Would you use a straw?
A can of air from Saskatchewan sold in an online auction last month for US$16.36. The auction, which lasted for a total of 10 days, ran on eBay’s Web site and started at US$9.99. The woman who sold the can was from the States, and said she originally purchased it in an American antique store. The label on the can reportedly states that it is a cure for people suffering from “Pollutaphobia (the need of fresh clean air), Clusterphobia (the need of wide open prairie spaces), Acrophobia (the need to be free from being high), Insomnia (the need for a relaxing night’s sleep).” The original owner paid US$5 for the can of prairie air.
Control: to the attacker
A new vulnerability found in PHP: Hypertext Preprocessor (PHP) scripting may allow hackers to “execute arbitrary code with the privileges of the Web server,” according to a warning issued by The PHP Group. “This vulnerability may be exploited to compromise the Web server and, under certain conditions, to gain privileged access.” PHP is an open source, general-purpose scripting language which is suited especially for Web developers and can be embedded into HTML, according to the PHP Group. It contains code for parsing the headers of HTTP POST requests, and is used to differentiate between variables and files that are sent. The vulnerability lies in that the parser has insufficient input checking, according to an advisory. The security hole affects PHP versions 4.2.0 and 4.2.1. A new version of PHP has been released – 4.2.2 – which features a fix. For the download or for more info, go to www.php.net.
IBM and Palm shake hands
IBM Corp. and Palm Inc. have formed a partnership designed to make it easier and simpler for mobile workers to access enterprise information systems, including instant databases, customer relationship management and enterprise resource planning systems, as well as instant messaging and e-mail. Analysts said that if the two companies can make all the complex parts of their grand plan work, the partnership could become a formidable competitor to Microsoft Corp. and its Pocket PC in the mobile enterprise market. The partnership would work on co-development of enterprise software that can be used on Palm devices. The partnership will provide enterprise users with a tool kit to easily integrate mobile Palm users into enterprise information systems with Java tools. The first products from the partnership should be available later this year. Palm will contribute its Reliable Transport architecture to the partnership. The Reliable Transport architecture supports secure, synchronous and asynchronous communications. In synchronous mode, it can support communications over a variety of wireless standards, including 802.11 wireless LANs and cellular Code Division Multiple Access and General Packet Radio Service networks.
Read all about it
Hackers wreaked havoc last month on USA Today‘s Web site where they replaced real news stories by dropping in phony articles. The joke articles were up for approximately 15 minutes before officials at the newspaper noticed them and shut the down, according to reports. A spokesperson for USA Today noted that the hackers seemed to have penetrated the Web servers from outside of the company’s internal network, and called the pages “very prankish.” Among the phony stories: an article which quoted the Pope as saying that Christianity is “a sham,” and that the Pentagon should be declared unconstitutional because its shape is so close to that of the Jewish star of David. Security of the Web site was upgraded immediately following the hack.
All signs lead to court
Leading domain name registrar VeriSign Inc. was hit with a second lawsuit last month which alleges that the company has engaged in unfair marketing practices in an attempt to snag its rivals’ customers. The latest suit, filed by InterCosmos Media Group Inc., charges VeriSign with sending deceptive domain registration and renewal notices to customers of InterCosmos’ directNIC.com registry site. The suit comes on the heels of similar accusations made by BulkRegister.com Inc., which lodged a lawsuit against VeriSign in May. In both cases, VeriSign is being accused of sending marketing material that misleads its rivals’ customers into thinking that their domain name is about to expire, and instructs them to renew with VeriSign. InterCosmos filed suit in a Louisiana federal court last week, claiming to have lost profits and customers due to VeriSign’s “trickery.” The New Orleans-based company is seeking damages for lost profits, restitution, mental anguish and attorneys’ fees.