Just days after patching a critical flaw in its Internet Explorer browser, Microsoft is now warning users of a serious bug in its SQL Server database software.
Microsoft issued a security advisory late Monday, saying that the bug could be exploited to run unauthorized software on systems running versions of Microsoft SQL Server 2000 and SQL Server 2005.
Attack code that exploits the bug has been published, but Microsoft said that it has not yet seen this code used in online attacks. Database servers could be attacked using this flaw if the criminals somehow found a way to log onto the system, and Web applications that suffered from relatively common SQL injection bugs could be used as stepping stones to attack the back-end database, Microsoft said.
Desktop users running the Microsoft SQL Server 2000 Desktop Engine or SQL Server 2005 Express could be at risk in some circumstances, Microsoft said.
The bug lies in a stored procedure called “sp_replwritetovarbin,” which is used by Microsoft’s software when it replicates database transactions. It was publicly disclosed on December 9 by SEC Consult Vulnerability Lab, which said it had notified Microsoft of the issue in April.
“Systems with Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008 are not affected by this issue,” Microsoft said in its advisory.
This is the third serious bug in Microsoft’s software to be disclosed in the past month, but it is unlikely to be used in widespread attacks, according to Marc Maiffret, director of professional services, with The DigiTrust Group, a security consulting firm. “It is rather low risk given other vulnerabilities that exist,” he said via instant message. “There are a lot of better ways to currently compromise windows systems.”
After seeing the Internet Explorer flaw used in a growing number of online attacks, Microsoft rushed out an emergency patch for the issue last Wednesday. The company says it has also seen “limited and targeted attacks” exploiting a serious bug in the WordPad Text Converter for Word 97 files. As with the SQL bug, this WordPad converter vulnerability has not been patched, but is a prime candidate to be fixed in Microsoft’s upcoming January 13 security updates.
Read the rest of this entry »
Posted in Microsoft, Security, Software | No Comments »
Google has taken the aggressive step of advising some of the people using its Gmail webmail to use Chrome or Firefox rather than Internet Explorer.
When users log into their Gmail using Internet Explorer a red text link appears at the top right of the page saying ‘get faster Google Mail.’
If you click on the link then you are taken through to a Google answers page that suggests that you should use a faster browser.
The suggestions it makes are Google’s own Chrome browser or Firefox 3.0.
We suggest you upgrade
“Browsers are getting faster and better at running web applications like Google Mail that use browser technology to its limits. In order to get the best Google Mail experience possible, we suggest that you upgrade your browser to one of the fastest Google Mail supported browsers that work on Windows,” reads the text.
There is a proviso that IE8 is being worked on ‘Note: A faster version of Internet Explorer, IE8, is in development and available in a beta release.’
Although not all users appear to be affected in our early investigation, at first glance it is a particularly aggressive approach from Google.
To actively push two browsers over the currently dominant Internet Explorer is far from the normal Google softly, softly approach – especially in a week where Internet Explorer has been beset by news of a major security problem.
It seems, however, that Google is only pushing users to the other browsers if they are currently using Internet Explorer 7. Those that are using Internet Explorer 6 are told to upgrade to either Chrome, Firefox or Internet Explorer 7 for a faster Google service.
Whether this is a silly overview on Google’s part or an active push away from Internet Explorer by the search kings remains to be seen.
What is for sure, is that Google is sending out mixed messages to its users, depending on what version of browser they are using.
Read the rest of this entry »
Posted in Google, Internet, Microsoft, Mozilla, Software | No Comments »
The Nintendo Wii took the #1 spot in eBay’s 2008 tech toys and gadgets top list, with over 2 million related items sold on the site. The Xbox360 was next at 1.3 million, followed by the Sony PSP and iPod touch.
The full list is below.
1. Nintendo Wii: 2,056,866 related items sold
2. Microsoft Xbox360: 1,297,903 related items sold
3. Sony PSP: 350,591 related items sold
4. iPod Touch: 281,361 related items sold
5. Nintendo Wii Fit: 266,584 related items sold
6. Apple iPhone 3G: 212,837 related items sold
7. BlackBerry Pearl: 207,688 related items sold
8. BlackBerry Curve: 193,788 related items sold
9. Sony Playstation 3: 103,333 related items sold
10. Guitar Hero III: 98,159 related items sold
11. Halo 3: 91,067 related items sold
12. Grand Theft Auto IV: 43,005 related items sold
13. MacBook Air: 12,423 related items sold
14. Guitar Hero Aerosmith: 3,749 related items sold
15. Rock Band 2’s: 1,650 related items sold
Read the rest of this entry »
Posted in Gaming, Hardware | No Comments »
