'microsoft'에 해당되는 글 25건

  1. 2009.09.04 SQL Vulnerability Leaves Passwords In The Clear, Researchers Say by CEOinIRVINE
  2. 2009.04.15 Next version of Microsoft Office coming in 2010 by CEOinIRVINE
  3. 2009.03.31 Microsoft and TomTom settle patent fight by CEOinIRVINE
  4. 2009.03.07 Microsoft versus the Big Three by CEOinIRVINE
  5. 2009.02.24 Why Kindle Should Be An Open Book by CEOinIRVINE
  6. 2009.02.24 Microsoft has to hit up laid-off workers for money by CEOinIRVINE
  7. 2009.02.10 Bill Gates sells 2 million Microsoft shares by CEOinIRVINE
  8. 2009.01.29 Bringing Microsoft To VMware by CEOinIRVINE
  9. 2009.01.06 Nintendo's Low-Tech TV Is Long On Charm by CEOinIRVINE
  10. 2008.12.26 Google, Apple, Microsoft sued over file preview by CEOinIRVINE

SQL Vulnerability Leaves Passwords In The Clear, Researchers Say

With no patch forthcoming from Microsoft, Sentrigo launches workaround for flaw

Sep 02, 2009 | 05:02 PM

By Tim Wilson
DarkReading

A vulnerability in Microsoft SQL Server could enable any user with administrative privileges to openly see the unencrypted passwords of all other users, researchers said today.

Researchers at database security vendor Sentrigo say that in SQL Server 2000 or 2005, administrators can view all of the passwords used since the server went online by reviewing its process memory. Under SQL Server 2008, the problem has been partially fixed, but an administrator with local access and a simple debugger could still view the passwords, Sentrigo says.

The vulnerability is most likely an insider threat because it requires administrative privileges, says Slavik Markovich, CTO of Sentrigo. However, it is also possible for a hacker to take advantage of the flaw by exploiting SQL injection, he says.

The flaw may not directly affect the data in the database, since an administrator would have access to that data already, Slavik says. But many people reuse their passwords for other applications, and it is possible that the vulnerability might lead to the compromise of other users' work or personal accounts.

"Worst case, it might lead to one administrator stealing bank account data from another administrator," Slavik says. "People are not supposed to reuse their passwords, but it's a reality that they do."

The Sentrigo researchers found the vulnerability last September and informed Microsoft, Slavik says. However, after nearly a year of discussion, Microsoft has indicated that it considers the issue to be "minor" and has no plans to issue a specific patch, he says.

"We did not agree with Microsoft's classification of this vulnerability as a minor issue, and felt that it was in the best interest of SQL Server users to make the vulnerability public and provide a utility to remove the passwords from memory," Sentrigo says. "If we discovered this information, there is a high likelihood others [who may not be as ethical] could find it as well and abuse it."

Sentrigo feels that the vulnerability is a danger because so many users employ the same passwords for multiple applications, and because so many breaches are engineered by privileged users and administrators.

"Many applications are deployed with administrative privileges," Sentrigo observes. "Hackers using a simple SQL injection vulnerability can now access administrative passwords, which may be used to penetrate other systems on the network, escalating the breach. This is even worse in the case of SQL Server 2000 and 2005, where this can be done remotely.

"Since Microsoft doesn't have immediate plans to fix this vulnerability, we felt that the knowledge regarding its existence -- together with a free utility to repair it -- should be available to the public sooner than later," Sentrigo says.

One well-known security researcher, who requested anonymity, disagrees. "This seems like a nonissue," the researcher says. "Anyone with the ability to read process memory would also have the ability to just hook the authentication code and capture passwords that way. For once, Microsoft is right to ignore it."

Sentrigo acknowledges that administrators have the authority to reset passwords, but "there is a big difference between being able to reset a password to either a system-generated password which the administrator would not see (or to a password the administrator chooses) and actually seeing a user's personal password," the researchers say. "The latter involves much greater risk, including access to additional systems the password may be used on, potentially enabling access to user's private data, such as bank or brokerage accounts."

The Sentrigo fix, which the company has dubbed Passwordizer, replaces the password data with asterisks, making it impossible for administrators to read the passwords in memory. The utility is available now for free and works on any version of SQL Server.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

'Hacking' 카테고리의 다른 글

Regarding Online Game Security  (0) 2009.10.02
Flaw In Sears Website Left Database Open To Attack  (0) 2009.09.04
Penetration Testing Service  (0) 2009.09.04
URL Encoding  (0) 2009.06.10
Hacking with Javascript 2005.FEB.  (0) 2009.06.09
Posted by CEOinIRVINE
l

Microsoft Corp.'s next version of its Office desktop programs will reach consumers next year, though not likely in conjunction with the Windows 7 operating system.

Microsoft ( MSFT - news - people ) is set to announce Wednesday that Office 2010 will be finished and ready to send to manufacturers in the first half of next year.

From there, it can take six weeks to four months or more for the programs to reach PC users, said Chris Capossela, a senior vice president in the Microsoft group that makes Office. The timing will differ for big businesses and individual consumers, and for people who buy packaged software versus those who download it.

Some industry watchers had expected a new version of Office this year, but Microsoft Chief Executive Steve Ballmer extinguished that rumor at a meeting with analysts in February.

Capossela declined to be more specific about a launch date. Windows 7, the successor to Windows Vista, is scheduled to reach consumers by the end of January 2010.


Office 2010 - previously known by the code name "Office 14" - will include slimmed-down versions of Word, Excel, PowerPoint and OneNote that let people create and edit documents in a Web browser. Consumers will have access to a free, ad-supported version, and Capossela said the company is still hammering out what to charge businesses that want a version without ads.

Microsoft plans to let hundreds of thousands of people test a technical preview of the new Office portfolio starting in the third quarter of 2009, Capossela said. The company did not say whether average PC users will have a chance to test a more polished beta version.

Microsoft also said a new version of its Exchange e-mail server will be available for purchase in the second half of 2009. When paired with the next version of Microsoft's Outlook e-mail program, Exchange 2010 aims to prevent e-mail faux pas and would warn people against trying to "reply all" to a huge distribution list. Microsoft said it can also be tweaked to stop people from sending e-mail outside the organization, helping businesses cut down on unnecessary e-mail and prevent leaks.

'IT' 카테고리의 다른 글

10 Creative Salt & Pepper Shakers  (0) 2009.04.16
Skype Unloved  (0) 2009.04.16
IPhone Needs A New Brain  (0) 2009.04.11
Pentagon spends $100 million to fix cyber attacks  (0) 2009.04.09
An AT&T Dog Collar  (0) 2009.04.04
Posted by CEOinIRVINE
l

Parties settle dispute after more than a year

* Microsoft (nasdaq: MSFT - news - people ) says TomTom to make payments

* Financial details of settlement not disclosed

(Adds background on dispute, share prices)

SEATTLE (Reuters) - Microsoft Corp and Dutch navigation device maker TomTom NV said Monday they had reached a settlement after more than a year of squabbling over software patents.

In the last few weeks, both companies had sued the other, claiming patent infringement.

Under the terms of a five-year agreement, Microsoft said TomTom will pay Microsoft for use of the eight car navigation and file management system patents in the case Microsoft brought against TomTom, while Microsoft will be able to use the four patents included in the TomTom countersuit without any payment to TomTom.

TomTom confirmed there was a settlement but declined further comment.

Specific financial terms of the agreement were not disclosed.

The world's largest software company in February sued in federal court in its home state of Washington and petitioned the U.S. International Trade Commission claiming TomTom -- which makes portable navigation devices for cars and mapping software for handheld computers -- breached eight of its patents.

Microsoft said the patents involved in the case related to innovations in car navigation technology and other computing functionality that Microsoft has licensed to other companies, such as TomTom's rival Garmin Ltd. (nasdaq: GRMN - news - people )

TomTom countersued in the U.S. District Court for the eastern district of Virginia, earlier this month, claiming Microsoft violated a number of its patents.

Microsoft shares slightly pared losses after the announcement, down 3.9 percent at $17.43 in a broad market decline. Ahead of the settlement announcement, TomTom shares closed at 3.413 euros in Amsterdam, down 7.2 percent. (Reporting by Bill Rigby; Editing by Tim Dobbyn)

Copyright 2009 Reuters, Click for Restriction

'IT' 카테고리의 다른 글

Oops! UCSD Sends Acceptance E-mail to Wrong List  (0) 2009.04.02
Google, music labels launch China download service  (0) 2009.03.31
IBM to cut 5,000 jobs in U.S.--sources  (0) 2009.03.26
DMCA  (0) 2009.03.26
Software Publishers Suffer From Privacy  (1) 2009.03.26
Posted by CEOinIRVINE
l

Software is supposed to be a mature industry, characterized by some sort of mono- or duopoly. How to explain, then, the activity around Web browsers: Three of the tech industry's biggest names--Microsoft, Google (nasdaq: GOOG - news - people ) and Apple (nasdaq: AAPL - news - people )--each has a significant in-house browser development effort, with periodic fresh releases. Then, of course, there is the Mozilla Foundation, the folks behind the popular open-source browser Firefox.

Competition is always good, but especially these days with browsers. Features are being added to them that may, in a year or two, make a browser-based application look and feel no different from a desktop one. Imagine having the equivalent of Photoshop or PowerPoint in your browser--and thus available on whatever machine you happen to be using, desktop or smart phone or laptop.

The coming evolution in browsers is akin to the Ajax phenomenon of recent years. Ajax is a name given to a quartet of programming technologies that collectively made possible the likes of Google Maps and Gmail.

Before Ajax the typical Web site was a collection of static pages. With Ajax, programmers were able to change only part of the screen, displaying, for example, different information as you move a cursor around on a map. Ajax also allowed Web pages to be more dynamic in other ways, letting users, say, right-click and see a menu tailored to their needs.

The components of this new browser programming paradigm are esoteric. One is a new, extra-speedy Javascript interpreter, found in the latest browsers from Google and Apple, that allows programs in the browser's standard language to zip along faster than ever thought possible. Another is an Apple-created graphics technology known as Canvas, which gives programmers much more freedom using text and drawings.

Other under-the-cover changes include giving browsers the sort of sophisticated software-control features usually found only in operating systems. Web Workers, for instance, is an emerging system for isolating a browser's individual tasks into separate "threads," making it easier for a browser-based program to perform a computationally intensive task such as photo-editing in a background tab while the user is attending to something else, like e-mail, in the foreground.

This new approach to programming doesn't yet have a handy name like Ajax, though some refer to it as HTML 5. No browser yet has all of these new elements. Apple, Google and Mozilla have pieces. All are competing to add more.

So far there are no Google Maps-style killer apps for this new programming approach; indeed, programmers are just beginning to wake up to the possibilities. But one modest example is an early version of the sort of text editor used by engineers for writing computer programs. It's at bespin.mozilla.com and works with the Mozilla browser, Firefox.

Ben Galbraith and Dion Almaer, the Mozilla engineers who developed the site, said it will be expanding into a full-blown "programming environment" for the new software approach, but one that itself uses the same technologies that programmers will be making use of to build other applications. In a year or two, they say, software will be available that is indistinguishable from traditional desktop programs. The two men helped chronicle the Ajax movement; Galbraith said the new tools "have us more excited than we were for Ajax."

Many people assume that browser-based programs would run "in the cloud," that is, on servers situated remotely at companies like Google or Amazon. But Almaer said there's no reason software has to be written that way. A photo-editing program based in a browser, for instance, could run entirely on your desktop. PCs have power to spare.

Who wins and who loses with this new approach? Adobe (nasdaq: ADBE - news - people ) might not look too kindly upon it. The maker of Flash software would prefer that programmers stick with its software. Microsoft usually doesn't warm to standards it can't control; it is also pushing its new Silverlight multimedia program, which performs some of the functions of HTML 5 software.

Apple, Google and Mozilla, by contrast, favor anything that curbs Microsoft's market position. The three cooperate in browser development even as they compete for market share. If the day arrives when a browser is the only program anyone needs, those three would be among the ones cheering loudest.

Senior editor Lee Gomes covers technology from our Silicon

'Business' 카테고리의 다른 글

Luxury Retailers Put On Ice  (0) 2009.03.07
In Ohio, Obama Calls for 'Bold Action' to Revive Economy  (0) 2009.03.07
Early Glance: Computer companies  (0) 2009.03.07
At MaxMara  (0) 2009.03.06
Dead End For General Motors?  (0) 2009.03.06
Posted by CEOinIRVINE
l

 

pic

SEBASTOPOL, Calif. -- The Amazon Kindle has sparked huge media interest in e-books and has seemingly jump-started the market. Its instant wireless access to hundreds of thousands of e-books and seamless one-click purchasing process would seem to give it an enormous edge over other dedicated e-book platforms. Yet I have a bold prediction: Unless Amazon embraces open e-book standards like epub, which allow readers to read books on a variety of devices, the Kindle will be gone within two or three years.

To understand why I say that, I'll need to share a bit of history.

In 1994, at an industry conference, I had an exchange with Nathan Myhrvold, then Microsoft's (nasdaq: MSFT - news - people ) chief technology officer. Myhrvold had just shown a graph that prefigured Chris Anderson's famous "long tail" graph by well over a decade. Here's what I remember him saying: "Very few documents are read by millions of people. Millions of documents--notes to yourself, your spouse, your friends--are read by only a few people. There's an entire space in the middle, though, that will be the basis of a new information economy. That's the space that we are making accessible with the Microsoft Network." (These aren't Myhrvold's exact words but the gist of his remarks as I remember them.)

You see, I'd recently been approached by the folks at the Microsoft Network. They'd identified O'Reilly as an interesting specialty publisher, just the kind of target that they hoped would embrace the Microsoft Network (or MSN, as it came to be called). The offer was simple: Pay Microsoft a $50,000 fee plus a share of any revenue, and in return it would provide this great platform for publishing, with proprietary publishing tools and file formats that would restrict our content to users of the Microsoft platform.

The only problem was we'd already embraced the alternative: We had downloaded free Web server software and published documents using an open standards format. That meant anyone could read them using a free browser.

While MSN had better tools and interfaces than the primitive World Wide Web, it was clear to us that the Web's low barriers to entry would help it to evolve more quickly, would bring in more competition and innovation, and would eventually win the day.

In fact, the year before, we'd launched The Global Network Navigator, or GNN, the world's first Web portal and the first Web site supported by advertising. To jump-start GNN, we hosted and sponsored the further development of the free Viola web browser, as a kind of demonstration project. We weren't a software company, but we wanted to show what was possible.

Sure enough, the Mosaic Web browser was launched shortly thereafter. The Web took off, and MSN, which later abandoned its proprietary architecture, never quite caught up.

For our part, we recognized that the Web was growing faster than we could, particularly as a private company uninterested in outside financing. So we sold GNN to America Online in June 1995. Big mistake. Despite telling us that they wanted to embrace the Web, they kept GNN as an "off brand," continuing to focus on their proprietary AOL platform and allowing Yahoo! (nasdaq: YHOO - news - people ) to dominate the new online information platform.

Posted by CEOinIRVINE
l

A few weeks after launching the first wide-scale layoffs in its history, Microsoft Corp. admits it screwed up a key part of the plan.

The company is asking some laid-off employees for a portion of their severance back, saying an administrative glitch caused the software maker to pay them too much.

Lou Gellos, a Microsoft (nasdaq: MSFT - news - people ) spokesman, would not say how many of the 1,400 workers let go in January were overpaid, or by how much. Microsoft has said severance would be calculated by length of service and position in the company.

The Redmond, Wash.-based software maker is asking former employees for reimbursement, by check or money order, within two weeks, according to a redacted letter posted by the technology blog TechCrunch. Gellos confirmed the letter's authenticity.

With the recession biting into sales of Microsoft's core Office and Windows software, Microsoft said in January it would let up to 5,000 of its 94,000 employees go, the only mass layoff in its 34-year history.

Shares of Microsoft sank 54 cents, or 3 percent, to $17.46 in afternoon trading amid a broader sell-off Monday.

'Business' 카테고리의 다른 글

Preliminary ratings show ABC's Oscar numbers up  (0) 2009.02.24
Why Kindle Should Be An Open Book  (0) 2009.02.24
Garmin Moves In The Right Direction  (0) 2009.02.24
Facebook Bows To Peer Pressure  (0) 2009.02.21
Ditch Your iPhone  (0) 2009.02.21
Posted by CEOinIRVINE
l

Microsoft Director Bill Gates sold 2 million shares of the software company he founded for $37.7 million, according to a late Monday filing with the Securities and Exchange Commission.

He sold the shares at the weighted average price of $18.8361 - the price range actually was $18.32 to $19.09.

Gates is left with 756.1 million shares held directly and 424,816 indirectly.

Monday's filing gives Gates a total of 15.8 million that he has sold in 2009 for a value of $290 million.

The current slate of sales comes on the heels of 20 million shares Gates sold from Oct. 31 to Nov. 13 last year at a value of $435 million.

In the past six months, excluding Monday's filing, company insiders have sold a total of 37.2 million shares for $749.6 million. No shares were purchased.

Shares of Microsoft (nasdaq: MSFT - news - people ) fell 22 cents to close at $19.44 Monday.


'Business' 카테고리의 다른 글

Geithner pledges forceful attack on banking crisis  (0) 2009.02.11
GM to cut 10,000 salaried jobs  (0) 2009.02.11
Is America Going The Way Of Japan?  (0) 2009.02.08
Economic Stimulus Plan  (0) 2009.02.08
Unemployment Rate  (0) 2009.02.07
Posted by CEOinIRVINE
l

Bringing Microsoft To VMware

IT 2009. 1. 29. 23:55

Ex-Microsoft veterans are now in charge at VMware, but they insist the virtualization specialist won't become a Microsoft clone.

Last summer, Paul Maritz was only hours into his new job as chief executive of VMware when he called Tod Nielsen, his former Microsoft colleague.

Nielsen, formally Maritz's right-hand man at Microsoft (nasdaq: MSFT - news - people ) and chief executive of Borland Software (nasdaq: BORL - news - people ), talked with Maritz about Sarbanes-Oxley and other regulatory rules.

"Paul was essentially the No. 3 person at Microsoft, in charge of all system software," Nielsen says. "I was responsible for all the interactions with the developer community, for marketing and launching and evangelizing."

For the next three to four months, the two would get together regularly and talk about the challenges and opportunities Maritz faced as CEO of VMware (nyse: VMW - news - people ).

Around November, the duo decided to make it a permanent arrangement; in January, Nielsen joined Palo Alto, Calif.-based VMware as its first-ever chief operating officer. "It became clear that this was a great chance for us to work together and for me to join the company and help take things to the next level," Nielsen says.

For Maritz, who replaced co-founder Diane Greene last July, taking the company to the next level meant bringing a new organizational model to the maturing VMware.

For Nielsen, it meant getting the company in shape: streamlining work flow while keeping accountability and responsibility in place. "Paul and I cannot make every decision," Nielsen says. "We've got to make sure we've got empowered organizations that can drive and be focused on delivering their solutions."



'IT' 카테고리의 다른 글

Guitar Hero  (0) 2009.02.07
Which Operating System To Use?  (0) 2009.01.31
Boom Times Over For Shell  (0) 2009.01.29
AT&T's Signal Could Weaken  (0) 2009.01.29
AP source: Ex-eBay CEO to run for Calif. governor  (0) 2009.01.06
Posted by CEOinIRVINE
l
Nintendo's Low-Tech TV Is Long On Charm
You almost have to feel sorry for Microsoft and Sony. After pouring powerful technology and all sorts of extra features into their video-game consoles, the comparatively simple Nintendo Wii and its cutesy family-oriented games proved the bigger hit with consumers. Now Nintendo wants to put pressure on its rivals with a dedicated video service, one that seems riddled with technological and content-related weaknesses but which might still win over consumers with its low-tech charm and demographic reach.

Nintendo's planned video-on-demand service--reportedly called "Wiinoma"--has some obvious disappointments. It is so far only slated for launch in Japan, potentially excluding a large chunk of Wii owners. Even if the service spreads to Europe and the United States later in 2009, don't expect to be watching favorites like Lost or The Wire straight away. Only videos exclusively made for the Wii will be available, with media firms like Fuji Television (other-otc: FJTNF - news - people ) and Nippon Television (other-otc: NPTVF - news - people ) reportedly planning cartoons, entertainment shows and other original programming for the launch.

The Wii console itself has its limitations when it comes to video playback, a sign that Nintendo (nasdaq: NTDOY - news - people ) never really intended to sell it as a mixed-media box. You can't play DVDs on the Wii, and its puny 512-megabyte storage memory is barely enough to store game downloads and save positions--let alone video footage. Trying to sell the Wii as a video-focused console will therefore be tough, no matter how many Japanese cartoons or cookery shows are available for streaming.

Compare this with the Sony (nyse: SNE - news - people ) Playstation 3 and Microsoft (nasdaq: MSFT - news - people )'s Xbox 360, which have trailed the Wii in worldwide sales since 2007. Both consoles can play DVDs, both offer movie downloads and both have online video stores selling television shows from the likes of Fox and TimeWarner. Hard-drive space varies, but customers can upgrade at their leisure or fork out for a big-memory bundle: the Xbox 360 offers a 120-gigabyte model, while the Playstation 3 can be bought with 160 gigabytes of storage space. Wii users are stuck with their 512 megabytes.

But Nintendo is no fool, and the company might find a different kind of advantage in a stripped-down, exclusive-for-Wii video service. Advertisers are already interested by the Wii's success, given that advertising agency Dentsu is launching the channel with Nintendo, and free-to-watch videos may end up doing more for the Nintendo brand and its products than pay-per-view movies and television shows would.

"Nintendo could have an advertising advantage," said Michael McGuire, an analyst with Gartner Research. "With the interactive nature of the games, you've got Wiis that are in homes and exercise classes, and that's a pretty interesting demographic."




'Business' 카테고리의 다른 글

Best Buy to sell refurbished iPhones  (0) 2009.01.07
Best Big Companies in the U.S.  (0) 2009.01.06
Netflix Goes Direct To LG  (0) 2009.01.06
A Terrible Time For Carmakers  (0) 2009.01.06
Fixing IT  (0) 2008.12.30
Posted by CEOinIRVINE
l

Google, Apple, Microsoft sued over file preview

A small Indiana company has sued tech heavyweights Microsoft, Apple, and Google, claiming that it holds the patent on a common file preview feature used by browsers and operating systems to show users small snapshots of the files before they are opened.

Cygnus Systems sued the three companies on Wednesday saying that they infringed on its patent with products such as Windows Vista, Internet Explorer 8 and Google Chrome, which allow users to view preview images of documents on the computer. Mac OS X, the iPhone and Safari also infringe, the company said in court filings. Apple uses this technology in its Finder and Cover Flow Mac OS X features, the filings state.

While Cygnus has sued three very high profile companies, there may not be the only vendors in Cygnus’s sites. “They were a logical starting place for us,” said Matt McAndrews, a partner with the Niro, Scavone, Haller & Niro, law firm, which is representing Cygnus. “We’ve identified many other potentially infringing products that we’re investigating,” he added.

Cygnus’s owner and president Gregory Swartz developed the technology laid out in the patent while working on IT consulting projects, McAndrews said. The company is looking for “a reasonable royalty” as well as a court injunction preventing further infringement, he said.

The lawsuit was filed in federal court in Arizona, where Swartz resides, McAndrews said.

Google, Microsoft and Apple did not return messages seeking comment on the lawsuit.

Cygnus applied for its patent (# 7346850) in 2001. It covers a “System and method for iconic software environment management” and was granted by the U.S. Patent and Trademark Office in March of this year.

'IT' 카테고리의 다른 글

Rumor Mac Mini  (0) 2008.12.26
iPhone 3G  (0) 2008.12.26
Internet is gone.  (0) 2008.12.20
Mac Pro  (0) 2008.12.18
Apple Student Discount  (1) 2008.12.18
Posted by CEOinIRVINE
l