Techrepublic.com has posted an article about a survey that was conducted by KACE, a company which makes systems management appliances.

KACE surveyed 1,100 IT managers and they found that sixty percent of them have no plans to use Windows Vista. Forty-two percent said that they would consider Linux and Apple as an alternative OS (operating system). Ninety-two percent of them answered that their plans did not change when Microsoft released the first service pack for Vista.

The author of the article, Larry Dignan, notes that KACE made the survey in order to pitch its KBox appliance which is designed to manage multiple OSs.

Source: Tech Republic

The search tool in Windows Vista will be automatically upgraded according to Computerworld’s report that was posted earlier today. Microsoft said that, “If a Windows Vista user has set their machine to automatically install updates, Windows Search 4.0 will automatically install on PCs running Windows Vista SP1.”

The release date of this upgraded tool is in mid-July according to the blog of Microsoft Update.

Windows XP users can also have this upgrade but they must call up Windows Update first and select Search 4.0 to be installed.

After the installation, the operating system will completely re-index the data of the user which could take several hours.

Source: COMPUTERWORLD

Various sites have reported that a data corruption fix will be included in the final Power Pack for Windows Home Server.

Besides a fix to the data corruption problem, the pack will also include new features such as more efficient power consumption, support on Windows Vista 64-bit version, and the ability to back up shared folders.

Due to the bug, the programmers that were assigned to fix the problem had to completely rewrite the storage subsystem for the operating system.

A beta version of the Power Pack was released to testers last month.

Source: Beta News

F-Secure released an article about security advisories on Microsoft products including Word Viewer and Access Snapshot Viewer.

It notes that there is a bug in Word 2002 with Service Pack 3 and they advise their readers to download Word Viewer 2003 as a workaround.

For the Access Snapshot Viewer issue, it is a vulnerability in the ActiveX Control which could allow remote code execution. One of the cases that they studied is a patent themed site. They note that it was hacked and the ActiveX exploit was also taken advantage of.

The Snapshot tool ships with many versions of Access prior to the latest version which is 2007.

Source: F-Secure

Sophos has posted a blog entry yesterday about trends on spam and malware. The author notes that malware authors still use the same old social engineering tricks to fool users into infecting themselves.

The blog includes an outline of two malware. The first is Mal/EncPk-DA. It is about an attacker who sends spam messages that contains a link in every message. The link points to a site that may be legitimate but various malicious files have been loaded onto it.

The second malware that was discussed is Mal/TibsPk-D. It is about an attacker’s attempt to lure recipients to click on a link which is supposed to point to a web page that contains nude photos of the actress, Angelina Jolie.

Source: Sophos

A new version has been released for Firefox 2 and Firefox 3. The version number of the former is 2.0.16 while 3.0.1 is the version of the later.

As the article in The Register notes, 2.0.0.16 fixes vulnerabilities in its CSS reference counter and it also fix a flaw that allows multiple tabs to be launched in Firefox while the program is not open.

3.0.1 fixes the same bugs that are described above. It also included a fix for malformed GIF files. This version came out yesterday but the other version (2.0.0.16) was released a day earlier. Mozilla will stop the support on version 2 by mid-December according to The Register.

Source: The Register

A website has reported that there is a strange bug on the Wi-Fi Link 5000 chip from Intel. It doesn’t talk/communicate with 64-bit or 128-bit WEP security and keys that contain all zeroes in hex format.

This means that a key with a ‘0000000000′ access point cannot communicate with a Centrino 2 notebook.

The article notes that the operating system is not part of the problem since access points run on older laptops with a variety of operating systems. This bug does not occur on WPA or with non-zero WEP keys.

Centrino 2 was just released and this bug is considered as very, very minor.

Source: Register Hardware

Sophos has posted a blog entry about a flaw on Facebook’s user data.

The author of the article, Graham Cluley, writes that he found a found a flaw that lets him see a user’s birthday even if the user chose to hide his or her birthday to the public. He has posted a video in Youtube which shows how this flaw can be exploited.

He asks his readers to enter a fake birthday instead of their real one because Facebook only uses it to check if they are an adult and that it can help prevent identity theft.

Facebook has fixed the problem according to the blog entry.

Source: Sophos

PC World has posted an article today about how long it takes for a hacker to find and compromised an unpatched computer with a Windows operating system. The answer is less than five minutes. This result was based on the research of SANS Institute’s Internet Storm Center.

“I have been asked many [times] by people if I really believed the survival time graph on the ISC site was truly an accurate representation of how long a new system had once connected. The answer to this is ‘yes’ for most home users and systems that are Internet-facing,” said a researcher on the ISC blog.

A research that was made by a different group called the German Honeypot Project estimates that it takes 16 hours.

Source: PC World

A zero day word flaw exists in the Microsoft Word 2002 with Service Pack 3 according to a post at The Register a few days ago.

The SANS Institute’s Internet Storm Centre was the first one to note that this vulnerability exists.

“At this time, we are aware of limited, targeted attacks attempting to use the reported vulnerability, but we will continue to track this issue,” said Microsoft on their security blog. Workarounds were published by the company as a stop-gap measure.

Historically, Chinese hackers loved to exploit Word vulnerabilities according to The Register.

Source: The Register