iPhone security hole — and a fix — discovered

Sunday, August 31, 2008 1 Comments A+ a-

Have password protection enabled on your iPhone? Turns out there's an easy way for attackers to skip the password screen and access your contacts, browse the Web, poke through your e-mail, and even make calls. Luckily, there's an even easier way to patch the hole.

According to Ars Technica, posters on the MacRumors forums discovered the security hole, and it's a pretty big one.

First, for those of you who don't password-protect your iPhones (and if you don't, you should), here's how it normally works: The moment you wake the iPhone, a numeric pad pops up, prompting you for a four-digit passcode—no password, no joy. There's also an "Emergency Call" button that lets you call 911 in a pinch. (You can access the password settings under Settings, General, Passlock Code; I typically set my iPhone to require the passcoode after 15 minutes of inactivity.)

Here's the thing, though—if you double-click the Home key while in the Emergency Call screen, the iPhone will default to your Favorites menu. From there, an attacker could access your e-mail (it's easy—just click a contact's email address, click "Cancel" from the new message screen, and you're in), browse the Web (either through a contact's URL, or through URLs found via Google Maps), and even make calls (just dial a contact's number, then add a call—any call).

Reportedly, Apple already knows about the security hole and is working on a software patch. However, Ars Technica already has a simple solution: Just change the double-click preferences for the iPhone Home button (Settings, General, Home Button) to "iPod" (attackers can watch you videos and listen to your tunes, but that's all), or—even better—to "Home," which simply brings the iPhone back to the password screen.

Also, note to Apple: Would it have killed you to tell us about the security hole and the simple fix?

ps: Copied from the Yahoo!Tech site

Yahoo!Messenger 3.0 Beta for MAC

Sunday, August 31, 2008 0 Comments A+ a-

Good after noon every onesmile_regular !

On Thursday,the Y!Messenger blog announced a new update for their version of messenger for Mac Leopard thumbs_up.

I’ve been a Yahoo! user for 2 years now.I used the version 8.1 and 9.0 beta for xp and Vista and the special version for Vista,with all these versions,I adore the version 9.0 beta,it’s amazingheart.

However,here is what they said on the blog and the links to try it if you’re a Mac Leopard  usersmile_teeth.


Leopard crash bug fixed in Mac Beta

We released a new update for Yahoo! Messenger for Mac 3.0 Beta today. A bug was fixed that was causing crashes for users on OS X Leopard.

We recommend that all Yahoo! Messenger for Mac users upgrade to this latest version. If you’re on an older version of 3.0 Beta, you will also see a prompt to upgrade when you sign in.

Download Yahoo! Messenger for Mac 3.0 Beta
(build 126432)

Have some suggestions or issues you want to share with us about the Mac version? Please stop by our Yahoo! Messenger for Mac feedback page to let us know.

Sarah Bacon
Product Manager

# 11:03 PM

Internet Explorer 8 Beta 2 Now Available

Saturday, August 30, 2008 0 Comments A+ a-

We’re excited to release IE8 Beta 2 today for public download. You can find it at http://www.microsoft.com/ie8. Please try it out!

You’ll find versions for 32- and 64-bit editions of Windows Vista, Windows XP, Windows Server 2003, and Windows Server 2008. In addition to English, IE8 Beta 2 is available in Japanese, Chinese (Simplified), and German. Additional languages will be available soon.

While Beta 1 was for developers, we think that anyone who browses or works on the web will enjoy IE8 Beta 2. Before the team blogs about our Beta 2 in detail, here’s an overview of what you’ll find in IE8.

We focused our work around three themes: everyday browsing (the things that real people do all the time), safety (the term most people use for what we’ve called ‘trustworthy’ in previous posts), and the platform (the focus of Beta 1, how developers around the world will build the next billion web pages and the next waves of great services).
Everyday Browsing

We looked very hard at how people really browse the web. We looked at a lot of data about how people browse and tried a lot of different designs in front of many kinds of people, not just technologists. As tempting as it is to list here all the changes both big and small in IE8, we’ll take a more holistic approach. That’s how we built the product and how we’d like to talk about it.

From our customer research, we saw that the bulk of user activity outside of web pages involved tabs and “navigation” – the act of getting to the site the user wants to get to. We also knew that adding features has an impact only if they’re “in the flow” of how people actually use the product. Another menu item might matter in a checklist on a blog somewhere, but won’t matter to real people browsing. That’s why IE8’s New Tab experience is so remarkable: it’s obvious – after you see it:

IE8 New Tab Page

IE8 makes bringing back tabs (and entire IE sessions) users have closed a lot easier; it’s in the natural flow of how users work. IE8 also takes into account that there are often relationships between new tabs that users open, and the browser can make it a lot easier to figure out which tabs go with which. Below, the tabs that came from the links in the search results page are grouped together and colored differently from the headlines the user followed off another page, which are different from links the user followed off other pages:

IE8 Tab Grouping

Navigation – or getting to where you want to – is a lot faster and easier too. Typing in the Smart Address Bar not only searches across Favorites, History, and RSS feeds, but provides a great experience:

IE8 Address Bar

We put a lot of different designs in front of users in order to find one that was this effective. It’s easy to scan, with the different sections marked off and one line for each item, and the highlighting is easy on the eye. Deleting typos (or other unwanted suggestions) from this list is also easy – notice the red "x" above appears when a user places his mouse over an item.

Beyond tabs and navigation, people use services all the time. When you have an address but want a map, or want to just select some text and make a blog post out of it, IE8’s Accelerators (formerly known as ‘Activities’) are handy. For Beta 2, we’ve worked with a lot of great partners to deliver a bunch of choices for users. They’re much faster and easier than the “select, copy, new tab, navigate, paste, repeat” process in today’s other browsers.  We think users will enjoy the consistent experience they’ll get from service to service, and appreciate being in complete control of which are installed and are the default. We hope that websites (and enthusiasts!) write more of them and give us feedback. Staying up to date with the latest information is a lot easier with Web Slices, that put information directly in your Favorites bar where you can get at it quickly.

This is a good moment to talk about performance. We think about two kinds of performance: real world and lab. In a lab, we measure performance in milliseconds. That’s important work, and we did a lot of it since Beta 1. You’ll find IE8 is a lot faster than IE7 on many sites. We can go through and detail, for example, exactly which Gmail operations are faster in IE8 than other browsers and vice versa.

Real world performance is about how people get their tasks done, and that’s something you don’t measure in milliseconds. We think you’ll enjoy the impact of IE8’s new tabs, Smart Address Bar, Favorites bar, Search box, Accelerators, and Web Slices on your daily browsing.

Visual Search in IE8 speaks for itself. Websites can offer rich search results as you type in the Search box:

IE8 Visual Search SuggestionsIE8 Visual Search Suggestions

After installing IE8, try out Visual Search from the New York Times, Wikipedia, Amazon, or eBay. (Many other sites offer regular text suggestions as well.)

Safety isn’t about technologies and features, but two words: in control. We think users should be in control… of their settings, their information, what code runs on their machine, of their browser overall.

Previous posts have described what you’ll find in IE8 Beta 2 with respect to the SmartScreen Filter and protection from phishing and malware as well as many other defenses. The XSS Filter is particularly exciting because it offers real people a real defense from a real threat, by default and out of the box. We’ve blogged about InPrivate previously as well. Taken together, these features do a great job putting the user in control of their information.

The reliability improvements in IE8 Beta 2 are big. Crash recovery is nice, but not crashing is even better. Because in IE8 Loosely-Coupled IE (LCIE) separates the frame (the address bar, back button, etc.) from the tabs, and the tabs (mostly) from each other, crashes are more contained and affect fewer tabs than before. We think users will also appreciate having close boxes on all their toolbars so that disabling ones they don’t want – while leaving the ones they do – is easier.

IE8 is more interoperable with other web browsers and web standards. The contribution of CSS 2.1 test cases to the W3C is an important in order to really establish a standard way to assess standards support. We think that CSS 2.1 remains the most important place to deliver excellent interoperability between browsers. We think developers will enjoy the improvements to the built-in tools, as well as the other opportunities to integrate their sites in the user’s daily life with Accelerators and Web Slices. You can find more information at the IE Development Center, http://msdn.microsoft.com/ie.

After deciding to default IE8 to the most standards-compliant mode available, we wanted to be sure to address compatibility concerns for organizations and individuals. Would websites that expect IE8 to behave the way IE7 does create a problem for end-users? Since March, we’ve been telling developers about a small change they can make to their sites to tell IE8 to show their sites as IE7 does. Many have – but there are a lot of sites that may have not yet addressed this. The Compatibility View button (new to IE8 Beta 2) is a good solution to provide end-users a good experience as the web transitions.
Some Important Details

Anyone interested in customizing and redistributing IE8 (the way others have IE7) can find information about the IEAK here. (We’ll have a more detailed post about IEAK and group policy soon.) One important aspect of a beta release is getting feedback; we’re using the same channels as described in this Beta 1 post (for example, this IE Beta newsgroup).

Read more about guidelines for upgrading to IE8 Beta 2 today. Also, If you are currently using IE8 Beta 1 on Windows XP or Windows Server 2003 with Automatic Updates turned on, you will receive IE8 Beta 2 through Windows Update.

Download IE8 Beta 2, use it – the browser itself, the developer tools, writing an Accelerator, marking part of your page as a Web Slice – and let us know what you think.

Thank you,

Dean Hachamovitch
General Manager

Published Wednesday, August 27, 2008 12:13 PM by ieblog

Filed under: IE Announcements

Gmail Account Hacking Tool

Wednesday, August 20, 2008 0 Comments A+ a-

A tool that automatically steals IDs of non-encrypted sessions and breaks into Google Mail accounts has been presented at the Defcon hackers’ conference in Las Vegas.
Last week Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, and not only, authentication. Users who did not turn it on now have a serious reason to do so as Mike Perry, the reverse engineer from San Francisco who developed the tool is planning to release it in two weeks.
When you log in to Gmail the website sends a cookie (a text file) containing your session ID to the browser. This file makes it possible for the website to know that you are authenticated and keep you logged in for two weeks, unless you manually hit the sign out button. When you hit sign out this cookie is cleared.
Even though when you log in, Gmail forces the authentication over SSL (Secure Socket Layer), you are not secure because it reverts back to a regular unencrypted connection after the authentication is done. According to Google this behavior was chosen because of low-bandwidth users, as SLL connections are slower.
The problem lies with the fact that every time you access anything on Gmail, even an image, your browser also sends your cookie to the website. This makes it possible for an attacker sniffing traffic on the network to insert an image served from http://mail.google.com and force your browser to send the cookie file, thus getting your session ID. Once this happens the attacker can log in to the account without the need of a password. People checking their e-mail from public wireless hotspots are obviously more likely to get attacked than the ones using secure wired networks.
Perry mentioned that he notified Google about this situation over a year ago and even though eventually it made this option available, he is not happy with the lack of information. “Google did not explain why using this new feature was so important” he said. He continued and explained the implications of not informing the users, “This gives people who routinely log in to Gmail beginning with an https:// session a false sense of security, because they think they’re secure but they’re really not.”
If you are logging in to your Gmail account from different locations and you would like to benefit from this option only when you are using unsecured networks, you can force it by manually typing https://mail.google.com before you log in. This will access the SSL version of Gmail and it will be persistent over your entire session and not only during authentication.
Copied for help from another site

YouTube - Windows Vista and Windows Live

Saturday, August 16, 2008 0 Comments A+ a-

Well I was surfing YouTube Videos I found this one film .

She speaks how Windows Vista and Windows Live made her life betterthumbs_up.

Windows Vista and Windows Live in somebody's life

Hope you enjoy it smile_regular

C Ukiss

Understanding Windows Vista Aero Glass Requirements

Friday, August 08, 2008 2 Comments A+ a-

The Windows Vista Aero Glass interface is one of the major changes in the newest version of windows. What is less clear for most people is what conditions have to be met for Aero to be enabled. If you are sure your system meets the requirements but it's still not enabled, Here's a list of conditions.

  • Your graphics card should support DirectX 9. Most decent cards already do.

  • The graphics card must support Pixel Shader 2.0 in hardware. This is the critical piece that you will have to check with your graphics card manufacturer. If you have a newer ATI or NVIDIA card, you should be good.

  • The driver must be written specifically for Windows Vista. You'll be able to see that your graphics card driver is a Windows Vista Display Driver Model (WDDM) driver by looking at the adapter type in device manager:

  • The system must be set to 32 bits per pixel. If you are running at a different color depth, this could be the reason why your system doesn't have Aero enabled.

  • The primary monitor refresh rate must be set to at least 10hz. Why you'd have it set to less, I have no clue.

  • You must have a graphics card with at least 64MB of RAM in it, although I'd suggest a card with more memory. If you have a lower memory graphics card, you may have to decrease the resolution to enable Aero.

  • Your system must have at least 512mb of available RAM. I'd suggest using at least 1GB of RAM in your computer, and preferably even more.

  • Aero will not work on Windows Vista Basic edition. For best results, get the Ultimate version.

If you meet all of the conditions and Aero still isn't enabled, you can manually enable Aero by right-clicking on the desktop, clicking Personalize, and clicking Window Color and Appearance.

You should see Windows Aero in the list. Click that, and hopefully Aero will now be enabled.

This is copied from another site just for help

My all new website , only for me ^_^ !!!

Tuesday, August 05, 2008 3 Comments A+ a-

Hi !

Today is something else but tech,it's about me and this blog.

I've been away from this blog but I didn't stop writing,I'm currently and the most of the time on my blog on my website.

It's better for me to write on my website and make it poular,but I steel love this blog,I've got great memories with it , so I'm not deleting it, but if I don't write here so long, go and visit my website and you're going to find the news for sure.

Thanks and here is my website : http://www.emogirl72.webs.com .

See ya