Many web applications make use of XML-RPC libraries to provide such functionality as pings for RSS feeds. Due to a recently found bug in XML-RPC implementations these applications could now be used to exploit the flaw and compromise the hosting server. Many popular applications ranging from WordPress and PostNuke to PHPwiki are susceptible to the flaw, however most have since been patched to rectify the issue and you need only upgrade. If upgrading is not an option at this time, disabling or upgrading the servers XML-RPC libraries is of paramount importance as exploits are expected in the “wild” any time now. Read more about the problem here.

IBM has just won a settlement from Microsoft to the tune of 775 million dollars as well as 75 million in credit for Microsoft software licenses. I wasn’t even aware that IBM had an anti-trust lawsuit against Microsoft so this one flew below my radar for a long time. This case arose from of the DOJ verses Microsoft anti-trust case in the mid nineties where judge Jackson found that IBM was one of the companies affected by Microsoft activities. The settlement resolves claims regarding both the OS2 Operating System and the Smartsuite Office application suite but does not cover any damages related to IBM’s server hardware or software. That being said IBM have agreed not to claim for any damages for the period up to July 2002 and will not try to claim any server damages for at least 2 years.

In the last couple of years or so, Microsoft has handed over literally billions of dollars to pay off several companies that had accused them of anti-competitive practises including AOL, Gateway, Sun, Novel, CCIA and now IBM. Microsoft’s trouble isn’t over yet though as they still have pending anti-competitive litigation with Novell regarding Wordperfect. They still have the European Union anti-competitive guilty verdict to appeal and they’ve just been sued by the pen computing company Go for yet more anti-competitive activities.

What amazes me about all this, is that when I recently drew attention to the Firefox right click problem at MSN, the developers seemed quite upset that I implied that it may have been intentional. I can understand why they might be upset at the idea, but I can’t for the life of me figure out how they couldn’t understand why people are so quick to jump to that sort of conclusion. Apparently they have short memories with regards to their parent companies history.

The last few months have revealed flaws in all the main web browsers including IE, Netscape, Opera and Firefox. Here to add to that list is the latest Internet Explorer “Highly critical” security flaw which apparently affects 5.01, 5.5 and 6.x.

For the more technical among us, this is the flaw summary from Secunia:

The vulnerability is caused due to the javaprxy.dll COM object being instantiated incorrectly in Internet Explorer via the object tag. This can be exploited via a malicious web site to cause a memory corruption.

Successful exploitation may allow execution of arbitrary code.

That last sentence is geek speak which roughly translates to: “successfully exploiting the flaw can result in a external, remote (and probably malicious) party from taking control of your computer”.

There are compelling reasons for Windows users to switch to (or at least evaluate) Linux, but when you know no other world than Windows or don’t want to even think about partitioning your precious hard drive, it can be one heck of a leap of faith! As a Windows user wanting to try Linux but scared of losing the world as I knew it, I found a risk-free method of trying Linux without threatening the installation of Windows safely installed on my PC.

Mandriva Move and Knoppix are two different flavours of Linux that reside entirely on a bootable LiveCD. Mandriva Move or Knoppix are not installed on your hard drive, they actually run from the CD without touching or threatening your Windows operating system in any way. This allows scaredy cats like me to experiment with Linux until my heart is content, then eject the CD and return to my Windows safety blanket just as I left it.

(more…)

In a story yesterday we reported that the right click features in MSN were not working right in current versions of Firefox. A programmer at MSN immediately provided us information suggesting that the problem was really an issue in Firefox. To it’s credit, the MSN team immediately implemented a work-around so that right clicks are back.

The method used by them is very interesting. They essentially create an equalized version of Firefox and IE by adding an attachEvent method to every DOM element in Firefox. By doing this, they can later — site wide — avoid the typical browser detection and the corresponding repeat of scripts that say,
see if this is IE and if so, then this, but if it is FF, then do something else, or if Opera, then do the other, etc.
It avoids duplicative coding, and avoids the necessity of changing each of those scripts should there be a bug like arose here. Equally important, they don’t need to train each developer regarding the differences in API between browsers.

In a article yesterday we panned MSN for blocking right clicks in Firefox. The person who wrote the script, Scott Isaacs, says this was an unintended consequence and that it appears to be a firing problem with Firefox’s on-click implementation. You can read his comment here. In the meantime, given the defect, we do encourage MSN to try coding around it as soon as possible. We have been writing code to accomodate shortcomings in various versions of Internet Explorer for years, so some turn-about is of course fair-play as the old saying goes.

From time-to-time you will see similiar news articles on our site. That is because we may both be working on a similiar article unbeknownst to the other authors. Sometimes I start an article, get interrupted, and bring it back around to finish it later only to find that Franki or another guest author wrote something similiar. My conclusion is to publish anyway as we may each have a little different angle on the report. I hope that doesn’t cause any difficulties to our readers.