Sun Microsystems on Tuesday delayed plans to release an Intel-compatible version of its forthcoming Solaris 9 operating system, the latest slight in a long and often edgy relationship between the two companies.
Sun had originally planned to release two configurations of the latest version of its Unix operating system: one for its own UltraSparc chips and one for 32-bit Intel Xeon and Pentium chips. But, said Sun executives, because of economic cutbacks, the company will only release Solaris for UltraSparc processors when the new OS ships later this year.
"We retain the option to do (Solaris on Intel) in the future," said Graham Lovell, Sun's director of Solaris product marketing. "But given where we are with the economy, we'd rather focus on our bottom line and make sure we spend our money wisely. We'd rather defer Solaris on Intel to a later date."
IDC analyst Dan Kusnetzky said Sun's plans make sense; the company makes the brunt of its profits from Solaris on UltraSparc.
News source: Cnet
Sun had originally planned to release two configurations of the latest version of its Unix operating system: one for its own UltraSparc chips and one for 32-bit Intel Xeon and Pentium chips. But, said Sun executives, because of economic cutbacks, the company will only release Solaris for UltraSparc processors when the new OS ships later this year.
"We retain the option to do (Solaris on Intel) in the future," said Graham Lovell, Sun's director of Solaris product marketing. "But given where we are with the economy, we'd rather focus on our bottom line and make sure we spend our money wisely. We'd rather defer Solaris on Intel to a later date."
IDC analyst Dan Kusnetzky said Sun's plans make sense; the company makes the brunt of its profits from Solaris on UltraSparc.
News source: Cnet
Citibank spokesperson Maria Mendler wouldn’t comment on the details of Devitry’s accusations, and instead offered a written statement: “While it is not our policy to comment on information security matters, we have taken and are continuing to take all necessary steps to ensure our c2it site is effectively protected from cross-scripting vulnerabilities.”
The alleged flaw in C2it.com revolves around a two-year-old security vulnerability called “cross-site scripting.” Effectively, it lets a current c2it.com customer sneak requests for customer information through a normal form on a Web page.
Until two years ago, many Web page designers never considered the possibility that an intruder might attempt to load malicious code onto a Web server “through the front door” — by typing it right into a Web page form requesting information like name or address or account number. As a result, few Web designers bothered checking data typed in by site visitors for suspicious characters.
In February, 2000, the federally funded CERT/CC Coordination Center, charged with calling attention to major computer risks, published an urgent bulletin on the issue.
Devitry, who publishes a site designed to expose firms that still have not protected against cross site scripting, said the c2it.com issue was particularly worrisome because it exposed customer account information. According to Citibank’s Mendler, c2it.com, a PayPal competitor, currently has 250,000 customer accounts.
“In September I talked to their e-crimes person, it sounded like someone pretty high up who would take care of things,” Devitry said. “But nothing happened. Then I kept sending them e-mail and having gotten much since then. I use the site and I like it, but I like the sites I use to be secure.”
Devitry said he published the flaw in order to convince Citibank to fix the problem.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.