Saturday, June 27, 2009
Saturday, June 20, 2009
1. Increased speed: This is the reason, after all, it’s called the iPhone 3 G Speed. The RAM is now 256 MB, the MHz has been increased, and there is a new PowerVR SGX graphics chip. Loading times, processing speeds, and more are upgraded.
2. Three megapixel camera: The camera has been upgraded from 2 megapixels and has autofocus. Tap on an area of the screen to help focus.
3. Video recording: It took long enough, but the iPhone 3G S records video.
4. Video editing: To make up for the lack of video in the iPhone 3G, the new iPhone has some nifty video editing software. The software is demoed on the above clip from Late Night With Jimmy Fallon.
5. Voice recognition: You can talk to the phone and it’ll make phone calls and play music. This is more advanced than your standard “Call Jessica” functionality.
6. Nike+iPod: The Nike+iPod is a version of the iPod Nano that communicates with Nike shoes so you know how far and hard you ran. The new iPhone supports this too.
8. Increased battery life: It’s supposed to provide 12 hours of talk time, 30 hours of audio, and 10 hours of video. In reality, it seems to be a slight increase, but we’ll take it.
Friday, June 19, 2009
Monday, June 15, 2009
මේ සෙට් එකේ ඉන්නව දුටුගෑමුණු රජ්ජුරුවන්ගෙ දස මහා යෝධයින් ගෙ නමක් තියන රොම්පියෙක්. මේ කාලකන්නිය දුටුගෑමුණු රජ්ජුරුවන් වත් විකුනගෙන හරි තමන්ගෙ බිස්නස් එක කර ගන්න හදන්නෙ, මම ඔය කාල්කන්නි යට කියන්ව පුලුවන්න්නම් කොන්දක් තියන්වනම් බොරු නම් වලින් පෙනී ඉන් නෙතුව වරෙන් යකෝ රියල් නේම් එකෙන්.
Sunday, June 14, 2009
Saturday, June 13, 2009
Friday, June 12, 2009
The UAC flaw, a serious issue bubbling away underneath the surface of Microsoft’s next operating system, has been described as the “Pandora’s box of security vulnerabilities”. But what is it exactly? Where did it all start from, what is the vulnerability and where do we go from here? Hopefully this will explain it a bit better.
UAC, or User Account Controls, made its first appearance in Windows Vista as a precautionary measure to ensure the user doesn’t modify something which would change a setting which would effect the overall stability or usage of the computer. It also served as a preventative control to make sure programs and applications wouldn’t run without your express permission, or an application changing your settings without you being fully aware of it. This came in the form of an annoying popup box, I’m sure you won’t have any problem in remembering:
Standard users would be able to modify “user settings“, such as the wallpaper, screensavers, how things look on screen and suchlike. If standard users wanted to modify “global settings“, settings which affected the experience of other users such as screen resolution or installing applications, they would be prompted to do so by UAC. To enable standard users to modify global settings, they would need to be “elevated” to temporary administrator status to do this. Afterwards, the user would revert back to standard user status.
Turning UAC off in Vista had a bit of a trick behind it. It wasn’t a case of simply ticking a box, rather having to go through a hidden Windows utility and launching a command process; it wasn’t deemed necessary for an ordinary end-user to disable it.
However, through much complaining, hissy fits and multiple workarounds being circumvented across the web, Microsoft buckled and tamed down UAC in an effort to be less intrusive, less annoying but more secure.
Instead of taming the system, they’ve blown its bloody head off.
In Windows 7, the settings have changed for UAC, allowing the system to be more malleable and flexible for users. Certain applications which are digitally signed are fast-tracked through UAC by default to reduce the unnecessary user interaction. The vulnerability shows itself when this third-party application calls on malicious code “by proxy” through an existing Windows application, which never invokes the UAC prompt.
To put it simply, through application piggybacking, it allows malware to be automatically elevated to administrator user status which in turn allows it full, unrestricted access to the computer and global settings.
Long Zheng, Windows enthusiast, evangelist, student and campaigner of this flaw, spoke to me earlier today. He has written many times on this, along with his friend and colleague Rafael Rivera, who created a proof-of-concept behind this flaw. This video, available on Zheng’s website, details how the proof-of-concept works in a Windows 7 environment.
Thursday, June 11, 2009
Tuesday, June 9, 2009
Why using Ipv6?
IPv4 has only about 4.3 billion addresses available—in theory, and we know that we don’t even get to use all of those. There really are only about 250 million addresses that can be assigned to devices.
There are a lot of reports that give us all kinds of numbers, but all you really need to think about to convince yourself that I’m not just being an alarmist is the fact that there are about 6.5 billion people in the world today, and it’s estimated that just over 10 percent of that population is connected to the Internet, which means will run out of them, and it’s going to happen within a few years.
That statistic is basically screaming at us the ugly truth that based on IPv4’s capacity, every person can’t even have a computer—let alone all the other devices we use with them. I have more than one computer, and it’s pretty likely you do too. And I’m not even including in the mix phones, laptops, game consoles, fax machines, routers, switches, and a mother lode of other devices we use every day! So I think I’ve made it pretty clear that we’ve got to do something before we run out of addresses and lose the ability to connect with each other as we know it. And that “something” just happens to be implementing IPv6.
The problem of IPv4 address exhaustion was recognized in the early 1990s, when various experts made projections showing that if the increasing rate of the allotment of IPv4 addresses continued, the entire address space could be depleted in just a few short years. A newversion of IPknown in the development stage as IP Next Generation or IPng, and which is now IPv6was the proposed solution. But it was
recognized that developing the new standards would take time, and that a short-term solution to IPv4 address depletion also was needed.
That short-term solution was Network Address Translation (NAT), which allows multiple hosts to share one or a few public IP addresses. Behind the NAT device, private IP addresses are used.
NAT has been so successful in slowing IPv4 address depletion, and has become such a standard part of most networks, that to this day many still question the need for a new version of IP. But the widespread use of NAT has changed the open, transparent, peer-to-peer Internet into something much more like a huge collection of client-server networks. Users are seen as being connected around the "edge" of the Internet, and services flow out to them.
Although most of the IPv6 standards were completed years ago, it is only recently that serious interest in migrating from IPv4 to IPv6 has been shown. There are two fundamental drivers behind the growing recognition of the need for IPv6.
The first is widespread vision of new applications using core concepts such as mobile IP, service quality guarantees, end-to-end security, grid computing, and peer-to-peer networking. NAT stifles innovation in these areas, and the only way to get NAT out of the way is to make public IP addresses abundant and readily available.
The second fundamental driver for IPv6 is the rapid modernization of heavily populated countries such as India and China. A compelling statistic is that the number of remaining unallocated IPv4 addresses is almost the same as the population of China: about 1.3 billion.With its aggressive expansion of its Internet infrastructure, China alone in the near future will represent an unsupportable pressure on an
already strained IPv4 address pool. In India, with a population size close to China's, 4- and 5-layer NAT hierarchies exist just to support the present demands for IP addresses.
IPv6 replaces the 32-bit IPv4 address with a 128-bit address, making 340 trillion trillion trillion IP addresses available. That number will meet the demands for public IP addresses, and answer the needs of the two fundamental drivers discussed here, well into the foreseeable future.
Benefits using Ipv6?
IPv6 includes the following enhancements over IPv4:
■ Expanded address space—IPv6 uses 128-bit addresses instead of the 32-bit addresses in IPv4.
■ Globally unique IP addresses—The additional address spaces allow each node to have a
unique address and eliminate the need for NAT.
■ Fixed header length—The IPv6 header length is fixed 40 bytes, allowing vendors to improve
■ Improved option mechanism—IPv6 options are placed in separate optional headers (extension headers )that are located between the IPv6 header and the transport layer header. The option headers are not required.
■ Address autoconfiguration—This capability provides for dynamic assignment of IPv6
addresses. IPv6 hosts can automatically configure themselves, with or without a Dynamic
Host Configuration Protocol (DHCP) server (Plug & play).
■ Support for labeling traffic flows—Instead of the type-of-service field in IPv4, IPv6 enables
the labeling of packets belonging to a particular traffic class for which the sender requests
special handling. This support aids specialized traffic, such as real-time video& traffic flow. There are several advantages to differentiating flows, from providing a finer-grained differentiated class-of-service treatment to ensuring, when balancing traffic loads across multiple paths, that packets belonging to the same flow are always forwarded over the same path to prevent possible reordering of packets. As of this writing, however, the complete specification of how to use the flow label field is still being debated, and routers currently ignore the field.
■ Mobility and security: Mobility and security help ensure compliance with mobile IP and
IPsec standards functionality. Mobility enables people to move around in networks with
mobile network devices—with many having wireless connectivity.
The standard enables mobile devices to move without breaks in established
network connections. Because IPv4 does not automatically provide this kind of mobility,
you must add it with additional configurations. In IPv6, mobility is built in (any cast), which means that any IPv6 node can use it when necessary.
IPsec is mandatory in IPv6. IPsec is enabled on every IPv6 node and is available for use. The
availability of IPsec on all nodes makes the IPv6 Internet more secure. IPsec also requires
keys for each party, which implies a global key deployment and distribution.
■ Maximum transmission unit (MTU) path discovery—IPv6 eliminates the need to
fragment packets by implementing MTU path discovery before sending packets to a
destination, routers doesn’t need to do fragmentation any more.
■ Site multihoming—IPv6 allows multihoming of hosts and networks to have multiple IPv6
prefixes, which facilitates connection to multiple ISPs.
Monday, June 8, 2009
Sabotage may be a strong choice of word, but it immediately came to mind with the news of Microsoft’s latest .NET update.
The Microsoft .NET Framework 3.5 Service Pack 1, unleashed in February, forces an undisclosed Firefox extension on Windows users, called “Microsoft .NET Framework Assistant 10″, and it does so without asking the users permission.
To add insult to injury, the extension not only injects a serious security vulnerability into Firefox (also present in Internet Explorer), but it disables the uninstall button, meaning the only way to get rid of it, is to edit the Windows registry - a course of action not recommended for your usual non-tech-savvy user, as dabbling in the dark arts of registry editing can open you up to a slew of problems, and potentially kill Windows altogether.
A report by annoyances.org ominously states..
“This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for websites to easily and quietly install software on your PC. Since this design flaw is one of the reasons you may’ve originally choosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste.”
The official purpose of the add-on is to add ‘One-Click’ support and the ability to report installed .NET framework versions to the web server, but it also allows websites to install software on a users PC without their knowledge. This is a very serious security flaw that effectively turns Firefox into an open gateway for malware, much like Microsoft’s own web browser, Internet Explorer.
At best, one could call this stealth install a serious conflict of interest between competing browsers - at worst, it’s out-and-out sabotage, not only of a user’s PC, but of Firefox itself, which has gained a reputation for stability and security, much to the chagrin of Microsoft.
In forcing this add-on down the throats of faithful Firefox users, Microsoft have circumvented the more honest approach to installing Firefox extensions, via the offical Mozilla Add-ons page, betraying the trust of its users in the process.
Microsoft Internet Explorer currently enjoys a market share of 66% due only to it’s forced integration with the Windows operating system, but Firefox is rapidly gaining ground, currently at an estimated 22% and climbing. Being a competitor in the browser market, Microsoft have absolutely no business injecting stealth add-ons into Firefox, let alone blocking them from the uninstall process.
If you’ve been affected by this malicious update, you can follow the removal instructions provided by annoyances.org.