Tuesday, January 29, 2013

Google Bets Big On Chrome OS Offers Pwnium Hackers $3.14M In Potential Prizes

Google has had a long standing history in betting big on it's products. They were one of the first companies to offer the public bug bounties for their Chrome browser and just last year took thing to a new level with the $1million sponsorship of "Pwnium". Now the search giant is taking things to new heights tripling the maximum total prize money to $3.14 million.

Dubbed Pwnium 3, this new challenge will open the door for researchers to focus their sites on the Chrome OS, Google's browsers based operations system that has been gaining a bit of traction thanks to the ChromeBook. The content will reward those who can hack the operating system with individual prizes of $110,000 and $150,000 with a max total up to $3.14159 million.

The attack must be demonstrated against a base (WiFi) model of the Samsung Series 5 550 Chromebook, running the latest stable version of Chrome OS. Any installed software (including the kernel and drivers, etc.) may be used to attempt the attack.

Pwnium 3 will take place along side the Pwn2Own during the CanSecWest security conference held March 7th in Vancouver, British Columbia. Google will also partner with HP TippingPoint's Zero Day Initiative (ZDI) bug bounty program to host Pwn2Own. That contest, with $560,000 in total cash prizes, will focus on Web browsers, including Chrome, Microsoft's Internet Explorer (IE) and Mozilla's Firefox, as well as plug-ins from Adobe and Oracle.

Google withdrew support for last years event citing differences in what information was going to be made available concerning the exploits used in achieving the hacks. Full exploit details are traditionally been handed over after the contest however last year was an exception and an explicit non-requirement for the contest which Google felt was unacceptable.

"This year, we've teamed up with ZDI by working together on the Pwn2Own rules and by underwriting a portion of the winnings for all targets," said Evans about the new understanding between Google and HP TippingPoint. "The new rules are designed to enable a contest that significantly improves Internet security for everyone. At the same time, the best researchers in the industry get to showcase their skills and take home some generous rewards."

Apple Confirms 128GB iPad Starting At $799

As reported yesterday rumors had been popping up around the web that Apple was working on an iPad with twice the storage capacity of the 64GB model. Today those rumors were confirmed as Apple officially announced the 128GB iPad 4 with Retina Display.

“With more than 120 million iPads sold, it’s clear that customers around the world love their iPads, and every day they are finding more great reasons to work, learn and play on their iPads rather than their old PCs,” said Philip Schiller, Apple’s senior vice president of Worldwide Marketing. “With twice the storage capacity and an unparalleled selection of over 300,000 native iPad apps, enterprises, educators and artists have even more reasons to use iPad for all their business and personal needs.”

For internals nothing has changed from the current fourth generation iPad. You get the same features which include a 9.7-inch Retina display, Apple-designed A6X chip, FaceTime HD camera and the update to iOS 6.1 which includes support for additional LTE networks around the world.

The new 128GB versions of the fourth generation iPad will be available starting Tuesday, February 5, in black or white, for a suggested retail price of $799 (US) for the iPad with Wi-Fi model and $929 (US) for the iPad with Wi-Fi + Cellular model. All versions of the 128GB iPad will be sold through the Apple Online Store (www.apple.com), Apple retail stores and select Apple Authorized Resellers.

Monday, January 28, 2013

That Facebook Legal Notice Is Legit And Could Get You Some Easy Cash

If you are a member of Facebook then you've likely received what you probably thought was a scam email. However, those emails notifying you of a a class action lawsuit (Angel Fraley v. Facebook) or completely legit and yes the social network is proposing to pay $20 million into a fund to be used to pay members $10 each.

Angel Fraley v. Facebook is an ongoing legal battle that has been winding its way through the courts since March 2011, when five Facebook members, including two minors, maintained they claimed to represent a class of people injured by the Sponsored Stories. The "Sponsored Stories" are targeted Facebook advertisements that use information about your friends to sell stuff to you.

To settle the proposed lawsuit resulting from those allegations of unlawful use of its members' content, the social network is proposing to pay $20 million into a fund to be used to pay members who appeared in the sponsored stories. For every member that received the legal notice from Facebook the company may be pay you up to $10 as part of the settlement. There’s no guarantee you will get the money, however, it doesn't hurt anything to try it!

Even if you dumped your copy of the email you can fill out a claim form and see what happens. If you still have the email keep it. As it contains a unique identifier that will help in filling out the form and hopefully getting your cold hard cash! 

Is Apple Prepping 128GB iDevices. And Will You Buy Them?

Good news for those of you that love storing all your photos and videos locally on your iDevice. iOS developers have reportedly discovered details about a 128GB configuration keys appearing in the fifth developer preview of iOS 6.1. The rumor which has also been backed by sources for 9to5Mac, which have shared new retail SKU information that suggests a new "Ultimate" configuration of the existing fourth-generation iPad which may be coming soon.

The rumors broke over the weekend with many iOS developers noticing new system partition settings listed in the beta version of iOS 6.1. iOS developer "iNeal" originally tweeted about the 128GB configuration keys with others quickly the details. Apple has boosted the top-end capacity of the iPhone with each "S" model—the iPhone 3GS raised the top capacity from 16GB to 32GB, and the iPhone 4S boosted it from 32GB to 64GB. So the move, while perhaps appearing a bit odd considering reports of a recent slump in 64GB model sales would be inline with Apple's traditional moves

Further details were noted by 9to5Mac as the site reported that SKU's for a new "Ultimate" edition 4th generation iPad have already been discovered. The pricing associated with the new SKU—$799 for a Wi-Fi model and $929 for a Wi-Fi + Cellular model—is in line with what we would expect for a 128GB iPad considering the existing price structure.

The $799 and $929 price tag is a considerable jump in prices from the most popular models. So while consumers buy them? For some no matter what the storage limit is for an iOS device, there are always users who want more. But how many users out there really store that much data on their iPads? Isn't one of the biggest selling points of the iPad the use of iCloud and it's syncing abilities?

For now the rumors seem to revolve around the iPad and none of the evidence so far gives any indication of when Apple might actually release a 128GB iDevice. Nor do the rumors point towards anything other than the iPad. So iPhone and iPod users might be left out in the cold on this one.

Thursday, January 24, 2013

Linksys Will Live On Under Belkin Ownership

When Cisco CEO John Chambers talked about the possibility of dialing back more of Cisco's consumer technology portfolio and focusing on the company's wide ranging corporate software and technology services many, including myself, wondered what might come the Linksys brand. Today we are one step closer to that answer as Belkin has announced and agreement to purchase Cisco’s entire Home Networking Business Unit.

"We're very excited about this announcement. Our two organizations share many core beliefs – we have similar beginnings and share a passion for meeting the real needs of our customers through the strengths of an entrepreneurial culture," Belkin CEO Chet Pipkin said in a statement announcing the deal.

Cisco, which bought Linksys for $500 million back in 2003 when Chambers was on a push to diversify to consumer lines from the company's core B2B service, has been slowly whittling away at those diversity projects. First dumping Flip and now Linksys.

According to their statement Belkin intends to maintain the Linksys brand and will continue to offer support for Linksys products. All valid warranties will be honored by Belkin for current and future Linksys products. After the transaction closes, Belkin will account for approximately 30 percent of the U.S. retail home and small business networking market.

The specifics on the terms of the transaction are undisclosed. The transaction is subject to various standard closing conditions and is expected to close in March 2013.

Wednesday, January 23, 2013

Google's Latest Transparency Report Shows Continued Rise In User Data Requests

Google has released the company's latest Transparency Report, detailing government requests for user data. This latest report follows the trend of previous reports showing a steady increase in government requests for the information Google collects on users and a growing effort for the Government to obtain said data. Google has shared these figures since 2010 because the company feels it important for people to understand how government actions directly affect them!

This latest report offers a much more detailed view of what it takes for the Government to actually obtain your information. For the first time Google included a breakdown of the kinds of legal process that government entities in the U.S. use when compelling communications and technology companies to hand over user data. From July through December 2012:

  • 68 percent of the requests Google received from government entities in the U.S. were through subpoenas. These are requests for user-identifying information, issued under the Electronic Communications Privacy Act (“ECPA”), and are the easiest to get because they typically don’t involve judges.
  • 22 percent were through ECPA search warrants. These are, generally speaking, orders issued by judges under ECPA, based on a demonstration of “probable cause” to believe that certain information related to a crime is presently in the place to be searched.
  • The remaining 10 percent were mostly court orders issued under ECPA by judges or other processes that are difficult to categorize.
User data requests of all kinds have increased by more than 70 percent since 2009, as you can see in our new visualizations of overall trends. In total, we received 21,389 requests for information about 33,634 users from July through December 2012.

Absent from the report is the newest data on content removals. That’s because going forward Google says they will create separate, likely more detailed reports for that information. For more on the report checkout today's Google Blog post.

'Gangnam Style' Generated Over $8 million In Advertising Deals

If you haven't seen, or at least heard of the YouTube sensation Psy and his hit song, 'Gangnam Style,' then you must have been living under a rock, or on the far side of the moon. The video which has now passed more than 1.23 billion views and become YouTube's all time views leader has made Psy, whose real name is Park Jae-Sang, a world wide sensation racking up views in close to 75 countries.

His YouTube successes aside 'Gangnam Style' has netted a reported $8 million in all in advertising deals. During the company's quarterly earning calls Google senior vice president and chief business officer Nikesh Arora gave the companies estimates on the videos success.

Google allows creators to monetize popular YouTube videos by placing advertisements before the video you want to watch. For ultra-popular videos like Gangnam Style, this practice can be lucrative: Christopher Mims of Quartz does the math and says the $8 million in earnings reported by Arora means the video is generating about $0.65 in revenue per click. For a video with 1.23 billion YouTube views and counting, that kind of cash adds up -- fast.

While the $8 million sounds impressive Psy doesn't get to keep all of the money. Half of the cash from YouTube advertising goes to YouTube itself, which means Psy likely pocketed a $4 million. This doesn't account for any outside deals or downloads through other sources such as iTunes. A previous analysis by the Associated Press indicated that Psy had already earned $7.9 million from Gangnam Style in worldwide revenue, including downloads on iTunes and streaming and sales on services available only in Korea.

Psy has certainly raked in cash and his share of the 15mins of fame from "Gangnam Style". Not bad for a YouTube sensation.

Tuesday, January 22, 2013

Pornography Or Art? Apple Doesn't Care As It Pulls 500px App

Censorship is nothing new to the Apple store, however rarely do you find Apple pulling 'artistic' flavored apps over concerns that it is too easy for users to search for nude photos in an app. According to TechCrunch that is exactly why Apple has pulled the plug the iOS apps from photo sharing site 500px.

500px is well known in the photog world as a high quality site for photographers to share photos. While the site may occasionally play host to several nude shots the “nude” photos on 500px aren’t necessarily the same types of nude images users may find on other photo-sharing communities. That is, they’re not typically pornographic in nature. These are generally high quality artistic styled shots. In fact it is against the 500px TOS to display anything but as 500px COO Evgeny Tchebotarev was quick to point out. “We don’t allow pornographic images. If something is purely pornographic, it’s against our terms and it’s deleted,” Tchebotarev notes.

Apparently the 'artistic' nature of the images offers little interest to Apple. The Next Web secured this statement from Apple: "The app was removed from the App Store for featuring pornographic images and material, a clear violation of our guidelines. We also received customer complaints about possible child pornography. We've asked the developer to put safeguards in place to prevent pornographic images and material in their app."

The old 500px app resided in the App Store for 16 months and this new version was no more nor less "safe" than the previous one.

Currently, 500px relies on the community to identify any inappropriate images that may appear on their website. Users then need to report those images for review before they are potentially removed. The current  iOS app provides a “safe search” mode where an explicit or adult related material would be hidden by default. To shut off safe search, 500px actually required its users to visit their desktop website and make an explicit change.

The company had told Apple yesterday that it could make a change to its apps to address the issue at hand, and this would also automatically take care of the problem in the dozen or so third-party applications using its API, which also include big names like Flipboard and Google Currents. However, Apple couldn’t wait for the change, which was expected to take a day, and pulled the apps.

Firefox Phone Quickly Becoming A Reality

Back in July of last year Mozilla announced plans to develop the Firefox OS, promising we'd see the new operating system on a few smartphones in the coming months. That promise has come one step closer to realty as the company has announced the Firefox OS developer phone.

These developer preview phones are being developed by Geeksphone in partnership with Telefonic. The first phone, dubbed Keon, according to creator Geekphone's website, features a 3.5-inch HVGA touchscreen, 1GHz Snapdragon S1 CPU, 512MB of RAM, 4GB of storage, WiFi, and a 3-megapixel camera. It will be continually updated with OTA OS updates, and will be carrier-unlocked, so devs can tinker to their heart's content.

The second more powerful phone will be dubbed Peak. It's got a 4.3-inch qHD screen, 8-megapixel back-facing camera (with flash) and 2-megapixel shooter round the front. A 1.2GHz dual-core Snapdragon S4 CPU and larger 1800mAh battery. Storage, RAM and connectivity specs are the same as the smaller Keon.

Looking to build a bit of a following for the new platform Mozilla has put together Firefox OS App Days, a worldwide set of 20+ hack days happening this week. At each App Day event, you’ll have the opportunity to learn, hack, share and celebrate Firefox OS, Mozilla’s open source operating system for the mobile web. Technologists and developers from the Mozilla community will present tools and technology built to extend and support the Web platform, including mobile Web APIs to access device hardware features such as the accelerometer.

Firefox OS App Days launch on 19 January and continue through 2 February, with the majority of the events taking place on 26 January. This wiki page has a master list of all the events and their registration forms, from Sao Paulo to Warsaw to Nairobi to Wellington — and many more.

There has been no word on pricing or availability of either device, however more information can be obtained through the Mozilla Hacks Blog or GeeksPhone (we love that name)

Skype Attracting More Malware

As with any service the bigger you are the better a target you are. As Skype's messaging platform continues to draw more and more users that is becoming ever more apparent as Skype is becoming an attractive target for malware writers.

More and more reports are surfacing about malware that is specifically engineered towards Skype's services and users. The latest reports came last week with the reporting of the Shylock financial malware spreading on Skype and yesterday two worms dubbed, Bublik and Phorpiex, were discovered spreading through Skype in Japan.

Bublik is a backdoor with rootkit functionality. It opens a direct connection between an infected computer and a control server and downloads additional plug-ins. In this case, Trend Micro discovered the Kepsy worm, which helps Bublik spread over Skype and also clears Skype message history. Bublik can also enable remote access for an attacker giving them total control over the infected machine. It also gathers and reports application data, system and network information, hardware specs and running processes.

The Phorpiex worm targets removable drives and spreads via Skype messages with links to sites hosting the worm. On Skype, the threat is distributed via messages that read “LOL,” followed by a link to what appears to be an image file. The Skype messages are actually generated by a plugin called WORM_PESKY.A. Trend Micro said Phorpiex connects to an IRC server and joins a particular IRC channel in order to execute commands from the attacker. It also downloads other malware onto the compromised system and sends itself out in email attachments. The worm will delete itself after it executes.

So far Phorpiex has been mainly targeting users from Japan with roughly 83% of all reported infections being found there.

With the widespread use and availability of the Skype in the Workplace beta, more users joining the service and Microsoft recommending Windows Messenger users move to Skype on March 15 when its platform disappears, these threats are likely to continue and likely to become even more sophisticated. Users need to remember to be ever vigilant when clicking links as most of these infections spread through infected sites that are linked in messages.

Friday, January 18, 2013

More Bad News For Java: Latest Java Update Broken New Bypass Flaws Found

Despite Oracle's recent attempts to patch Java reports surfaced earlier this week that the update was incomplete and didn't address all of the critical holes in the application. Today further reports suggest that the two new bypass flaws have been found and remain un-patched.

“We have successfully confirmed that a complete Java security sandbox bypass can be still gained under the recent version of Java 7 Update 11,” Java security researcher Adam Gowdiak of Security Explorations in Poland wrote a short while ago on the Full Disclosure mailing list.

Gowdiak said his organization reported two new flaws to Oracle today, along with working proof-of-concept code, a single exploit that relies on two vulnerabilities. He told Threatpost he would not share any details on the vulnerabilities, but said Oracle did confirm it had received the information he sent and had begun looking into the problem.

In the mean time I highly suggest that all Java users either remove the plug-in or disable it. The Windows control panel for Java makes it easy to disable the Java plugin giving you the option of keeping it installed and only enabling it as needed. Instructions on how to disable Java in Chrome, Firefox and Safari are also available from their respective companies.

Pwn2Own 2013 Going To Be Bigger Than Ever With Record $560K In Prize Money

This year's Pwn2Own hacking contest promises to be bigger and better than ever with HP TippingPoint, the long-time organizer of Pwn2Own, revamping the challenges and offering cash awards exceeding half a million dollars.

For the 2013 content HP’s DVLabs Zero Day Initiative (ZDI) is expanding the focus of the annual Pwn2Own competition beyond vulnerabilities in the web browser alone. Instead this year focusing not just on the browser itself but browser based plug-ins which are often the target of malicious attacks. Hackers will be allowed to target and demonstrate exploits of previously-unknown vulnerabilities in Chrome, Firefox, Internet Explorer (IE) or Safari as well as popular add-ons like the Adobe Reader, Adobe Flash or Oracle Java browser plug-ins.

HP ZDI is offering more than half a million dollars (USD) in cash and prizes during the competition for vulnerabilities and exploitation techniques in the below categories. The first contestant to successfully compromise a selected target will win the prizes for the category.
  • Web Browser
    • Google Chrome on Windows 7 ($100,000)
    • Microsoft Internet Explorer, either
      • IE 10 on Windows 8 ($100,000), or
      • IE 9 on Windows 7 ($75,000)
    • Mozilla Firefox on Windows 7 ($60,000)
    • Apple Safari on OS X Mountain Lion ($65,000)
  • Web Browser Plug-ins using Internet Explorer 9 on Windows 7
    • Adobe Reader XI ($70,000)
    • Adobe Flash ($70,000)
    • Oracle Java ($20,000)
The targets will be running on the latest, fully patched version of the Windows 7, 8, and OS X Mountain Lion. All targets will be installed in their default configurations, as this is how a majority of users will have them configured. As always, the vulnerabilities utilized in the attack must be unknown and not previously reported to the vendor. If a sandbox is present, a full sandbox escape is required to win. A given vulnerability may only be used once across all categories.

The contest will take place the 6th, 7th, and 8th of March in Vancouver, British Columbia during the CanSecWest 2013 conference. You can follow along as the contest plays out and get real-time updates by following either @thezdi or @Pwn2Own_Contest on Twitter or search for the hash tag #pwn2own.

For more details checkout: DVLabs Pwn2Own 2013

Thursday, January 17, 2013

Microsoft Security Essentials Fails Second AV-Test, Microsoft Responds

For the second time in a row Microsoft's Security Essentials failed to win certification from AV-Test, an independent testing lab that evaluates the efficacy of antivirus products. In total twenty-three products received AV-TEST certification when used with Windows 7, but Microsoft's own Security Essentials suite failed back to back certification testing.

AV-Test runs several independent tests on several platforms, publishing the labs tests results every two months, and for this latest installment for November and December, the firm evaluated 25 consumer antivirus security programs. In the previous testing, Microsoft Security Essentials 4.1 was the only one to fail certification, falling well below the testing baseline set for a recommended product.

According to the results, Microsoft Security Essentials 4.1 scored a 1.5 out of 6.0 in the Protection category, caused by its lower-than-average protection against 0-day malware attacks, inclusive of web and e-mail threats (Real-World Testing). Its detection of a "representative set of malware discovered in the last 2-3 months" was also lower than the industry average. In the Repair department, which evaluates the suite's ability to remove all active components of widespread malware (including Rootkits and stealth malware), Microsoft Security Essentials 4.1 again scored well below the standard. Scoring a 3.0 out of 6.0. The s fell under the industry average, and its ability to detect actively running widespread malware (including Rootkits and stealth malware) also fell under the industry standard.

Microsoft responded to the test via a blog posted yesterday, challenging its findings.

"Our review showed that 0.0033 percent of our Microsoft Security Essentials and Microsoft Forefront Endpoint Protection customers were impacted by malware samples not detected during the test," Joe Blackbird, program manager for Microsoft's Malware Protection Center, said. "In addition, 94 percent of the malware samples not detected during the test didn't impact our customers."

In an e-mail to CNET, AV-Test CEO Andreas Marx said that Microsoft brought up some good points in its blog and that the group has been discussing these items with the company and other antivirus vendors. According to Marx, the issues cited by Microsoft aren't specific to testing but rather to the prevalence of certain viruses and their impact on actual users. "Depending on what you count, you will get different results," he said.

The testing is also dependent on the amount of data AV-Test receives, both from antivirus vendors and users.

"To create meaningful data, we are already using telemetry data from a wide range of antivirus companies and users of these products," Marx said. "Our tests can only be as good as the prevalence data we're getting in a timely manner."

Either way you look at it the results aren't good news for Microsoft which has taken more than it's share of its in the security vulnerability department. The initial version of Security Essentials scored well in the group's testing. But has quickly fallen from those high marks and in more recent tests conducted last year found the product much less effective.

Wednesday, January 16, 2013

New Patch Fixing Critical Java Hole Released: Update Your Java Now!

A new Java patch has been released repairing a critical security vulnerability which reportedly open doors for large scale cyberattacks. The vulnerability, which was so critical it prompted the U.S. Department of Homeland Security to issue warnings, affected all systems running Java 7.10.

The new release from Oracle, Java 7 Update 11, is said to close not only all the holes penetrable in the previous version but also includes a fix for another previously undisclosed critical vulnerability. Oracle also confirmed that the flaws in question do not affect Java 6 or earlier versions of the runtime. Oracle urges users to update as soon as possible.

The security alert for CVE-2013-0422 notes in its Risk Matrix that CVE-2012-3174, another critical, remotely exploitable vulnerability, is also being fixed in the update. Little is known of the equally severe vulnerability except that its CVE number was apparently assigned in June 2011 and its discovery appears to be credited to a Brian Murphy via TippingPoint.

Oracle's quick response to this high profile, easily exploited vulnerability is commendable. However, I for one suggest leaving Java disabled or un-installed unless you absolutely need it. This is the second major issue with Java in just a few short months. Given that the on-going consensus amongst security experts is to leave Java disabled in the browser especially as few sites these days actually use Java. The Windows control panel for Java also allows users to easily disable the Java plugin giving you the option of keeping it installed and only enabling it as needed.

Instructions on how to disable Java in Chrome, Firefox and Safari are also available from their respective companies.

Tuesday, January 15, 2013

Facebook's Big Announcement, Graph Search

Following an announcement of a scheduled press event for today which led to nearly a week of rumors and speculation Facebook co-founder and CEO Mark Zuckerberg finally took the wraps off the company's "big" plans. While most rumors had the company prepping a smartphone or new mobile strategy, Zuckerberg said its focus is on a new social based search.

Dubbed "Graph Search", the new tool will use the thoughts and opinions of the sites 1 billion users to search and sort results for you. Over the years Facebook has built a massive collection of information about what company, restaurants, retailers and gadgets its users have tried.With Graph Search Facebook will comb through that data and give you a unique search view based on the reviews and information provided by not only the rest of the Facebook users but also your friends, and even their friends.

"Facebook Graph Search has the potential to really change the game over time," said Dan Olds, an analyst with The Gabriel Consulting Group. "The power of Graph Search comes from Facebook's sheer size. The more data there is to search and map, the more valuable the results. It can make Facebook a much more valuable tool."

The tool, which is available now, is still in its very early stages. The beta version rolled out today on a limited basis to users on the order of hundreds or thousands, Zuckerberg said, and is years away from being complete. At the moment, Graph Search can only handle queries based on people, photos, places and interests.

While the new search tool is still in its infancy it isn't coming without trepidation. During the event, Facebook executives where it with questions from the audience regarding privacy controls, including whether queries performed using Graph Search will allow people to see likes or other friends' information that is currently hidden from their own timeline. Facebook executives assured attendees that with Graph Search users can only see content that they could see before, and users can only search for content that has been shared with them. The company is also rolling out more user-friendly privacy controls to keep users' information hidden and make it easier to untag photos.

For more on Facebook's new Graph Search checkout this page, complete with sign-up list and a few videos.

Friday, January 11, 2013

White House Won't Build $850 quadrillion Death Star

The White House has offered to formally respond to any petition posted on at the White House petition site reaching more than 25,000 respondents. Today made good on that promise when they posted an official response for the proposal to build a Death Star, saying that in addition to its prohibitive construction costs, the current administration does not advocate destroying other planets.

In their rather humorous response they explained exactly why the US will not be building a Death Star. The Administration cites first of all the enormous cost of the endeavor which they estimated at $850 quadrillion ($850,000,000,000,000,000). Secondly they very astutely stated, “Why would we spend countless taxpayer dollars on a Death Star with a fundamental flaw that can be exploited by a one-man starship?”

The entire endeavor was meant as nothing more than a laugh, and I'll give the White House some credit for playing along. However, I'd like to see the White House petition site taken a bit more serious by the citizens of the United States. We shouldn't be wasting time, and yes tax payer money, with these trivial petitions. We should be using the site to garner attention for the more pressing matters.

Windows RT Jailbreak Tool Allows Users To Run Unsigned Apps

Earlier this week reports surfaced that a software creator known only by his handle "clrokr" created a work around for Windows RT which allowed users to download and install unsigned ARM-based desktop applications on Microsoft's closed Windows RT operating system. Following this report another programmer took things a bit further and has released a tool that automates this jailbreaking process on Windows RT.

At the heart of the hack is a simply value string. It was discovered that a single byte determines whether or not a Windows RT device will try to execute a given app. The minimum signing level value is present on both Windows 8 and Windows RT, and it’s the key to making an app launch on Windows RT. On a Windows 8 system the value is defaulted to 0 and thereby allows any x86 app to run, even unsigned ones. That’s why you can download any executable file or application and launch it.

On Windows RT, the value by default is set to 8. It is this setting that prevents devices like the Microsoft Surface from running anything other than what Microsoft approved and signed off on (Windows Store Apps). By performing a bit of code wizardry, Clrokr was able to flip the value and trick Windows RT into running an unsigned app.

Enter the software creator, known as "netham45". netham45 has released a batch file on the XDA Developers website that will automate the changing of this kernel string changing the minimum signing level to run unsigned apps on the OS. The exploit is limited by the fact that the setting needs to be changed each time the PC boots up (it can’t be permanently altered on devices enabled with Secure Boot), and it only works for unsigned ARM desktop apps. But it is a step to allowing outside third party apps which could allow for more creative uses down the road.

Microsoft has already issued a statement saying it does not consider the findings to be part of a security vulnerability, and applauded the hacker for his ingenuity. At this time it is uncertain whether Microsoft will issue a patch blocking this jailbreak or not, but netham45 says if they do you can simply revert back to the original OS provided on the recovery partition and re-install the patch as a work around.

Wednesday, January 09, 2013

T-Mobile Talks iPhone, No Contract Unlimited Plans And Going Subside Free

During the Consumer Electronics Show (CES) in Las Vegas, T-Mobile had a lot to talk about. The main focus was two rather interesting new offerings in the form of a new no contract unlimited plan and plans to drop subsidies. The third was plans to build on what they are saying is a 2 million iPhone user base and officially offer the Apple iPhone to customers.

T-Mobile's looking to change the mobile game. First by offering a no contract unlimited 4G data, text and voice plan for $70 a month. This is said to be a true unlimited data, as long as you don't tether your phone to a computer, you can stream all the content you want to your phone and it won't ever cost you more than $70. Note: there is no word on throttling or if it will be in place. The plan's been available since summer for customers with monthly plans; now it's for people who want the option to prepay.

"As the 'uncarrier,' we’re doing the unthinkable," said John Legere, T-Mobile USA president and CEO in a statement Tuesday. "We’re directly confronting the frustrations of American consumers fed up with the cost, complexity and congested networks of our competitors."

This new plan could save customers a bundle over other carrier deals but it won't be entirely without competition. Sprint plans to launch a similar no-contract plan for $70-a-month for unlimited voice, text and data service, called Sprint As You Go.

The second plan is a rather risky plan to entirely eliminate carrier subsidies on new phones. That means if you buy a smartphone, you’re paying full price for it. T-Mobile will allow new customers to bring their own phone, or buy a new phone and pay for it all at once or in installments. But everyone will be shepherded into what the company calls its Value Packages or essentially their monthly plans.

The third announcement, which many customers have been anticipating since December's statements, was that the iPhone will officially arrive at T-Mobile USA within three to four months, according to CEO John Legere. Legere and his comments made to Reuters.

T-Mobile has played host to millions of unlocked AT&T iPhones for the past few years and originally announced in December that it finally reached a deal with Apple to begin offering the iPhone to subscribers. At the time, the company was vague about which Apple products it would carry; the iPhone is a given, but T-Mobile may follow in AT&T, Verizon, and Sprint's footsteps by offering a cellular version of the iPad as well.

Tuesday, January 08, 2013

New Sony Patents Could Kill Used Games Market

The ability to buy and sale your used games has often come under fire. But never before has it faced the challenge it might soon see from Sony and a new patent that would seemingly block a gamers ability to re-sale their games.

According to reports at GameSpot.com Sony has submitted and application for an "Electronic Content Processing System" that would tie individual game discs to one user account. The original article cites reports posted by a NeoGAF user, detailing patent application number 20130007892 for an "Electronic Content Processing System" and "Use Apparatus" would associate individual game discs with matched user accounts.

A game playing system includes a use permission tag provided for use in a game disk for a user of a game, a disk drive, and a reproduction device for reproducing the game. The disk drive reads out a disk ID from the game disk. When the game is to be played, the reproduction device conveys the disk ID and a player ID to the use permission tag. The use permission tag stores the terms of use of the game and determines whether a combination of the disk ID and the player ID conveyed from the reproduction device fulfills the terms of use or not.

In essence games would carry a unique use tag and would need to be matched to a single console. Any use ID tied to another user's account could potentially be rejected by the online tracking system. The system works, according to the document, by attaching contactless RF "tags" to each game, which can be read without a network connection.

In the patent filing, Sony said in a content business like the games industry, it is "vital" to redistribute a portion of the proceeds from sales to developers, who do not see a dime from secondhand sales. Sony said though the secondhand market may expose new gamers to a particular title, in the long run, this does not benefit developers. Sony said this patent would effectively "suppress" the secondhand game market if it ever comes to fruition. This technology would also be applicable to other forms of electronic content, including images and music.

Sunday, January 06, 2013

Belkin WeMo Light Switch: Use Your Android Device To Control Your Lights

Home automation is hardly a new thing, in fact it has been around for years. The problem is that most of these devices are fairly expensive and generally require we wiring of your house or a sophisticated control unit. Enter Belkin and their new introduced WeMo Light Switch. The WeMo is a replacement for your standard household light switches with WiFi connectivity. The cool part -- it'll be controllable from your Android device.

"Android compatibility and the ability to control full household lighting – beyond just lamps – have been the top two requests from WeMo fans since we first launched, so we are excited to announce both at the 2013 CES," said Jamie Elgie, senior director of product management at Belkin. "Both are a natural extension of the WeMo line and help expand on our promise of delivering the peace of mind that comes from knowing you can control and monitor your home from wherever you are, whenever you want."

The WeMo Light Switch replaces any existing light switch and connects into your home's existing electrical wiring. Once in place, you can turn a full bank of lights on and off from anywhere, put them on a schedule, or use other WeMo or online triggers to control them through a smartphone or tablet. The WeMo Light Switch is controlled via the same free WeMo app as the WeMo Switch and Motion, conveniently keeping track of all of your WeMo-enabled devices from one app.

  • Controls your homes wired lights from your iOS device
  • Works with any Wi-Fi router and any Apple iPod touch, iPhone, or iPad with iOS v5 or higher
  • Will be compatible with Android 4.0 or higher shortly after launch
  • Operates over Wi-Fi and mobile internet, at home and away
  • Works with the free WeMo app
Belkin has laid the foundation to build on the WeMo product family and says they will also launch more devices with compatibility for Android devices later this year. In February, Belkin will launch an open Beta test for users of the Samsung Galaxy SIII and other leading devices and follow with an official launch for the WeMo Switch, WeMo Motion and WeMo Light Switch in the summer. To sign up for more information or alerts about WeMo, please visit www.Belkin.com/WeMo

Thursday, January 03, 2013

FTC Ends Google Antitrust Review, Outcome Expected Later Today

Update: You can read the settlement terms in their entirety here. [FTC]

The Federal Trade Commission (FTC) today announced it has closed its investigation into Google after an exhaustive 19-month review. The conclusion according to Google is clear: Google’s services are good for users and good for competition.

The Federal Trade Commission plans to announce the outcome of its of antitrust claims against Google at 1 p.m. Thursday, in a deal expected to require few meaningful changes to the business practices of the search giant.

FairSearch.org, a coalition of companies pushing for tough antitrust action against Google, said on Wednesday that the FTC should have waited for later this month, when the company is expected to formally offer concessions to resolve a parallel investigation by the European Union.

“If the FTC fails to take decisive action to end Google’s anti-competitive practices, and locks itself out of any remedies to Google’s conduct that are offered in Europe later this month, the FTC will have acted prematurely and failed in its mission of protecting America’s consumers,” said the group, which includes several online travel companies, shopping sites and Microsoft, operator of the Bing search engine.

Details on the outcome will be posted as soon as they are available so stay tuned!

Update: The settlement is in and it isn't bad, but definitely not as good as Google had hoped. 

With regards to patents, the FTC has blocked Google from using its patents (namely those it acquired from Motorola) to attack competitors. Instead of entering an intellectual property war against, say, Apple, Google will have to license out some of these patents to willing buyers—and some "standard-essential" patents that are so fundamental that they're necessary to the existence of things like smartphones and tablets, will be available to rivals for free.

The FTC came down rather hard on Google over its behavior on the web mainly as it relates to search and its rankings: although the feds say Google is allowed to put its own stuff (i.e., Google Local) above competitors, it's barred from scraping the content of rivals to beef up its own services. What does that mean? Google can't rip Yelp reviews and pass them off as their own when you search for a new restaurant to check out. Rival companies can opt out of being scraped by Google, and Google can't threaten to demote their search results—an action FTC Chairman Jon Leibowitz says amounted to "extortion."

Tizen Operating System Coming To Samsung Phones

Rumors have been swirling the web that Samsung will soon adopt a new smartphone operating system, leaving Android behind. Today we have a little more clarification and it looks like those rumors might partially be true!

Reports that Samsung plans to launch Tizen phones in 2013 from earlier this week have now been confirmed by Bloomberg Businessweek, and Samsung has said that it plans to launch multiple Tizen phones this year.

“We plan to release new, competitive Tizen devices within this year and will keep expanding the lineup depending on market conditions,” Suwon, South Korea-based Samsung said in an e- mailed statement today. The company didn’t elaborate on model specifications, prices or timeframe for their debut.

This doesn't mean that Samsung will be leaving Android behind, rather it means in some markets users will have access to another option when it comes to their OS. Much like Samsung's little know Bada-powered smartphones these devices will be released regionally in very select markets. Samsung will likely consider extending Tizen’s reach if these phones find success in Eastern markets, though it remains to be seen whether or not this is a long-term play with global reach.

Why a new OS you ask? Apparently Samsung isn't happy that Google acquired Motorola and they see it as a potential threat to their place as the number one smartphone maker in the world.

“The Tizen was born as Samsung hoped to lighten its growing dependence on Google on concerns that its top position in the smartphone market may weaken following the Google- Motorola tie-up,” Byun Han Joon, an analyst at KB Investment & Securities in Seoul, said by phone today. “Intel always wanted to boost its presence in the mobile CPU market.”

It may also be that Samsung isn't fully convinced they can fight off the growing number of lawsuits being pushed by rival Apple.

Tuesday, January 01, 2013

Thieves Steal Millions In Apple Goods On NYE

According to reports armed robbers stormed into a Paris Apple store and stole more than a million dollars worth of Apple goods on New Years Eve. The Guardian reported that up to 1 million Euros ($1.3 million) in goods were stolen at the store selling products such as Apple's iPhones and iPads behind the Paris Opera house.

The masked gunmen used the fact that police were deployed around the famed Champs-Elysees Avenue area where revelers traditionally gather on New Year's Eve to storm into the store around 9 p.m. Monday, 3 hours after closing. Christophe Crépin from the police union Unsa told reporters four masked and armed individuals forced their way into the shop and afterwards escaped in a van.

"They were well prepared. As the majority of police were busy watching the Champs Elysées [because of the New Year's Eve celebrations], the robbers took advantage of this opportunity," he said.