Sunday, May 6, 2012
Friday, May 4, 2012
Microsoft boots Chinese firm for leaking Windows exploit
Microsoft on Thursday identified a Chinese security partner as the source of a leak last March in its highly restricted vulnerability information-sharing program.The company, Hangzhou DPTech Technologies, was tossed out of the Microsoft Active Protection Program (MAPP) for leaking the proof-of-concept exploit.
"During our investigation into the disclosure of confidential data shared with our Microsoft Active Protections Program (MAPP) partners, we determined that a member ... Hangzhou DPTech Technologies Co., Ltd., had breached our non-disclosure agreement (NDA)," Yunsun Wee, director of Microsoft's Trustworthy Computing group, wrote in a post to a company blog. " Microsoft takes breaches of our NDAs very seriously and has removed this partner from the MAPP Program."
Wee also said that starting with this month's security updates -- slated to ship Tuesday -- Microsoft has "strengthened existing controls and took actions to better protect our information."
He did not elaborate on the steps Microsoft has taken to prevent another leak or explain why the company decided DPTech was the source of the leak.
DPTech is based in Hangzhou, a major city in eastern China southwest of Shanghai. According to the company's website, it develops and sells network security products that include UTM (unified threat management) systems, IPS (intrusion prevention systems) appliances, application firewalls and vulnerability scanning software.
Andrew Storms, director of security operations at nCircle Security, was stunned that Microsoft named DPTech.
"It's not like [Microsoft] to call out someone," Storms said. "I'm not surprised they cut the offender out of the program [but] I would have expected it happen silently."
Microsoft launched its investigation in mid-March after Italian security researcher Luigi Auriemma said code in an exploit circulating on a Chinese website was identical to what he had provided HP TippingPoint's bug bounty program to qualify for a reward.
Auriemma had uncovered a vulnerability in Windows' Remote Desktop Protocol (RDP) in May 2011, then reported it to TippingPoint. His code was used by the Zero Day Initiative to create a working exploit as part of the bounty program's bug verification work. ZDI passed along the exploit and other information about the RDP vulnerability to Microsoft.
Microsoft patched the RDP vulnerability in its March Patch Tuesday update, and rated the fix "critical," the highest threat ranking in its four-step system.
View the original article here
Samsung Galaxy S III FAQ: Everything You Need to Know
Samsung's splashy Galaxy S III Thursday launch was packed with information, but we'll tell you what you really need to know.
by Ginny Mies
After all of the rumors and speculation, the Samsung Galaxy S III is finally here but you probably have a few questions about this new Android phone.
Samsung is the master of flash and flare at its press conferences, but we're here to help you get to the nitty gritty of why you should care about this phone. The Galaxy S III will go on sale in Europe on May 23. No official word yet on a U.S. launch, but it could come this summer.
[Related: Spec Smackdown: Samsung Galaxy S III vs. iPhone 4S vs. HTC One X]
Can the S III Really Follow Your Every Move?
The Samsung S III really wants to be your new best friend--your new psychic best friend. According to Samsung's somewhat creepy commercial (shown below), the S III "follows your every move." Scared yet?
In reality, the Samsung S III can do things like predict when you want the screen awake by using the front-facing camera to monitor your eyes. If you're watching a movie on your phone and happen to fall asleep, the phone's display will turn off.
The S III also has a feature called S Voice, which is a customized voice-recognition system. Hmm, sound familiar? Like Apple's Siri, S Voice can recognize a variety of commands. For example, you can say "snooze" when your alarm goes off and buy yourself a little more sleeping time. You can also say "direct call" and ring somebody while you're in the middle of a text. You can also control the volume of your music, organize your calendar, and launch the camera via voice commands.
However, there's no word, so far, on whether S Voice works with third-party applications. S Voice works with eight different languages, including British English and American English. A few of my friends from across the pond have complained about Siri's difficulty in understanding them so I guess this is good news there.
Is It Quad-Core Powered?
Samsung confirmed before today's announcement that the Galaxy S III phones will be powered by the company's own quad-core 1.4GHz Exynos 4 Quad processor. Oddly, however, the processor specs were not in the press materials we received today. I have a suspicion that the Samsung quad-core processor is not compatible with U.S. LTE networks. If true, we might see a different processor on the S III phones in the United States. Samsung would not comment on what sort of processor the U.S. versions will have when I asked.
HTC pulled a similar trick with the One X. The global version runs on an NVidia Tegra 3 processor, while the U.S. phone uses a dual-core Qualcomm Snapdragon S4 processor. NVidia's quad-core processor was not yet compatible with AT&T's LTE network at the time of the One X's manufacture. In our benchmarks, however, the U.S. version of the One X did quite well despite having fewer cores.
When Will the S III Come to the United States?
Remains of the Day: Apocalypse sometime
Something big is about to happen. Somewhere. Somehow. Sometime. Or not. While you're waiting for that maybe-possibly-could-be reveal, perhaps you'd like to hear about Steve Jobs's patent collection? Or you could just skip to a beer-utiful use for one of your iPad accessories. You've got to believe in something--the remainders for Thursday, May 3, 2012 believe they'll have another drink.
Source Says Documents Reveal "Something Big Is About to Happen" With Apple (The iPhone 5 News Blog)
Sources! Something big! Well, that sounds...uh...vague. Pray tell, what is the source of this information? "An administrative assistant at a top U.S. brokerage firm that handles Intel and Apple's ocean/air accounts" who said she saw high-security green folders. You can't just buy those at Staples for a dollar, people!
Steve Jobs' Patents Tell the Story of Invention (Smithsonian)
Mr. Jobs's patents are going to Washington: The Smithsonian Institution, to be precise. The temporary exhibit will feature 30 "iPhones" (four-by-eight-foot panels) featuring more than 300 patents, along with a display case containing a Macintosh, a Next box, and an iPod. What, no Lisa?
Role to Role, From Sherlock to 'Star Trek' (New York Times, login required)
'Twas a night around Christmas, and all through the house,there was no one to film Benedict--not even a mouse.The answer, my dear Watson, was elementary alone! Mr. Cumberbatch would turn to his trusty iPhone. And that was more than enough to earn him the partfor Benedict C.'s got nothing if not heart.
The Old Gmail Is Officially Dead, Dead, Dead (Time)
So long, classic Gmail. No amount of workarounds or last-minute heroic efforts could save you. Say hi to Wave and Buzz for us.
iPad power adapter can open beers (Twitter)
Forget that $40 iPhone case with a slide-out bottle opener--just use your iPad's power brick. Eat your heart out, MacGyver.
Samsung can challenge Apple's photo gallery patent before ruling on infringement
May 04, 2012, 8:41 AM — Samsung Electronics will be allowed to challenge the validity of an Apple patent before a decision is made on whether Samsung has infringed the patent, the Regional Court in Mannheim, Germany ruled Friday.
The judge decided on Friday to suspend a ruling on Apple's request for an injunction on sales of Samsung's Android products until Germany's Federal Patent Court decides on the validity of the patent in a separate action brought by Samsung.
The court in Mannheim had been set to rule on whether the photo gallery on Samsung's Android phones infringed on Apple's European Patent entitled "portable electronic device for photo management."
"The lawsuit about the patent has been suspended until the decision about the nullity suit, which Samsung has brought to the Bundespatentgericht," Mannheim Regional Court spokesman Joachim Bock said in an email.
Such a delay is unusual, because German patent courts generally allow patent holders to apply for injunctions before the Federal Patent Court has ruled on any challenges to a patent's validity. A compensation system exists should an injunction be granted based on a patent subsequently found invalid.
Judges can decide to wait for a validity verdict if they think the patent is invalid, said Ariane Mittenberger-Huber, spokeswoman for the Federal Patent Court. She could not say whether Samsung had already filed a nullity suit with the Federal Patent Court regarding the photo gallery patent, but there are some patent validity cases involving Apple and Samsung pending, she said.
There is no date set yet for oral proceedings to take place in any of those filed patent validity cases, and they are most likely to begin at the end of the year or the beginning of next year, Mittenberg-Huber added. Determining if a patent is valid typically takes longer than infringement hearings, she said.
If a German court allows an injunction based on a patent, companies can be forced to adjust their devices in such a way that they don't infringe anymore, or to stop selling them in Germany at all. In February for instance, Apple was forced to turn off its MobileMe and iCloud push email services for all German users to comply with an injunction granted to Motorola Mobility. Apple said at the time it believes Motorola's patent is invalid.
Companies often try to work around German injunctions. Apple was granted an injunction against Samsung's Galaxy Tab 10.1 last year by the Düsseldorf regional court that decided the design of the 10.1 is too close to an Apple registered design. This forced Samsung to alter the design of its tablet to circumvent a stop on tablet sales in one of Europe's biggest markets. The adjusted tablet for the German market is called the Galaxy Tab 10.1N and is allowed to be sold by the regional Düsseldorf court, that decided that the device was sufficiently altered. Apple however still pursues a ban on the 10.1N and is set to appeal the decision at the higher regional Düsseldorf court in June.
The court in Mannheim was also set to rule on Friday in another lawsuit in which Apple accuses Samsung of infringing on a utility model,a patent-like intellectual property right available under German law. Apple alleges that Samsung touch devices infringe on its utility model for "List Scrolling and Document Translation, Scaling, and Rotation on a Touch-Screen Display." The decision in this case was moved to May 11, Bock said.
Loek covers all things tech for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com
IT shops sifting RIM's bold promises and plans
May 04, 2012, 7:43 AM — Research in Motion executives and managers practiced staying "on message" at BlackBerry World this week, repeating a series of mantras about the company's directions and product plans. Yet the simple message is running into the hard practicalities of enterprise IT customers, and they want details and nuance.
Sometimes both were in short supply at RIM's annual customer conference in Orlando. RIM is in the midst of a life-or-death transition, moving to a new operating system, building support for it from application vendors and software developers, and crafting the next generation of smartphones and tablets due out later this year. RIM's creating plans and products at a rapid pace for both consumer and enterprise markets.
BLACKBERRY WORLD: RIM CEO vows to wow with BlackBerry 10
FIRST LOOK: BlackBerry 10 Dev Alpha Smartphone
But RIM's enterprise customers are incredibly diverse. Some are stable for even fast-growing BlackBerry shops. Some use the phones only for email and voice calls, others with only minimal app downloads. Nearly all of them are at different stages of struggling with how to deal with employees at all levels who bring non-BlackBerry devices to work and want to access email at least and sometimes more, often to the detriment of RIM. Surprisingly, few of those interviewed are closely following BlackBerry 10, the next generation mobile operating system highlighted at BlackBerry World.
Cereal company MOMbrands, until recently known as Malt-O-Meal, has about 500 BlackBerry users, but few of them seem really satisfied with their smartphones, according to a pair of technical support analysts at BlackBerry World. "Most of our users are not BlackBerry fans," says Tim Wood. "They want the iPhone."
Colleague David Aman says he walks through the company and often sees a user's BlackBerry lying on the desk, "and another [brand of] phone right next to it. It's silly." Some of the dissatisfaction is caused by a raft of small and not so small annoyances, ranging from podcasts being stopped when a call comes in and never resuming, to frustratingly poor battery performance.
Top executives now want iPads and iPhones, many of which are being informally "tested" by these senior managers who bring them to work and then want support. Aman says that IT is considering adopting a "bring your own device" regime as a way of simplifying mobile confusion and IT's responsibilities.
Yet at South African-based Sansol, a global chemicals manufacturer, the mobile policy bans personal devices in favor of corporate-issued BlackBerry smartphones. At Sansol North America, headquartered in Houston, systems administrator Tray Gonzalez has about 2,000 BlackBerry users in various regions, with 500 in the U.S. The number has been increasing and field sales staff are now testing a few BlackBerry PlayBook tablets.
"We haven't allowed BYOD, but so many people are requesting it, that we're looking into it," Gonzalez says. One concern is that a change in policy would lead to an unmanageable explosion of iOS and Android devices.
Gonzalez says he's impressed with RIM's recent release of the BlackBerry Device Service, an application for managing PlayBooks and all future BlackBerry 10 devices, and Universal Device Service, for managing iOS and Android devices, under the umbrella product name of BlackBerry Mobile Fusion. The classic BlackBerry Enterprise Server (BES) is needed for managing existing handsets running the traditional BlackBerry OS. A Web portal, called Mobile Fusion Studio, lets an administrator see the three separate device groups in a unified view.
Gonzalez plans to download the free, 60-day trial version of the Device Service and test it out. "I think it's great," he says.
