Apple security update patches critical DNS flaw

Apple on Thursday released Security Update 2008-005, patching a critical DNS (Domain Name Server) flaw that other companies began fixing on July 8. The DNS fix is among 13 items updated in the security release.

First reported by Dan Kaminsky of IOActive, the DNS flaw would allow an attacker to introduce forged DNS information into the cache of a caching nameserver. The end result of the attack, known as cache poisoning, is that a visitor to a Web site is redirected to wherever the attacker choses to send them.

BIND has been updated in the security release to version 9.4.2-P1, which implements source port randomization to improve resilience against cache poisoning attacks.

Apple’s Data Detectors Engine in Mac OS X has been updated to fix a problem that caused a user viewing maliciously crafted messages with Data Detectors to experience an unexpected application termination.

Running the “Repair Permissions” could allow a local user with emacs to run commands with system privileges. The update corrects the permissions applied to emacs in the Repair Permissions tool. This issue does not affect Mac OS X 10.5 or later.

Issues with OpenLDAP and OpenSSL where a remote attacker may be able to cause an unexpected application termination have both been addressed. Rsync has been updated to fix a problem that would allow files outside the module root to be accessed or overwritten remotely.

Mac OS X 10.5 users get a new version of PHP with this security update, which fixes multiple vulnerabilities, the most serious of which may lead to arbitrary code execution, according to Apple.

QuickLook also got updated to fix a problem that happened if a user downloaded a maliciously crafted Microsoft Office file causing an unexpected application termination or arbitrary code execution.

The Open Scripting Architecture was updated so local users could not execute commands with elevated privileges.

Apple Security Update Security Update 2008-005 is available from the software update mechanism in Mac OS X or from Apple's Web site.

From : http://www.macworld.com/

Technorati Tags: Mac OS

Nokia eyes Asia with boost in venture capital

Nokia
will put a solid portion of a new $150 million contribution to its
direct venture capital fund to back companies in India and China,
according to Chief Financial Officer Rick Simonson, who said Nokia
Growth Partners has preformed "as well or better than we expected"
since its 2004 inception. The fund has backed startups whose
innovations -- such as mobile payments and camera technologies -- could
help Nokia. Yahoo! (07/31)

From : http://www.smartbrief.com/

Asus Announces Two More Atom-powered Subnotebooks

Asus knows its subnotebooks are fashionable, and the company's preparing to offer two new models of its popular Eee PC lineup.

Set for a 2008 release, the two new models, Ultimate and Pro Fashion,
will feature dual-core Intel Atom processors and expanded storage
capacities. Asus president Jerry Shen told Digitimes that one of the
models (it's unclear which) will have a four-to-five hour battery life
and include a 10.1-inch, 32GB solid state driven and a widescreen LED
backlit panel. This model, estimated to cost between $700 and $900, is expected to arrive September.

The Ultimate and Pro Fashion will be Asus's fourth and fifth
subnotebook models featuring Inte's power-efficient Atom processors designed specially for smaller devices.
The Eee PC 901 introduced in June 2008 was Asus's first notebook to use this
chip.

Asustek preps launch of Ultimate and Pro Fashion Eee PCs; prices to hit US$700 or more [Digitimes] (Thanks, Dylan!)

From : http://blog.wired.com/

Google Working On a Formal VC Arm

Google has done a number of
strategic investments over the years, and usually big amounts in
big-issue-tackling companies, like powerline internet, WiMax, and
others.



It even has a non-profit Google.org foundation to invest in global challenges.



Now it wants to start a formal venture capital arm, a la Intel's
(nasdaq:
INTC -

news
-

people
) Intel Capital, Time Warner's
(nyse:
TWX -

news
-

people
) TW Investment, Steamboat, (Disney's
(nyse:
DIS -

news
-

people
) venture arm) or BlueRun Ventures, formerly part of Nokia
(nyse:
NOK -

news
-

people
), reports WSJ, citing sources.



The group will be lead by David Drummond, Google's
(nasdaq:
GOOG -

news
-

people
) senior vice-president of corporate development and chief legal officer, and it has also hired William Maris, a 33-year-old former entrepreneur who has worked as an investor, to help set up the venture.



What’s Google’s advantage over other VC funds?



Well, technical expertise, reach and distribution, and then in-built
tools for monetization of services and products for these startups.



This new venture could help institutionalize some of Google’s previous
investments, and maybe even look at some new/allied areas of expansion
and investment.

From : http://www.forbes.com/

Hall of Famer Jim Brown sues Sony, Electronic Arts

NEW YORK (AP) — NFL Hall of Famer Jim Brown
has filed a lawsuit in New York claiming Sony and video game maker
Electronic Arts are using his name and likeness without his permission.

The former Cleveland Browns star's lawsuit said
the companies sell a game featuring a character who looks like him and
wears his No. 32. It doesn't specify which video game, but notes the
character is part of the game's All Brown's Team.

Brown seeks unspecified damages and an
injunction barring the companies from "taking a free ride on the trade
value" of the former running back's name and image.

The 72-year-old played nine seasons with the
Browns, before turning to Hollywood where he appeared in "The Dirty
Dozen" and other movies.

Spokesmen for Sony USA Inc. and Electronics Arts Inc. did not return calls seeking comment.

The Associated Press

From : http://www.usatoday.com/