing voting equipment and said that will cut the company's earnings by 27 cents per share for the year; the delays come from uncertainties over federal requirements, state reviews of the issue, and earlier 2008 primary dates, according to the company.

In a statement, Diebold claimed that it made the decision to reorganize the voting unit in part because of "the rapidly evolving political uncertainties and controversies surrounding state and jurisdiction purchases of electronic voting systems." However, the company did not rule out the possibility of later selling part or all of its ownership in the realigned unit. "While we plan to fully support this business for the foreseeable future, we feel a more independent structure should allow it to operate more effectively," said Thomas W. Swidarski, president and chief executive.

View: Full Story on SiliconValley.com

The leak of the first service pack for WIndows Vista, imaginatively named SP1, means that we get to hear about the improvements before it gets a real release. APCMag reviewed a leaked copy of the software, and found that it's pretty much your standard service pack fare: a bunch of bug fixes and noticeable performance tweaks. The only new feature is an option to create a recovery disk, along with a crapload of new install packages for Vista's components, with no readily apparent changes. So, what's Microsoft waiting for? Get it out the door already!

The Australian Communications and Media Authority (ACMA) has fined DC Marketing Europe for "serious breaches" in the 2003 Spam Act - where the maximum penalty is $149,600.

ACMA has said that DC Marketing Europe had breached the act 102 times, all in July & August last year. DC Marketing Europe had place short, small calls on mobile phone users, placing a missed call message. When users called up the number, they were given marketing messages from the company.

"The missed call marketing messages sent out by DC Marketing were unsolicited, did not identify the sender and did not contain an unsubscribe facility, each of which is a breach of the Spam Act," ACMA said.

This is the largest fine imposed on the company within the Spam Act. The second largest was issued last month to Pitch Entertainment Group, trading as Splash Mobile, sent 1 million SMS messages to users without a unsubscribe feature. It was fine $11,000.

The maximum fine for multiple breaches is $1.1 million a day.

Adobe has issued 3 critical system updates for it's popular Flash program, with one designed to stop a problem in a way Flash interacts with browsers, which could result in users' key strokes transmitted to the attacker.

Adobe Flash Player versions 9.0.45.0, 8.0.34.0 and 7.0.69.0, and all previous versions running in all operating systems, are affected. According to Secuina, "An input validation error can be exploited to execute arbitrary code when a user e.g. visits a malicious website." This problem effects version 9.0.45.0 and earlier.

Flash Player version 7.0.69.0 and earlier running on Solaris or Linux, malicious attackers could exploit the interaction between the player and certain browsers. This could potentially lead the keystrokes being leaked from the player. Version 9 is not affected.

Flash Player version 8.0.34.0 and earlier contain a bug due to insufficient HTTP referrer validation, and can be used to execute a cross-site forgery attack. Flash Version 9 is not affected.

Adobe recommends that people upgrade to Version 9.0.37.0 for Windows and Macs and 9.0.38.0 for Linux and Solaris. For the other two, Adobe has recommended that people upgrade to Flash Player 9.

A brand new auction site is now selling exploits. WabiSabiLabi, run by WSLabs, will allow exploit finders to sell their findings to people. This is to stop the findings being sold to the virus code writers. CNET News.com has more information about this story...

A hacker has managed to penetrate an e-mail server at the Pentagon, leading over 1,500 email accounts offline. A spokesman said that the server did not contain top secret information. Few details were available about the cyber attack.

After a few hours of it's release on Windows; vulnerabilities have been found in the code, with denial-of-service attacks and two issues that would allow an remote execution of a script. I'm not that surprised, since it's a beta; but it comes from Apple...

Meanwhile, Webware has this interesting 'rant' about why Mac apps on Windows suck... A very interesting read, but oh so true...