WordPress

Well, I’ve been monitoring this software release from it’s beta, and I believe I have published the beta release in my blog. And to think that I have been busy for a while and was not able to check on the updates of this software. What did I missed? Well, I you hadn’t known also, after the beta was up they already released RC1 and not long after that, the official version is already published!

Yep, you heard it right! WordPress 2.8 the official release is available for everybody to use. If you haven’t known the features of the new release, head over to the WordPress Blog.

Grab yourself a copy and test it now!

That’s right, a quarter million dollars for any information that may lead to arrest and conviction to the author(s) of the conficker worm that is ravaging the globe.

From Dailytech:

The worm continues to infect a large number of computers while security experts try and figure out what to do

Microsoft has created a new technology industry posse and a $250,000 reward for people who help turn over the creators of the Conficker worm.

The Conficker worm multiplied like wildfire, and spreads through a hole found in Microsoft Windows systems, though the vulnerability was patched in October.  It also is able to disable anti-malware protection and will block an infected PC from visiting anti-malware vendors Web sites to receive updates.

Security experts are even more worried about the possibility the worm calls home every 24 hours to at least 250 servers each day for instructions or directed actions.

The Houston police department was forced to stop arresting people with traffic warrants because the worm spread its way through the police and city court’s computer systems.  Violent offenders were still arrested, but those with outstanding traffic warrants were simply issued citations instead of being arrested, Houston police officials said.

There also was a Conficker outbreak among French military computers, which led to several fighter planes being grounded until everything could be fixed.

Microsoft is working with the Internet Corporation for Assigned Names and Numbers (ICANN) and PC security experts while trying to identify the worm’s creators.  VeriSign, NeuStar, Public Internet Registry, Global Domains International, AOL, F-Secure, George Tech, and several other organizations have joined the fight to help capture who ever created the Internet worm.

“As part of Microsoft’s ongoing security efforts, we constantly look for ways to use a diverse set of tools and develop methodologies to protect our customers,” Microsoft Trustworthy Computing Group G.M. George Stathakopoulos said in a statement.  “By combining our expertise with the broader community we can expand the boundaries of defense to better protect people worldwide.” 

Security company Symantec reported that more than 2.2 million IP addresses over the past five days have been infected with two different forms of the worm, three months after it first hit the Internet.  To date, it’s infected at least 10 million PCs since first being introduced into the wild.

Microsoft wins points with the tech community by reversing its decision to ignore a critical security flaw

DailyTech recently reported on how a critical security flaw found in the beta of Microsoft’s upcoming Windows 7 OS could allow attackers to easily disable the integral User Account Control (UAC) security component and gain control of systems.  The flaw was first discovered by Windows blogger Long Zheng, and was also independently detailed by blogger Rafael Rivera.  The pair followed up with additional information yesterday on how the flaw could be used to give a malicious payload full execution rights.

Microsoft’s reaction to the flaw initially was to totally deny that it was a problem, choosing to instead refer to it as “by design”.  In a blog post, Jon DeVaan, the senior vice president responsible for Windows’ architecture and core components defended the move saying it was necessary to prevent user annoyance.

Stated Mr. DeVaan, “If people see more than two prompts in a session they feel that the prompts are irritating and interfering with their use of the computer.  We are very happy with the positive feedback we have received about UAC.”

His blog post was met with a firestorm of criticism from experienced Windows users in the community.  However, rather than casting a blind eye to the criticism, Microsoft has apparently listened to its community and customers, today announcing a swift and dramatic reversal on its UAC stance.

Microsoft announced that it will implement the seemingly obvious solution to the problem.  It will warn users before any changes to the UAC.  Previously this was only done in safe mode.  The change preserves Microsoft’s certification system, which provides less irritating warnings, while now safeguarding the UAC.

Jon DeVaan and Steven Sinofsky, two Microsoft executives responsible for Windows’ development, released a joint statement today.  The pair writes, “Our dialog is at that point where many do not feel listened to and also many feel various viewpoints are not well-informed.  That’s not the dialog we set out to have and we’re going to do our best to improve.”

They attempt to placate critics, stating, “We said we thought we were bound to make a mistake in the process of designing and blogging about Windows 7.   We want to continue the dialog and hopefully everyone recognizes that engineering, perhaps especially engineering Windows 7, is sometimes going to be a lively discussion with a broad spectrum of viewpoints.”

Most importantly, they reveal, “We are going to deliver two changes to the Release Candidate that we’ll all see.  First, the UAC control panel will run in a high integrity process, which requires elevation.  Second, changing the level of the UAC will also prompt for confirmation.”

The upcoming Release Candidate of Windows 7, which features these changes, will mark almost the last step before Windows 7 goes on sale.  The pair’s remarks may be significant as they seem to indicate that the RC will be coming soon, which would be a sign that Windows 7 is well on-track for its target launch of the second half of 2009.

The move by Microsoft to accept and deal with the criticism constructively is already being praised by some in the security community, even if they feel it was more to avoid negative PR than to strengthen security.  Says Andrew Storms, director of security operations at nCircle Network Security Inc. in an interview with ComputerWorld, “This goes back to what beta programs are supposed to provide: feedback from a real audience.  This was an obvious design flaw, and for them to say they simply weren’t going to fix it, that was the real problem.  I think they realized that they needed to do something, more over the concern about their reaction than to the vulnerability itself.”

And Mr. Long, who discovered the flaw, reveals pleasant surprise at the response, stating, “This is definitely the result we’ve been looking for.  [But] I’m a little bit shocked at just how quickly Microsoft has turned around, considering they made a post not 12 hours earlier stating that they would not change their position.”

source: DailyTech