The greatest archiving utility in the whole world has done it again: WinRAR 3.51 won the 2006 “SIAF People’s Choice Award for Best Overall Utility“. The “Best Overall Utility” award was won by WinZip.

To express their hapiness towards this, as well as their thanks to all the people who voted for WinRAR, RarLab decided to have a 1-day offer of free registration keys for WinRAR 3.51.

All you have to do is fill in a simple form and you will receive your registration key by email. Registering will automatically place you in a mailinglist about the latest WinRAR releases and offers, but you can opt-out once you receive the first email. You may also choose to receive similar offers about software recommended by RarLab, if you are interested.

Keep in mind, though, that this is a non-upgradeable reg key, which only works with WinRAR 3.51, thus it will not be valid for the upcoming stable release of WinRAR 3.60 (currently Beta 8).

If all of the above is ok with you, hurry and get your key while the offer is still on. There are a lot of people interested in getting a free license (can’t say I’m amazed, WinRAR is an excellent utility), which kind of overloaded the win-rar.com website. You might need to try a few times to get in and submit the form correctly. Rest assured, though, that once you send the form, you will get the registration key.

*** RELEVANT LINKS ***

Get WinRAR 3.51 Registration Key
Download WinRAR 3.51
Read WinRAR Review

A day after the Firefox 1.5.0.5 update, Thunderbird 1.5.0.5 was released, again spreading itself to users all over the world through the Auto-Update function before being officially announced on its Mozilla.com homepage.
Thunderbird 1.5.0.5 brings forth better overall stability and several security improvements “part of our ongoing program to provide a safer email experience for our users” (The Mozilla Foundation).

Some of the security fixes address Javascript-related vulnerabilities, Native DOM flaws and some crashes due to memory corruption.

Check below for more detailed information, according to The Rumbling Edge.

*** FIXES AND IMPROVEMENTS IN THUNDERBIRD 1.5.0.5 ***

Security issues:

Fixed: 339740 - Heap buffer overwrite on malformed VCard (Critical)
Fixed: 284219, 329900, 331679, 331883, 336162, 337462, 338129, 338391, 340733 - Crashes with evidence of memory corruption (rv:1.8.0.5) (Moderate)
Fixed: 320982, 342507, Secunia Advisory 19873 - Memory corruption with simultaneous events (Moderate)
Fixed: 324117, 325425, 336409, 336410, 338001, 338121, 338804, 339785, 340129, 341877, 341956, 342960 - JavaScript engine vulnerabilities (Moderate)
Fixed: 337389 - PAC privilege escalation using Function.prototype.call (Moderate)
Fixed: 338288 - Code execution through deleted frame reference (Moderate)
Fixed: 338523 - XSS with XPCNativeWrapper(window).Function(…) (Moderate)
Fixed: 340107 - UniversalBrowserRead privilege escalation (Moderate)
Fixed: 340727 - Privilege escalation using named-functions and redefined “new Object()” (Moderate)
Fixed: 344759, 344960 - JavaScript new Function race condition (Moderate)
Fixed: 339918, 343594 - Native DOM methods can be hijacked across domains (Low)

Crash:

Fixed: 340882 - [XPToolkit] Invalid pointer in RemoveWindowListeners

Address book:

Fixed: 334947 - freeze if drop vCard with base64 encoded photo

Attachment-related:

Fixed: 338859 - even if the attachment file name has 0×2f, it’s not escaped

Build configuration:

Fixed: 324483 - Ah Crap! takes too long
Fixed: 339875 - ship ga-IE for 1.5.0.5
Fixed: 343157 - unit test dirs are included in final packages

Functionality:

Fixed: 314009 - Draft messages not deleted when Send Later used
Fixed: 337052 - Reactivate WarpCenter biff functionality in nsMessengerOS2Integration
Fixed: 342167 - In , 2 “Warning: Expected pseudo-element but found ‘-moz-XYZ’. Ruleset ignored due to bad selector.”

UI improvements:

Fixed: 342784 - File > Quit hangs tb if expunge inbox on exit is set

XPToolkit:

Fixed: 339213 - Software update fails because XULRunner doesn’t ship updater.ini

Mac-specific:

Fixed: 322578 - Support ppc<->x86 cross builds for Mac OS X
Fixed: 327037 - Newsgroup names over-abbreviated on UB Mac
Fixed: 340071 - pasting html from ff 1.5.0.4 into compose window in tb 1.5.0.4 doesn’t paste anything

Sun-specific:

Fixed: 322450 - TARGET_XPCOM_ABI not set in solaris builds

*** RELEVANT LINKS ***

Download Thunderbird 1.5.0.5 for Windows (.exe installer, English, 6MB)
Download Thunderbird 1.5.0.5 for Mac OS X (.dmg, Universal Binary, English, 17.7MB)
Download Thunderbird 1.5.0.5 for Linux (.tar.gz, English, 10.1MB)

Download Thunderbird 1.5.0.5 for your operating system (.exe installer, defaults to your language, if build available)
Download Thunderbird 1.5.0.5 for your operating system (.exe installer, choose the desired language)

Mozilla Thunderbird 1.5.0.5 Release Notes

Firefox 1.5.0.5 started a few minutes ago to spread itself to users worldwide through the browser’s Auto-Update functions.

Bringing forth several security improvements, better overall stability and minor changes related to localization, Firefox 1.5.0.5 is dubbed a “security update that is part of our ongoing program to provide a safe Internet experience for our customers” by the Mozilla Foundation.

Some of the security fixes address Javascript-related vulnerabilities, Native DOM flaws and some crashes due to memory corruption.

Check below for more detailed information.

*** FIXES IN FIREFOX 1.5.0.5 ***

MFSA 2006-56 chrome: scheme loading remote content
MFSA 2006-55 Crashes with evidence of memory corruption (rv:1.8.0.5)
MFSA 2006-54 XSS with XPCNativeWrapper(window).Function(…)
MFSA 2006-53 UniversalBrowserRead privilege escalation
MFSA 2006-52 PAC privilege escalation using Function.prototype.call
MFSA 2006-51 Privilege escalation using named-functions and redefined “new Object()”
MFSA 2006-50 JavaScript engine vulnerabilities
MFSA 2006-48 JavaScript new Function race condition
MFSA 2006-47 Native DOM methods can be hijacked across domains
MFSA 2006-46 Memory corruption with simultaneous events
MFSA 2006-45 Javascript navigator Object Vulnerability
MFSA 2006-44 Code execution through deleted frame reference

*** RELEVANT LINKS ***

Download Firefox 1.5.0.5 for Windows (.exe installer, English, 4.9MB)
Download Firefox 1.5.0.5 for Mac OS X (.dmg, Universal Binary, English, 16MB)
Download Firefox 1.5.0.5 for Linux (.tar.gz, English, 8.1MB)

Download Firefox 1.5.0.5 for your operating system (.exe installer, defaults to your language, if build available)
Download Firefox 1.5.0.5 for your operating system (.exe installer, choose the desired language)

Mozilla Firefox 1.5.0.5 Release Notes

A new bugfix update has been released for Vandyke SecureCRT 5.1, the highly acclaimed security and remote administration suite.

SecureCRT 5.1.3, which includes GUI and command line tools for connecting to servers via SSH (v1 and v2), Telnet, Rlogin and other communication protocols, has been improved with fixes that affect several aspects of the GUI (graphical user interface), some terminal emulation options and parts of the SSH1 protocol implementation.

Other minor changes include removal of older SecureCRT versions from the Control Panel “Add/Remove Programs” appliance and small changes to the Quick Connect dialog.

A significant change regarding SSH1 is that compression is now turned off by default for newly created connections that use this protocol.

Check the full changelog below for more details.

*** WHAT’S NEW IN SECURECRT 5.1.3 ***

Changes:
- SSH1: Compression is now off by default.

Bug fixes:
- Reduced the time it takes for the Connect dialog to display, which was noticeable on a network or USB drive.
- Running a script that modified the ANSI colors caused SecureCRT to crash.
- When CTRL+TAB was used to switch between tabs, the scrollbar had the position of the most recently active tab rather than the previous position for that tab.
- The keymap assignments changed when there were multiple tabs and a session in a tab other than the first tab was reset.
- It was not possible to specify a UNC path (Samba) for a log file as it was in versions prior to 5.0.
- In SecureCRT 5.1.2, it was not possible to disable “Send initial carriage return” in Logon Scripts as in previous versions.
- Upgrading to a newer version of SecureCRT did not remove the old entry in Add/Remove programs.
- SSH1: Under certain circumstances, SSH1 port forwarding ended abruptly.
- SSH1: When generating an RSA key for an SSH1 session, if the user did not have write permissions for the specified save folder, SecureCRT crashed.
- SSH1: The NO-OP anti-idle option caused random characters to be sent to Cisco ISR routers. The “Send protocol NO-OP” session option can now be turned off for SSH1 sessions.
- SSH1: It was not possible to specify the DES cipher from the command line for SSH1 sessions.
- VSFTP: If the “version” command was issued when VSFTP was not connected to a session, VSFTP crashed.

*** RELEVANT LINKS ***

VanDyke Homepage
Download SecureCRT 5.1.3 (.exe - 8.91MB)
SecureCRT Product Page
General What’s New page for VanDyke products

After a short absence, my postings continue with another WinRAR Beta, this time version 3.60 Beta 7, which has been posted today on the Rarlab download site. Again, only the Windows GUI and command line versions have been updated. The DOS, Mac OS X, Linux, FreeBSD ports are still at Beta 6.

It seems that the developers of WinRAR are doing some kind of code auditing these days, since, like Beta 7, this release addresses a security issue - it fixes a stack overflow vulnerability in the SFX module.

See below for the full changelog information.

*** WHAT’S NEW IN WINRAR 3.60 BETA 8 ***

Stack overflow vulnerability has been corrected in SFX module.

*** RELEVANT LINKS ***

WinRAR Review
Download WinRAR 3.60 Beta 8 for Windows (.exe - 1MB)
Download RAR 3.60 Beta 6 for Mac OS X (.tar.gz - 357KB)
Download RAR 3.60 Beta 6 for Linux (.exe - 735KB)
Download RAR 3.60 Beta 6 for FreeBSD (.exe - 701KB)
Browse FTP Directory (other languages, themes, older releases)

WinRAR 3.60 Beta 7 has been posted today on the Rarlab download site. Only the Windows GUI and command line versions have been updated. The DOS, Mac OS X, Linux, FreeBSD ports are still at Beta 6.

This release is basically a security patch - it fixes a stack overflow vulnerability in an archive processing component. The flaw was identified by a third party company.

See below for the full changelog information.

*** WHAT’S NEW IN WINRAR 3.60 BETA 7 ***

Stack overflow vulnerability has been corrected in WinRAR module processing LZH archives. We thank Ryan Smith, www.hustlelabs.com, for reporting this problem.

*** RELEVANT LINKS ***

WinRAR Review
Download WinRAR 3.60 Beta 7 for Windows (.exe - 1MB)
Download RAR 3.60 Beta 6 for Mac OS X (.tar.gz - 357KB)
Download RAR 3.60 Beta 6 for Linux (.exe - 735KB)
Download RAR 3.60 Beta 6 for FreeBSD (.exe - 701KB)
Browse FTP Directory (other languages, themes, older releases)

The 1st of July brought us a nice treat: the final version of µTorrent 1.6, the world renowned Bittorent client. Cramming up a lot of powerful features in a small package, µTorrent 1.6 Build 474 further improves upon the previous version with lots of new functionality (intelligent configurable disk caching), improvements over existing options (faster speeds than ever before) as well as several bug fixes.

The changes in version 1.6 affect many parts of the program such as torrent handling and creation, network settings and performance, statistics, UPnP functionality, Win95 compatibility and various user interface modifications. Also, you can now make your computer shutdown or hibernate when µTorrent is done downloading.

Read on for the complete list of changes in the updated version.

*** WHAT’S NEW IN µTORRENT 1.6 ***

µTorrent 1.6 Build 474 (2nd of July 2006)

- Fix: Autoload would not copy the torrent under some circumstances
- Fix: No mark was shown in the Label selection menu for the selected label
- Change: Always merge trackers if loading a torrent in silent mode

µTorrent 1.6 Build 474 (1st of July 2006)

- Feature: Ability to filter files in torrent creator
- Feature: Add a move to top/down button or key
- Feature: Add a way to make µt startup in bosskey mode
- Feature: Add a way to set the upload/download cap through system tray
- Feature: Add an option to reset bans
- Feature: Add remaining HD space in the BC-style dialog
- Feature: Added “Completed On” column
- Feature: Added a way to delete the internal peerlist
- Feature: Added bandwidth priority and tracker status column
- Feature: Added graphical progress bar in main list
- Feature: Added option to allow multiple connections from same IP.
- Feature: Added option to bypass the Nanotorrent search redirect.
- Feature: Added option to open download bar when doubleclicking a torrent
- Feature: Allow torrents in list to be renamed
- Feature: Change label from the torrent properties dialog
- Feature: Delete torrents to trash
- Feature: Disk statistics
- Feature: Draggable download bars separate from the main window
- Feature: Enable scheduler from tray
- Feature: Make shift + delete key remove torrent + data
- Feature: New disk cache settings
- Feature: Open containing folder selects the item
- Feature: Open the folder if you click on the tray popup when a download is finished
- Feature: Pause in tetris
- Feature: Proxy for peer connections
- Feature: RSS update interval
- Feature: Remember waste/hashfails across sessions
- Feature: Removing torrent will remove partfile
- Feature: Set default action for delete button (right click on it and hold shift)
- Feature: Setup outgoing port to bind to
- Feature: Show a warning if no disk space when moving a complete torrent
- Feature: Show a warning in the add dialog if the torrent doesn’t fit on the drive
- Feature: Show speed in title bar
- Feature: Show speed limits in status bar
- Feature: Shutdown/hibernate when downloads complete
- Feature: Standby when torrents complete
- Feature: Torrent create dialog remembers the previous settings

- Change: ‘min interval’ was misspelled.
- Change: Added buttons to select all / deselect in the add dialog
- Change: Added option not to connect to port 25 or 110
- Change: Auto Shutdown Windows available from a menu
- Change: Change so it always shows 3 digits in sizes.
- Change: Changed connections for the 384k speed
- Change: Delay firewall opening a little to help problem where utorrent starts faster than the firewall.
- Change: Don’t delete torrents from list if the torrentfile wasn’t found
- Change: Don’t resolve peer ips by default
- Change: Don’t switch between green/yellow icon too often
- Change: Don’t use router.bittorrent.com
- Change: Edit button in RSS feeds window
- Change: Fixed various language strings to be more consistent
- Change: If the file cannot be opened, delay a little while and try again.
- Change: Increased length of editbox for new labels
- Change: Modified algorihtm for giving extra upload slots
- Change: More dialogs are non-modal
- Change: Never request more than 50 chunks from a bitcomet peer
- Change: New UPnP code (works on all OSes)
- Change: Redesigned settings dialog (I still need icons for the categories)
- Change: Remember the last speed tab view mode
- Change: Resolve IPs is on by default, but only if the Peers tab is active.
- Change: Separate the tracker from the webui + webui settings
- Change: Show a message in the logger if the autoload is set to the same as the storage folder.
- Change: Show a warning dialog when auto shutting down
- Change: Show better error message when adding a torrent through URL and it can’t be loaded
- Change: Show decimal in download bar
- Change: Speed in title bar is shown a little differently
- Change: Swapped UL/DL in download bar
- Change: Trim spaces from tracker url in create torrent dialog
- Change: Tweaked piece selection algorithm a little
- Change: num_wsa_events to control how many WSA EVENTS to allocate
- Change: peer.lazy_bitfield enabled by default.
- Change: Changed the network status icons
- Change: Moved the network status icon a bit

- Fix: Couldn’t use Unicode characters with search box
- Fix: Don’t allow blank filenames for single-file torrents (uses default name instead)
- Fix: Don’t crash if popup menu is active while the active torrent is deselected
- Fix: Fixed Win95 problems.
- Fix: Fixed a bunch of crash bugs.
- Fix: Generals tab should flicker less
- Fix: Make the after crash re-check not re-check torrents that already finished in that session
- Fix: Never create torrents with more than 64k pieces.
- Fix: RSS Favorites list bug
- Fix: Resize some labels to make more space
- Fix: Setting upload/download limit uses the currently active limit
- Fix: Superseeding should work better
- Fix: The label entry box in the BC-style dialog is too short
- Fix: Wrap comments field

*** RELEVANT LINKS ***

Download µTorrent 1.6 Full (installer, 574KB)
Download µTorrent 1.6 Standalone (exe only, 170KB)
Download µTorrent 1.6 Language Pack (.lng, 270KB)
µTorrent Official Site
µTorrent Skins
µTorrent 1.6 Full Changelog

WinRAR 3.60 Beta 6 has been posted just minutes ago on the Rarlab download site. Beside the Windows GUI version, the command line DOS, Linux, Mac OS and FreeBSD have been updated.

The release brings forth a few bug fixes, generally related to command line switches (options).

See below for the full changelog information.

*** WHAT’S NEW IN WINRAR 3.60 BETA 6 ***

- Switch -ad did not work in GUI winrar.exe.
- When repairing several archives, console RAR did not handle ‘No’ choice of overwrite archive request properly. It aborted the operation instead of skipping the current archive.

*** RELEVANT LINKS ***

WinRAR Review
Download WinRAR 3.60 Beta 6 for Windows (.exe - 1MB)
Download RAR 3.60 Beta 6 for Mac OS X (.tar.gz - 357KB)
Download RAR 3.60 Beta 6 for Linux (.exe - 735KB)
Download RAR 3.60 Beta 6 for FreeBSD (.exe - 701KB)
Browse FTP Directory (other languages, themes, older releases)