Researchers have released software that exposes private information and executes arbitrary code on sensitive websites by exploiting weaknesses in a widely used web development technology. Short for Padding Oracle Exploitation Tool, Poet is able to decrypt secret data encrypted by the JavaServer Faces web development framework without knowing the secret key. Attackers can use the technique to access private customer data on websites operated by banks, e-commerce companies and other businesses, according to a paper (PDF) released in February by researchers Juliano Rizzo and Thai Duong. In some cases, the exploit can be used to run malicious software on the underlying server.
Apple has released Safari 5 for both Mac and Windows.
Disk-to-disk backup supplier Asigra is extending out to the cloud and improving virtualisation support with Cloud Backup v10.0.
Before his death, legendary Aussie reptile-botherer Steve Irwin helped to plant tracking bugs on a large number of saltwater crocodiles. Boffins analysing data from the bugs now report that the crocs, despite being poor swimmers who mainly live in shallow estuarine waters, are capable of making long ocean voyages.
Steve Jobs suggests that you should forget anything you may have read about Android sales surpassing iPhone sales in the US.
ReviewReview TomTom’s entry-level Start satnav got the RegHardware treatment back at the tail end of 2009, with the overall judgement being that it was a decent enough piece of kit but just a little too pricey.
Server virtualization is not as easy as vendors make it sound, which is why VM6 Software has created a set of tools that may make using Hyper-V a whole lot easier.
A Baroness, Dame Commander, pro-chancellor, and training and development expert has been chosen as the new chair of dot-uk registry Nominet.
Spending data released by the Department for Environment, Food and Rural Affairs has revealed IBM to be the department's biggest supplier.
US satellite comms firm ViaSat last week bought UK secure hard drive maker Stonewood for $20m in cash and stock.
Emulex is buying ServerEngines, thus securing its core FCoE technology.
Figures released last week show PC sales have grown 23 per cent compared to last year, pushed mainly by growing demand in Asia.
Surprisingly strong public support for punishing copyright freeloaders has emerged in a new poll. It suggests that activists have a job on their hands persuading the public that infringers are the Robin Hoods of the village - they might even be the village idiots.
Vodafone, O2 and Phones 4U have all said they'll be selling Apple's new baby by the end of the month, but no-one is talking pricing just yet.
LabLab No one disputes the fact that there’s a lot of data kicking around in most businesses. Neither are there arguments about how hard it is to find relevant information when you need it. Sure, there are exceptions, and some very progressive businesses manage their so called ’information assets’ extremely well, but for most of the rest of us, we know things are far from perfect, and the issues surrounding data quality, completeness, coherency and consistency are all too familiar.
HP will pay Sky a total of £318m to settle a landmark court case over a botched customer service systems deal.
Both O2 and Orange have pledged to offer the iPhone 4 in the UK. So has Vodafone.
Remorseless German boffins have come up with the greatest boon to humanity since self-warming hand cream: they have invented cycle helmets which begin to smell disgusting once they need to be replaced.
WebcastWebcast On June 10 at 11am here in Blighty we'll be packing our studio with a raft of experts to talk about how virtualization and the promise of cloud services are challenging the conventional economics, management and delivery of IT.
Sony is taking on HP's TouchSmart family with a touchscreen-equipped all-on-one PC line of its own.
OpinionOpinion It's little wonder that Stephen Fry holds such a place in the nation's affections. He's earned it through a string of unforgettable performances. There's his voiceover for Direct Line's pet insurance, his voiceover for the 2008 Argos catalogue, not to mention voiceovers for Anchor Butter, Tesco, Dairylea, Kenco, Coca Cola, Trebor Mints and UK Online to name but a few examples. Who could forget his legendary partnership with Hugh Laurie for Alliance and Leicester?
Stuck in the mud and powerless?
Official claims that "your data is safe with us" suffered another body blow at the weekend with revelations of a dramatic rise in hacking of the UK’s tax and benefit mega-database by council staff.
The Labour government's flagship ID card scheme attracted just 13,200 signups before it was finally put down by the new coalition, a Commons answer revealed yesterday.
Looking for a pub to watch the World Cup while drinking beer with your mates? Plan your pub crawl Footy Pubs 2010 is the latest Nokia and iPhone app to show you where to go. Open the app and get your directions to local pubs showing games.
Hackers compromised the website of the Jerusalem Post on Monday so that it served up malware.
Tesco's IT director will take over as boss of the country's largest retailer when Sir Terry Leahy steps down as chief executive next March, it was announced this morning.
Microsoft has released its Office Web Apps in the UK via its online SkyDrive storage service.
David Beckham has signed up with Yahoo! as a pundit, commenting on the upcoming World Cup as well as the upcoming 2010/11 football season.
Webinar: Monitoring holistic social media conversations There's always something uncomfortable about watching an ancient institution when it comes over all entrepreneurial; there's usually something dad-at-the-disco about it. But hats off to the British Library for attempting to channel some of the post-Falklands exuberance, and getting on down with social networks and the nation's brightest entrepreneurs.
Morgan Stanley reckons online advertising is worth $50bn a year in America alone, and that smartphones will rapidly become the platform of choice.
UpdatedUpdated BT has made another pay offer to the Communications Workers Union (CWU) in the hope of avoiding a strike.
Conservations have warned that the World Cup could finish off a rare South African vulture because locals believe smoking the beasts' brains will help them win big in footie-related bets.
The Chinese government has issued a white paper laying out current, and future, internet policy - and you might not recognise its view of internet use in that country.
ReviewReview If you can’t be bothered messing around with a separate Blu-ray player, amp and surround sound speaker set-up, then an all-in-one home cinema kit such as the BDV-E370 from Sony may be just the sort of set up you’re looking for.
It's like Post Secret, but for Paint addicts To draw a secret click HERE (online tool)
Are you sick of World Cup magazine pull-outs? Do you want one super encompassing index of when and where everything is happening?
Microsoft was always going to struggle to get coverage of its TechEd developer conference, and particularly its Windows Phone 7 plans, in the week of iPhone 4. But it is trying its best, outlining the WP7 strategy for its most natural market, the mobile enterprise. In addition, details of one of the first WP7 handsets likely to hit the market this year, the LG Panther, leaked online.
A legal challenge to the EU's capping of roaming rates, brought by the UK's four biggest networks, has failed at the European Court of Justice.
Raygun fans will be overjoyed today to hear that a major problem of energy weapons - the fact that they tend to be hugely more devastating to themselves and their users than they are to their targets - may soon be solved.
Product Round-upProduct Round-up Kick off is mere days away - this coming Friday, no less, with South Africa vs Mexico and Uruguay playing France - so now's the time to get your smartphone loaded up with World Cup goodies. Whether you'll be watching from home, at a friend's house, down the pub - or even in South Africa itself, here are our ten favourite apps, half of which run on Android and the rest on iOS - as we should now call the operating system running on the iPhone and iPad. It's a game of two platforms, Barry.
Steve Jobs didn't get around to mentioning Safari 5 in his WWDC keynote last night, but it rolled out anyway shortly after he finished up, and today publishers throughout the world are surely beginning to wonder, 'hang on, what's this Reader thing?' Safari 5 has a nice little button next to the URL that effectively kills the ads, strips off the site's branding and presents the text in nicely-formatted book-style pages.
The Department of Homeland Security, gigantic government security octopus of the USA, has announced plans to wrap Americans in a huge "high resolution video quilt".
Symbian will be creating APIs for integrating search into applications for China-based Baidu, but at least they'll be readable by the locals thanks to the newly-open-sourced MYuppy font.
Rupert Murdoch's News International is getting a new technology boss - pinched from rival paper, and website, the Telegraph.
Strathclyde Police's website has been out of action for nearly 24 hours while its IT team investigate whether the force's online portal has been compromised by Chinese hackers.
An attempt by 14 desperate Chinese internet addicts to break out of an online re-education centre was foiled when the taxis they'd hired to facilitate their getaway dropped them off at the nearest nick.
Adobe plans to release a patch for an unpatched cross-platform flaw in Flash on Thursday (10 June), as a partial response to a critical bug that has become the target of hacking attacks over recent days.
Physicist and engineer Colin Tregenza Dancer has been awarded a Royal Academy of Engineering Silver Medal for his contribution to British engineering.
Hewlett-Packard has blades on the brain for both "industry standard" and "mission critical" servers, but IT managers in the United Kingdom seem to be more worried about the cost of their mission critical platforms, generally Unix boxes, according to a report released by Coleman Parkes Research.
Pro gamers have the mental reflexes of a test pilot and the physical abilities of a potato.
Apple Safari's new "make web go away" button is based on an open source project distributed under the Apache 2 license.
Microsoft TechEdMicrosoft TechEd Microsoft's Windows platform may be under attack from the cloud, but you wouldn't know it here at the company's TechEd in New Orleans, Louisiana.
Apple Safari has become the first major browser to be purged of one of the web's longest-running privacy defects: The ability for any site owner to effortlessly steal a complete copy of your recent browsing history. The browser history disclosure leak is as old as the World Wide Web itself, and it afflicted every major browser – until now. Starting with versions released Monday, Safari no longer coughs up the list of websites a user has visited. The change is one of almost 50 security fixes Apple engineers added to versions 4.1 and 5.0 of the browser.
Turkey has banned multiple Google services, according to reports, including Google Translate, Google Docs, and Google Books. But Mountain View believes the ban is accidental, a side effect of Turkey's longstanding ban on the Google-owned YouTube.
Everybody wants a piece of the former Sun Microsystems, now the server, storage, and operating system arm of software giant Oracle. And starting today, that list of piranhas swimming after Sun includes struggling commercial Linux distributor and systems software maker Novell.
UpdatedUpdated Apple's Safari 5 has been out for just one day, but — as is usual with integer-level upgrades — users are already reporting niggles, nuisances, and no-goes.
BP is purchasing search keywords such as "oil spill" on Google, Microsoft Bing, and Yahoo! in an effort to spin the ongoing clusterf**k in the Gulf of Mexico.
Apple today released the full video of Monday's Worldwide Developers Conference keynote, featuring the iPhone 4 as introduced by huckstermeister extraordinaire Steve Jobs.
WebcastWebcast Most Reg readers have moved on from the early days of virtualizing servers, when the idea was simply to consolidate and save floor space. Yesterday’s virtualization beta-testers are now fully versed in the virtualization game, and they're looking to get more bang for their buck with real projects that deliver benefits across their application portfolio.
Major League Baseball is seeking a court order requiring an internet service provider to identify people posting pornographic images and threats to parts of its MLB.com website, Reuters reports.
Footie punters eager to know if their team has any possibility of winning the world cup would do well to take note of the shamanic powers of vulture brains, whose far-seeing powers can apparently foresee if, for example, England are going to screw up yet again in the essential penalty shoot-out.
Cloud file storage supplier ParaScale has failed to raise funds in a B-round and is having to cut costs and conserve its dwindling cash.
An employee in one of Bank of America's customer call centers has admitted he stole sensitive account information and tried to sell it for cash. Brian Matty Hagen said he met with two individuals whom he later learned were undercover FBI agents and offered to sell them names, dates of birth, telephonic passwords, and other details for Bank of America customers, according to court records. He met with them at a restaurant in Sun City, Florida, where he told them he was looking for accomplices who knew how to milk the accounts by establishing phony credit cards in the customers' names or through other means.