Microsoft confirmed on Tuesday a new flaw affecting version 6 and 7 of its Internet Explorer web browser that could allow remote code execution. The security advisory noted that targeted attacks using the flaw were already in the wild.

This information was confirmed by McAfee, reporting that exploitation of the flaw was originating from the domain topix21century dot com over both HTTP and HTTPS. The drive-by attacks install a backdoor which connects to a command-and-control server.

Analysis by Symantec reveals that the exploit works effectively on IE 6. IE 7 tended to crash instead, and IE 8 is, as stated in the Microsoft advisory, immune. The attack loads some malicious code, and then makes repeated changes to the HTML document eventually provoking execution of the malicious code.

The best solution is to upgrade to IE 8, as one of the many improvements found in this browser also seals off the security hole. Failing that, enabling Data Execution Prevention in IE 7 should provide some level of mitigation, as the current exploits do not circumvent DEP (though they could probably be combined with DEP bypass techniques). Removing access to the file iepeers.dll using either of the mechanisms described in Microsoft's advisory prevents Internet Explorer from loading the flawed code, but may also break print and web folder functionality. Finally, disabling of scripting and ActiveX in the Internet and Local Intranet security zones should also provide protection against exploitation.

Microsoft has still made no indication whether this flaw will receive an out-of-band update, but with exploits in the wild and documented analysis of the exploit, clearly this flaw is something that needs fixing, and soon.

Read the comments on this post

The problem with dreams is that things never work the way you think they should. Try turning on a light... nothing happens. The branches of that tree may turn out to be the legs of a spider. You never feel safe, not exactly, because anything can happen. That feeling of uncertainty and unease is what Playdead had in mind when developing Limbo, a game that's coming to the Xbox Live Arcade, hopefully this summer.

A rather surprising article hit the front page of the BBC on Tuesday: the next generation of hard disks could cause slowdowns for XP users. Not normally the kind of thing you'd expect to be placed so prominently, but the warning it gives is a worthy one, if timed a bit oddly. The world of hard disks is set to change, and the impact could be severe. In the remarkably conservative world of PC hardware, it's not often that a 30-year-old convention gets discarded. Even this change has been almost a decade in the making.

The problem is hard disk sectors. A sector is the smallest unit of a hard disk that software can read or write. Even though a file might only be a single byte long, the operating system has to read or write at least 512 bytes to read or write that file.

There is a point when playing rhythm games such as Rock Band or Guitar Hero where you hit a kind of wall; there is only so much to learn hitting buttons as notes flow down the screen. Power Gig: Rise of the Six String—in addition to having a terrible title—wants to break that wall by teaching you actual guitar skills if you choose to move past what the tradition rhythm game has offered. The guitar peripheral is an actual six-string electric guitar, although we're promised that the full band bundle of guitar, drums, and microphone will be priced competitively with other rhythm bundles on the market.

We had a chance to see the game being played in front of us, although hands-on testing was forbidden. The notes came down the screen, connected by a pulsing ribbon, showing the player what button to hit on the guitar's neck. Any number of strings hit will register as a correct hit. In this mode, you will be able to use your existing rhythm game guitars. The real meat of the game happens when you move to the higher difficulty levels, where the dots are replaced by numbers, showing you what strings to play. A green two means you'll be pressing down on the second string down from the top of the neck, in the green section. Tutorials will show you how to hold your hands and fingers to create power chords.

Not too long ago, David Finland built a device capable of communicating with just about any model of iPod via the dock connector using an Arduino Nano, PodGizmo breakout board, an old USB iPod connector, and a momentary switch. While it may not sound like a big deal, there is more to it than one might think: namely programming a device (in this case the Arduino Nano) to be able to receive, interpret, and respond to messages sent from an iPod. 

This means teaching it to speak Apple Accessory Protocol and, although proprietary in nature, it has been fairly well documented around the Internet. Finland slung some code so that his iPod touch was hooked up to one of the famous Staples Easy buttons in his car. Now he could easily play and pause his iPod touch without having to fiddle with the on-screen controls.

Fast-forward several months and Finland had all but forgotten about the project when he was asked by the folks that run Make magazine to talk about it. In particular, they wanted him to talk about the library he created for communicating with Apple’s portable audio players. He said yes, and decided to dive back into the project and attempt to add additional functionality to the project. 

Finland's first go around only involved tackling the the Simple Remote portion of the Apple Remote Protocol, which handles things like mute, next playlist, skip, and turning the device on and off. With newfound interest, however, he has now tackled the Advanced Remote portion, which opens up a bevy of new functionality, including getting names of songs, albums, artists, and track time; toggling shuffle and repeat mode; and all the other neat functionality that iPods have.

This newly released library of code will surely appeal to the do-it-yourself hackers who love tinkering, soldering, and programming. Someone could theoretically even build his or her own iPod speaker solution with a plethora of different options and feedback. The more daring could hard-wire a solution to a car’s in-wheel audio controls. Personally, I envision some sort of bicycle solution that docks the iPod on the handlebars but allows riders to control the device without taking their hands off the handlebars. An even more enterprising individual could rig something like this up to a sudden motion sensor so that when someone enters a room, the iPod begins to play.

Read the comments on this post

SAN FRANCISCO — At a GDC event today, Sony showed off its new PlayStation Move controller, along with a number of games. The audience response was positive, but the demos shown, including sports games and sword-and-shield-style battles, seemed both inspired and informed by what the Wii has done before. We got a quick hands-on with the controller, and have posted some impressions and pictures, below.