IT Spot

A team of security researchers has won $10,000 for hacking MacBook Air in two minutes using an undisclosed Safari vulnerability.

IDG News Service is camped out at CanSecWest in lovely Vancouver, and has chronicled the exploits (gotta love security puns) of Charlie Miller, Jake Honoroff, and Mark Daniel of Independent Security Evaluators during the Pwn to Own contest sponsored by Tipping Point. The team was able to gain control of a MacBook Air on the second day of the hacking competition, which pitted the Air against Windows Vista and Ubuntu machines.

Charlie Miller pwns a MacBook Air at CanSecWest.

(Credit: TippingPoint)

No one was able to execute code on any of the systems during Wednesday, the first day of the contest, when hacks were limited to over-the-network techniques on the operating systems themselves. But on the second day, the rules changed to allow attacks delivered by tricking someone to visit a maliciously crafted Web site, or open an e-mail. Hackers were also allowed to target “default installed client-side applications,” such as browsers.

The team had attack code already set up on a Web site, and was able to gain access to the MacBook Air and retrieve a file after judges were “tricked” into visiting the site. According to the TippingPoint DVLabs blog, a newly discovered vulnerability in Safari was used to gain control of the Air.

The contest rules stipulated that winners immediately sign a nondisclosure agreement relating to their technique, so that the vulnerability could be disclosed to the vendor, and Tipping Point said Apple has been informed of the vulnerability.

Last year’s contest was won by exploiting a QuickTime vulnerability, which was patched by Apple in less than two weeks. As of the time I posted this, no one had gained control of the Vista or Ubuntu machines, but I’ll update later as the results come in over the rest of the afternoon.

Desktop search is one of those really great things for people that have a lot of files and tend to forget where they all are.

From my experience, such engines can also be prone to glitches and slow performance. Microsoft is hoping to change some of those perceptions with an updated version of its desktop search product. Microsoft says Windows Search 4.0, of which a preview version was made public on Thursday, can speed query response time by a third as compared with the version of the search tool included in the initial release of Vista.

The software maker also said it has fixed the majority of the reported bugs found in the product since the release of Vista as well as adding a feature that allows the search index to roll back to a previously saved version if it encounters an error, as opposed to needing to rebuild the index from scratch.

Windows Search 4.0 is available both as an update to Vista’s built-in search engine as well as an updated version of the XP add-on that Microsoft has had available for some time, previously under the name Windows Desktop Search.

These changes are separate from moves Microsoft made within Vista Service Pack 1 to address concerns from Google. As part of those changes, Microsoft changed the way it displays search results in the operating system and created a mechanism for both users and computer makers to specify an alternate default desktop search program.

It’s interesting that Microsoft is making these changes separate from Service Pack 1. I asked if this might be a trend toward updating operating system components outside of Windows releases. Here’s the response I got back, in the form of a statement.

“Microsoft does not have any specific plans for releasing future updates to the search engine separately from Windows.” the company said. “However, the company is always listening to customer feedback and will plan future releases with their feedback in mind.”

BitTorrent president and co-founder Ashwin Navin talks up Comcast detente, even though BitTorrent will still be filtered on a ‘protocol-agnostic’ basis.

(Credit: Anne Broache/News.com)

HOLLYWOOD, Calif.–Public pronouncements of the thaw in Comcast-BitTorrent relations continued on Thursday, with BitTorrent’s president calling their newly hatched agreement a “win” for anyone who develops bandwidth-intensive applications.

Earlier on Thursday, the companies announced plans to forge a “collaborative effort” in which the cable operator would devise a method to manage its traffic on a “protocol agnostic” basis, while the file-sharing application firm would work on making the process of transferring large files work more smoothly on that network.

The agreement doesn’t mean that Comcast will stop doing traffic management deemed necessary to keep its pipes unclogged at peak congestion hours, but BitTorrent president and co-founder Ashwin Navin said he’s okay with that.

“Internet service providers will need the ability to shape the traffic in order to provide service,” Navin told CNET News.com’s Declan McCullagh during an on-stage discussion at a technology policy conference here. “The win here for BitTorrent and for all peer-to-peer applications is that we will not be treated differntly from other forms of Internet traffic.”

The pact between the two companies arrives as the Federal Communications Commission investigates whether Comcast’s admitted disruption of file-sharing uploads was a “reasonable” episode of network management or something more sinister.

Navin said he feels good about BitTorrent’s relationship with Comcast, but he didn’t rule out the possibility of the FCC decreeing more specific rules by which all Internet service providers should abide.

“The FCC still has other ISPs in this country it obviously needs to be vigilant over,” he said, although he didn’t name any specific companies.

But right now, the 55-member company based in San Francisco has no plans to develop a presence in the nation’s capital, though, and views its role in affecting policy-making as limited.

“We’re not going to be the ones who hire lobbyists, we’ll leave that to the ones at Google and Microsoft,” Navin said.

On copyright
Shortly after the Comcast-BitTorrent news broke, a seemingly unlikely suspect released a press release praising the deal: the Motion Picture Association of America.

MPAA President Dan Glickman called the agreement “exactly the kind of industry cooperation that is urgently needed to address the problem of online piracy,” even though the joint BitTorrent-Comcast press release made no mention of copyright infringement matters.

Navin, for his part, said he wasn’t “quite sure” where the MPAA got that impression. He did, however, say that he received a call from the organization Thursday morning, and it appears to be on board with “making sure whatever we do…does take into account the DMCA (Digital Millennium Copyright Act) and whatever interest the copyright holders have.”

It would be completely possible for Internet service providers and copyright holders to collaborate and essentially “sit” on BitTorrent streams, looking for pirated content, although such a practice could raise privacy concerns, Navin acknowledged. He suggested rights holders could benefit from embracing content delivery methods like peer-to-peer filesharing, and BitTorrent has already struck scores of those deals itself.

“I’m actually a strong believer that in the future, the whole idea of digital piracy will be not nearly as pronounced as it is today,” Navin said, “because we will have innovated business models and actually found ways to monetize free flow of video.”

Wireless equipment maker Nokia Siemens Networks said Thursday that it has new software that will more than double the download speed on networks using 2.5G EDGE (Enhanced Data for GSM Environment) wireless technology.

This is good news for first generation iPhone users whose phones connect to the mobile Net via AT&T’s EDGE network. On average iPhone users report that they can get download speeds of 210 kbps. Nokia Siemens says that with a simple software upgrade to the EDGE network equipment, operators, like AT&T, can offer their customers download speeds of 592 kilobits per second.

EDGE is typically considered a 2.5G network technology that is based on the worldwide GSM (Global System Mobile Communications) cell phone standard. Many cell phone operators, such as AT&T, first built their wireless data networks using this technology. But now AT&T and other GSM carriers around the world are deploying faster 3G networks using a technology called HSDPA (High-Speed Downlink Packet Access). Networks using HSDPA offer download speeds between 600 kbps and 1.4 megabits per second.

Most of the 3G rollouts are nearing completion and many carriers are already talking about 4G networks. This means there are few, if any, carriers around the globe still deploying new EDGE networks. So why is Nokia Siemens enhancing the technology?

The reason is simple. Nokia Siemens believes that speedier EDGE networks will extend the life of the already deployed 2.5G networks. Carriers have already paid for these networks, so the software upgrade simply breathes new life into an existing asset. The network upgrade also allows mobile operators to provide a smoother transition between the 2.5G EDGE network and the newer 3G HSDPA network, since most carriers have a wider network footprint using EDGE than they do using HSDPA.

For example, I have a 3G Samsung Blackjack that operates on AT&T’s network. In New York City where I live I access AT&T’s 3G network when I download my work email or when I check my favorite mobile Web sites. But when I visit my father at the beach in Delaware, my phone often roams to AT&T’s EDGE network, because the 3G service is limited there. When I try to access mobile Web pages or sync my email from the EDGE network, the service is painfully slow. If AT&T used Nokia Siemens’ software to speed up its EDGE network, I probably wouldn’t even notice when I was roaming on EDGE instead of using the 3G network.

“By 2015, we expect to live in a broadband-IP world with five billion people ‘always on’ and therefore Nokia Siemens Networks is committed to protecting customer investments and continue to implement leading EDGE technology,” Ari Lehtoranta, Head of Radio Access Business Unit for Nokia Siemens, said in a statement. “Dual Carrier software upgrade is an easy and extremely cost efficient step to bring broadband user experience to GSM/EDGE networks.”

A faster EDGE network would also be great for all those first generation iPhone users whose biggest complaint is that downloading Web pages on an iPhone over AT&T’s network is like watching paint dry.

Of course, AT&T would have to deploy the Nokia Siemens technology in order to get these benefits. The software will be available in the third quarter of 2008, the company said.

Women’s-focused media and advertising company Glam Media has acquired StyleMob, a small social-media site consisting of a blog and some community features pertaining to fashion. Financial terms were not disclosed.

The rumor was first reported in Valleywag earlier on Thursday, where blogger Nicholas Carlson added that StyleMob’s founders “weren’t happy” about the acquisition. Glam Media recently raised significant venture funding and hinted that it would go in part toward purchasing smaller companies.

StyleMob, centered on “street fashion” rather than the runways of Paris and Milan, had already been a part of Glam’s advertising network prior to the acquisition. As it turns out, the deal was actually closed earlier this year. “Glam Media did acquire StyleMob, a fashion social media site founded in early 2007. All three employees are now with Glam,” Glam Media public relations director Caroline Hacker said in a statement. “Co-founder Adam Souzis was previously announced as executive director of Glam Labs, the technology research arm of Glam (on) February 4th.”

Recent months have seen a number of acquisitions in the fashion-media start-up space, including some by women’s blog network Sugar Inc. Glam, meanwhile, has stayed relatively mum on purchases, choosing instead to expand its advertising reach.

It seems that someone may be Twittering from the UK prime minister’s office. If not, it’s a pretty well-conceived hoax.

(Credit: Daniel Terdiman/CNET News.com)

Can heads of state Twitter?

Well, I wouldn’t go so far as to expect anyone in as lofty a position as UK PM Gordon Brown to spend their time actually posting to Twitter themselves. But it appears that someone out there in Twitter-land has started an account that purports to be the “official twitter channel for the Prime Minister’s Office based at 10 Downing Street.”

Looking briefly at the official Web site for the prime minister’s office, I don’t see any mention of Twitter, but whoever is posting from that account is doing pretty much nothing except what appears to be the kind of official news that would come from the press office of a place like 10 Downing Street.

And according to the official blog of global PR company Edelman, this is most likey, a Twitter account coming from Downing Street.

It also would seem to be in character for the PM’s press office, which already offers podcasts, email updates, Web chats and other multi-media elements. Perhaps the lack of mention of Twitter is simply because they don’t want to get flooded yet. As of now, the account has only posted eight Tweets.

An example: “No10 news: Sarkozy arrives at Number 10: The Prime Minister has welcomed French President.. http://tinyurl.com/36ghab.”

If this is true, then, I would say it’s definitely interesting, very forward-thinking and a big step for Twitter and other social media platforms.

If it’s not true, then the joke’s on Edelman, on me and on anyone else who fell for this.

A new report on the tech habits of women shows that the female of the species is edging out the male in the areas of DVR use and ownership of portable game devices.

The study, done independently by Solutions Research Group, and released Thursday, was undertaken to explore the “digital lifestyles” of American women. Data was collected from more than 2,000 respondents between October 2006 and February 2008.

What the final tally shows is that women are as comfortable with popular consumer technology as men (not really a surprise), and that they’re making significant inroads into the gaming lifestyle, which has long been dominated by men.

Women who own DVRs spend more than half of their TV viewing time watching time-shifted content.

(Credit: TiVo)

For example, SGR characterizes women who own DVRs as much “more enthusiastic” about them than men. That’s because women spend 56 percent of their TV-watching time viewing time-shifted content on their DVR. Men spend 42 percent of their time using their DVRs. The discrepancy between the two has much to do with the type of shows men and women watch, according to Kaan Yigit, SGR’s director of syndicated studies.

“Men are more likely to watch sports, which has more impact live, obviously,” he said. Women are more likely to watch half-hour comedies and 1-hour dramas, he said. Because of those same content preferences, women are also more likely to stream television shows from network TV Web sites.

In the gaming realm, men continue to lead in playing video game consoles–half of all men had played a console game in the previous month, whereas 38 percent of women had–but women are demonstrating a taste for portable game devices. Fourteen percent of women who describe themselves as “gamers” own a PSP (PlayStation Portable), compared to 11 percent of men who are gamers.

“It’s a marginal difference, but in every other category, men or boys are slightly or substantially higher, as in the case of Xbox 360 ownership,” Yigit said. “We find in general that girls and young women are more likely to skew to (owning) portable units, like the Game Boy Advance for the convenience and portability.”

Facebook today but Twitter tomorrow?

The geeks know Twitter but most folks don’t and that’s one reason why Facebook was able to convince Hong Kong rich guy Li Ka-shing to pay at least $100 million for a piece of the company.

As long as Facebook can make the case that it’s the hippest of the new, new things out there in cyberland, fine. And for the time being, it’s probably got little to worry about. The OpenSocial Foundation - my colleague Caroline McCarthy calls it “The Justice League of social media” - is still a concept waiting to materialize. There are a lot of cooks stirring that pot but it may very well one day become a big deal. Until then, however, it’s just high-priced PR.

But there’s an interesting discussion around a Twitter versus Facebook faceoff looming. In a video post making the rounds, Gary Vaynerchuk riffs about the quickness of Twitter becoming a factor - at least among the early adopter crowd.

“The instant gratification. The world is moving so quickly. That the fact that we can get that response so quickly. Look AOL Instant Messager - still around and strong, right? So is Twitter taking a lot from Facebook?”

Provocative question. I think he’s onto something. I’ve no interest in revisiting the entire Sarah Lacy-Mark Zuckerberg episode at South by Southwest earlier this month. Still, the Twitter conversations which broke out in parallel between audience attendees testifies to something real about the potential for the technology. Even among some of my friends, I’ve noticed a uptick of interest in Twitter. And these are civilians, people who associate a “byte” with lunch. If now they’re getting into Twitter, it’s time to pay attention. When Facebook’s popularity turned viral last year, I saw something similar.

Is there real change in the air or is it a passing affectation? Even though Twitter is faster and more interactive, Facebook, at least for the moment, remains a more “sticky” hangout for users. That won’t last if Facebook fails to provide more zip to its feeds. For all the elegance that went into the Facebook platform’s design I prefer something that’s tailored to the frenetic mobile, interactive times we inhabit. And no, gobsmacking each other with zombie attacks does not qualify as interactivity.

In the end, the speed freaks will decide the issue. They’re still up for grabs but for how much longer? Check out what Vaynerchuk and post your opinion - or Twitter it to me at “Coopeydoop.”

There’s nothing fun about being on a wait list, especially when you’re told the wait just got longer.

Skyfire, a new cell phone browser demoed in February, hit such demand in its closed beta program, the company split participation into two rounds. According to a Skyfire statement, those lucky ducks who signed up before March 1 made the cut for Beta 1 and will receive the golden invitation to join the testing in phases from now until the end of April.

This first phalanx of users will also be invited to continue their testing as the second round of beta testers, who signed up March 2 or after, is welcomed aboard sometime this summer. If you’ve got a Windows Mobile phone, it’s still not too late to add your name to Skyfire’s growing list of second-session testers.

In the meantime, live vicariously through this video of the browser’s current features.

The latest paid-click data for search engines shows that Americans are clicking on paid search ads less than we did last year — not an encouraging trend for the state of online advertising.

For Google alone, which represents about 60 percent of the U.S. search market and is a bellwether for Internet companies, this deceleration in paid click growth has been going on since at least October. Year-over-year monthly growth rates in paid clicks have fallen from 37 percent in October to 27 percent in November, 12 percent in December, 0 percent in January and now 3 percent in February, according to ComScore figures published by Silicon Alley Insider. (ComScore does not disclose the paid-click data to the public; only to Wall Street analysts.)

Google representatives declined to comment on the paid click data so we don’t know exactly what is going on or how worried to be.

There are several theories as to on why paid click growth is down. ComScore has noted that Google’s quality initiatives designed to improve the relevancy of ads played a part.

But analysts say that can’t be all that’s going on, and at least one expert says the paid click trend is backed up by other sources.

Clay Moran of Stanford Group says his informal survey of search engine marketing firms shows that about one-quarter of them are worried that a general recession could impact online ad spending.

“Typically in mid-December we get nearly almost positive feedback” from search engine marketers, he says. “But over the past few months there has been a more mixed response in our channel checks. They are concerned about an economic slowdown affecting Internet advertising.”

That information, coupled with the paid-click data from ComScore has prompted Stanford Group to cut its forecasts for Google several times. In January before Google’s fourth-quarter results missed Wall Street estimates, Stanford was forecasting earnings growth of 34 percent this year and had a price target of $735 per share. Now, the earnings are forecast to grow only 25 percent this year and the price target is $500.

“Internet search growth has slowed down materially, possibly dramatically, due in part to changes Google made to the quality of their ads, but also due to the overall macro-economic environment,” Moran says.

While Google’s core business is slowing, its new revenue initiatives, including display, mobile and YouTube advertising, haven’t ramped up, he said. “These are the areas we’re looking at to see if Google will regain some of its momentum.”

We already know that financial services companies, the biggest buyers of paid search and online ads, have cut back their online ad spending as a result of the housing crunch.

If we connect the dots the picture gets clearer. Just like in past recessions, people are tightening their belts and trying to spend less, which means those ads on Google are less enticing and there are likely fewer ads as retailers themselves pull back on spending.

Now the questions are how far will the growth rate dip and how long will the contraction last? All the ComScore data in the world can’t help analysts predict that.