Archive for the ‘Microsoft’ Category
Intel’s Moblin 2.1 to compete with Windows
Could Intel’s new Moblin 2.1 OS make a dent against Windows in the mobile and desktop markets?
At this week’s Intel Developer Forum in San Francisco, the chipmaker debuted a beta version of its Moblin 2.1 open-source operating system targeted to run on a variety of devices, including smartphones, Netbooks, nettops, Mobile Internet Devices (MIDs), and in-car systems.
Moblin 2.1 will compete with other open-source operating systems like Google’s Android and bump up against Microsoft in the burgeoning nettop arena.
Originally developed for Netbooks, Moblin 2.1 (short for mobile Linux) will come in three flavors–one for handhelds, another for Netbooks, and a third for nettops.
http://news.cnet.com/8301-17938_105-10361563-1.html?part=rss&subj=news&tag=2547-1_3-0-20
Microsoft sets up open-source foundation
Microsoft has created the nonprofit CodePlex Foundation to target increased communication between open-source communities and software companies.
Citing an under-representation of commercial software companies and their employees in open source, the CodePlex Foundation aims to work with particular projects to bridge the gap between the open-source and commercial worlds.
The Redmond giant has contributed $1 million to the foundation and has filled out its board and advisory panel with many Microsoft staffers, including Sam Ramji, who is leaving Microsoft as its open source point man but is also becoming CodePlex Foundation’s interim president.
Unlike other open-source foundations, such as the Mozilla Foundation and GNOME Foundation, the Foundation said on its Web site that it intends to address the full spectrum of software projects.
This is an unexpected and interesting move from Redmond. Don’t think that this is completely like other open-source foundations that you may be used to, though.
Take this line from the Codeplex Foundation FAQ: “We wanted a foundation that addresses a full spectrum of software projects, and does so with the licensing and intellectual property needs of commercial software companies in mind.”
Add to this that the About page states that companies will contribute code, not patents, and that is what I think will stop the existing open-source community from going anywhere near the CodePlex Foundation.
I can’t see any patent-encumbered CodePlex project being accepted into, or contributing code into, any large existing open-source project while still having the patent specter looming overhead–it’s something that the open-source community has tried to avoid whenever possible.
But this is probably not that audience that the Foundation is aiming for–it’s more likely to target purely Microsoft companies/developers and attempt to get them to open up a little. Allowing these companies to keep their patents will make it easier for them to engage in the Microsoft ecosystem but not in the wider open source world.
http://news.cnet.com/8301-10805_3-10350671-75.html?part=rss&subj=news&tag=2547-1_3-0-20
Microsoft issues critical Windows patches
Microsoft on Tuesday issued five critical Windows-related updates as part of its monthly Patch Tuesday release.
The five bulletins address eight vulnerabilities. According to Symantec Security Response research manager Ben Greenbaum, the two vulnerabilities most likely to be used by attackers involve the way Windows handles ASF and MP3 media files. “We’ve seen similar exploits in the past and all a user would have to do is visit a compromised Web site hosting one of these malicious files, which could be an MP3, WMA or WMV file, and they could become infected.”
In addition, Microsoft said it is re-releasing a bulletin from last month to address an additional control found to be vulnerable to an issue with the Microsoft Active Template Library.
Greenbaum noted that Microsoft has yet to issue a patch for a zero-day flaw in Internet Information Services that was made public last week. “Until a patch for this is issued, as a temporary workaround we suggest IT administrators using IIS 5.0 and 6.0 turn off anonymous write access immediately,” Greenbaum said. “We also recommend using a firewall and restricting access to creating directories. Those using IIS 7.0 with FTP Service version 6.0 installed should upgrade to FTP Service version 7.5.”
There are already some attacks being seen based on that flaw.
“While the company will not release an update this month, it will do so once it has reached an appropriate level of quality for broad distribution,” Microsoft said.
Meanwhile, Microsoft said Tuesday that it is investigating another zero-day issue, this one a reported flaw in Windows Vista and Windows 7.
As for the patches Microsoft did release on Tuesday, Qualys CTO Wolfgang Kandek noted that some of the bulletins are interesting in that they either affect only newer operating systems or are more critical on later versions–the reverse of what is normally the case. Overall, he said, five Windows patches should keep IT workers busy.
“Due to the criticality of the patches and wide coverage of the operating system, this will be a busy day for IT administrators,” Qualys CTO Wolfgang Kandek said in an e-mail.
http://news.cnet.com/8301-13860_3-10346665-56.html?part=rss&subj=news&tag=2547-1_3-0-20
Windows 7, Vista zero-day flaw reported
A security researcher has said there is a zero-day vulnerability affecting Windows 7 and Vista.
The flaw in Windows 7 could allow an attack which would cause a critical system error, or “blue screen of death,” according to researcher Laurent Gaffie.
Gaffie wrote in his blog that the flaw lies in a Server Message Block 2 (SMB2) driver.
“SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionality,” wrote Gaffie in a blog post Monday.
Gaffie said he had contacted Microsoft. Comments on his blog by other users said that the flaw could lead not only to denial of service, but could also lead to remote code execution.
Computer security publication “The H” wrote on Tuesday that its German sister publication had tested the proof-of-concept code, and that while the exploit had caused a reboot on Vista, the exploit had not worked on Windows 7.
Metasploit creator HD Moore said in a tweet on Tuesday that an SMB bug appeared to have been introduced into Vista SP1. Coder Josh Goebel said in a blog post that he had added the exploit code to Metasploit.
Microsoft had not responded to a request for comment at the time of writing.
http://news.cnet.com/8301-1009_3-10346664-83.html?part=rss&subj=news&tag=2547-1_3-0-20
Report: Rivals eye Microsoft’s former Linux patents
Microsoft has at times alleged patent infringement in its attempts to stifle certain Linux-based applications. But one group is hoping to fight back by using Microsoft’s own former patents.
The Open Invention Network (OIN), a group made up of Microsoft competitors and Linux advocates,said it’s close an agreement to buy 22 patents that Microsoft sold to another organization earlier this year. According to Tuesday’s Wall Street Journal, the patents may relate to Linux.
The OIN believes that getting these patents is critical to protecting Linux developers from costly lawsuits, according to the Journal. The concern is that otherwise the patents could be grabbed by patent trolls, which will then try to make money from patent-infringement lawsuits.
The group that currently owns the patents, Allied Security Trust, buys them to protect its members from lawsuits. Composed of such companies as Google, Hewlett-Packard, Verizon Communications, and Cisco Systems, Allied Security Trust bought the patents in a private auction held by Microsoft. The Journal reports that Microsoft presented the patents to potential bidders as relating to Linux.
Microsoft has said that it holds more than 50,000 patents, according to the Journal, and that it believes 200 of those are violated by Linux applications.
Over the past few years, Microsoft has signed deals with several open-source companies in which they pay Microsoft money to protect themselves from intellectual property claims.
The OIN’s goal is to promote and protect Linux by using patents that allow for free and open collaboration. The group says its patents are available to any company or individual that agrees not to assert those patents against Linux. The idea is to help developers use Linux without having to worry about violating existing patents.
The OIN is trying to use such cases as the recent lawsuit between Microsoft and GPS-maker Tom Tom to prevent similar actions against Linux-based apps. Although Tom Tom settled with Microsoft, the OIN is concerned that the case may establish a precedent.
Started in 2005, the OIN counts among its members IBM, Sony, and Red Hat. Over the years, other powerhouses have joined, including Oracle, Google, and most recently Tom Tom.
http://news.cnet.com/8301-10805_3-10346439-75.html?part=rss&subj=news&tag=2547-1_3-0-20