Week in review: A flaw in VoIP

The flaws affect software and hardware that support the real-time multimedia communications and processing standard, known as International Telecommunications Union (ITU) H.323. The flaws can cause products to crash or, in the case of a Microsoft security server product, allow an attacker to take control of the system.

Several other companies also produce products that may be affected, but as of midday Tuesday, only Cisco Systems and Microsoft had issued advisories and patches. The flaws were found by the United Kingdom's Internet security watchdog, the National Infrastructure Security Coordination Centre, which had been testing a variety of products used in the U.K.'s critical communications infrastructure.

Microsoft released a patch for the flaw, which affects Microsoft's Internet Security and Acceleration Server 2000--part of the Small Business Server 2000 and 2003 editions. The company also released patches for vulnerability in the Microsoft Data Access Component software in Windows 2000 and XP, along with Microsoft's SQL Server 2000 and Windows Server 2003. The flaw could allow an attacker to take over a vulnerable system--only after successfully disguising the attacking computer as an SQL server.

The patches came almost two years to the day after Bill Gates launched a program called "Trustworthy Computing," designed to focus Microsoft employees on building better security into products and on improving customer response. Although the company is beginning to make progress, according to customers, much remains to be done.

Some Microsoft customers that CNET News.com contacted agree that the latest products show signs of improvement. But they note that the changes haven't been fully extended to products the software giant launched before the initiative, which make up the bulk of installations.

The music and the money
A dispute over royalty rights on copy-protected CDs and other types of music discs is helping to stall the release of some new music technology and could result in record labels owing tens of millions of dollars in back payments to music publishers.

At issue are "double session" CDs that include two versions of each song on a disc, formatted for playback on different kinds of devices. The most widely distributed type are copy-protected discs that prevent CD tracks from being copied to a hard drive, but that also include a digital version of the songs, often in Microsoft's Windows Media format, that can be transferred to a computer or portable digital music player.

A recent regulatory ruling in Canada that would impose an extra fee on digital music players is raising the ire of MP3 player manufacturers, including Apple Computer, Dell and Hewlett-Packard. A group of retailers, including Wal-Mart Stores and Best Buy, also is appealing the decision, which will be heard by a federal court.

The Copyright Board of Canada ruled in December that hard drive-based digital music players should be subject to fees aimed at compensating musicians, songwriters and record labels for copyright infringement. Similar fees are placed on blank audio tapes and CDs, and manufacturers typically pass on the costs to the consumer.

A game of tags
Products ranging from baby wipes to cat food may go wireless in the next few years, thanks to the efforts of retailers who seek to install new inventory-tracking technology and the tech companies that are lining up to help them. A cadre of tech companies, including Intel, Microsoft and Sun Microsystems, used this week's National Retail Federation trade show in New York to announced new developments in inventory management for retailers.

Intel is working to create a forum to speed the launch of technologies such as RFID (radio frequency identification) and EPC (Electronic Product Code), which the group believes are superior for managing inventory in distribution centers, in warehouses and on stores' sales floors.

Seemingly everywhere, Microsoft established a new project aimed at development of applications for nearly every aspect of the retail universe, from shopping to inventory management. Dubbed as the Smarter Retailing Initiative, the effort promises to deliver tools that allow retailers to interact with customers, improve operations management and incorporate emerging wireless technology.

In Germany, retailer Metro Group has asked its top suppliers to begin attaching special microchips to shipments, and it will install an RFID inventory-tracking system at 250 supermarket and wholesale stores this year. The microchips will be attached to shipments of everything from shampoo to cream cheese.

Tech in court
A $521 million patent verdict against Microsoft was upheld, which could ultimately force major changes in many of the most common Internet software products. The judge said he saw no reason to overturn an August jury verdict that said Microsoft's Internet Explorer Web browsing software had infringed on patent rights held jointly by small developer Eolas Technologies and the University of California.

As part of the decision, Microsoft was barred from distributing versions of its Web software that include the potentially infringing technology. However, the judge immediately put that injunction on hold until an appeal has run its course. Microsoft is expected to appeal immediately

A federal judge dismissed a lawsuit that five ReplayTV owners filed against Hollywood studios that sought to secure the right to use the product's features to skip commercials and share recordings. The judge ruled that owners of the personal video recorders no longer had an immediate and legitimate fear of being sued, after the studios pledged in August not to do so.

U.S. District Judge Florence-Marie Cooper also noted that an earlier lawsuit, which about two dozen entertainment companies filed against ReplayTV's manufacturer at the time, Sonicblue (now Digital Networks North America), was also dismissed.

Have we heard the last of Napster? The U.S. Supreme Court refused to hear an appeal of a lower court's order that pulled the file-swapping service similar to Napster in design. The justices declined without explanation to hear the case, which would have been the first Internet music piracy dispute to reach the high court.

Also of note
IBM plans to release a server in early 2005 that will accommodate as many as 64 Intel Xeon chips, a move that highlights the different directions Big Blue and Intel are taking the processor...Yahoo said it will drop search partner Google during the first quarter of 2004 in favor of its own technology, opening a new phase in the battle for Web search dominance...Novell began offering SuSE Linux customers some legal protection for using the open-source operating system, the fourth legal umbrella to emerge from a computing industry grappling with legal threats brought by SCO Group.