By Gregg Keizer
October 9, 2008

A popular Firefox add-on designed to block scripts and plug-ins has been updated to stymie the new "clickjacking" class of attacks, the extension's developer said today.

The latest version of NoScript, a free extension for Mozilla Corp.'s Firefox browser, now boasts something that Italian developer and security researcher Giorgio Maone calls "ClearClick" to protect users from clickjacking attacks. "Rather than relying on frame/plug-in blocking, which were already available, I decided to move on and add a brand new feature, developed from scratch, for people who couldn't bear blocking frames outright," said Maone in an interview conducted via instant messaging.

In a blog post earlier this week, Maone spelled out what ClearClick does in greater detail. "Whenever you click or otherwise interact, through your mouse or your keyboard, with an embedded element which is partially obstructed, transparent or otherwise disguised, NoScript prevents the interaction from completing and reveals [to] you the real thing in 'clear,'" he said.

At that point, users can decide for themselves whether to continue clicking, or free up the mouse from the underlying -- and potentially exploitive -- content. Clickjacking, which was coined just last month by a pair of American researchers -- Robert Hansen of SecTheory LLC and Jeremiah Grossman of WhiteHat Security Inc. -- describes attacks in which hackers and scammers hide under the cover of a legitimate site, then use that cover to disguise clicks.

by Ryan Naraine
October 9th, 2008 @ 4:12 pm

It will be a very busy Patch Tuesday for administrators managing Microsoft Windows computer systems. According to Microsoft’s advance notice mechanism, 11 security bulletins will drop next Tuesday (October 14, 2008), covering a wide range of serious vulnerabilities.

Four of the 11 bulletins are rated “critical,” meaning that those vulnerabilities can be exploited to launch remote, code execution attacks. The four “critical” bulletins apply to the widely deployed Internet Explorer browser, Active Directory, Microsoft Excel and Host Integration Server. Six of the bulletins will be rated “important” and will provide fixes for a range of Microsoft Windows operating system vulnerabilities.

The final bulletin, rated “moderate,” will provide patches for an information disclosure bug in Microsoft Office. This month will see the first appearance of the previously announced Exploitability Index, a new Microsoft initiative aimed at attempting predictions on whether exploit code will be released.

This index will attempt to predict if a vulnerability is likely to have functioning exploit code released, or have inconsistent exploit code released that wouldn’t work every time an attacker attempted to used it. We’ll even highlight vulnerabilities where we think it’s unlikely that functioning exploit code will ever be released.

October 9, 2008
By Elizabeth Montalbano

Just as the U.S. enters the last weeks of a heated presidential campaign, Microsoft's Live Labs group has launched a Web-based application that offers up what it considers to be the political articles and documents getting the most recent attention and discussion among Web users.

The Live Labs Political Streams application, according to Microsoft, "mines social media content in real time for political discussion," according to a site listing facts about the application. Political Streams gathers data from blogs, Usenet newsgroups and Freebase, an open, shared online database, to highlight news articles and documents that are getting the most attention from -- and generating the most discussion among -- Web users, according to Microsoft.

It also showcases information about people and places in those articles. "This related information gives a broader context, allowing the user to understand how both the mainstream and social media are discussing an issue, person or place," Microsoft said on the site. Political Streams is built on top of Social Streams, another Live Labs project that indexes social media from around the Web that is found on blogs, newsgroups, discussions and news sites.

Formed about two years ago, Live Labs is Microsoft's research arm for creating new Internet technologies. The company created it in response to Google and other Web 2.0 companies that, unencumbered by Microsoft's size and software legacy, are able to create and release new Web-based applications faster than Microsoft could otherwise do.

By Nick Farrell
10 October 2008, 9:20 AM

GOOGLE'S NEW satellite has sent its first picture back to Earth in a successful test of its camera. The high-resolution color image from GeoEye-1, which was launched on September 6, was of Kutztown University campus in Pennsylvania. We have no idea what was so special about the University but you can see the snap here.

It was taken while the satellite was in a 423-mile-high orbit over the East Coast of the United States. Apparently it is not as good as it gets as the satellite has yet to be calibrated. While the fact that the satellite is being used by Google is getting all the attention, GeoEye-1's main client is the US government's mapping arm, the National Geospatial Intelligence Agency.

GeoEye-1's government client will receive higher resolution photos than commercial clients such as Google. Still, it will be of a higher resolution and better quality than what is currently available on Google Maps and Google Earth.

by Joe McKendrick
October 9th, 2008 @ 7:58 pm

At many organizations right now, SOA is a “technology predicated death march,” according to Jim “World Wide Webber, a speaker at this week’s International SOA Symposium in Amsterdam. A death march? That’s because organizations think they can move into SOA methodologies by buying technology.

He said there are two things money can’t buy: One is love, even when it involves Heather Mills McCartney. The other thing money can’t buy is SOA, he said. At this week’s , Jim “World Wide Webber” expounded on his view that SOA, pure and simple, will trump more expensive and complicated middleware every time. Jim doesn’t shy away from controversy.

The problem, Jim said, is that many organizations have purchased and installed Enterprise Service Buses, which looked like an appealing mechanism for straitening out middleware tangles. However, what eventually happens is ESBs – which he branded as “Erroneous Spaghetti Boxes” – become part of the middleware problem as well, he says.“ESBs are not SOA,” he said.

“They wrapped 1990s expensive proprietary stuff and sold it as a 21st Century solution.” Rather, SOA itself is the solution, he explained. “It forces us to think about the business processes we want to support.” Companies need to consider is tackling all the issues with security, reliable messaging, and transactions with standard Web services protocols, he said.

by Jonathan Skillings
October 9, 2008 9:08 PM PDT

Maybe it's advice he heard from a career counselor at Harvard and took to heart: Do what you love, and the money will follow. For now, what Mark Zuckerberg wants most for Facebook is to see it grow and grow and grow some more, without too much fretting over the bottom line.

In an interview with a blogger for the German newspaper Frankfurter Allgemeine Zeitung, Facebook's co-founder and CEO minced no words on the matter: "Growth is primary, revenue is secondary." Of course, it could be less a philosophical matter than a practical one for a site that's still sketching out its plans for making money to match its popularity.

And bless his heart, even in a tanking global economy, Zuckerberg suggests there's plenty of time for that. He elaborates: But what every great Internet company has done is to figure out a way to make money that has to match to what they are doing on the site. I don't think social networks can be monetized in the same way that search did. But on both sites people find information valuable.

I'm pretty sure that we will find an analogous business model. But we are experimenting already. One group is very focused on targeting; another part is focused on social recommendation from your friends. In three years from now we have to figure out what the optimum model is.

By David Chartier
October 09, 2008 - 08:45PM CT

Yahoo must have adopted a strange new policy of putting acquisitions to good use, exhibited in its latest form by the announcement of Yahoo Web Analytics.

Marketed as "an enterprise site analytics tool," the private beta of Yahoo Web Analytics reveals a clear initial focus on business and commercial web sites, and some unique features could give competitors like Google a run for their money. Yahoo Web Analytics is the result of Yahoo's April acquisition of IndexTools, a web analytics software provider geared toward online marketing.

With such a quick turnaround into a Yahoo product, albeit as a private beta for Yahoo's 150,000 small- to medium-size business web site customers, it's clear that Yahoo is gunning to gain share in a market it arguably should have been neck-deep in years ago. Yahoo's choice to acquire IndexTools and the upcoming features in Yahoo Web Analytics also speak loudly for how badly the company wants a piece of the market.

Specifically, Yahoo Web Analytics boasts "near real-time" data aggregation and visualization, which—if true—will be a significant leg up on Google Analytics' typical 8- to 12-hour turnaround time. In addition to faster data, Yahoo will also provide all analytics data in raw form, instead of a periodic aggregation of things like total visitors to a page.

Editors Note - AVG targeted this file as infected but no other anti-malware package in our testings did. Files of this type are often hit by false positives and we are certain the AVG hit is a false positive. if you have any concerns, do not download this file.

Process Lasso is a unique new technology intended to automatically restrain running processes that are consuming too many CPU cycles. Often times, processes that are 'out-of-control' can bring an NT system to a near halt. Once one or more processes have become CPU resource hogs, termination of the offending process(es) is very difficult since it is nearly impossible to even open the task manager. With Process Lasso, these processes are temporarily reduced in priority so that the system is returned to a responsive level. Process Lasso can even work when multiple processes are responsible for a decrease in system responsiveness.

This version is freeware, but a PRO version is available for $19.95 at the authors site.

Author: Bitsum Technologies
Date: 2008-10-09
Size: 413 KB
License: Freeware
Requires: Win 2K/03/XP/Vista

Publisher's Description:

RegBench is a small utility to benchmark your system registry. It is a console mode utility and emits console and XML output, the latter of which can be shown in a web browser automatically. At present it does NOT have a GUI for general user use and it is in the ALPHA stage of development. If you are not familiar with console mode utilities, you are not advised to download this utility at present.

Latest Changes:

* Early technology preview to assess user interest. This version is ONLY for users able to use a console mode utility

Released: October 9, 2008
Publisher: Bitsum Technologies
License: Freeware
OS Support: Windows 2003/2008/NT/Vista/XP
Uninstaller?: No
Skin Support?: No

OpenOffice is a free, Open Source alternative to MS Office with a Word compatible word processor, a complete Excel compatible spread sheet program and a Power Point like presentation software and drawing program and also allows to save to PDF file.

In addition, OpenOffice offers enhanced printing capabilities and options for direct connection with external email programs as well as form-letter management to send letters to addresses from a database.

Author: OpenOffice.org
Date: 2008-10-09
Size: 127 MB
License: Freeware
Requires: Win All

Publisher's Description:

Ace Utilities is a collection of system maintenance utilities to keep your system in good shape. Your computer will boot faster, and run applications smoothly. It helps you delete internet cache, cookies, temp files, visited page history, and all other recent document info.

Latest Changes:

* A new GUI
* New 'Disk Analysis' module
* Support for Google's Chrome browser

Released: October 1, 2008
Publisher: Hari
License: Shareware; $29.95 to buy
Limitations: Yes; 30 day timeout
OS Support: Windows 2000/2003/Vista/XP

By Jacqui Cheng
October 09, 2008 - 05:05PM CT

Hate on the kiddies and their SMS speak all you want, but text messaging is taking off among the masses. AT&T has released data from two studies it recently commissioned, showing that both families and romantic partners are using SMS more and more to communicate.

Parents think texting with their kids makes them cool, while lovestruck texters are finding themselves using SMS to flirt and send romantic notes. We'll start with the families. AT&T conducted 1,048 online interviews with parents and 1,022 online interviews with children and young adults to get a feel for their usage patterns.

They found that 76 percent of parents feel that their children are more likely to keep them abreast of their activities through text messaging than other methods. 73 percent said that their kids were more likely to respond to a text message than other methods of communication, and a full half of parents feel that texting with their kids makes them "cool." Kids, of course, love text messaging.

Large majorities feel that it's easier to communicate with friends this way and keep their parents up-to-date on their activities (84 percent and 82 percent, respectively). 48 percent of kids said that texting was a better use of their time than calling. I'll be honest: I wish my parents would text me too. "Texting is sometimes the easiest way to keep track of my kids," stated mother Janet Sturley.

By Nancy Gohring
October 9, 2008

Micron Technology Inc. and Intel Corp. plan to shut down their joint production of NAND flash memory from a plant in Boise, Idaho, and Micron plans to lay off about 15% of its workforce in another sign that the economic meltdown is taking its toll on some tech companies.

The moves are a result of a combination of lowered customer demand and product oversupply in the market, Micron said in a statement. Intel and Micron, through their IM Flash Technologies joint venture, were supplying NAND flash memory from Micron's Boise facility. The shutdown will reduce the joint venture's NAND flash production by about 35,000 wafers per month, in the factory using 200-millimeter manufacturing lines, per month.

IM Flash Technologies also has a facility in Lehi, Utah, which has 300-millimeter manufacturing lines. Micron's 15% workforce reduction will occur over the next two years and will primarily affect employees at the Boise facility. According to Micron's Web site, the company has 22,600 employees worldwide. Companies in the NAND flash market have struggled all year due to oversupply that has kept prices low.

Despite the oversupply, some vendors including Hynix and Samsung have continued to build new factories that make NAND flash products, further exacerbating the problem. Micron expects that expenses related to the restructuring will reach about $60 million. In a statement, the company's chairman and CEO Steve Appleton said that Micron is in a strong position relative to competitors but that it is not immune to the difficult global economic conditions affecting the market.

By Paul Taylor
09 October 2008, 8:48 AM

A NAS SERVER is a thing to behold, in particular when it does just about everything you can imagine for your network. Olin, over at Benchmark Reviews had a go at Synology’s DS408, a 4-drive SATA RAID with Gigabit Ethernet. It’ll serve up just about anything and, considering the 4x1.5GB units used, 53W in load seems pretty thrifty.

The $800 bill might not, but the only thing it doesn’t do, that comes to mind, is email serving. Get the skinny on the DS408, here. MSI’s HD 4670 gets a going-over at TweakTown. The card performs just like its other brand siblings – in other words ‘very well for the price’ and even gets to show its strength in Crossfire. Good silent cooling, but a lack of TV connectivity (no HDMI) knocks it out as an HTPC card candidate, tho’. Get the article, here.

Driverheaven found gold in Gainward’s HD 4870 1GB. That’s right, the Golden Samples are back – the cherry-picked, non-reference babies of the Gainward stable. Well as per the tradition, Gainward ripped off the reference cooler and put in a new one, overclocked the GPU and added a bit of RAM. You now get 1GB of GDDR5@1GHz, which really gives the card an edge at 2560x1600 resolutions.

It’s still a close race with the GTX 260 Core 216, though, but it handles itself brilliantly in hi-res, AA/AF scenarios. Good stuff. Bit-Tech is debuting its DDR3 reviews in grand style with some 2x2GB G.Skill - ‘standard’ and GT1s (with RAMOrb) – and Corsair’s own DDR3 (with DHX Cooling) kits. Some serious overclocking going on there, but G.Skill takes the cake in performance and Corsair in value. Everyone’s a winner here.

by Adrian Kingsley-Hughes
October 9th, 2008 @ 6:29 am


The Inquisitr is reporting that Apple is getting ready to release its first sub-$1,000 computer - an $800 notebook.

According to the source, Apple retail stores have been given price sheets that list 12 price points for the new range, with prices between $800-$3100. Current lines only have 8 price points, 3 Macbooks starting at $1099, 3 Macbook Pros and 2 Macbook Airs. According to the source, retail outlets usually get the price lists 10 days before products hit the market. Technical specs for the new laptops were not included on the price sheet.

If this turns out to be true, then this is a clear sign that Apple is looking to broaden its customer base in an attempt to try to make itself more resistant to the effects of consumers tightening their belts. Quick word of caution though - the idea that an Apple store would get pricing information for a new product so far in advance seems fishy to me. This information, if real, is coming to Duncan Riley from a much higher level than a store drone.