Announcement

Collapse
No announcement yet.

Pc News

Collapse
This is a sticky topic.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Carriers Unite for Future Mobile Networks

    Some of the world's biggest cellular operators have gotten together to promote their vision of what next-generation mobile technology should look like.

    Sprint Nextel, Vodafone Group, China Mobile Communications, Orange, NTT DoCoMo, Royal KPN, and T-Mobile International announced this week they have formed the Next Generation Mobile Networks (NGMN) initiative. NGMN, a nonprofit group based in London, won't push a particular type of network but rather a set of guidelines that future technologies should follow, said Steve Falk, vice president of global standards at Sprint.


    "We think that we can speak with a more organized and concerted voice that we have in the past," Falk said. Vendors and standards organizations had stronger voices in the development of 2G and 3G systems. Carriers will represent the interests of their customers, the end users, he said.


    The group, which is already consulting with equipment vendors but will only include carriers as members, may be pitting itself against Qualcomm, which developed much of the current 3G technology and has been criticized in some quarters for its royalty and licensing practices.


    The NGMN is looking toward the technologies to follow 3G systems such as HSDPA (High-Speed Downlink Packet Access) and EvDO (Evolution-Data Optimized).


    Carriers are still deploying and upgrading those networks, which are based on GSM (Global System for Mobile Communications) and CDMA (Code-Division Multiple Access) respectively, but even faster technologies are coming down the road. Sprint, for one, has called WiMax its 4G technology and plans to roll it out across the U.S. within the next few years. In choosing WiMax, the carrier used some of the guidelines NGMN was formulating, Falk said.

    Making Recommendations

    Among NGMN's recommended features are the following:

    high data throughput with low latency
    low operation and maintenance costs
    support for authentication, security and differentiated quality of service

    Carriers also will favor technologies covered by FRAND (fair, reasonable and nondiscriminatory) intellectual property rules, Falk said.


    "One of the principles of NGMN is an open and transparent IPR (intellectual property rights) regime," he said.


    The NGMN would like to see a single technology track and believes greater harmony will lower costs and speed up product development for vendors, too.


    "In some cases, 2G and 3G vendors have had to do very costly and time-consuming development on three to five different kinds of technology," Falk said. Being able to focus on one or two tracks, in turn, will help bring products and services to mobile subscribers faster and more economically, he said.

    Comment


    • Toshiba Readies New HD DVD Players

      Toshiba will soon put its second generation of HD DVD players on sale in the U.S.

      The Tokyo company kicked off the high-definition movie battle in the U.S. earlier this year when it put its first generation of HD DVD players on sale.


      They were soon followed by a machine from Samsung Electronics for the rival Blu-ray Disc format.


      Both formats use optical discs the same size as a CD or DVD, but use blue lasers to cram much more data onto the discs. However, Blu-ray and HD DVD are incompatible, and the different companies behind each format are vying for the favor of consumers. To date many consumers seem cool in their reaction to the rival formats and are sitting on the sidelines until a winner is crowned.

      New and Improved

      The more expensive of Toshiba's two new players, the HD-XA2, packs several new features that should mean a better picture if you have the right TV and content. The player generates output at up to 1080p, which is the highest of several levels of high-definition picture, and has the latest version of the HDMI (high-definition multimedia interface) standard.


      HDMI version 1.3 increases the color depth from 24 bits to 36 bits for deeper colors in images, but you'll need a compatible TV to realize the benefit.


      The HD-A2 will be available from October for $500 and the HD-XA2 will go on sale in December for $1000, said Toshiba. That means there's no change in the price of Toshiba's cheapest HD DVD player but there is an increase of $200 in the price of the high-end model from the current $800 price tag for the HD-XA1.

      Comment


      • Hackers Post Code for New IE Attack

        Hackers have discovered a new vulnerability in Internet Explorer, and they've released code that could be used to attack users of Microsoft's popular browser.

        The vulnerability is similar to a bug that Microsoft patched last month in a multimedia component of Internet Explorer, according to Vincent Hwang, a group product manager with Symantec's Security Response team.


        Though a sample exploit of the vulnerability was posted earlier this week by hackers on the xsec.org Web site, Symantec has yet to see the code used in any attacks, according to Hwang.


        To take advantage of the exploit code, attackers would first need to trick users into viewing a maliciously encoded Web page, but they could then run unauthorized code on a victim's computer.


        It is unclear right now which versions of Windows and Internet Explorer are affected by the vulnerability. Researchers at Secunia said they were able to create a "fully working" exploit for the latest version of Windows XP running Internet Explorer 6. Windows 2000 users are also vulnerable, Secunia said.

        Under Investigation

        Microsoft security researchers were unavailable to comment on the issue, but a spokesman for the company's public relations agency said that the matter was under investigation.


        Symantec calls the bug "critical," and Secunia rates the issue as "highly critical," its most severe rating. The Secunia alert can be found online.


        The xsec.org hackers referred to their code as a 0day, meaning an exploit for a previously undisclosed vulnerability. But one well-known hacker said the flaw was not difficult to find using publicly available security tools, such as the AxMan ActiveX fuzzing software.


        "Calling it 0day is a stretch," said HD Moore, the head of the Metasploit project, via e-mail.


        Moore wrote an automated ActiveX testing tool called AxMan that uncovered a handful of IE bugs, including the one exploited by on xsec.org. Although Moore recently launched a project called the Month of Browser Bugs, in which he disclosed a new browser vulnerability every day for the month of July, he said he had refrained from disclosing this particular vulnerability.


        "This is one of the many exploitable bugs that can be discovered using AxMan and one of the few that I didn't include in Month of Browser bugs due to the ease of exploitation," he said. "I still have three or four left in IE that have similar impact."


        This is the second unpatched flaw that Microsoft is looking at patching right now. Earlier this month, attackers began exploiting a vulnerability in the company's Word software.

        Comment


        • Microsoft Tests YouTube Competitor

          Banking on the popularity of online video-sharing services such as YouTube and Google Video, Microsoft's own competitive service goes into beta tomorrow.

          Soapbox on MSN Video, which will allow users to upload and share personal videos with others who use the service, is now available as a beta release in the U.S. for the Internet Explorer (IE) and Firefox browsers. The service initially is available by invitation-only, though users who want to take part in the beta can sign up on a waiting list.

          The service will let users both watch videos and browse for new ones simultaneously on the same screen, something that differentiates it from YouTube, Microsoft said.

          Like competing video-sharing services, Soapbox will allow users not only to upload videos to the Web in almost any digital video format, but also to tag and categorize them so other users can find them.

          Other Soapbox Features
          Other features in Soapbox include the ability for users to set up RSS (Really Simple Syndication) feeds for videos in which they are interested, and to embed videos directly into their personal blogs. To achieve the latter, Microsoft eventually will set up one-click integration between Soapbox and Windows Live Spaces, letting users upload videos from Soapbox to their Windows Live Spaces pages by clicking on a button. Eventually, Soapbox will be integrated throughout many of Microsoft's online services, which include Windows Live Messenger and Windows Live Mail.

          The Soapbox service will work with IE 6 or later browsers running on Windows XP, and the Firefox 1.0.5 browser or later running on Windows XP or Macintosh OS X.

          Background on Video Sharing
          Social networking services and media-sharing communities are becoming all the rage with the current breed of Web users, with sites like YouTube and the online community MySpace--which generate revenue through advertising--steadily gaining in popularity. However, though these sites are increasingly becoming part of the pop-culture zeitgeist, they are, so far, unproven financially.

          Like its other Web-based services, Microsoft aims for Soapbox, too, to generate revenue by luring online advertisers, the company said. Though it won't be ad supported in its initial release, Microsoft hopes the service will feature advertising down the line.

          Comment


          • 'Laser Chips' Could Replace Wires in Your PC

            Researchers from Intel and the University of California at Santa Barbara have found a way to build low-cost "laser chips" that could eventually shuttle data around PCs at much higher speeds than today's copper wire interconnects.

            The researchers combined the properties of a compound semiconductor material called indium phosphide, which emits light constantly, and silicon, which can be used to amplify and direct that light. They sandwiched the materials together to create a single device that can be manufactured using standard chip-making techniques.

            The breakthrough, announced today, is significant because it could help the interconnect technologies that carry data between components in PCs and servers keep pace with the rapid advances in the processing power of the chips themselves, the researchers said.

            What It Means
            "This could bring low-cost, terabit-level optical 'data pipes' inside future computers and help make possible a new era of high-performance computing applications," said Mario Paniccia, director of Intel's Photonics Technology Lab, in a statement.

            The work may be several years away from commercialization, but the researchers expect eventually to be able to put dozens or even hundreds of lasers on a single chip, they said.

            Indium phosphide is already widely used to make lasers for fiber-optic networks, but the cost of assembling and aligning the lasers makes them too expensive for the high-volume PC business. Silicon, on the other hand, can amplify and control light and could be used more affordably, but it is not an efficient generator of light itself.

            How It Works: 'Glass Glue'
            The researchers figured out a way to combine the two materials to build a "hybrid silicon laser" that can be manufactured using Intel's standard manufacturing techniques, keeping costs relatively low.

            To make the silicon laser, they created a thin oxide layer roughly 25 atoms thick on the surface of each material. They then heated the oxide and pressed the two layers together, forming a single chip with a "glass glue" between them. Applying a voltage to the device generates light from the indium phosphide, which passes through the joining layer to be guided and controlled by the silicon.

            The laser light can send data between computer components at extremely high speed. This can be done using a "silicon optical modulator," which effectively turns the laser beam on and off at very high speeds to represent the 1s and 0s of computer code.

            Intel has already demonstrated a silicon modulator that can transmit data at up to 10 gigabits per second. Figuring out how to make the hybrid silicon laser was the last big barrier to using silicon-based optical devices in computers and data centers, the researchers said.

            That capability becomes more pressing as engineers design processors with multiple cores--just two or four today but tens or hundreds in the near future, Paniccia said during a conference call with reporters.

            Copper Outdated
            "That type of terascale computing will need terascale information moving into and out of servers to keep the chips fed with data, which is extremely difficult to do on copper," he said.

            Most data moving farther than 100 meters travels over optical cables today, but the high cost of photonics prohibits its use for shorter distances, where copper prevails for data connections within rooms or between motherboards, Paniccia said.

            "What we're been working on is to siliconize photonics, bringing volume economics to optical communications," he said. "It's comparable to the breakthrough from the vacuum tube to the first planar integrated circuit, in that it allows you to build things at a size and cost that fundamentally weren't available before."

            Once engineers can use a low-cost, high-bandwidth optical interconnect, they will be able to create entirely new computer designs, such as remote memory, a design that stores data up to 2 feet away from a processor instead of the current standard of 6 inches, he said. That architecture would radically change the cooling requirements and form factors of computer design.

            As a next step, the researchers must find easier ways to manufacture this electrically pumped hybrid silicon laser, and then figure out how to combine it on a single chip with a standard computing processor, he said. Once they achieve that, binary data will be able to flow as electrons, then protons, and back again, enabling enormous rates of speed and efficiency.

            Comment


            • Sandisk, RealNetworks Ready iPod Rival

              RealNetworks is hoping to make a stronger push into the portable digital music market with the introduction of Sandisk's Sansa music players that come bundled with RealNetworks Rhapsody music service.

              The new offering, announced on Monday and to be available only in the U.S., means that Real and Sandisk join Apple Computer and Microsoft as providers of music services that are closely tied to specific devices. Just last week Microsoft revealed details of Zune, which will link a new portable player to a Microsoft digital music store.

              Automatic Subscription
              As part of the deal, the Sansa e200 series of portable music players will come preloaded with software supporting the Rhapsody service. Subscribers to the service pay a monthly fee to listen to any song in the Rhapsody database. They can download songs to their PCs and transfer them to the digital music player.

              If users cancel their subscription, the next time they connect to the Internet they'll synch with Rhapsody, which will delete the songs from the music player and their PCs. Anyone can buy individual tracks from Rhapsody, and those songs won't be deleted for customers who cancel their subscriptions.

              Rhapsody To Go customers can already transfer music onto portable players but this will be the first time that a device will come preloaded with Real software to ease the song transfer.

              The service on the Sansa device will also include some new capabilities, including automatic downloads of songs based on user preferences.

              Real said the Sansa offering will become available later this year. The companies did not reveal pricing for end users.

              Juggling Standards, Partners
              Real is using its own Helix digital rights management rather than Microsoft's PlaysForSure offering, although the devices will support the Microsoft technology.

              "This shows how the marketplace is slowly adjusting to Microsoft becoming a competitor," said Mark Mulligan, an analyst with Jupiter Research.

              Many portable music manufacturers and digital music stores have used Microsoft's digital rights management software and the Windows Media platform but their relationships with Microsoft may be tested since the introduction of Zune.

              "There's going to be significant amounts of shifting of alliances because what Microsoft has done with Zune is become an aggressive competitor with lots of people who were their clients who use Windows Media," he said.

              The announcement from Real also indicates that although the industry has become increasingly critical of Apple's policy of tying iTunes customers exclusively to its own iPod music players, competitors are emulating the tactic.

              Still, just because Microsoft and Real have now introduced similar concepts doesn't mean that such close bundles will become the only choice in the future, Mulligan said. That's clear because the Real and Sandisk relationship isn't exclusive, meaning that Sansa users won't be limited to only using Rhapsody while Real said it plans to form similar relationships with other music player makers.

              Also, if the music stores strike too many relationships with music players makers, the value of the close tie-in drops. "You can only do that so many times before it becomes meaningless," Mulligan said.

              Comment


              • AOL Enhances Video Search

                AOL is nurturing video uploads, launching new tools to make it easier to publish clips to its search engines.

                Inviting Videographers
                The company is announcing this week a program to let external developers build applications based on its video search engines, a step AOL has taken for other of its online services, like its AOL Instant Messaging platform (AIM).

                With the launch of the program on Monday, AOL will publish application programming interfaces (APIs) to let developers integrate AOL video search technology into their Web sites, said Tim Tuttle, AOL Video's vice president.

                Applications will be able to access AOL's video index, offer keyword searching, sort and filter results, support RSS, and provide browsing of clips by category, channel, tag, or user.

                Internet companies like AOL have embraced open APIs to let external developers extend and advance their online services with add-ins, applications and devices.

                Another part of the program is a new system called AOL Director Account to let video owners and site publishers automatically feed their clips to AOL's video search engines.

                Access to the APIs and to the feed system is open to everyone and free of charge. More information can be obtained from AOL.

                Integrating Video Sites
                AOL has a variety of video sites and video search sites, including AOL Video, UnCut, Truveo, and Singingfish.

                However, AOL is creating an integrated platform for all of them, and the first program to take advantage of it is this new developer initiative, Tuttle said.

                Also on Monday, AOL is announcing that its online videos will be available on PCs running Microsoft's Media Center operating system and Intel's Viiv technology

                . Intel announced in January the plan to have AOL videos optimized for Viiv and thus viewable from TV sets.

                Comment


                • Austek, Samsung Ready Ultra Mobile PCs

                  Asustek Computer will begin selling its first ultra mobile PC, the R2H, worldwide by the end of this month, while Samsung Electronics is readying one that eschews Intel microprocessors in favor of Via Technologies chips.

                  Austek's Specs
                  Asustek's ultra mobile UMPC is designed with all the functions of a laptop, including a folding typing pad, as well as other devices, such as a global positioning system (GPS) so it can sit on the dashboard of a user's car to map the way home.

                  The R2H runs Microsoft Windows XP Tablet Edition OS on a 900MHz Intel Celeron M microprocessor. It measures 9.3 by 5.3 inches, about half the size of a laptop, and weighs just under 2 pounds. The OS allows touch navigation with a stylus on its 7-inch screen, but the models on display Monday at a news conference in Taipei were difficult to use. Company representatives said the display models were for testing only, the reason for the sluggish performance.

                  Like most UMPCs, the R2H is an Internet device, connecting through 802.11b/g Wireless LAN, and supports Bluetooth. For security, Asustek added an infrared fingerprint identification system to keep users' data safe from thieves.

                  Although the suggested retail price of the R2H bound for the Taiwan market is $1117, it will come in different configurations users can choose from, so prices will be flexible. Asustek will offer models with different sized hard drives, ranging from 20GB to 60GB in capacity. The standard edition will also come with just a two-cell battery, for about two hours of use before needing a recharge. Users will be able to select a four-cell battery as well, at an added cost.

                  The device is Windows Vista compatible.

                  The company also launched a new tablet PC, the R1F, and expects to produce a total of 3000 units of the two devices each month, said Benson Lin, head of sales in the Asia Pacific for Asustek, at a news conference in Taipei.

                  Samsung's next gen
                  Samsung Electronics, of South Korea, is readying a new UMPC with a 7-inch screen that uses a 1.0GHz Via C7 microprocessor, but hasn't set a launch date.

                  The device, dubbed the Q1B, will come with 40GB of storage space, WLAN and Bluetooth, and will weigh 1.7 pounds, according to Samsung's Web site.

                  The Q1B will come with a better battery than the R2H, a three-cell battery offering up to five hours of life before needing a recharge. Samsung is offering an upgrade to a six-cell battery at an additional charge. It follows the Q1 launched in May.

                  The company is also offering additional peripherals similar to Asustek's, such as an organizer bag, optical disc drive, and typing pad.

                  Comment


                  • Adobe Updates Acrobat, Creative Suite

                    Adobe Systems has released Acrobat 8, a new version of its popular document authoring and reading software, and integrated it with its upgraded Creative Suite 2.3 Premium.

                    Acrobat 8 now includes Acrobat Connect, which allows online users to discuss and edit documents or other material in a real-time conference. The service is available for a monthly fee.

                    Also new is Acrobat Connect Professional, for larger meetings and with more features, including chat using Voice over Internet Protocol (VoIP). Acrobat Connect will be available from early next year in English for $39 per month, or $395 per year, per user. Connect Professional will be available from December of this year in English, German, French, Japanese, and Korean. Adobe did not announce pricing for the professional version.

                    Pricing, Availability
                    The company said Acrobat 8 Professional will be available for Windows and Macintosh, with Acrobat 8 Standard for Windows, from November, in English, French, German, and Japanese. Suggested retail price for Acrobat 8 Professional is $449, with upgrades for $159. Suggested retail for Acrobat 8 Standard is $299, with upgrades for $99. Acrobat's last major update was nearly two years ago.

                    Bundled into the latest Creative Suite release is the Dreamweaver 8 Web development software, which Adobe acquired when it bought Macromedia. It also includes Acrobat 8 Professional, which supports the PDF/X-1a, PDF/X-3 files, PDF/X-4, and PDF/A formats.

                    Creative Suite will be available during the fourth quarter of this year for Windows and Macintosh, in English, French, German, and Japanese. Suggested retail prices are $1199 for the full version of Adobe Creative Suite 2.3 Premium, $159 for an upgrade from Adobe Creative Suite 2 Premium, and $549 for an upgrade from Creative Suite 1.x Premium and Standard.

                    Comment


                    • Mozilla Fixes Critical Firefox Flaws

                      Mozilla developers have released an updated version of their Firefox browser that fixes a number of security issues, four of them rated critical.

                      The update was released late Thursday, and Firefox users should receive the 1.5.0.7 patches via the browser's automatic update system over the next few days, according to Mozilla.

                      Research firm Secunia rates the flaws as "highly critical," saying that they can be exploited to "conduct man-in-the-middle, spoofing, and cross-site scripting attacks, and potentially compromise a user's system," according to an alert. Secunia's alert can be found online.

                      Web surfers who want to download the Firefox update directly can find it on Mozilla's Web site.

                      In addition to the four critical patches, the software also fixes three less-critical issues and offers some stability enhancements according to the Mozilla Web site. Details on the security vulnerabilities can be found online.

                      Browser hackers have traditionally focused on Microsoft's Internet Explorer, but as Firefox's market share has grown it has become a more attractive target. Firefox is now used by about 13 percent of Web surfers, according to research firm OneStat.com.

                      Busy Week
                      It has been a busy week for IT administrators looking to stay on top of security. Important security patches were also released by Microsoft and Apple Computer.

                      On Tuesday, Microsoft released its monthly set of security patches, fixing a critical bug in its Publisher product. The company also re-released two of its August patches to fix bugs in the updates. More information on Microsoft's patches can be found on Microsoft's Web site.

                      That was followed Wednesday by Apple's fix for its QuickTime multimedia software. This update, rated as highly critical by Secunia, fixes six bugs in the product. More details on the QuickTime update can be found on Apple's Web site.

                      Comment


                      • Hands On: Microsoft's Soapbox Video-Sharing Service

                        Videographers now have a new Web outlet for their mini-masterpieces with today's introduction of the beta version of Microsoft's Soapbox on MSN Video video-sharing service.

                        After spending a few hours with the service, I'm impressed by how easy Soapbox makes uploading and sharing videos. Still, if you're seeking a big audience, your videos will likely attract more eyeballs when you post them on video-sharing leader YouTube.

                        And if you're looking to view videos rather than post them, Soapbox can't match the number and variety of clips you'll find on YouTube--which, considering the silliness and voyeurism prevalent on that site--might not be such a bad thing.

                        How to Get Started
                        If you want to try the invitation-only Soapbox beta, you have to sign up for the waiting list. When you receive your invitation in your Passport/Windows Live account, you simply click a link to open the sign-up page.

                        Once you've signed in with your Hotmail or MSN account, you're able to browse videos by rating, popularity, category, or tag. You can also view a list of the videos you've uploaded, see the status of the videos you're currently uploading, and edit your profile.

                        To upload a video, you simply give it a name, add a description (up to 400 characters), select one of 15 categories, and supply as many as five tags. You can either enter the path to the file manually or click the Browse button and select it in the 'Choose file' dialog box.

                        How Long Does It Take?
                        In my informal tests it took about 15 minutes to upload a 19.5MB video in the ASF format (the service supports AVI, WMV, MOV, MPEG 1/2/4, 3GPP, DV, H.263, and H.264 as well). You can view your video immediately after the upload completes; if you've chosen to make the video public, however, the file takes about 20 minutes to become available to others. Links are provided for pasting into a Web page--with or without an accompanying image and/or embedded player.

                        You can send a link to your video (or anybody else's) via e-mail. The service lets you add a comment to any video, place it on your favorites list, or report it as offensive. Other options allow you to read the comments that other users have posted on your videos, and to change the name, description, tags, and category you supplied when you first uploaded a file.

                        A Clean Interface
                        While Soapbox and YouTube offer similar features, including the ability to search videos by keyword, tag, or category, and to sort your search results by relevance, date added, and rating, I found the Soapbox interface much cleaner and easier to navigate than the cluttered YouTube screen. Both services limit uploads to 100MB (YouTube also limits a video's duration to 10 minutes). Soapbox currently lacks YouTube's advertisements, but you can expect some ads in the public release of the Microsoft service.

                        Soapbox will eventually be integrated with Microsoft's other Windows Live services, but the beta I tried lacks direct links to Spaces, Messenger, and other members of the Live family. In its current stand-alone incarnation, however, Soapbox's ease of use and clean interface will help it challenge the Web-video leaders.

                        Comment


                        • Porn Sites Use New IE Bug to Install Spyware

                          Hackers are taking advantage of a newly discovered vulnerability in Internet Explorer to install spyware on PCs that visit any of a number of Russian porn sites.

                          The malware, first reported yesterday by researchers at Sunbelt Software, takes advantage of an unpatched flaw in the way IE processes Vector Markup Language (VML) code. VML is a language used to display graphic information on the Web. The attack appears to work on all versions of Windows running the IE 6 browser, said Eric Sites, Sunbelt's vice president of research and development. "It's not an operating system-dependent issue," he said.

                          Web Attacker
                          Sunbelt first discovered the malware on a Russian porn site late Friday. "This site and a couple of others use an exploit kit called Web Attacker, and it looks like the Web Attacker kit has been upgraded to include this new exploit," Sites said.

                          Since late last week Sunbelt noticed that the attack code has popped up on about a half-dozen Russian porn sites. In addition, since security researchers estimate that Web Attacker is used by nearly 1,000 Web sites, this latest exploit should soon become more widespread.

                          Web Attacker is a software development kit sold for as little as $20 to criminals looking for an easy way to develop malware. Websense posted an informational alert for Web Attacker last April.

                          "Since it's being built into the next version of the Web Attacker kit, we expect that this thing will be everywhere in a few days," said Sites.

                          Microsoft Patch Planned
                          Whether the attacks will be widespread enough for Microsoft to rush to patch the flaw remains to be seen.

                          Microsoft today confirmed the Sunbelt team's findings, and said it planned to fix the VML bug in its next set of security patches, scheduled to be released on Oct. 10, "or sooner as warranted," according to a statement from the company's public relations agency.

                          This is the second unpatched flaw found in IE over the past week. On Sept. 14, researchers posted code that could be used to exploit a different vulnerability in a multimedia component of Internet Explorer. Microsoft is still investigating that flaw and is not saying whether it too will be patched next month.

                          Sunbelt says that users can avoid the VML attack by disabling Javascript on their browsers. More information can be found on the Sunbelt blog.

                          Comment


                          • Toshiba Battery Exchange

                            Toshiba has offered to exchange 340,000 notebook computer batteries, but said they do not pose a fire hazard. Instead, defective batteries could unexpectedly cut power to the notebooks, causing users to lose unsaved work.

                            The batteries, made by Sony, may fail to charge correctly, causing the power to cut off suddenly if the notebook is not connected to a mains outlet, said Toshiba spokesman Keisuke Ohmori.

                            Reports of lithium ion cells in notebook batteries overheating or catching fire have prompted other computer manufacturers, including Apple Computer and Dell, to issue safety recalls. Dell recalled 4.1 million batteries used in its notebook computers in August, citing a fire hazard, while Apple recalled 1.8 million batteries, warning that they could overheat.

                            Not an Explosive Situation
                            Toshiba's batteries are not at risk of starting a fire, Ohmori said. "There is no such hazardous or related issue," he said.

                            Instead, Toshiba's problems stem from a defect in the interface circuitry between the battery cells and the computer.

                            That defect is caused by corrosion, said a spokesman for Sony, the manufacturer of the batteries. An ingredient used in the insulating paper of batteries manufactured between March and May can corrode components in the batteries' charging circuits, causing them to fail, said Sony spokesman Takashia Uehara. The supplier changed the composition of the insulating paper without notice, he said.

                            Batteries made for other notebook manufacturers also contained the paper, and Sony is working with those companies to see whether there is a problem, Uehara said. He declined to say how many batteries were affected overall.

                            Toshiba's free battery exchange program covers 11 notebook models sold in Japan, five sold in the U.S. and 12 sold in Europe, including the Tecra A7, Satellite A100, Satellite M50 and Satellite pro M70, Ohmori said.

                            Comment


                            • HP Investigation Continues

                              Hewlett-Packard has turned over thousands of documents to a U.S. House subcommittee investigating methods the company used to find out who was leaking company information to the media, a subcommittee spokesman said Monday.

                              "The committee did receive thousands of pages of documents from HP. Staff investigators are reviewing them now," said Terry Lane of the Subcommittee on Oversight and Investigations of the House Committee on Energy and Commerce.

                              HP's Keeping Mum
                              HP confirmed it responded to the subcommittee's request but didn't go beyond that. "We are complying with the House Subcommittee's request for information but are not releasing the details of what's being provided for the committee's inquiry," said HP spokesman Ryan Donovan.

                              The inquiry springs from revelations that HP hired an outside investigative firm that used questionable tactics to find the source of leaks from the HP board to news media in 2005 and 2006. HP, in a U.S. Securities and Exchange Commission filing September 6, acknowledged that unnamed outside investigators used "pretexting," a form of subterfuge where investigators pose as someone else, to obtain personal phone records of people it was investigating. The committee is considering federal legislation to make pretexting illegal.

                              The House panel, in a September 11 letter to HP Board Chairman Patricia Dunn, asked HP to: Identify the outside investigative firms it hired; identify the people within HP who authorized, participated in or had knowledge of HP's investigation; provide copies of contracts between HP and any outside firms; disclose the identities of everyone whose phone records were procured, or were attempted to be procured; and provide other information.

                              HP, of Palo Alto, California, has refused to identify the outside firms it hired, but various media reports have identified them as Security Outsourcing Services, of Needham, Massachusetts, and Action Research Group, of Melbourne, Florida.

                              HP Warned?
                              Although HP has claimed that its legal advisors told it that the pretexting was within the law, an HP security specialist reportedly questioned its legality earlier this year.

                              Fred Adler, a computer-crimes specialist within HP's global security division, and a former U.S. Federal Bureau of Investigation agent, notified his supervisors that acquiring people's phone records under false pretenses could be against the law, The Wall Street Journal reported Tuesday.

                              The subcommittee has invited Dunn and HP General Counsel Ann Baskins to testify at a committee hearing September 28 and a committee source told the Journal they would appear. HP's Donovan would not comment. Larry Sonsini of the Palo Alto law firm Wilson, Sonsini, Goodrich & Rosati was also invited to testify but it's not known if he will appear. Ronald DeLia of Security Outsourcing Solutions, also invited, hasn't replied, but the Journal quoted a committee source as saying that if DeLia were to testify he said he would invoke his Fifth Amendment right to not testify to protect against self-incrimination.

                              Comment


                              • Spammers Cashing in on Free Hosting Services

                                Spammers have found a way to mine free Web-hosting services for cash.

                                Online scammers have long used free hosting services such as Yahoo Geocities or Tripod as a way to get around e-mail filters that might otherwise recognize their spammy Web sites. But now some enterprising spammers have begun selling each other these free Web pages, according to security vendor McAfee.

                                URLs for Sale
                                For $25 per week a spammer will sell 50 Web-hosting accounts that can be used to redirect Web traffic to sites that normally would be flagged.

                                "These 'link providers' create and maintain thousands of free hosting accounts on behalf of the spammers," wrote McAfee's Nick Kelly in a recent posting to McAfee's Avert Labs blog.

                                "They know that the bigger hosts are unlikely to get blacklisted because they have so many legitimate users," he added.

                                Scammers also use the free Web pages to try to manipulate search engines, by making it look as if their Web sites are widely linked, said Adam O'Donnell, senior research scientist with Cloudmark, an e-mail filtering company.

                                Providers Fighting Back
                                While the free hosting providers are taking steps to shut down this abuse, they appear to be fighting a losing battle.

                                In late June, Cloudmark researchers were seeing about 1500 phony URLs on any given day on one of the most abused free hosting services (O'Donnell declined to name names). One month later, that number had jumped to 3500.

                                Spammers are simply able to outpace the hosters' security teams, O'Donnell said. "They will gain more hosts for their pages than the company is able to take down," he said.

                                The free hosters have been placed in a tough position because they do not want to shut down legitimate users, but they also do not have the technical resources to mine spam for Web pages that are being misused, O'Donnell said.

                                Lately, however, the hosters have been partnering with security vendors to address the problem.

                                Cloudmark is working with some hosting providers, hoping to sell them "reputation" information that tells them how many times their member URLs are being seen in spam.

                                McAfee has been providing similar information to an undisclosed service provider, Kelly wrote. "This relationship has cut the abuse observed by us on that provider by over 90 percent in less than a week."

                                He added, "let's hope those spammers are buying their new watches from pound$hop rather than Bolex this summer."

                                Comment

                                Working...
                                X