James Williams

Microsoft Tuesday released six patches that address 15 vulnerabilities. Windows exploit code coming "There are three vulnerabilities this month that target a listening service. Here's a look at what security experts are saying about the vulnerabilities, patches and what should concern users.

While none of them are likely to considered great candidates for exploit, they are worth noting as they all primarily affect the enterprise. While Web Services on Devices affects Vista and Server 2008, the attack vector requires that you be on the local subnet, meaning the home user is unlikely to see any real risk."- Tyler Reguly, senior security engineer for nCircle "MS09-066 affects corporate networks as it addresses a vulnerability in Active Directory. It is unlikely that the home user will be running a license logging server or have Active Directory up and running. A successful exploit can result in denial-of-service on the system. All operating systems other than Windows 2000 require valid credentials to send a specially crafted packet. This vulnerability will be difficult to exploit though.

If an attacker already had valid credentials, they would do more damage than a denial-of-service attack on a server. A specially crafted packet sent to a Windows 2000 machine can result in an unresponsive machine that requires an unscheduled reboot."- Jason Miller, data and security team leader for Shavlik Technologies "The Embedded OpenType font kernel vulnerability [MS09-065] is the most serious in our opinion. For Windows 2000 servers, like MS09-064, these machines should be patched immediately. Not only is proof-of-concept exploit code publicly available, but all that's required of a user to become infected by it is simply viewing a compromised Web page. Symantec isn't seeing any active exploits of this in the wild yet, but we think attackers will be paying a lot of attention to it in the future."- Ben Greenbaum, senior research manager at Symantec Security Response. "One of the nice things that you will see today is that Windows 7 and Windows Server 2008 are not affected by any of these patches."- Richie Lai, director of vulnerability research for Qualys Follow John on Twitter: http://twitter.com/johnfontana

Nemetschek North America released the 2010 versions of its Vectorworks line of design software. Building on the integration of the Parasolid 3D modeling core in version 2009, the 2010 edition adds bi-directional associativity features and an intuitive, 3-D modeling environment that features unified views and easy-to-use 3-D snapping for accurate modeling. Tuesday's announcement includes new versions of Designer, Architect, Landmark, Spotlight, Machine Design, Fundamentals, and Renderworks. Vectorworks 2010 also extends Nemetschek's relationship with Siemens PLM Software by integrating the D-Cubed 2D Dimensional Constraint Manager (2D DCM) into the software.

The major improvement in version 1.1 is the addition of Optical Character Recognition (OCR) technology, including support for ten different languages. The VectorWorks Web site lists all of the more than 80 new features in the new 2010 version as well pricing information.-Jackie Dove OCR technology added in Prizmo update Creaceed on Tuesday announced Prizmo 1.1, an update to its image-processing application that allows people to scan documents using a digital camera. Users can save the resulting file in a number of formats, including PDF, RTF, and text, and the contents are indexable by Spotlight. An Intel Mac or PowerMac G5 with at least 64MB of VRAM is required, with 128MB of VRAM recommended. Prizmo 1.1 requires Mac OS X 10.5.8 or later, and is compatible with Mac OS X Snow Leopard. A license for Prizmo costs $40.-Dan Moren Wolfram announces webMathematica 3 Wolfram Research updated webMathematica, adding new performance and development capabilities for its technology for adding dynamic content to the Web. webMathematica 3 integrates both Mathematica 6 and 7 with the latest Web server technology, making the tool ideal for creating Web sites where users compute and visualize the results directly in their browsers.

Pricing information for webMathematica 3 is available by contacting Wolfram.-Philip Michaels Black Ink update offers bug fixes Black Ink 1.1.7, the latest version of Red Sweater Software's crossword puzzle-solving application, was released on Thursday. Other changes in webMathematica 3 include expression language and custom tags that provide a more concise way to call to Mathematica from Web pages; a queuing system that executes long-running or asynchronous computation jobs; support for Wolfram Workbench; a new configurable logging system for tracking different types of errors; the ability for users to write REST and SOAP Web services; and improvements to the kernel monitor and kernel interaction. The update fixes problems with getting puzzles from the Chronicle of Higher Education, removes the now defunct Sydney Morning Herald source, and fixes a number of bugs, including one that could cause downloads to stop working until the app was relaunched. Black Ink requires Mac OS X 10.4 or later and costs $25 for a license.-DM There are also a number of improvements to multi-character answer support.

SAN DIEGO - One of the most striking enterprise products on display at this year's DEMOfall show has been HP's Skyroom videoconferencing software that combines instant messaging capabilities with high-definition video streaming. Even more interesting was the software's ability to create windows on their desktops where they can drag and drop pictures, audio files and video files that the person on the other end of the videoconference will then see on their own screen. During the product's demonstration at DEMOfall Tuesday, HP workstation global business unit vice president and general manager Jim Zafarana showed how users can simply click on names displayed on their Skyroom buddy lists to start impromptu HD videoconferences.

During the demonstration, Zafarana received a streaming trailer for the film "Monsters, Inc." after his friend dropped it into the Skyroom conference window. So when I purchase HP Skyroom, I'm not paying for any additional equipment? Slideshow: 13 hot products from DEMOfall '09 After his presentation, Zafarana sat down with Network World to discuss Skyroom's system and bandwidth requirements, its security features and its ability to integrate with existing enterprise chat protocols. I'm only paying for software? You have to meet the minimum system requirements of having a 2.3 GHz Intel Core Duo processor, and your machine has to run on Windows XP or Vista.

Yes. We're planning on having a version that runs on Windows 7 out in November. One of my colleagues in Boston, for instance, has fiber-to-the-home and he uses a VPN to hook onto the HP network and conference with us using Skyroom. We're targeting business customers and this software can really be optimized through company networks, whether it's an onsite network or a VPN with a good network connection. How fast of a data connection do you need to make Skyroom effective? If you have a one-on-one conference, then it's a 1Mbps requirement for high-quality video and you can dial down the quality to make it work at around 500Kbps.

It depends on what you're doing. If you do things such as video and picture sharing it'll take up more bandwidth. Is this designed for people who want to talk to people in other companies, or is it just for coworkers who want to collaborate? With the Monsters, Inc. video clip I shared today during the demonstration, for instance, I was probably adding 5Mbps to the requirements. At this point it only allows for intra-company conferencing. The bits traveling over the network are encrypted at 256Kbps and they can only go through a VPN or a secure corporate network, so it's pretty secure.

What are its security features? How much does Skyroom cost? Additionally, every new HP desktop workstation will ship with Skyroom as a complementary part of the entire package. The pricing model we have now is $149 per user for a license to use the software and there's no subscription fee. How do I add "buddies" to my Skyroom videoconferencing list?

If you have corporate Microsoft infrastructure with Office Communicator, for instance, it will pull your Office Communicator buddy list into Skyroom and all your colleagues on that list will show up as available for you to connect to as long as they have Skyroom installed. There are multiple ways for you to populate your buddy list. You can also use other communication software products such as Jabber Server, to leverage you buddy list into HP Skyroom. Any plans on expanding that? And finally, Skyroom currently limits that number of people who can participate in an HD videoconference to four. Obviously we could do that in the future but we're not talking about that at this point.

The Federal Communications Commission and the US Department of Transportation are teaming up to develop what they called high-tech solutions to the growing problem of distracted or inattentive drivers. NetworkWorld Extra: Seven advanced car technologies the government wants now The DOT recently showed research findings by the National Highway Traffic Safety Administration (NHTSA) that show nearly 6,000 people died in 2008 in crashes involving a distracted or inattentive driver, and more than half a million were injured. The DOT and FCC said they will set up a working group to evaluate technology-based answers to the distracted driving problem and will improve outreach efforts to educate the public about the dangers of texting while driving, talking on cell phones while driving, and other distracting behavior that can lead to deadly accidents, the agencies stated.

On any given day in 2008, more than 800,000 vehicles were driven by someone using a hand-held cell phone. "Across the board, federal researchers who have directly observed drivers of all ages found that more and more people are using a variety of hand-held devices while driving – not just cell phones, but also iPods, video games, Blackberrys and GPS systems. Cell phones and texting are now the primary means of communication for many people, especially young adults. In particular, cell phone use for talking and texting is now more prevalent on our nation's roads, rail systems and waterways, carrying a dangerous potential for accidents," the NHTSA stated. NHTSA's research shows that the worst offenders are the youngest drivers: men and women under 20 years of age, the NHTSA stated. "We now know that the worst offenders are the youngest, least experienced drivers," said Transportation Secretary Ray LaHood in a speech recently. "Unfortunately though, the problem doesn't end there. We must work together to find solutions that will prevent crashes caused by driver distraction." In a recent speech, LaHood noted a number of actions the DOT is undertaking in the areas it can most change quickly: Make permanent restrictions on the use of cell phones and other electronic devices in rail operations; Ban text messaging altogether, and restrict the use of cell phones by truck and interstate bus operators; Disqualify school bus drivers convicted of texting while driving, from maintaining their commercial driver's licenses.

Distracted driving occurs across all age groups and all modes of transportation, from cars to buses and trucks to trains. He also called on state and local governments to work with to reduce fatalities and crashes by making distracted driving part of their state highway plans, and by passing state and local laws against distracted driving in all types of vehicles—especially school buses. The House recently approved the Advanced Vehicle Technology Act of 2009 with a goal of developing a wide range of scientific advances for cars including technology that could help with the problem if it can get out of the labs fast enough. On a technology level what can these agencies do? For example, an onboard computer system to monitor driving characteristics such as unsafe driving behavior. Such a system would monitor speed; following behavior; attention/inattention; fatigue symptoms; and general safety.

According to a DOT report, feedback from such a system can be supplied to drivers in real-time or in the case of a commercial driver, provide carrier management a view into its driver's behavior. Crash avoidance technologies could mitigate negative effects of drivers using cell phones or other distracting devices but drivers using a portable touch-screen phone and examining a dashboard screen image at the same time could be further distracted, the Government Accountability Office noted in a report last year. Representatives of the automobile industry have said that consumer training in the use of new technologies could be key to maximizing safety benefits, the GAO stated. Such systems could also create complacency that could exacerbate dangers.