Just like their Windows coworkers, Mac users in the enterprise will have more options to log into Windows Active Directory services using smart card technology. According to access-control management company Centrify support for smart card-based login will be available next month. A beta version is available now.

View Yellow Book ads here You probably don t go to YouTube at this point to amuse yourself with video clips from Rita s Roofing on Long Island or the Living Sea Aquarium in Park Ridge, Ill. But they re coming. YouTube earlier this week struck a deal with Yellow Book to carry videos from local merchants served by the directory publisher. In the official release, Yellow Book s chief new media officer, Pat Marshall, said:  “We’re pleased to be the first internet yellow pages publisher to offer YouTube as a distribution channel for our video advertisers. Video advertising on yellowbook.com and via YouTube distribution uniquely promotes Yellowbook’s advertisers to more potential customers than ever before.” It ll be interesting to see how YouTube...

Online backup storage provider Mozy on Tuesday will roll out a public beta for MozyPro for the Mac, a new service for businesses using Apple s Mac platform. MozyPro for the Mac resembles Mozy s business lineup for Windows. It allows online backup for the Mac like its MozyHome for Mac service with a desktop application, but the business edition comes with a dashboard to manage backup processes and services for both Windows-based and Apple machines. This Web-based dashboard allows businesses to manage multiple backup and data restore processes and supports Mac Server software such as iCal Server, Mail Services, Directory on OS X Server and Windows Server stalwarts such as Exchange, SQL Server and Active Directory. Mozy, owned by EMC, said...

If you’re a savvy Windows Vista user or IT professional, you’ve probably used Vista’s Complete PC Backup to image your hard disk and you scheduled regular backups through Windows Backup. If you don’t really trust Vista’s built-in tools or just like to have additional copies of your really important files, Vista includes a powerful, but hidden directory replication utility, called Robocopy that makes backing up files a snap. In this IT Dojo video, TechRepublic s Bill Detwiler show you how to access Robocopy and how to create a custom command-line script that backs up files to an external hard drive. After watching the video, you can read Greg Shultz’s article, “Create a custom backup tool with Vista’s Robocopy”–the basis for this...

It will be a very busy Patch Tuesday for administrators managing Microsoft Windows computer systems. According to Microsoft s advance notice mechanism, 11 security bulletins will drop next Tuesday (October 14, 2008), covering a wide range of serious vulnerabilities. Four of the 11 bulletins are rated "critical," meaning that those vulnerabilities can be exploited to launch remote, code execution attacks. [ SEE: Microsoft makes daring vulnerability sharing move ] The four "critical" bulletins apply to the widely deployed Internet Explorer browser, Active Directory, Microsoft Excel and Host Integration Server. Six of the bulletins will be rated "important" and will provide fixes for a range of Microsoft Windows operating system vulnerabilities. The final bulletin, rated "moderate," will provide patches for an information...

Apple has shipped another mega-update to address security vulnerabilities affecting Mac OS X users, warning that the most serious issues could lead to arbitrary code execution attacks. The update, available for Tiger and Leopard, addresses a total of 34 documented vulnerabilities, some in third-party components like ClamAV, BIND, OpenSSH and Ruby. It also provides fixes for the following Mac OS X flaws: CVE-2008-2305 -- A heap buffer overflow exists in Apple Type Services handling of PostScript font names. Viewing a document containing a maliciously crafted font may lead to arbitrary code execution. CVE-2008-2329 -- An information disclosure issue exists in Login Window when it is configured to authenticate users with Active Directory. By supplying wildcard characters in the user name...

The United States Computer Emergency Response Team (US-CERT) has raised an alarm for a serious vulnerability in Apache Tomcat, warning that a proof-of-concept exploit is publicly available. The code, posted to Milw0rm.com, exploits a directory traversal vulnerability vulnerability in the way Apache Tomcat handles malformed requests. From the advisory: If a context is configured with allowLinking="true" and the connector is configured with URIEncoding="UTF-8" then a malformed request may be used to access arbitrary files on the server. The vulnerability (CVE-2008-2938) affects Apache Tomcat versions 4.1.0-4.1.37, 5.5.0-5.5.26, and 6.0.0-6.0.16. The open-source group has shipped a fix in Apache Tomcat 6.0.18, an update that also fixes three additional security issues: CVE-2008-1232 (cross-site scripting): The message argument of HttpServletResponse.sendError() call is not only...

Technology web site TechCrunch is one of those staples (like ZDNet, of course) to which we all turn for news and analysis on the companies shaping the Web. Their CrunchBase directory provides a wealth of information on the companies and people featured in their stories (and elsewhere, as it s editable by anyone), and they recently took the step of opening up an API to the data. Amongst those taking advantage of the API is Semantic Web developer, Benjamin Nowack. As he reports on his blog, Benji has created Semantic Crunchbase, an expression of the Crunchbase content as that Linked Data about which Sir Tim Berners-Lee and others are currently so passionate. Remember, “Linked Open Data is the Web done as...

Unify s Active Directory Manager Version 2.5 significantly reduces unplanned Active Directory downtime.

I ve said it several times before: I want a netbook. An Asus Eee would be great, the HP MiniNote is a bit pricey but looks very slick, Dell s proposed netbook is still vaporware but worthy of excitement, and I m still waiting for US OEMs to pick up on the Intel Classmate reference design. I want something cheap and durable that can get tossed in a bag or even in the pocket of some particularly baggy and unprofessional cargo pants (or into students backpacks or teachers desk drawers). I just can t get excited about any flavor of Windows (with the possible exception of Servers 2003 and 2008 since Active Directory is actually pretty easy to deal with and Group Policy is...

I just finished a news story about VeriSign s (NASDAQ: VRSN) secure OpenID services chosen by Microsoft for HealthVault users. The story discusses Verizon s DNS services and its OpenID services and asks if this is a problem or a feature. Is there a possible privacy issue or could the two technologies be used to strengthen OpenID? - Could there be a Potential Privacy Issue with Verisign s OpenID and its Internet Directory Name Services? VeriSign assured me that there could be no collusion between its OpenID and its DNS services. It said it has strict privacy guidelines to protect users. [Here is a crowdsourcing opportunity: I haven t checked VeriSign s privacy policy to see if there is specific wording that would exclude such...

It looks like Google just launched the new version of iGoogle that developers have had access to in the sandbox for a while now. The new version is great -- and it gives developers a lot more flexibility when creating their gadgets because now it s possible to make a full page view. Along with the new iGoogle look, users now have access to a host of "Artiest Themes" -- perhaps a new way of showing users a collection of good themes, rather than random, often junky ones. Don t get me wrong, there are several great themes in the main theme directory, but these ones seem to be a little bit higher quality than the rest. Overall, this overhaul is a...

What would the perfect phishing attack from a social engineering perspective? The one that compared to using typosquatted domains impersonating the bank s web application directory structure is in fact using the bank s legitimate domain names as redirectors due to XSS flaws within. It s even more interesting to measure the average time it takes for a bank to fix the XSS flaws within its sites upon getting notified of them, which in some cases is longer than the average time it takes to shut down a phishing site. In yet another compilation of XSS vulnerable sites coutesy of Dimitris Pagkalos at XSSed.com, the largest online archive of XSS vulnerable websites, HSBC Holdings plc owned domains are vulnerable to XSS flaws which...

My servers are a mess. They re limping along until this summer when I don t have classes to teach (or classes to take, for that matter) and I can do some serious maintenance. This maintenance is serious enough that, for at least a couple of them, I ll be better off wiping them out and starting with a clean slate. This is a bit of a pain, but not actually all that uncommon for a standard desktop deployment. Obviously it s not a first choice for servers, though. However, I ve learned enough over the last year about Windows Server 2003 in general and Active Directory in particular that I can do a much better job of setting them up now than was done...

While traveling over the weekend, I had the interesting experience of having the microdrive in my HTC Advantage die. This post is likely to be the first in a series chronicling my experiences with HTC s customer service. So far, so bad. As a bit of background, the Advantage had been acting strangely for several months. The microdrive would disappear from Windows Mobile s device list. No error messages were reported. The device (and all of its files) just disappeared. Usually a soft reset would make the drive reappear and life would be beautiful once more. Then something more serious happened. Over 400 MB of information disappeared from the directory listing on the microdrive. When I attempted to restore the lost data,...

Peter Norvig has been at Google for a long time now -- he was, until recently, the Directory of Search Quality; the guy who made sure every time you submitted a query, you usually got what you wanted. He has since moved into the Director of Research role, but is taking time off right now to update his textbook: "Artificial Intelligence: A Modern Approach". Peter recently sat down with Anand Rajaraman to discuss several things including search quality at Google -- for a great read, check out this article. Anand explains how Google s search algorithm consists of offline and online phases. That is, the time-consuming process of discovering then tagging webpages is done offline, and is obviously query independent, and...

A web directory is a website where you can list your business and website to gain additional online exposure to traffic and search engine improvements. A submission to a quality web directory will be

The Google-backed StopBadware.org coalition has called on Apple to rethink its stance on whether the Safari "carpet bomb" issue reported by Nitesh Dhanjani constitutes a serious security risk. Dhanjani originally discovered than it is possible for a booby-trapped Web site to litter the user s Desktop (Windows) or Downloads directory (~/Downloads/ in OSX) with executables masquerading as legitimate icons. "This can happen because the Safari browser cannot be configured to obtain the user s permission before it downloads a resource. Safari downloads the resource without the user s consent and places it in a default location (unless changed)," Dhanjani said, warning that it could be used as a drive-by malware distribution mechanism. [ See Nate s post for background ] Apple has classified Dhanjani s...

Nitesh Dhanjani released information about some of his newest research on the Safari web browser this morning, and interestingly enough, Apple has decided NOT to fix some of the issues he presented. Dhanjani reported three issues, as follows below from his blog: 1. Safari Carpet Bomb.It is possible for a rogue website to litter the user s Desktop (Windows) or Downloads directory (~/Downloads/ in OSX). This can happen because the Safari browser cannot be configured to obtain the user s permission before it downloads a resource. Safari downloads the resource without the user s consent and places it in a default location (unless changed). Assume you visit a malicious site, http://malicious.example.com/, that serves the following HTML: ... Now assume that http://malicious.example.com/cgi-bin/carpet_bomb.cgi is the...

First a web directory is web site that specializes in finding, categorizing and listing links to other resources on the World Wide Web. Owners of web sites can submit their sites for review and possib