In This Issue:
1. Editor's Note: A Tale Of Two Browsers
2. Today's Top Story
- A Behind-The-Scenes Look At How DRM Becomes Law
3. Breaking News
- CIOs Speak Out On Google Apps Vs. Microsoft Office
- NextWave Is Flying Down To Rio With A Wi-Fi Deployment Plan
- Proponents Say Regulations Could Curb Compulsive Online Gambling
- Criminals Google 'How To Open Safe' In Middle Of Burglary
- Bots Helped To Boost Microsoft Live Search Gains
- SaaS Vendor NetSuite Has No Separate Backup Center For Customer Data
- Small Investors Group Presses Vodafone To Spin Off Its Stake In Verizon Wireless
- Apple Reports iPhone-To-Outlook Sync Glitch
- Apple Patches Eight QuickTime Bugs
- Warner Music To Stream All Its Music Online For Free
4. The Latest Open Source Blog Posts
- An iPhone For Hackers: The OpenMoko 'LPhone'
- Microsoft Avoids GPL Trap To Step Into Snare
- Linux Creator Calls GPLv3 Authors 'Hypocrites' As Open Source Debate Turns Nasty
- Microsoft Vs. GPLv3: How To Trip Over Your Own Feet
5. Job Listings From TechCareers
6. White Papers
- What Every IT Executive Needs To Know About Legacy E-Mail Infrastructure
7. Get More Out Of InformationWeek
8. Manage Your Newsletter Subscription
Quote of the day:
"No one ever thinks of themselves as one of Them. We're always one of Us. It's Them that do the bad things." -- Terry Pratchett
1. Editor's Note: A Tale Of Two Browsers
Internet Explorer and Firefox are sitting on a bench, enjoying the warm summer sun. Suddenly, Firefox sneezes, reaches for its handkerchief, grabs its cell phone, and calls its doctor. "I think I'm coming down with something," it says. "Is there something I can do to get rid of this problem?" Then IE sneezes. What does it do?
It reaches for its handkerchief, grabs its cell phone, and calls its doctor. "I just want to tell you," it says, "that wasn't my sneeze, my handkerchief is perfectly clean, and if I sneeze again I'm telling everyone it's Firefox's fault."
Sorry for the bad joke, but this is what immediately popped into my head when I read Sharon Gaudin's recent news item about a new security flaw that seems to be affecting both browsers. Apparently, a researcher named Thor Larholm has asserted in his blog that there's "an input validation flaw in Internet Explorer that allows you to specify arbitrary arguments to the process responsible for handling URL protocols." In other words, if you're using IE and visit a Web page that calls on a Firefox URL -- with, presumably, malicious code attached -- Firefox will be launched and will execute that code. The result? Two sick browsers.
Of course, this all depends on several factors, including the tendency of the user to go to malicious Web sites and whether your version of Firefox has the specific FirefoxURL handler. However, what I became most interested in was the reaction of the two browser vendors to the news: A Mozilla representative said the company will be patching the problem in an upcoming release, while a Microsoft representative wrote that "this is not a vulnerability in a Microsoft product."
Strictly speaking, the Microsoft rep is right. The ultimate vulnerability is in Firefox. But this vulnerability only exists in the presence of both browsers. And would those of us who have both IE and Firefox on their systems (which includes everyone who installed Firefox but decided not to uninstall IE -- in other words, a lot of people) really care which browser is the one being ultimately targeted when our systems slow down to a crawl? And is a general policy of defensiveness really appropriate when you're dealing with a potential problem that will affect your user base?
Over the years, Microsoft acquired a reputation -- not unearned -- of acting as though it was the only viable source of software around; if its products had any interactions with other software products that didn't work, well, it was the user's fault for straying from the path. Over the last year or so, my impression was that Redmond had mellowed a bit, understood that our current technology is based on a culture of complex collaborations with other products, and had learned to Play Well With Others. I hope I wasn't being optimistic.
An iPhone For Hackers: The OpenMoko 'LPhone'
You would have to be deaf to ignore the screaming about the iPhone that's been filling the air. Meanwhile, another company has been quietly gearing up to offer a phone that's as open to hackery as the iPhone is closed.
Microsoft Avoids GPL Trap To Step Into Snare
Microsoft sought to avoid tangling itself up in the GPL license when it struck a deal with Novell. But did Microsoft circumvent the trap of GPLv2 by stepping into the snare of GPLv3?
Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.
Keep Getting This Newsletter
Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.