TipAdept Dot Com

Adobe Systems on Friday issued a security update to its Flash Player that fixes at least 12 security holes. The patch plugs a zero-day vulnerability attackers have been using to break into computers via Flash.

Three of the 12 problems were caused by issues in Microsoft development code. Adobe listed 10 of the vulnerabilities as potential avenues of attack by hijackers who either take complete control of a system or execute malware on a machine without the victim's knowledge.

The patches fix vulnerabilities for Flash products that run on Windows, Linux and Mac. Solaris users are still waiting on a fix.

Why Not Disable Flash?

According to Tyler Reguly, a senior security engineer for nCircle, Adobe moved fairly quickly to get the fix out and deserves kudos for the speed with which the patch was released. But he still has questions about the way Adobe handled the patch.

"What surprises me most about this is that the recommended mitigation from Adobe in APSA09-03 was to rename or remove a file. Why is there no easy way to disable Flash support in Acrobat and Reader? JavaScript has an Enable/Disable checkbox, so why not Flash?" Reguly said.

Reguly is calling on Adobe to amend this in a future release -- hopefully a near-future release -- and to start shipping Acrobat and Reader with both JavaScript and Flash disabled.

"Included in the recent updates was a fix for MS09-035, the vulnerability affecting Microsoft ATL. It is great to see third parties releasing coverage so quickly," Reguly said. "However, I would imagine that Adobe was one of the vendors that Microsoft shared the patch with early in order to expedite the release. The same will not be true for smaller vendors, and now is a great time to remind people to keep an eye out for updates to those smaller...

Chinese hackers have cracked the activation codes for Windows 7, less than a month after Microsoft released the first copies of the new operating system to computer makers, technology news site CNET reported Thursday.

The crack will allow fully functional, copied versions of the Ultimate Version of Windows 7 to be distributed over file-sharing sites even before the operating system is released to the public in October.

The pirated version even tricks the computer and Microsoft's servers into believing it is a genuine copy, allowing it to avoid Microsoft's validation safeguards.

The report said that the copied software was hacked via a disc stolen from Chinese computer maker Lenovo, but that the pirated version would work just as well on Dell and HP computers too.

Microsoft acknowledged the report of the Windows 7 breach and strongly advised users to avoid downloading the software from unauthorized sources.

"Downloading Windows 7 from peer-to-peer Web sites exposes users to increased risks -- such as viruses, Trojans, and other malware and malicious code -- that usually accompany counterfeit software," the company said in a statement.

"These risks can seriously harm or permanently destroy data and often expose users to identity theft and other criminal schemes."

A federal judge has ruled that a Boston University student violated copyright laws when he swapped music online, paving the way for a jury to begin considering damages Friday.

Joel Tenenbaum, 25, of Providence, R.I., admitted on the witness stand Thursday that he downloaded and shared hundreds of songs by Nirvana, Green Day, The Smashing Pumpkins and other artists.

"Tenenbaum's statement plainly admits liability on both downloading and distributing, does so in the very language of the statute ... and does so with respect to each and every sound recording at issue here," U.S. District Judge Nancy Gertner in Boston wrote in her ruling late Thursday.

Gertner said the only issue for the jury now is whether his infringement was willful, and how much in damage to award four recording labels that sued him over the illegal file-sharing.

The recording industry focused on only 30 songs in the case, the nation's second music-downloading lawsuit against an individual to go to trial.

Under federal law, the recording companies are entitled to $750 to $30,000 per infringement but the law allows the jury to raise that to as much as $150,000 per track if it finds the infringements were willful. That means a maximum penalty of $4.5 million.

Last month, a federal jury in Minneapolis ruled a Minnesota woman must pay $1.92 million, or $80,000 on each of 24 songs, after concluding Jammie Thomas-Rasset, 32, willfully violated the copyrights on those tunes.

The music industry has typically offered to settle such cases for about $5,000, though it has said that it stopped filing such lawsuits last August and is instead working with Internet service providers to fight the worst offenders. Cases already filed, however, are proceeding to trial.

If the jury awards the minimum of $750 per infringement, damages would come to $22,500, or more than four times the typical...