Microsoft Windows Vista Security Flaws already discovered by Security Analysts
Friday, December 29, 2006
Windows Vista that will soon be launched by Microsoft on January for consumers seems to be the next-generation operating system. However, according to reports, computer security researchers and hackers have begun spotting potentially critical flaws in the soon-to-be released operating system.
In fact, on December 15, a Russian programmer posted a description of a flaw, which enables increasing users’ privileges on all of Microsoft’s recent operating systems.
Besides, over the Christmas weekend, a Silicon Valley-based security firm said that it had notified Microsoft about yet another flaw that it had discovered, as well as five other vulnerabilities. One of the five vulnerabilities is a serious bug in the software code that is used in the Internet 7 web browser. This Windows Vista flaw could result in Web users getting infected with malicious software if they happen to visit certain web sites.
California-based anti-vulnerability software, Determina added that the browser flaw could make it possible for attackers to inject rogue software into computers that run the Windows Vista operating system. According to sources at Determina, the Internet Explorer browser flaw can permit damage including information theft.
The ‘sandbox’ software that is used in the Internet Explorer software is able to control damage, even if a malicious program happened to disturb the operation of the browser. But, Determina stated that it might just be possible to work around the ‘sandbox’ controls, alter certain files, and even permanently infect a target computer.
Microsoft responded to the issue on their website saying that the company is closely monitoring the vulnerability described by the Russian programmer. Microsoft said that they have as yet not observed any public exploitation or attack activity based on the described flaw. A spokeswoman for Microsoft also mentioned that the software company is in the process of investigating the Internet Explorer flaw.
Determina has warned people not to get too laid-back, as the company expects a whole lot more of Windows Vista bugs to pop up in the next six months to one year.
The Windows Vista flaw that was discovered seems to be rather strange; as Microsoft has spent a whole lot of money, at the time of branding Vista to be the most secure products ever produced by them!!!!!!
posted by Sid @ 9:46 PM,
,
Air Purifying Compact Desktop PC unveiled by TCL
A Korean company called TCL is in the works of launching a new compact desktop pc ‘S-series’ that includes (whew) ‘AN AIR PURIFIER’.
The TCL Air Purifying PC is a compact one that sports a super trendy design. The widescreen 22-inch monitor has a bright-adjustable feature depending on different occasions like watching movies, playing games, or working on general documents. Even the speakers that are packed in look quite promising. Apparently the TCL Air Purifying PC will come in orange, black and white.
The TCL ‘S-series’ are slated to hit China in the first half of 2007. No info on the pricing for the TCL Air Purifying PC has been released yet.
posted by Sid @ 9:37 PM,
,
Nokia 5300 XpressMusic, 5200 XpressMusic, 3250 XpressMusic - the XpressMusic Range of Music Phones unveiled
Nokia has introduced its XpressMusic range of music phones that are a perfect amalgamation of excellent mobile communication and perfect mobile music. 5300 XpressMusic, the 5200 XpressMusic, and the 3250 XpressMusic are Nokia’s latest offering.
This - being the latest addition to yesterday, when Nokia unveiled music editions of three of its Nseries multimedia computers; namely the N70 Music Edition, the N73 Music Edition, and the N91 8GB phone.
Speaking at the launch, Heikki Norta, senior vice president - mobile phones, Nokia, said, “With today’s launches, we are reaching out to a broad range of consumers, who want both the features of a modern mobile phone and a quality music player in a single, stylish device.”
“The Nokia 5300 XpressMusic, in particular, offers a comprehensive feature set, including support for up to 2 GB of memory and dedicated music keys at an accessible price. Never before has it been as easy or affordable for consumers to own a mobile phone that also offers a first-rate music experience that compares favorably to any stand-alone music player. With this product launch, we are emphasizing the benefits of the XpressMusic feature brand, which clearly labels those Nokia devices that guarantee an outstanding mobile music experience.” Norta added.
The main model of the XpressMusic series is 5300 XpressMusic, which has a stylish slide design, and holds up to 100 music albums that is roughly about 1,500 tracks on a 2GB microSD card. The phone makes possible controlling music playback whilst SMSing, browsing, or clicking pictures, thanks to the dedicated music keys.
With the help of an inbox adaptor, headphones or external speakers can be easily plugged-in to the phone. While, using a standard micro USB connector, the phone can quickly transfer music to a PC. With the Nokia Wireless Audio Gateway AD-42W, consumers can stream music wirelessly from their phone onto any stereo.
The 5300 XpressMusic features a 1.3 mega pixels camera, the latest messaging functions, and video ring tones for incoming calls.
The Nokia 5300 XpressMusic is expected to retail for approximately 250 EUR (Rs 14,500) before taxes and subsidies.
Out of the two other phones in the XpressMusic range, the Nokia 5200 XpressMusic is pretty similar to the 5300 with respect to its design. The features are a mix of music and messaging functions.
The 5200 XpressMusic is expected to ship for around 200 EUR (Rs 14,500) before taxes and subsidies.
The Nokia 3250 XpressMusic maintains the unique “twist” design, and stores up to 1500 tracks on a 2G microSD card.
This phone will be available for a retail price of about 400 EUR (Rs 23,200) before taxes and subsidies.
posted by Sid @ 8:54 PM,
,
Norton 2007 - - The good and the bad
Monday, December 25, 2006
The good: Norton Internet Security 2007 costs less than it did last year.
The bad: Norton Internet Security 2007 packs fewer new features and overall lacks competitive security features, such as a file shredder and a backup utility; single-user-license edition no longer available (minimum is now a three-user license); requires twice as much disk drive space as McAfee or ZoneAlarm.
The bottom line: Despite its new price, Norton Internet Security 2007 lacks Internet security features we found in comparably priced McAfee and ZoneAlarm Internet security suites.
Although the interface is new and the price lower, Norton Internet Security 2007 from Symantec remains a bare-minimum suite of repackaged antivirus, firewall, antispam, parental control, and antispyware tools. Missing are system diagnostics and backup features (available in McAfee Internet Security 2007) and enhanced Internet transaction security (available in ZoneAlarm Internet Security 6.5). For backup, Norton users will need to purchase Norton Save & Restore or the yet-to-be-seen Norton SystemWorks 2007; and for enhanced transaction security, Norton users will need to purchase Norton Confidential (still in beta)--add-ons that negate the new lower price. And despite promising better system performance, in our testing of the beta edition, we found Norton Internet Security to occupy roughly twice as much file space and run more active services than its competitors. For the money, we think you'll get a more complete Internet security suite and one that's also lighter on your system resources from either McAfee or ZoneAlarm, with the latter suite receiving our Editors' Choice award.
Once installed, Norton Internet Security 2007 occupies 350MB of hard drive space--more than twice the file space required by either ZoneAlarm or McAfee. Norton also runs several nonessential services in the background, such as Norton LiveUpdate, which can noticeably reduce system performance on older machines. And should you ever decide to remove Norton Internet Security 2007, you'll need to go beyond Microsoft Windows' Add/Remove Programs (there was no uninstall in the beta we saw) and download a special ActiveX tool in IE from Symantec; even then, at least with the beta version we tested, we still needed to manually delete several residual Symantec references from the system directory before we could uninstall the suite from our test system.
When you first launch Norton Internet Security 2007, a new sidebar window displays your system's current security status using the now-common green-yellow-red security rainbow. Norton provides a Fix Now button, but unlike McAfee's own Fix button, Symantec takes you to another screen, where you must choose what to fix and so on. For people who want to tweak what's wrong, that'll be just fine; but most home users will simply want whatever's wrong fixed and will find the extra step annoying.
Based on our experiences with the July 2006 beta, we also found the virus-scan results page too cumbersome. After identifying what's considered malware by Symantec, you still have to choose how to handle each item with a drop-down menu offering Fix, Ignore, and Exclude. While some may appreciate the granularity here, most home users will simply want to fix the problems en masse and move on.
Rather than add new features, Norton Internet Security 2007 goes deeper with its existing protection technology from last year. For example, Norton Internet Security 2006 offered some rootkit protection, but Norton Internet Security 2007 extends Symantec's Veritas VxMS enterprise technology to the consumer level, allowing Norton Internet Security to compare files within the directory to files on the volume level. This quickly ferrets out suspicious or known malware and rootkits operating on your system. Norton Internet Security 2007 can also throttle its antivirus scanning engines so that either the full system scan or a Quick Scan runs in the background, giving priority to applications such as Microsoft Word, but other antivirus engines already have this technology.
posted by Sid @ 10:23 PM,
,
Audi Q7
Audi's first SUV, the Q7, debuts in June 2006 as a 2007 model and emphasizes sporty handling and performance. For those keeping track, Jaguar is now the only major luxury brand selling vehicles in the U.S. that doesn't offer an SUV — not that it should.
The midsize Q7 is loosely based on Audi's midsize wagon, the A6 Avant. It falls between the A6 and full-size A8 sedan in pricing.
The Q7 seats up to seven passengers in three rows. The second row can be adjusted forward for more cargo space or back for added legroom, and the second and third rows also have split seat backs that fold flat to increase cargo room. Audi says the seats can be arranged in 28 different ways.
Engine choices include a 350-hp 4.2-liter V8 and a 280-hp 2.8-liter V6 (the latter will be available in September 2006). Both are mated to a six-speed Tiptronic automatic transmission with manual-shift capability. A 3.0-liter diesel V6 sold in other markets does not comply with U.S. emissions regulations and isn't available here.
Audi’s quattro all-wheel-drive system is standard. It uses a center differential to distribute power from front to rear wheels and side to side to improve traction and stability, particularly on slick roads and during spirited driving.
A sophisticated double-wishbone suspension system with twin-tube shock absorbers is designed for agile handling, a smooth ride and moderate off-road ability. The suspension can be raised for increased ground clearance off-road or lowered for improved high-speed aerodynamics and easier access to the interior. The rear axle alone can be lowered to facilitate access to the cargo area. A system that reduces body lean through turns is standard, as is electronic stability control.
An optional four-position air suspension ($2,600) adjusts shock absorption to road conditions.
he Q7's aluminum- and wood-trimmed interior with leather seats is as stylish and refined as that of any current Audi. It features Audi's Multi-Media Interface found in other models, which uses a large knob and video display to operate navigation, audio, climate control and most other functions.
Front and side airbags for front seats and head-curtain airbags for all three rows of seats are standard. Rear side airbags cost an additional $350. Besides the adjustable air suspension mentioned above, other notable options include a towing package (good for up to 6,600 pounds) with a retractable trailer attachment ($500), and a lane-change warning system that uses radar to detect vehicles in blind spots ($500).
An optional six-seat configuration (available in summer 2006) replaces the second row with two independent seats separated by a center storage console and is said to increase rear-seat comfort. It costs $1,200 on the Q7 4.2 and is a no-cost option on the 4.2 Premium model.
posted by Sid @ 9:56 PM,
,
Microsoft denies flaw in Vista
Microsoft has confirmed that Vista can be affected by malware from 2004, but argues this is not a flaw in the operating system.
Security vendor Sophos reported on Thursday that Microsoft's Vista is vulnerable to at least three pieces of widespread malware, two of which date back to 2004. At least three well-known internet worms — labelled Stratio-Zip, Netsky-D and MyDoom-O by Sophos — are able to execute on the operating system, according to Sophos.
However, because these attacks rely on user interaction to execute the code, Microsoft has denied this is a flaw. Microsoft said that these attacks rely on social-engineering techniques to be successful.
"Microsoft is aware of a report by Sophos that claims variants of existing malware may affect users running Windows Vista," the software giant said in a statement. "Based on our initial investigation, Microsoft can confirm that these variants do not take advantage of a security vulnerability, rather they rely on social engineering to infect a user's system."
Social engineering relies on tricking users into executing malicious code themselves — a user has to open an infected attachment on an email for these worms to infect the system. Windows Mail Client — the Vista replacement to Outlook — will block the worms, but businesses running third-party email clients such as Lotus Notes, or webmail such as Yahoo or GoogleMail, could be vulnerable to social-engineering attacks.
Microsoft stopped short of blaming third-party email clients for the problem, but said that User Account Control (UAC) — which limits users' ability to install applications unless they have administrator privileges — can "help to provide better protections". IT managers can run Vista end-user accounts with limited "standard user" privileges, rather than administrator privileges. Users are also given security prompts when attempting to run executable code.
"In those cases where other email clients may not have made the same aggressive security design decisions as Microsoft did with Windows Mail Client, other protections such as UAC can apply still to help provide better protections against email-based social-engineering attacks," Microsoft's statement said. It added that currently, once malware has breached the outer defences of a computing system through user interaction, it is no surprise that the operating system obeys user commands to run the code. "If a user clicks through various security warnings and protections, it's of little surprise that malware (even malware from long ago), can still run," said Stephen Toulouse, a senior product manager at Microsoft's security technology unit. "It is not through a flaw that this occurs."
Toulouse said that currently, operating systems by themselves have little way of knowing when the user has chosen to run a piece of software that is "bad" until after it is installed and running, and that even then that capability is often provided by an application such as antivirus.
"This is why we strongly recommend to run antivirus on all versions of Windows, even Windows Vista," said Toulouse. "The very problem you have noted is one that is not actually unique to Windows."
The senior product manager said that application identity and authentication — the ability to accurately gauge a program's identity and appropriateness to run, to allow it to execute on an operating system — was an "important ecosystem change" that both operating-system and application manufacturers should address. He said this would help restrict the running of malicious code, while reducing instances of false positives blocking legitimate code.
While acknowledging that running malicious code was not a flaw in the operating system itself, Sophos predicted that Internet Explorer 7 (IE7) — the web browser bundled with Vista — would become a target for hackers, as web-based cybercrime was easier to perpetrate than attempting to attack an operating system by sending executable files directly to an email account.
"IE7 is definitely a major target," said Sophos principal virus researcher Vanja Svajcer. "More and more attacks direct people to a website, as most businesses don't allow executable file types into the organisation. It's much more difficult to prevent employees from surfing websites."
posted by Sid @ 11:53 AM,
,
Nokia N95
Nokia is coming out with a new range of cell phones that combine style and high-end features. Last month, they had announced the launch of Nokia N93, N72 and N73. The specs and pictures of the new Nokia N83 and Nokia N95 have spread through the net. The phone comes with a dual slider. The numeric keypad can be accessed by sliding the front up and the media control keypad can be accessed by sliding the front down.
The Nokia N95 impresses the user with its high-end specs and fantastic looks. The Nokia N95 cell phone will run on Series 60 3rd edition. The camera featured is a 5 mega-pixel camera fixed with a Carl Zeiss lens. The other major features of Nokia N95 are autofocus, flash and a mechanical shutter. For video conferencing, it employs a VGA camera.
The Nokia N95 comes with a 4GB hard drive. For further memory expansion , it has a micro SD card slot. As in Nokia N93, the Nokia N95 can record movies in DVD quality.
The display used in Nokia N95 is a 352*416pixels 16 million colour display. It also has Bluetooth 2.0 and MP3 / ACC media playback facility. the phone is compatible with GSM850/900/1800/1900 and WCDMA.
HSPDA is the next generationin cellular connectivity. The N95 is a category 6 HSPDA device which means it is up to 10 times faster that WCDMA (3G). Clearly HSDPA support is required at a network level, but many networks have already begun their testing or roll out periods. The faster connection speeds make downloading media (such as podcasts via the in built Podcast application) more palatable and should also improve latency/round trip times. Wi-Fi, WCDMA (3G) connectivity, together with quad band GSM and EDGE are also supported. Bluetooth 2.0, IrDA and USB make up the local connectivity options.
The 5.0 megapixel camera uses Carl Zeiss Optics with autofocus and digital zoom with a dedicated 2 stage capture button on the side of the phone. Video capture at near DVD quality is also supported. On the side of the device there are several buttons dedicated to camera usage. This allows the device to be held in a similar way to a traditional camera with the screen, in landscape mode, used as the view finder and the shutter button on bottom right hand side of the device (top right when phone is held horizontally). On the rear of the device, next to the camera is the slide switch, which is used to open the lens aperture and activate camera mode. Although it is difficult to judge the image quality at this stage the evidence we saw suggest that the N95 will be on of the most capable camera phones available.
posted by Sid @ 11:18 AM,
,
Nitendo - Wii
The Wii (pronounced as the pronoun "we" ) is a video game console released by Nintendo. The console was previously known by its project code name of Revolution, and is the successor to the Nintendo GameCube. Although Nintendo states that its console primarily targets a demographic different from that of Microsoft's Xbox 360 and Sony's PlayStation 3,as part of the seventh generation of gaming consoles it competes with the other two on some levels.
A distinguishing feature of the console is its wireless controller, the Wii Remote, which can be used as a handheld pointing device and can detect motion and rotation in three dimensions. Notable among the console's internal features is WiiConnect24, which enables it to receive messages and updates over the Internet while consuming very little electrical power.
Nintendo first mentioned the console in the 2004 E3 press conference and later unveiled the system at the 2005 E3. Satoru Iwata revealed a prototype of the controller at the September 2005 Tokyo Game Show. In the 2006 E3, it won the first of several awards.
The Wii console is Nintendo's smallest home unit yet; measuring 44 mm wide, 157 mm tall, and 215.4 mm deep in the vertical orientation without the included stand (which itself measures 55.4 mm wide, 44 mm tall, and 225.6 mm deep). It is approximately the size of three standard DVD cases stacked together (approx. 4.5 cm x 15 cm x 20 cm). It weighs 1.2 kg (2.7 lbs),which makes it the lightest of the three current-gen consoles. The console can be placed either horizontally or vertically. The prefix for the numbering scheme of the system and its parts and accessories is "RVL-", after its project code name of "Revolution".
The front of the console features an illuminated slot-loading optical media drive that accepts both 12cm Wii game discs and 8cm Nintendo GameCube discs. The blue light in the disc slot illuminates briefly when the console is turned on, flashes when new data such as messages have been received from WiiConnect24, and remains on if the WiiConnect24 "Slot Illumination" setting is set to "Bright" or "Dim". When there is no WiiConnect24 information, the light is off. The disc slot light does not stay illuminated during game play or when using other features.
Read More
The Wii - remote
The Wii Remote is a one-handed controller that uses a combination of accelerometers and infrared detection (from an array of LEDs inside the Sensor Bar) to sense its position in 3D space. This design allows users to control the game using physical gestures as well as traditional button presses. The controller connects to the console using Bluetooth, and features force feedback, 4KB non-volatile memory[31] and an internal speaker. The controller can connect to other devices through a proprietary port at the base of the controller. Perhaps the most important of these devices is the Nunchuk unit, which features an accelerometer and a traditional analog stick with two trigger buttons. In addition, an attachable wrist strap can be used to prevent the player from unintentionally dropping or throwing the device. In response to incidences of strap failures, Nintendo is now offering a stronger replacement of all Wii Remote straps.
posted by Sid @ 11:05 AM,
,
