Adobe Patches Security Holes in Flash

Adobe has released a security update for Flash Player in order to address several critical vulnerabilities, including one that is being exploited in the wild.

The Flash Player 10.3.183.10 for Windows, Mac and Linux, and Flash Player 10.3.186.7 for Android, contain patches for six security flaws.

One of them is a cross-site scripting (XSS) weakness that can be exploited to execute rogue actions on behalf of web sites or webmail providers if victims click on maliciously-crafted links.

“There are reports that this issue is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message,” Adobe warns in its security advisory.

XSS vulnerabilities are the result of improper user input validation and allow attackers to execute rogue code in the context of the current web site. For example, they can be leveraged to extract session cookies or load rogue forms into legitimate pages, which makes for very credible phishing attacks.

Adobe credits Google for reporting this cross-site scripting vulnerability, which is identified as CVE-2011-2444. This means it might have been detected in attacks against Gmail users.

Two other patched vulnerabilities allow for arbitrary code execution and are located in the AVM stack. One of them can also lead to a denial of service condition. Two remote code execution logic errors and a Flash Player security control bypass have also been addressed.

Users should deploy the new update as soon as possible because browser plug-ins like Java, Adobe Reader or Flash Player are amongst the most attacked pieces of software one can have on a computer. However, unlike Adobe Reader X (10.0) which features sandboxing technology, Flash Player doesn’t have any anti-exploitation mechanism built-in.

Read More……

Flash Player 11 Launched With 3D Gaming

Adobe Systems announced Flash Player 11 and Adobe Air 3 software Wednesday to assist developers in building more sophisticated applications with dozens of new features across smartphones and tablets as well as desktop computers.

The releases are Adobe’s biggest in two years, and will be available free of charge in early October, said Anup Murarka, Adobe’s director of product marketing. The related tools, Flash Builder and Flex, will support new features in Flash Player 11 and Adobe Air 3 by the end of the year.

The releases will enable delivery of 2D and 3D games over the Internet to various devices, Murarka said. Developers of enterprise applications will also find the 3D capabilities popular for data-centric apps. Enterprises, for example, will be able to build application dashboards to “visualize complex data sets” with 3D images, he said.

Developers will also be able to use the tools to more deeply integrate business software like Excel and Outlook in devices and to access hardware programming interfaces for functions such as Near-Field Communication being used more widely in smartphones, Murarka said.

The new versions will also help developers build more secure applications with the ability to leverage cryptographically secure random number generation, he said.

Read More…..

Is HP Going To Court?

HP and its top executives have been accused of misleading investors before a slump in its stock price.

HP is facing a class action lawsuit filed by Robbins Geller Rudman and Down alleging that CEO Leo Apotheker and CFO Cathie Lesjak misled investors before making announcements that included the possible spin-off of its PC business, dumping WebOS devices and the purchase of British software outfit Autonomy.

Those announcements, all made in one afternoon, led to a 20 per cent drop in HP’s share price the following day. That, according to Reuters, was the largest one day decline in HP’s share price since 1987.

The lawsuit against HP does not specify damages but it serves to highlight the growing concern at the way Apotheker is leading HP. The firm’s announcement that it was considering leaving the PC business was a shock to many, but its decision to dump its WebOS devices was perhaps the biggest shock of the lot.

While HP’s PC business was always seen as a low margin operation, WebOS was viewed as a core part of HP’s future strategy. The firm kept banging on about slipping WebOS into as many devices as possible, however all that talk evaporated, just like HP’s Touchpads when it sold them off at fire sale prices for a massive loss.

Read More Here…..

Should HP Reconsider The TouchPad?

Hewlett-Packard Co (HP) should re-think its decision to dump its TouchPad tablet since the device could double the value of the PC division HP plans to spin off, technology research firm Canalys said in a statement to clients.

HP stunned markets in August by saying it may shed its PC business — the world’s largest after the $25 billion acquisition of Compaq in 2002 — while at the same time killing webOS-based phones and the TouchPad tablet which was launched only six weeks earlier.

HP slashed the price of its tablet to $99 the weekend after announcing the TouchPad’s demise, igniting an online frenzy and prompting long lines to form at retailers as bargain-hunters chased down a gadget that had thus far failed to excite consumers.

“The TouchPad was overpriced at launch and did not sell. This led HP to draw a premature conclusion that the product category had failed,” Canalys analysts said in a research note.

Canalys said the price cut had helped make TouchPad the hottest brand in HP’s entire portfolio, gathering more interest than anything from HP in more than 10 years.

“The TouchPad has become the ‘must-have’ technology product of 2011. Perhaps no other technology vendor, apart from Apple, has ever created such hype for a technology product,” the research note said.

Read More…

Intel Previews Android Tablet On Atom Chip

For the first time on Tuesday, Intel unveiled working prototypes of tablets computers with Google’s Android OS and the chip maker’s upcoming Atom low-power chip, code-named Medfield.

The tablet was about 8.9 millimeters (0.3 inches) thick and had a 10.1-inch screen, and was on display during a briefing at the Intel Developer Forum being held in San Francisco. The tablets ran on Android 3.0, code-named Honeycomb, and alpha software developed jointly by Google and Intel.

Earlier on Tuesday, Intel and Google announced they would ally on developing future releases of Android for smartphones and tablets. Intel CEO Paul Otellini showed off a Medfield smartphone running on Android 2.3, code-named Gingerbread.

The Medfield tablet is a reference design for device makers who want to launch tablets, said Steve Smith, vice president at Intel. Smith didn’t say when Medfield tablets would be released, but said Intel is currently optimizing the chips for tablets to balance power and performance.

Intel is banking on Medfield tablets to prove it is improving on power consumption with its tablet and smartphone chips.

Intel already offers tablet chips code-named Oak Trail and Moorestown, which haven’t been successful. Only a few companies such as Cisco and Fujitsu have adopted the chips for business tablets.

Read More….

Microsoft: Stolen SSL Certs No Good

Microsoft has officially stated that a digital certificate stolen from a Dutch company could not be used to force-feed customers malware through its Windows Update service.

The company’s assertion came after a massive theft of more than 500 SSL (secure socket layer) certificates, including several that could be used to impersonate Microsoft’s update services, was revealed by Dutch authorities and several other affected developers.

“Attackers are not able to leverage a fraudulent Windows Update certificate to install malware via the Windows Update servers,” said Jonathan Ness, an engineer with the Microsoft Security Response Center (MSRC), in a Sunday blog post. “The Windows Update client will only install binary payloads signed by the actual Microsoft root certificate, which is issued
and secured by Microsoft.”

Seven of the 531 certificates now known to have been fraudulently obtained by hackers in July were for the domains update.microsoft.com and windowsupdate.com, while another six were for *.microsoft.com.

Read More…..

Analysts Expect Flood of Cheap Tablets This Fall

Analysts are predicting that a whole slew of $200 to $300 tablet computers will hit the market this fall, prompting the essential question: Which device will come out on top?

Several analysts are betting on Amazon.com to be at the top of the pile with an expected $299 Android-based tablet introduced sometime in October. The reason it will do
well is only partly because of the low price, which is below the market-leading iPad 2, starting at $499.

But analysts also expect Amazon to offer content for its 9-in. tablet thats comparable to or even exceeds the content that Apple can offer for the iPad. Amazon will make money on the content it sells, which is expected to more than make up for any loss it incurs in selling the tablet at a price below the cost of making it.

“Amazon has an ecosystem like Apple, with its own app store that offers music, movies and videos, and a bookstore,” said Bob O’Donnell, an analyst at IDC. “Not only would you get a cheaper device [than the iPad], you would get the integrated Amazon experience. That’s what makes Amazon’s tablet the most interesting and where other [Android] tablets will be challenged.”

In effect, Amazon’s approach will be to entice buyers with a much lower price, “but have all the services of Apple,” O’Donnell said.

Other Android tablets with which Amazon would likely compete include a $199 Lenovo IdeaPad A1 tablet announced Thursday, the cheapest 7-in. Android tablet from a top device maker. Another contender is the original Samsung Galaxy Tab, which is being sold on Amazon for $279.99, after having first appeared late in 2010 for $600.

Read More….

Will HP Temporarily Resurrects The TouchPad?

Hewlett Packard Co plans to produce “one last run” of TouchPads, days after declaring it will discontinue a line of tablets that failed to challenge Apple Inc’s domination of the booming market.

A day after the chief of HP’s personal devices division told Reuters the TouchPad might get a second lease on life, HP announced a temporary about-face on the gadget after being “pleasantly surprised” by the outsized demand generated by a weekend fire-sale.

HP slashed the price of its tablet to $99 from $399 and $499 the weekend after announcing the TouchPad’s demise on August 18, part of a raft of decisions intended to move HP away from the consumer and focus on enterprise clientele.

That ignited an online frenzy and long lines at retailers as bargain-hunters chased down a gadget that had been on store shelves just six weeks.

“The speed at which it disappeared from inventory has been stunning,” the company said. “We have decided to produce one last run of TouchPads to meet unfulfilled demand.”

HP may lose money on every TouchPad in its final production run. According to IHS iSuppli’s preliminary estimates, the 32GB version carries a bill of materials of $318.

“We don’t know exactly when these units will be available or how many we’ll get, and we can’t promise we’ll have enough for everyone. We do know that it will be at least a few weeks before you can purchase,” HP said in a blogpost.

Read More….

Was Apple’s Victory, Really A Victory?

As we heard this week Apple had won an injunction barring Samsung from selling some of its Galaxy smartphones in Europe.

However, it is likely that an update from Android 2.x to Android 3.0 will resolve the patent issue, which concerns the way photos are viewed on a touchscreen.

According to OS news, only the Gallery application infringes the patent in question, and Samsung has confirmed it will update the software to get around the problem.

“The injunction has been granted due to the method of scrolling in the Gallery. If that’s replaced, there is no more reason to uphold the injunction,” said Bas Berghuis van Woortman, one of Samsung’s lawyers.

The injunction doesn’t come into effect until mid-October, giving the Korean phone maker plenty of time to change the software. OS news points to evidence showing that although Apple entered into battle with three patents and a community design, all but the Gallery patent were thrown out by the judge.

The swipe-to-unlock patent will likely be declared invalid, the judge wrote, specifically referring to the Neonode N1m mobile phone as prior art, which has the exact same unlock method as the Iphone.

Apple’s complaint about the design of Galaxy smartphones was also thrown out, with the judge citing numerous cases of prior art, including the LG Prada. And in the case of the Android GUI patent, the judge cited the Nokia 7710 as prior art.

Although Samsung’s PR firm in the UK hadn’t heard anything about an Android update, Samsung said that it expects only the Netherlands to be affected by the ruling. It said, “[The] ruling is an affirmation that the GALAXY range of products is innovative and distinctive. With regard to the single infringement cited in the ruling, we will take all possible measures including legal action to ensure that there is no disruption in the availability of our GALAXY smartphones to Dutch consumers.

“This ruling is not expected to affect sales in other European markets. We will continue our plans to introduce new products and technologies that meet and exceed consumer expectations. And we will defend our intellectual property rights through the ongoing legal proceedings around the world.”

Read More…..

AES Encryption Cracked

CRYPTOGRAPHY RESEARCHERS have identified a weakness in the Advanced Encryption Standard (AES) security algorithm that can crack secret keys faster than before.

The crack is the work of a trio of researchers at universities and Microsoft, and involved a lot of cryptanalysis – which is somewhat reassuring – and still does not present much of a real security threat.

Andrey Bogdanov, from K.U.Leuven (Katholieke Universiteit Leuven), Dmitry Khovratovich, who is full time at Microsoft Research, and Christian Rechberger at ENS Paris were the researchers.

Although there have been other attacks on the key based AES security system none have really come close, according to the researchers. But this new attack does and can be used against all versions of AES.

This is not to say that anyone is in immediate danger and, according to Bogdanov, although it is four times easier to carry out it is still something of an involved procedure.

Recovering a key is no five minute job and despite being four times easier than other methods the number of steps required to crack AES-128 is an 8 followed by 37 zeroes.

“To put this into perspective: on a trillion machines, that each could test a billion keys per second, it would take more than two billion years to recover an AES-128 key,” the Leuven University researcher added. “Because of these huge complexities, the attack has no practical implications on the security of user data.” Andrey Bogdanov told The INQUIRER that a “practical” AES crack is still far off but added that the work uncovered more about the standard than was known before.

“Indeed, we are even not close to a practical break of AES at the moment. However, our results do shed some light into the internal structure of AES and indicate where some limits of the AES design are,” he said.

He added that the advance is still significant, and is a notable progression over other work in the area.

“The result is the first theoretical break of the Advanced Encryption Standard – the de facto worldwide encryption standard,” he explained. “Cryptologists have been working hard on this challenge but with only limited progress so far: 7 out of 10 for AES-128 as well as 8 out of 12 for AES-192 and 8 out of 14 rounds for AES-256 were previously attacked. So our attack is the first result on the full AES algorithm.”

Read More…

« Previous Page — Next Page »