Fans of Sony's multimedia production and editing tools get some happy news today with the release of updated versions of Vegas, ACID, and Sound Forge. Vegas Movie Studio HD 10 Platinum ($99.95) is a user-friendly video-editing application packed with all the features of the previous version as well as some handy new tools. Worth noting is Image Stabilization, which allows anyone with shaky footage to quickly and simply even out the shot with a selection of optimized presets. There's also a slideshow creator, new color correction tools, GPU-accelerated AVC rendering, and a feature that lets you burn DVDs directly from the timeline (which eliminates the need for a menu on the disc). The latest version of the software also allows up to 10 video tracks and 10 audio tracks at any given time.

On the audio side of things, Sony has released ACID Music Studio 8 ($69.95) for music and mashup creation and Sound Sound Forge Audio Studio 10 ($69.95), which offers professional tools for mastering audio projects. New features in ACID 8 include a new audio and MIDI-mixing console that offers the appearance of a traditional hardware-based mixer, which provides an integrated view of all tracks as well as time-stretching and pitch-shifting tools and enhanced remixing tools, including Beatmapper, which automatically finds the tempo of a completed song. Sound Forge 10 adds an enhanced vinyl-recording wizard for converting analog formats into digital files; support for 32-bit IEEE float bit-depth and a 192kHz sample rate; and customizable window layouts and floating window docks for creating a personalized look-and-feel.

Sony is also offering a Vegas Movie Studio HD Platinum 10 Production Suite ($129.99), which--in addition to Vegas--includes DVD Architect Studio 5, Sound Forge Audio Studio 10, Vocal Eraser technology, NewBlueFX audio and video effects, a tutorial DVD, and 400 exclusive original music soundtracks. The Imagination Studio Suite 2 offering adds ACID to the package for $50 more.

Apple has released the latest version of its Safari browser that includes fixes for four dozen security holes, mostly in the open-source WebKit technology and many of which leave a computer open to compromise by drive-by-download attacks from visiting a malicious Web page.

Safari 5 for Windows and Mac debuted on Monday. The impact on security issues is detailed in this advisory, which applies to Safari 5.0 and Safari 4.1.

The release updates the browser to display a warning before navigating to an HTTP (Hypertext Transfer Protocol) or HTTPS (secure HTTP) Web address containing user information, to better protect against phishing attacks, removes a heap buffer overflow in the handling of images using ColorSync technology, and addresses an issue in Safari's handling of PDF files.

The software also plugs 44 holes in WebKit alone that could allow for numerous types of attacks and compromises, including: information disclosure from dragging or pasting links or images; cross-site scripting attacks; unexpected actions on other sites caused by interacting with a malicious Web page; data leakage from visiting an HTTPS site that redirects to a less secure HTTP site; data being sent to an IRC server by visiting a malicious Web site; and a plethora of the garden-variety arbitrary code execution attack from visiting a malicious site.

Microsoft on Tuesday issued 10 security bulletins, fixing 34 vulnerabilities in one of its largest Patch Tuesdays to date. Meanwhile, Adobe said it would issue a patch for a critical hole in its Flash technology being exploited in the wild by delivering an update for Flash Player by Thursday, and for Adobe Reader and Acrobat by June 29.

Originally posted at InSecurity Complex

Adobe Systems said it will issue a patch for a critical hole being exploited in the wild by delivering an update for Flash Player by Thursday, and for Adobe Reader and Acrobat by June 29.

The update of Flash Player 10.x will support Windows, Macintosh, and Linux, while the date for the release of a Solaris version is still to be determined, Adobe said late Monday. Meanwhile, the Adobe Reader and Acrobat update to come in three weeks will support Windows, Mac, and Unix.

Adobe released the advisory late last week and said there had been reports of the hole being exploited to take remote control of computers.

"The June 29, 2010, security update for Adobe Reader and Acrobat represents an accelerated release of the next quarterly security update, originally scheduled for July 13, 2010," Brad Arkin, director of product security and privacy at Adobe, wrote in a blog post. "In addition to addressing CVE-2010-1297 (the latest vulnerability), the accelerated next quarterly Adobe Reader and Acrobat update will also resolve a number of responsibly disclosed vulnerabilities."

Originally posted at InSecurity Complex

Microsoft issued three critical security bulletins on Tuesday, plugging 10 holes that could allow an attacker to remotely take control of a Windows computer via a malicious media file or streaming content, or malicious Web content viewed through Internet Explorer.

Overall, this Patch Tuesday release involves 10 bulletins fixing 34 vulnerabilities affecting all supported versions of Windows, Office XP, Office 2003 and 2007 Microsoft Office System, Office 2004 and 2008 for Mac, Excel Viewer, and Sharepoint Services 3.0.

"This is the largest Microsoft patch release of 2010 and ties the record for the most vulnerabilities ever addressed in a single month; a record set in October of last year," said Joshua Talbot, security intelligence manager at Symantec Security Response. "This month's release also features the largest ever single bulletin, with 14 vulnerabilities in Excel being addressed together."

Microsoft gave the highest deployment priority to the three critical bulletins in a Security Response Center blog post. The first listed, MS10-033, fixes a hole in Quartz.dll and Asycfult.dll and is rated critical on all supported versions of Windows.

The second, MS10-034, is a cumulative update for ActiveX Kill Bits, code that flags specific ActiveX software as unsafe, and is critical on Windows 2000, XP, Vista, and Windows 7. The patch applies Kill Bits for two Microsoft controls--Internet Explorer 8 Developer Tools control and the Data Analyzer ActiveX control, which is not installed by default. The bulletin also includes Kill Bits for four third-party controls.

The third critical bulletin, MS10-035, is a cumulative update for Internet Explorer addressing six vulnerabilities including one that was disclosed in February. The hole could allow information disclosure for users running the browser on Windows XP.

The release also includes a fix for Security Advisory 983438, which involves a vulnerability in SharePoint Services 3.0 that was disclosed in late April and which could lead to a cross-site scripting attack via the browser. Proof-of-concept exploit code has been published publicly but Microsoft said it was not aware of any active attacks using the hole.

Also plugged are holes in the Windows Kernel-Mode Drivers ; the COM (Component Object Model) Validation in Office; the OpenType Compact Font Format Driver; Excel, Internet Information Services and Microsoft .NET Framework.

For bulletin MS10-036 involving COM, Office XP does not have the architecture needed to support the update so Microsoft has made a workaround available that customers can install via a Microsoft Fixit on Windows XP or newer operating systems. The FixIt is available for download from KB983235.

"The most serious is the Windows kernel TrueType font parsing vulnerability," Symantec's Talbot said. "Exploiting this--likely through a drive-by download attack--would give an attacker near system-level privileges. It's doubtful that attackers would compromise a legitimate site to exploit this vulnerability, so users should be extra cautious of social-engineering tricks coaxing them to visit unfamiliar Web pages, which could contain a malicious font."

Generally, whenever Microsoft patches IE, it's the top priority to deploy and this rule-of-thumb is doubly true this month," said Andrew Storms, director of security operations for nCircle. "Along with patching a previously disclosed bug, Microsoft is patching a number of other critical security issues in IE this month, including their PWN2OWN bug from CanSec West" in March.

Microsoft provides specific information about assessing the risk of the bulletins on the Security and Research Defense blog.

Update 1:42 p.m. PDT: Meanwhile, Apple plugged four dozen holes in Safari with its latest release of the browser and Adobe said it would issue an update for Flash Player by Thursday, and for Adobe Reader and Acrobat by June 29 to fix a critical hole.

Originally posted at InSecurity Complex

The world first knew it as Weave Sync, but Mozilla has moved Firefox's in-house synchronization project out of its Labs, calling it Firefox Sync to emphasize its connection to the browser and hint at its importance for the future.

The upcoming Firefox 4 will have the add-on's syncing features baked in, but why wait? Download the add-on and check out how Firefox Sync matches up your preferences, bookmarks, passwords, history, and open tabs in this How To video.

Officially joining the browser-based productivity game, Microsoft late Monday released the browser-based versions of Word, Excel, PowerPoint, and OneNote.

The Office Web Apps, as the programs are dubbed, are slimmed down versions of the desktop counterparts, allowing for document viewing, sharing, and lightweight editing. Consumers get free access to the tools, along with 25GB of storage as part of Windows Live, while businesses can also host their own version of the Web Apps using the latest version of Sharepoint. The main catch is that using the browser-based versions require an active Internet connection.

"We'll have more to share next week when Office 2010 is released to consumers, including how Office 2010+SkyDrive+Office Web Apps give you the best productivity experience across the PC, phone, and browser," Microsoft's Jason Moore said in a blog post. "In the meantime, if you live in the US, UK, Canada, or Ireland, you can head over to Office.live.com today to start viewing and editing Word, PowerPoint, Excel, and OneNote documents right in your web browser-and share them with your friends."

Actually, people outside those regions can also use the Web apps, by clicking here, although it may not be in their preferred language.

The launch of the Office Web Apps comes as Google has been making the case that businesses should just skip this version of Office, and add Google Docs in addition to their old version of Office.

Microsoft's Web apps are designed to work on Macs, Windows PCs, and Linux-based computers using Firefox, Internet Explorer, or Safari (though Google's Chrome and other browsers may work as well). The programs have been available in a limited technology preview since last year. The free consumer versions are designed to be ad-supported, though Microsoft has said that for the foreseeable future it expects to show ads that encourage people to buy the full version of Office.

Microsoft has also built the Web apps into a new version of Hotmail and created a labs effort called Docs.com that allows the sharing of Office documents over Facebook.

Meanwhile, the desktop versions of Office went on sale to businesses last month and are due to hit retail shelves next week.

Originally posted at Beyond Binary

AppBackr, which launches in invite only beta on Tuesday, is one of the most interesting investment projects to come up in the last few years if only for its premise. It plans to offer iPhone app developers a way to get an advance paid by investors who buy into future sales, then stand to make a profit on their investment; that is, if they get in early, and the app sells.

Those are some pretty big ifs, though the bootstrapped alternative means waiting until the sales come in before ever seeing a return on what could be months of work. On top of this, there's promotion through blogs and publications--or PR agencies that can do that work for them.

What AppBackr is trying to do is roll those two extra steps of financing and promotion into a single service, while at the same time giving developers with little or no money a way to get a cash advance in exchange for some of the eventual profits.

Here's how it works:
1. Developers pay a $25 fee (per month, the first of which is waived) to list their app in AppBackr's marketplace.
2. Developers sign up with Apple as a developer (if they haven't already), then share their iTunes Connect account credentials with AppBackr so it can keep track of sales.
3. AppBackr creates a bank account for that developer, where they can funnel revenue from app sales.
4. A developer can sell lots of their sales to investors who buy them wholesale and at a discount.
5. As soon as a buyer purchases that lot, the developer gets that money in advance to actually build the app.
6. When the app sells through each lot of sales, that buyer of the lot gets paid more than they invested. How much depends on at what stage they invested.

There are obviously quite a few more details in how this works, the primary one being how much a developer and investor stand to make after Apple and AppBackr take a cut. Developers can get a 25-cent advance (out of a 69-cent cut of a 99-cent purchase), then another 11 cents when it sells. In turn, buyers can earn a 53-cent cut of either a 45- or 35-cent investment--something that is determined on whether they poured money into the app ahead of, or after its release (respectively). AppBackr also takes a 10-cent cut of the 69 cents both before it's sold, then either 5- or 2-cent post-transaction fee depending on the whether buyers invested in it before or after it went to market.

But what happens if an invested-in app simply does not sell, or even make it past Apple's sometimes stringent reviews process?

AppBackr creator Trevor Cornwell, who CNET spoke with last week, says much of the success of the program revolves around commitment. "We've created an agreement between the buyer and the seller," Cornwell said. "Look at something like Craigslist transitioning into a marketplace like eBay. On eBay, you look for buyers--in this case developers who have a good track record. We are solving a problem for a group where there's been no simple function to be able to do that."

Cornwell says that part of the agreement of being a developer who works with AppBackr means you are obligated to sell those units purchased by AppBackr buyers, just like they're obligated to make sure that app makes it past Apple's approval process in the first place. "If they're rejected, they have to work on a commercially reasonable basis to reapply," he said.

As for developers who do find success in AppBackr's program, Cornwell believes there is reason to come back and use it again--even if they stand to make more money going solo. "If you speak to developers who have created a free or paid app, they have some features, but they want to add some more. They need a way to provide a consistent cash flow," he said. "I think that we will have developers that create a successful application then use us so that they can build these additional features."

To bring in those sales in the first place, Cornwell is expecting the wholesale buyers to play a part in actually promoting the app so it will sell. After all, it's in the buyer's interest to sell off not only their own units but any that come ahead of them. "What a developer wants us to do is identify buyers who will buy it and drive incremental traffic. For instance, [a developer] might be interested in finding five architectural bloggers who can drive 50,000 additional units of sale to their CAD app," Cornwell said.

The order of who invests is an important aspect of the process though and something Cornwell says is one of the hardest parts of the business to make sure is done fairly. "In terms of first looks and discounting, we set this up as a very developer-centric experience," he said. "You don't register as a buyer. With eBay, some of the people who are active developers are buyers. There's a nice way to profit...As we grow up, I think some of the obligation will come to us to decide how level we want to make it."

Cornwell says that buyers will eventually be able to choose to have their traffic tracked, as well as listed in AppBackr's marketplace, but that for now it's an opt-in affair. "What we're going to open up is to allow checkbox and say 'I want to make myself visible.' We'll also give them some sort of tracking URL, and we'll be able to show how effective they are." Cornwell says that's coming in September.

Cornwell hopes to have 1,000 apps invested in by the end of the year and 20,000 more in 2011. Considering Apple just announced that it had passed 225,000 apps on Monday, up from 50,000 the year prior, that's no small feat.

Originally posted at Web Crawler