Symantec warns of new exploit with Flash technology

Yesterday, Symantec warned of a security exploit that can crash Nintendo's Wii gaming console. The problem concerns the use of Flash files on the game console. Adobe patched the Flash flaw on July 12, but the Opera browser used by the Wii is still vulnerable and can cause severe problems. Liam O'Murchu of Symantec's Security Response team said "the most interesting thing is that it is a cross-platform vulnerability."

O'Murchu added that "due to the fact that Flash can run in different browsers and on different platforms, the discovery of this single security vulnerability could leave all Flash-enabled operating systems and devices open to the attack, including some advanced smartphones."


"The vulnerability has already been tested on Windows, Apple Mac OSX, and some Linux distributions, but many other devices that are Flash-enabled could also be affected by the problem as well," said O'Murchu.

The malware to exploit the flaw in a Windows environment has been posted on a popular exploit web site and makes use of specially crafted .FLV Flash files.

Such files can be uploaded to popular video sharing sites and the Symantec team has warned such sites to begin scanning for corrupted files.

As a matter of fact, a video of the security flaw in action has been posted on the YouTube site.

PlayStation 3 sales boost in US

Sales of Sony's PlayStation 3 (PS3) console in the US rose by 21% in June, analyst figures show, but the machine still trails the Wii and Xbox 360.
Tracking firm NPD Group reported that 98,500 PS3s were sold, compared to 198,400 Xbox 360s (up 28%) and 381,800 Wiis (up 13%).

Sony said that the $100 (£50) price cut to the 60GB PS3 led to a 135% sales rise over the last two weeks.

Independent figures for sales of the cheaper PS3 are not yet available.
"This jump in sales bodes very well for us heading into the fall as we launch an impressive arsenal of hardware and software," Jack Tretton, head of Sony Computer Entertainment America, said in a statement.

Leading firms
Nintendo's DS handheld sold 561,900 units , while Sony's PSP, which has been boosted by an April price cut, sold 230,100 units, NPD reported.
Software sales in the US are 31% higher than the same time last year, the market research showed, buoyed by new consoles from all three firms.
Last month's sales topped $1.1bn (£550m), the data revealed.
"The industry continues to realise substantial gains, month after month, and on all fronts it's great growth," NPD analyst Anita Frazier told Reuters news agency.
Nintendo said the sales showed that the firm was reaching a new gaming audience.
"We are delivering on our message of reaching out to new gamers," said Nintendo spokeswoman Beth Llewellyn.

Latest unpopular Facebook move is apparently a glitch

If anyone's added you as a friend on Facebook recently, you may notice something different: previously, upon confirming a friend request, you were redirected to a separate page that asked you to check a few boxes and fill out a text field or two describing your relationship with the person in question. The options range from "Went to school together" to "In my family" to "We hooked up." The Facebook member on the other end of the "relationship" must then confirm the detail before it becomes visible to anyone who's sifting through either of their friends lists. Kind of cute, especially when you fill it out with something funny that isn't true ("They were members of Wu-Tang Clan from 1895 to 1901"), but many Facebook users have typically skipped it altogether, seeing it as a bit unnecessary or annoying. A button called "Skip This Step" provided an easy way out of it.

But that's changed. Now, the "How do you know this person?" prompt is in the form of an Ajax pop-up box, not a separate page, but something else is different. You now no longer have the ability to skip the step where you describe the relationship you have with your new Facebook friend, making friend adds with ex-boyfriends and girlfriends, former high school enemies, and Craigslist Missed Connection hook-ups potentially very awkward. It's unclear as to exactly when this change came about, but it appears to have happened this weekend.






Facebook's 'Request Confirmation' option, now with no way out





(Aside: I noticed this when another blogger added me as a friend on Facebook. After racking my brains over exactly what kind of relationship connection to use, I finally chose "From an organization or team" and typed in "The blogosphere." Sorry for using that overexposed term.)

Facebook users--judging by blog posts and Twitter updates--don't appear to be happy. And the last time Facebook users got really ticked over an update to the site that they perceived as a step down in privacy and control functionality (remember the early days of the News Feed?) things got a little ugly. The "Skip This Step" issue has shown early signs of also becoming a headache for the company: social-networking blog Mashable even tossed up a makeshift "petition" to bring back the "Skip This Step" option.

But according to a new high-profile Facebook employee, it's a glitch. A comment on the Mashable post Sunday night from Blake Ross, co-founder of recent Facebook acquisition Parakey, explained, "This is a bug that will be fixed soon. Trust me, we find this as annoying as you do," Ross wrote. (Thanks to Eric Skiff for pointing this out.)

We've e-mailed Facebook for confirmation and will keep you posted when we hear back.

So, ultimately it looks like we can learn an interesting tidbit from this whole mini-debacle: if the Parakey co-founder is chipping in on something pertaining to friend request confirmation, that could be a cool peek into what's to come from Facebook's new buy. Parakey, as you may know already, specializes in bridging the gap between offline desktop applications and Web services. Total speculation here (and I'm not a code guru by any means), but perhaps some kind of desktop-accessible alert system is in the works?

Wii Blaster Zeroes In On Wii Zapper

Just after Nintendo took the wraps off its Star-Trek-themed Wii Zapper gun appendage for the Wii console, another firm has nipped in early with its own offering.

Owing more to the Wild West choice of weapon, this long-barrelled add-on is the Wii Blaster and it does look sweet indeed. With a price $16.58 [£8+] is also a few quid cheaper than the forthcoming Zapper. According to the marketing info you get:

Comfortable single banded trigger grip or combines with dual handed barrel grip
Lock & load
Ergonomically balanced and weighted Blaster control system
Complete-range motion detection for Wii Remote
Maintains natural Wii innovation motion
Made with hard plastics of high quality

Greenbox converts carbon emissions into biofuel

A breakthrough technology developed by three engineering lads in Wales could hold the key to converting carbon emissions into beneficial substances such as biodiesel, methane gas, and fertilizer. The cleverly-dubbed Greenbox was designed to be fixed underneath one's vehicle where it could gobble up carbon dioxide and nitrous oxide until the next fill up, at which point the box would be switched out for a new one while the filled canister headed to a bioreactor for processing.


Sounds complicated, we know, but strapping these bad boys beneath every gasoline-powered vehicle in a given nation could boost its biofuel production exponentially -- all without spending another penny (or pence) on research. Unsurprisingly, the trio of inventors are staying mum until they (hopefully) convince the government or a private company to grab ahold, but unless these boxes learn to swap themselves, we can't imagine too many individuals bustin' out the creeper for underbody work at each fuel stop.

Should Google Buy Yahoo?

Robert Young at Publishing 2.0 argues that Google needs to face facts and finally kick down for Yahoo. Why would Google pay for a second rate search engine and a bunch of Web 1.0 apps?

Because Yahoo has a lot more on the ball than just a bunch of outdated applications, like Yahoo Mail. While Google continues to dominate search, Yahoo has won a significant number of online battles with the search king:

* Yahoo! Mail, which accounts for almost 50% of the free email market, has more than 10 times the market share of Gmail;

* Yahoo! Answers is a major hit… Google Answers failed;

* Yahoo’s Flickr is a runaway hit… far outpacing Google’s Picasa photo site;

* In critical verticals, like finance, Yahoo remains the clear leader despite much effort by Google;

* Both Yahoo! and Google are cozying up to the newspaper industry with their respective efforts. Combine the two efforts and a successful outcome for all parties is almost guaranteed;

* Want to acquire display/brand ad expertise? Forget DoubleClick — Yahoo’s ad sales expertise and relationships with big Madison Ave brands and agencies are far superior. Besides, as long as Google’s going to get scrutinized under federal antitrust regulators, and now Congress, might as well go through all that headache with the promise of a much bigger catch at the end.

In short, Young's argument is that Google's search and AdWords juggernauts would only serve to propel Yahoo's strengths, while pushing Yahoo's inferior search platform out of the picture.

My biggest beef with Young's argument is the threat of regulatory backlash. Right now Google looks like it could face a fight to finalize its deal for DoubleClick. If Google faces this much resistance to buying DoubleClick, how much more friction would a deal for Yahoo create? I think this proposed deal could be the first major acquisition in the last few years to actually face the threat regulatory intervention, which is probably a sign that it makes great business sense.

What do you think? Should Google just buy Yahoo? Or is this deal impossible in the current regulatory and business environments?

Net criminals shun virus attacks

Hi-tech criminals have found novel ways to carry out web-based attacks that are much harder to spot and stop, warn security experts.

Some cyber criminals have exploited file-sharing networks and popular webpages to attack targets.

The malicious hackers have turned to these methods instead of going to the trouble of hijacking home PCs.

Using these methods the hi-tech criminals have staged some of the biggest attacks security experts have

ever seen.

Attack pattern

For some time the tool of choice for hi-tech criminals has been a botnets of hijacked home PCs.

Botnets are collections of computers under the remote control of a hi-tech criminal.

Botnets are used to relay junk e-mail or spam and as a resource to mine for saleable information such as logins or credit card numbers.

Many botnets are also used to attack other computers in denial of service attacks which try to overwhelm the target server with huge amounts of data.

Computers, usually Windows machines, get enrolled in a botnet when their owners open an e-mail bearing a virus or visit a booby-trapped webpage.

But, said Paul Sop, chief technology officer of security firm Prolexic, some creative criminals have found a way to mount denial of service attacks without hijacking any PCs.


Gambling sites were the first targets of web extortionists
One attack seen by Prolexic in May exploited a popular peer-to-peer or file-sharing network.

Many file-sharing systems use hubs or servers that point people to the right place to download the movies, music and other media they are interested in.

"If a hub was going down for maintenance it would tell people to connect to another one," said Mr Sop.

By exploiting this administrative foible, an attacker was able to bombard a server with traffic from tens of thousands of file-sharers none of whom knew they were taking part in the denial of service attack.

"There's no malware on any of those computers," said Mr Sop which meant the attacks were hard to stop and to defend against.

He added that the file-sharing network attack was one of the biggest and involved gigabits of traffic every second.

Prolexic had also seen attacks that exploit the popularity of a webpage to attack another site or server. On the popular page attackers placed a chunk of Javascript code which told the computers of visitors to bounce data off the target site.

Again, said Mr Sop, no virus or worm was involved but a target site could be saturated with the traffic.

Andre' M. Di Mino, administrator for the Shadowserver Foundation which tracks botnets, said the development was one of many it had seen as malicious hackers sought innovative ways to set up botnets or mount attacks.

"The topologies are varying as we see more P2P and http nets each day," he said. "This is a very growing and troubling trend."

The Shadowserver group had also seen increasing attacks on servers so attackers can booby-trap them to catch out visitors.

"As the servers themselves are compromised, even the most careful end-user is now more vulnerable for infection," he said.