Hole found in OpenBSD

The open source operating system OpenBSD has a critical remote kernel buffer overflow vulnerability in its IPv6 protocol stack that can allow a remote attacker to take over the system with malformed e-mail, reports eWeek.com.

Core Security's research arm, CoreLabs, discovered the flaw, which allows an attacker to insert arbitrary code at the kernel level of a targeted system. It also bypasses all system security mechanisms.

A patch is available on OpenBSD's site and users who cannot patch right away, or who do not need to process or route IPv6 traffic on their systems, are advised to block all IPv6 packets with OpenBSD's firewall.

Cisco plans to purchase WebEx, a Web-conferencing service provider, according to itworld.com.

Cisco needs to find new markets for growth, and its WebEx acquisition is part of that strategy. The company has about 70% to 90% market share in its core businesses of switching and routing. It says although there is still money to be made from upgrading infrastructure at large companies, it needs to expand into other markets.

This quest for growth has been the driving force behind several of Cisco's other acquisitions over the past few years. It is why Cisco is moving into markets such as consumer electronics, social networking and online entertainment.

Commodore has selected Cebit as the launch pad for a new subsidiary dedicated to PC gaming, says BBC News.

Commodore Gaming will begin selling PCs that cater for the high-end home gamer from April.

Crammed with high-end components, the machines will be aimed at consumers who do not want to have to build themselves a machine optimised for gaming.

Microsoft is investigating a new flaw uncovered in Internet Explorer 7 (IE 7) that opens users up to phishing attacks, says eWeek.com.

Israel-based security researcher Aviv Raff discovered the flaw and says using a cross-site scripting attack, an attacker can exploit a design flaw in IE 7. He says until the vulnerability is fixed, users should not trust the "Navigation Cancelled" page, or any links on that page.

A Microsoft spokesman says the company will continue to investigate the matter, and is unaware of anyone trying to exploit the vulnerability.