So, what is it about Windows 7's UAC that makes it vulnerable? As Zhen puts it:
Windows is a platform that welcomes third-party code with open arms. A handful of these Microsoft-signed applications can also execute third-party code for various legitimate purposes. Since there is an inherent trust on everything Microsoft-signed, by design, the chain of trust inadvertently flows onto other third-party code as well. A phenomenon I’ve started calling “piggybacking”.
To demonstrate, one of the many Microsoft-signed applications that can be taken advantage of is “RUNDLL32.exe”. With a simple “proxy” executable that does nothing more than launch an elevated instance of "RUNDLL32 pointing to a malicious payload DLL, the code inside that DLL now inherits the administrative privileges from its parent process "RUNDLL32" without ever prompting for UAC or turning it off.
It sounds serious, but before you jump to conclusions, join us after the jump for Microsoft's response and a workaround.
If you’re a Google Apps customer and you’re in need of your calendar offline, you’re in luck! Just today Google began releasing offline calendar support, a move that will make their tools more attractive to business users.
The calendar has a lot of attractive features, such as support for Gears and the ability to check your appointments despite your current connection. Though, know that you’ll only be able to check up on your daily agenda using the offline version, not create new entries.
If you’re a non-Google Apps customer and you’re looking to check out this feature before you buy it, Lifehacker has had some hands-on time with the synchronization software and given some impressions.
S1Digital announced recently that they’ve completely redesigned a Media Center HTPC, starting from square one.
The new Media Center features a custom designed, “living room friendly” case primarily cooled by heat pipes. But, more importantly there’s some impressive hardware under the hood. It’ll feature up to four CableCARD HDTV or two ATSC/QAM and NTSC tuners, 3TB of RAID-5 storage (standard), a Blu-ray drive (profile 2.0), Gigabit Ethernet, 4GB of memory, an Intel E8500 Core 2 Duo, an ATI All-In-Wonder 3650 (sporting HDMI, DVI, component and VGA outputs), a Logitech DiNovo Mini Bluetooth keyboard and a media center remote. It will also support “up to three zones of audio and video streaming (via Extenders or other Media Centers).”
So how much does something with that much hardware run the average consumer? Why $5,999 of course! And that’s standard (though, to be fair, the standard load out is mighty impressive).
Out with the old and in with the new, and for Intel, that means putting its Core 2 Extreme processors on the chopping block. The chip maker has told system builders it is phasing out both the QX9650 and QX9770 processors, leaving the QX9775 as the last remaining Core-based 45nm Extreme processor. Intel will take final orders for the discontinued CPUs on June 5 and final tray processors will ship in early February 2010. OEM versions will ship until September of 2010, so you still have plenty of time to overspend on a dated CPU.
By phasing out all but one of its 45nm Core 2 Extreme processors, Intel would appear to be on track to release more Core i7 CPUs in Q2 2009. Intel has also indicated that the first commercial processors built on a 32nm manufacturing process are expected to debut by the end of the year, putting the chip maker at least a year ahead of AMD.
At the upcoming International Solid-State Circuits Conference Intel is planning to present 15 papers, most of them stressing integration of more functions into a single chip, and less on the raw amount of GHz they can pack in. “The trend of using smaller transistors to build larger microprocessor cores with higher operating frequency is coming to an end,” said Mark Bohr, an Intel senior in the Technology and Manufacturing Group.
Intel is planning to outline research that they’ve conducted on the “new system-on-a-chip (SoC) era,” which they describe as “a fundamental shift in the way semiconductor manufacturers will innovate to keep Moore’s Law alive.” With the introduction of the SoC, Intel is planning to integrate radio silicon into their chips for handhelds, netbooks and laptops, giving many of these WiFi, WiMax, 3G and Bluetooth capabilities right out of their respective boxes.
The prospect of a system on a chip is one that seems like it could do wonders for the mobile device market. Intel’s findings will be made public early next week when the conference finally gets under way, so unfortunately we’ll have to wait until then for specifics.
XFX surprised a lot of people when the company announced it would begin selling ATI videocards, and perhaps none more surprised than Nvidia. Formerly exclusive to Nvidia, XFX made its ATI debut last month with five Radeon videocards, the HD 4870, 4850, 4830, 4650, and 4350.
Curiously missing from the lineup was ATI's flagship 4870 X2 graphics card, but that's no longer the case. XFX has just released the dual-GPU card in time for Valentine's Day.
"Love is power, if you’re a gamer, that is," XFX wrote in a press release. "Which is why if you—or the object of your affection—is into speed, power, or better yet, the most amazing combination of both, the new XFX Radeon™ HD 4870 X2 graphics card is truly cupid’s arrow."
Unless your significant other is a hardcore gamer, you're probably better off sticking with diamonds, chocolate, and flowers on the upcoming Hallmark holiday (and don't call it that in front of her). But if she's a true geek, what better way to show your love than with one of the fastest videocards on the planet with a lifetime warranty to boot?
Highlighting one of the benefits of using an open-source OS, Hewlett Packard has released a custom version of Ubuntu intended for netbooks, and more specifically, for the HP Mini 1000 Mi Edition. The custom OS is built around Ubuntu 8.04 and comes preloaded with the usual software suspects, plus a few more.
The main difference between Hardy Heron and HP's customized version comes down to the GUI, and it appears HP went to some length to make its OS stand out from Ubuntu. Booting up the HP Mini 1000 Mi takes users to a screen with a web search bar, a favorite websites list, and various shortcuts to music and photos on a black background. The Program Launcher separates applications into different categories, and a custom media player called HP MediaStype offers a full screen interface to scroll through your media.
Some of HP's netbooks already come preinstalled with the custom OS, but the OEM also plans to offer a utility in the coming days to turn a Windows XP HP Mini 1000 into a Mi Edition netbook.
Sure, Comcast was caught filtering for profit and ushered in the metered bandwidth revolution. And yes, a Comcast technician might even fall asleep on your couch. But a part time super hero as well?
That latter part might be stretching it a little, but two Comcast technicians did manage to save an elderly woman from perishing in flames as her house caught on fire. It all started when the woman's husband escaped from the burning home and ran outside calling for help. Jim MacConnel and Tom Masciulli, who had been installing a phone line in the area, rushed inside.
"There was so much black smoke and she had soot all over her face," MacConnel said. "If we had left, it's just my opinion, but if we weren't here she would have perished."
The two man escorted the 88-year-old woman through black, billowing smoke and out to safety.
When it comes to PC security, you already know the drill: Don't download unknown attachments, avoid clicking on suspicious links, log directly into your online accounts rather than follow a hyperlink, and so forth. These methods work well when dealing with virtual threats, but what happens when miscreants start meshing their malware tricks into the real world?
That's exactly what's going on in North Dakota, where some hybrid car owners have fell victim to fake parking citations left on the windshield. The citations read "PARKING VIOLATION. This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to ______," where the blank is filled in with a malicious website. Those who go the website are instructed to download a toolbar to view photos of the ticketed car, but it instead installs a Trojan along with a bogus security alert instructing victims to install a fake antivirus scanner.
As the economy finds it increasingly difficult to free itself from the clutches of the proverbial bear, it is safe to assume that the eagerness with which investors rallied to fund tech startups has been consigned to history, at least for the time being. The tenebrous economy has also made angel investors nervous. Angels are now trying to maintain a safe distance from tech start-ups just like all other investors.
Most tech start-ups count on angel investors for funds in their infancy. However, the economic meltdown has sapped their otherwise unbridled optimism. According to a survey conducted by the Angel Capital Association in November, fifty percent of investors invested well within their expectations in 2008. And one in every three angel investors feels that the slide in investments will continue.
The abysmal lack of confidence isn’t the only thing to blame, but the dearth of liquidity has also forced them to pull in their horns. However, the doughtier investors are still investing, though at a decreased pace, as they want to make the most of plummeting company valuations.
Dan Martin, a San Francisco-based angel investor, told CNET that stocks are a better investment avenue than “investing in the friend of a friend who wants to open a green Chuck E.” But there is still hope for budding tech entrepreneurs as many angels are expected to make joint investments with others in their fraternity.