Briefs: January 3, 2005

ORACLE'S PEOPLESOFT TAKEOVER CONTINUES APACE

Oracle easily plugged the hole left by the resignation of PeopleSoft CEO David Duffield from the company he founded. Duffield had returned as CEO Oct. 4 after PeopleSoft's board fired then-CEO Craig Conway.

Duffield's resignation, revealed in a Securities and Exchange Commission filing last week, was not unexpected. When Oracle announced the takeover of the 18-month-long object of its desire, it said none of PeopleSoft's seven board members would serve in the combined company. Last week Oracle appointed four new directors to PeopleSoft's board, replacing those who have resigned. The remaining directors will stay until the merger is complete, which is expected this month.

Oracle took control of the business applications vendor last week after shareholders tendered about 75 percent of PeopleSoft's stock. Oracle has launched a second tender offer for the shares it does not yet own. Oracle must receive 90 percent of the shares to avoid a special shareholder vote.

NEW WINDOWS BUGS DEEMED CRITICAL; NO PATCHES YET
A trio of new and unpatched Microsoft Windows vulnerabilities were made public on security mailing lists early last week.

The vulnerabilities are in the Windows LoadImage API function, its animated cursor files and in the way it handles help files. All of the bugs were as yet unpatched at press time.

All currently supported versions of WindowsWindows NT, 2000, XP and Windows Server 2003are affected, said Venustech, a Chinese security firm. Some impact Windows XP Service Pack 2 (SP2), some don't.

The LoadImage API vulnerability affects Windows NT through Windows Server 2003. Whether Windows XP SP2 is at risk isn't yet known. The vulnerability could be exploited by attackers who entice users to a malicious Web site that includes a specially crafted icon, cursor, animated cursor or bitmap file, said Danish security firm Secunia in its alert. The malicious image could also be delivered via HTML e-mail. Users who view such messages or visit such sites could find their systems hijacked.

The second bug, which is in Windows' ANI (animated cursor) files, could be used by an attacker to crash or freeze a Windows PC. Windows XP SP2 is not vulnerable to this flaw. The third bug revolves around how Windows parses help files and can be exploited to create a buffer overflow. The next scheduled security bulletin/patch date is Jan. 11, the firms reported.

VOIP SERVICE CLEARS ANOTHER REGULATORY HURDLE
An appeals court last week agreed with a lower court decision that ruled VoIP is a data service and, as such, can't be regulated by states.

The decision was issued by the U.S. Court of Appeals for the Eighth Circuit Court in St. Louis. The original decision in support of VoIP provider Vonage was issued in October 2003, after the Minnesota Public Utilities Commission told Vonage it would have to pony up fees to support the state's 911 services. The PUC also told Vonage it must obtain telephony company licenses to do business as a telephone operator in Minnesota.

In the appeals case, the PUC petitioned the court to determine whether a recent Federal Communications Commission ruling pre-empted the Minnesota court decision. In last week's decision, however, the appeals court said the FCC supports the lower court's decision.

Because Internet telephony is not considered a telecommunications service, according to the court decisions, states and municipalities will likely be blocked from regulatingand taxingthe service. However, some states may seek to appeal the decision to the U.S. Supreme Court.

LATEST TWEAK TO LINUX KERNEL RELEASED
Open-source maven Linus Torvalds has OK'd version 2.6.10 of the Linux kernel. The version includes an update to the Common Internet File System, support for the new digital video broadcast front-end driver and new USB-related work. The software can be downloaded from the Linux Kernel Archives Site.

MICROSOFT COMPELLED TO ABIDE BY EU ANTITRUST RULING
A European court has ruled Microsoft must release a version of Windows without Media Player and new server protocols, even though the company's formal appeal has yet to be heard.

Under the decision by the European Court of First Instance, Microsoft plans to provide the stripped-down version of the Windows code to European PC manufacturers this month and the server protocols in the near future, said Brad Smith, Microsoft's chief legal counsel, during a press conference in mid-December after the decision was made public. Smith said the new version of Windows will be available to consumers in February.

Robert Faletra's "On The Record" column will return next week.