Tuesday, March 31, 2009

Hackers Poison Conficker Detection, Removal Tools; Finding Real Ones

Hackers have already jumped on the earlier good news about Conficker detectors for networked PCs, and have poisoned search engine results to point to malware rather than the detection tools themselves.

Trend Micro has a post about the issue, pointing to several search engine results for Nmap, one of the tools I highlighted earlier (and free, open source) which are poisoned.

The key: go directly to the domain of the sites, such as Qualys, Nmap, or any other tool you are looking for.

At the same time, F-Secure has a post on poisoned removal tools.

It makes sense that hackers would take these steps; stories like the 60 Minutes report on Sunday have some in a frenzy. If you are looking for a removal tool, go directly to a reputable vendor's site. Many of them have released free tools for consumers to use, even if you haven’t purchased their own software.

Examples:
There is also the Conficker Working Group’s list of tools, but that site seems inundated right now.

To be honest, many of these sites are quite busy right now, and if your PC is compromised, you may not be able to reach a site, because Conficker blocks access to a number of security-related websites.

You may have to use the IP address of the website, or use a different PC to download a tool.

Oh, and of course, patch the hole that Microsoft patched last October!

All you have to do is use Windows Update, or use the individually downloaded patches from the bulletin page that Microsoft has created.



Carrier Pigeons Used to Smuggle Cell Phones Into Prison

Prisoners desperate for cell phones have devised a new method to smuggle them into prison: carrier pigeons.

Consider it a modern-day Birdman of Alcatraz, with a twist. Someone had to train the pigeons. Carrier pigeons fly between two points, after all.

Inmates at the Danilio Pinheiro prison near the southeastern city of Sorocaba in Brazil have apparently been enterprising in terms of avian activities.

Two carrier pigeons, one each on successive days, were caught at the prison. Each was carrying a cell phone and a charger.

A spokesman for the state penitentiary system said:
"Penitentiary agents found the pigeons outside the Danilo Pinheiro prison but, fortunately, the birds did not have time to enter the prison building with the material."
Since the pigeons return to their "home," the birds were apparently bred and raised inside the prison, smuggled out, outfitted with the cell phone parts and then released to fly back.

In the past, smuggling of this nature would involve visitor accomplices or even guards; this is a new and somewhat clever scheme. Though flighty.



Microsoft's "Laptop Hunter" Redhead Outed as Actress; You're Surprised?

Microsoft's latest ad campaign emphasizes, as I said, the so-called "Apple Tax." Called "Laptop Hunters," it's supposed to use "real people," according to Microsoft. Thing is, in the L.A. area, "real people" often translates into actors and actresses.

Thus, we have the case of "Lauren," the first person featured in the new "Laptop Hunters" series. Besides being outed as an actress named Lauren DeLong with a fairly extensive acting career (not so much on IMDB's site as her own).

Here's how her site talks about the Microsoft spot:
"In the beginning of March, Lauren DeLong booked what she thought was a "Market and Research" job regarding laptops. But that's not all she booked...actually Lauren found out they were shooting a national commercial! Tears, laughter and excitement greeted this new development."
Seriously, it is possible that a) this could be her big break, b) she really didn't know that it was a commercial at first, c) Microsoft didn't do enough research on her.

My take on the criticisms:
  • Did you really think she wasn't an actress?
  • Of course she went to the Apple Store first; what kind of ad (or story) would it be if she went to the "happy ending" first?
  • Granted, she may not have bought an optimal laptop, but I know I can find a laptop for under $1,000 with wireless-N, a dual-core Intel CPU, as well as fixing all the other complaints of critics without much difficulty; I've done it recently for a friend.
No matter what, this is the first successful Microsoft ad in some time, meaning an ad that's actually generated buzz, both positive and negative. While people can argue about Lauren being an actress and the HP Pavilion she selected being lame, the truth of the matter is, there is a big difference in pricing between Macs and PCs.

Watch Lauren's ad:



Conficker Scanners Developed for Detection of Infected Network PCs

Both the Department of Homeland Security (DHS) and the non-profit Honeynet Project have developed methods for determining which PCs on a network are infected by Conficker, which makes the work of scanning a system of networked PCs a lot quicker and easier.

The DHS announced that the department's United States Computer Emergency Readiness Team (US-CERT) created the tool, which has been available to federal and state partners via the Government Forum of Incident Response and Security Teams (GFIRST) Portal, and to private sector partners through the IT and Communications sector Information Sharing and Analysis Centers (ISACs). It plans to expand distribution to more partners in the coming days.

Except, DHS, that you only have until April 1st before Conficker tries to "phone home" for more instructions.

Meanwhile, while DHS didn't go into details on how they detect Conficker, Dan Kaminsky, who worked with the Honeynet Project in their research, said the following about its detection methodology (or rather, the flaw in Conficker that allows them to find it):
What we've found is pretty cool: Conficker actually changes what Windows looks like on the network, and this change can be detected remotely, anonymously, and very, very quickly. You can literally ask a server if it's infected with Conficker, and it will tell you.
As most malware does, once it infects a PC, the Conficker worm closes the security hole in Windows that it used to get onto the system so no other malware can get in. While this makes it difficult to detect which computers have the official Microsoft patch and which have the fake Conficker patch, Conficker's patch exhibits differences, and that's what the researchers exploit.

Some security software has already incorporated the Honeynet Project's research, including the free and open source Nmap, Qualys, and Tenable.

One question though: if a new version is downloaded to already infected systems that aren't scanned and detected by these measures, will it fix the flaw in the code, thus enabiling Conficker to "hide" more effectively? Ouch.



Encarta to Fold; Wikipedia Cheers

A post on Microsoft's Encarta website notes that the Encarta website, as well as the software products bearing the Encarta name, are being discontinued.

The posting was first noticed by Ars Technica. Microsoft said said it will discontinue its online Encarta products by October 31, except for Encarta Japan, which will run through the end of 2009. Additionally, Microsoft will no longer sell Microsoft Student and Encarta Premium software after June of this year.

Here's what Microsoft said:
Encarta has been a popular product around the world for many years. However, the category of traditional encyclopedias and reference material has changed. People today seek and consume information in considerably different ways than in years past. As part of Microsoft’s goal to deliver the most effective and engaging resources for today’s consumer, it has made the decision to exit the Encarta business.
According to Wikipedia, which naturally has already been updated to reflect the above announcement, Encarta has been around since 1993:
Microsoft initiated Encarta by purchasing non-exclusive rights to the Funk & Wagnalls Encyclopedia, incorporating it into its first edition in 1993. In the late 1990s, Microsoft bought Collier's Encyclopedia and New Merit Scholar's Encyclopedia from Macmillan and incorporated them into Encarta. Thus the current Microsoft Encarta can be considered the successor of the Funk and Wagnalls, Collier, and New Merit Scholar encyclopedias. None of these formerly successful encyclopedias are still in print, being unable to adapt to the new market dynamics of electronic encyclopedias.
Well, it looks like Wikipedia can soon add that Encarta was not able to adapt, or at least compete with ... Wikipedia.



Google, Partners Launch Free, Legal China Music Download Service

On Monday, Google and the major music labels (Warner Music Group, Sony BMG, EMI and Universal Music), as well as 14 independent labels launched a free, ad-supported music download service in China, hoping to monetize music downloads in an area of the world best known for piracy.

I know, I know, that word legal is hard to envision with the country involved.

One reason for the offering is that Google attributes the market share lead that Baidu.com has in China (2 - 1) at least partly to lacking a music download offering.

Users can find unlicensed copies of music offered for download on third-party Web sites via Baidu. Google doesn’t offer such a service.

Lee Kai-Fu, president of Google in greater China, said:
"We are offering free, high quality and legal downloads. We were missing one piece ... we didn't have music."
Google's service is to be run by Top100.cn, a 3 1/2-year-old Chinese Web site partially owned by Google. The site will sell ads on its download page and split revenues with the music labels.

Lachie Rutherford, president of Warner Music Asia and regional head of the global recording industry group, the International Federation of Phonographic Industries (IFPI) said:
"This is the first really serious attempt to start monetizing online music in China."
Google will limit the service to those with China-based IP addresses. Proxy server, anyone?


Monday, March 30, 2009

Skype for iPhone, BlackBerry Becomes Official


Following up on a recent rumor, Skype has made it official: Skype for the iPhone will be making its first appearance in the App Store on Tuesday, and to RIM's BlackBerry device in May. The official announcement will be Tuesday at CTIA.

Of course, we'll see if the Skype app shows up in the App Store on Tuesday: other highly-publicized App Store launches have been delayed by the App Store approval process. I'm hoping a company has finally learned to get it pre-approved and then launched.

The company has already released Skype for phones based on Android, Google Inc's mobile system, and Windows Mobile, as well as for Nokia Internet tablets.

The Skype app will be free to download and will require the user be on a wi-fi network; it will also be usable on the iPod Touch.

Calls will be free to other Skype users; calls to others will cost, but at a reduced rate compared to many other avenues of service.

Carriers have looked askance at VOIP solutions, as they have the possibility of reducing revenue in their cellular portfolio. Still, CCS Insight analyst Ben Wood said:

"The only area where I think there are some question mark is that it could erode roaming revenues. The carriers will be suspicious of this service but what we've learned from other markets is that (Skype) did not have the detrimental effect feared."
Translation: the carriers didn't lose the revenue they expected to.



Dell Debuts New Fashion-Conscious Inspiron Desktops, in China

Dell on Monday announced a new line of fashion-consious Inspiron slim- and mini-towers. Much like Dell's recent announcement of the Studio 19 all-in-one PC, these new Inspirons debut outside the U.S., this time in China.

The new slim and mini-towers are (what else) colorful, as are many of the new laptops and PCs unveiled of late, and not just by Dell. The color scheme includes Piano Black, Pure White, True Blue, Formula Red, Tangerine Orange, Spring Green, Plum Purple and Promise Pink, with $5 per Promise Pink system sale donated to the Susan G. Komen foundation (see above for mini-towers, click for slim tower).

I have to admit, lately it seems like manufacturers seem most interested in separating themselves from the competition in terms of colors and design, and less in terms of technology. Two taglines from their emailed press release (emphasis mine):
  • People Have Complete Control of Power, Color and Size
  • Fresh ID and vibrant colors express personal style and complement any environment
Here are the specs as announced by Dell today:
  • Intel® Celeron®, Intel Core(tm) 2 Duo and Intel Core 2 Quad options or AMD Sempron(tm), Athlon(tm) X2 and Phenom(tm) X4 processor options
  • Integrated Intel or ATI Radeon(tm) graphics on select systems with discrete graphics options available
  • Up to 8GB memory on select systems
  • Up to 750GB storage (slim tower) or up to 1TB storage (mini-tower)
  • Optional 19-in-1 media card reader and optional HDMI connectivity
  • 6 USB ports (2 front, 4 back)
  • Dual optical options (mini-tower only) including Blu-ray Disc(tm) drive
  • Small form factor with its versatile horizontal or vertical placement is designed to easily fit into your home media center (slim tower only)
As I said, the systems debut in China today, and worldwide later.
Inspiron slim and mini-tower desktops debut today in China and are available for purchase through Dell.com, distributor Digital China or retailers Suning and Gome. Starting at $299, the systems will be available worldwide later this spring.
It's becoming a trend, and perhaps indicative of how OEMs feel about the sentiment of U.S. consumers in these recessionary times. In other words, don't buy today what you can put off until tomorrow.



Western Digital Buys SiliconSystems, Enters SSD Market

On Monday, number 2 overall hard drive manufacturer Western Digital announced it had purchased SiliconSystems for $65 million in cash, thus entering the solid-state drive (SSD) market via acquisition.

Just last November, WD was still cautious on SSDs (to say the least) saying:
"Western Digital enters markets that exist, announces products when they are available, and runs a tight model with opportunities greater than resources such that we take a controlled, methodical, sequential, incremental approach to product portfolio expansion."
In other words, at the time WD didn't feel there was a market for SSDs, or perhaps a large enough one.

However, SiliconSystems delivers SSDs for the embedded systems market. In terms of consumer products, the Q&A delivered with the press release says this:
a) Today’s acquisition strengthens and accelerates our ability to get to market with additional SSD products. We announce new products when they begin shipping.

b) WD implements new products and technologies that are meaningful to customers and at a time when the company can maximize the critical balance of cost, reliability, quality and availability, while meeting our customers’ needs.
Here's what John Coyne, president and CEO of WD, says in the press release:
"We are delighted to have the SiliconSystems team join WD. The combination will be modestly accretive to revenue and margins as a result of SiliconSystems' existing position as a trusted supplier to the well-established $400 million market for embedded solid-state drives. SiliconSystems' intellectual property and technical expertise will significantly accelerate WD's solid-state drive development programs for the netbook, client and enterprise markets, providing greater choice for our customers to satisfy all their storage requirements."
In other words, both blurbs seem to indicate WD decided they were behind, wanted to accelerate development of consumer products, and aren't ready to say when they will deliver just yet. Expect it to be relatively soon, though.

Now, Seagate, about your own SSDs?



60 Minutes: "The Internet is Infected"

60 Minutes is a great show, for the most part (and let's not forget it has Andy Rooney!), but a report Sunday night on the Conficker worm titled "The Internet is Infected" is probably the definition of hyperbole.

The report, a full transcript of which is here, and a video below, was designed to alarm, and I'm sure it did. The title alone is alarming, but what it doesn't address, and what the report fails to mention is the following:
  • Conficker only affects Windows PCs
  • It exploits a vulnerability in Windows that Microsoft patched in October (in an emergency patch, no less). If you have patched your PC, you are safe.
  • If you are running a current, up-to-date antivirus (AV) software, you will be safe, for the most part.
  • If you aren't running running an antivirus application, or are running one that's expired, there are standalone programs by reputable vendors such as McAfee that will remove Conficker.
Conficker.B was detected in February and added the ability to spread through network shares and via removable storage devices, like USB flash drives.

Conficker.C, which surfaced earlier this month, is set to receive instructions, download an updated copy of itself, or other malware on April 1st; security vendors aren't sure just what.

I have to admit, there was useful information for those (like my mother-in-law) who simply don't understand the threats that are out there and the need for effective antivirus software (at least for Windows PCs, more on that later).

In fact, Lesley Stahl spoke to Steve Trilling, a Symantec vice president. He said (and it's true) that too few people have up-to-date security software:
"As soon as you clicked on that link and you had security software, you would immediately get an alert. 'This is a bad Web site.' And it would have blocked the attack. You would have never been hit. Putting on that software, you’re preventing yourself from becoming a victim."
On the other hand, the report later told the story of Mary Rappaport, who apparently had AV software and a firewall, and yet had her system compromised to the point that they were able to get into her bank account, even after she changed the password.

A key logger perhaps? If so, how was she infected with up-to-date AV software?

Well, that's the problem with AV software and why I earlier said "for the most part" in terms of AV protection: it relies on virus signatures and if something new comes on the scene, it may not be able to detect it. That's why an AV program with strong heuristics to detect previously unseen malware. The downside: a potential for false positives.

Some people (like me) run multiple layers of protection, including anti-trojan software in addition to antivirus software.

As I previously said, this is a Windows only problem, and many Mac users tend to crow about it. The reason the Mac is, heretofore, invulnerable is that there are simply many more Windows users than Mac users. When trying to target a group of people, you go after the biggest group.

But with the recent upsurge in Mac adoption, that may be changing. Mac users need to be a little less cocky than they currently are. While Macs aren't currently a large target of hackers, they are not inherently safe: witness the fact that a researcher hacked into a Mac in 10 seconds during a contest at a recent convention.

Watch the 60 minutes report:



Action-Based Video Games Improve Eyesight: Study

A study (.PDF) released in the journal Nature Neuroscience on Sunday asserts that "action video games," such as Call of Duty, Crysis, Grand Theft Auto, may improve contrast sensitivity, an aspect of vision normally corrected by eyeglasses or surgery. As the study says:
Contrast sensitivity, the ability to detect small increments in shades of gray on a uniform background, is one of the main limiting factors in a wide variety of visual tasks. Unfortunately, it is one of the aspects of vision that is most easily compromised.

The contrast sensitivity function (CSF) is routinely assessed in clinical evaluation of vision and is the primary limiting factor in how well one sees. CSF improvements are typically brought about by correction of the optics of the eye with eyeglasses,
contact lenses or surgery. We found that the very act of action video game playing also enhanced contrast sensitivity, providing a complementary route to eyesight improvement.
The study divided 22 non-action game players into two groups, one of which played Call of Duty 2 and Unreal Tournament 2004 (sue 'em, they didn't use current games) while the other played The Sims 2 (which I hope you would agree doesn't fit into the "action game" category).

Researchers considered The Sims 2 to be the "control game," saying:
the control game was chosen to be visually complex and engaging, but it differed by having a slower pace and by not requiring precise, visually guided aiming actions
The two groups played 50 hours of their assigned games over the course of nine weeks. At the end of the training, the action game players showed an improvement of 43 - 58% while the Sims 2 players showed no improvement.

The study's lead researcher, Daphne Bavelier, PhD, said the following in a statement:
"When people play action games, they're changing the brain's pathway responsible for visual processing. These games push the human visual system to the limits and the brain adapts to it."
Furthermore, the study noted that the gains in acuity were long-lasting, stating:
The positive effect remained months and even years after training, indicating long-lasting gains.
Hand me my GTA IV game; I've been thinking I may need a new prescription for my eyeglasses.



Sunday, March 29, 2009

iPhone OS 3.0 to Give Safari a 3x Javascript Speed Boost

In terms of speeding things up, Javascript has been the focus of the latest PC browser releases (beta or not). Most of the latest releases have bragged about how much the speed of Javascript has been increased, whether it's TraceMonkey (Mozilla), Nitro (Safari) or V8 (Chrome). And testing of the beta version shows that iPhone OS 3.0 will show a definite speed increase.

Ars' testing of 3.0 beta shows an increase of between 3x and 16x depending on the benchmark. We'd guess that the Nitro improvements that went into Safari 4.0 beta are being leveraged, as much as possible, in Mobile Safari.

In fact, according to Daring Fireball, running a simple test indicates that the new iPhone OS' browser is most likely running Nitro. According to Apple, Nitro should improve not just Javascript, but HTML loading as well. So expect faster browser performance on iPhone OS 3.0, new iPhone or not (heavy sigh).



Blizzard Creates iPhone WoW Mobile Authenticator App

Much like its earlier WoW authenticator (which seems to have disappeared from the store, BTW), Blizzard has released an iPhone app that you can use as an additional layer of security when logging into your Battle.net account, and World of Warcraft as well, if you use your Battle.net account to login to WoW.

The older HW authenticator cost $6.50; the new iPhone app is free. Here's how the FAQ describes how the authentication code works:
What is an Authenticator code and where do I see it?

The Authenticator code is an eight-digit numeric code that is produced when you select "View Code" in your Battle.net Mobile application. Each code is unique and is valid only once.

Can I add a Battle.net Mobile Authenticator to a Battle.net account before merging a World of Warcraft account? You must first merge a World of Warcraft account into a Battle.net account before options to add a Battle.net Mobile Authenticator will appear in Battle.net Account Management.
As you might assume from the second paragraph above, you have to add mobile authentication to your Battle.net account through the Account Management function.

Yes, it can be used on an iPod Touch (naturally). The web page has a link to a download page which, besides the iPhone, has a link for Korean carriers, but nothing for U.S. or E.U. carriers, yet.

The fact that they have Korean carriers before U.S. and E.U. carriers just re-emphasizes the frenzy for Blizzard products over there.



Twitter, OnStar About to Become BFF?

OnStar is General Motor's security and safety system which, if you've heard the radio ads, can do everything from get your doors unlocked if you lock your keys in the car to automatically letting OnStar reps know if you are in an accident, even if you are unconscious. According to information leaked in a survey to GearLive, you may soon find Twitter integration on your OnStar unit.

Wait, wait, isn't this precisely the sort of distraction that California was trying to outlaw with its anti-SMS while driving law? Yes, and no.

Twitter use while driving using your cell phone is definitely out. But the way this is planned would use voice-to-text conversion.
“While in your vehicle, you can use OnStar to submit and retrieve tweets (messages) via your Twitter account. Using OnStar’s Voice-Activated Hands-Free Calling system, and having your voice converted into text, you can provide updates which would appear in the 'What are you doing?' section of your Twitter homepage. It is also possible to listen to a tweet that was sent to you by someone else after it has been converted into voice. You can send and receive tweets without having to type or read anything.”
You can receive tweets as well? Well, you can see if you "follow" enough people you probably won't need the radio as entertainment.

On the other hand, and I keep saying this: do we really need more distraction in the car? Aren't we supposed to be paying attention to driving?

There's no information on when this might come to fruition, but for those of us who want to be able to drive without fearing distracted drivers weaving around the road (and I still see plenty of people using cellphones sans headsets despite the California law), I hope when = never.

Yeah, yeah, I know this won't earn me any points with Twitter fans.



Saturday, March 28, 2009

GhostNet: Huge Chinese Spy System Infects Computers Worldwide

Canadian researchers have uncovered a huge Chinese spying operation which has infiltrated computers in hundreds of government and private offices around the world, including those of the Dalai Lama.

In fact, according to a report in the New York Times, the search for answers began when the researchers, who are based at the Munk Center for International Studies at the University of Toronto, had been asked by the office of the Dalai Lama to examine its computers for signs of malware.

The investigation eventually determined a widespread GhostNet, which according to the researchers, has infiltrated approximately 1,300 computers in government offices, foreign ministries, etc., as well as the offices belonging the Daiai Lama, in 103 countries. Most of these infiltrations appear to be in Southeast Asia.

The report, titled "Tracking GhostNet: Investigating a Cyber Espionage Network" is due to be released this weekend.

Besides what you might expect such a program to do, snooping and extracting data, perhaps including emails and documents, the researchers said that GhostNet can turn on any cameras or microsphones attached to an infected PC, turning into a bug. However, the researchers were unsure if this feature has been used.

As I said, the computers involved in this operation are, for the most part, in China, but the researchers were quick to point out that there is no solid evidence that the government of China itself is involved.

Ronald J. Deibert, a member of the research group and an associate professor of political science at Munk told the NYT:
“We’re a bit more careful about it, knowing the nuance of what happens in the subterranean realms. This could well be the C.I.A. or the Russians. It’s a murky realm that we’re lifting the lid on.”
Meanwhile, two researchers at Cambridge University in Britain, Shishir Nagaraja and Ross Anderson, who also worked on the part of the investigation related to the Tibetans released their own report (.PDF), "The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement," in which they indeed blame China for the attacks.
While malware attacks are not new, two aspects of this case make it worth serious study. First, it was a targeted surveillance attack designed to collect actionable intelligence for use by the police and security services of a repressive state, with potentially fatal consequences for those exposed. Second, the modus operandi combined social phishing with high-grade malware. This combination of well-written malware with well-designed email lures, which we call social malware, is devastatingly e ffective.
Further, the researchers in the second report feel the tactics used by China may, in the future, be used by other, non-governmental groups.
Thus social malware is unlikely to remain a tool of governments. Certainly organisations of interest to governments should take proper precautions now, but other fi rms had better start to think about what it will mean for them when social malware attacks become widespread. What Chinese spooks did in 2008, Russian crooks will do in 2010, and even low-budget criminals from less developed countries will follow in due course.


Palm Issues C&D Over TealPoint's Pre-like App

I guess I (and TealPoint Software) should have seen this coming. Palm has sent TealPoint a "Cease-and-Desist" warning over their TealOS app, which adds the Palm Web OS "look and feel" to Palm OS devices.

TealPoint confirmed this on their TealTalk forums:
Hi folks.

I'm sorry to say that at Palm's request, as of this upcoming Monday, March 30, we will no longer be selling or distributing TealOS.

We really appreciate the help and unprecedented enthusiasm so many of you have shown for this product. It's been a long time since we experienced this kind of customer cooperation, and the program's success came at a badly needed time. We wish we could continue contributing to this great community.

For those of you who have already purchased the product, your copies will continue to function, of course, but we encourage you to download the latest beta copies to insure you have a stable version you are happy with and back it up to a safe place, as you'll no longer be able to download it after Monday.

We'll continue through the weekend to try to get as many bug fixes and requested improvements in as we can before then.

Thanks,

-tex
If you check the comments on that forum post, you'll see most are not happy (OK, all are not happy) and some want to start a petition.

Not that it would do much good. Not only is the Palm Web OS going to make Palm devices iPhone-ish, the company is apparently becoming Apple-ish in terms of legal issues.

Seriously, though, it's hard to see how TealOS hurt Palm, but I know that Palm is treating this new device with Apple-level security, so I can see why they might do this.

Anyway, you have until Monday, so if you want it, buy it now. Not sure if you want to? Watch this video of TealOS in action.



Apple Uses Jailbroken iPhone in Patent Application

You'll remember that Apple has previously called jailbreaking iPhones illegal. Yet a recent patent application submitted by Apple uses images of a jailbroken iPhone to make their case.

The attorneys at Kramer, Levin Naftalis & Frankel LLP, who submitted the application in Apple's behalf are probably red-faced; I wonder if Steve Jobs has called them to the mat for this yet.

You can see the image above has an icon for Installer.app, SMBPrefs and the iWood Realize theme, all stuff you need a jailbroken iPhone to run.

At any rate, the less "exciting" portion, and what should have been more exciting of this story centers around biometric security that would be embedded in Apple devices. Examples include installation of a hidden sensor behind the screen that would recognize a user's fingerprint when touched, or a front-facing camera for retinal or facial recognition.

While the patent application itself doesn't necessarily mean the technology will ever reach the hands of consumers, the image probably means someone is in trouble.



Skype Coming to the iPhone: Report

Skype, the Internet calling service owned by eBay (and underutilized by the auction giant), is expected to announce an iPhone app at next week's CTIA tradeshow in Las Vegas, according to GigaOM.

I've written before about TruPhone, the iPhone app which added Skype support in early January, but an official Skype app would definitely be popular.

Skype already has a version for Windows Mobile, and even for the PSP, but not for the iPhone, yet. The Windows Mobile version has been popular, and I'm sure Apple would love to take something that seems like an advantage for WinMo away from Redmond.

At any rate, CTIA is next week, so we'll know then. Expect tons of other mobile news, as well.



Microsoft's Latest Ad Emphasizes the "Apple Tax"

Microsoft has made quite an issue of the "Apple Tax," the premium that Apple buyers pay, and that Microsoft's Steve Ballmer says "buys you a logo." On Thursday, Microsoft unveiled their latest series of ads, called "Laptop Hunters," which will follow real people as they hunt for a new laptop.

In the first ad, they introduce us to a woman we know only as "Lauren" who has set a limit herself on her laptop purchase of $1,000. Microsoft gives her $1,000 and tells her she can keep anything left after the purchase. Her desired specs: a laptop that has "speed," a comfortable keyboard and a 17” screen.

A laptop is a good choice for several reasons: laptops are rapidly becoming the computer of choice over desktops, and also, did I mention, there's only one MacBook priced below $1,000: the old white MacBook that has been superceded by Apple's new unibody aluminum models. Oh, and take sales tax into account, and you've just exceeded your budget.

Meanwhile, even without taking netbooks into account, you can find plenty of Windows laptops priced below $1,000.

It's not like Lauren doesn't try. She goes to an Apple Store and finds out what I already told you: only one MacBook under $1,000, and forget about a 17" screen.
"I would have to double my budget, which isn't feasible. I'm just not cool enough to be a Mac person."
Interesting that she uses the term "cool." It's really not about cool, although people with iPhones like to think they are cool, but rather about price.

Cue Best Buy, where she finds plenty of laptops under $1,000. Eventually she settles on an HP Pavilion dv7-1245dx. It comes with an AMD Turion X2 RM-72 processor, 4GB of RAM, a 320GB hard drive, ATI Radeon HD 3200 integrated graphics, a DVD burner, and a 17" WXGA+ (1,440 x 900) screen.

Microsoft made its point, Windows PCs are cheaper than Macs. But Apple's never been about being the price leader. For example, remember what COO Tim Cook said during Apple's Fiscal Q1 2009 conference call:
Our objective is not to be the unit share leader in the cell phone industry. It's to build the world's best phones.
That applies to computers and any other products as well. But in this recession, price has to be more of an issue with buyers, and that's Apple's weak spot.



Friday, March 27, 2009

Today Only: Refurbished Blackberry Bolds for Free

Act fast if you want 'em. Online and for today only, you can get a refurbished Blackberry Bold for free.

Yes, you have to sign up for a two-year AT&T contract. And you'll have to sign up for a data plan. And it's only good for a new line or new account, not for an phone upgrade. Enough caveats for you?

Still, if you were looking to buy a Blackberry, and the above doesn't bother you, this could be a great deal. But you'd better hurry.



Apple Stores Now Offering No-Contract iPhones

Apple is joining AT&T in trying to rid itself of iPhone 3G inventory. Starting on Thursday, Apple Stores began selling iPhone 3Gs with no contract for the same $599 (8GB) / $699 (16GB) price as AT&T.

Activation is completed by the customer at home through iTunes. Of course, the phone is still locked to the AT&T network, although there are ways around that, though ways that involve jailbreaking and thus voiding your warranty.

Would I buy one of these? Nah. I'd wait a few months to see the upcoming new iPhone announcement. If I really wanted to buy the current version of the iPhone 3G, I would wait until prices drop (and not just refurbished prices).

I would expect after the new iPhone is announced that the old iPhone 3G price will be slashed. Heck, I've even offered my iPhone 3G to a friend (if I get a new one) for $50.



NVIDIA Countersues Intel, Claims Breach of Contract

In February, Intel filed suit against NVIDIA,alleging that the 2004 cross-licensing agreement the companies signed ''does not extend to Intel's future generation CPUs with 'integrated' memory controllers, such as Nehalem." NVIDIA fired back then with a press release, and now with a lawsuit.

On Thursday NVIDIA countersued Intel for breach of contract, additionally seeking to terminate Intel's license to NVIDIA's own patent portfolio.

In a press release about the countersuit, Jen-Hsun Huang, president and CEO of NVIDIA said:
"NVIDIA did not initiate this legal dispute. But we must defend ourselves and the rights we negotiated for when we provided Intel access to our valuable patents. Intel's actions are intended to block us from making use of the very license rights that they agreed to provide."
The countersuit states that the licensing dispute is part of a "calculated strategy to eliminate NVIDIA as a competitive threat," and says NVIDIA is fully licensed to continue making products that interact with Intel processors.

Intel spokesman Chuck Mulloy said:

"There is a substantial disagreement between Intel and Nvidia about their licensing rights under the agreement. We've been trying multiple times, multiple ways to find a way to settle the argument. The suit simply asks the court to interpret the agreement."

Expect this "spat" to go on for some time.



The Pirate Bay to Launch €5 / Month "Log-less" VPN Service

For those file-sharers and downloaders fearing the wrath of the RIAA and MPAA, some welcome news. The Pirate Bay, which bills itself as the "world's largest BitTorrent tracker," is about the unveil a €5 / month VPN Service called IPREDator.

IPREDator takes its name in response to the Swedish Intellectual Property Rights Enforcement Directive or IPRED. IPRED is set to go into effect on April 1 (no foolin'!) and will allow copyright holders to request the information of suspected file sharers.

A virtual private network or VPN service allows a user to be anonymous by "tunneling" data through the servers of a VPN provider. The user's actual IP address is hidden, while the VPN provder's IP address is exposed.

Of course, if the VPN provider keeps logs, IPRED means copyright holders can request the actual IP address of the user. But IPREDator gets around that. The site promises to never store any data or keep any logs at all. Copyright holders can request all they want, but they won't get anything, because there's nothing to be had.

IPREDator is currently in closed beta, but you can sign up for an invite when it opens up.



WWDC 2009 to Run June 8 - 12

Apple has announced the dates for this year's World Wide Developer Conference (WWDC). The event will run from June 8 - 12, at (where else?) San Francisco's Moscone Center.

Many expect a new iPhone (or maybe more than one) to be unveiled at WWDC. However, Apple CEO Steve Jobs is supposed to be on medical leave until the end of June, and he'd miss a very big announcement, unless he is planning to come back early.

Other expected announcements or unveilings at WWDC include iPhone OS 3.0 and Snow Leopard, the next version of Mac OS, expected to release in a few months.

Tickets to last year's WWDC sold out, for the first time in its history. With iPhone OS 3.0 and a new iPhone planned, I'd expect this one to sell out as well.



iTunes Tiered Pricing to Start April 7th: Report

At Macworld, Apple announced that tiered pricing was coming to iTunes, but didn't announce exactly when, although they did say "April." The LA Times has reported that, although Apple has not publicly announced the date, the company has been telling the music industry 4/7.

Since the launch of iTunes, Apple has been adamant about sticking to a $0.99 per track pricing model. However, at Macworld, Apple indicated there would be $0.69, $0.99, and $1.29 pricing tiers upcoming.

While iTunes pricing has become more complex, Apple is removing the DRM from the tracks, which people have requested for some time.

Still, critics say this is the wrong time to adjust iTunes prices, during a recession larger than any in recent memory.

Former EMI Music executive Ted Cohen, who is managing partner of digital media consulting firm TAG Strategic, said:
"This will be a PR nightmare. It is for the music industry what the AIG bonuses are for the insurance industry."
I actually don't get why Cohen made that statement is so hyperbolic or why he feels we are on the verge of an iTunes meltdown. On the other hand, in terms of combating music piracy, this statement by Jim Guerinot, who manages such bands as Nine Inch Nails, No Doubt and Offspring, makes sense:
"Wouldn't it make sense to try to price it cheaper instead of squeezing the handful of people who are still willing to pay for music?"
I'm sure it's more than a handful, as many people have no idea how to use BitTorrent. He does have a point in that I'd sure rather pay $0.99 than $1.29 per track, particularly in these penny-pinching times. However, I'd also rather have DRM-free music, and I think that "add" will offset, at least some, the increased cost.

Guess we'll find out April 7th when this goes live.



Thursday, March 26, 2009

Windows Mobile Marketplace to Charge Devs $99 for App Updates

Microsoft's Windows Mobile Marketplace, a sort of WinMo version of the App Store, is expected to arrive in Q4 along with WM 6.5. But Microsoft has already committed a faux pas, although they have plenty of time to fix it: they plan to charge developers $99 each time they update an application.

Microsoft announced plans for its Windows Mobile Marketplace application store earlier this month. It said it planned to charge developers $99 annually as well as a $99 fee per submission. However, a recent Tweet on the Marketplace Twitter stream announced a promotion that allows developers who register this year to submit up to five applications free.
Marketplace info: through the end of 2009, initial registrants will get 5 free app submissions. Upgrades/updates are new app submissions
It's that last sentence that is unnerving. Updates are considered new submissions. This means that sans the promotion, updating an app, no matter how minor, would cost $99. It also means that during the promotion period, each update of an app essentially uses up one of the 5 freebies.

The App Store and Android Market do not charge for updates.

C|Net confirmed the policy. They were also told by Microsoft that there is a 7-day window during which a developer can submit an update without charge. Whoopee!

Sorry, this is a really bad idea, if only because the "prevailing market" (Android and the App Store) don't do it. It will already be hard enough to attract developers away from the "hot" platforms: iPhone, Android, and the Palm Pre without saddling them with this expense.

You've got several months to fix this, Microsoft. Don't blow it.



Microsoft Web Page Goof Reveals Windows 7 RC in May

A minor (?) oops on Microsoft's end has revealed the (current) date of the Release Candidate (RC) for Windows 7. A Technet web page indicates the RC build will be coming in May, not April as was previously rumored.

The RC build will expire June 1, 2010, and the testing program will be available through at least June 2009.

Here's the text from the site in case it gets pulled. I also created a .PDF of the page and posted it here.
Windows 7 Release Candidate
Published: May 2009

Download instructions

Welcome to Windows 7 Release Candidate (RC) testing. We’re on our way to Windows 7, and the RC is a great opportunity for IT professionals like you to take Windows 7 and begin testing it in your real environment. You get to see what’s coming, and we get to see if our changes and fixes from the Beta testing are working correctly. We want to encourage you to install and actively test the RC code. This will help us ensure Windows 7 is the best possible release, and help you get ready for Windows 7 deployment.

Here’s what you need to know:

This is pre-release software, so please read the following to get an idea of the risks and key things you need to know before you try the RC.
  • You don’t need to rush to get Windows 7 RC. The RC release will be available at least through June 2009 and we’re not limiting the number of product keys, so you have plenty of time.
  • Watch the calendar. Windows 7 RC will expire on June 1, 2010. So if you install the RC release you’ll either need to upgrade to the final version of Windows 7 before that date, or install a prior version of Windows. (For more about installing Windows, see installation instructions.
  • Protect your PC and data . Be sure to back up your data and please don’t test Windows 7 RC on your primary home or business PC.
  • Technical details/updates: before installing the RC please read the Release Notes, and Things to Know for important information about the release.
  • Keep up with the news. You can keep up with general technical information and news by following the Springboard Series blog or Windows team blog. Want technical guidance, tips, and tools? Visit the Springboard Series on TechNet.
    And, you can get non-technical news, tips, and offers on the Springboard Series on TechNet
  • Keep your PC updated: Be sure turn on automatic updates in Windows Update in case we publish updates for the RC.
  • Microsoft Partners: Learn more about Windows 7on the Microsoft Partner Portal.
Here’s what you need to have:
  • Internet access (to download Windows 7 RC and get updates)
  • A PC with these minimum recommended specifications:
    - 1 GHz 32-bit or 64-bit processor or higher
    - 1 GB of system memory or more
    - 16 GB of available disk space
    - Support for DirectX 9 graphics with 128 MB memory (to enable the Aero theme)
    - DVD-R/W Drive
    Please note these specifications could change. And, some product features of Windows 7, such as the ability to watch and record live TV or navigation through the use of "touch," may require advanced or additional hardware.
Get the download

The 32- and 64-bit versions of Windows 7 RC are available in five languages: English, German, Japanese, French, and Spanish. (Note: The RC version will not be available in Hindi or Arabic.) Just choose the version that fits the system you'll be using, pick your language, and click go to register for and download the RC.

Downloading the Windows 7 RC could take a few hours. The exact time will depend on your provider, bandwidth, and traffic. The good news is that once you start the download, you won't have to answer any more questions – you can walk away while it finishes. If your download gets interrupted, it will restart where it left off. See this FAQ for details.


Could App Store Refund Policies Clean Out Devs' Wallets?

A close look at the refund policies clearly written into the developer agreement that devs must sign before being able to sell applications in the App Store shows that if it wanted to, Apple could demand a developer refund the entire amount of a sale to the company, if a customer managed to persuade Apple to give them a refund.

It's no secret that Apple takes 30% off the top of each sale at the App Store. The problem, according to TechCrunch's source, could occur if someone manages to pry a refund out of the company (emphasis mine):
In the event that Apple receives any notice or claim from any end-user that: (i) the end-user wishes to cancel its license to any of the Licensed Applications within ninety (90) days of the date of download of that Licensed Application by that end-user; or (ii) a Licensed Application fails to conform to Your specifications or Your product warranty or the requirements of any applicable law, Apple may refund to the end-user the full amount of the price paid by the end-user for that Licensed Application. In the event that Apple refunds any such price to an end-user, You shall reimburse, or grant Apple a credit for, an amount equal to the price for that Licensed Application. Apple will have the right to retain its commission on the sale of that Licensed Application, notwithstanding the refund of the price to the end.
So, let's say an app sells for $10 (yeah, yeah, I know, not too many that expensive). Apple gets $3 off the top. The dev gets $7. If they give the buyer $10 back, they want that same $10 from the dev, meaning Apple still makes a $3 profit, and the sale actually ends up costing the developer $3.

However, is this really blown out of proportion? First, Apple is providing a service of billing, collecting and distributing funds to the developer, much like a credit card. They could claim that all that infrastructure still requires a fee.

That doesn't means it's good for the developer; I'm just playing Devil's advocate here.

Also, let's look at the iTunes Refund Policy, can we?

REFUND POLICY

All Sales and rentals (as applicable) are final.

It doesn't sound like too many people could pry a refund out of them.

On the other hand, this points out a missing piece that people have been asking about for a long time: trial versions. Many downloadable applications allow trial versions to be downloaded, but Apple still doesn't provide that capability at the App Store.

Perhaps, as they roll out the iPhone OS 3.0, they will finally do so.



Kindle E-Reader iPhone App Earns Apple a Lawsuit

Earlier this month, Amazon.com released an iPhone / iPod Touch app that allows those devices to read Kindle e-books. That development seems to have spurred a lawsuit; MONEC Holding Ltd., a Swiss company, has filed a patent infringement lawsuit which claims that Apple is promoting the iPhone as an e-book reader, which in turn violates MONEC’s 2002 patent.

So here's an idea: want to sue anyone, sue Amazon.com.

Seriously, though, the iPhone had additional e-books in the App Store prior to the release of the Kindle software, but the Kindle software certainly creates a much easier way to buy and use e-books on the iPhone.

The patent, titled "Electronic device, preferably an electronic book," describes the device as follows:
An electronic device is provided with a housing, a display, input means, a microprocessor, a control arrangement, a memory, a power source, one or more interfaces for data exchange with a peripheral device. The display preferably provided as an LCD-display has dimensions such that with it approximately one page of a book can be illustrated at normal size, this display being integrated in a flat, frame-like housing. The input means for controlling the device are provided as a touch-screen in the display. A station for receiving and sending signals by way of a radio network allows the exchange of electronic data, such as for example E-mails, faxes, data from the Internet or the like, which can be visualized on the display. The electronic device according to the invention provides the considerable advantage that it is very light-weight and is easy to carry, can be used very universally and in this case has a relatively large display.
Ah, we see why Amazon.com was not sued over the Kindle: touch-screen, as mentioned in the patent. Hey, waitasec, Sony has a Reader, the PRS-700, which has a touch-screen. Why not sue them?

I dunno, it seems like yet another nuisance lawsuit. We'll keep you posted.



Wolfenstein 3D Classic Now Available in the App Store

I wrote earlier that id Software had released an iPhone port of Wolfenstein 3D as open source, but at the time it wasn't in the App Store. Wait no longer, it's there.

Besides having its own website (which you absolutely have to visit, right?), the game that id Software calls "the grandfather of the FPS at your fingertips" is located here in the App Store.

Sorry, you can't have everything. While the code has been released as open source, the game itself is a relatively high for the App Store $4.99. But come on: it's Wolfenstein 3D.

Here's the blurb on the game at the App Store:
Achtung! Play the legendary original game that launched the First Person Shooter genre. You are OSA super agent B.J. Blazkowicz and you must escape from Castle Wolfenstein and defeat the twisted Nazi regime!

Includes all six original episodes with 60 classic levels and unforgettable weapons like the brutal chain gun that still define action gaming today.

Wolfenstein 3D Classic is non-stop action and all of the memorable enemies are there for you to conquer from Hans Grosse to MechaHitler!

Search levels for hidden secrets that reveal stolen Nazi treasure, health packs, ammo and weapons or even short cuts. Use the new topdown map to see where you have already explored.

Wolfenstein 3D Classic makes use of an all new control system designed for the iPhone by technical visionary and id Software founder, John Carmack. Choose clever new touch controls or drive with the tilt controls to halt the diabolical Nazi schemes.
For those who played the old PC version, you'll have to learn a new control system, as it's been customized for the iPhone (and heck, there's no qwerty keyboard). There are on-screen controls for movement and shooting, but you can also use the motion-sensing abilities of the iPhone to play as well.

And John Carmack did the port himself. Personally, it's worth the $4.99.



Malware Targets Routers, Cable Modems

Everyone is really worried about the Conficker worm, but people need to remember that there are plenty of other security threats out there, including this malware that infects routers or cable modems.

Psyb0t targets them by using an included list of 6,000 usernames and 13,000 passwords. Some are to be used for brute force methodology of hacking into the router, but some are simply the well-known default passwords that routers are shipped with.

While APC indicates that the botnet for this particular malware has been shut down already, that doesn't a new attack along this same path can't be upcoming.

It's also not the case that you can whip out an antivirus program and scan your router, although it's relatively easy to hard reset the router and install new firmware.

Lesson to be learned: at the very least change your router password. Better yet, create a strong password. And don't forget to enable wi-fi security for your router as well, and if possible, don't have it broadcast the SSID.

All these settings might sound confusing, but if you read through your manual (you did keep it, right?) it's not really that bad.



Wednesday, March 25, 2009

Cox, Comcast, AT&T Acknowledge Following New RIAA Anti-Piracy Policy

Last December, the RIAA announced it was giving up on file-sharing lawsuits, and would be working with ISPs in a three-strikes policy program which would eventually result in broadband being cut off for repeat offenders of illegal file-sharing. At a digital music conference in Nashville this week, AT&T's Jim Cicconi stated that the company has begun testing a such takedown notification system.

An industry insider told C|Net:
Cicconi told attendees of the Leadership Music Digital Summit that the notices are part of a "trial." AT&T wants to test customer reaction, he said. Whether AT&T included any warnings that repeat offenders would see their service suspended or terminated is still unclear. Music industry sources said AT&T told managers at the top labels the trial letter would include strong language about the consequences of illegal conduct, but would stop short of mentioning service interruptions.
This was the first time an ISP has admitted participating in the new policy. Previously, C|Net noted that AT&T and Comcast were likely to participate.

While AT&T was the first, they weren't the last. Later in the conference, on Wednesday, Joe Waz, a senior VP at Comcast, told the same conference attendees that the company has issued 2 million similar notices.

Additionally, sources told C|Net that Cox is also participating.

The source above said AT&T would not disconnect a user, as is what is supposed to happen after a "third strike" of file-sharing, and Comcast was careful at the conference to call this a "trial" program. This is likely just the first step towards the full-blown three-strikes policy.

Other countries have considered this sort of policy previously, but no "systemic" adoption of such a policy has taken place, yet.



Nintendo Unveils Flash-Based Storage Solution for the Wii, New Zelda, Virtual Console Arcade

Besides sheer processing and graphical prowess, one of the things the Nintendo Wii has lacked is system storage. It doesn't have huge quantities like the PS3 or Xbox 360, and that limits what you can get through WiiWare. On Wednesday, at the Game Developers Conference (GDC) in San Francisco, Nintendo said your problems are over (more or less).

Wii System 4.0, which is available now, gives you the ability to use SDHC cards up to 32 GB in size. Not only that, you can not just save to the card, you can run games off the card, and thus WiiWare games will no longer be competing for system memory.

The company also announced Virtual Console Arcade. Classic (old) arcade games, downloadable to your SDHC card, natch! Here's the currently planned and already available list:
  • Gaplus (Namco Bandai): 600 Wii Points -- now
  • Mappy (Namco Bandai): 500 Wii Points -- now
  • The Tower Of Druaga (Namco Bandai): 500 Wii Points -- now
  • Starforce (Tecmo): 500 Wii Points -- now
  • Space Harrier (Sega) -- coming soon
  • Solvalou (Namco Bandai) -- coming soon
Finally, a new Zelda title -- The Legend Of Zelda: Spirit Tracks," for the Nintendo DS. Timeframe: later this year (vague enough for you?). Not much shown at GDC, but like the title implies, there was a scene of Link on a train.

I think the storage solution is the best news, but I have to say, while lacking in storage, the Nintendo Wii has never lacked in fun. Now where's that next-gen Wii?


Blockbuster, TiVo Announce Video-on-Demand Deal

Still playing catch-up with Netflix, Blockbuster announced on Wednesday it has inked a deal with TiVo to add its OnDemand service to TiVo's DVRs. TiVo already has deals in place with Netflix and Amazon.com, and those deals will be unaffected by this new pact.

Blockbuster currently only offers its OnDemand service on the 2Wire set-top box, placing it way behind Netflix in terms of options. Currently Netflix users can view streamed video on the Roku set-top box, their PC, and the Xbox 360, to name just a few, and Netflix is apparently surveying users about possible PS3 and Nintendo Wii viewing options.

The new functionality will be integrated into TiVo Series2(TM), Series3(TM), TiVo HD, and TiVo HD XL DVRs in the second half of 2009, according to the press release.

The OnDemand service on TiVo will allow both buying and renting of content; the current 2Wire option only allows rentals, although it does not require a subscription fee, as Netflix's service does.

Pricing for the new TiVo service was not announced.



China Unicom Posts iPhone, G1 Pages

China Mobile is the largest carrier in China, with 471 million subscribers, and they've been playing hardball with Apple over the iPhone. That may have led to them missing the boat, if the pages available on rival China Unicom's site are for real.

China Unicom has a "mere" 128 million subscribers, according to their site, and they have posted pages for both the iPhone 3G and the Android G1 (separate tabs, on the translated page, click the above image for a larger one --- just in case they take it down).

A few sites have noted that the descriptions list "time to market" as July 2008 for the iPhone, making them wonder if this is legit. Well, it also lists the G1 with a 2008 date, so that seems to indicate that this is just listing the release date of the devices, in their initial markets.

The pages aren't clear on when the devices will be released, but earlier rumors indicated May of this year.

Great, if this is all true, they will get the iPhone 3G just in time to see a summer announcement on the new iPhone. That ought to help sales!