Microsoft has issued a formal security advisory with a confirmation of public warnings that the Safari “carpet bombing” vulnerability presents a remote code execution threat on all supported editions of Windows XP and Windows Vista. The pre-patch advisory from Redmond follows public pressure from the Google-backed StopBadware.org for Apple to rethink its stance that the Safari issue should be considered a serious security vulnerability. From the Microsoft advisory: A combination of the default download location in Safari and how the Windows desktop handles executables creates a blended threat in which files may be downloaded to a user’s machine without prompting, allowing them to be executed. …An attacker could trick users into visiting a specially crafted Web site that could download…

At Google’s I/O developer conference in San Francisco this week, CNET News.com’s Kara Tsuboi met with Jonathan Rochelle, product manager of Google Docs, to discuss the Web-based collaborative office suite.

Mac-using students rejoice! Apple havare launching their biggest ever offer to students in a “back to school” deal, expected in the next few days. Apple vice-president Ron Johnson has promised that this year’s promo would be the biggest “ever” for Apple, even though no concrete details have been released of yet.  Over the years, they’ve offered both teachers and students $179 (£90) and $199 (£100) off certain items such as new MacBook’s and suchlike (probably not the entertainment type devices though, it seems to me this is more of a “offer for those who want to learn rather than dawdle around all day). Although what’s interesting is that now the MacBook Air is out, it seems this may well be one of the…

A rumored licensing disagreement between Intel and Nvidia appears to be true, and it could have implications for high-end gaming PCs.

On the heels of last month’s embarrassing site breach that allowed a hacker to redirect traffic from BarackObama.com to Hillary Clinton’s Web site, the Obama campaign is looking to hire a network security expert to lock down its online operations. According to this job listing, the campaign is offering a salaried position on its Boston, Mass.-based development team to work through the election in November to handle all aspects of online security. [ SEE: Obama site hacked; redirected to HillaryClinton.com ] Some responsibilities: Analyzing the network architecture for the My.BarackObama website Leading an overhaul of existing security systems and architecture, including policy, firewall, VPN, and networking equipment Developing a strategy for responding to hack attempts, DDoS attacks, and other potential threats…

Chinese girls talking about using SQL injections to serve malware and ARP spoofing, in between sharing do-it-yourself tutorials on XSS worms? Sexy.  Scott Henderson at the Dark Visitor profiled a Chinese hacking group with female members only, discussing these very same topics : “In the male dominated world of Chinese hackers, females find it difficult to be accepted as equals. Their technical skills are often viewed as inferior to their male counterparts. As far as I am aware, the first group of female Chinese hackers to break this mold were the Six Golden Flowers. The Golden Flowers have since broken up and gone their separate ways, but a new and larger group has taken their place, the Cn (China) Girl…

Kevin, James and I spent a large chunk of MobileTechRoundup show #135 talking about the sub-notebook market with the new Nano chip from VIA, the Dell and Acer, and more so if you have any interest in this market listen to this latest show. I also spent a few minutes talking about the upgrade for my Nokia N95-3 and some initial thoughts on the N82. The Palm 850 and Nokia E71 are also rumored devices that may be more than just a rumor very soon.

Think about this next time you pass those scrappy post-it notes around the office so that everyone can get access to the same on-demand account. What you’re doing is tantamount to criminal larceny.

SOA will sink or swim because of SOA, not the economy

Dish Network says it’s already altered its DVR software and wants a court to stop TiVo from claiming that Dish still infringes on TimeWarp patent.