Attention turns to second-gen iPhone

Next version of iPhone will take advantage of faster 3G wireless network speeds

By Matt Hamblen, Computerworld
July 06, 2007

The first-generation iPhone is barely on the streets, but some users and analysts are already talking about when a second-generation model will be launched to take advantage of faster 3G wireless networks for speedier Internet browsing.

The first version of iPhone supports AT&T's EDGE (Enhanced Data GSM Environment), a 2.5G network advertised as providing download speeds of 70Kbps to 135Kbps. AT&T and Apple chose that network because it is the largest, reaching 270 million people, company officials said last week.

However, several analysts and reviewers believe that the next-generation iPhone, which could ship early next year in the United States, will be provisioned to handle a faster 3G network, such as AT&T's High Speed Downlink Packet Access (HSDPA), to support download speeds of 400Kbps to 700Kbps. However, AT&T and Apple would not comment Thursday on their plans or a timetable for iPhone 2.0 or AT&T's HSDPA.

AT&T spokesman Mark Siegel stressed that "HSDPA is available in 160 metro areas, and AT&T will continue to build it out through the rest of the year, so obviously we're continuing to build 3G. "

But Siegel also repeated comments made last week that iPhone users will accept the slower EDGE speeds, especially since the iPhone can access faster Wi-Fi networks when a hotspot is available at home or a coffee shop. "We haven't had many complaints about EDGE," he said. "What really matters for a real human being using the iPhone who doesn't know anything about EDGE is that this is going to be a great experience in totality, whether searching for a stock quote or a map or many other things. We think overwhelmingly that people will be thrilled using this device. The experience they have on EDGE will be a really good one."

Siegel's comments, however, don't match user consternation about EDGE speeds registered at the MacRumors forums, or concerns raised by some reviewers, including one who said it took two minutes to download the Yahoo Web site home page.

The discussion thread at MacRumors asked people to post their EDGE speeds over iPhone using a network measuring tool. Some reported speeds were higher than those advertised by AT&T, but most were slower, with 64Kbps on July 3 in San Diego and 71Kbps in Los Angeles that same day. "Boooooo!" is the only comment from the San Diego user identified as FreeState. GnarleyMarley87 reported 126Kbps in Atlanta on EDGE, but 1,245Kbps over Wi-Fi at home. Other uses weighing in on MacRumors about the differences between 3G and EDGE and why Apple is waiting indicate that iPhone users are aware that AT&T's 3G network is not widely available in the United States. Users also noted that 3G-capable phones consistently run down batteries faster than those on slower networks. One analyst, Ken Dulaney at Gartner, recently confirmed that a 3G phone can use up a battery at a rate 30 percent faster than a 2.5G phone.

Apple officials would not comment on a timetable for the next iPhone release, or even whether it will support 3G.

Two analysts tended to support the decision to release the first iPhone over EDGE in order to get the broadest network reach over higher bandwidth. "EDGE is not a show-stopper for iPhone, and I think the next version will likely have 3G," said Michael King, an analyst at Gartner.

King said some industry experts believe Apple can have a second-generation device ready by October, but that Apple won't unveil them so closely behind the first version's June 29 release. King believes AT&T's HSDPA network will be more widely available for U.S. users in late 2008. "It's a pretty usable network now," he said.

With a second-generation iPhone, Apple is also likely to support QuickTime, giving access to streaming video that uses more bandwidth and tends to require a 3G network, King said.

Shiv Bakhshi, an analyst at IDC, said that Apple was "wise to have chosen ubiquitous network reach over bandwidth ... a culture of mobile data consumption in the United States is only beginning to set in. By the time it takes hold, Apple will be out with 3G iPhones and AT&T will likely roll a 3G HSDPA network across its national footprint."

Asked when both will happen, Bakhshi said "in under a year."

But Bakhshi said that it is not clear how much current iPhone users will be downloading from the Web. Songs and video can be imported from a PC, so EDGE speeds might not be an impediment for the average user.

"Every network falls short as your expectations rise higher," he said. "Some people will always be high-end users and will find EDGE really frustrating, but for the average Joe Blow like you and me, it will suffice."

Bakhshi added, "The single biggest driver of iPhone may not be data usage."

"Instead, it might be just its ability to invoke envy in your friends."

Mahalo Greenhouse Goes Live!!

Mahalo, dubbed the human-powered “search service” has accepted yours truly to be a part time guide. Even though they went live with the beta last week, it wasn't until earlier this week that I received my confirmation. So far things are rolling right along with 6 Search Results Pages (SeRPs.) done this week.

What is Mahalo you ask well check them out Mahalo FAQ's. If you'd like to become part of the Mahalo team drop by The Greenhouse. There you can find all the information on applying to become a part time guide.

For information on the projects that I've been working on visit my profile.

15 free security programs that work

I'm just going to say I was reading this list and I was seriously disappointed. There is no mention of two of the top tools in use today, spy-bot search and destroy and adaware. Neither of which you should do with out, and both are free. However the rest of the tools listed are fairly good and are definitely recommended to use.



From the moment you switch on your PC, your system faces countless Internet-borne dangers, including spyware attacks, viruses, Trojan horses, home-page hijackers, and hackers trying to weasel their way into your system. And the Internet isn't the only source of trouble. Anyone with access to your PC can invade your privacy by prying into which Web sites you visit -- and learning a great deal more as well.
But fighting back is easy. We've found 15 great pieces of software -- firewalls, spyware busters, antivirus software, rootkit killers, and general Internet security tools -- designed to protect you against any dangers that come your way. They're free, they're powerful and they're easy to use. So what are you waiting for? Start downloading.
Preventing and Eliminating Malware
From firewalls to antivirus software to tools for combatting rootkits and spyware, here are some great downloads to protect your system against malicious attacks.
ZoneAlarm
Check Point Software's ZoneAlarm may well be the most popular free firewall on the planet, and the most recent release (finally) protects Vista machines. Arguably, ZoneAlarm is the product that made everyone conscious of the need for firewall protection. It's extremely easy to use, and its method of configuring outbound protection is particularly useful. Whenever a program tries to make an outbound Internet connection, ZoneAlarm announces it with a pop-up alert. You can then permit or disallow the connection, on a one-time basis or permanently. Configuring your level of protection is a simple matter of moving a few sliders. Though the free version of the software is exclusively a firewall, Check Point also offers for-pay security suites. But if all you're looking for is a firewall, stick with the free version.
Comodo Firewall Pro
ZoneAlarm is extremely popular, but that doesn't automatically make it the best free firewall you can find. One formidable contender is Comodo Firewall Pro, which independent testing site Matousec rated as the top firewall. Matousec found that Comodo offered the highest level of antileak protection, one measure of a firewall's effectiveness. Comodo offers true two-way firewall protection, is highly configurable, and (unlike most other firewalls) provides a great view of your system and your Internet connection.
Continued...
1 | 2 | 3 | 4 | 5 | NEXT

Beware of emails "You've received a postcard from a family member!"

Hydra-headed 'Storm' attack starts

Web-based attack poses as greeting card, tries three exploits

A new round of greeting-card spam that draws users to visit attack sites relies on a sophisticated multipronged, multiexploit strike force to infect machines, security professionals said late today.

Captured samples of the unsolicited e-mail have all borne the same subject line -- "You've received a postcard from a family member!" -- and contain links to a malicious Web site, where JavaScript determines whether the victim's browser has scripting enabled or turned off.
"If JavaScript is disabled, then they provide you a handy link to click on to exploit yourself," said an alert posted Thursday afternoon by SANS Institute's Internet Storm Center (ISC). Some users turn off scripting because it is a frequent attack vector; browsers with JavaScript enabled are simply fed a two-part package of downloader and malware.

The quick browser status exam in this attack is somewhat similar to one used in a different exploit tracked by Symantec Corp. since Tuesday, but the two are not connected, said Oliver Friedrichs, director of Symantec's security response group. "They're using two different tool kits, but they're both prime examples that exploits against browsers are more and more prevalent," he said.

Today's greeting-card gambit tries a trio of exploits, moving on to the second if the machine is not vulnerable to the first, then on to the third if necessary. The first is an exploit against a QuickTime vulnerability; the second is an attack on the popular WinZip compression utility; and the third, dubbed "the Hail Mary" by the ISC, is an exploit for the WebViewFolderIcon vulnerability in Windows that Microsoft Corp. patched last October.

The ISC said several antivirus vendors had tentatively pegged the executable file, which is offered to users whose browsers have JavaScript disabled, as a variation of the Storm Trojan horse, an aggressive piece of malware that has been hijacking computers to serve as attacker bots since early this year. According to the ISC's warning, computers already compromised by Storm -- a.k.a. Peacom -- are hosting the malware, and the attackers are rotating those machines' IP addresses in the spam they're sending.

"Every Storm-infected system is potentially capable of hosting the malware and sending the spam, but only a few will be used in any given run," said the alert, "depending on how many e-mails they want sent and how many Web hits they're expecting."

Hackers haven't abandoned the practice of attaching malware to e-mail, then counting on naive users to open the file, said Friedrichs. But malware-hosting sites are the trend. "It's much more difficult to send a full malicious file," he said, because of users' learned reluctance to open suspicious files and filtering and blocking tactics by security software.
"This is widespread, and leads the user to multiple IP addresses," said Shimon Gruper, vice president at Aladdin Knowledge Systems Inc., a security company known for its eSafe antivirus software. "There's not a single server, there are multiple exploits, [and the e-mail] has no attachments. This will be very difficult to detect."

Two days ago, a Symantec honeypot captured a similar Web site-hosted attack that had an arsenal of exploits at its disposal. That attack, however, featured an unusual, if rudimentary, browser detector that sniffed out whether the target computer is running Microsoft's Internet Explorer (IE) or Mozilla Corp.'s Firefox. If the attack detects IE, it feeds the machine a Windows animated cursor exploit. If it finds Firefox, however, the sites spit out a QuickTime exploit.

Iphone set to hit shelves tomorrow

But is it going to live up to all the hype? According to most analysts no!

After five months of increasing hype, tomorrow marks the day for the consumers to find out if the Iphone is really "all that". Sink or swim? Best damn piece of consumer electronics gear ever or just another phone? We'll have to wait and see, but in the mean time we can read up on the reasons not to have Iphone envy

Iphone Drawbacks:
From a slow data network to a sealed battery, here are some of the drawbacks to consider before you buy the season's hot phone.

Limited network speeds: iPhone will not run over AT&T Inc.'s highest-speed 3G network based on high-speed downlink packet access (HSDPA) technology. The iPhone will only run over AT&T's 2.5G enhanced data rate for GSM evolution (EDGE) network. HSDPA supports download speeds of 400Kbit/sec. to 700Kbit/sec. and bursts up to 1Mbit/sec. However the
EDGE network only averages download speeds of 70Kbit/sec. to 135Kbit/sec.
AT&T has acknowledged this potential problem by announcing upgrades to its EDGE network in anticipation of the iPhone launch. And of course, the iPhone will support Wi-Fi, which will make Web page downloads much more feasible if you're in range of a hotspot.

Limited third-party apps: Lots of cell phone power users get more value out of the applications they've loaded on their handsets themselves than the often lame or expensive offerings from their carriers. When the iPhone was first announced, third-party apps seemed shut out entirely, a move that prompted one online petition of protest. Now Apple says that developers can create iPhone apps that run in Safari. Only two problems with that: First, those apps may be fairly poky given the iPhone's slower EDGE network connection. Second, many developers seem to hate writing for Safari. As PC World forums member dazeddan said, "As a developer, we have more problems designing around Safari than any other platform. I wish it would just go away."
It costs how much?! You've probably already heard about the iPhone's astronomical price: $500 for a 4GB model and $600 for 8GB. But you may not have calculated all the other costs associated with buying one. You'll have to make a two-year commitment to AT&T at a per-month cost that starts at $60, recent reports say (though that includes unlimited data access, something AT&T often charges $40 for on smart phones). And unlike with pretty much every other phone in the world, making that commitment doesn't knock down the price, it's just a requirement. Plus, if you're in the midst of a prior two-year commitment with a competing carrier, your cost of iPhone ownership could be further inflated by the early termination penalty you'll pay your current carrier. And finally, AT&T doesn't always receive high marks for its service. You may be okay with the deal now, but how will you feel in a year if the iPhone is no longer the coolest handset on the planet?
Businesspeople need not apply: It's a safe bet that many professionals will want an iPhone. But BlackBerry, Windows Mobile, Palm, and Symbian smart phones offer a long list of business-related features that the iPhone apparently won't, at least upon release. For instance, while the iPhone apparently will connect with Exchange servers, it will require some security trade-offs that could make your IT department nervous. There's no word on connecting to Domino servers. And though you can open Word and Excel files on the iPhone, you can't edit them.
Don't even try to swap that battery: Like the original iPod, the iPhone has its battery enclosed in a superslim case among tightly negotiated electronics and behind a top surface of glass--reducing the chances of a DIY battery replacement to next to nil. So if your battery life dwindles to roughly 6.5 minutes per charge, or the battery malfunctions, you'll have to send your iPhone in for repair.


Read more of pcworld's list of Potential Drawbacks

So you've changed your mind and don't want an Iphone!
Well pcworld has you covered there. Read their article comparing Iphone alternatives

Beware Harry Potter Spoilers a Phishing Scam

An attacker named "Gabriel" claims to have stolen the text of the upcoming "Harry Potter and the Deathly Hallows" from Bloomsbury Publishing by use of a phishing scam.

He has published what he claims are all of the plot points—including main characters who get killed and the final outcome of the seven-book series.

Gabriel says he used "the usual milw0rm downloaded exploit." The exploit entailed delivering to a Bloomsbury employee an e-mail with an invitation to click on a link, open a browser and click on a maliciously crafted animated icon that allowed the attacker access to the victim's system.

"It's amazing to see how much [sic] people inside the company have copies and drafts of this book," Gabriel wrote in a posting on Insecure.org. "Curiosity killed the cat." (Ed. note: Spoiler alert: Do not click on the link to read Gabriel's posting if you don't want to have the plot spoiled.)

milw0rm is a group of politically motivated "hacktivists" whose most famous exploit was penetrating the computers of the Bhabha Atomic Research Centre (BARC) in Bombay, the primary nuclear research facility of India, on June 3, 1998. They have anti-nuclear and pro-peace agendas and, in this case, anti-Harry Potter and pro-Pope Benedict XVI.

"We did it by following the precious words of the great Pope Benedict XVI when he still was Cardinal Joseph Ratzinger," Gabriel said. "He explained why Harry Potter bring the youngs [sic] of our earth to Neo Paganism faith. So we make this spoiler to make reading of the upcoming book useless and boring."

Gabriel said he did it "to protect you and your families."

This weeks hot offerings from Dell

Prices valid 6/21-6/27

Dimension C521 featured at $419.
AMD Athlon 64 X2 Dual-Core 3600+ 1GB Dual Channel DDR2 19 inch Samsung 941BW Widescreen LCD Monitor and more!!

Inspiron 1501 featured at $549.
AMD Athlon 64 X2 Dual-Core Mobile Technology TK-53 15.4 inch Wide Screen XGA Display 1GB DDR2 and 80 gig hard drive and more

Inspiron^TM 1501 $499
AMD Turion X2 Dual-core Processor, Windows Vista^TM or Windows^® XP,15.4" Widescreen, 1GB Memory, 60GB Hard Drive, CD/DVD Burner and more

Up to $100 off select* Dell™ laser printers.

AT&T Launches $10 DSL

AT&T has quietly begun offering DSL service for $10 per month for new customers. Offered as part of the concessions made to the Federal Communications Commission in order to gain approval for its merger with BellSouth, the speed is nothing to get excited about: 768Kbps down and 128Kbps up. However for the budget minded or those in an area that will only allow these speeds its a great way to save $60/year

AT&T is doing little to publicize the new offering. In fact, most people looking for the low-price service have only been able to find it by clicking on the Terms and Conditions link at he bottom of AT&T's residential high-speed Internet product page. A note on AT&T Yahoo! High-Speed Internet buried six paragraphs down says that the "basic speed ($10.00)" tier is available to new customers only, those who have not subscribed to AT&T or BellSouth DSL during the past 12 months, and the service requires a one-year contract.

Customers must also order phone service to get the budget-priced DSL service; those looking for cheap, naked DSL should look elsewhere. Those living in BellSouth's former territory can get naked DSL for the next two-and-a-half years, however. The terms of the merger state AT&T is only required to offer the $10 per month tier for the next two-and-a-half years. After that, the company is free to make whatever changes it wants to the service.

While this is not a top notch deal, it is fairly good for those that haven't yet made the switch from dial-up, anyone on a tight budget or those of you that only browse the net and check emails.

Hackers compromise 10k sites, launch 'phenomenal' attack

The large-scale attack is based on the multiexploit hacker kit dubbed 'Mpack'

Attackers armed with an exploit tool kit have launched massive attacks in Europe from a network of at least 10,000 hacked Web sites, with infections spreading worldwide, several security companies warned today.

As early as last Friday, analysts reported the opening salvos of a large-scale attack based on the multiexploit hacker kit dubbed "Mpack." The mechanics of the attacks are complex, but essentially attackers taint each compromised site with code that then redirects visitors to a server hosting the Mpack kit -- a professional, Russian-made collection of exploits that comes complete with a management console to detail which exploits are working and against what countries' domains.

Infected computers are fed a diet of malicious code, largely keyloggers that spy out usernames and passwords for valuable accounts such as online banking sites.
"The gang behind the attack has successfully compromised the homepages of hundreds of legitimate Italian Web sites," said Symantec Corp. researcher Elia Florio in a posting to the vendor's security response blog on Friday. "The list of compromised sites is huge and from Mpack statistics this attack is working efficiently."

Florio said that Symantec is uncertain how the sites were originally hacked but that she suspects a common vulnerability or configuration problem at the hosting level.

Paul Ferguson, a network architect at Trend Micro Inc., would only guess at how sites were hijacked but said that "how" is mostly a moot question. What's important, he said, is that "the hackers seem to be able to find a lot of sites to compromise no matter where they look."
By Friday night, Symantec had pegged the number of compromised sites feeding Mpack exploits at 6,000; by today, Websense Inc., a San Diego-based Web security company, said it had tracked more than 10,000. "That's a phenomenal number," argued Ferguson, who said that previous compromised-site attacks using hacker kits could be counted as "several hundred here, a couple hundred there."

Screenshots of the Mpack management console posted by Websense on Monday and Symantec on Friday illustrate the large numbers of computers that have surfed to the compromised sites and the high success rate of the Mpack-delivered exploits. Although the bulk of the victim PCs use Italian IP addresses, U.S.-based machines are not immune.
"The lion's share of the sites we're seeing are in Italy still," said Ferguson, "but we're seeing sites all over the world as well." For instance, Trend Micro has identified hacker-controlled sites hosted in California and Illinois. The California site is hosted by a company Ferguson called "notorious," but he wouldn't divulge the hosting vendor's name.

"The usual advice we give, 'Avoid the bad neighborhoods of the Web,' just doesn't hold water anymore," when legitimate sites have been hacked and are serving up exploits left and right, Ferguson said. "Everywhere could be a bad neighborhood now."

ComputerWorld's summer gadget guide

Whether your summer plans involve hiking, lounging by the pool, hitting the road or doing absolutely nothing, ComputerWorld has yet a list of gadgets to help your summer be as "cool" as possible.

Some of my person favorites include:

EGO Waterproof iPod Case
IPod speaker docks and accessories abound. But how many let you take your iPod safely into the pool? Atlantic's EGO Waterproof Sound Case for iPod ($150) protects your iPod from water -- or even shock damage -- while blasting your tunes all over the backyard or boat through its built-in, waterproof speakers.

ATC2K Waterproof Action Camera
Oregon Scientific's underwater video camera is a perfect fit for today's record-everything society. Waterproof to a depth of 10 feet, the ATC2K captures moving images at 30 frames per second in VGA (640 by 480) resolution.

ATC2K Waterproof Action Camera

Hands-free digital recording options and several different mounting options allow the videographer to place, mount or strap on the half-pound ATC2K anywhere (within reason). It works seamlessly with most video-editing software suites, including Windows Movie Maker, iLife and Final Cut. What's best, however, is the price: At $130, it's an outright steal.

Throw this gadget into the swimming pool with your kids and they'll be occupied all summer. At the very least, it could give you some great blackmail material for later in life.

Sony to cut PS3 prices?

The chairman and chief executive of Sony, Sir Howard Stringer, has said the company was attempting to "refine" how much it could afford to reduce the price of the PS3 console by. Stringer has also been quoted as saying there was "no question" consumers wanted the price to be lower.

In an interview with the Financial Times, Stringer admitted rival console the Nintendo Wii -- which is far outselling the PS3 -- was based on a good business model.

Sony fell short of its PS3 target in the 12 months to 31 March 2007 by 500,000 units. Market analysts are predicting the games division to incur a loss of around $488 million in the current year, despite Sony's claim it has sold more than a million units in Europe and Australasia since the PS3's late March launch there.

Stringer said: "[Price cuts are] what we are studying at the moment. That's what we are trying to refine." He went on to say that he expected "energy [in PS3 sales] by Christmas, and then you will begin to see break-out games".

PS3 sales have been slow -- to be honest, the world over -- owing to its high price and slow, drip-feed supply of games, most of which have been PC game re-writes anyway. Apparently, the Japanese electronics giant has a target of shipping 11 million consoles this year, and with production costs falling many believe Sony will cut prices by USD100 before the crucial Christmas sales period.

Wireless network admins wising up

But drive-by surveys in New York, London and Paris still spot lots of unsecured hot spots


Owners of wireless hot spots are doing better at securing their networks, but about a fifth of corporate access points in London, Paris, and New York remain open to all comers, RSA Security Inc. reported Thursday.

Reprising past surveys, RSA personnel drove or walked through swaths of each city, logging each wireless access point detected by a specially-equipped laptop, and recording data including the service set identifier (SSID), security protocol, signal strength, and operational mode. In New York, for example, the team covered Manhattan's Midtown and Downtown, and parts of Uptown as far north as 125th Street.

On average, survey results were encouraging, said Toffer Winslow, a vice president of product management at RSA. "Folks are securing their access points more, and more with advanced encryption such as WPA rather than plain old WEP," he said.

Wired Equivalent Privacy (WEP) is a 1999-era data encryption standard now considered inadequate, and has been supplanted by WPA, or Wi-Fi Protected Access, which requires stronger passwords and uses a 128-bit key rather than WEP's 40-bit key. However, WEP is still offered as the default security technique by most wireless hardware.

In all three cities, the percentage of hot spots that were secured by some kind of encryption was higher than last year. In London, the numbers improved from 76% to 81%, while New York climbed from 75% to 76%, and Paris moved from 78% to 80%. WPA use also grew, Winslow said, with 49% of the business wireless networks in New York locked down with tighter security. London and Paris came in second and third, with 48% and 41% WPA usage, respectively.

But a substantial percentage of business wireless networks still run without security. Eighteen percent of the detected corporate hot spots in both Paris and London were unsecured, while New York topped that at 21%. "This strikes me as very foolish," said Winslow.

Living almost as dangerously were significant minorities of hot spots that used default SSIDs and media access control (MAC) addresses. In London, 30% of the wireless networks relied on the manufacturer's SSID -- usually the name of the hardware maker, such as Linksys -- or preset MAC address. New York ranked slightly better, at 24%, but Paris beat both by a wide margin: Only 13% of the wireless access points sniffed by RSA in the city of light used defaults.

"Change the default network settings, that's No. 1," said Winslow when asked to list recommendations for wireless users. "Use [encryption] protocols stronger than WEP, and when you're at a public hot spot, VPN is essential.

"I wouldn't even call these 'best practices' anymore" he said. "They're just the reasonable practices."