The Download Blog

There's a new zero-day attack in progress against Yahoo Messenger users. The instant messaging solicitation invites users to open their Webcam. However, the code used in this China-based exploit causes a heap overflow to be triggered when the target accepts a Webcam invitation. That means a remote attacker could execute malicious code on a compromised machine.

The McAfee security blog recommends the following: do not accept Webcam invites from untrusted sources until a patch is released, and block outgoing traffic on TCP port 5100 on your firewall until a patch is released.

Yahoo has been informed and says it … Read more

iPhone has its touch Safari browser, ZenZui will have its tiles, and Yahoo has Yahoo Go 2.0 Beta, a free service that also seeks to give users a novel Internet experience--especially if the users in question are Yahoo groupies.

Essentially a buffed and polished vehicle for its products and services, Yahoo Go groups its search bar, calendar, e-mail, news feed, and Flickr photo services in a single, well-proportioned design. Rotating carousel icons launch each service and keep the interface snappy. The app stays on top of frequently refreshing the page.

Yahoo Go avoids the problem of overcrowding suffered by Yahoo's Web portal by limiting its quick-launch services to maps, e-mail, photos, entertainment, weather, news, sports, and finance headline feeds. It sounds like a hefty load until you skim Yahoo.com's landing page and realize the leagues of content left behind, including auto, auction, Answers, personals, travel, tech, groups, and games; not to mention the new OMG! gossip headlines leveled at teenage it-girls. … Read more

LimeWire is best known as the latest in a long chain of software that makes it easy to find and download music for free, replacing Napster, Grokster, eDonkey, Kazaa, and all the other applications and networks that shut down or cracked down on the sharing of copyrighted material.

Lime Wire LLP, the company that makes the LimeWire software application, has also been sued by the Recording Industry Association of America (RIAA), but has so far refused to cave, saying that it only manufactures the software and has no control over how users choose to employ it. Moreover, it filed a countersuit in September 2006 on antitrust grounds, calling the RIAA an illegal cartel that conspires to destroy any distribution channel that the recording industry doesn't control.… Read more

You may have heard about Skype, but did you know that little old Windows Live Messenger can make phone calls? Molly Wood shows you how to make voice and webcam calls using the popular IM software.

It's not uncommon for publishers to start nailing dollar signs on freeware products or release a pro version requiring some financial obligation. It's a little more rare, and always refreshing, to see publishers introduce a free version of a commercial product. PK Ware did it with SecureZIP back in April, and MobiMate is doing it now with WorldMate S60, all-in-one travel software that incorporates a world clock, global currency converter, weather forecaster, and time zone map that tracks night and day around the globe.

The limited-feature release offers users free reign over five WorldMate capabilities, but dangles flight … Read more

Microsoft today released its August 2007 security bulletin, which includes nine updates: Six are designated as "critical" by the software giant and three are deemed "important." Two patches affect Microsoft products on the Mac, and one affects Windows Vista. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS07-042: CriticalTitled "Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)" this bulletin affects users of Microsoft XML Core Services in Windows 2000, Windows Server 2003, and Windows Vista; it also affects Microsoft Office 2003, Office 2007 and Microsoft Office SharePoint Server; and it addresses the vulnerability detailed in CVE-2007-2223. Successful exploitation could lead to remote code execution.… Read more

Although Windows Vista was released back in January 2007, Windows XP still maintains a stranglehold on personal computing. As of June 2007, according to Net Applications, Windows XP is used by 81 percent of all computer users, compared with 5 percent for Vista and 6 percent for Mac OS and MacIntel combined.

In his weekly column, Killer Download, Jason Parker recently took a look at three popular freeware apps that can extend the power and lifespan of your Windows XP system. CCleaner, RAMBooster, and Auslogics Disk Defrag have all become essential XP tools for those of us on the CNET … Read more

Power Downloader has been around long enough to know that young people tend to go through phases in their lives. Particularly in college, when young people are trying to figure out what path they want to take and what kind of individual they want to be, a certain degree of experimentation is expected. When Power's niece, Kitty Kilobyte, recently stated in an e-mail that she would no longer use any software from a huge corporation, Power smiled knowingly to himself and continued to read on. Kitty said one of the programs she needed was a full-featured word processor for her next year at school, but it had to be unique like she is--a program unlike what everybody uses at school.

In Power Downloader's many trips through the Download.com software library, he's found plenty of unique software apps; from the strange and wonderful to the just plain weird. But it wasn't enough to just grab the weirdest word processor available for Kitty; he had to find one that was both unique and useful.… Read more

An unfortunate side effect of having your blog or Web site hit by sudden, massive traffic of the type you get when linked to on sites such as Digg, Del.icio.us, and Reddit, is downtime. While bad for the person who owns the site, it's also the pits for people who want to get at the content and can't. There are services such as Duggmirror, and Google's cache to bail you out, but otherwise you're out of luck. Mr. Uptime is a new Firefox extension from the folks at Pingdom that lets you earmark downed … Read more