As reported by the Computerworld, in a blog post, Plurk has shown screenshots and samples of similar JavaScript and CSS code pulled from both services.

Microsoft is looking into the allegations against MSN Juku, which a Microsoft joint venture in China hired a third-party vendor to develop, the company said in a statement. The service, still in beta and launched last month, could not be accessed on Tuesday. Microsoft promised to release further information as it learned more.

However, Plurk did not reply to e-mails or phone calls on Tuesday.

Shadowserver, a volunteer-run group that tracks vulnerabilities urged users to switch off JavaScript. “We have said it before and we will say it again: Disable JavaScript. This vulnerability is actually in a JavaScript function within Adobe Acrobat and Reader. The vulnerable JavaScript is obfuscated inside a ‘zlib’ stream making universal detection and intrusion detection signatures much more difficult.”

The advice seems to be at time, as a bug researcher and exploit maker HD Moore confirmed that an exploit would be published to the open-source Metasploit penetration testing framework within a day or two. Moore, the creator of Metasploit and Chief Security Officer for security company Rapid7, echoed Shadowserver’s advice. “Disabling JavaScript does prevent the vulnerable code from being called,” said Moore in an e-mail to Computerworld.

To kill JavaScript in Adobe Reader or Acrobat on Windows, users need to select Preferences from the Edit menu, choose “JavaScript,” then uncheck the “Enable Acrobat JavaScript” option. On the Mac, Preferences is under the “Adobe Reader” or “Adobe Acrobat” menus.

Killing JavaScript is the only defense against attacks until Adobe solves the problem. It is likely to take a month before that happens. Adobe’s next regularly-scheduled security updates for Reader/Acrobat are likely to launch on January 12, 2010.

If we believe on Moore’s preliminary work, attack code will go public long before then. “It is a little tricky to make reliable, but we are on track and should have a Metasploit update ready within a day or two at the latest,” said Moore said, referring to the probable release of an exploit module for the testing framework.

Worldwide revenue for wireless LAN equipment, not counting client devices, recovered to US$1.1 billion in the third quarter of this year, Dell’Oro said. That was up about 12 percent from the second quarter — 20 percent for enterprise equipment alone — and nearly matched the $1.14 billion of the previous year’s third quarter, according to analyst Loren Shalinsky.

The WLAN business was hurt less than some others in the recession that hit hard last September, but it sent sales lower in the first and second quarters of 2009, Shalinsky said. Before the downturn took hold, revenue had hit a record in the fourth quarter of last year, partly because of projects that had been initiated before the economy fizzled. Now the industry is on track to break that record, hey said.

Stimulus money granted by the U.S. government to help the economy back to health appears to have helped the rebound, Shalinsky said. Vendors cited stimulus funds as a driver for deals, and the government, health care and education sectors, all of which benefited from the stimulus, led the rise in sales, he said.

However, the growth of IEEE 802.11n also helped, according to Dell’Oro. The 11n standard, which boosted WLAN speed and range from the earlier a, b and g specifications, wasn’t formally approved until September 2009. But products based on a draft of the standard made up about 20 percent of WLAN units sold at the beginning of this year and now total more than 30 percent, Shalinsky said. Some enterprises hold off on buying gear until it has been standardized.

Despite price cuts made since the standard’s approval, 11n gear commands a premium over the older standards. That has helped to drive up revenue, he said.

Cisco remained the dominant vendor in the third quarter with 30 percent of total revenue. Its closest rival, Netgear, had less than 10 percent of the market, Dell’Oro said.

“This afternoon, Adobe received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild,” Adobe wrote in a post to its Product Security Incident Response Team (PSIRT) blog Monday afternoon. “We are currently investigating this issue and assessing the risk to our customers.”

Adobe had few details on the reported problem. “As soon as we have additional details, we will update the PSIRT blog,” a spokeswoman said in an e-mail message.

Adobe heard of the vulnerability from “partners in the security community,” she said, adding that she had seen no public reports of the issue apart from Adobe’s own blog posting.

With Reader and Acrobat installed on most of the world’s PCs, the products have become an increasingly attractive target for computer hackers who take advantage of flaws in the system to run unauthorized programs on victims’ PCs.

“This afternoon, Adobe received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild,” said David Lenoe, the company’s security program manager, on the Adobe’s product security incident response team (PSIRT) blog . “We are currently investigating this issue and assessing the risk to our customers.”

Computerworld searched security mailing lists and sites, including Bugtraq, Full Disclosure and milw0rm.com but turned up no reports of exploits in the wild.

An Adobe representative described why, saying, “The reports came to PSIRT directly from partners in the security community,” Adobe’s Wiebke Lips said. “As of this moment, I have not seen any public reports aside from the Adobe PSIRT blog post that just went live.”

Both Lenoe and Lips promised that Adobe would publish more information of the bug in Reader 9.2 and Acrobat 9.2 when they have details from its investigation.

Adobe updated Reader and Acrobat to versions 9.2 in mid-October, when it patched nearly 30 vulnerabilities in the popular programs.

The company has struggled this year to keep up with a rising tide of Reader and Acrobat flaws. In March, Adobe quashed a PDF bug that attackers had been using for more than two months , patched Reader and Acrobat again in May to block another zero-day and fixed a Flash-related PDF flaw in July.

The update to 9.2 was the fourth during 2009 that plugged at least one hole already being used by hackers, a vulnerability often described as a “zero-day” to indicate that a patch was not available when attacks started.

Several months ago, Adobe committed to delivering Reader and Acrobat security updates every three months as part of a renewed effort to lock down its software. According to that schedule, Adobe should be patching its PDF programs next month.

I have always found stopping to Invoke something to be a bit of a pain – just enough effort to derail my train of thought while working on a WinForms applications. So back in the 1.1 days, I created some helper code to try to smooth this process out a bit. On method to help out invoke was called like this:

string value = InvokeHelper.GetProperty(myTextBox, “Text”);

This was an improvement on invoking without help, but essentially all I was doing was wrapping some reflection calls to coax the value from the Text property.

Now, with extention methods, lambda expressions and the ability of the compiler to infer the resolution of generic type parameters to actual types, I was able to refactor many helper methods (variations on the above for getting and setting properties, fields, calling methods, and their overloads into two methods, this is the first:

public static TResult Invoke<T, TResult>(this T controlToInvokeOn, Func<TResult> code) where T : Control
{
if (controlToInvokeOn.InvokeRequired)
{
return (TResult)controlToInvokeOn.Invoke(code);
}
else
{
return (TResult)code();
}
}

This handles the majority of cases where I wish to invoke in WinForms, it’s available on all Control instanced (though I usually just invoke on the main Form instance where the controls I want to touch are) and it works without having to specifiy the return type (or where there are no return types *except in cases where the Func code isn’t an expression… see below for the second method/case).

The other method is this:

public static void Invoke(this Control controlToInvokeOn, Func code)
{
if (controlToInvokeOn.InvokeRequired)
{
controlToInvokeOn.Invoke(code);
}
else
{
code();
}
}

This method has some overlap with the previous method, but its exclusive territory is cases where you pass something to the ‘code’ parameter that *isn’t* an expression. In this overload, you are passing in a delegate defined as public delegate void Func() (which is not included in the framework, I just made it up though I could have easily used the ThreadStart delegate — hmm, maybe I should have, oh well ). This can be a multi-step method that includes locals etc. just like any anonymous method would. The first overload of Invoke would require you to return something at the end of your method, which I thought was ugly, so I added this second method for ‘code aesthetic’ purposes.

[Edit] One obvious thing I left out (you can tell I haven’t blogged much recently) is is just the syntax of how this is called. Inside a Form (this), you call the method like so (in this case, setting a value on a control on the UI thread):

this.Invoke(() => progressBar1.Value = i);

This gives you easier syntax than the out of the box invoke, and only invokes if it needs to.

Returning a value from a property is pretty easy, too:

string value = this.Invoke(() => button1.Text);

The return type is resolved implicitly so you never need to cast and normally shouldn’t need to explicitly supply it.

Anyway, I would like to improve this if I can. One question: is it wrong to overload the ‘Invoke’ method? If yes, what name should these methods have? Any other comments or questions are welcomel

Most users who move to the next version of Windows do so by buying a new PC (about 95 percent). It is Microsoft’s duty to ensure that these users don’t get discouraged, and that it has help resources for that. However, those who do have issues installing Microsoft’s latest OS, are reporting that they prefer Windows 7 to Windows Vista, once they get past the upgrade problems.

Twenty-six percent of users that have been experiencing trouble with Windows 7, said that after the upgrade process was complete, they were confused about what had happened to programs like Windows Mail, Windows Movie Maker, and Windows Photo Gallery. Redmond announced in September 2008 that it had stripped these programs out of Windows 7 and further confirmed in October 2008 that users would have to download Windows Live Essentials if they wanted to use the successors to these applications on Windows 7.

In November 2008, Microsoft said that it would offer a download link to Windows Live Essentials within Windows 7 to encourage users to download the suite of applications. The link isn’t particularly prominent, but it comes up if one searches for any of the missing applications.

Fourteen percent of users that have been having trouble with Windows 7 said that the issue was that the Aero theme was not running. This is often because the video driver is not up-to-date, or because the PC in question doesn’t have a good enough video card

“Industry’s datacenters already consume as much as two percent of available electricity,” says John R Thome of the Ecole Polytechnique Federale de Lausanne (EPFL). “As consumption doubles over a five-year period, the supercomputers of 2100 would theoretically use up the whole of the electrical supply!”

According to Thome, the answer is to expand on multicore processors by building three-dimensional arrays of cores – rather than simply laying them out on a sheet. Scientists at the EPFL have allied with others at the Eidgenossische Technische Hochschule in Zurich (ETH Zurich) and from IBM’s Swiss lab at Ruschlikon to conduct the CMOSAIC project. This project is aimed at delivering processors with as many transistors per cm3 as there are neurons in the human brain.

Thome and his colleagues believe that, 3D processors will be more energy-efficient than ordinary flat ones, bowling out the issue of using up all the world’s power supplies. However, they’ll still heat up, and air cooling won’t be good enough.

These scientists plan to build their 3D devices with a network of 50-micron cooling pipes running through them. The pipes will carry liquid coolant, which will be heated into a vapour by the hot cores. It will then be condensed, cooled and recirculated.

The assembled Swiss scientists expect to see their first 3D integrated circuitry going into supercomputers around 2015, and the first ones fitted with the new liquid-chill gear in 2020.

Some 400 professionals who are currently working for British Petroleum (BP) at Satyam, will become redundant after BP completely shifts the projects to TCS and Wipro over the next few months. Many Satyam employees are realizing that the new management’s relentless focus on pruning the costs means reduced job security.

“The Rajus were extremely good at dealing with people, whereas the Mahindras have created a lot of discomfiture in the organization by driving away our senior leadership and imposing their decisions on us. This makes us feel like outsiders. But for the fraud, an average Satyamite will still prefer Raju to the Mahindras as an employer,” said a senior employee who is working for banking and financial services customers at Satyam.

Many of the employees feel that the new management is not able to show empathy to the present employees the way the old Satyam management used to. This disconnect between the employees and the management can work in favour of other IT firms who are waiting to recruit skilled hands. “We always thought that Satyam was an over democratic company. It was a friendly company where even those on the bench was treated royally. Mahindra has adopted a hire-and-fire policy and the employee satisfaction levels are very low,” said an associate with the Citigroup project to Economic Times.

“I will never recommend anybody to join Satyam. Firstly, from a $2 billion company, it has been reduced to a mid-sized IT player. Secondly, the new management is yet to visualize and comprehend the scale of Satyam’s operations, employee and customer expectations. It’s like a cafe owner buying Taj Krishna,” said a Merrill Lynch Project Head.