alphadogg writes "Microsoft's U.S. general manager/chief security advisor for its National Security Team, Bret Arsenault, thinks like a true security professional. In every bit of good news, he wonders what bad news could be coming. Application security, virtualization security and the fact that over half of computer attacks seen by Microsoft come from the .edu domain are just some of the things keeping him up at night."Read more of this storyat Slashdot.

  recoiledsnake writes "The new Safari 3.1 for Windows has been hit with two 'highly critical'(as rated by Secunia) vulnerabilities that can result in execution of arbitrary code. The first is due to an improper handling of the buffer for long filenames of files being downloaded, and the second can result in successful spoofing of websites and phishing. This comes close on the heels of criticism of Apple for offering Safari as a update for approximately 500 million users of iTunes on Windows by default, and reports of crashes. There are currently no patches or workarounds available except the advice to stay clear of 'untrusted' sites." Further, Wormfan writes "The latest version of Safari for Windows makes a mockery of end user licensing agreements by only allowing the installation of Safari for Windows on Apple labeled hardware, thereby excluding most Windows PCs." Update: 03/27 17:23 GMT by Z : Dave Schroeder writes with the note that the license has been updated to correct this mistake.Read more of this storyat Slashdot.

  For months now, I've been geeked about Amazon's EC2 as a web hosting service. But until today, in my opinion, it wasn't ready for prime time. Now it is, for two reasons. One, you can get static IPs, so if an outward-facing VM goes down you can quickly start another one and point your site's traffic to it without waiting for DNS propagation. And two, you can now separate your VMs into "physically distinct, independent infrastructure" zones, so you can plan to keep your site up if a tornado takes out one NOC. If I were developing a new website I'd host it there; buying or leasing real hardware for a startup seems silly. If you have questions, or especially if you know something about other companies' virtual hosting options, post comments -- let's compare notes.Read more of this storyat Slashdot.

  Amy Bennett writes "And the answer is... Microsoft. Researchers from the Swiss Federal Institute of Technology analyzed 658 high-risk and medium-risk vulnerabilities affecting Microsoft products and 738 affecting Apple. They measured how many times over the past six years the two vendors were able to have a patch available on the day a vulnerability became publicly known, which they call the 0-day patch rate. What they found: 'Apple was below 20 [unpatched vulnerabilities at disclosure] consistently before 2005,' said Stefan Frei, one of the researchers involved in the study. 'Since then, they are very often above. So if you have Apple and compare it to Microsoft, the number of unpatched vulnerabilities are higher at Apple.'"Read more of this storyat Slashdot.

  An anonymous reader points out an eWeek story about researchers from the University of Illinois at Urbana-Champaign who are designing a new web browser based on security. The new software, code-named OP for Opus Palladianum, will separate various components of the browser into subsystems which are monitored and managed by the browser kernel. Quoting: "'We believe Web browsers are the most important network-facing application, but the current browsers are fundamentally flawed from security perspective,' King said in an interview with eWEEK. 'If you look at how the Web was originally designed, it was an application with static Web pages as data. Now, it has become a platform for hosting all kinds of important data and businesses, but unfortunately, [existing] browsers haven't evolved to deal with this change and that's why we have a big malware problem.' The idea behind the OP security browser is to partition the browser into smaller subsystems and make all communication between subsystems simple and explicit."Read more of this storyat Slashdot.

  Multiple readers have written to let us know that the MacBook Air was the first laptop to fall in the CanSecWest hacking contest. The successful hijacking took place only two minutes into the second day of the competition, after the rules had been relaxed to allow the visiting of websites and opening of emails. The TippingPoint blog reveals that the vulnerability was located within Safari, but they won't release specific details until Apple has had a chance to correct the problem. The winner, Charlie Miller, gets to keep the laptop and $10,000. We covered the contest last year, and the results were similar.Read more of this storyat Slashdot.

  PaisteUser tips us to an Ars Technica report discussing how 28.8% of Vista's crashes over a period in 2007 were due to faulty NVIDIA drivers. The information comes out of the 158 pages of Microsoft emails that were handed over at the request of a judge in the Vista-capable lawsuit. NVIDIA has already faced a class-action lawsuit over the drivers. From Ars Technica: "NVIDIA had significant problems when it came time to transition its shiny, new G80 architecture from Windows XP to Windows Vista. The company's first G80-compatible Vista driver ended up being delayed from December to the end of January, and even then was available only as a beta download. In this case, full compatibility and stability did not come quickly, and the Internet is scattered with reports detailing graphics driver issues when using G80 processors for the entirely of 2007. There was always a question, however, of whether or not the problems were really that bad, or if reporting bias was painting a more negative picture of the current situation than what was actually occurring."Read more of this storyat Slashdot.

  sean_nestor writes to mention that Sun CEO Jonathan Schwartz took a bit of time recently to comment on last week's announcement that Sun Microsystems would be partnering closely with the NSA for security research surrounding OpenSolaris. Rather than the typical loads of legalese and confidentiality agreements Sun and the NSA are claiming that this move is more about the NSA joining the OpenSolaris community than anything else. I guess only time will tell.Read more of this storyat Slashdot.

  DimitryGH followed up on the earlier news that the MacBook Air lost CanSecWest by noting that "Last year's winner of the CanSecWest hacking contest has won the Vista laptop in this year's competition. According to the sponsor TippingPoint's blog, Shane Macaulay used a new 0day exploit against Adobe Flash in order to secure his win. At the end of the day, the only laptop (of OS X, Vista, and Ubuntu) that remained unharmed was the one running Ubuntu. How's that for fueling religious platform wars?"Read more of this storyat Slashdot.

  An anonymous reader tips us to a story up at Wired reporting on what may be the first computer attack to inflict physical harm on victims. Last Saturday, griefers posted hundreds of bogus messages on the support forums of the nonprofit Epilepsy Foundation that used JavaScript and strobing GIFs to trigger migraines and seizures in users. For about 3% of the 50 million epileptics worldwide, flashing lights and colors can trigger seizures. "'I don't fall over and convulse, but it hurts,' says [an IT worker in Ohio]. 'I was on the phone when it happened, and I couldn't move and couldn't speak.' ... Circumstantial evidence suggests the attack was the work of members of Anonymous, an informal collective of griefers best known for their recent war on the Church of Scientology. The first flurry of posts on the epilepsy forum referenced the site EBaumsWorld, which is much hated by Anonymous. And forum members claim they found a message board thread — since deleted — planning the attack at 7chan.org, a group stronghold."Read more of this storyat Slashdot.

  call-me-kenneth writes "Business Week covers the soaring demand for power and cooling capacity in data centers. Electricity consumption for US data centers more than doubled between 2000 and 2006. Among the other stats: for every dollar spent on computing equipment in data centers, an additional half dollar is spent each year to power and cool them; and half the electricity used goes for cooling. Iceland, with its cool climate and abundant cheap power, is courting big users like Google and Microsoft as a future data center location. (Can't help thinking they're gonna need a bigger cable first, though.)"Read more of this storyat Slashdot.

  simoniker writes "Over at Dr. Dobb's, C++ creator Bjarne Stroustrup has given an in-depth interview dealing with, among other things, the upcoming C++0x programming standard, as well as his views on the past and future of C++. He comments in particular on some of the difficulties in educating people on C++: 'In the early days of C++, I worried a lot about "not being able to teach teachers fast enough." I had reason to worry because much of the obvious poor use of C++ can be traced to fundamental misunderstandings among educators. I obviously failed to articulate my ideals and principles sufficiently.' Stroustrup also notes, 'Given that the problems are not restricted to C++, I'm not alone in that. As far as I can see, every large programming community suffers, so the problem is one of scale.' We've discussed Stroustrup's views on C++ in the past."Read more of this storyat Slashdot.

  alphadogg points out a story about 11-year-old Jon Penn, who took over control of a 60-computer school network in Alabama after the old administrator suddenly left. Penn provides technical support, selects software, and teaches his classmates about computers. From NetworkWorld: "The first thing Jon found as he leapt into the role of network manager was that he had to map out the network to find out what was on it. He bought some tools for this at CompUSA and realized there was an ungodly amount of computer viruses and spam, so he pressed the school to invest in filtering and antivirus protection. 'These computers are so old they don't support all antivirus programs,' Penn says. The school took advantage of a Microsoft effort called Fresh Start that offers free software upgrades for schools with donated computers, switching from Windows 98 to Windows 2000."Read more of this storyat Slashdot.

  LuckyLefty01 writes "I'm 21, going to college, and working part time doing odd jobs like math tutoring. In the past nine months or so, I've discovered and taken to programming (so far mostly C/C++/Obj-C). I am now looking seriously at something in this area as an eventual full time job. Since I don't have much scheduled this coming summer, it would be great to try to get a job of some sort at a tech-related company in order to get some practical experience in the field. Even if I don't have the background to get a job involving actual programming, I think that the knowledge of how such a company works would be valuable. Fortunately, I live in the SF Bay Area, so there should be plenty of companies around. I'm flexible about what I'm going to be doing, and very willing to learn just about anything anybody cares to teach me. If there's some (or even quite a bit of) boring grunt work involved, I can do that too. What type of job would benefit an aspiring but inexperienced programmer the most? What methods might I use to find such a job?"Read more of this storyat Slashdot.