Minutes after our report on how to avoid the security flaws on Internet Explorer 8, we have received updates that Microsoft is currently working on fixing these issues.

The company announced Tuesday that “given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves, and the escalating threat environment, Microsoft will release a security update out-of-band for this vulnerability.” Microsoft didn’t say exactly when it would release the patch, but promised more details Wednesday.

Microsoft normally releases patches for its software on Patch Tuesday, as it has come to be known, so that corporations that use Microsoft products will know what’s coming and can plan accordingly. But every now and then it will break with that pattern upon the discovery of an important flaw or vulnerability that requires a fast fix, since Patch Tuesday only comes once a month. The next Patch Tuesday is scheduled for February 9.

The vulnerability at issue in the cyberattacks that have prompted a showdown between Google and China affects versions 6, 7, and 8 of Internet Explorer, although Microsoft said that attacks have only been successful on systems running IE 6. The company advised IE users to upgrade to Internet Explorer 8 to protect themselves against attacks.

The news comes after researchers from Vupen Security reported that technology designed to mitigate attacks in newer versions of IE can be bypassed.

Asked to comment on that, a Microsoft spokeswoman said: “Microsoft is investigating claims of the ability to bypass the Data Execution Prevention (DEP) feature in Internet Explorer. Once we’re done investigating, we will take appropriate action to help protect customers.”

Only if you are new to computers, you wouldn’t be surprised how Internet Explorer 8 facilitated in the hacking incident of a Gmail account in China. Recently, the Anti virus companies have accepted the fact that most virus attacks are via Adobe’s Flash Player and Reader PDF software – so the Chinese attack on IE is a give away. Many Techies have already stopped recommending Internet Explorer at all.

Unfortunately, some Internet users don’t have a choice of browser. The Web sites of many organizations use custom applications that require IE. More importantly, Windows itself relies on Internet Explorer to receive updates and for other behind-the-scenes operations. Even if you never open IE, you still need to make sure the browser is fully patched and up to date.

Review IE’s security settings
In a mid-November post, I compared the security features of IE 8, Firefox 3, Chrome 4, Safari 4, and Opera 10. Topping the list of new security features in IE 8 are automatic blocking of click-jacking and cross-site scripting attacks, automatic crash recovery, and highlighting of the actual domain name in the address bar.

That’s why the safest thing any Internet Explorer user can do is upgrade to version 8. If you must use IE 7, be sure to keep the browser patched and set to either its High or Medium-High security setting. To check IE’s security settings, click Tools > Internet Options > Security. In IE 7 and 8, make sure the option to Enable Protected Mode is checked (it’s on by default in IE 8 on XP SP3, Vista SP1 and SP2, and Windows 7).

IE 8 also enables Data Execution Prevention (DEP) by default, although you can turn on the feature in IE 7 by clicking Tools > Internet Options > Advanced, scrolling to the Security section, and making sure “Enable memory protection to help mitigate online attacks” is checked. Mary Landesman provides instructions for setting DEP in IE 6 on the About.com site.

Enabling IE’s Protected Mode and DEP features will go a long way toward keeping you safe from malware attacks. But if you’re still feeling vulnerable, there are two other things you can do to batten down IE’s hatches.

The first is to sign in to a standard user account rather than to an administrator account. When using a standard account, you’ll be blocked from such activities as downloading and installing programs and changing system settings. You can overcome the block by entering an administrator ID and password for the PC.

Lastly, you can set Internet Explorer to the High security setting by raising the slider control under the Security tab in Internet Options. Many people find IE’s highest security level too restrictive for everyday browsing, but you can customize the settings by selecting the “Custom level” button, making your own security choices, and clicking OK twice. You’ll have to restart IE for your new settings to take effect.

For Microsoft’s take on the IE security flaw targeted by the Chinese government, see the company’s Security Advisory 979352, which was released on January 14 and updated the following day. On the Microsoft Security Response Center blog, Jerry Bryant states that the company will release the update that patches this hole “as soon as the appropriate amount of testing has been completed.”

Feuding chip rivals Intel Corp. (INTC) and Advanced Micro Devices Inc. (AMD) agreed to settle all of their outstanding legal complaints, with Intel paying AMD $1.25 billion and agreeing to abide by a set of rules for how it conducts its business.

The agreement, which also includes a renewed five-year cross-license agreement, comes as Intel faces an increasing amount of scrutiny from government regulators regarding alleged anticompetitive practices.

AMD indicated that the deal would relieve the animosity between the companies, adding that provisions regarding Intel’s business practices would allow the chip makers to compete on a level playing field. However, the company acknowledged that the settlement wouldn’t immediately change the balance of power.

“The industry isn’t going to change like a light switch,” AMD Chief Executive Dirk Meyer said, but the company will be able to compete better on the strength of its products and customer relationships.
AMD said it plans to tell regulators taking actions against Intel that the settlement resolves nearly all of its complaints.

“The agreement to a great extent, to a great extent, resolves outstanding disputes between AMD and Intel under the antitrust laws,” AMD counsel Tom McCoy said during a conference call.

Intel and AMD make nearly all the chips used to run computers and servers, though the much larger Intel controls roughly 80% of the market.

AMD shares surged on the news, rising as much as 26% to a new 52-week high of $7.52. The stock recently traded at $7.48, up 31% on the day. Intel shares gained a nickel to $19.89, reflecting relief over the settlement.

Cisco is placing bets on the future adoption of collaboration tools for businesses by unveiling later today a enhanced suite of offerings, including a new social networking software designed for a corporate setting and a new cloud-based e-mail hosting service, as well as video and voice integration into the collaboration platform. (Statement)

The company said that the idea behind the new collaboration platform is to be less “document-centric” and more “people-centric” by working with voice, IM and video to create business-to-business communications – and meetings – more efficient. In part, that includes the ability to bring Facebook-like tools into the mix, but secure them in a way that meets the needs of a company. The company explains its social video system, called Show and Share, like this:

“Cisco Show and Share is a social video system that helps organizations create and manage highly secure video communities to share ideas and expertise, optimize global video collaboration, and personalize the connection between customers, employees, and students with user-generated content. It allows organizations to record, edit and share video with comments, ratings, tagging and RSS feeds, ans speech-to-text transcripts can be uploaded for easy video search and viewing.”

The other announcement – Cisco WebEx Mail – stems from the company’s acquisition of PostPath and offers a cloud-based system that also has Outlook interoperability. Through its acquisition of Jabber, the company also said it has integrated the XMPP standard to give it a secure but widely available presence in the collaboration tools.

In some ways, Cisco – which has been competing with companies such as IBM, HP and Dell in the data center – is now adding Microsoft, which recently dropped the price of its hosted versions of Exchange, Sharepoint, and Office Communications Server, and Google to its lineup of competitors with these new services. For some time, Google has been pushing its cloud-based apps for businesses and even scored a major deal with city of Los Angeles recently to manage its email system. And now, it’s previewing Google Wave, a Web-based, real-time collaboration tool that allows users across the Web to communicate with each other in e-mail like message thread or instant chats and share documents, videos, images, charts and more.

Under the Google Wave approach, users can open the collaboration projects, or “Waves,” to anyone over the Internet, allowing collaboration with anyone via the Web. Cisco’s new offering also breaks down the walls of the traditional network, allowing users to work with customers, vendors and others who normally might have been locked out of the collaboration process

Cisco said that, upon rollout, its mail offerings – priced “somewhere south of $8 per mailbox per month” but still being finalized – will be cloud-based only while the collaboration platform will reside on-premise. Eventually, the company will offer the ability to split data between the two worlds – on-site and in the cloud – but still sees companies being more comfortable with e-mail in the cloud than they are with collaborative documents and correspondence in the cloud.

The company has been vocal about its visions for the future, notably its belief that video will be “the center of everything” in future communications. With this push into collaboration software, the company is subscribing to the idea that e-mail is losing some of its luster as a tool for conducting business. Anyone who’s ever exchanged two dozen emails with a half-dozen people just to set up a meeting knows how ineffective e-mail can be when working with teams.

While Intel is being rumored for delaying USB 3.0 chipset supporting chipsets, Nvidia has confirmed it and dropped a bomb. Brian Burke, an Nvidia spokesperson, in an email interaction with TGDaily, stated that Intel is postponing USB 3.0 introduction plans to 2011. Besides that, Burke boasted that Nvidia’s nForce chipsets are “better” than Intel’s chipsets.

As per recent speculations, Intel was believed to have pushed USB 3.0 supporting chipsets way beyond 2010. Nvidia won’t be producing any chipsetse for Intel platform until the legal squabble between them is solved. At the moment, motherboard makers like Asus and Gigabyte are adding discrete USB 3.0 controllers for to their new Intel platform-based motherboards. Burke stated, “With no competition in chipsets, it seems Intel has decided that innovation is not needed for USB any time soon.” While Intel takes it own time to chart out plans for USB 3.0 supporting chipsets, AMD should grab opportunity and roll out USB 3.0 supporting motherboards.

Intel might be holding USB 3.0 to monopolize on Light Peak technology that was showed at the Intel Developer Forum 2009. A single optic fiber cable would serve as universal connector for the computer and other gadgets. Intel is looking forward to standardize this fiber optic technology that will replace several connectors like USB, HDMI, DVI, FireWire, DisplayPort, et al. So far, the specifications of the Light Peak technology aren’t clear and Intel is getting it standardized through USB Implementers Forum. Still, it’s unsure whether the fiber optic cable would require a computer to work just like USB does. Many more questions arise of which major is whether Intel is trying to replace all possible connection interfaces with Light Peak technology. Let’s wait and see what Intel has on its Agenda.

Finland made 1 Mbps every citizen’s birthright

Internet

No, i’m not making this up. Access to the Internet at a minimum (not up to) 1 Mbps speed is the birthright of every Finnish citizen was recently announced the government. It makes Finland the world’s first country ensuring high speed broadband access a fundamental right.

Microsoft announces about their next patch release on Tuesday. Apparently, this will contain a total of 13 patches with 34 vulnerabilities including two zero day flaws.

Microsoft ranked 8 of the 13 patches as critical indicating that these patches are intended to repair IP protocol related issue that can allow hackers to remotely launch attacks to steal information. Thus far, Microsoft’s patch record has been 12 in one month, which it reached both in February 2007 and October 2008. The October patch covers both critical flaws and flaws given the slightly less severe ranking of “important” in Windows, Internet Explorer, Microsoft Office SQL Server, Microsoft Forefront, Silverlight and Developer Tools.

In addition, two of the Microsoft patches cover zero-day vulnerabilities in the Server Message Block service implementation — the network file sharing protocol — as well as another actively exploited flaw occurring in the FTP service. The SMB vulnerability, which affects Windows 7, Vista, XP, Server 2003 and Server 2008, occurs in the way that version 2 of the protocol parses SMB requests. The Patch Tuesday security update also covers a critical FTP vulnerability, which Microsoft said had been previously exploited in “limited attacks.” The zero-day vulnerability occurs in the FTP service in numerous versions of Microsoft Internet Information Services. Attackers who exploit the flaw could execute malicious code on IIS version 5.0 or launch denial of service attacks on systems running the FTP service on IIS version 5.0, 5.1, 6.0 and 7.0.

Microsoft will address both the SMB and FTP vulnerabilities with patches a little more than a month after they were first disclosed in September, and security experts say the company is in general becoming more responsive to zero-day flaws as it further invests resources into its security offerings such as Forefront and the new free antimalware scanner Microsoft Security Essentials.”They take it a lot more seriously and have been a lot more responsive to the community,” said Chester Wisniewsky, senior security adviser for Sophos. “I think they realize their security reputation is very important.”

Meanwhile, Wisniewsky said that Microsoft has typically dealt with unusually large patches in the fall after serious security vulnerabilities are revealed at summer hacker conferences such as BlackHat and DefCon.”It’s unclear, but if you read the tea leaves a little bit, [the heavy patch load] implies it could be a response to some of those things that were disclosed but haven’t been patched yet.”