A how-to book for crackers

A new book by security researchers, on writing code to exploit security flaws in popular software like Windows, has raised some eyebrows in the technical community, reports IDG. The outcry it is expected to provoke will most likely be because it publishes "zero day" or previously unknown techniques for exploiting vulnerable systems.

"The Shellcoder`s Handbook: Discovering and Exploiting Security Holes" is an advanced guide to writing software exploits. The book is intended as a resource for network administrators who are interested in closing security holes, but it also contains working samples of code for exploiting vulnerable systems and previously unpublished techniques for launching attacks such as heap overflows and kernel attacks, according to two of the book`s authors.

In what could be a sign of things to come, a New York-based start-up company is preparing to offer "open source insurance" to some of the largest companies in the world, reports Internet News. The move is a response to legal action like that being played out by SCO Group.

Open Source Risk Management, which provides consulting services as well as vendor-neutral indemnification to clients, is expected to debut an expanded range of business services this week, including insurance against open source litigation. After several months in stealth mode, the venture capital-backed company is officially launching at this week`s Open Source Business Conference in San Francisco.

Documentum, a maker of content management tools, plans to acquire a Xerox business unit for technology that will give its software broader access to corporate data, reports CNet.

The division of storage giant EMC plans to announce today that it has bought Xerox`s AskOnce unit. AskOnce technology allows companies to create a "virtual repository" of corporate data - a digital snapshot recording documents from hundreds of sources, ranging from e-mail servers to Web sites.

US state attorneys general may be gearing up for action against Internet file-sharing companies, with lobbyists in the movie industry helping to write the declaration of war, reports the New York Times.

A draft of a letter calling file-sharing programs like Kazaa "a dangerous product" was circulated last week under the name of the California attorney general.

The letter, addressed to companies that develop file-sharing or peer-to-peer software, called on them to warn their customers about the "legal and personal risks" that they face using the software, like the importation of pornographic materials and viruses on their computers and possible liability for copyright infringement. "A failure to prominently and adequately warn consumers could constitute, at the very least, a deceptive trade practice," the letter stated.

Microsoft has filed legal papers in the Netherlands requesting fines of 100 000 euros per day against Lindows for allowing users within that country to access its Internet site, reports CIO Today. Lindows says Microsoft`s demand that Lindows block access to its Web site by users in Belgium, the Netherlands and Luxembourg is unreasonable.

Lindows says it already has withdrawn its products from the Benelux countries. "Since visitors to our Web site come from international ISPs, proxy servers, anonymisers and other methods," said Michael Robertson, CEO of Lindows, "it is impossible for us to comply with such a broad order to block all visitors from Benelux, and Microsoft knows this."