Blogging

On Thursday, Apple released Safari 3.2. Although the update affects both Mac and Windows users, many of the Mac updates were provided in Apple’s October update for Mac OS X users. The update includes eight fixes specific to Safari and three specific to Webkit.

Safari 3.2 is available via the Apple Software Update application, the Apple Software Downloads page, or Apple’s Safari download site.

Safari-1
This patch affects Safari users on Windows XP or Vista. This update addresses multiple vulnerabilities in zlib 1.2.2 detailed within CVE-2005-2096. Apple credits Robbie Joosten of bioinformatics@school, and David Gunnells of the University of Alabama at Birmingham for reporting the vulnerabilities.

Safari-2
This patch affects users of Windows XP or Vista. This update addresses the security issue in the libxslt library detailed within CVE-2008-1767 in which processing an XML document may lead to an unexpected application termination or arbitrary code execution. Apple credits Anthony de Almeida Lopes of Outpost24 AB, and Chris Evans of the Google Security Team for finding the vulnerability.

Safari-3
This patch affects users of Windows XP or Vista. The update addresses the heap buffer overflow issue that exists in the CoreGraphics’ handling of color spaces detailed within CVE-2008-3623 in which viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution. Apple credits itself for finding the vulnerability.

Safari-4
This patch affects users of Windows XP or Vista. This update addresses the security issue detailed within CVE-2008-2327 in which viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. Apple credits itself for finding the vulnerability.

Safari-5
This patch affects users of Windows XP or Vista. The update addresses the vulnerabilities detailed within CVE-2008-2332 in which viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. Specifically, a memory corruption issue exists in ImageIO’s handling of embedded ICC profiles in JPEG images. Apple credits Robert Swiecki of the Google Security Team for finding the vulnerability.

Safari-6
This patch affects users of Windows XP or Vista. This update addresses the security issue detailed within CVE-2008-3608 in which viewing a large maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution. Apple credits itself for finding the vulnerability.

Safari-7
This patch affects users of Windows XP or Vista. This update addresses the security issue detailed within CVE-2008-3642 in which viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution. Apple credits itself for finding the vulnerability.

Safari-8
This patch affects users of Mac OS X v10.4.11, Mac OS X v10.5.5, or Windows XP or Vista. The update addresses the vulnerabilities detailed within CVE-2008-3644 in which disabling autocomplete on a form field may not prevent the data in the field from being stored in the browser page cache. This may lead to the disclosure of sensitive information to a local user. Apple credits an anonymous researcher for finding the vulnerability.

WebKit-1
This patch affects users of Mac OS X v10.4.11, Mac OS X v10.5.5, or Windows XP or Vista. This update addresses the security issue detailed within CVE-2008-2303 in which visiting a maliciously crafted Web site may lead to an unexpected application termination or arbitrary code execution. Apple credits SkyLined of Google for finding the vulnerability.

WebKit-2
This patch affects users of Mac OS X v10.4.11, Mac OS X v10.5.5, and Windows XP or Vista. The update addresses the vulnerabilities detailed within CVE-2008-2317 in which visiting a maliciously crafted Web site may lead to an unexpected application termination or arbitrary code execution. Specifically, a memory corruption issue exists in WebCore’s handling of style sheet elements. The issue has already been addressed in systems running Mac OS X v10.5.5. Apple credits the TippingPoint Zero Day Initiative for finding the vulnerability.

Webkit-3
This patch affects users of Mac OS X v10.4.11, Mac OS X v10.5.5, and Windows XP or Vista. This update addresses the security issue detailed within CVE-2008-4216 in which visiting a maliciously crafted Web site may lead to the disclosure of sensitive information. This update addresses the issue by restricting the types of URLs that may be launched via the plug-in interface. Apple credits Billy Rios of Microsoft, and Nitesh Dhanjani of Ernst & Young for finding this vulnerability.

Read the original post:
Apple updates Safari with 11 security fixes

Digitalsmiths, a video indexing, analytics, and publishing firm, announced Thursday that it closed a $12 million Series B round of funding that was led by .406 Ventures, Aurora Funds, and Chrysalis Ventures.

According to the company’s CEO, Ben Weinberger, the funding will be used to accelerate Digitalsmiths’ product development and provide advertisers with the information they need to monetize more online video.

But monetizing that video may not be as easy as it could have been just a few months ago. Numerous reports suggest online advertising is slowing and monetizing online video is still relatively vexing for major players in the market like YouTube.

So far, Digitalsmiths has been able to perform relatively well and attracted TheWB.com and pulled TMZ away from Brightcove. But with Brightcove showing no signs of losing ground and other competitors like Viewdle making in-roads, being more attractive to clients may not be as easy for Digitalsmiths as it may want to believe.

Here is the original post:
Digitalsmiths lands $12 million for video services

Taglocity, a company that aims to provide streamlined e-mail services to the enterprise, announced Thursday that the latest release of its add-in for Outlook will bring much of the functionality already offered in Google’s Gmail application to Microsoft’s e-mail client.

According to the company, Taglocity 2.0 will bring enhanced search, conversation threading, tags, and automation–all features already found in Gmail–to Outlook. The software will allow users to assign an unlimited number of tags to any Outlook item and automate mundane tasks by running actions once tags are set. The company claims that Taglocity 2.0 will be able to turn e-mails into appointments, assign additional tags, or automatically move messages into specified folders.

Perhaps the most important addition to Outlook through Taglocity 2.0 is the ability for users to use one of Gmail’s most prominent features: proper conversation viewing. Like Gmail, Taglocity 2.0 will let Outlook users bring up all related e-mails in a single, blog-like chronological order and group all conversations together in search results.

Bringing Gmail features to Outlook is something many users have been asking for. But because they’re not coming from Microsoft, it’s debatable whether Taglocity 2.0 will improve Outlook usability. Features aside, name recognition means quite a bit in the e-mail business.

View original post here:
Taglocity bringing Gmail features to Outlook

After banning YouTube and other social Web sites on all overseas computers in May, citing bandwidth and security issues, the U.S. military on Tuesday launched an alternative video-sharing Web site for troops, their families, and supporters.

The new site is called TroopTube and has a look and function very much like YouTube, with one major difference: a Pentagon employee screens each video upload for taste, copyright violations and national security issues.

Technically, you need to be a member of U.S. Army, Navy, Marine, Air Force, Coast Guard, or National Guard to register with the site for uploading. However, there’s no enforcing mechanism to make sure that’s the case. There are also options to register as a family member or civilian friend.

TroopTube limits videos to five minutes in length and 20MB in size, as opposed to 10 minutes and 1024MB of YouTube. Unlike YouTube, you can’t rate a video but just leave comments.

According to the Associated Press, TroopTube was built with the help of Delve Networks, a 4-month-old start-up that builds advanced tools for approving, sorting, and managing videos.

Delve’s technology automatically generates the video content into different file sizes to feed the viewer best depending on his or her Internet connection. This make the site more bandwidth-friendly than YouTube and other movie sites. The company also creates text transcript from the uploaded videos’ sound tracks for better and more relevant search results.

See the rest here:
Military launches video-sharing site for troops

After Tuesday, Barack Obama and John McCain will (presumably) bury the hatchet and move on with their lives. I’m not quite sure I can say the same thing about the respective heads of Zoho and Salesforce.com.

Sridhar Vembu, CEO of AdventNet, the company behind the Zoho suite of online applications, has again called out Marc Benioff in a public post accusing Salesforce of attempting to “block customers from migrating to Zoho CRM.”

Earlier this year, Vembu publicized details of negotiations he had with Salesforce in a bid to make Zoho work with AppExchange, an online marketplace for hosted business software applications. A week prior to the product launch, however, Vembu claimed that Benioff suspended all joint development work between the companies in favor of a different tack.

“He offered repeatedly to acquire Zoho outright, which we rejected. I told him there is absolutely no fit between our companies, particularly with his business model (as noted above) and our business model. I told him there is just no cultural fit between our companies and such an acquisition would be miserable for both parties. Finally, he offered to let us integrate Zoho into AppExchange, provided we pull the plug on Zoho CRM. We told him that kind of pre-condition is totally unacceptable, and it also completely negates his claims of openness of their platform. Needless to say, we never did agree on the issue, and we dropped the integration effort.”

Vembu again revisited that chronology in Tuesday’s post, one day after Benioff, making the invidious comparison to Microsoft, described Salesforce’s strategy as inclusive.

“Since then, Salesforce has repeatedly tried to block customers from migrating to Zoho CRM, by telling them (falsely) that they cannot take their data out of Salesforce until their contract duration is over. We have emails from customers recounting this.”

Later, he told me that he had had a private e-mail exchange with Benioff as recently as a month ago, where the question of Zoho applications running on the Force.com platform again got raised.

“He refused,” according to Vembu. “He just said that that’s part of their business stragety and their prerogative. No one is questioning his right to do that, but it’s not consistent with openness. They claim that Force.com is open but that’s really not true.”

A Salesforce spokeswoman said the company would not have immediate comment.

Read the original here:
Zoho to Salesforce: Let us onto Force.com