The CERT Coordination Center is warning of a vulnerability that is affecting products using the session initiation protocol (SIP). CERT said attacks against the protocol could range from denial-of-service (DoS) to the ability to execute arbitrary code on systems. However, the firm was not certain of all the products it was affecting.
According to CERT, the Oulu University Secure Programming Group has been examining vulnerabilities related to the SIP protocol. SIP is known as the signalling protocol for voice over IP (VoIP), Internet telephony and instant messaging (IM) applications. The saving grace for many vendors is that they don’t ship products with the SIP protocol, including Apple Computer Inc., IBM Corp. and Hewlett-Packard Inc. Other tech heavyweights, including America Online Inc. and Microsoft Corp. have reported no vulnerabilities to date. Cisco Systems is addressing the problem across its product line and has released an advisory, which can be found on its Web site.
Canadians strongest in telephone category
Canada finished sixth in The World Economic Forum’s latest networked readiness study. The report is an index of 82 world economies, and examines the use of information technology infrastructure. In the same study conducted last year, Canada ranked 12th.
Finland was ranked number one this year, followed by the U.S., Singapore, Sweden and Iceland. Canada found top honours in only one category – the waiting time for a telephone mainline. Canada ranked second in the availability of broadband access, fourth in the number of secure Internet servers and eighth in both overall infrastructure quality and in the quality of local IT training programs. But Canada ranked a disappointing 48th for businesses using e-commerce, 44th in the cost of business telephone subscriptions and a rather surprising 32nd in the number of mobile phones for every 1,000 people.
Fed-up Redmond suing spammers
Microsoft Corp. is looking to burn spammers targeting users of its Hotmail e-mail service with a lawsuit filed in a California federal court last month. The suit goes after unnamed defendants accused of harvesting e-mail addresses from its Hotmail servers with the intention of spamming subscribers. The “John Doe” suit allows the company to conduct discovery in the case, and issue subpoenas as part of the investigative process of the trial, a Microsoft representative said.
In its complaint, Microsoft said that it believes it has tracked down the IP address used by a harvester, but that the address is registered to an ISP (Internet service provider) known as Neutelligent Inc. and it is unclear to whom the ISP has assigned the IP address. The company claimed that beginning in or about September of 2002, the harvesters accessed Microsoft’s computers and servers in Mountain View, Calif., using “an extractor or database searching software program or similar program” to obtain customers’ e-mail addresses.
Asia soon to be home to most developers
According to a recent report by research firm International Data Corp. (IDC), the region with the highest amount of developers in the world will soon be changing. While North America claimed this top spot in 2001, IDC is predicting that by 2005, Asia-Pacific will be the region with the most people employed in the field. Over the next five years, the growth in this region – particularly in China and India – is expected to be much greater than in North America, according to the firm.
IDC says this change can partly be attributed to the fact that economic difficulties have affected the number of employed developers in North America, specifically from 2000 to 2001 when layoffs were abundant. The 10 countries in the world with the most developers include the U.S., China, India, Russia, Japan, Canada, Germany, France, the United Kingdom and Italy, representing approximately 62 per cent of developers worldwide, according to IDC.
Firm warns of Lotus software flaws
Three software security flaws could allow attackers to run malicious code on machines running IBM’s Lotus Domino or iNotes software. The flaws were disclosed in February in three advisories published by Next Generation Security Software Ltd. (NGSS), a software security consulting company in Sutton, U.K.
Using a vulnerability, rated “critical risk,” in the Lotus iNotes messaging software, a remote attacker could gain control of a Domino server by providing an overly long value in a request for Web-based mail services. A second vulnerability, also rated “critical risk,” affects the Lotus Domino 6 application server software. Using the vulnerability, an attacker could create a buffer overrun by supplying false and excessively long host names in a request for a document or view that is stored in a Lotus database. A third vulnerability, found in an ActiveX client control used by the iNotes software, allows an attacker to execute malicious code on a remote machine that is attempting to use iNotes Web-based messaging features.
IBM has patched the three vulnerabilities, which were found in Release 6.0 of Lotus Notes and Domino, in the 6.0.1 maintenance release. See: www-10.lotus.com/ldd/products.nsf/products/notesdomino.
Accenture to build .Net platform
Accenture Ltd. has partnered with Microsoft Corp. and Avanade Inc. to create a hosted development environment for .Net Web services applications. The new Accenture Web Services Platform has been designed to help businesses build and manage large-scale Web services projects based on Microsoft’s .Net Web services architecture, according to information provided via e-mail by a spokesperson involved in the announcement, which will be made official this month.
The hosted platform can be used to build, test and deploy Web services and business applications that use Web services. It features Microsoft’s Visual Studio .Net application development environment and Avanade’s ACA .Net development architecture. For Accenture, this announcement represents another step forward in the company’s increasingly aggressive focus on outsourcing, particularly application hosting and management, said Andrew Efstathiou, a Yankee Group analyst.
PC sales expect to climb in near-term
PC vendors will ship 33.2 million units worldwide in the first quarter, up 4.8 per cent from a year earlier, Dataquest Inc., a unit of Gartner Inc. said recently. The market is expected to rebound later in the year as businesses start replacing PCs bought in the late 1990s as part of investments to fix Year 2000 (Y2K) problems, Dataquest said. Full-year shipments are expected to reach 138.7 million units, up 7.9 per cent compared with 2002,
Dataquest is more optimistic than Merrill Lynch & Co. Inc., which has reduced its full-year 2003 PC shipment growth estimate to 137.6 million units, or five per cent growth, down from its previous forecast of seven per cent growth. Demand for PCs is still weak and uncertainties about war and economic recovery dampen consumer confidence as well as corporate PC purchases, Dataquest said. PCs bought in the late 1990s would normally have been replaced by now, but some users want to stretch PC lives to five years, Merrill Lynch said. Increasingly, instead of buying new PCs , users are upgrading old ones with new components, according to Dataquest.