Recently we got a report that Image Uploader suffers from buffer overrun vulnerability. A BID was submitted by Elazar Broad to http://www.securityfocus.com, and he emailed us to inform about it. I am taking an  opportunity to thank Elazar for all his help with it. Here is this BID:  

http://www.securityfocus.com/bid/26537

It happened on weekends, so we had to go to the office on Sunday. Fortunately the problem was not difficult to locate and fix. So we have released version 4.5.70 which does not have this proble, and now we are informing all our customers to update Image Uploader on their websites.

You may wonder why this issue is so important. The problem is that buffer overrun vulnerability means that malicious persons can execute arbitrary code (including malware of course) on each computer where Image Uploader is installed. Many millions of people who visit websites of our customers are under the risk. If you are interested what buffer overrun is, here is a Wikipedia article:

http://en.wikipedia.org/wiki/Buffer_overrun 

So we urge everybody who uses Image Uploader to upload files to their websites to install the latest version. It is downloadable from the Image Uploader download page. 

Now here is a small FAQ.

Q: What versions of Image Uploader are vulnerable? 

A: All Image Uploader builds of 4.x family, except of 4.5.70 of course.

Q: What about previous versions?

A: This issue appeared when we added possibility to navigate to the arbitrary folder through the JavaScript. This feature was introduced in the 4.0 version. So if you are using version 3.5 or earlier, this issue does not affect you. 

However if you received version 3.x after we officially discontinued it, please contact us. We need to check it out.

Q: Where to download the fixed version?

A: First of all, you can download the latest version from the Image Uploader download page:

http://www.aurigma.com/Products/ImageUploader/FreeTrial.aspx

Q: How to install the update?

A: The update installation process is the same as described in documentation. In short:

1. Download the latest .cab file (it should be version 4.5.70 or later).
2. Replace it on your server.
3. Update the version number in Image Uploader initialization block. It should be looking like this: iu.activeXControlVersion = "4,5,70,0";

A: This is a minor update. According to our upgrade policy, minor updates are free.

Q: I still have questions. Where I can get more information?

A: Please email us at info@aurigma.com.

Today I found very interesting article The business Value of Social Netwoking Applications.

This paper discusses the main features of enterprise social networks. One of the main author's ideas is that these integrated social network applications bring new value to the enterprise by linking individuals to each other and providing relevant content and tools across the organization. And this networking can extend beyond the firewall to engage partners and customers in the dialog. Then author shows the typical types and benefits of enterprise social networks. Strictly speaking social networks can be involved in the most of company business processes:

• Sales
• Marketing
• Development
• And so on

In spite of this article is sponsored by HiveLive – the company which promotes its own solution for enterprise social network – it is useful to read it. This paper gives the understanding why companies use social networks and forecasts common tendencies on this market.

At the Max 2007 developer conference Adobe product manager Geoff Baum gave a demo of Photoshop Express, the Flash-based image editor that runs inside a Web browser: http://www.news.com/Adobe-flashes-more-looks-at-online-Photoshop-Express/8301-10784_3-9790168-7.html?part=dht . This press-release says that PhotoshopExpress will targeted to low-end market to compete with free desktop photo editors. This product has the following functionality:

• red eye removal
• thumbnail generation
• varoius photo effects like sepia
• interactive undo/redo
• color correction
• and so on

This press-release http://www.news.com/Adobe-to-take-Photoshop-online/2100-7345_3-6163015.html says that the product will be free, Adobe is going to monetize it using online advertising.

Image Uploader 5.0 Dual is going to be released in the middle of December 2007. Here is the list of main improvements in this version:

1. Native view on Vista.
2. Enhanced capabilities of One Pane mode:
   • DropFilesHere image – you can show any image instead of text now.
   • Background image – you can put your logo right to upload pane.
   • Cusmomizible button view – you can specify specific image for any button state.
   • Instant upload - upload process starts right after selecting files.
3. More control over upload process:
   • Additional events: PackageBeforeUpload, PackageError, PackageComplete and PackagProgress.
   • Ability to uncheck specific files from JavaScript.
   • Restore upload pane content to implement any several steps order etc.
4. Zip-archive compression – you can compress files before uploading, not only make thumbnails.
5. Image Uploader POST request format changing – you can change the format of upload request to add Image Uploader to any popular CMS, blogging system etc. without server side scripts changing.

Here is how it looks now on Vista:

So if you are interesting feel free to write us.

We have a huge feedback from our clients: we have a lot of emails, forum messages, calls etc. every day. And you know, sometimes we get brilliant ideas about how to use our products for different tasks. Also we have a lot of questions about how to do this and how to do that. Some ideas are interesting for a lot of our clients. Thus we will make Aurigma Forge, the resource where such ideas implementation articles will be stored.

At the nearest time I'm going to post some articles there. I will describe the new samples of Image Uploader usage. Other members of our team will write their articles too. And we are waiting for such posts from you. I'm sure there are more tasks our products could help with so let's put these ideas together.

At the nearest time the new resource will be created. It will be named Aurigma Forge. We know that our clients have a lot of experience in using such popular products as Image Uploader and Graphics Mill for .NET so Aurigma Forge will be the best place to show your skills to the others. We are going to post our ideas here too.

I am watching the buzz around social network application platforms - Facebook, MySpace, and now - Google with OpenSocial. The idea seems to be brilliant, and it advances the web world. Moreover, it brings us new customers (I will not publish any names, but some of them are really well-known Facebook platform apps developers). We should be happy.

However there are also some menacing tendencies. Let's look what benefits OpenSocial gives to developers:

OpenSocial is a set of three common APIs, defined by Google with input from partners, that allow developers to access core functions and information at social networks:

• Profile Information (user data)
• Friends Information (social graph)
• Activities (things that happen, News Feed type stuff)

http://www.techcrunch.com/2007/10/30/details-revealed-google-opensocial-to-be-common-apis-for-building-social-apps/

But what is about privacy? Google allows to gather together different information about users and this info may become as detailed as archives of secret special servies. When I write in one social network that, say, I am a guitar player, and I like to listen to Ramones, and write in another where I am working, and submit on Google to specific RSS feeds, I do not expect someone to glue these data together and use it to make money on me. What I want is to let other people with similar interests to find me. I do not want anyone to estimate my interests, my paying capacity, my information channels, and sell something based on this info.

Just wondering whether they regulate it in some way? If not, some time later social networking industry may face the problem that people remove accounts or stop leaving personal information.