Rumors of a BlackBerry tablet are heating up by the day, with Bloomberg now claiming that the BlackPad — yes, the BlackPad — will arrive in November, complete with an iPad-size screen and the ability to connect to the Internet via either Wi-Fi or your Bluetooth-connected BlackBerry.

Citing a pair of anonymous sources “familiar with the company’s plans,” Bloomberg says the tablet will indeed be called the BlackPad (which would presumably explain BlackBerry-maker RIM’s recent acquisition of “BlackPad.com”) and would boast a display that’s “roughly” the same size as the iPad’s 9.7-inch screen.

Rather than having its own, embedded 3G radio, the BlackPad would rely on Wi-Fi or Bluetooth tethering to your BlackBerry to connect to the Internet, Bloomberg’s tipsters claim — a nifty trick. I sure wish I could tether the iPad to my iPhone for 3G data.

The article doesn’t go into detail about what kind of processor would power the rumored BlackPad, or whether it would run on the revamped BlackBerry OS 6 (which seems likely). It did note, however, that the BlackPad’s pricing would be “in line” with that of the iPad, which starts at $499 for the 16GB Wi-Fi-only version.

Several details of the Bloomberg story are at odds with what we heard from one wireless analyst earlier this month, who predicted that the BlackBerry tablet would come with built-in Wi-Fi and a smaller, 7-inch display.

Rodman & Renshaw analyst Ashok Kumar (who, it must be said, has thrown some wild pitches lately when it comes to tech predictions) also thinks the BlackBerry slate will arrive with a 1GHz processor and dual cameras, including a front-facing lens for video chat.

The Bloomberg story caps months of rumors and speculation about a BlackBerry tablet, which stretch backas early as April and gained traction in June after the Wall Street Journal threw its own anonymously sourced log on the fire.

The latest rumors also come just days before BlackBerry’s planned press event next week. Expected among the surprises: a new touchscreen QWERTY slider powered by the revamped, touch-friendly BlackBerry OS 6.

I admit to being pretty skeptical about the BlackBerry tablet rumors in the early months, but based on the steady buzz, it’s starting to look like the BlackPad — or whatever it ends up being called — could indeed be for real, although RIM still refuses to confirm or deny its existance. If the tablet is real, though, the ability to tether with a BlackBerry for 3G data would be a major selling point.

Source

Have an Idea for an App?  Click here!

Hacking into an ATM isn’t impossible, a security researcher showed Wednesday. With the right software, it’s actually pretty easy.

Barnaby Jack, director of security testing at Seattle-based IOActive, hauled two ATMs onto the Black Hat conference stage and demonstrated to a rapt audience the fond daydream of teenage hackers everywhere: pressing a button and having an automated teller machine spew out its cash until a pile of paper lay on the ground.

“I hope to change the way people look at devices that from the outside are seemingly impenetrable,” said Jack, a New Zealand native who lives in the San Jose area. One vulnerability he demonstrated even allows a hacker to connect to the ATM through a telephone modem and, without knowing a password, instantly force it to disgorge its entire supply of cash.

Jack said he bought the pair of standalone ATMs–one manufactured by Tranax Technologies and the other byTriton–over the Internet and then spent years poring over the code. The vulnerabilities and programming errors he unearthed during that process, Jack said, let him gain complete access to those machines and learn techniques that can be used to open the built-in safes of many others made by the same companies.

“Every ATM I’ve looked at, I’ve found a game-over vulnerability that allows an attacker to get cash from the machine,” Jack said. “I’ve looked at four ATMs. I’m four for four.” (He said he has not evaluated built-in ATMs like those used by banks and credit unions.)

He said both Tranax and Triton had patched the security vulnerabilities since he brought them to the companies’ attention a year ago. If a customer with an ATM such as a convenience store or a restaurant doesn’t apply the fix, though, the machines remain vulnerable.

Hacking into ATMs is not exactly a new idea: It was immortalized by a young John Connor in the “Terminator 2″ movie, and techniques like “card skimming” and “card trapping” are well-known by police.

Some enterprising thieves have even seized on ways to use a little-known configuration menu to trick ATMs into thinking that they’re dispensing $1 bills instead of $20 ones. (Traditional methods of stealing an ATM, ramming it, cutting into its safe, or blowing it up still work too.)

But those other electronic cash-extraction techniques were limited because they didn’t rely on a deep analysis of an ATM’s code. Many run Windows CE with an ARM processor and an Internet connection or a dialup modem, all of which controls access to the armored safe through a serial port connection. Jack said he used standard debugging techniques to interrupt the normal boot process and instead start Internet Explorer, giving him access to the file system and allowing him to copy off the files for analysis.

In the case of Tranax, a Hayward, Calif.-based company, Jack said he found a remote access vulnerability that allows full access to an unpatched machine without a password needed. He wrote two pieces of software to exploit that programming error: a utility called Dillinger, which attacks an ATM remotely, and one called Scrooge, a rootkit that inserts a backdoor and then conceals itself from discovery.

Scrooge “hides itself from the process list, hides itself from the operating system,” Jack said. “There’s a hidden pop-up menu that can be activated by a special key sequence or a custom card.”

Triton’s ATMs didn’t have an obvious remote access vulnerability. And the built-in vaults were well-armored. But the PC motherboard that dispenses cash from the vault was protected only by a standard (not unique) key that could be purchased over the Internet for about $10. So Jack did, and found he could force the machine to accept his backdoor-enabled software as a legitimate update.

Bob Douglas, Triton’s vice president of engineering, showed up at the conference to stress to reporters that the vulnerability has been fixed. “We have developed a defense against that attack,” he said. “We released it in November of last year.”

In addition, Douglas said: “We have an optional kit available to replace the lock with a unique key. It’s a high-security lock as well. I think it’s a Medeco lock.” But he said because some companies that service ATM machines might own 3,000 of them and visit dozens or hundreds a day, not all customers choose to upgrade.

Tranax did not respond to queries from CNET on Wednesday.

Jack was scheduled to present a similar talk at Black Hat last year, but it was pulled at the last minute after an ATM vendor complained to Juniper Networks, his then-employer.

The difficult part in hacking the ATMs was evaluating the software for vulnerabilities–but the Dilligner and Scrooge utilities Jack created as a result are easy enough for a child to use.

And will he release them? Teenage hackers, random criminals, and the Mob would surely be interested. “I’m not going to,” Jack said in response to a question from CNET after his talk.

Source

Jailbreaking your iPhone or other mobile device will no longer violate federal copyright law, the U.S. Copyright Office ruled Monday.

The decision, part of a process that takes place every three years, said that bypassing a manufacturer’s protection mechanisms to allow “handsets to execute software applications” is permissible.

The Copyright Office also allowed bypassing the anticopying technology used in DVDs, but only for “documentary filmmaking,” noncommercial videos, and educational uses–a ruling that stopped short of allowing Americans to legally make a backup copy for their own use, in case the original DVD gets damaged. It also doesn’t apply to making backup copies of video game discs or Blu-ray discs.

Apple, the maker of the iPhone, had objected to the exemption for jailbreaking phones. A letter that the company sent to the Copyright Office argued that allowing jailbreaking would result “in copyright infringement, potential damage to the device and other potential harmful physical effects, adverse effects on the functioning of the device, and breach of contract.”

Apple’s support department already receives “literally millions of reported instances of problems flowing from jailbroken phones,” the company said, and legitimizing the practice of jailbreaking would result in more malware being delivered outside of the App Store, other security problems, and even physical damage to the iPhone.

Monday’s announcement certainly counts as a political victory for jailbreaking enthusiasts and critics of the anti-circumvention portions the 1998 Digital Millennium Copyright Act, but it may not have much of a practical effect.

Apple has never sued any of its customers on grounds that their jailbreaking violates the DMCA, even though a February 2009 estimate suggested that over 400,000 U.S. iPhone owners have done so. Nor has it filed any breach-of-contract lawsuits claiming that the software license agreement was violated.

Section 2(c) of the Apple iPhone Software License Agreement (PDF) bans any attempt to “modify” the iPhone software or to reverse-engineer it.

The Electronic Frontier Foundation, the San Francisco-based civil liberties group, had requested that the Copyright Office expand the number of exceptions in the DMCA, which has been a focus of controversy among programmers, hackers, and security researchers for over a decade. The DMCA broadly restricts, but does not flatly ban, bypassing copy protection technology.

“The Copyright Office and Librarian of Congress have taken three important steps today to mitigate some of the harms caused by the DMCA,” Jennifer Granick, EFF’s civil-liberties director, said in a statement Monday. “We are thrilled to have helped free jailbreakers, unlockers, and vidders from this law’s overbroad reach.”

Source

Well, now there’s a crowdsourced, Consumer Reports–like way to find out, thanks to the folks who run the online speed testing service Speedtest.net.

The company, which runs more than a million tests a day on its main testing page, updated its broadband statistics site NetIndex.com on Tuesday to let users see comparative results sorted by city. For instance, Los Angeles sees an average speed of 7.2 Mbps, with the Road Runner service slightly edging Charter Communications for the top speed — 16.97 Mbps compared to Charter’s 16.4 Mbps.

Moreover, since Speedtest.net asks users to rate their satisfaction with their ISP, you can see user rankings as well, with Road Runner clocking a 3.2 out of 5 stars, compared to 2.9 for Charter and 2.5 for third-place AT&T Worldnet.

The point, according to Speedtest.net co-founder Doug Suttles, is to make it easier for people to find a new ISP when moving to town, or when they want to find a better provider.

The speed data is compiled from the previous 30 days worth of data, and is updated daily, while the satisfaction ratings reflect votes placed over years. The rankings aren’t particularly easy to find. The best way is to start on the Net Index homepage, scroll down to the state map and click on your state. Then under Cities, click on the tab to change the listing to “By IP Address” to find your city. The city-by-city data currently focuses on the United States, but will be expanding and there’s plenty of international data already.

New York City beats Los Angeles on average speed, with an average of 11 Mbps, raised in no small part because AT&T’s Worldnet service in the Big Apple registers an average 21.32 Mbp average, with Road Runner landing just behind at 17.29.

The data, Suttles argues, shows that broadband in the United States is better than many say think.

“For the most part our feeling is the ISPs get a bad rap,” Suttles said. “The government wants people to be convinced that broadband is terrible but we are a pretty sprawled-out country. We are hoping politicians look at this and realize it is not so bad in some places.”

Ookla, the parent company for Speedtest.net, is no newcomer to the world of broadband. It was founded four years ago as a spinoff from the ISP Speakeasy and sells versions of Speedtest.net’s testing service to nearly all the net’s top ISPs.

Speedtest.net was started largely as a tech demonstration, according to Suttles, but has since grown to be the place people turn to when they want to test their connections. And now, the site provides more than half the company’s revenue, thanks to lucrative ads like those for Google’s Chrome browser.

Now the company is asking testers to tell the company what speeds they were promised and how much they are paying, in order to come up with a ranking of ISPs by value and by which ones deliver the speeds they promise.

The company’s preliminary data-crunching results may come as a surprise to some.

“Nationally, 93 percent of people are getting the speed they signed up for,” Suttles said. “That’s definitively a different story than anyone else is telling.”

The company also has free mobile apps for Android and the iPhone as well, but data from those tests is not reflected in these results. Also not included is data from the testing suites the company provides directly to ISPs.

Some have questioned the methodology of the Speedtest.net tests and whether its tests are representative of the nation as a whole. In its defense, the company points to a recent MIT evaluation of different methodologies that found Speedtest.net was the best of the currently available data sources .

Source

Business Network Support for Easier Business Administration and Communication

Any organization’s day-to-day operations entail extensive internal and external communication. A business network support system aids in streamlining different communication channels and facilitating resource sharing, such as transfer of files and business documents. In fact, setting up a business network is one of the initial steps in developing an organizational IT system.

Business Network Support for Different-Sized Organizations

Business networks are essentially of two types, peer-to-peer and client/server. In a peer-to-peer network system, each computer within the network acts as a client as well as a server. This enables each computer to exchange files and e-mails directly with every other computer on the business network. This implies that the access to personal files is within the control of each individual user. Such a business network support system is feasible for small businesses.

However, for larger organizations that have bigger volumes of transfer, the client/server network system is indispensable. In such a setup, a high-powered central computer, or the server, acts as the focal point of the business network. This server is connected to other workstations, which do not have full access to personal files.

It is also worth noting that peer-to-peer and client/server business networks are either encompassed in a Local Area Network (LAN) or a Wide Area Network (WAN). The former usually has a smaller coverage, such as a school or a residence, and offers better data-transfer speed. The latter covers a bigger geography, such as a university or a commercial complex.

Business Network Support: Weighing the Pros and Cons

The principal benefit of setting up business network support is convenience and flexibility. It enables access to common network resource from any convenient location inside the primary networking environment. This, in turn, helps to increase productivity, as users can maintain a constant affiliation within their desired network. For a business, this means that employees can get more work done, faster.

However, there is a flipside to business networks. Since these networks are designed to transfer data using radio frequencies, poor signals may result in loss of information. Besides the data transmitters are not 100% secure, and there is a possibility of data theft.

Whatever the needs of your company might be, establishing a business network system is imperative for its growth. A well-planned local area or wide area network will not only increase organizational efficiency and control, but will also ensure security of confidential information.

Visit www.percentotech.com to access high-quality managed IT services, from server support and LAN/WAN administration to setting up WiFi points. Percento Technologies, besides the diverse range of services provided, takes pride in its high referral rate of over 89 percent.

The 5-inch Dell Streak tablet won’t go on sale by the end of July, a spokesman said late Tuesday. That announcement came after Dell earlier in the day mistakenly posted an online message on its Web site that customers could return to the site Wednesday to purchase the device.

“It was a mistake, and we took that information down this morning,” said spokesman Matt Parretta in a telephone interview. “I can say definitely that the Dell Streak won’t go on sale in July.”

Parretta noted that Dell said in May that the device would go on sale sometime this summer.

Androidpolice and other Web sites caught the message posted in error today, and then later said customers who signed up for a pre-sale offer could expect an e-mail today with a link to purchase a new phone for $299 with a new AT&T contract.

Dell and AT&T would not confirm that pricing, although Dell has said the device will run on a GSM network in the U.S. and has ruled out the only other GSM carrier, T-Mobile USA.

Parretta’s statement that the Streak won’t go on sale in July contradicts an FAQ still on the Dell site as of late Tuesday that accompanies the pre-sale registration form.

In the FAQ, the question is asked, “When will the Dell Streak be available for purchase?” And the answer given is: “The Dell Streak will be available for purchase in late July!”

Source

With the rise of personal mobile devices, a growing number of enterprises have scrapped the homogeneity mandate: instead of requiring employees to use a standard smartphone, more IT departments are now looking at some degree of control over employee-owned (or “employee-liable”) devices, to manage and secure them. 

“The corporate standards dam is breaking, as platforms like Android and iPhone push their way into the enterprise,” says Gartner Vice President Phillip Redman. “Most companies will accept these, and prepare guidelines and processes for managing and securing them.”

More wireless burning questions:

Should you even bother looking at Windows Phone 7?|How can enterprise WLANs manage the bandwidth crush from mobile devices and multimedia apps?|Is Sprint losing its WiMAX/4G gamble?|What’s the impact of carriers’ new “capped” wireless data plans on corporate networks?|How can wireless and wired security be brought together, rationalized and managed?|How are large-scale, dense Wi-Fi networks affecting radio management issues?|”Who should own your smartphone?”)

Best practices, Redmond says, include “segmenting users into work styles by mobility and application requirements, and matching up device choices.” Another key: adopting of a mobile device management platform or service to help manage the use, configuration and security of these devices.

The approach needs to be systematic and comprehensive, says Khoi Nguyen, group product manager for the mobile security group at Symantec. Crucial elements are: general device and application management; security features to ensure policies are in place, enforced and up-to-date; and alerting and reporting on unauthorized access.

Whatever the details, the overall process “boils down to a regimented and policy-driven approach that recognizes that smartphones and other mobile devices need equal treatment because they’ve become equally important with other IT assets,” says Tom Henderson, managing director of ExtremeLabs.

“Nothing technologically prevents this,” says Enterprise Mobility Foundation President Philippe Winthrop. Instead, he says, the real issues are cultural. “There has to be a recognition by the individual [employee] that e-mail is corporate intellectual property,” Winthrop says. “And if you’re looking at more than e-mail, then the company has every right to secure that information.”

A growing number of companies are formulating written mobile policies and requiring employees to read, understand and sign them before they have access to e-mail and other data from their device. One of Winthrop’s neighbors bought a new iPhone 4, and his company’s IT department installed, via the App Store, the corporate-mandated secure messaging platform. That will become increasingly common, Winthrop says.

“The big question surrounds legal issues — agreements between employees and employer — and placing an enterprise-owned agent on an employee’s handset,” says Craig Mathias, of the Farpoint Group mobile consultancy.

It’s the start of whole new relationship between mobile device users, in dual roles as individual consumer and employee, and the company for which they work.

Source

Perhaps it was only a matter of time. But wireless security researchers say they have uncovered a vulnerability in the WPA2 security protocol, which is the strongest form of Wi-Fi encryption and authentication currently standardized and available.

Malicious insiders can exploit the vulnerability, named “Hole 196″ by the researcher who discovered it at wireless security company AirTight Networks. The moniker refers to the page of the IEEE 802.11 Standard (Revision, 2007) on which the vulnerability is buried.

Hole 196 lends itself to man-in-the-middle-style exploits, whereby an internal, authorized Wi-Fi user can decrypt, over the air, the private data of others, inject malicious traffic into the network and compromise other authorized devices using open source software, according to AirTight.

The researcher who discovered Hole 196, Md Sohail Ahmad, AirTight technology manager, intends to demonstrate it at two conferences taking place in Las Vegas next week: Black Hat Arsenal and DEF CON 18.

The Advanced Encryption Standard (AES) derivative on which WPA2 is based has not been cracked and no brute force is required to exploit the vulnerability, Ahmad says. Rather, a stipulation in the standard that allows all clients to receive broadcast traffic from an access point (AP) using a common shared key creates the vulnerability when an authorized user uses the common key in reverse and sends spoofed packets encrypted using the shared group key.

Ahmad explains it this way:

WPA2 uses two types of keys: 1) Pairwise Transient Key (PTK), which is unique to each client, for protecting unicast traffic; and 2) Group Temporal Key (GTK) to protect broadcast data sent to multiple clients in a network. PTKs can detect address spoofing and data forgery. “GTKs do not have this property,” according to page 196 of the IEEE 802.11 standard.

These six words comprise the loophole, Ahmad says.

Because a client has the GTK protocol for receiving broadcast traffic, the user of that client device could exploit GTK to create its own broadcast packet. From there, clients will respond to the sending MAC address with their own private key information.

Ahmad says it took about 10 lines of code in open source MadWiFi driver software, freely available on the Internet, and an off-the-shelf client card for him to spoof the MAC address of the AP, pretending to be the gateway for sending out traffic. Clients who receive the message see the client as the gateway and “respond with PTKs”, which are private and which the insider can decrypt, Ahmad explains.

From there, “the malicious insider could drop traffic, drop a [denial-of-service] attack, or snoop,” Ahmad says.

The ability to exploit the vulnerability is limited to authorized users, AirTight says. Still, year-after-year security studies show that insider security breaches continue to be the biggest source of loss to businesses, whether from disgruntled employees or spies who steal and sell confidential data.

What can we do about Hole 196?
Solution Video – Business-Class Teleworker : Download now

“There’s nothing in the standard to upgrade to in order to patch or fix the hole,” says Kaustubh Phanse, AirTight’s wireless architect who describes Hole 196 as a “zero-day vulnerability that creates a window of opportunity” for exploitation.

Source