INCREASINGLY DESPERATE Microsoft has resorted to giving away Windows phones to its employees in order to boostawareness.

The phones, which will run the firm’s upcoming Windows Phone 7 operating system (OS), are being offered to employees at no charge. Microsoft will be hoping that by buying up a large number of the phones to throw at its employees, it can mitigate the chance of relatively weak sales to its own staff compared to Apple’s Iphone and numerous Android devices.

It’s not surprising that a company offers its employees phones running its software. Apple offered something similar to those who had worked for the cappuccino company for more than year. However, the popularity of the Iphone among Microsoft’s employees must be a source of embarrassment to the firm, which has seen its Windows Mobile smartphone OS all but eradicated from the market.

Windows Phone 7 was initially shown off at Mobile World Congress in February andrecently reached what the Vole called a “very significant milestone”, with Microsoft ready to wheel out a technical preview. The software is not quite ready for prime time yet though, as the release is a closed beta, most probably aimed at developers.

Employees have not been told what phones they will receive or when they will get them, only that it will run the firm’s latest and perhaps greatest smartphone OS. This tallies with the fact that neither the firm nor any handset manufacturers have chimed in with a release date for Windows Phone 7.

By dangling the carrot of a free phone, Microsoft must be hoping that its army of Voles will ditch other devices and help it claw back market share in the smartphone market.

Source

IT Services

In their most recent report on the status of broadband internet in the US, the FCC has finally admitted “broadband is not beingdeployed to all Americans in a reasonable and timely fashion.”

Although this is the sixth Broadband Deployment Report to be issued by the agency since 1999, it is the first to reach this conclusion. Previous reports have been widely criticized for both the benchmark by which broadband was defined and the methodology for determining service areas.

For example, in the last report, from 2008, 200kbps downstream (download) speed was still considered broadband. Additionally, a single address capable of broadband service was equated to the entire zip code being served.

In the current report notes, “Our examination of overall Internet traffic patterns reveals that consumers increasingly are using their broadband connections to view high-quality video, and want to be able to do
so while still using basic functions such as email and web browsing.”

In order to more accurately reflect that reality the standard for broadband has been raised to 4Mbps downstream and 1Mbps upstream. Service areas were based on numbers from the National Broadband Plan, published earlier this year.

Using the new metrics resulted in a determination that 14 million Americans live in areas where broadband internet service isn’t offered.

Source

Computer maker Dell is warning, according to The Register, that some of its server motherboards have been delivered to customers carrying an unwanted extra: computer malware. It could be confirmation that the “hardware trojans” long posited by some security experts are indeed a real threat.

Unlike hard-drive-based computer viruses which can be disabled by antivirus software, a hardware trojan lives out of reach of such defences. It comprises some kind of alteration – by sabotage or accident – to the very heart of a computer: its microprocessors, memory chips or circuit boards.

News that Dell may have a hardware trojan problem emerged on a support forum after a user was warned by a Dell call centre that the firm’s PowerEdge R410 server motherboard contains spyware of unspecified function that a Dell engineer needed to come and remove.

Dell confirms on the same forum: “The potential issue involves a small number of PowerEdge server motherboards sent out through service dispatches that may contain malware. This malware code has been detected on the embedded server management firmware.”

Firmware is the semi-permanent software that controls vital internal components. It will be fascinating to find out how the malware got into Dell’s firmware, not least because firmware should have been subject to high physical and computer security procedures.

But the threat of hardware Trojans has been recognised at the highest levels. The Pentagon is spending millions on research designed to ensure it can trust the microchips in critical systems, especially those made outside the US.

Elsewhere, researchers are also investigating the threat from would-be chip-plant saboteurs, who poison the chip-making processes to introduce a “kill switch” that makes the chip fail unexpectedly.

Source

Microsoft has released a “Fix it” tool to automate workarounds designed to mitigate a Windows zero-day vulnerability being targeted by attackers.

Microsoft is arming Windows users with a new automated tool to help thwart exploits of a zero-day that has come under attack.

The bug, which lies in the Windows shell component of the operating system, exists because Windows parses shortcuts in a way that permits malicious code to be executed when the icon of a shortcut is displayed. In an update to an advisory first issued last week, the company added information about attack vectors, noting the bug can be exploited locally through an infected USB drive or remotely via network shares and WebDAV.

To help block attacks, the company has released a “Fix it” tool to prevent shortcut icons from being displayed.

“This workaround will disable some icons from being displayed so we recommend administrators test this before deploying it wide,” blogged Christopher Budd, security response communications lead at Microsoft.

The company has also added information about a new workaround to the advisory on the issue, Budd noted. As an alternative fix, users can also block .LNK and .PIF files from downloading from the Internet, he wrote.

The “Fix it” tool requires a restart to work. Applying the fix will remove the graphical representation of icons on the Task and Start menu bars and replace them with white icons without the graphical representation of the icon, according to the company.

The vulnerability affects all versions of the operating system, including Windows XP Service Pack 2, which Microsoft recently stopped supporting.

The vulnerability was first uncovered by security firm VirusBlokAda, and has been linked to malware being used in targeted attacks.

“As always, we’ll update the security advisory and this blog with new information as it becomes available,” Budd wrote.

Source

IT Security Services – Percento Technologies

Google on Tuesday launched a major update to its Google image search technology and image search results page, kicking to the curb the old, clunky results.

The new Google image search results page have received several comparisons to Microsoft Bing, due to some similar functionality. But Google has made the technology its own.

Here are five new features to look for in Google’s new image search format.

1. More results per page. The days of clicking through pages upon pages of images of all sizes to find just what you were looking for are over. The new Google image search delivers 1,000 images per page and let users scroll through them without having to click through endless pages of results.

2. You can hover over an image and preview it. Google image search results can now be previewed in a slightly larger size simply by hovering the mouse icon over an image on the results page. That means less clicking and a faster route to the image you’re seeking. That feature is automatic.

3. Images are delivered in context. Clicking on an image and seeing just the photo or graphic on a plain white background is a thing of the past. Clicking on an image in the new Google image search takes a user to a landing page that displays the image in context along with the website where the images are hosted. Users can still see an image in full size by clicking on the right-hand side.

4. Fewer words and links. By boosting the density of its Google image search results page, Google has eliminated the links and descriptions that once appeared under each image result. The Google image search results page is no longer cluttered with text. That information is still available when a user previews the image, but not having it presented along with the search results streamlines the page making it easier to scan the images themselves.

5. Users can still filter images. When image results are presented, users can still filter them by size, color and type using a series of links in the left-hand column, giving users the same control they had previously, but with the new Google image search format.

Source

Website Development Services

Businesses with IT assets in hurricane zones should know that a major weather disaster can trash not just the equipment, but also the valuable data saved in it. A solid disaster recovery plan, such as a disk-based backup approach with extra servers located outside of hurricane zones, can save money, time, trouble and even boost the safety of employees. 

The word “hurricane” means “evil wind spirit” — and the 2010 hurricane season is predicted to be the most active of the past five years. In fact, in just the first two weeks of the season there were nine named storms in the Atlantic basin. 

So if the technical disaster recovery plan that you have in place involves holding your breath, crossing your fingers or some other interesting but ineffectual ritual to ward off the evil wind spirits, your business is at serious risk. 

A Server Under Clearer Skies

A less shamanistic and more practical approach to data protection this hurricane season is to implement a disk-based backup and recovery technology. Disk-based backup and recovery simply means having an extra server located out of the hurricane zone that will automatically take over for your production server if the production server stops responding.This take over is called “failover,” and it can happen in seconds — in fact, users probably won’t even know anything happened. These days backup and recovery software is so advanced and simple that you don’t even have to pre-load the extra server with any software. Good backup and recovery software will “push install” everything for you at failover — including the operating system, applications and all the data. 

But good and fast is never cheap, right? In this case — wrong. When you consider that the average company loses US$40,000 per hour of downtime, an extra server and backup software pay for themselves in the time it will take you to shut the windows when it starts to rain. 

But let’s say you’re not the average company. Let’s say you’re smaller, even much smaller, than average. You probably don’t have an IT staff and you don’t have a lot of extra cash for hardware and software that you may or may not use. Well, good software is simple software designed to be used by non-technical staff, and it’s out there. Even if you don’t use your new backup system in a hurricane, chances are you will use it; most outages are caused by viruses or simple human error (and the Small Business Administration asserts that every business will suffer through one sooner or later). 

Time, Money and Safety

Regardless of the size of your business, disaster recovery technology is a must this hurricane season — and here are five reasons why:  

1. Job Security: Forty percent of companies who suffer a disaster never recover. There is absolutely no reason to risk jobs, revenue or the time and hard work your employees have invested in your company. Backup and recovery technology keeps users online — no matter where they are or what’s happening outside.

  

2. Time Is Money: More directly, downtime is lost money. At an average loss of $40,000 for every hour that users can’t get to data and applications that run the business, how many hours of downtime can you afford?

  

3. Legal Paperwork: Depending on your industry, data protection might be required by law. If you’re regulated by any government organization, it’s likely you’ll need to provide complete IT records on demand. Regulatory organizations consider data protection your responsibility; hurricanes are not an acceptable excuse for data loss and you will have to pay hefty fines.

  

4. Personal Safety: It might just keep your people safe. In a hurricane, getting people to a safe place should be the focus. If you know the data on your servers is safe and your technical equity is safe, there won’t be any risky last-minute scrambles to save the server.

  

5. Peace of Mind: Downtime is expensive, risky and frustrating. When employees can’t get to the data and applications they need to do their work, everybody is frustrated. When customers can’t get to service, information or shopping  sites, they lose confidence. Backup and recovery technology doesn’t just protect your data; it protects your time and reputation

 

Source

Percento Technologies Disaster Recovery Planning Services

Advanced Micro Devices reported better-than-expected second-quarter results as demand for notebooks helped the chipmaker beat estimates.

On Thursday, AMD reported a net loss of $43 million, or 6 cents a share, on revenue of $1.65 billion, up from $1.18 billion a year ago. Non-GAAP earnings were $83 million, or 11 cents a share. Wall Street was expecting AMD to report earnings of 6 cents a share on revenue of $1.54 billion.

Like Intel, AMD’s much larger rival, the company said that it was benefiting from increased demand for PCs. Both Intel and research firms such as Gartner and IDC have indicated that a strong upgrade cycle is under way.

Source

IBM on Tuesday delivered strong second-quarter earnings, but revenue took a hit due to a strong dollar. Software and services ledthe way.

IBM reported second-quarter earnings of $3.4 billion, or $2.61 a share, on revenue of $23.7 billion. Wall Street was expecting earnings of $2.58 a share on revenue of $24.17 billion. IBM said a strong dollar was a $500 million hit to revenue. Most analysts didn’t account for currency fluctuations. A strong dollar relative to international currencies dings sales when international revenue is tallied in the U.S.

CEO Sam Palmisano said that the company expects 2010 earnings of at least $11.25 a share, in line with current expectations.

Source

Microsoft’s problems with Token Kidnapping [.pdf] on the Windows platform aren’t going away anytime soon.

More than a year after Microsoft issued a patch to cover privilege escalation issues that could lead to complete system takeover, a security researcher plans to use the Black Hat conference spotlight to expose new design mistakes and security issues that can be exploited to elevate privileges on all Windows versions including the brand new Windows 2008 R2 and Windows 7.

Cesar Cerrudo, founder and CEO of Argeniss, a security consultancy firm based in Argentina, first reported the token kidnapping hiccup to Microsoft in 2008 and after waiting in vain for a patch, he released the details during the Month of Kernel Bugs project.

The flaw would eventually be exploited in active attacks, leading to a mad scramble at Redmond to come up with a fix and a subsequent disclosure flap that exposed Microsoft as the irresponsible party.

This year, Cerrudo plans a new talk titled “Token Kidnapping’s Revenge” where he will discuss how attackers can even bypass certain Windows services protections.

One-year-old (unpatched) Windows ‘token kidnapping’ under attack

In an interview with Threatpost, Cerrudo said the presentation will discuss about a half-dozen vulnerabilities in all Windows versions from XP to Windows 7 that can be exploited to elevate privileges by any user with impersonation rights.

The explanation:

Most Windows services accounts have impersonation rights. Because impersonation rights are needed these are not critical, high risk vulnerabilities, regularWindows users can’t exploit them. Some applications are more susceptible to exploitation of these vulnerabilities than others, for instance, if you can upload ASP web pages with exploit code to a MS Internet Information Server (IIS) 6, 7 or 7.5 running in default configuration you will be able to fully compromise the Windows server.

For example, if you are an SQL Server administrator (which is not a Windows administrator) you can exploit these vulnerabilities from SQL Server and fully compromise the Windows server.

Responsible disclosure, the Microsoft way

Cerrudo said the vulnerabilities can be exploited to bypass new Windows services protection to help in post-exploitation scenarios too where an attacker is able to run code after exploiting a vulnerability in a Windows service but he is not able to compromise the whole system due to these protections.

One of the issues Cerrudo plans to present at Black Hat even allows him to bypass one of the Microsoft’s fixes for previous Token Kidnapping vulnerabilities on Windows 2003.

Where on earth are these Microsoft patches?

“Microsoft is aware of these issues (and other local privilege elevation issue that can be exploited by any user but I won’t be talking about it before the fix) and they will be releasing fixes and advisories in August,” Cerrudo explained.

The researcher also plans to release two exploits (called Chimichurri and Churraskito) for IIS and SQL Server. These exploits could work on other services too with some minor modifications, he said.

“The presentation is not only about the vulnerabilities and the exploits. I will be showing step by step how I found the vulnerabilities, with what tools and techniques, so participants can learn and walk away knowing how to find these kind of vulnerabilities by themselves,” Cerrudo added.

Source