FBI advises turning off vulnerable XP feature
The US FBI's National Infrastructure Protection Centre (NIPC) has recommended that Windows users switch off the operating system's universal plug-and-play (UPnP) service following the discovery of a security hole.
UPnP allows PCs to discover and use network-based devices. A security hole could allow hackers access to a user's PC or network.
The NIPC recommends the monitoring of ports 1900 and 5000, as increased activity on them can indicate active scanning by hackers looking for vulnerable systems.
Microsoft posted a "critical" warning about the security hole in December. The company has made patches available on its Web site at www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-059.asp.
Microsoft warns of holes in SQL Server
Microsoft has announced that two security holes in its SQL Server database could make the product vulnerable to hacker attack. Patches to fix the holes are available for download from Microsoft's Web site.
The security problems affect SQL Server 2000 and SQL Server 7.0 and are related to the way the product creates and displays text messages. Microsoft labelled the risk from the first flaw as "moderate" and from the second flaw as "low."
The software giant recommends that database administrators apply the patch for the first vulnerability to all systems running SQL Server 7.0 and SQL Server 2000. However, the patch for the second vulnerability should be applied "only to systems judged to be at high risk" for attack.
The security bulletin can be found at www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-060.asp.
Core IBM products get on board with J2EE 1.3
IBM's Websphere application server and DB2 database software have been certified with the Java 2 Enterprise Edition (J2EE) 1.3 standard, which promises to give developers a robust platform on which to deploy Web services.
IBM believes it can promote the new technologies in Version 1.3 to help users integrate applications and business processes, resulting in more dynamic Web services.
The new features include: Java Messaging Service, which improves how applications create, send, receive, and read messages; improved overall integration with XML; and the standardised integration of Corba and Java applications.
The J2EE 1.3-compliant Version of Websphere is available as a free download at: www.7b/boulder.ib.com/wsdd/dowloads/wstechnology_tech_preview.html.
Palm to appeal against Xerox victory in patent dispute
Palm is to appeal against a ruling by a US District Court that its handwriting technology infringes a patent held by Xerox.
The company maintains that its Graffiti handwriting recognition software does not infringe the Xerox patent. The company announced it would "defend itself vigorously and does not intend for this litigation to affect its business strategy or business model nor that of its licensees."
The Graffiti technology is part of the Palm operating system for PDAs, which Palm licenses to third party PDA manufacturers. Xerox claims Graffiti is the same as the Unistrokes technology developed at its Palo Alto Research Centre and patented in 1997.
Following years of litigation, a court in New York ruled that Xerox's patent was valid and enforceable, clearing the way for Xerox to seek damages in the next phase of the trial.
Teac unveils light, small, fast CD-R/RW drive
The Japanese company, Teac, has developed a light and small portable CD-RW drive that takes advantage of the latest version of the USB interface standard to offer faster read and write speeds than have hitherto been possible.
The CD-W28PU drive supports the latest version of the USB interface standard, which increases the maximum data transmission speed along the cable from USB 12Mbps to around 480Mbps. For users, that translates into faster data transfers when using USB-connected optical drives.
Toshiba planning PDA with phone function
Toshiba is on the way to unveiling a PDA with a built-in mobile phone during the second quarter of 2002. The product will initially only be available in the US, according to Tetsuya Mizoguchi, president of Toshiba Mobile Communication.
Toshiba is planning to support CDMA2000 1x in the device, which should enable 2.5G-speed data transmission.
Mizoguchi also announced that Toshiba plans to market a GPRS version of the PDAs in Europe.