Ryan Clothier

Microsoft today confirmed that exploit code published last week can compromise PCs running older versions of Internet Explorer (IE), but said its security team has not yet seen any in-the-wild attacks. IE6 and IE7 account for more than 41% of all browsers used worldwide, according to the most recent data from metrics firm Net Applications. The attack code, which was posted Friday to the Bugtraq security mailing list , affects both Internet Explorer 6 (IE6) and the newer IE7, Microsoft acknowledged. "Microsoft can confirm that the publicly available exploit code affects IE6 and IE7, not IE8," a company spokesman said in an e-mail reply to questions today.

IE8, meanwhile, has an 18.1% market share. According to Danish vulnerability tracking vendor Secunia, the flaw is in IE's layout parser , and could be exploited by hackers to hijack fully-patched Windows XP Service Pack 3 (SP3) machines. Over the weekend , Symantec researchers took note of the exploit code, but said that it was shaky. "The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future," the security company's analysis team said in an entry on a company blog Saturday. Secunia rated the vulnerability as "highly critical," its second-highest threat ranking. Windows Vista, for example, ships with IE7. Windows 7, however, relies on the unaffected IE8. The company also declined to spell out plans for quashing the IE bug. "Microsoft is investigating new public claims of a possible vulnerability in Internet Explorer," the spokesman said, using boilerplate that the company regularly rolls out when it's asked about patching progress. "Once we're done investigating, we will take appropriate action to help protect customers ... [which] may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves." Microsoft will issue its next scheduled security updates in a little more than two weeks on Dec. 8. One security researcher said it's unlikely Microsoft will move fast enough to make that deadline. "Seeing as though they haven't even posted an advisory, and with the holiday this week, I'm doubting a Dec. 8 release," said Andrew Storms, director of security operations at nCircle Network Security. Microsoft declined to answer questions about which versions of Windows are vulnerable.

More likely, said Storms, is that Microsoft will offer steps that IE6 and IE7 users can take to defend themselves. To turn off JavaScript, users should select the "Tools" menu in IE, then click "Internet Options," the "Security" tab and the "Internet" content zone. On Saturday, Symantec recommended that users disable JavaScript in IE6 and IE7, a move that could stymie attacks, since the current exploit code requires JavaScript. Next, click "Custom Level" and in the "Settings" box, click "Disable" under "Active scripting." Click "OK" in the current dialog box, as well as the next.

WASHINGTON - One obvious follow-up question to the U.S. government's announcement this month that the federal stimulus has created or saved 30,000 jobs so far is this: How many were IT and engineering jobs? There is no information at Recovery.gov concerning the types of jobs either saved or created from the $16 billion in contracts awarded so far, representing 2% of the $787 billion stimulus. Unfortunately, there isn't an answer.

The Recovery Accountability and Transparency Board that provides Recovery.gov, designed to allow citizens to track funding, is posting only what it gets in reports from recipients. "We are not analyzing it in terms of types of jobs," said a board spokeswoman. "That sort of analysis may be made at a later date, once we get the additional recipient reports on grants and loans posted on the Web site," but there's no time frame for providing it, she said. This barebones information makes a rough guess possible about the quality of jobs based on description of the work, but that's it. "One of the primary reasons for the stimulus money is to create jobs and one of the primary things we would like to know from this data is what kinds of jobs were created, said Tony Fisher, the president and CEO of data management firm DataFlux Corp. The Recovery.gov site includes interactive maps and spreadsheets showing companies that have received the data, the number of jobs created or saved, and a description of some of the work. He blamed the lack of detailed information on an absence of data, a lack of consistency to the data we have and insufficient rules governing how that data is supposed to be collected and displayed. "[Recovery.gov] falls short in a number of respects in helping users understanding spending," said Craig Jennings, a senior policy analyst for OBM Watch, a nonprofit government watchdog group. This prompted the creation this month of the Coalition for and Accountable Recovery, which represents about 30 groups.

Among the problems is site navigation difficulty and an inability to search by recipient. Along with OBM Watch, some of its other members include the Center for Responsive Politics, OMB Watch, Sunlight Foundation, Economic Policy Institute. The stimulus is expected to create IT jobs but there's never been any estimate about how many. The groups criticized the usability of the Web site, and said it needed functions, such as ability to search by recipient. Both IT and engineering jobs have declined in the recession. Mark Loughbridge, IBM's chief financial officer, said this month that public sector was again the fastest growing sector with 2% growth, led by health care and education. "Now I think this is quite logical given the rollout of stimulus spend globally," he said told analysts on a third quarter earnings call this month.

However, IT firms are expecting the stimulus to perk up spending. Meanwhile, Sun Microsystems Inc. said this week it is cutting 3,000 jobs as it awaits the acquisition of Oracle Corp.

Europe's head of competition has criticized Oracle for what she characterized as a lack of cooperation over the investigation of Oracle's planned acquisition of Sun Microsystems, a spokesman for the European Commission said. Kroes said the Commission was willing to move quickly toward a final decision but "underlined that a solution lies in the hands of Oracle," according to the spokesman. In a meeting with Oracle President Safra Catz in Brussels on Wednesday, Competition Commissioner Neelie Kroes "expressed her disappointment that Oracle had failed to produce, despite repeated requests, either hard evidence that there were no competition problems or, alternatively, proposals for a remedy to the competition problems identified by the Commission," a Commission spokesman said.

An Oracle spokeswoman said the company declined to comment. The Commission said it was concerned about Oracle, the world's top seller of database software, taking ownership of MySQL, the leading open-source database, which Sun acquired last year. Oracle's proposed US$7.4 billion Sun acquisition was approved by U.S. regulators in August, but two weeks later the Commission announced it would launch an investigation of the deal, citing "serious concerns" about its effects on competition in the database market. Oracle had hoped to complete its acquisition of Sun by now, but the Commission's probe, which could last up to 90 days, has held up the deal and may not be completed until January. Oracle CEO Larry Ellison said last month that Sun is losing $100 million a month while it waits for the deal to close.

Meanwhile Sun's sales have been declining as rivals IBM and Hewlett-Packard take advantage of the uncertainty around Sun's business with aggressive migration plans. He has also asserted that Oracle's database competes with Microsoft's SQL Server and IBM's DB2 products, and not with MySQL. Sun announced a big round of layoffs yesterday, citing the additional time it is taking to close the deal with Oracle. Oracle is widely expected to make deeper job cuts if the deal closes. The company said it will lay off 3,000 workers around the world over the next 12 months.

Apple will launch a tablet-style device sporting a 9.6-inch display in February 2010, according to sources cited by a Taiwanese Web publication today. The tablet will feature the 9.6-inch screen, the multi-touch user interface made famous by the iPhone and iPod Touch, and a processor created by P.A. Semi, the Santa Clara, Calif. microprocessor design company that Apple purchased over a year ago . Apple's device will also reportedly include a HSPDA (High Speed Download Packet Access) module. The Taiwan Economic News said industry sources have claimed several component suppliers are building parts for an upcoming Apple tablet computer, which will launch in about five months.

HSPDA is the 3G cellular data protocol used by AT&T in the U.S.; AT&T is currently Apple's exclusive carrier partner in the United States. Verizon uses the EVDO Rev. T-Mobile, which is an Apple partner in Germany and Austria, also uses HSPDA in the U.S. If true, it would put the brakes on rumors that Verizon , which has supposedly been in talks with Apple, will replace AT&T on the computer maker's A-list. A (Evolution-Data Optimized) data protocol instead. Talk of such a device, which some analysts have dubbed an "iPod Touch on steroids," has been both brisk and long-running. The selling price for Apple's tablet, said the Taiwan Economic News 's sources, will be between $800 and $1,000. This is far from the first time that tales of an Apple tablet have been told.

In May, for example, Wall Street analyst Gene Munster, of Piper Jaffray, used circumstantial evidence and checks with Asian component suppliers to bet that Apple would release a $500-$700 tablet next year. By now, although the continuing chatter makes some sense, it's getting harder to swallow the gossip, said Ezra Gottheil, an analyst with Technology Business Research who covers Apple. "It makes sense, it hangs together, sure," said Gottheil today. "But I'm starting to think that this is just a bunch of people believing each other, or maybe even an Apple disinformation campaign." What struck Gottheil today was the specificity of the report out of Taiwan. "The sources named the companies and they named the components," he said. "That's not how Apple does business." Rather, Apple goes to great lengths to make sure its suppliers keep mum about the work they're doing for the company, Gottheil maintained. "The signs are there that it makes sense for Apple to be doing something in the 'bigger than an iPod Touch' space, but I'm not sure this report adds any evidence to those signs," Gottheil said. "It's almost starting to look like people [are] just playing with the idea or even having fun with it." Tablet rumors picked up significantly just prior to Apple's annual developers conference in early June, but analysts then predicted - correctly, as it turned out - that the company would not unveil such a device at the time.

Apple has been pretty forthcoming about its environmental policies in recent years, but given the company's high profile, groups such as Greenpeace have continually pushed for even more transparency. Apple has taken flak in this department for trailing behind the likes of Dell and HP, both of which publish their annual carbon emissions, to the tune of 471,000 tons and 8.4 million tons respectively. This week, Apple overhauled the environmental section of its website with more data about its efforts, most prominently featuring an extensive breakdown of the company's annual corporate carbon emissions. Apple, on the other hand, calculates it generates 10.2 million metric tons of greenhouse gas emissions in a year.

For example, those companies' figures don't take into account the impact their products have on the environment during their lifetime. Although Dell and HP's numbers might sound significantly more environmentally friendly, it turns out that they're limited in what they actually measure. Apple, on the other hand, has explicitly broken down exactly where those 10.2 million tons come from: 38 percent from manufacturing, 5 percent during transportation, 53 percent from product use, 1 percent from recycling, and 3 percent from its own facilities. It would seem the ball is now in the court of competitors like Dell and HP, who will may quickly come under pressure to provide results as extensive as Apple's own. More to the point, the information Apple is now providing about its carbon footprint aims to reframe the debate over what it means to be an environmentally-friendly company.

Some environmental experts have lauded Apple's efforts and are hopeful that the move will spur those competitors to follow Apple's lead. But even the harshest of Apple's critics have acknowledged that Apple seems to be making genuine strides in the direction of environment friendliness. [via BusinessWeek] As always, there are also naysayers who think that Apple is only disclosing selective information that paints it in a positive light.