James Williams

Microsoft Tuesday released six patches that address 15 vulnerabilities. Windows exploit code coming "There are three vulnerabilities this month that target a listening service. Here's a look at what security experts are saying about the vulnerabilities, patches and what should concern users.

While none of them are likely to considered great candidates for exploit, they are worth noting as they all primarily affect the enterprise. While Web Services on Devices affects Vista and Server 2008, the attack vector requires that you be on the local subnet, meaning the home user is unlikely to see any real risk."- Tyler Reguly, senior security engineer for nCircle "MS09-066 affects corporate networks as it addresses a vulnerability in Active Directory. It is unlikely that the home user will be running a license logging server or have Active Directory up and running. A successful exploit can result in denial-of-service on the system. All operating systems other than Windows 2000 require valid credentials to send a specially crafted packet. This vulnerability will be difficult to exploit though.

If an attacker already had valid credentials, they would do more damage than a denial-of-service attack on a server. A specially crafted packet sent to a Windows 2000 machine can result in an unresponsive machine that requires an unscheduled reboot."- Jason Miller, data and security team leader for Shavlik Technologies "The Embedded OpenType font kernel vulnerability [MS09-065] is the most serious in our opinion. For Windows 2000 servers, like MS09-064, these machines should be patched immediately. Not only is proof-of-concept exploit code publicly available, but all that's required of a user to become infected by it is simply viewing a compromised Web page. Symantec isn't seeing any active exploits of this in the wild yet, but we think attackers will be paying a lot of attention to it in the future."- Ben Greenbaum, senior research manager at Symantec Security Response. "One of the nice things that you will see today is that Windows 7 and Windows Server 2008 are not affected by any of these patches."- Richie Lai, director of vulnerability research for Qualys Follow John on Twitter: http://twitter.com/johnfontana

Nemetschek North America released the 2010 versions of its Vectorworks line of design software. Building on the integration of the Parasolid 3D modeling core in version 2009, the 2010 edition adds bi-directional associativity features and an intuitive, 3-D modeling environment that features unified views and easy-to-use 3-D snapping for accurate modeling. Tuesday's announcement includes new versions of Designer, Architect, Landmark, Spotlight, Machine Design, Fundamentals, and Renderworks. Vectorworks 2010 also extends Nemetschek's relationship with Siemens PLM Software by integrating the D-Cubed 2D Dimensional Constraint Manager (2D DCM) into the software.

The major improvement in version 1.1 is the addition of Optical Character Recognition (OCR) technology, including support for ten different languages. The VectorWorks Web site lists all of the more than 80 new features in the new 2010 version as well pricing information.-Jackie Dove OCR technology added in Prizmo update Creaceed on Tuesday announced Prizmo 1.1, an update to its image-processing application that allows people to scan documents using a digital camera. Users can save the resulting file in a number of formats, including PDF, RTF, and text, and the contents are indexable by Spotlight. An Intel Mac or PowerMac G5 with at least 64MB of VRAM is required, with 128MB of VRAM recommended. Prizmo 1.1 requires Mac OS X 10.5.8 or later, and is compatible with Mac OS X Snow Leopard. A license for Prizmo costs $40.-Dan Moren Wolfram announces webMathematica 3 Wolfram Research updated webMathematica, adding new performance and development capabilities for its technology for adding dynamic content to the Web. webMathematica 3 integrates both Mathematica 6 and 7 with the latest Web server technology, making the tool ideal for creating Web sites where users compute and visualize the results directly in their browsers.

Pricing information for webMathematica 3 is available by contacting Wolfram.-Philip Michaels Black Ink update offers bug fixes Black Ink 1.1.7, the latest version of Red Sweater Software's crossword puzzle-solving application, was released on Thursday. Other changes in webMathematica 3 include expression language and custom tags that provide a more concise way to call to Mathematica from Web pages; a queuing system that executes long-running or asynchronous computation jobs; support for Wolfram Workbench; a new configurable logging system for tracking different types of errors; the ability for users to write REST and SOAP Web services; and improvements to the kernel monitor and kernel interaction. The update fixes problems with getting puzzles from the Chronicle of Higher Education, removes the now defunct Sydney Morning Herald source, and fixes a number of bugs, including one that could cause downloads to stop working until the app was relaunched. Black Ink requires Mac OS X 10.4 or later and costs $25 for a license.-DM There are also a number of improvements to multi-character answer support.

SAN DIEGO - One of the most striking enterprise products on display at this year's DEMOfall show has been HP's Skyroom videoconferencing software that combines instant messaging capabilities with high-definition video streaming. Even more interesting was the software's ability to create windows on their desktops where they can drag and drop pictures, audio files and video files that the person on the other end of the videoconference will then see on their own screen. During the product's demonstration at DEMOfall Tuesday, HP workstation global business unit vice president and general manager Jim Zafarana showed how users can simply click on names displayed on their Skyroom buddy lists to start impromptu HD videoconferences.

During the demonstration, Zafarana received a streaming trailer for the film "Monsters, Inc." after his friend dropped it into the Skyroom conference window. So when I purchase HP Skyroom, I'm not paying for any additional equipment? Slideshow: 13 hot products from DEMOfall '09 After his presentation, Zafarana sat down with Network World to discuss Skyroom's system and bandwidth requirements, its security features and its ability to integrate with existing enterprise chat protocols. I'm only paying for software? You have to meet the minimum system requirements of having a 2.3 GHz Intel Core Duo processor, and your machine has to run on Windows XP or Vista.

Yes. We're planning on having a version that runs on Windows 7 out in November. One of my colleagues in Boston, for instance, has fiber-to-the-home and he uses a VPN to hook onto the HP network and conference with us using Skyroom. We're targeting business customers and this software can really be optimized through company networks, whether it's an onsite network or a VPN with a good network connection. How fast of a data connection do you need to make Skyroom effective? If you have a one-on-one conference, then it's a 1Mbps requirement for high-quality video and you can dial down the quality to make it work at around 500Kbps.

It depends on what you're doing. If you do things such as video and picture sharing it'll take up more bandwidth. Is this designed for people who want to talk to people in other companies, or is it just for coworkers who want to collaborate? With the Monsters, Inc. video clip I shared today during the demonstration, for instance, I was probably adding 5Mbps to the requirements. At this point it only allows for intra-company conferencing. The bits traveling over the network are encrypted at 256Kbps and they can only go through a VPN or a secure corporate network, so it's pretty secure.

What are its security features? How much does Skyroom cost? Additionally, every new HP desktop workstation will ship with Skyroom as a complementary part of the entire package. The pricing model we have now is $149 per user for a license to use the software and there's no subscription fee. How do I add "buddies" to my Skyroom videoconferencing list?

If you have corporate Microsoft infrastructure with Office Communicator, for instance, it will pull your Office Communicator buddy list into Skyroom and all your colleagues on that list will show up as available for you to connect to as long as they have Skyroom installed. There are multiple ways for you to populate your buddy list. You can also use other communication software products such as Jabber Server, to leverage you buddy list into HP Skyroom. Any plans on expanding that? And finally, Skyroom currently limits that number of people who can participate in an HD videoconference to four. Obviously we could do that in the future but we're not talking about that at this point.

The Federal Communications Commission and the US Department of Transportation are teaming up to develop what they called high-tech solutions to the growing problem of distracted or inattentive drivers. NetworkWorld Extra: Seven advanced car technologies the government wants now The DOT recently showed research findings by the National Highway Traffic Safety Administration (NHTSA) that show nearly 6,000 people died in 2008 in crashes involving a distracted or inattentive driver, and more than half a million were injured. The DOT and FCC said they will set up a working group to evaluate technology-based answers to the distracted driving problem and will improve outreach efforts to educate the public about the dangers of texting while driving, talking on cell phones while driving, and other distracting behavior that can lead to deadly accidents, the agencies stated.

On any given day in 2008, more than 800,000 vehicles were driven by someone using a hand-held cell phone. "Across the board, federal researchers who have directly observed drivers of all ages found that more and more people are using a variety of hand-held devices while driving – not just cell phones, but also iPods, video games, Blackberrys and GPS systems. Cell phones and texting are now the primary means of communication for many people, especially young adults. In particular, cell phone use for talking and texting is now more prevalent on our nation's roads, rail systems and waterways, carrying a dangerous potential for accidents," the NHTSA stated. NHTSA's research shows that the worst offenders are the youngest drivers: men and women under 20 years of age, the NHTSA stated. "We now know that the worst offenders are the youngest, least experienced drivers," said Transportation Secretary Ray LaHood in a speech recently. "Unfortunately though, the problem doesn't end there. We must work together to find solutions that will prevent crashes caused by driver distraction." In a recent speech, LaHood noted a number of actions the DOT is undertaking in the areas it can most change quickly: Make permanent restrictions on the use of cell phones and other electronic devices in rail operations; Ban text messaging altogether, and restrict the use of cell phones by truck and interstate bus operators; Disqualify school bus drivers convicted of texting while driving, from maintaining their commercial driver's licenses.

Distracted driving occurs across all age groups and all modes of transportation, from cars to buses and trucks to trains. He also called on state and local governments to work with to reduce fatalities and crashes by making distracted driving part of their state highway plans, and by passing state and local laws against distracted driving in all types of vehicles—especially school buses. The House recently approved the Advanced Vehicle Technology Act of 2009 with a goal of developing a wide range of scientific advances for cars including technology that could help with the problem if it can get out of the labs fast enough. On a technology level what can these agencies do? For example, an onboard computer system to monitor driving characteristics such as unsafe driving behavior. Such a system would monitor speed; following behavior; attention/inattention; fatigue symptoms; and general safety.

According to a DOT report, feedback from such a system can be supplied to drivers in real-time or in the case of a commercial driver, provide carrier management a view into its driver's behavior. Crash avoidance technologies could mitigate negative effects of drivers using cell phones or other distracting devices but drivers using a portable touch-screen phone and examining a dashboard screen image at the same time could be further distracted, the Government Accountability Office noted in a report last year. Representatives of the automobile industry have said that consumer training in the use of new technologies could be key to maximizing safety benefits, the GAO stated. Such systems could also create complacency that could exacerbate dangers.

As the end of 2009 creeps up upon us, the search engines are starting to release some interesting data. Ask has just published its top search questions of 2009, taking into account all the actual queries typed into that little white box. Google, AOL, and Yahoo all recently revealed Michael Jackson to be the top search term of 2009. Other hot search commodities for the year included "Facebook," "Twitter," and - thank you, fellow gentlemen - "Megan Fox." Now, thanks to a newly released list by Ask.com, we're getting even more entertaining insights.

So what's the world been wanting to know? How do I get pregnant? Here's an intriguing (and at times disheartening) glimpse into our collective curiosities. I think we can all agree: If you have to search the Internet for the answer, you probably shouldn't be trying in the first place. Step 1: Put down the sticky bun and get your lazy arse off the computer. How can I get a six-pack fast?

What is a 3G network? What is love? I'll take questions asked by AT&T for $500, Alex. Think they were wanting a literal answer, or just searching for a clip from Night at the Roxbury? And what kind of Web sites have you been visiting lately, pal?

How do I delete my cookies? Eh? Eh? How do I make a Web site? Nevermind. Just head over to Geocit...oh, wait. Who am I? For the sake of the last guy, let's hope you're a Web designer.

Um, do you really have to ask? Is Adam Lambert straight? Does my crush love me? Is he Adam Lambert, and are you a girl? That all depends. Which came first, the chicken or the egg?

Quick, someone call Sergey. Sounds like one of those cryptic Google interview questions. When will the world end? NOW. No? Oh well. Right... Was worth a shot.

Ninety-seven percent of those searches were made by that guy from the Spin Doctors. What time is it? Why is the sky blue? Last I checked, it was 1-800-STOP-STALKING. When should I give my child a cell phone? Close runner-up: "Why is the screen of death black?" What is Miley Cyrus' phone number?

Not until he stops trying to track down Miley's number...the perv. Okay, this last one wasn't actually on the list. Where the hell is Jeeves? But I'd really like to know. You can keep up with him on Twitter: @jr_raphael. JR Raphael is co-founder of geek-humor site eSarcasm.

The FCC convened this morning and voted to move forward with formalizing net neutrality guidelines. The FCC has already imposed net neutrality principles in past decisions such as banning broadband Internet provider Comcast from throttling peer-to-peer networking traffic. The vote was unanimous, including Republican Commissioners Robert McDowell and Meredith Attwell Baker, and initiates the process of debating the proposed rules before any net neutrality policy is actually implemented. Without a formally sanctioned set of rules though, such decisions could be seen as arbitrary or capricious.

Of course, in Washington DC today there are distinctly partisan battle lines involved in where to eat lunch or what color the sky is, so I suppose that should come as no surprise. When FCC chairman Julius Genachowski first announced his intention to pursue formalizing net neutrality, it did not take long to see that there are distinctly partisan battle lines involved. Still, it was a little shocking that within hours of Genachowski's statement regarding net neutrality GOP lawmakers had already filed an amendment (later retracted) to prohibit the FCC from pursuing it. This week AT&T was accused of astroturfing- creating a fake grassroots movement- by encouraging employees to voice their concerns on the FCC web site using their own personal email addresses. In the weeks between Genachowski's initial statement and today's vote the lobbying pressure and the rhetoric in the media have been relatively constant from net neutrality opponents. Proponents of net neutrality were not as vocal until more recently.

Verizon didn't completely defect, but it did break ranks with other broadband and wireless providers when it issued a joint statement with Google expressing agreed upon common ground for governing net neutrality. A coalition of 30 tech-focused venture capitalists, under the banner of the Open Internet Coalition, sent an open letter to Genachowski just yesterday urging support for net neutrality rules. Perhaps it's a reflection of the new partnership forged between Verizon and Google to develop Android-based mobile handsets like the upcoming Droid. Canada upheld the right of providers to 'manage' the traffic on their networks, but within certain guidelines. Just yesterday the Canadian government ruled on its version of net neutrality. It also stipulated that traffic throttling should be a measure of last resort.

Comcast talked about how the Internet has thrived without net neutrality, while tacitly admitting that it is only because of the threat of net neutrality that it has played by the rules. I maintain that net neutrality rules are essential. AT&T reversed its position on allowing VoIP over its wireless network and pointed to that decision as evidence that the industry can police itself, while not-so-subtly demonstrating that the new policy was a direct attempt to influence the net neutrality debate. If they thought they could act with impunity, they would. The bottom line is that the providers only treat consumers right and do the right thing because of government oversight or the threat of it.

Comcast is rumored to be pursuing a stake in NBC- would that give them the right to provide preferential bandwidth to NBC web content and throttle the other networks? Tony Bradley is an information security and unified communications expert with more than a decade of enterprise IT experience. There is simply too much convergence and overlap creating conflicts of interest to allow the industry to police itself. He tweets as @PCSecurityNews and provides tips, advice and reviews on information security and unified communications technologies on his site at tonybradley.com.

In the beginning there was e-mail. The network was devoid of PCs. So all e-mail was accessed via a terminal and a command line interface. And e-mail was run on a Unix server.

E-mail management a mighty struggle for US agencies So, by some current definitions, e-mail began as a "cloud" application. And, since network-based storage was expensive and local storage was inexpensive, thus began a logical move to downloading e-mail from the network and storing it on local devices/media. Then came the PC. And along with the PC, came local storage. Now, many of us use our e-mail archives as a primary record-keeping mechanism, and our historical e-mail files are perhaps our most precious resource. Whether your primary e-mail is a part of a corporate network or simply your personal copy, odds are darn good that you have your e-mail set to delete the messages from the server as soon as they are downloaded to the PC. And even a copy of the e-mails may still exist somewhere in the bowels of the IT department, recovering these e-mails is a major issue.

But what happens if the e-mail files are not backed up regularly? This issue hit really close to home this week when one of our associates had a crashed hard drive on an almost-new notebook. At this point, we could start yet another rant about how we all need to have current backups, and how corporate networking departments need to somehow enforce a policy of regular backups for all materials on the users' notebooks. And, of course, all of the e-mail archives were on that disk – with no recent backup. But that would simply be "preaching to the choir." Instead, we would like to offer a different solution. This has the advantage of potentially recovering not only the correspondence itself, but also the vast majority of important files.

Had our associate been using a network-based service, such as Gmail, then all of the e-mail would be "safe." In fact, this is exactly how our associate is now rebuilding everything. After all, virtually every file of any import is sent and/or received via e-mail. In the meantime, we invite you to join the discussion of this topic at TECHNOtorials. In the next newsletter, we'll look at some of the advantages and disadvantages of the use of public and/or private "cloud" services for e-mail. Com.