News Archive

March 2013 Patch Tuesday brings Internet Explorer 8, 'evil maid' fixes

Posted on : 2013-08-13 22:09:13
Author : Jeremy Stanley

Admins will focus their attention to workstations, as Microsoft patched nine Internet Explorer vulnerabilities and three USB driver vulnerabilities in this month's Patch Tuesday update.

With four bulletins rated critical and three rated important, March's patches fall short of the near record-breaking number of patches seen in February.

The most urgent Internet Explorer (IE) vulnerabilities that need to be addressed affect IE 8.

The updates are "very critical for those who use IE 8. It's still an important patch, but you don't have to rush it out [if you're using a newer IE version]," said Wolfgang Kandek, CTO at Qualys, an IT security firm based in Redwood Shores, California.

A USB driver-related patch is also worth attention, Kandek said.

If an attacker has physical access to a workstation that is powered on, the machine could be compromised with an exploit on a USB thumb drive.

Though the bulletin is only rated important, Kandek said this is one to watch. There are numerous opportunities when an attacker could gain access. This type of approach is dubbed the "evil maid" attack where machines left in hotel rooms would be attacked, Kandek said.

Silverlight, Microsoft's interactive media plugin, received a critical patch, which repairs a vulnerability that could allow an attacker to remotely take over a machine.

In Microsoft Office, Visio, OneNote and SharePoint all received patches.

A full list of bulletins can be found from Microsoft.
Non-security updates

Microsoft also released a number of non-security updates on Tuesday, squashing a number software bugs.

A cumulative update is available for Windows Server 2012 and Windows 8. It fixes issues with potential Group Policy Object errors, reliability improvements when using USB 3.0 devices and Wi-Fi performance on Windows 8 devices.

An update rollup for Windows 7 and Windows Server 2012 SP1 is available, containing 90 hotfixes since the release of the first service packs for both operating systems. Another update for Windows Server 2008 R2 fixes an issue with Active Directory and PowerShell.

Windows Defender for Windows 8 received an update, adding new anti-malware functionality and overall performance fixes.

Microsoft delivered Windows 8 and Windows Server 2012 application compatibility updates, which add support for devices. The company also added a compatibility update for Windows 8 and Windows Server 2012's legacy upgrade experience.

Internet Explorer 10 on Windows 8 and Windows RT now supports all Flash content, as opposed to a Microsoft-controlled whitelist.

Exchange Server 2013: Not quite ready for the data center

Posted on : 2013-08-13 01:04:30
Author : Jonathan Hassell

Last fall, Microsoft released a wave of products, including Windows 8, a complete Office client refresh and a server-side update to both SharePoint and Exchange.

[To learn more about using Office 2010, or to pass along tips and tricks about it and SharePoint 2010, check out our Cheat Sheet series.]

I have been playing with builds of Exchange Server 2013 since it was in preview, and I have been using a Release to Manufacturing (RTM) copy of Exchange Server 2013 in my lab for a couple of months. I've found some areas of concern, but also areas of welcome improvement.

Let's take a look at some of the new features and capabilities of Exchange Server 2013 as well as some of the gotchas and disadvantages of the new release, at least in its current state.

As with any new software, the IT department needs to consider the update, evaluate it, develop a plan to deploy it if it makes sense and, above all, understand both the product's capabilities as well as the context around the software itself.

If the PC dies, Windows 8 will be its killer, says analyst

Posted on : 2013-08-13 01:04:19

In another illustration of the diminishing importance of the PC, a research firm today said that more than a third of surveyed consumers who once used personal computers to access content said they had switched to tablets and smartphones.

But unlike others who, noting the same trends, have said it signals the death of the PC, John Buffone of the NPD Group argued that PCs aren't going anywhere for the moment.

"There is a significant amount of functionality that is best conducted on computers," said Buffone in an interview. That work, often collectively dubbed "content creation," could remain the provenance of PCs for a long time to come.

"I'm not in the camp that thinks the PC is going by the wayside," said Buffone in describing NPD's research results. "There are just too many households that have computers." According to NPD's data, the average Internet-connected household has an average of 2.4 working personal computers, versus 1.4 tablets.

But there's a definite move toward shifting some tasks, most of them broadly categorized as "entertainment," from the PC to tablets and smartphones.

The top two activities that have most moved to mobile, said Buffone, are Internet browsing and using Facebook. Among tablet owners, 27% said they're using their PC(s) less frequently for going online in general, while 20% confirmed that they use their PCs less often for accessing Facebook.

Smartphone owners responded slightly differently, with 27% claiming that they use their PC less frequently for both Internet access and Facebook activities.

"I'm not surprised by the volume of this shift of behavior," said Buffone. "When it comes to consumer entertainment, we're seeing a migration at warp speed." He predicted that 2013 would see even more of the move toward mobile devices for those tasks.

But until Windows 8 makes headway, Buffone saw little chance that consumers would dump their PCs in dusty back rooms or closets.

"Windows 8 on tablets could change that," Buffone said, "but from the sales so far, it's not going to be rapid."

Microsoft has pitched Windows 8 -- the full-featured operating system, not the functionally-limited Windows RT -- as a dual threat on tablets and ultra-light, touch-enabled laptops, able to not only run hardware and support software traditionally found only in notebooks, but also agile enough to power tablets.

The most striking example of Microsoft's belief in Windows 8's ultimate abilities -- its faith that the OS can drive devices equally capable for delivering "content consumption" as content creation -- is its own Surface Pro tablet, which goes on sale tomorrow, Saturday, Feb. 9.

While other analysts haven't placed their bets on Windows 8 to lead the change from PCs to more mobile tablets, they have predicted that hardware able to really handle both content creation and consumption are not far off.

In a separate interview this week, Patrick Moorhead, principal analyst at Moor Insights & Strategy, pegged 2014 as the year when such devices become reality. "In 2014 there will be broad adoption of new processor technologies from Intel and AMD, for that matter from ARM," said Moorhead of his prediction that chip makers will have silicon by then that not only sips power at tablet-appropriate rates but has the horsepower necessary for content creation. "This is going to happen. And that means there won't be a robust, premium 10-in. tablet-only market."

The success of Windows 8, by Buffone's take, will thus be critical not only for Microsoft's future, but for the 40-year-old-and-counting concept of the personal computer.

"I see Windows 8 as the only prominent solution [to merging content creation and consumption], but that will happen only if enough consumers buy those devices, and Microsoft is able to show them the value proposition," he said.

Hackers Released Norton AV Source Code, Says Symantec

Posted on : 2013-02-09 12:08:36

Seems like we've heard this before, but Symantec spokesman Cris Paden said on Friday that hackers have published the source code to Norton Antivirus 2006 in the last 24 hours. The good news is that the leak doesn't pose as a threat to the millions of subscribers who have the software installed on their system.

"The code that has been exposed is so old that current out-of-the-box security settings will suffice against any possible threats that might materialize as a result of this incident," Paden said.

Norton Antivirus 2006 is one of many leaks dumped on the internet by Lord of Dharmaraja, a group affiliated with Anonymous. Symantec previously admitted that the group hacked into one of Symntec's servers and obtained the source code of many Symantec products, including Norton Antivirus 2006.

Since then, the hactivist group has released the source code to Norton Utilities and pcAnywhere, the latter of which required an upgrade after the source code went public. Symantec urged customers to disable pcAnywhere until the upgrade was issued, indicating that the leak posed a possible security risk despite the source code's age.

On Thursday the source code leak for Norton Antivirus 2006 was announced on Twitter, reporting that the torrent resided on file-sharing site The Pirate Bay. The file itself weighs at 1.07 GB and contains the source code to a number of Symantec products including the consumer edition, the corporate edition, and additional files for Windows, Unix and NetWare. A note attached to the torrent calls for the release of the LulzSec hackers who were arrested earlier this week thanks to the group's backstabbing leader, Hector Xavier Monsegur. He was not among the list to be freed.

Following reports that the Norton Antivirus 2006 source code was released, Symantec provided an official statement, assuring customers that there's nothing to worry about.

"Symantec is aware of the claims made by Anonymous that it has recently posted source code for the 2006 version of Norton Antivirus," the company states. "We are still in the process of analyzing the code to confirm its authenticity. As we have already stated publicly, this is old code, and Symantec and Norton customers will not be at an increased risk as a result of any further disclosure related to these 2006 products."

Intel: Optical cables for Thunderbolt coming this year

Posted on : 2013-02-09 12:08:36
Author : Agam Shah

Optical Thunderbolt cables will enable faster data transfers over longer distances.

IDG News Service - Optical cables for Thunderbolt ports that enable faster data transfers over longer distances on computers such as Apple's Macintosh will be available later this year, Intel said Monday.

Thunderbolt, introduced just over a year ago, is a high-speed connector technology that shuttles data among computers and with peripherals. Current Thunderbolt installations are based on copper, but optical cables could provide more bandwidth and longer cable runs in the future, according to Dave Salvator, an Intel spokesman.

Thunderbolt was co-developed by Apple and Intel and is considered a faster alternative to USB 3.0, with transfer speeds of up to 10Gbps. A full-length, high-definition movie can be transferred from an external storage device to a laptop in less than 30 seconds.

The technology was introduced in 2009 with the promise of using pulses of light to transfer data. But because of the prohibitive cost of fiber optics, the first Thunderbolt installs on Apple's Macintosh computers last year came with copper cables. PC makers like Lenovo are due to offer Thunderbolt ports in Windows laptops later this year.

Intel has said copper cables are adequate for data transfers over short distances of up to six meters. Optical cables will be good for data transfers over longer distances of tens of meters.

The upside to optical is that it allows for longer cable runs, and as the technology develops, more bandwidth, Salvator said in email. But when connected via optical cables, devices that need power also require their own power supply. Running power over longer optical cable runs may not be practical due to impedance-induced power drop.

Copper has the advantage of providing up to 10 watts of power, which saves a device from requiring a power outlet, Salvator said.

Intel did not provide a specific time frame on when optical cables will become available. The company also declined to provide guidance on pricing.

Existing Thunderbolt ports on Apple's Mac computers will be compatible with the upcoming optical cables. Users will be able to buy existing products and switch from copper to optical without changes in computers. Circuitry ensures that the Thunderbolt cables are transparent to copper or fiber optics connections.

Intel's aim with Thunderbolt is to cut the number of ports and unite all data-transfer, networking and display protocols through a single connector. Thunderbolt supports protocols including DisplayPort for displays and PCI-Express 2.0 for peripherals like external storage devices. Thunderbolt devices share a common connector, and devices can be can daisy-chained one after another by electrical or optical cables.

Thunderbolt is still niche technology that has mostly found specific uses in areas such as storage and networking, said Jim McGregor, chief technology strategist at In-Stat.

It's good to have Thunderbolt on computers, but it won't make a difference until it reaches everyday devices such as handsets, cameras and MP3 players, McGregor said. However, device makers want to get rid of cables, and many wireless technologies are taking over in consumer electronics.

Thunderbolt could also get more expensive with optical technology, which could stymie its adoption, McGregor said. Great connector technologies such as FireWire have come but not found success.

But just over a year after its introduction, Thunderbolt is still maturing as the technology finds adoption on peripherals and computers. Intel is also taking steps to improve the technology.

Intel earlier this week said it was building support in Thunderbolt for PCI-Express 3.0 protocol, which would boost data transfer speeds. The chip maker is also developing a Thunderbolt successor based on silicon photonics that will be able to move data up to five times faster than current Thunderbolt implementations. The technology is slated to hit the market by 2015.

Mozilla Firefox 11 Final released

Posted on : 2013-02-09 12:08:36
Author : Cezar Torescu

Earlier this week, Mozilla announced that it was going to delay the release of Firefox 11 due to two concerns relating to vulnerabilities discovered at the Pwn2Own competition held at CanSecWest, and also due to Microsoft's Patch Tuesday.

At the time, Mozilla wanted to wait to see whether it could include a fix for the vulnerability found by Pwn2Own. After it was revealed that this vulnerability was one that Mozilla actually already knew about, the new version was given the green light, but only for users who had chosen to update manually.

In an update on its blog, Mozilla said that the reason for not going ahead with automatic updates was because Microsoft's Patch Tuesday had interacted badly with its updates in the past.

We don't have reason to expect specific problems with this month's updates, but we'd rather take a day or two to understand the impact before we update all of our users," the company wrote.

Once those impacts are understood, we'll push automatic updates out to all of our users.

To download the final version of Mozilla Firefox 11 click here.

In Australia, secure your Wi-Fi -- or face a visit from the police

Posted on : 2013-02-09 12:08:36
Author : Jeremy Kirk, IDG News Service

Police in one Australian state have undertaken a campaign to get people to password-protect their Wi-Fi routers.

If you live in the Australian state of Queensland and have an insecure Wi-Fi router, you may get a visit from the police.

In a bid to raise awareness about cybercrime, police in the northeastern state plan to "wardrive," or cruise the streets, scanning for Wi-Fi routers that are not password protected or use an aging, weak security protocol.

Australian consumers and businesses don't need to worry about a fine: Police just plan distributing information on how they can better secure their routers in their mailboxes.

Wardriving is a term that has been applied to hackers who drive around neighborhoods looking for open Wi-Fi connections. The dangers are well known: a router that is not password protected means traffic exchanged with the router is sent in the clear, which could easily be spied on.

Miscreants could also hop on the insecure network to send spam or conduct other illegal activity online, with the Wi-Fi router's owner on the hook for the activity.

Queensland police are also warning people who have the WEP (Wired Equivalent Privacy) security protocol enabled, which was widely used in routers shipped between 2000 and 2005. The protocol can be cracked with easily available tools in minutes, and it is considered totally insecure even though it is still used.

Queensland police described using WEP as the equivalent of "using a closed screen door as your sole means of security at home."

Most router manufacturers today ship their products with security enabled by default. More recent routers use the WPA or WPA2 protocols, or both. WPA has known security issues but still is much safer than WEP. It is generally recommended to use WPA2.

Queensland Police, which ran a similar program in 2009, said it had identified a large number of homes and businesses in the greater Brisbane area that did not have secure Wi-Fi connections. The program is run by the State Crime Operations Command's Fraud and Corporate Crime Group.

Most webmasters don't know how their websites got hacked, report says

Posted on : 2013-02-09 12:08:36
Author : Lucian Constantin, IDG News Service

63% of webmasters whose websites get hacked don't know how the compromise occurred

Most owners of compromised websites don't know how their sites got hacked into and only 6 percent detect the malicious activity on their own, according to a report released by StopBadware and Commtouch on Thursday.

The new "Compromised Websites: An Owner's Perspective" report is based on a survey of over 600 website administrators and owners that was carried out over several months by security vendor Commtouch and StopBadware, a nonprofit organization that helps webmasters identify, remediate and prevent website compromises.

The leading cause of website compromises appears to be outdated content management software (CMS). This was indicated as a reason for their websites being hacked by 20 percent of respondents.

Twelve percent of webmasters said that a computer used to update their website was infected with malware, 6 percent said that their credentials were stolen credentials, and 2 percent admitted logging in while using wireless networks or public PCs. However, 63 percent of respondents didn't know how their websites got compromised.

The CMS platform most commonly installed on compromised websites was WordPress, as indicated by 28 percent of respondents. However, WordPress accounts for over 50 percent of the entire CMS market according to data from w3techs.com, so the rate between hacked WordPress websites and the platform's actual install base is better than that of other CMS platforms like Joomla or osCommerce.

Almost half of respondents -- 49 percent -- learned that their websites had been compromised through browser or search engine alerts. Eighteen percent were notified by their colleagues or friends, 10 percent by a security organization and 7 percent by their hosting provider. Only 6 percent of respondents discovered the compromise on their own by noticing suspicious or increased activity on their websites, the report said.

A third of respondents didn't know how their websites had been abused after being hacked. Those that did know pointed to the hosting of malware and rogue redirect scripts as being the most common forms of abuse -- 25 percent and 18 percent, respectively.

Many webmasters -- 46 percent -- managed to fix the compromise on their own, using information available on help forums and other websites. Twenty percent fixed the problem by following instructions received from security companies and 14 percent with the help of their hosting providers.

However, more than a quarter of respondents indicated that their websites remained compromised after trying several approaches.

Overall, 28 percent of webmasters said that they are considering switching Web hosting providers after their hacking experience. The survey found that webmasters were three times more likely to consider leaving Web hosting providers that charged extra for helping them address the problem or refused to provide support.

The report concluded that many webmasters are not fully aware of the threats their websites are exposed to and how to deal with possible compromises. Taking basic security precautions like keeping CMS software and plug-ins up to date, using strong and varied passwords that aren't stored on local machines, and regularly scanning computers for malware can go a long way to prevent website hacking incidents, the report said.

Improved methods of proactively notifying webmasters that their websites have been hacked are needed to complement browser and search engine alerts. Web hosting providers have an opportunity to strengthen the reputation of their brands by educating and helping customers whose websites have been hacked, the report said.

How secure is the cloud? IT pros speak up

Posted on : 2013-02-09 12:08:36
Author : Thor Olavsrud and Dan Muse

For CIOs and IT professionals, the potential of the cloud is clear: transforming IT from cost center to business engine. It promises the agility and scalability that tech dreams are made of. By leveraging the cloud, you can complete typical IT tasks in hours rather than weeks or months, allowing you to dedicate staff to innovation, not just maintaining systems and infrastructure.

But reduced costs and increased flexibility don't come without costs. Security is always a concern when sensitive data is involved, and that concern is heightened when it comes to cloud services that sit outside the corporate firewall. The numbers bear that out. U.S. companies are still feeling out their security footing when it comes to the cloud, but the trend is clear. Eighty-two percent of U.S. companies trust the cloud enough to use it in at least some deployments. However, 54% also list cloud security as a high priority (and another 32% cite it a middle priority).

Microsoft patches critical Windows zero-day bug that hackers are now exploiting

Posted on : 2013-02-09 12:08:36
Author : Gregg Keizer / Computerworld

Microsoft today delivered six security updates to patch 11 vulnerabilities in Windows, Internet Explorer (IE), Office and several other products, including one bug that attackers are already exploiting.

The company also issued the first patch for Windows 8 Consumer Preview, the beta-like build Microsoft released at the end of February.

But it was MS12-027 that got the most attention today.

"Things got a bit more interesting today," said Andrew Storms, director of security operations at nCircle Security, "because Microsoft is reporting limited attacks in the wild."

Flaws that attackers exploit before a patch is available are called "zero-day" vulnerabilities.

The single vulnerability patched in MS12-027 is in an ActiveX control included with every 32-bit version of Office 2003, 2007 and 2010; Microsoft also called out SQL Server, Commerce Server, BizTalk Server, Visual FoxPro and Visual Basic as needing the patch.

Storms, other security experts and Microsoft, too, all identified MS12-027 as the first update users should install.

Hackers are already using the vulnerability in malformed text documents, which when opened either in Word or WordPad -- the latter is a bare bones text editor bundled with every version of Windows, including Windows 7 -- can hijack a PC, Microsoft acknowledged in a post to its Security Research & Defense (SRD) blog today.

"We list MS12-027 as our highest priority security update to deploy this month because we are aware of very limited, targeted attacks taking advantage of [the] CVE-2012-0158 vulnerability using specially-crafted Office documents," said Elia Florio, an engineer with the Microsoft Security Response Center, in the SRD blog post.

Microsoft did not disclose when it first became aware of the attacks, or who reported the vulnerability to its security team.

Storms speculated that an individual or company had been attacked, uncovered the bug and notified Microsoft.

Microsoft rarely deploys a patch "out of cycle," meaning outside its usual second Tuesday of every month schedule. The last such update was shipped in December 2011, and was the first for that year.

Also affected is software written by third-party developers who have bundled the buggy ActiveX control with their code or called it. Those developers will have to provide their own updates to customers.

"Any developer that has released an ActiveX control should review the information for this security bulletin," said Jason Miller, manager of research and development at VMware. "These developers may need to release updates to their own software to ensure they are not using a vulnerable file in their ActiveX control."

Attackers can also exploit this bug using "drive-by download" attacks that automatically trigger the vulnerability when IE users browse to a malicious site, Microsoft admitted.

That means the flaw patched by MS12-027 is a double threat. "There are two attack scenarios. There's the malicious website [scenario] and then RTF documents, which are pretty common," Miller said.

Miller expects to see attackers glom onto the vulnerability once they have a chance to analyze the bug and craft their own exploits. "More and more will jump on this this month," Miller argued.

Wolfgang Kandek, chief technology officer at Qualys, agreed. "Now that [the advisory] is published, other malware authors will be looking at it to see what's there," Kandek said. "We're sure to see more attacks against this vulnerability."

Eight of the 11 bugs patched today -- including the one in MS12-027 -- were rated "critical" by Microsoft, its highest threat ranking. Another was pegged "important," and the remaining two were tagged as "moderate."

Microsoft identified MS12-023, a five-patch fix for IE, as the other update to roll out ASAP.

The company typically releases an IE security update in even-numbered months; on those months, security professionals usually recommend that users apply the browser update first.

Not this month.

"MS12-027 trumps the IE update this month," said Miller.

Storms also remarked on the downgrading of the IE bulletin. "When has there been a month when IE hasn't been the one to patch first?" Storms asked. "I can't remember one."

Two of the five vulnerabilities in MS12-023 were rated critical for IE9, the newest edition of Microsoft's browser that runs on Windows Vista and Windows 7.

Other bulletins today applied to Windows, .NET, Microsoft's VPN (virtual private networking) tool and Office 2007 and the ancient -- and no longer sold -- Microsoft Works.

Miller pointed out that MS12-024, which patches a critical vulnerability in all supported versions of Windows, also applies to Windows 8 Consumer Preview.

Although the MS12-024 advisory does not mention Windows 8 Consumer Preview, anyone running that sneak peek will be offered the update, said Miller. Computerworld confirmed that MS12-024 was among several other non-security fixes Microsoft delivered to Windows 8 today.

According to Qualys, the bug in MS12-024 lets hackers hitch a ride inside legitimate software installation packages.

Amol Sarwate, manager of Qualys' vulnerability research lab, said the vulnerability would be very attractive to purveyors of phony antivirus software, a category often called "scareware" or "rogueware."

April's six security updates can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.

Feds seize more domain names of sites accused of selling counterfeits

Posted on : 2013-02-09 12:08:36
Author : Grant Gross / IDG News Service

The U.S. Department of Justice and U.S. Immigration and Customs Enforcement have seized more than $896,000, plus the domain names of seven websites accused of selling counterfeit sports apparel, the two agencies announced Tuesday.

The sellers, based in China, sold counterfeit professional and collegiate sports apparel, primarily counterfeit jerseys, the agencies said ins a news release. The agencies, after making undercover purchases from the sites, received seizure warrants from a magistrate judge from the U.S. District Court for the District of Columbia.

The seizure warrants were unsealed on Thursday.

Since June 2010, the two agencies have seized 758 domain names of websites accused of selling counterfeit products, including sports equipment, shoes, handbags, athletic apparel, sunglasses and DVD boxed sets. ICE's Office of Homeland Security Investigations launched Operation In Our Sites, focused on websites selling counterfeit products, in mid-2010.

Several subjects whose domain names had been seized in a November 2010 In Our Sites operation continued to sell counterfeit goods using new domain names, the agencies said. This operation targeted those websites.

The website operators processed payments for the counterfeit goods using PayPal Private Ltd. accounts and then wired their proceeds to bank accounts held at Chinese banks, the agencies said.

Through the warrants, law enforcement agents seized $826,883 that had been transferred from PayPal accounts to bank accounts in China. The funds were seized from interbank accounts held by the Chinese banks in the U.S.

Under additional seizure warrants, law enforcement agents also seized $69,504 in funds remaining in three PayPal accounts used by the website operators.

"We are working hard to protect American businesses and consumers from the damaging effects of intellectual property crime," Lanny Breuer, assistant attorney general in the DOJ's Criminal Division, said in a statement. "This investigation disrupted an online counterfeit goods operation and also struck at the heart of the criminal enterprise by seizing hundreds of thousands of dollars in illegal profits."

Xamarin adds Android designer to Visual Studio

Posted on : 2013-02-09 12:08:36
Author : Paul Krill, InfoWorld

Mono for Android SDK offers app-designing for both Microsoft's and Xamarin's IDEs.

Xamarin, with an upgrade to its Mono for Android SDK on Monday, is adding a drag-and-drop, graphical designer for building Android application interfaces within either Microsoft's Visual Studio or Xamarin's own MonoDevelop IDE.

Xamarin Designer for Android is featured in Mono for Android 4.2. Developers can edit properties for native Android widgets and interface controls from within a visual designer and produce standard Android XML layout files. "It produces layouts in the standard Android format -- XML format," said Joseph Hill, chief operating officer at Xamarin.

[ Also on InfoWorld: Xamarin was formed a year to take over development of Mono technologies, which had been under Novell's domain. | For more news on software development, subscribe to InfoWorld's Developer World newsletter. ]

The designer follows conventions of Visual Studio and supports Android API levels going back to level 4 of the Android platform. Also supported are the "Froyo," "Gingerbread," "Honeycomb," and "Ice Cream Sandwich" releases of Android. Developers have control over form widgets, text fields, layouts, images, and media. Support also is featured for dock-specific layout configurations, including car, desk, and television. Users can view and edit layouts by language, region, country, and telephone carrier.

The SDK, which starts in price at $399, includes the Mono runtime for running .Net applications on non-Microsoft platforms. Also featured in Mono for Android 4.2 are capabilities for integrating Java libraries and the ability to take advantage of recent Android features on older phones. Developers get x86 support, as well, to boost emulation.

Microsoft XP, Office 2003 and Vista support is coming to an end

Posted on : 2013-02-09 12:08:36

Mainstream Support for Windows Vista ended on April 10th, moving into what is called “Extended Support,” which will last through April 11, 2017. In mid-February, Microsoft had extended support for the consumer versions of both Windows 7 and Vista by five years, so they could have the same lifespan as the equivalent enterprise versions. Extended Support means that Vista users will still be able to pay for per-incident support and get security updates.

In just two years, XP and Office 2003 will be ending Extended Support, which means that Microsoft will no longer fix any bugs or security holes. The end of support can cause some problems if XP users are unaware of the malware threats and the implications. Windows XP is one of the leading operating systems in use, even a decade after its debut, and millions of computers could be potentially left vulnerable to security threats. NetMarketShare.com shows that Windows XP had 43% of the market share in March, which is a 10% decrease from last year, but doesn’t bode well for a cut off date of 2 years.

To avoid being left with no support, upgrade to Windows 7 today and get 3 users for $129. If you’re waiting on hardware requirements or aren’t ready to upgrade, Windows 8 is set to be released sometime in 2012. In February, Microsoft released a Windows 8 Consumer Preview that was received with mixed reviews. Prompting some to wait and others to go ahead and upgrade to Windows 7.

Diablo III - Evil Is Back

Posted on : 2013-02-09 12:08:36

In case you missed its debut Sunday night, the "Evil is Back" commercial for Diablo 3 can be seen below. The clip is epic to say the least, leaving fans on the edge of their seat and wanting May 15 to arrive sooner rather than later.

Unfortunately, the cinematic tease arrives just as Blizzard pulls the plug on its private beta testers for good. As of May 1, the beta servers will be taken offline -- beta accounts and their character information will be reset.

"Leading up to Diablo's May 15 launch date, players will only be able to create comments and forum posts on the official Diablo 3 community site if they have pre-purchased Diablo 3 or have a StarCraft II or an active World of Warcraft game license attached to their Battle.net account," the company said on a blog weeks ago.

"We'd like to thank everyone who has participated in the Diablo 3 beta," the company added. "You've done an admirable job of testing, and we greatly appreciate all of the feedback you provided during this critical phase of development."

The next fifteen days my be pure hell for those anxiously waiting for the new Diablo sequel. To make the anticipation worse, fans will likely see increased coverage as Blizzard cranks up the marketing flow, fueling the fire. The hype will climax at the eve of the game's launch, May 14, as Blizzard and participating retailers around the world play host to special launch events.

For those residing in Irvine, California, Blizzard will have an official launch event in the Great Wheel Court of the Irvine Spectrum Mall. The "festivities" will start at 8:00pm PDT on May 14 and include multiple giveaways, entertainment, and contests offering exclusive Diablo 3-themed prizes including laser-etched desktop PCs from Intel. The team will also be on hand to meet with players and to sign physical copies of the game.

"In addition to the official US launch event, other retail locations around the country will open at midnight to support gamers looking to pick up their copy of the game the moment it goes live," Blizzard said last Wednesday. "Please check with your local retailers for further details."

Diablo 3 is almost here. The excitement is nearly thick enough to cut with a dagger, and the TV spot seen below is an example of why Blizzard remains at the top of the PC gaming crop. C'mon May 15, hurry up already.

So we lived to see it coming true, the Evil is back in it's greatness. Blizzard awaits you so rush over there and get your copy now.

Windows 8, RT to Receive First Security Patches Next Week

Posted on : 2013-02-09 12:08:36

Fixes key loopholes for potential injection of malicious code.

Microsoft's recently launched operating system, Windows 8, is due to receive its first critical security update next week.

Scheduled for a release on Tuesday, Windows 8 and Windows RT users will be protected from hackers potentially running malware on unprotected PCs.

The patches are being released to prevent "remote code execution," which effectively means holes in the OS that could let a cracker remotely run malicious code on a PC will be closed off.

In addition to Windows 8, the fixes applies to other major Windows versions, including XP, Vista, Windows 7, in addition to Server 2003, 2008 and 2012.

The incoming update delivers a total of six security patches -- four are considered critical, one important, while the other is dubbed moderate. The majority of fixes are focused towards the Windows operating system, accompanied by a fix of a flaw in Internet Explorer 9 and another hole found in Microsoft Office 2003, 2007, as well as the 2010 version for the PC, Office 2008 and 2011 for the Mac.

Windows 8 owners, as well as users of previous versions of the OS can activate the patches manually by clicking on the shortcut for Windows Update via the Start menu. Those who have enabled automatic updates will have the patches installed without any required actions come Tuesday.

Windows 8 Users Receiving How-to Emails From Microsoft

Posted on : 2013-02-09 12:08:36

Two emails explain foundation of the new operating system.

Consumers who set up a Windows 8-powered tablet or PC using a Microsoft account will receive two e-mails with tips and tricks on using the just-launched operating system.

The first e-mail, entitled "Getting Started with Windows," offers advice on utilizing the OS' revamped Start screen through a brief description of Live Tiles.

Elsewhere, another section explains the different charms situated in the Charms bar. Two other sections tells users how to switch between or view several Windows 8 applications.

Each section displays a "Learn more" or "Discover more" link where users can find more details on the operating system, accompanied by a how-to video relating to a given feature on Microsoft's website.

The second e-mail, meanwhile, is dubbed "Personalize your Windows". It shows users how to customize their Start screen, download new apps from the Windows store, work with built-in apps and create a picture password.

Mobile browser vulnerability lets hackers steal cloud computing time

Posted on : 2013-02-09 12:08:36
Author : Computer World

A novel technique based on MapReduce could let hackers hijack computing resources used by cloud-based mobile browsers and use them anonymously, according to security researchers from North Carolina State University and the University of Oregon.

MORE MOBILE: The smartphone is 20 years old, believe it or notA

Cloud browsing uses outside computing power to process web pages and deliver them to end users, instead of doing the heavy lifting on the end-user's own device. The researchers say that the technique is particularly useful for mobile browsing, which would otherwise have to rely on a mobile device's less-powerful hardware. Opera Mini and Android Silk are the best-known browsers to use the technique, though there are others available.

However, the clouds used to do the heavy lifting can be tricked into doing a number of other things, according to the researchers, who have written a paper on the subject. They call the technique browser MapReduce or BMR.

The team tested its idea by storing pieces of data on URL shortening sites, effectively tricking both those sites and the cloud browser providers into performing computations for them. NCSU assistant professor William Enck, a co-author of the paper, said in a statement that the team limited the amount of data processed in this way to 100MB.

"It could have been much larger, but we did not want to be an undue burden on any of the free services we were using," he said.

Used maliciously, Enck added, the technique could provide hackers with vast, temporary and completely anonymous computing horsepower, allowing them to crack passwords or perform other nefarious tasks at great speed.

Depending on the scale of the attack, users may not notice anything is going on, he said in an email to Network World.

"[It] depends on how well-provisioned the cloud browser platform is, as well as how large of a job the attacker is executing. Cloud browsers operators who are monitoring resource use will definitely notice a spike in service use. However, reacting to BMR jobs requires the operator to build additional defenses into their framework," Enck said.

Enck and his fellow authors will present the paper - titled "Abusing Cloud-Based Browsers for Fun and Profit" - at the 2012 Annual Computer Security Applications Conference on Dec. 6 in Orlando.

AMD Releases Catalyst Video Drivers For Windows 8 Consumer Preview

Posted on : 2012-02-09 12:08:36

Microsoft wasn't the only company releasing Windows 8 Consumer Preview software yesterday. If you're rocking a Radeon graphics card, you'll be happy to hear that AMD rolled out new Catalyst drivers specifically tailored for the prerelease OS, complete with supports for Windows 8's WDDM 1.2 features.

Actually, you might not be pleased to hear the news if you've plunked down cash for one of the latest and greatest Radeon HD 7000 GPUs, since the update doesn't support that family of hardware. AMD promises you early adopters will get Consumer Preview drivers of your own "in the coming weeks," though.

Here's what you can expect to get from the driver :

Full WDDM 1.2
AMD Eyefinity
OpenC
OpenGL
UVD
AMD Dual Graphics / AMD CrossFire Technology
AMD Overdrive
AMD Catalyst Control Center / Vision Engine Control Center

And if you're not sure what WDDM 1.2 brings to the table, AMD conveniently outlined its benefits:

Native Stereo 3D support: Windows 8 will natively support Stereo 3D for full-screen and windowed gaming, and video applications
Unified Video API - Video playback is now integrated within the DirectX 11 API; enabling simultaneous high quality Video and 3D content, and the potential for enhanced video transcoding performance
Optimized screen rotation
Improved sleep / resume performance
Optimized Power Consumption

News Archive

Links

Quote of the day

News Archive

March 2013 Patch Tuesday brings Internet Explorer 8, 'evil maid' fixes

Exchange Server 2013: Not quite ready for the data center

If the PC dies, Windows 8 will be its killer, says analyst

Hackers Released Norton AV Source Code, Says Symantec

Intel: Optical cables for Thunderbolt coming this year

Mozilla Firefox 11 Final released

In Australia, secure your Wi-Fi -- or face a visit from the police

Most webmasters don't know how their websites got hacked, report says

63% of webmasters whose websites get hacked don't know how the compromise occurred

How secure is the cloud? IT pros speak up

Microsoft patches critical Windows zero-day bug that hackers are now exploiting

Feds seize more domain names of sites accused of selling counterfeits

Xamarin adds Android designer to Visual Studio

Microsoft XP, Office 2003 and Vista support is coming to an end

Diablo III - Evil Is Back

Windows 8, RT to Receive First Security Patches Next Week

Windows 8 Users Receiving How-to Emails From Microsoft

Mobile browser vulnerability lets hackers steal cloud computing time

AMD Releases Catalyst Video Drivers For Windows 8 Consumer Preview