A lot of the presentations at security (or perhaps more appropriately, "insecurity") conferences such as Black Hat are devoted to experiments or "dares" for hackers to break through some new version of digital security. After awhile, it gets to be like watching pre-schoolers daring one another to punch through ever-taller Lego walls. But in the midst of last July's briefings came at least one scientifically researched, carefully considered, and thoughtfully presented presentation: the result of a full-scale investigation by three engineers at a consultancy called Hustle Labs, demonstrating how the presumption of trust between browsers, their add-ons, and other code components can trigger the types of software failures that can become exploitable by malicious code.

Engineers Mark Dowd, Ryan Smith, and David Dewey are being credited today with shedding light on a coding practice by developers that leaves the door open for browser crashes. The discovery of specific instances where such a practice could easily become exploitable is the focus of the most critical of Microsoft's regular second-Tuesday-of-the-month patches -- arguably the biggest of 13 bulletins addressing a record 34 fixes.

Continue reading →

Imagine a wireless home network where devices communicate directly with one another instead of through the wireless router -- a sort of mesh network without the need to switch to ad hoc mode. Today the Wi-Fi Alliance announced it has almost completed the standard which could make these a reality: Wi-Fi Direct.

Wi-Fi Direct was known as "Wi-Fi Peer-to-Peer," and has repeatedly been referred to in IEEE meetings as a possible "Bluetooth Killer." By means of this standard, direct connections between computers, phones, cameras, printers, keyboards, and future classes of components are established over Wi-Fi instead of another wireless technology governed by a separate standard.

Continue reading →

When the worst part of the Economic Storm of 2008 was about to hit, Intel made preparations by moving its emphasis toward Atom, its lowest-end processor for netbooks and embedded devices -- at the time, a single-core unit. Sure, it would drive average selling prices (ASPs) down several points, but it would provide the sales volume necessary to keep Intel in the game, so all hands were bracing themselves against Atom for support.

The biggest sign to date that the storm has officially passed came from Intel's quarterly call exactly one year later. Mention of Atom, the lifeline of the company through the worst of it, was minimized. And we're back to talking about Nehalem, the company's current power-saving architecture, and the move from 45 nm to 32 nm lithography. At least in the skies above Santa Clara, the all-clear has sounded.

Continue reading →

Acer today took the lid off of its first Android-based smartphone, the Liquid, formerly shown off as the "A1." In addition to being the top computer manufacturer's first Android smartphone, it's also the first Android phone based on the 1 GHz Qualcomm Snapdragon chipset.

It's not the first Snapdragon phone altogether -- that honor went to the Windows Mobile-based Toshiba TG01 earlier this year -- but the Liquid will become be the most powerful Android handset available. Sony Ericsson is rumored to also be working on a Snapdragon-based Android phone with a UI known as "Rachael," and HTC is reportedly working on the "Dragon," but neither company has officially debuted a product as Acer has today.

Continue reading →

Download Opera 10.1 Beta 1 for Windows from Fileforum now.

At a time when performance and speed are more important to browser users than ever before, and when Web apps users need the best platform available, suddenly it's Opera Software that is having the most difficult time delivering. While Opera 10's "Turbo Mode" is intended to leverage the company's pre-rendering capabilities originally designed for the Opera Mini mobile browser, none of that matters with respect to raw JavaScript performance; and these days, Web browsers are essentially JavaScript engines with some markup on the side.

Continue reading →

I have to laugh at the sudden, slew of Mac bloggers taking swings at Windows 7 and asserting that Macs will continue to sell well after Microsoft's newest OS ships. Feeling a little defensive are we, bros? Their reaction shows worry that the thing they profess against -- surging PC sales that swamp Macs -- may yet be reality.

Windows 7 is simply Microsoft's best operating system ever. Mac fanboys should worry and circle together in defensive posture. Collectively, they're making a last stand against the PC giant. Please, please, boisterous Mac defenders, stand in the front lines and receive the first blows. You deserve them.

Continue reading →

Last March, the European Commission voted to enact a continent-wide law compelling member countries to take bolder steps to enforce their own copyright infringement laws. One of the more controversial provisions of the Intellectual Property Rights Enforcement Directive (IPRED) has been to allow rights holders to petition member states' governments to act on their behalf. That provision has emboldened some rights holders and associations to act as evidence gatherers; and in Sweden, their right to do so was put to the test.

A group representing five publishers of audiobooks in Sweden were judged to be entitled to the identity of a single file-sharer. In a June decision, a district court in Solna ordered ISP ePhone to turn over the name of the file-sharer. It refused, and was forced in September to pay a fine of 750,000 kronor (about $107,400), one-tenth of which was to go to the publishers.

Continue reading →

If the script that updates your DNS records for a zone leaves off the trailing period for each record, the DNS server can't properly attach the top-level domain name. That little tip is probably permanently etched onto the head of an administrator somewhere at Sweden's Internet Infrastructure Foundation. Late yesterday evening, that single omitted period caused Web sites with Sweden's .se TLD to be inaccessible for at least one hour, with some perhaps remaining inaccessible until the following evening before downstream routers refresh their caches.

A security bulletin issued by the Foundation this morning advises administrators noticing difficulties with accessing .se sites to use BIND 9.2.0's rndc flush command to clear memory of cached data prior to a reload. The firm issued a new zone file shortly after the incident, although it admitted it refrained from going through the usual security steps to clear the zone file since .se sites remained inaccessible. A new, fully cleared zone file has since been issued.

Continue reading →

If Snow Leopard, the latest version of the Mac operating system released late last August, were seriously plagued with bugs, writes a volunteer contributor to Apple's discussion forum, the company would be besieged with complaints. But that may very well be the problem, as evidenced by this screenshot from a Snow Leopard user who attempted to formally report his problem to Apple through his operating system, and was met with this message: "An error has occurred. Please report the error to Apple Inc. by emailing the error detail to devbugs@apple.com."

As the user reported on Apple's forum, "I'd laugh if I wasn't in an apoplectic rage."

Continue reading →

There are service outages, and then there are service outages. T-Mobile customers who carry the Sidekick smartphone are learning the hard way that there's a major difference between having no access to a service for a little while and losing every contact, calendar entry, and related shred of personal data they've got.

In the not too distant past, Google, Twitter, and Facebook have all experienced basic, quaintly simple service outages. Despite the headlines and general chaos associated with each incident, the bottom line impact was never all that onerous: When service returned, so did their users' data. For the most part, users were given an easy excuse to take a few hours off. And with the exception of Google's subscription services, most were free, so folks couldn't argue that they weren't getting their money's worth.

Continue reading →

Apparently not only are Sidekick users losing their personal data. Now, in a separate incident, Snow Leopard (OS X 10.6) users are also finding their data fully wiped.

The bug was actually discovered within a week of Snow Leopard's launch back in August, when users found that logging out of their account, into a "guest" account, and then back into their personal account would completely erase the content from their home drive (Documents, Movies, Pictures, Music, Sites).

Continue reading →

The manufacturer of a Windows maintenance toolkit featured on our Fileforum told CNET's Ina Fried last week that it believes boot times for Windows 7 are typically slower than boot times for Windows Vista. Iolo Technologies told Fried that it gauged the amount of time required for the CPU to reach a "true idle state."

As many veteran Windows users already know, the operating system doesn't actually boot to an "idle state" -- it's not DOS. Since that time, Iolo has been characterizing the time it stops its stopwatch as the time that the CPU is "fully usable," which seems rather nebulous.

Continue reading →

With the on-again/off-again relationship between the US Federal Trade Commission and antitrust enforcement clearly coming on again with the rise of the Obama Administration -- and the appointment of former FTC Commissioner Christine Varney at DOJ Antitrust -- it may no longer be acceptable among technology company directors to leverage their status with one company to influence another. Genentech Chairman Arthur Levinson's involvement as a lead director with both Google and Apple had never raised eyebrows until this year, when newly appointed regulators sought to eliminate the perception of possible collusion between technology companies.

That perception might have been obvious with regard to Eric Schmidt, the Google CEO who left Apple's board of directors last August. But for the career genetic scientist and molecular biologist whose company produced neither MP3 players nor search engines, his involvement was at one time seen as a way of sharing his life experience with multiple companies that could become partners.

Continue reading →

Download Mandriva Linux 2010 RC2 from FileForum now.

The last development version of Mandriva Linux 2010 RC2 (32 and 64 bit free versions) went live on Saturday, and is now available for testing from our FileForum.

Continue reading →

That's probably not a hard question for many Sidekick users to answer, given recent events. If you're a Sidekick user, please offer your answer -- or your experience during the week-long data crisis -- in comments. I ask the same of everyone else. Answer in comments the question: Should you trust Microsoft with your data?

Every existing or potential Microsoft cloud computing customer should ask and answer that question following the Sidekick data loss fiasco. How could Microsoft potentially lose all Sidekick user data? What? There was no server backup? It's not like Microsoft is inexperienced hosting data. The company bought Hotmail over a decade ago. Windows Live is all about hosted data.

Continue reading →