Monday, February 28, 2011

Celtic Woman - Jesu Joy of Man's Desiring



- wong chee tat :)

Your Grace Is Enough - Chris Tomlin



- wong chee tat :)

Nothing Is Impossible - Planetshakers



- wong chee tat :)

HDB launches three BTO projects in Sengkang, Bukit Panjang

HDB launches three BTO projects in Sengkang, Bukit Panjang
Posted: 28 February 2011 1115 hrs

SINGAPORE: The Housing & Development Board (HDB) has launched three Build-To-Order (BTO) projects comprising 1,593 standard flats.

Two of the projects - Fernvale Flora and Fernvale Gardens - are located in Sengkang.

The third, Segar Vale, is in Bukit Panjang.

Units in Segar Vale cost between S$83,000 and S$354,000 while the units at the two Sengkang BTO projects cost between S$88,000 and S$378,000.

Ninety-five per cent of the flat supply will be set aside for First-Timer households.

First-time flat buyers are estimated to use 16 per cent to 24 per cent of their monthly household income to meet their monthly loan payments for flats in Fernvale Flora, Fernvale Gardens and Segar Vale.

HDB said it has ramped up its new flat supply significantly to meet the demand from first-timer households.

This year, it plans to offer up to 22,000 new flats under BTO, if demand is sustained.

In the first six months of 2011, flat buyers can look forward to about 11,000 new BTO flats.

These projects will have a good geographical spread in towns/estates such as Bukit Panjang, Jurong West, Punggol, Sengkang and Sembawang.

The next BTO launch in March 2011 will offer about 1,500 flats in Jurong West and Sengkang.

- CNA/fa

- wong chee tat :)

GCE 'A' level results to be released on March 4

GCE 'A' level results to be released on March 4
Posted: 28 February 2011 1037 hrs

SINGAPORE: The GCE 'A' Level examination results will be released on Friday, March 4.

The Education Ministry said school candidates may obtain their result slips from their respective schools from 2.30 pm on Friday.

Private candidates will be able to obtain their results through the Singapore Examinations and Assessment Board website from 2.30pm on March 4, 2011.

They will also be notified of their results by post.

- CNA/fa

- wong chee tat :)

Sunday, February 27, 2011

UOB to hire 2,000 this year

UOB to hire 2,000 this year
By Rachel Kelly | Posted: 25 February 2011 2234 hrs

SINGAPORE: Singapore lender United Overseas Bank (UOB) is planning to hire some 2,000 staff in Singapore and the region this year.

The bank said it would mainly be targeting sales and branch network support growth.

The bank is looking to triple its assets under management -- currently at S$40 billion for individuals with assets of $200,000 and above -- by 2015.

The lender is also targeting 50 per cent of its wealth management business to come from the region - up from the current 20 per cent.

UOB said it plans to expand its network of wealth management centres from the current 29 to 64, and profit contributions from mass affluent and high net-worth individuals to grow from 35 per cent to 50 per cent by 2015.

Analysts said that they expect Singapore's lenders to look more to the region for growth.

Improved economic conditions lifted the earnings of Singapore's three lenders in 2010.

Fitch Ratings' Financial Institution director Alfred Chan said UOB, DBS and OCBC reported an improved earnings year-on-year.

"This, I believe, is in line with the broader economic trend. There wasn't any unexpected results that came out of this 2010 results.

"I think what is clear is that asset quality pressures that was clearly an issue in the mid of the recession has clearly eased since mid-2009 with the sharp rebound in exports and GDP.

"That's shown in the strong GDP numbers and that flowed in 2010 and banks being the organ of the economy mirrors that kind of economy".

DBS's profit for the full-year grew 28 per cent, while OCBC's grew 15 per cent.

UOB reported on-year growth of 42 per cent and UOB, the last of the three banks to report its earnings, is looking to expand aggressively overseas.

UOB deputy chairman and CEO Wee Ee Cheong said: "I'm happy with the result but I think we can do a lot more.

"What we are doing in the region is to integrate our regional branches to create a common platform and we are transforming a collection of banks into a fully integrated region of banks.

"That is important for us because it is win -in for both customer as well as bank and I believe the next few years, the region is the one that will generate a lot of potential benefit for us".

While 2010 was a good year for Singapore's three lenders, analysts said they expect in 2011, property curbs in the Singapore market to limit growth for the bank's loan portfolio.

However, UOB said it expects its loan book to grow in the mid teens for 2011.

Analysts said with Singapore's saturated market, the regional approach is the way to go.

Fitch Rating's Mr Chan said: "I think the emphasis will change somewhat - Singapore is a very mature banking system, so there is a lot of competition.

"Banks may choose to grow a bit more outside of Singapore where credit opportunities are more, particularity Indonesia because it is a fast growing market and because of the fast growing population there, there is a lot of potential.

"But risks are also much higher in comparison to Singapore, so banks have to manage those carefully".

With consumers also seeking to tap into the growth in other emerging economies such as China, UOB is the latest local bank to announce plans to offer products denominated in the Chinese yuan to retail investors, from the first week in March.

-CNA/wk

- wong chee tat :)

More competition for tour operators at NATAS Fair

More competition for tour operators at NATAS Fair
By Liang Kaixin, Tan Qiuyi | Posted: 26 February 2011 1954 hrs

SINGAPORE: Singapore's largest travel fair, the NATAS Travel Fair, is seeing intense competition amongst tour operators this year.

The three-day fair, from February 25 to 27 at Singapore Expo, is expected to draw about 68,000 visitors.

Travel agents said popular destinations like Europe, Japan, Korea and China are still bestsellers, although more Singaporeans are heading for exotic destinations like South Africa, Bhutan, and even far-flung South America.

Educational travel for youth, like immersion and home stays, are also on the rise.

Overall, operators are upbeat.

Ayoob Angullia, Managing Director of Shahidah Travel, said: "I think compared to last year, (customers are up by) more than 25 per cent. Who knows, maybe because of the bonus Budget...people are expecting to get the extra money and are willing to spend."

-CNA/ac

- wong chee tat :)

PUB pushing households to save water

PUB pushing households to save water
By Qiuyi Tan | Posted: 27 February 2011 1905 hrs

SINGAPORE: National water agency PUB is making another push to get households to save water, with a water conservation awareness programme.

It includes three TV commercials with two focusing on high water consumption activities at home.

About half the water used in the home goes to the shower and the kitchen sink.

Showers make up 29 per cent of an average family's monthly water use, while the kitchen sink, 22 per cent.

One way to cut down on water wastage is to install thimbles in taps and showerheads.

Another is to work with maid employment agencies to teach domestic workers to use water efficiently.

So far, more than 10 agencies have come on board and sent their trainers to the course.

PUB said it plans to reach out to all maid agencies in the next few years.

-CNA/wk

- wong chee tat :)

Thursday, February 24, 2011

Microsoft Security Advisory (2491888)

Microsoft Security Advisory (2491888)

Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of Privilege

Published: February 23, 2011
Version: 1.0

General Information

Executive Summary

Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft. The update addresses a privately reported vulnerability that could allow elevation of privilege if the Microsoft Malware Protection Engine scans a system after an attacker with valid logon credentials has created a specially crafted registry key. An attacker who successfully exploited the vulnerability could gain the same user rights as the LocalSystem account. The vulnerability could not be exploited by anonymous users.
Since the Microsoft Malware Protection Engine is a part of several Microsoft anti-malware products, the update to the Microsoft Malware Protection Engine is installed along with the updated malware definitions for the affected products. Administrators of enterprise installations should follow their established internal processes to ensure that the definition and engine updates are approved in their update management software, and that clients consume the updates accordingly.
Typically, no action is required of enterprise administrators or end users to install this update, because the built-in mechanism for the automatic detection and deployment of this update will apply the update within the next 48 hours. The exact time frame depends on the software used, Internet connection, and infrastructure configuration.

Advisory Details

Issue References

For more information about this issue, see the following references:
ReferencesIdentification
CVE Reference
Last version of the Microsoft Malware Protection Engine affected by this vulnerability
Version 1.1.6502.0*
First version of the Microsoft Malware Protection Engine with this vulnerability addressed
Version 1.1.6603.0**
*This version is the last version of the Microsoft Malware Protection Engine that is affected by the vulnerability.
**If your version of the Microsoft Malware Protection Engine is equal to or greater than this version, then you are not affected by this vulnerability and do not need to take any further action. For more information on how to verify the engine version number that your software is currently using, see the section, "Verifying Update Installation", in Microsoft Knowledge Base Article 2510781.

Affected Software and Severity Ratings

The following software have been tested to determine which versions or editions are affected. Other versions or editions are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, visit Microsoft Support Lifecycle.
The Microsoft Malware Protection Engine is a part of several Microsoft anti-malware products. Depending upon which affected Microsoft anti-malware product is installed, this update may have different severity ratings. The following severity ratings assume the potential maximum impact of the vulnerability.
Affected Software
Vulnerability Severity Rating and Maximum Security Impact by Affected Software
Anti-malware SoftwareMicrosoft Malware Protection Engine Vulnerability - CVE-2011-0037
Windows Live OneCare
Important
Elevation of Privilege
Microsoft Security Essentials
Important
Elevation of Privilege
Microsoft Windows Defender
Important
Elevation of Privilege
Microsoft Forefront Client Security
Important
Elevation of Privilege
Microsoft Forefront Endpoint Protection 2010
Important
Elevation of Privilege
Microsoft Malicious Software Removal Tool
Important
Elevation of Privilege
Non-Affected Software
Anti-malware Software
Microsoft Antigen for Exchange
Microsoft Antigen for SMTP Gateway
Forefront Protection 2010 for Exchange Server
Forefront Threat Management Gateway 2010
Microsoft Forefront Security for SharePoint
Forefront Security for Office Communications Server
Microsoft Standalone System Sweeper (part of Microsoft Diagnostics and Recovery Toolset)

Exploitability Index

The following table provides an exploitability assessment of the vulnerability addressed in this advisory.
How do I use this table?
Use this table to learn about the likelihood of functioning exploit code being released within 30 days of this advisory release. You should review the assessment below, in accordance with your specific configuration, in order to prioritize your deployment. For more information about what these ratings mean, and how they are determined, please see Microsoft Exploitability Index.
Vulnerability TitleCVE IDExploitability Index AssessmentKey Notes
Microsoft Malware Protection Engine Vulnerability
1 - Consistent exploit code likely
This is an elevation of privilege vulnerability

Frequently Asked Questions (FAQ) About this Advisory

Is Microsoft releasing a Security Bulletin to address this vulnerability?
No. Microsoft is releasing this informational security advisory to help ensure customers are aware that this Microsoft Malware Protection Engine update also addresses a security vulnerability reported to Microsoft.
Typically, no action is required of enterprise administrators or end users to install this update.
Why is typically no action required to install this update?
In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, anti-malware software must be kept up to date with these updates in a timely manner.
For enterprise deployments as well as end users, the default configuration in Microsoft anti-malware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.
Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Engine updates and malware definitions, is working as expected in their environment.
How often are the Microsoft Malware Protection Engine and malware definitions updated?
Microsoft typically releases an update for the Microsoft Malware Protection Engine once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed.
Depending on which Microsoft anti-malware software is used and how it is configured, the software may search for engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.
How can I install the update?
Administrators of enterprise installations should follow their established internal processes to ensure that the definition and engine updates are approved in their update management software, and that clients consume the updates accordingly.
For more information on installing the latest definitions, visit the Microsoft Malware Protection Center, or refer to your product documentation.
For end users, no further action is required because this security update will be downloaded and installed automatically through automatic updating or through their anti-malware software. For information on how to configure anti-malware software, refer to your product documentation.
For end users who want to install this update manually, refer to the following table.
Note Updates available through Microsoft Update will be listed as Important. Look for the appropriate update for your software with a name similar to the example listed in parenthesis () in the table below.
SoftwareUpdate MechanismOther methods of updating
Microsoft Security Essentials
Microsoft Windows Defender
Microsoft Forefront Client Security
Microsoft Forefront Endpoint Protection 2010
Microsoft Update
(Example: "Definition Update for Microsoft Forefront Endpoint Protection 2010")
Microsoft Malicious Software Removal Tool
Available on Tuesday, March 8, 2011
(None)
Note For additional information about deployment of this update for specific Microsoft anti-malware products, refer to Microsoft Knowledge Base Article 2510781.
What is the Microsoft Malware Protection Engine?
The Microsoft Malware Protection Engine, mpengine.dll, provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software. For more information, see the section, Microsoft Malware Protection Engine Deployment, later in this advisory.
Where can I find more information about Microsoft anti-malware technology?
For more information, visit the Microsoft Malware Protection Center Web site.
Why is ISA Server not listed in the affected or non-affected software list?
While Microsoft Internet Security and Acceleration (ISA) Server is the predecessor of Forefront Threat Management Gateway 2010 (TMG), ISA Server does not contain the Microsoft Malware Protection Engine and as such is not considered in this advisory. Malware Scanning using the Microsoft Malware Protection Engine was first introduced in Forefront TMG. For more information about new features in Forefront TMG, see the Forefront Threat Management Gateway 2010 page, What's New.
Why is no update for the Malicious Software Removal Tool (MSRT) available at this time?
The vulnerability can only be exploited through the MSRT when MSRT is offered and downloaded using Automatic Updates, upon which time MSRT runs only once. An attacker cannot exploit this vulnerability by running the MSRT manually. Microsoft is planning to release an updated version to address the issue in the Malicious Software Removal Tool on Tuesday, March 8, 2011.

FAQ for Microsoft Malware Protection Engine Vulnerability - CVE-2011-0037

What is the scope of the vulnerability?
This is an elevation of privilege vulnerability. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
What causes the vulnerability?
The vulnerability is caused when the Microsoft Malware Protection Engine fails to properly process a registry key that an attacker has set to a specially crafted value.
What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
What is the LocalSystem account?
The LocalSystem account is a predefined local account used by the service control manager. It has extensive privileges on the local computer, and acts as the computer on the network. Its token includes the NT AUTHORITY\SYSTEM and BUILTIN\Administrators SIDs; these accounts have access to most system objects. A service that runs in the context of the LocalSystem account inherits the security context of the Service Control Manager. Most services do not need such a high privilege level. For more information, see the MSDN article, LocalSystem Account.
How could an attacker exploit the vulnerability?
This vulnerability requires that a specially crafted registry location be scanned by an affected version of the Microsoft Malware Protection Engine. To exploit this vulnerability, an attacker would first have to log on to the system, and then set a user registry key to a specially crafted value.
If the affected anti-malware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan the location automatically, leading to exploitation of the vulnerability and allowing the attacker to take complete control of the affected system. If real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited and to take complete control of the affected system. An attacker could not exploit the vulnerability by initiating a scan manually.
In addition, exploitation of the vulnerability could occur when the system is scanned using an affected version of the Malicious Software Removal Tool (MSRT). However, if the current version of the MSRT has already run on the system, an attacker could not use the MSRT to exploit this vulnerability.
What systems are primarily at risk from the vulnerability?
Workstations and terminal servers are primarily at risk. Servers could be at more risk if users who do not have sufficient administrative permissions are given the ability to log on to servers and to run programs. However, best practices strongly discourage allowing this.
What does the update do?
The update addresses the vulnerability by correcting the manner in which the Microsoft Malware Protection Engine processes values read from the registry.
When this security advisory was issued, had this vulnerability been publicly disclosed?
No. Microsoft received information about this vulnerability through coordinated vulnerability disclosure.
When this security advisory was issued, had Microsoft received any reports that this vulnerability was being exploited?
No. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers when this security advisory was originally issued.

Mitigating Factors and Suggested Actions

Mitigating Factors

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of this issue. The following mitigating factors may be helpful in your situation:
An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.
An attacker could use the Malicious Software Removal Tool (MSRT) to exploit this vulnerability only if MSRT has not already run on the system. For the majority of end users, the current version of the MSRT will already have downloaded and run automatically through automatic updating.

Suggested Actions

There is typically no action required for enterprise administrators or end users to install this update. Microsoft recommends that customers keep malware definitions up to date at all times. Customers should verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded and installed for their Microsoft anti-malware products.
Administrators of enterprise anti-malware deployments should ensure that their update management software is configured to automatically approve and distribute engine updates and new malware definitions. Enterprise administrators should also verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded, approved and deployed in their environment.
For end-users, the affected software provide built-in mechanisms for the automatic detection and deployment of this update. For these customers the update will be applied within 48 hours of its availability. The exact time frame depends on the software used, Internet connection, and infrastructure configuration. End users that do not wish to wait can manually update their anti-malware software.
For more information on how to manually update the Microsoft Malware Protection Engine and malware definitions, refer to Microsoft Knowledge Base Article 2510781, or refer to the section, Frequently Asked Questions (FAQ) About this Advisory.

Other Information

Acknowledgments

Microsoft thanks the following for working with us to help protect customers:
Cesar Cerrudo of Argeniss for reporting the Microsoft Malware Protection Engine Vulnerability (CVE-2011-0037)

Microsoft Active Protections Program (MAPP)

To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections Web sites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners.

Feedback

You can provide feedback by completing the Microsoft Help and Support form, Customer Service Contact Us.

Support

Customers in the United States and Canada can receive technical support from Security Support. For more information about available support options, see Microsoft Help and Support.
International customers can receive support from their local Microsoft subsidiaries. For more information about how to contact Microsoft for international support issues, visit International Support.
Microsoft TechNet Security provides additional information about security in Microsoft products.

Disclaimer

The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

V1.0 (February 23, 2011): Advisory published.


- wong chee tat :)

S$3b project to revive fading CBD

S$3b project to revive fading CBD
By Jo-ann Huang | Posted: 23 February 2011 2230 hrs

SINGAPORE: Property developer Guocoland's latest Tanjong Pagar project holds a new promise for the fading business district that has been overshadowed by the brand new Marina Bay area, home to the swanky Marina Bay Financial Centre.

The S$3 billion project will have more than 500,000 square feet of residential space.

It will also have more than one million square feet of office space.

Analysts expect keen investment interest in the project once it's ready in four to five years.

Guocoland chairman Sat Pal Khattar said the project, which features first-class office and residential buildings, hotels, and leisure facilities, has potential.

"People will live here and work here, and be involved with all the other activities," Mr Khattar said.

World-renowned architects Skidmore, Owings & Merrill and Architect 6 will design the project, which currently does not have a name.

Guocoland's 78-storey project will be one of the tallest buildings in the CBD.

It will also house one of the biggest apartment complexes in Tanjong Pagar, at 509,000 square feet.

This is second only to United Industrial Corporation's 927,000 square feet new development, where 60 per cent or 556,000 square feet of space will be allocated for residential units.

Median rentals for housing units in the area increased 10 per cent in 2010.

And they look set to rise now that Tanjong Pagar is becoming a choice destination to work, live and play.

Cushman & Wakefield vice chairman Donald Han said: "(The residential units) will be proper one-, two- or three-bedroom penthouse units; it might mirror the size of the Sail, for instance.

"Any development which is iconic in nature, located (near an) MRT station, (and) offers excellent views especially on the higher floors will be (sold) fairly well, and we will expect the end pricing to exceed the S$2,000 per square foot mark easily".

If economic growth remains robust at four to six per cent a year, analysts say occupancy for Guocoland's project could be between 80 and 100 per cent.

Mr Han said: "If you are looking from now till 2015 or 2016, in line with the new sites that will be triggered or developed by commercial developers, we will probably see a consistent two to 2.5 million square feet on a per annum basis.

"And that's enough to be... absorbed by the market. So we don't have any major inequilibrium in terms of the potential supply that will be coming into the market place".

Office rents in the CBD area rose 16.5 per cent last year.

Analysts said with strong demand from financial services firms, office rents in the CBD are expected to increase further.

Guocoland won the tender for the Tanjong Pagar site, which is also a white site, in November last year.

The site sits on Tanjong Pagar MRT station and was bought for S$1.7 billion dollars, and has a site area of 161,703 square feet and a gross floor area of 1,697,892 square feet.

Guocoland is owned by Malaysian tycoon Quek Leng Chan and its Singapore portfolio includes Sophia Residence and Goodwood Residence.

-CNA/wk

- wong chee tat :)

HDB receives 19 bids for Bishan land parcel

HDB receives 19 bids for Bishan land parcel
Posted: 24 February 2011 1801 hrs

SINGAPORE : The Housing and Development Board (HDB) has received a total of 19 bids for the residential land parcel at Bishan Street 14 at the close of its tender on Thursday.

Bishan Residential Development submitted the highest bid of S$550.1 million for the site.

The 11,997 square metre land parcel is meant for condominium housing development and is being offered for sale on a 99-year lease.

It has a maximum gross floor area of about 58,786 square metres, which can yield an estimated 650 dwelling units.

The top bid of S$550.1 million for the land parcel translates to about S$9,358 per square metre per gross floor area.

The next highest bid of S$432.3 million came from Keppel Land Realty, followed by a S$427.8 million bid by MCC Land (Singapore).

Other tenderers included Qingdao Construction (Singapore), MCL Land, Allgreen Properties and Sim Lian Land.

The lowest bid of S$213 million was submitted by Leng Hoe Development.

The land parcel was launched for public tender on January 21.

HDB said it would evaluate the bids and announce the final tender results within the next two weeks.

- CNA/al

- wong chee tat :)

Wednesday, February 23, 2011

王光良 + 江美琪 - 對你有感覺




- wong chee tat :)

Everlasting God



- wong chee tat :)

Caltex to raise pump prices

Caltex to raise pump prices
Posted: 23 February 2011 1501 hrs

SINGAPORE: Prices of petrol in Singapore have gone up again.

Caltex said it will raise petrol and diesel prices by four cents a litre.

Following the increase, a litre of Premium 95 with Techron costs S$2.047 while its Platinum 98 with Techron costs S$2.175.

A litre of diesel now costs S$1.523.

Caltex said it will continue to monitor the market closely and adjust its discounts and pump prices when necessary.

Pump prices are close to the record levels set in June 2008 where a litre of 98 grade fuel cost about S$2.30.

- CNA/fa

- wong chee tat :)

COE prices increase across the board

COE prices increase across the board
Posted: 23 February 2011 1624 hrs

SINGAPORE: The Certificate of Entitlement (COE) prices have gone up across the board in the latest bidding exercise which ended Wednesday afternoon.

The largest jump was seen in big cars (above 1600cc) with an increase of S$8,600 to S$62,000.

The next biggest jump was prices for small cars (below 1600cc), which climbed S$5,875 to S$42,999.

COE premiums of the open category increased S$3,111 to S$62,001.

Meanwhile, premium for goods vehicles went up S$422 to S$29,011.

The price smallest increase was seen in the motorcycles category, which climbed S$182 to S$2,001.

-CNA/wk

- wong chee tat :)

Don't buy these 'traditional medicines', says HSA

Don't buy these 'traditional medicines', says HSA
By Sharon See | Posted: 23 February 2011 1731 hrs

SINGAPORE: The Health Sciences Authority (HSA) has warned the public against taking three health products that are "sold under the disguise of traditional medicines".

These are: Majun Dua Istimewa, Raja Maajun-Jerat Dan Seret Angin and Horkut Chooi Foong Hor Lok Tan.

HSA said analytical tests conducted by its pharmaceutical laboratory showed the products contain various "undeclared potent western medicines".

Health products that contain undeclared western medicines are considered illegal products.

It added that such products are dangerous and harmful to health as they are made under poor manufacturing conditions with no proper quality controls or professional oversight.

These products can cause serious side effects.

HSA said it conducted in-depth investigations after receiving reports of side effects in consumers.

It said it found dexamethasone, a type of steroid drug, in all three products.

Raja Maajun-Jerat Dan Seret Angin is also said to contain chlorpheniramine, which can cause drowsiness and urinary retention.

HSA said it found indomethacin, paracetamol and dextromethorphan in Horkut Chooi Foong Hor Lok Tan.

HSA said unsupervised use of indomethacin may cause stomach bleeding and kidney failure especially in susceptible individuals, which can lead to life-threatening outcomes.

It also said dextromethorphan can cause rapid heartbeat and dizziness while paracetamol may also lead to liver damage if taken in large doses.

HSA said traditional medicines are not allowed to contain western medicinal ingredients or substances controlled under the Poisons Act.

If convicted, offenders face a maximum fine of S$10,000 or two years' jail.

-CNA/wk

- wong chee tat :)

Tuesday, February 22, 2011

Space weather could wreak havoc in gadget-driven world

Space weather could wreak havoc in gadget-driven world
Posted: 20 February 2011 1614 hrs

WASHINGTON - A geomagnetic space storm sparked by a solar eruption like the one that flared toward Earth Tuesday is bound to strike again and could wreak havoc across the gadget-happy modern world, experts say.

Contemporary society is increasingly vulnerable to space weather because of our dependence on satellite systems for synchronizing computers, navigational systems, telecommunications networks and other electronic devices.

A potent solar storm could disrupt these technologies, scorch satellites, crash stock markets and cause power outages that last weeks or months, experts said Saturday at the American Association for the Advancement of Science's annual meeting.

The situation will only get more dire because the solar cycle is heading into a period of more intense activity in the coming 11 years.

"This is not a matter of if, it is simply a matter of when and how big," said National Oceanic and Atmospheric Administration administrator Jane Lubchenco.

"The last time we had a maximum in the solar cycle, about 10 years ago, the world was a very different place. Cell phones are now ubiquitous; they were certainly around (before) but we didn't rely on them for so many different things," she said.

"Many things that we take for granted today are so much more prone to the process of space weather than was the case in the last solar maximum."

The experts admitted that currently little can be done to predict such a storm, much less shield the world's electrical grid by doing anything other shutting off power to some of the vulnerable areas until the danger passes.

"Please don't panic," said Stephan Lechner, director of the European Commission Joint Research Center, drawing laughter from the scientists and journalists in the audience. "Overreaction will make the situation worse."

The root of the world's vulnerability in the modern age is global positioning systems, or GPS devices, that provide navigational help but also serve as time synchronizers for computer networks and electronic equipment, he said.

"GPS helped and created a new dependency," said Lechner, noting that the technology's influence extends to aerospace and defence, digital broadcast, financial services and government agencies.

In Europe alone, there are 200 separate telecommunication operators, and "nothing is standardized," he said.

"We are far from understanding all the implications here," he said.

World governments are hurrying to work on strategies for cooperation and information sharing ahead of the next anticipated storm, though forecasters admit they are not sure when that may occur.

"Actually we cannot tell if there is going to be a big storm six months from now but we can tell when conditions are ripe for a storm to take place," said the European Space Agency's Juha-Pekka Luntama.

On Tuesday at 0156 GMT, a huge solar eruption, the strongest in about five years, sent a torrent of charged plasma particles hurtling toward the Earth at a speed of 560 miles (900 kilometres) per second.

The force of the Class X flash, the most powerful of all solar events, lit up auroras and disrupted some radio communications, but the effects were largely confined to the northern latitudes.

"Actually it turned out that we were well protected this time. The magnetic fields were aligned parallel so not much happened," said Luntama.

"In another case things might have been different."

Space storms are not new. The first recorded major solar flare was recorded by British astronomer Richard Carrington in 1859.

Other solar geomagnetic storms have been observed in recent decades. One huge solar flare in 1972 cut off long-distance telephone communication in the midwestern state of Illinois, NASA said.

Another similar flare in 1989 "provoked geomagnetic storms that disrupted electric power transmission" and caused blackouts across the Canadian province of Quebec, the US space agency said.

A panel of NASA-assembled scientists issued a report in 2009 that said a powerful solar flare could overwhelm high-voltage transformers with electrical currents and short-circuit energy grids.

Such a catastrophic event could cost the United States alone up to two trillion dollars in repairs in the first year -- and it could take up to 10 years to fully recover, the report said.

- AFP/ir

- wong chee tat :)

Rising food prices nearing danger point: World Bank

Rising food prices nearing danger point: World Bank
Posted: 20 February 2011 0157 hrs

PARIS : World Bank president Robert Zoellick warned leaders of the top global economies Saturday that the world is reaching a danger point where soaring food prices threaten further political instability.

"I mentioned that we are reaching a danger point," Zoellick said, adding that he had urged G20 finance ministers and central bank chiefs meeting here to "put food first in 2011."

Zoellick said rising prices would eventually result in increased food supplies but in the intervening couple of years, "there could be an awful lot of turmoil and governments could fall and societies could go into turmoil."

Soaring food, fuel and other basic costs have been one of the key factors driving political unrest across the Middle East and North Africa which has forced the ouster of long-standing autocratic rulers in Egypt and Tunisia.

"We need to be sensitive and have a fingertip feel on what is happening in terms of food prices and its potential effect on social instability," Zoellick told a conference call.

He said the international community needs to be ready to act quickly to help countries such as Tunisia to cope with economic shocks as they try to manage political transition.

The World Bank warned ahead of the two-day G20 meeting that food prices rose by 15 percent between October 2010 and January 2011, pushing another 44 million people into poverty.

France, which holds the presidency of the Group of 20 top developing and developed countries, has made reducing price volatility in basic commodities including food one of its key goals.

Zoellick said G20 ministers were receptive to some of the ideas the World Bank has proposed and that the meeting would provide further momentum for action.

"In sum, I'd say there is a list of items here that is very do-able and the best antidote to complaints that the G20 is a talk shop is to take real action. And action for the most vulnerable people is the best form of that."

Zoellick said the situation is more concerning today than several years ago as there is increased demand from emerging markets and severe weather has reduced the ability of farmers to respond.

There have been proposals to slap limits on commodity trading to discourage speculative trading and reduce price volatility but the World Bank chief said "you counter volatility with better information" about the markets.

He said he also favoured a "code of conduct" for food export bans so as to ensure humanitarian food aid programmes are not affected.

- AFP /ls

- wong chee tat :)

Luxury cars a hit despite increase in COE premiums

Luxury cars a hit despite increase in COE premiums
By Stella Lee | Posted: 21 February 2011 2105 hrs

SINGAPORE: Singapore car registrations dipped almost 40 per cent in 2010, as sky-rocketing Certificate of Entitlement (COE) premiums put off prospective buyers.

COE premiums saw a record jump last year, with a 163 per cent increase for vehicles with engine capacity of more than 1600cc. Premiums rose 96 per cent for vehicles below 1600cc and more than 200 per cent for the open category in the same period.

However, registrations for luxury cars moved in the opposite direction last year and January data shows more high-earners here are keeping up with a speeding economy.

Luxury car dealerships are seeing more buyers, bucking sluggish demand in the broader auto market.

BMW registrations in Singapore grew 21.4 per cent last year; Mercedes Benz saw a 17.7 per cent jump.

Registrations for luxury sport autos have seen an even bigger increase.

Car registrations for Porsche rose 48 per cent last year, while those for Ferrari went up a whopping 116 per cent. This compares with a 39 per cent drop in registrations in the overall auto market in Singapore.

Karsono Kwee, Executive Chairman of Stuttgart Auto (Porsche), said: "I've been in the Porsche business for the last 25 years. Last year was a record year for us."

According to luxury sports auto dealerships, the bulk of demand came from high-earners, such as lawyers and bankers.

And these individuals may have spent their year-end bonuses chasing speed. Last month saw 97 registrations for Porsche, almost six times the December figure of 17. James Bond's favourite Aston Martin saw five registrations in January, compared with just two in December.

Analysts said that with the economy growing strongly, pay packages for top executives will rise further, giving them more spending power.

Pan Zai Xian, Director of Financial Services and Legal at Robert Walters, said: "A lot of compensation has been raised in the last year. I think last year has been a great year when people spend...like upgrading their vehicles before the COE prices come up. I think that's quite typical, in luxury brands we see that as well."

And with pay packages expected to rise again this year, especially for those in the higher-income bracket, demand for luxury cars like these may just continue to go up.

-CNA/ac

- wong chee tat :)

HDB launches sale of Bendemeer and Tampines condo sites

HDB launches sale of Bendemeer and Tampines condo sites
Posted: 22 February 2011 1756 hrs

SINGAPORE: The Housing & Development Board (HDB) will on Wednesday launch two sites at Bendemeer Road/Whampoa East and Tampines Central 7 for sale.

The sites are under the confirmed list of the first half 2011 Government Land Sales (GLS) Programme.

The condominium site at Bendemeer Road/ Whampoa East has a 99-year lease and can accommodate 780 units.

It is within walking distance of the Boon Keng MRT station along the North East Line.

Residents will have various dining, shopping and entertainment options at City Square, Serangoon Plaza and Mustafa Centre, which are near the MRT station.

Schools such as Bendemeer Primary, St Andrew's Junior and Secondary Schools and St Andrew's Junior College are also nearby.

The executive condo (EC) site at Tampines Central 7 is in Tampines Town which contains the Tampines Regional Centre, schools, cinemas, sports facilities and the Tampines MRT station.

The site has a 99-year lease and 660 units can be built there.

Another three new sites at Buangkok Drive/ Sengkang East Drive, Sembawang Road/ Jalan Sendudok and Jalan Loyang Besar/ Pasir Ris Drive 4 will be launched by HDB and the Urban Redevelopment Authority, next month.

-CNA/wk

- wong chee tat :)

NTU launches virtual job fair

NTU launches virtual job fair
By Evelyn Choo | Posted: 22 February 2011 1846 hrs

SINGAPORE: The National Technological University (NTU) has launched a virtual career fair, believed to be the region's first, for its students and potential employees.

NTU said there are a record 175 companies taking part in the career fair this year, 60 per cent more recruiters compared to those in 2010.

The number of jobs offered at the fair this year doubled to a whopping 4,500, with about 80 per cent of recruiters from the private sector.

One of the features of the NTU iFair is the virtual career portal developed by NTU, which enables students to meet potential employers, online.

NTU's Career & Attachment Office director Loh Pui Wah said career fairs in the past tend to be brick-and-mortar.

"But with the evolvement of web technology, we want to bring the career fair (to the virtual world), so that companies... can make use of the web to (interact) with the students," Mr Loh said.

About 50 companies have signed up for a piece of the virtual real estate.

And as hiring sentiments make a positive comeback from last year, recruiters look set to step up on their branding for a tech-savvy generation.

DSO National Laboratories human resources assistant director Serene Tan said NTU's iFair is helpful because it is virtual, and cuts down on logistic effort to set up physical career booths.

"They have been quick to set the virtual booth up with some customisation and we will be putting up positions available on our DSO corporate website, which is directly linked to the iFair," she said.

Ms Tan added iFair will also help them get in touch with students on overseas attachments who are unable to attend the physical career fair.

The iFair is set to run from March 14 this year, and will continue to be accessible till June 30, 2011.

Meanwhile, the physical career fair runs on February 22 and 25 at NTU's Nanyang Auditorium.

-CNA/wk

- wong chee tat :)

Monday, February 21, 2011

范玮琪 + 光良 - 好寂寞



- wong chee tat :)

Samsung Galaxy Tab gets bigger

Samsung Galaxy Tab gets bigger
Posted: 14 February 2011 0832 hrs

BARCELONA, Spain: South Korean consumer electronics giant Samsung has presented a new version of its tablet computer with a larger screen of 10.1 inches, four months after launching its first Galaxy Tab.

The Galaxy Tab 10.1, which uses the latest version of Google's Android operating system, weighs 599 grams (1 pound, five ounces) and is just 10.9 millimetres (0.43 inches) thick.

Samsung's first tablet, the Galaxy Tab with a seven-inch screen, was launched in October.

The South Korean company also unveiled its latest smartphone on the eve of the opening of the mobile phone industry's annual conference in Barcelona.

It presented the Galaxy S II as "the world's slimmest smartphone" at just 8.49 millimetres thick.

The head of Samsung's mobile division, JK Shin, said they focused on "screen, speed and content" while developing the phone.

The Galaxy S II includes NFC or Near Field Communication technology which allows for make secured transactions such as payments for riding on public transport,by swiping the phone near a receptor.

It is also equipped with voice recognition that allows users to dictate text messages instead of tapping on the screen.

With similar technology, is the compact and ergonomically designed GALAXY mini which Samsung recently rolled out to Singapore consumers along with two other new Android mobile phones.

The GALAXY mini comes with a Voice Search function to search for information without typing, as well as services such as Google Mail and Google Talk, and an integrated phonebook with direct SNS and IM links.

There's also the frameless, rounded, smooth edged GALAXY Ace with 3.5” HVGA display running on a 800MHz processor for smooth web browsing and seamless multitasking between apps; and the compact Samsung GALAXY Fit with a large screen for easy use of the integrated email system and ‘Office Viewer’ function.

AFP/sf

- wong chee tat :)

FairPrice lowers house brand prices

FairPrice lowers house brand prices
By Hoe Yeen Nie | Posted: 14 February 2011 1142 hrs

SINGAPORE: NTUC FairPrice is giving a flat five per cent discount for 500 house brand items for the next three months starting Tuesday, in a move to ease the pressure of rising food prices.

These items include essential items such as rice, cooking oil and detergent.

Customers who hold the Plus!Visa or NTUC Plus! Card would receive a further 10 per cent discount on house brand items.

These are expected to cost FairPrice S$2.3 million over this period.

The initiative comes under the supermarket cooperative Stretch-Your-dollar programme which was introduced between 2007 and 2009 amid the economic downturn.

FairPrice said its house brand products are typically at least 10 per cent lower than market prices.

Its CEO Seah Kian Peng said FairPrice would monitor inflation before deciding if the scheme would be extended.

"We've always played the benchmarking role, in our quest to fulfil our social mission," Mr Seah said.

"And because of the market leadership position that we have, everything that we do will be closely-watched by our competitors, and therefore I believe that what we do today will also lead to our competitors adjusting their prices somewhat."

Over the last few months, FairPrice has also been increasing its stockpile of rice to about three months' supply, beyond the two-month stockpile required of retailers.

But Mr Seah said the move is part of routine forward-buying.

"If we believe that the prices of some of these items are likely to go up, we'll do some forward-buying, stockpile a bit more, and with that, we can hold off price increases, if any, for as long as possible," Mr Seah said.

He added FairPrice is concerned about the prices of all staples as a whole.

The co-op runs one of the largest supermarket chains in Singapore, with more than 110 outlets.

-CNA/wk

- wong chee tat :)

Sunday, February 20, 2011

Hosanna In The Highest



- wong chee tat :)

Oracle Java SE and Java for Business Critical Patch Update Advisory - February 2011

Oracle Java SE and Java for Business Critical Patch Update Advisory - February 2011


Description

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE and Java for Business also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes. Please refer to:
Critical Patch Updates and Security Alerts for information about Oracle Security Advisories.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.
This Critical Patch Update contains 21 new security fixes across Java SE and Java for Business products.

Supported Products Affected

Security vulnerabilities addressed by this Critical Patch Update affect the products listed in the categories below.  Please click on the link in the Patch Availability column or in the Patch Availability Table to access the documentation for those patches.
Affected product releases and versions:
Java SE Patch Availability
JDK and JRE 6 Update 23 and earlier for Windows, Solaris, and Linux Java SE
JDK 5.0 Update 27 and earlier for Solaris 9 Java SE
SDK 1.4.2_29 and earlier for Solaris 8 Java SE
Java for Business Patch Availability
JDK and JRE 6 Update 23 and earlier for Windows, Solaris and Linux Java for Business
JDK and JRE 5.0 Update 27 and earlier for Windows, Solaris and Linux Java for Business
SDK and JRE 1.4.2_29 and earlier for Windows, Solaris and Linux Java for Business

Patch Availability Table and Risk Matrix

Java SE and Java for Business fixes in this Update are cumulative; the latest Critical Patch Update includes all fixes from the previous Critical Patch Updates.

Patch Availability Table



Product Group Risk Matrix Patch Availability and Installation Information
Oracle Java SE and Java for Business Oracle Java SE and Java for Business Risk Matrix Oracle Java SE and Java for Business Critical Patch Update February 2011 My Oracle Support Note 1282490.1
Consumer users of Oracle Java SE can download the latest release from http://java.com. Users on the Windows platform can also use automatic updates to get the latest release


Risk Matrix Content

Risk matrix lists only security vulnerabilities that are newly fixed by the patches associated with this advisory. Risk matrices for previous security fixes can be found in previous Critical Patch Update advisories.
Several vulnerabilities addressed in this Critical Patch Update affect multiple products.
Security vulnerabilities are scored using CVSS version 2.0 (see Oracle CVSS Scoring for an explanation of how Oracle applies CVSS 2.0). Oracle conducts an analysis of each security vulnerability addressed by a Critical Patch Update (CPU). Oracle does not disclose information about the security analysis, but the resulting Risk Matrix and associated documentation provide information about the type of vulnerability, the conditions required to exploit it, and the potential result of a successful exploit. Oracle provides this information, in part, so that customers may conduct their own risk analysis based on the particulars of their product usage. As a matter of policy, Oracle does not disclose detailed information about an exploit condition or results that can be used to conduct a successful exploit. Oracle will not provide additional information about the specifics of vulnerabilities beyond what is provided in the CPU or Security Alert notification, the Patch Availability Matrix, the readme files, and FAQs. Oracle does not provide advance notification on CPUs or Security Alerts to individual customers. Finally, Oracle does not distribute exploit code or “proof-of-concept” code for product vulnerabilities.

Workarounds

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. Until you apply the CPU fixes, it may be possible to reduce the risk of successful attack by restricting network protocols required by an attack. For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from unprivileged users may help reduce the risk of successful attack. Both approaches may break application functionality, so Oracle strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem.

Skipped Critical Patch Updates

Oracle strongly recommends that customers apply fixes as soon as possible. For customers that have skipped one or more Security advisories, please review previous advisories to determine appropriate actions.

Unsupported Products and De-Supported Versions

Unsupported products, releases and versions are not tested for the presence of vulnerabilities addressed by this Critical Patch Update. However, it is likely that earlier versions of affected releases are also affected by these vulnerabilities. Hence Oracle recommends that customers upgrade their Oracle products to a supported version.
Critical Patch Update patches are not provided for product versions that are no longer supported. We recommend that customers upgrade to the latest supported version of Oracle products in order to obtain patches.

Credit Statement

The following people or organizations reported security vulnerabilities addressed by this Critical Patch Update to Oracle: Afik Castiel from Versafe Anti Fraud; Billy Rios of Google; binaryproof via Tipping Point's Zero Day Initiative; binaryproof via iDefense; Dmitri Gribenko; Eduardo Vela Nava of Google; Frederic Hoguin via Tipping Point's Zero Day Initiative; Marc Schoenefeld of Red Hat; Peter Csepely via Tipping Point's Zero Day Initiative; Roee Hay of IBM Rational Application Security Research Group; Sami Koivu via Tipping Point's Zero Day Initiative; Stefano Di Paola of Minded Security; and Tom Hawtin.

Oracle Java SE and Java for Business Critical Patch Update Schedule

For the calendar year 2011, Oracle Java SE and Java for Business Critical Patch Updates will be released on the following dates:
  • 7 June 2011
  • 18 October 2011

References


Modification History


Date Comments
2011-February-15 Rev 1. Initial Release





Appendix - Oracle Java SE and Java for Business


Oracle Java SE and Java for Business Executive Summary


This Critical Patch Update contains 21 new security fixes for Oracle Java SE and Java for Business.  19 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
CVSS scores below assume that a user running a Java applet or Java Web Start application has administrator privileges (typical on Windows). Where the user does not run with administrator privileges (typical on Solaris and Linux), the corresponding CVSS impact scores for Confidentiality, Integrity, and Availability are "Partial" instead of "Complete", and the corresponding CVSS Base score is 7.5 instead of 10 respectively.
My Oracle Support Note 360870.1 explains the impact of Java security vulnerabilities on Oracle products that include a JDK.



Oracle Java SE and Java for Business Risk Matrix


CVE# Component Protocol Sub-
component
Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected Notes
Base Score Access Vector Access Complexity Authen-
tication
Confiden-
tiality
Integrity Avail-
ability
CVE-2010-4452 Java Runtime Environment Multiple Deployment Yes 10.0 Network Low None Complete Complete Complete 6 Update 23 and before See Note 1
CVE-2010-4454 Java Runtime Environment Multiple Sound Yes 10.0 Network Low None Complete Complete Complete 6 Update 23 and before, 5.0 Update 27 and before, 1.4.2_29 and before See Note 2
CVE-2010-4462 Java Runtime Environment Multiple Sound Yes 10.0 Network Low None Complete Complete Complete 6 Update 23 and before, 5.0 Update 27 and before, 1.4.2_29 and before See Note 2
CVE-2010-4463 Java Runtime Environment Multiple Deployment Yes 10.0 Network Low None Complete Complete Complete 6 Update 21 - 6 Update 23 See Note 1
CVE-2010-4465 Java Runtime Environment Multiple Swing Yes 10.0 Network Low None Complete Complete Complete 6 Update 23 and before, 5.0 Update 27 and before, 1.4.2_29 and before See Note 1
CVE-2010-4467 Java Runtime Environment Multiple Deployment Yes 10.0 Network Low None Complete Complete Complete 6 Update 10 - 6 Update 23 See Note 1
CVE-2010-4469 Java Runtime Environment Multiple HotSpot Yes 10.0 Network Low None Complete Complete Complete 6 Update 23 and before, 5.0 Update 27 and before, 1.4.2_29 and before See Note 1
CVE-2010-4473 Java Runtime Environment Multiple Sound Yes 10.0 Network Low None Complete Complete Complete 6 Update 23 and before, 5.0 Update 27 and before, 1.4.2_29 and before See Note 2
CVE-2010-4422 Java Runtime Environment Multiple Deployment Yes 7.6 Network High None Complete Complete Complete 6 Update 23 and before See Note 1
CVE-2010-4451 Java Runtime Environment HTTP Install Yes 7.6 Network High None Complete Complete Complete 6 Update 23 and before for Windows See Note 3
CVE-2010-4466 Java Runtime Environment Multiple Deployment Yes 5.0 Network Low None Partial None None 6 Update 23 and before for Windows, Solaris and Linux, 5.0 Update 27 and before for Windows, 1.4.2_29 and earlier for Windows See Note 1
CVE-2010-4470 Java Runtime Environment Multiple JAXP Yes 5.0 Network Low None None None Partial+ 6 Update 23 and before See Note 4
CVE-2010-4471 Java Runtime Environment Multiple 2D Yes 5.0 Network Low None Partial None None 6 Update 23 and before, 5.0 Update 27 and before See Note 1
CVE-2010-4476 Java Runtime Environment Multiple Java Language Yes 5.0 Network Low None None None Partial+ 6 Update 23 and before, 5.0 Update 27 and before, 1.4.2_29 and before See Note 4
CVE-2010-4447 Java Runtime Environment Multiple Deployment Yes 4.3 Network Medium None Partial None None 6 Update 23 and before, 5.0 Update 27 and before, 1.4.2_29 and before See Note 1
CVE-2010-4475 Java Runtime Environment Multiple Deployment Yes 4.3 Network Medium None Partial None None 6 Update 23 and before, 5.0 Update 27 and before, 1.4.2_29 and before See Note 1
CVE-2010-4468 Java Runtime Environment Multiple JDBC Yes 4.0 Network High None Partial Partial None 6 Update 23 and before, 5.0 Update 27 and before See Note 1
CVE-2010-4450 Java Runtime Environment - Launcher No 3.7 Local High None Partial Partial Partial 6 Update 23 and before for Solaris and Linux, 5.0 Update 27 and before for Solaris and Linux, 1.4.2_29 and before for Solaris and Linux See Note 5
CVE-2010-4448 Java Runtime Environment Multiple Networking Yes 2.6 Network High None None Partial None 6 Update 23 and before, 5.0 Update 27 and before, 1.4.2_29 and before See Note 1
CVE-2010-4472 Java Runtime Environment Multiple XML Digital Signature Yes 2.6 Network High None None None Partial 6 Update 23 and before See Note 4
CVE-2010-4474 Java DB - Security No 2.1 Local Low None Partial None None 6 Update 23 and before See Note 6
 
Notes:
  1. Applies to client deployment of Java only. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)
  2. Applies to client and server deployment of Java. This vulnerability can be exploited through Untrusted Java Web Start applications and Untrusted Java applets. It can also be exploited by supplying data to APIs in the specified Component without using untrusted Java Web Start applications or untrusted Java applets, such as through a web service.
  3. Applies to client deployment of Java only. This vulnerability is applicable only to systems using the Java Update (which is available only on the Windows platform).
  4. Applies to server deployment of Java. This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.
  5. Applies to client deployment of Java only. This vulnerability can be exploited only when a user runs a standalone application.
  6. See CVE-2009-4269 for more details.

- wong chee tat :)