REALTIME IT NEWS
  |
|
REALTIME IT NEWS
|
|
Newsletters Select newsletters below and click the button to sign up!
Internetnews BloggersRecent Entries
ArchivesMonthly ArchivesSearch The BlogFebruary 2008 Archives SCO did not have a particularly great year in 2007. They lost in a major summary judgment decision. They lost cash. Oh and they filed for bankruptcy.
Amidst all that turmoil, SCO CEO Darl McBride still managed to pull in a very decent amount of money from his employer. According to a SEC Schedule 14A filing made by SCO, McBride in 2007 pulled in a base salary, bonus and options totalling $571,220. The actual mix of base salary, options and bonuses is an interesting study in compensation. The Company did not adjust the base salary for the Chief Executive Officer as a result of our cash constraints. Consequently, the base salary for Darl McBride, our Chief Executive Officer, remained unchanged at $265,000 for the fiscal year ended October 31, 2007.In addition to the base salary, SCO somehow decided that even though their firm lost money, McBride was 'bonus' material too. Mr. McBride received bonus payments of $144,691 for the year ended October 31, 2007 as a result of the attainment of personal management performance objectives, which included, but were not limited to establishing new business channels and partnerships for mobile technologies, launching new digital mobile services, and leading our operations to preserve and maximize cash resources.So for all you kids out there,maybe there is a lesson here. Perhaps you too can grow up to earn a very respectable living leading a company down the path of destruction into bankruptcy.  As my colleague David Needle reported over on the main InternetNews.com site today, Google has now launched Google Sites.Google Sites was built with Jotspot technology that Google acquired with the Jotspot acquisition in October 2006. Google Sites is interesting news. The only problem is - What about existing Jotspot users? Today, nearly a year and a half after Google acquired Jotpsot, the same temporary page (shown left) is up at jot.com. I asked Google about their plans for Jotspot back in December, at that time they said to wait and see. Well we've waited (and unless I've missed something) we still don't see. Sure we see Google Sites, but Jotspot itself remains untouched. To add further insult to injury Google has not publicly responded to its own Jotspot users about what is going on in terms of a migration path. There is an unanswered thread in Google's own public Jotspot help forums where one user asks: what's migration path? Help, please. Anyone out there at GoogleTo be perfectly fair I have not directly contacted Google today to ask about plans for Jotspot migration - but hey while I think it's great if they'd give an answer to the press, it's probably in Google's best interests to answer its users first. **UPDATE FEB 29** It looks like Google still hasn't responded in the Jotspot forums - but they have blogged on Jotspot migrations (just a little) We're just finishing up the code to migrate existing JotSpot customer wikis to Google sites, so if you're already a JotSpot customer, you'll be hearing from us soon on how to make the switch.  Looks like even big budget operations like NASA use free and open source software for their operations.
In a really entertaining blog post Red Hat staffer Jack Aboutboul provides alot of really neat detail about a recent trip to the Kennedy Space Center. Aboutboul's mission? Well he wasn't going there to see if he was astronaut material, he was there to discover if NASA uses Red Hat and Fedora. As it turns out they do. Okay, so as it turns out, NASA is using Fedora and RHEL. A Lot! I was taken into the data center of the Telescience Lab, and got to see some machines.It is kind of neat that NASA uses Free Software in its operations and it just goes to show you that sometimes you can get more than you pay for...now if they could only find a cheaper way to launch a Space Shuttle.....  I'm usually a little pessimistic when it comes to security researcher claims about security vulnerabilities in big mainstream sites and services. That said, sometimes they do have a point.
Case in point is a report from security vendor Websense. In a blog post they alleged that "Google's popular web mail service Gmail is being targeted in recent spammer tactics. Spammers in these attacks managed to created bots that are capable of signing up and creating random Gmail accounts for spamming purposes." Sounds pretty serious to me. Websense also alleged that the spammers had somehow managed to beat Gmail's CAPTCHA system as well which is supposed to weed out automated bots. So I checked in with Google to see if this is legit and this is what I got. "We are aware of the issue," a Google spokesperson wrote in an email to InternetNews.com. The spokesperson's email added that using Gmail to send spam is a violation of the Program Policies in Google's Terms of Service. "We disable these accounts immediately and will continue to do so if they spread." So what does that mean? In my opinion it means that yes there might be a problem, but Google is on it.  
According to Infonetics Research, 2007 was a banner year for networking. Service provider router and switch sales hit an all time high of $11.2 billion in 2007 which is an increase of 16 percent over the 2006 sales figures. 2007 was also a big year for Juniper Networks, pulling ahead of Alcatel-Lucent, to take the number two spot globally for service providers routers and switches. Networking goliath Cisco (as always) holds down the top spot overall though. Infonetics reported that on a year over year basis, Cisco's router and switch sales were up by 20 percent while Juniper's were up by 25 percent. In my opinion, it's important to note that Juniper did not have a switch business in 2007, their new EX line of switches just debuted this year so it will be interesting to see what impact they might have on Juniper's overall share. "The common drivers pushing the carrier router and switch market upward are 1) the ongoing migration to next generation networks based on IP, MPLS, and Ethernet, and 2) growth in consumer broadband, corporate, IP video, and mobile data traffic," said Michael Howard, principal analyst and co-founder of Infonetics in a statement.  February isn't yet done and depending on where you are there is still a definite winter chill in the air. The fact that it's still winter isn't stopping Google though from helping us to think of warmer days ahead. Today Google officially launched the kick off for their Google Summer of Code 2008 initiative.I've been covering Summer of Code (SoC) since its inception in 2005 and I've seen it grow by leaps and bounds every year. In 2007 SoC had 900 students helping out over 130 open source groups. The 2007 number was more than double the 410 projects spread across 41 different sponsoring organizations that Google helped out in 2005. In 2006 Google funded over 630 students. Basically the way the program works is Google provides funding ($4500) to students to work on a given project for an open source group. Google also provides funding ($500) to the open source groups to help mentor the students. Across the numbers that Google has helped out over the last three years that's a whole lot of green. It's also allot of help for the open source ecosystem both in terms of getting people interested in development as well as actual hands on help with needed areas of project development. Applications for organizations open March 3 and close March 12; for students, applications open March 24 and close March 31. Coding will run from May 26 through August 18. For more information, see the Google Summer of Code FAQ .  So Microsoft now has a 'new' open strategy to open its applications up wider for interoperability. Is it a good thing for Open Source developers and users? In my humble opinion it all depends on how you look at the massive pie that is the Microsoft product ecosystem. It's great news for Microsoft and Microsoft users because it will allow a wider degree of choice for them. Once the new open technology becomes more pervasive Microsoft users will be able to more easily inter-operate with other solutions and technology. Choice is almost always a good thing. On the other hand, if the choice and open interoperability does not end up being standards based and patent risk free, that choice could well just be the carrot that precedes the stick. If being open is just a way to further guarantee a monopoly where Microsoft's dominant status continues to be assured than choice is really just a facade. After all Microsoft could easily argue that they're not monopolists if they're open right? On the positive side being open can and likely will help to feed a broader ecosystem of solutions (open source and otherwise) that will be able to interoperate with key Microsoft technologies including Vista, Server 2008, SQL Server 2008, Office 2007, Exchange Server 2007 and Office SharePoint Server 2007. In my view it has always been in Microsoft's best interest to be open. In the open world technologies talk to each other and end users benefit from the benefits of choice. In the ideal open world it is the better technology that wins since users are not locked in. It is harder to succeed in the open world because of choice. Yet the paradox is that choice and interoperability are also the keys to wider use and success. I understand the skepticism that exists in the open source community about Microsoft's new open strategy. Microsoft's new strategy is not about ceding its market share so that others can take its revenues. Microsoft is a public company and it has a responsibility to its shareholders to increase its revenues. Make no mistake about it, while open is good, this new plan is not a plan to help open source companies grow their own respective revenues. In this case Microsoft's openness is a cunning strategy that could potentially expand the size of the pie for all, or it could ensure that Microsoft keeps the pie for itself. Time will tell.  Alright I promise this will be my last post about the Black Hat DC 2008 event (honest!). Sure it was a smaller event than the big Vegas event but I found no shortage of really interesting topics and speakers at the DC event (many of which I wrote/blogged on).
As every good geek should when visiting DC, I found a slice of time during my stay to make a pilgrimage to the Smithsonian National Air and Space Museum. It was there that I saw some of the most secure pieces of technology on earth, stuff that no Black or White Hat can touch. Take the Apollo 11 module for example (yes the real module that Armstrong and crew were in). It's sitting there in the front lobby of the museum encased in a transparent plastic shell. Its on board electronics untouchable by human hands. You see the problem of modern technology is that it must exist outside of the bubble. Modern technology is all about being connected. When you're not connected (inside the bubble like Apollo 11) no one can touch you, but vice versa you can't touch anyone else either. So what should we do? Stick our heads in the ground? Not connect? No of course not. The key is awareness and eternal vigilance. Every connection is a possible attack vector that needs to be properly secured by credentials and purpose. That's my little 'rant', without any futher ado here's a listing of stories I had over on the main site and posts made here on The Blog (all in one simple location - enjoy!). Black Hat : Beware of Cylons at the Back Door Black Hat : Honor Among Thieves? Black Hat : The Google Teabag (and other URI tricks) Black Hat : Hillary Beats Obama Black Hat : Netflix CSRF Vulnerability Black Hat: Dtrace a Rootkit? Why You Shouldn't Trust (Some) IRS E-mail Black Hat Descends on Washington Application back doors aren't just the stuff of Hollywood films, they're real and they could be a threat if undetected.
In a presentation at the Black Hat security conference in Washington DC, security researcher Chris Wysopal from Veracode discussed in gory detail where back doors have been in applications in the past and where they continue to come up. Essentially a back door is some kind of hidden user name, password, credential or function that someone has put into a program to do something 'unexpected'. In his presentation Wysopal had a picture of the Cylon, Caprica Six (actress Tricia Helfer) from the new Battlestar Galactica. His purpose was to talk about back doors on TV, though Wysopal didn't seem to know all that much about Battlestar Galactica (which makes me wonder if someone else who is a fan helped him to make the presentation). Anyways the point (and yes I am a fan) is that Caprica Six (as fans of Battlestar Galactica know) inserted a back door into Dr. Gaius Baltar's Colonial Defence Network program. The Cylon's back door enabled them to overrun the Colonial defenses and nearly exterminate humanity. Wysopal showed how some back doors could be relatively trivial to insert into an application, yet difficult to detect. In one example just by virtue of the fact that a function was missing an '=' in its statement, a back door was inserted. In another case Wysopal described a case where a bank he was working with found a back door in one of their applications. After some analysis it was determined that the back door had been inserted by people who had knowledge of the bank's code auditing processes. As such they were able to avoid detection by putting the back door in a part of the code that wasn't subject to audit. The lesson? Don't trust anyone and audit everything. You might end up saving humanity.
Continue reading Black Hat : The Google Teabag (and other URI tricks).
WASHINGTON, DC. While Barack Obama may be leading Hillary Clinton in some measures, he's actually fallen behind Clinton in at least one interesting computer security related metric.
According to Oliver Friedrichs Director of emerging technologies at Symantec, typo squatting on Hillary Clinton related domain names has outpaced typo squatting on Barack Obama domain names over the last six months. Speaking at the Black Hat security conference in Washington DC in a session on Threats to the 2008 Election, Friedrichs explained that there are at least five different types of typos that are common in domains. Among them are domains that are missing the first period delimiter, domains that use a surrounding character, missing characters, additional characters and reversing characters. Friedrichs did his first study in August and found that for the Barack Obama campaign 33 percent of possible typos for his principal domain had been registered by people other than the Obama campaign. Hillary Clinton only had 30 percent in August. In February the number flip flopped with Clinton having 41 percent of possible typos for her domain registered by others whereas Obama slipped to 29 percent. Typo squatting is something that Friedrichs alleged is a potential threat to the 2008 US Federal election. He argued that if used maliciously the typo squatting domains could be a source for misinformation, misdirected campaign donations as well as misdirected emails. A potential visitor could mistakenly have a typo in an email message as easily as a web address. Friedrichs didn't just watch others that were typo squatting as part of his research. He actually went a step further and registered 124 typo squatting domains of his own on 2008 presidential candidate name typos. He was quick to note that he was trying to protect the campaigns and not profit from them and is giving the domains to the respective campaigns. He did however track traffic on the typo squatting domains that he owned, which provides an interesting glimpse into how much traffic a candidate typo URL could potentially yield. From January 25th to February 15th Friedrichs reported that his 124 typo squatting candidate URL had 3,290 unique visitors. The biggest day was Super Tuesday and the domain with the most traffic was Baraackobama.com (typo on the extra 'a'). Though the traffic that Friedrichs himself saw wasn't all that much he argued even a little could do a harm. On a lighter note Friedrichs showed at least one example where the typo squatter site is all about making a mockery of a candidate. The hillaryclingon.com site go see for yourself...Hillary as a Klingon!). Beyond typo squatting Friedrichs also sees potential risks from phishing and other sorts of common online scams. Far from being a FUD monger, overall Friedrichs admitted that so far the campaigns are reasonably secure. "Clearly campaigns need to do things to protect themselves," Friedrichs said. "But in general theyr'e reasonably secure and no worse off than organization are generally around the world."
WASHINGTON, DC. You never know what kind of vulnerabilities you'll see at Black Hat.
I'm sitting in a session now where security researcher Chuck Willis of security research firm Mandiant has just demonstrated a live cross site request forgery attack on popular video site Netflix. According to Willis the issue was first reported to Netflix 17 months ago. In a nutshell CSRF is an exploitation of the HTTP protocols feature that a web page can include HTML elements that will cause the browser to make a request to any other web site. There are alot of different ways to trigger a CSRF including a simple image file or even just a CSS (cascading style sheet). In the Netflix live case study, Willis showed how he could add a movie to a user's queue without a user's knowledge. Willis alleged that Netflix used to have even more problems related to CSRF that could have allowed an attacker to change a mailing address for a user. Which means that before Netflix partially fixed their CSRF issue an attacker could have added a movie and then had it sent to them. As it is an attacker can only add a movie, which Willis admitted isn't terribly exciting. Though he did say that it could be used as some kind of scam to promote a movie. Where an attacker gets a particular movie added to alot of users lists so that Netflix would have to buy more copies. Overall Willis alleges that CSRF is a problem that is becoming increasingly prevalent and is also difficult (though not impossible) to detect. Five months after being first announced, Mozilla is now announcing the official formation of Mozilla Messaging. Back in September of 2007, Mozilla anecdotally referred to the new mail spin off effort as MailCo but now they've given it a name,,hurray. The new announcement follows what was another 'new' Mozilla Thunderbird announcement just last month when Mozilla Messaging leader David Ascher posted a long diatribe on what Thunderbird 3 needs to do directionally to get on track. So five months after they first announce the effort, Mozilla now announces a name and that they are ready to rock. Frankly I don't understand why the effort didn't start in full five months ago so that this week they could announce progress instead of just announcing a name and what they plan to do. In a post from Mozilla Chief Wrangler Mitchell Baker, there might well be a hint of the same kind of action that I am talking about. I am exceedingly eager to stop thinking so much about how to organize the Thunderbird mail effort and to start seeing all that energy go to improving our product. That day has come. We have the tools to make email much, much better. I hope you'll join me in celebrating. And then join the Mozilla Messaging effort and help make interesting things happen. I have a suggestion for you Mozilla : Less talk and more action. Instead of telling us what you are going to do to get in gear, just do it. Let's see some nightly builds, finite timetables and milestones, you know the stuff we can sink our teeth into. Announcements about strategy and direction are all fine and nice, but there comes a point when actions speak far louder than words. As it is, I am personally somewhat skeptical, but then again I am a bit biased here too. I was a Netscape Mail user for many many years. Then I shifted to the Mozilla Suite still using the same basic mail system (just under the Mozilla banner). In fact while other early adopters were switching to Firefox, I stuck with Mozilla just for mail. Times do change though. Firefox became dramatically better than the Mozilla suite ever was. At the same time Thunderbird did not keep pace. While there is nothing in the open source world that can hold a candle to Firefox, on the email side there is another. I speak of Zimbra (and yes I know it's a Yahoo open source license, but it is basically Mozilla public with attribution). Zimbra on both the server and now the desktop offers one of the best email experiences around. If Thunderbird achieved the level of technical prowess of Zimbra then we'd be talking. As it is the evolution of Thunderbird into something more is too much talk at this point, whether or not it amounts to more than that over time remains to be seen. Considering Mozilla's track record to date with Firefox though, if the same energy and dedication is thrown behind messaging, we may yet see some really great things.
Continue reading Mozilla Thunderbird Messaging - Is It Worth The Wait?.
 From the who do you want to be like files...One of the greatest things about being a technology journalist is the opportunity to interview business leaders that are actually really interesting. One such leader is Red Hat's new CEO Jim Whitehurst who I interviewed over on the main InternetNews.com site. Whitehurst is a real 'business' person. For him it's about execution (which it always should be) and the fundamentals of business. I've found over the years that a key trait of the most successful business leaders is the ability to learn from others and perhaps most importantly have some kind of 'hero' to emulate. I asked Whitehurst which CEO in the technology industry or otherwise was his 'hero', the one he would like to emulate in terms of action and/or legacy. The answer I got speaks volumes about Whitehurst, where he is now and perhaps where he is going with Red Hat. I'd have to say Lou Gerstner [former IBM CEO]. A lot of that is because his background and mine are somewhat similar. He came out of McKinsey as a consultant, I came out of BCG. He worked at a traditional old line of business and then came into technology.Gerstner is an extremely important figure in the history of IBM. He arguably saved IBM from going out of business and in many ways is a primary architect of IBM's current success. His book Who Says Elephants Can't Dance? really is a classic for business readers. Now is Red Hat an elephant? No not at all. But can his lessons apply broadly to someone like Whitehurst to turn Red Hat into larger entity? Only time will tell. If you haven't read the full interview, there are lots of other great insights in it too, so go check it out for yourself. UNBELIEVABLE.Like everyone else, I figured SCO was gone, done for, KAPUT. But that's not the case. They're BAAAACK! Today they got $100 million in financing from a group called Stephen Norris Capital Partners ("SNCP") and get this ... "partners from the Middle East" Who are these partners? We don't know. But hey with crude oil at an all time high, I guess there is more money then ever in the Middle East that needs investing. Somehow SCO managed to convince these oil rich 'partners' that their business was viable and that their legal claims had legs. Talk about having money to burn (oil/money/burn i know I'm not great with puns). This dramatic turn of events means that SCO may well be back both as a going concern for its customers in terms of Unix products - but also as a going concern for Linux users as well as IBM and Novell. In its release on the financing SCO specifically stated that : This reorganization plan will also enable the company to see SCO's legal claims through to their full conclusion. It also means that SCO will come out of bankruptcy and it means that the company will now be taken private too. So now instead of just fading away as a historical footnote, the SCO saga will continue for the foreseeable future. SCO will go to court with Novell and possibly IBM. Even more importantly their continued existence could provide a source of doubt and possibly risk for those that don't take the appropriate steps to make sure they have right legal indemnification. Then again this could be a non-issue - since at this point SCO has tried to sell off its Unix business before and it has been making its IP claims for years - with little effect. Whatever the case - the lesson here is quite simple. As the great Yogi Berra once said, " It ain't over till it's over."  Make no mistake about, the Linux 2.6.x kernel is a *large* undertaking that just keeps getting bigger and bigger. Apparently it's also getting harder to maintain as well in terms of ensuring that regressions don't occur and that new code is fully tested. That's where the new 'Linux Next' effort comes in. Linux next started off as a 'dream' of kernel maintainer Andrew Morton who has noted that few kernel developers are testing other kernel developers' development code which is leading to some problems. Morton has proposed a "linux-next" tree that once per day would merge various Linux subsystem trees and then run compilation tests after applying each tree. While that may sound simple enough, in practice it's no small task. Kernel developer Stephen Rothwell has stepped up to the plate and has announced that he will help to run part of the Linux next tree. While the effort could well serve to make the Linux development process more complicated, its goal clearly is to ensure a higher overall code quality by making sure code merges actually work before Linus Torvalds actually pushes out a RC (release candidate). The way i see it from my simple laypersons point of view, Linux next forces code to be a whole lot cleaner before it gets submitted and forces more testing, earlier and more often - which ultimately is a great thing. There has been some very 'healthy' discussion on the Linux Kernel Mailing List (LKML) about Linux next with perhaps the most colorful language coming from non-other than Linus Torvalds himself. If you're not confident enough about your work, don't push it out! It'sIt sure will be interesting to see how Linux-next plays out over time, I for one am very optimistic.  Linux vendor Red Hat is on a mission to dramatically expand the market share for its JBoss middleware platform. In a press conference today during the JBoss World event in Orlando Craig Muzilla, vice president, Middleware
Business at Red Hat declared that Red Hat was setting a strategy in motion to capture 50 percent of enterprise middleware workloads by 2015.During the course of the press conference Muzilla was repeated asked to qualify the 50 percent statement in various terms including financial. Muzilla for the most part stuck with his talking points noting that Red Hat is talking about workloads as opposed to dollars. The reason why he wouldn't give a figure for revenues is because JBoss is sold as a subscription basis whereas other middleware solutions are sold as licenses. In terms of how Red Hat plans on growing its share, Muzilla outlined in very general terms an "Enterprise Acceleration Program" for JBoss. Muzilla was repeatedly asked during the press conference to elaborate on the Acceleration program in terms of any potential new products. Muzilla instead provided the broad strokes of the overall strategy. In a nutshell, Red Hat is going to push forward enterprise JBoss adoption with acceleration centers that help to facilitate migrations and performance tuning for both customers and ISVs. Muzilla was also asked about key personnel departures from JBoss since the Red Hat acquisition. Muzilla did admit that they have had some departures but he quickly noted that they've also added new sales and pre-sales people. He also noted that the core JBoss development team was still intact and working on the platform. So not a whole lot of meat to the Day One announcements at JBoss World in terms of product or technology, but Red Hat is certainly setting an aggressive target by aiming for 50 percent of all middleware workloads. It will be interesting to see how the actual product components of Red Hat's acceleration strategy for JBoss roll out in the weeks ahead. In fact we may not have to wait too long, as Day Two of JBoss World is tomorrow and no doubt they'll be a few more announcements.  Mozilla is now out with its latest Firefox 3 milestone release - Beta 3. With most of the Firefox 3 Betas and Alphas to date there have been changes that you would notice if you looked for them and actually started to use the browser.With Firefox 3 Beta 3 (FFb3) you get hit with a big change right away. The UI itself is 'refreshed' with new forward,back and refresh buttons. Though the UI change is among the most obvious in FFb3, Mozilla actually claims that the release includes some 1300 changes over the Beta 2 release which came out nearly two months ago. Beyond just improving performance by fixing memory leaks, Mozilla also claims that Beta 3 has an additional 90 changes over Beta 2 that increase the browser's page rendering speed. Firefox 3 uses the Cairo 2-D graphics library which is a departure from Firefox 2.0's gfx graphics infrastructure. Mozilla has also continued to make improvements in its' Places engine which provides History and Bookmarking capabilities. In Beta 3 they've added additional search functionality when searching History and Bookmarks to include frequency of visits to help improve the search results. The Beta 3 release is the eleventh milestone release from Mozilla in the Firefox 3 browser development process which has been publicly ongoing since at least October of 2006. A Beta 4 release of Firefox 3 has already been announced and is expected to follow sometime in the next few weeks. Mozilla developer Asa Dotzler has blogged that Firefox 3 will be out 'when it's ready' instead of focusing on a hard deadline or date for delivery. In stark contrast with the big race between Microsoft and Mozilla ahead of the Firefox 2 and Internet Explorer 7 releases, Microsoft has not yet released a single public milestone of IE 8. Microsoft has however stated as long ago as October of 2006 that IE 8 is in fact in development
Technical Cyber Security Alert TA08-043A has just been issued by US-CERT warning of multiple vulnerabilities affecting Adobe Reader and Acrobat. The vulnerabilities affect Adobe Reader version 8.1.1 and earlier as well as Adobe Acrobat Professional, 3D, and Standard versions 8.1.1 and earlier. The worst of the vulnerabilities could potentially allow an attacker to execute arbitrary code on a user's PC. According to US-CERT's advisory (which is based in part on Adobe Security advisory APSA08-01) : An attacker could exploit these vulnerabilities by convincing a user to load a specially crafted Adobe Portable Document Format (PDF) file. Acrobat integrates with popular web browsers, and visiting a web site is usually sufficient to cause Acrobat to load PDF content. US-CERT also notes that currently they are aware of exploits in the wild for the Adobe vulnerabilities and that at least one of the vulnerabilities is being actively exploited. The Internet Storm Center (ISC) at SANS has actually been aware of exploits in the wild since at least Feb 9th. At least one of the actual vulnerabilities was reported to Adobe as early as October of 2007 according to SANS, with iDefense advisory #464641 titled 'Adobe Reader Buffer Overflow Vulnerability'. ISC handler Raul Siles also notes that even users with anti-virus are |
