Monday, March 31, 2008

Vista Hack Up for Bidding

The winner of a recent hacking contest is offering the laptop he broke into on eBay, likely with the Vista attack code intact.

Laptop With Vista Attack Code Listed on eBay

The winner of a recent hacking contest is offering the computer he broke into for sale on eBay, possibly with the Microsoft Vista attack code he used intact.

In a Monday listing, Shane Macaulay is selling the Fujitsu U810 laptop he won last Friday during the CanSecWest PWN 2 OWN contest. His listing claims that exploit code could probably still be extracted from the machine. Although he make no guarantees, he wrote, "My successfull [sic] exploitation of Vista SP1 remotely, is most likely still present."

"This laptop is a good case study for any forensics group/company/individual that wants to prove how cool they are, and a live example, not canned of what a typical incident responce sitchiation [sic] would look like."

Starting bid? $0.01.

Macaulay, a researcher with the Security Objectives consultancy, claims that his Adobe Flash exploit will affect 90 percent of computers worldwide.

He was one of two hackers to claim laptops and cash prizes for penetrating systems during last week's contest. Organizers offered Vista, Mac OS, and Linux-based laptops for the taking, along with prizes that varied from $5,000 to $20,000, depending on the difficulty of the exploit. By Friday, however, only the Linux laptop remained unbreached.

Although he listed his laptop just hours before April 1, a date that is usually met with widespread Internet pranking, Macaulay said the listing is no joke. According to him, he's simply looking to see what an unpatched exploit might fetch in the open market."I figure this is a good way to see... [what] an exploit for something that only a limited amount of people know about, is worth," he said in an e-mail interview.

"The system was delivered to me as my prize. I'm free to use it as I see fit," he added.

One hacker who knows Macaulay said that the April 1 listing is "a bit coincidental," but that he may not be worried about forfeiting the $5,000 in prize money TippingPoint paid him for his hack. "He makes good money," said Marc Maiffret, an independent security researcher, in an instant message interview. "It's all just funny to him."

If he's not playing an April Fool's joke, Macaulay may be running afoul of both the PWN 2 OWN contest rules, which prohibit disclosure of bug information prior to a patch. He may also be violating eBay's user agreement, which say that users may not "distribute viruses or any other technologies that may harm eBay, or the interests or property of eBay users."

Macaulay had some funny answers when asked about these issues.

On the eBay terms of service problem, he said that he knew "some highups," at the company and was "confident, when I speak with eBay they will grant me a waiver."

And does TippingPoint know about what he's doing? "I believe at some level," he answered. "I'm sure things might change as the word percolates to the executives. Maybe I shouldn't have sold the [TippingPoint] bag with the laptop!!"

Saturday, March 29, 2008

Wii Leading in Japan's Game Market

Console sales grow 13.4 percent in 2007, led by the cheaper Wii, says a new report.

Wii Leads Jump in Japan's Game Market

The console game market in Japan grew 13.4 percent in 2007 thanks largely to the popularity of Nintendo's Wii, according to a report due to be published on Friday.

The entire game console market was worth ¥685 billion (US$6.9 billion) in 2007, with the hardware and software markets about evenly matched. In the previous year the software side of the market had led the industry but the sector was rebalanced last year due to the availability of the Wii and Sony's PlayStation 3, said Media Create in its annual "Game Market White Paper."

The PlayStation 3 launched on Nov. 11, 2006, and the Wii hit store shelves in Japan on Dec. 2, 2006, but early popularity of the consoles meant that many sales were delayed until 2007. Price cuts for the PlayStation 3, which was criticized early on for being too expensive, also helped boost sales later in 2007.

Total hardware sales rose 31 percent to $3.48 billion and software sales were virtually unchanged at $3.39 billion, according to the report. The estimates are based on point-of-sales system data gathered by Media Create from hundreds of retailers in Japan.

"Sales of Wii software rose strongly but those for the PlayStation 2 fell so they offset each other," said Kenichi Chiba, an analyst at the Tokyo company.

The Wii has been credited with revitalizing Japan's console game market and expanding the gaming population -- the number of people who regularly play video games. Its innovative wireless and motion sensitive controller and a low price have been key to attracting many people who might otherwise not have bought a game console. The Wii currently sells in Japan for $250, versus $400 for the PlayStation 3.

Sales of the console totaled 1.1 million in the few weeks of 2006 during which it was on sale, and 3.9 million during 2007 to take total Japan sales to 5 million units by the end of the year, Nintendo said.

The Wii remains popular. In the week from March 10 to 16 the Wii was the number two-selling games device in Japan with sales of 55,845 units, according to Media Create. In first place was Nintendo's handheld DS with sales of 57,651 units.

Friday, March 28, 2008

YouTube Video Usage Analytics

YouTube account holders now have the ability to check usage statistics for the videos they upload.

YouTube Rolls Out Usage Analytics

YouTube account holders will now be able to access usage statistics for the videos they upload, such as where viewers are geographically located and how they found the clips.

The feature, called YouTube Insight, had been in high demand from partners that use the video-sharing site to market their products and services and, as such, want detailed metrics to determine the efficacy of their YouTube campaigns.

The announcement, made early Thursday, wasn't a complete surprise. Earlier this month, YouTube sales team manager Brian Cusack said that the Google unit was planning to provide its members with more data about video viewership.

"YouTube has enormous amounts of data, but not great reporting on that data yet," Cusack said during a keynote speech at the eRetailer Summit in Miami.

Now, marketers will have a better understanding of clips' reach and effectiveness at boosting brand awareness and sales, according to YouTube.

"With YouTube Insight, we've turned YouTube into one of the world's largest focus groups. Insight will help advertisers optimize their marketing efforts, determine how successful they were, and discover previously unknown marketing opportunities," an official YouTube blog posting reads.

The metrics will also give a better understanding of clips' popularity and viewership to people who upload videos for fun without commercial or marketing purposes.

YouTube Insight doesn't collect or display personally identifiable information on viewers, but rather provides uploaders with aggregated data on viewers' geographic location and on the time and day when clips were viewed, a Google spokesman said via e-mail. Google will "soon" turn a feature to let uploaders discover how viewers found a clip, such as via a Google search, browsing YouTube's "related videos" suggestions or clicking on an e-mail or Web site link, he said.

Thursday, March 27, 2008

Firefox Should Ship in June

Also confirms that it will release the final beta of Firefox 3.0 shortly.

Mozilla Expects to Release Firefox 3.0 Final in June

Mozilla Corp. Thursday confirmed that it will release the final beta of Firefox 3.0 shortly, and that it expects to deliver the finished browser to users in June.

Firefox 3.0 Beta 5 has been code-frozen, said Mike Schroepfer, Mozilla's vice president of engineering, and is working its way toward release. "That will be the last beta for Firefox 3.0," he said. Once Beta 5 is out of the way, developers will move to the Release Candidate (RC) stage.
Release Candidate 1 (RC1) should be ready sometime in early May, said Schroepfer, assuming Mozilla meets its current schedule. "The release candidates will move a little slower than beta," he continued, noting that the company must make allowances for public feedback.

Mozilla typically tries to dissuade most users from trying betas, calling them fit only for developers and testing, but in the past has encouraged the public to try out its RC builds.

Although plans are flexible, Schroepfer said he expects version 3.0 to hold true to past Firefox form and cycle through three release candidates before Mozilla signs off on the code. The RC period is also useful to extension developers, he said, many of whom wait until the code is at that stage before tweaking their add-ons.

If all goes according to plan, Firefox 3.0 will wrap up and ship in June.

Mozilla released Firefox 3.0 Beta 4 about two and a half weeks ago. According to its online schedule, Beta 5 will probably hit the company's download servers sometime early next week.

The open-source Firefox currently accounts for about 17.3% of the browser market, according to Net Applications Inc.'s most recent data. Microsoft Corp.'s Internet Explorer rules the roost with 74.9%, while Apple Inc.'s Safari holds down third place with 5.7%.

Wednesday, March 26, 2008

Mac Gets Hacked

A MacBook Air goes down first at the CanSecWest security conference's hacking contest.

Gone in 2 Minutes: Mac Gets Hacked First in Contest

It may be the quickest $10,000 Charlie Miller ever earned.

He took the first of three laptop computers -- and a $10,000 cash prize -- Thursday after breaking into a MacBook Air at the CanSecWest security conference's PWN 2 OWN hacking contest.

Show organizers offered a Sony Vaio, Fujitsu U810 and the MacBook as prizes, saying that they could be won by anybody at the show who could find a way to hack into each of them and read the contents of a file on the system, using a previously undisclosed "0day" attack.

Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but on Thursday the rules were relaxed so that attackers could direct contest organizers using the computers to do things like visit Web sites or open e-mail messages.

Miller, best known as one of the researchers who first hacked Apple's iPhone last year, didn't take much time. Within 2 minutes, he directed the contest's organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on.

He was the first contestant to attempt an attack on any of the systems.

Miller was quickly given a nondisclosure agreement to sign and he's not allowed to discuss particulars of his bug until the contest's sponsor, TippingPoint, can notify the vendor.

Contest rules state that Miller could only take advantage of software that was preinstalled on the Mac, so the flaw he exploited must have been accessible, or possibly inside, Apple's Safari browser.

Last year's contest winner, Dino Dai Zovi, exploited a vulnerability in QuickTime to take home the prize.

Dai Zovi, who congratulated Miller after his hack, didn't participate in this year's contest, saying it was time for someone else to win.

Thursday, March 13, 2008

Windows 7 For Review

The next-generation version of Windows (code name Windows 7) will face an antitrust review by U.S. regulators.

Microsoft Submits Windows 7 for U.S. Antitrust Review

Microsoft has submitted the follow-up to Windows Vista to the committee that oversees its U.S. antitrust compliance, to ensure the operating system is meeting the terms of the company's agreement with the government.

According to last week's status report on the U.S. antitrust case, Microsoft "recently supplied" the Technical Committee (TC) with a build of the OS, code-named Windows 7, and the TC will "conduct middleware-related tests on future builds" of the software. The move was revealed in papers filed in the U.S. District Court for the District of Columbia.

The filing was part of regular status reports aimed at tracking Microsoft's compliance with the 2002 antitrust settlement, which requires the company to ensure its own applications do not have an unfair advantage over competitive software that runs on Windows. The agreement also requires Microsoft to make sure its software can work well with third-party applications. Lack of compliance with a 2004 antitrust agreement in the European Union has cost Microsoft nearly US$2.6 billion to date; the E.U.'s most recent fine against the company last month was $1.3 billion.

Those on the TC so far are the only ones privy to what the follow-up to Vista will look like. Microsoft is mum on details of the software. But recent company moves and revelations hint at what can be expected from the software, which is due for release in late 2009 or early 2010.
At the MIX 08 conference in Las Vegas last week, Microsoft revealed Internet Explorer 8 (IE8) -- technology that likely will be a part of Windows 7, though Microsoft has not linked the two products yet.

Microsoft demonstrated IE 8, showing mainly developer improvements, but also some new end-user features such as one called "Activities." Activities allows users to highlight any word or phrase on a Web site and then choose from a drop-down box list of further actions they can take around that information, such as doing a Live Search or searching MSNBC for more information.

Aside from IE 8, little on the record is known about Windows 7, and the word from Microsoft is that it will talk about the OS when it's good and ready. Analyst warn against expecting Windows 7 to be a blockbuster release, given the fallout Microsoft is still dealing with from delivering a late and, to many, disappointing Windows Vista.

Recent court papers in a class-action suit over Microsoft's "Vista Capable" sticker program revealed that even Microsoft executives such as Steven Sinofsky, the senior vice president of Windows and Windows Live Engineering Group, were having driver- and application-compatibility problems with Vista after its release. In those papers, revealed in e-mails made public in what has become a class-action suit in a Seattle U.S. District Court, executives made statements to the effect that they won't let the delays and myriad problems associated with Vista happen again.

Mike Cherry, an analyst with research group Directions on Microsoft, said that for Windows 7, Microsoft will likely keep the bells and whistles to a minimum so they can deliver "something reasonable they can complete by a reasonable date ... Their goal will be to try to put Vista behind them," he said.

Because of its compatibility problems and hardware requirements, Microsoft is still struggling to inspire businesses to move from XP to Vista. Some business users have even suggested that companies may skip Vista altogether and hold on to Windows XP for a little longer so they can migrate from that to Windows 7.

On the consumer side, Microsoft already had to extend the length of time it would allow OEMs (original equipment manufacturers) and retail outlets to sell XP-based PCs by five months. The deadline for retailers and OEMs is now June 30, but that may be extended, as chip maker Intel expects low-cost desktops and notebooks running its Atom processors to hit the market in the third quarter. Given Vista's hardware requirements, those computers presumably will run XP, though Microsoft maintains it is committed to the June deadline to take the OS off the market.

To remedy these problems, Cherry suggested that Microsoft might serve itself well by making Windows 7 a stable release for business users by using the same code base as the recently released Windows Server 2008. He said Microsoft's mistake with Vista was to try to serve consumers and business customers with a flashy release that added a host of multimedia functionality instead of taking into consideration practical concerns that would affect performance and compatibility.

"It would seem to me that what we really need [is] for a business edition to be built off of that server code, so it would look much less fancy than Vista, much more austere with not a lot of wasted functionality," he said.

Saturday, March 8, 2008

Windows Hacked by Firewire

Security researcher describes how an intruder on site can break into a Windows system using a Firewire port.

Windows Hacked in Seconds via Firewire

A New Zealand security researcher has published a software tool allowing attackers to quickly gain access to Windows systems via a Firewire port.

The tool, which can only be used by attackers with physical access to a system, comes shortly after the publication of research on gaining access to encrypted hard drives via physical access to memory.

Researcher Adam Boileau, a consultant with Immunity, originally demonstrated the access tool at a security conference in 2006, but decided not to release the code any further at the time. Two years later, however, nothing has been done toward fixing the problem, so he decided to go public.

"Yes, this means you can completely own any box whose Firewire port you can plug into in seconds," said Boileau in a recent blog entry.

An attacker must connect to the machine with a Linux system and a Firewire cable to run the tool.

The tool, called Winlockpwn, allows users to bypass Windows authorization, was originally demonstrated at Ruxcon in 2006 at a talk called "Hit By A Bus: Physical Access Attacks With Firewire".

At the time, Boileau also demonstrated some of the malicious uses of the tool, but said he wouldn't be releasing the code for those attacks.

The attack takes advantage of the fact that Firewire can directly read and write to a system's memory, adding extra speed to data transfer. According to Boileau, because this capability is built into Firewire, Microsoft doesn't consider the problem a standard bug.

On the other hand, Boileau said he feels PC users need to be more aware of the fact that their systems can be unlocked via Firewire.

"Yes, it's a feature, not a bug," Boileau stated. "Microsoft knows this. The OHCI-1394 spec knows this. People with Firewire ports generally don't."

Microsoft was not immediately available for comment. In the past the company has downplayed security problems that require physical access.

Firewire has become common on Windows systems in the past few years, and is especially prevalent on laptops.

Researcher Maximillian Dornseif demonstrated a similar exploit on Linux and Mac OS X systems at the CanSec conference in 2005, connecting to those systems via a malicious iPod and Firewire.

According to security researchers, the problem can be remedied by disabling Firewire when not in use.


Wednesday, March 5, 2008

Heads up on IE8 Beta 1

Microsoft today unveiled Internet Explorer 8 (IE8) and welcomed users, as well as developers, to download and install the preview.

Microsoft Unveils IE8 Beta 1

Gregg Keizer, Computerworld

Microsoft Corp. today unveiled Internet Explorer 8, and posted links to what the company called "Beta 1 for developers." Anyone, however, can download and install the preview. (As did PC World's Melissa Perenson and Editor in Chief Harry McCracken.)

"I am pleased to announce that Beta 1 for developers is available now," said Dean Hachamovitch, the IE group's general manager, in a presentation from MIX08, a Microsoft Web development conference that opened today in Las Vegas, Nev.

According to the download page published early today, IE8 Beta 1 will be available in separate versions for Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008.

Although Hachamovitch pegged Beta 1 as fit for developers, there's nothing to stop the general public from downloading and installing the browser. "This beta release is available to everyone," Microsoft's download notes read, "but is primarily for Web developers and designers to test the new tools, layout engine, and programming enhancements."

Among the new features Microsoft touted in other sections of the sub-site dubbed "Internet Explorer 8 Readiness Toolkit," were tools called "WebSlices" and "Activities." The former somewhat resembles the "Web Clip" feature introduced in Apple Inc.'s Safari Mac OS X 10.5 "Leopard;" the latter appears to be a small-scale mash-up tool. Both will be developer-, not user-created.

WebSlices (IE8) and Web Clip (Safari) let users designate content within a page -- dynamically-updated stock prices, for example, -- and then monitor changes to that content. But while Safari's Web Clip lets users create desktop widgets for easier access, IE8's WebSlices only allows users to add them to the Favorites bar or to a new row below the browser's address bar. In other words, IE8 users must still click to see the content after they're notified that changes have occurred.

Activities, meanwhile, are pre-designed mash-ups that Microsoft and third-party sites and services will offer free of charge. A dedicated Activities page currently lists a dozen samples, ranging from one that helps users find and preview items on the eBay auction site to another that maps addresses on Windows Live Maps.

"Activities are how developers can integrate the content of their sites with the Web," said Hachamovitch.

Other enhancements and additions to IE8 include a revamped Favorites bar, automatic crash recovery and an improved anti-phishing filter. By comparison, Mozilla Corp.'s Firefox and Apple's Safari both currently offer crash of one sort or another, while Firefox also sports anti-phishing protection.

Earlier this week, Microsoft's IE development team announced that IE8 would support a new "super standards" mode by default , rather than optionally, to stress Web standards over backward compatibility.

"The Web gets better when developers spend less time on interoperability [problems] and more time on innovating," said Hachamovitch. "Long term, this is the right thing to do for the Web."

Although Hachamovitch pegged Beta 1 as fit for developers -- "Please try it out," he urged the MIX08 audience at the end of his presentation -- anyone can grab it. The client-side 32-bit downloads weigh in at 14.4MB for the Windows XP version, and 11MB for the Windows Vista edition.

"We're only part way done with IE8," said Hachamovitch. "But you can see where we're focused."