Latest Post

USA Today hacked by Script Kiddies on Twitter

Written By Unknown on Monday, 26 September 2011 | 12:49

usatoday-hacked
A group of hackers who target the Twitter feeds of news organisations claimed a fresh victim on Sunday when they hijacked the micro-blogging feed of USA Today.

The group, who use the self-disparaging moniker Script Kiddies, hijacked the @USAToday Twitter feed to encourage fans to contact them to suggest new targets. "Please like The Script Kiddies on Facebook! You could choose our next target!" one of the unauthorised (since purged) updates said.

USA Today quickly regained control of the compromised feed. "@usatoday was hacked and as a result false tweets were sent. We worked with Twitter to correct it. The account is now back in our control," it said. "We apologize for any inconvenience or confusion caused to our readers and thank you for reading @usatoday."

Script Kiddies previously hit the micro-blogging feeds of Fox News – where they posted a false bulletin on the fictitious assassination of US President Barack Obama – and NBC News, where they posted false news about an imaginary terrorist attack on New York.

It's unclear how the feeds were compromised but weak password security of one type or another is one obvious suspect. A combination of social engineering and malware is also possible and seems to be the most likely scenario, at least as far as the NBC hack is concerned.

More commentary on the hack – including screenshots of the unauthorised posts – can be found in a blog post by net security firm Sophos here.

We don't track logged-out users, says Facebook

facebook.png
Facebook has attempted to shoot down claims that it leaves cookies on users' machines even after they log out of the social network. The response came after an Australian blogger alleged the site can still snoop on your web surfing after you've signed out.

Nik Cubrilovic, concerned about Facebook's approach to privacy, said that logging out doesn’t make a blind bit of difference, adding that Facebook still has ways to potentially track your behavior.

Cubrilovic’s conclusion after examining the behavior of Facebook’s cookies is simple: “Even if you are logged out, Facebook still knows and can track every page you visit.”

This is because instead of telling browsers to remove cookies when users log out, Facebook merely "alters" the state of those little parcels of data – including the cookie that stores your account number.

As a result, if you happen to pass by a page with a Facebook “like” button, "share" button, “or any other widget”, your information – including your account number – will be sent back to Facebook. And if you log into Facebook from a public terminal, those cookies could be left behind.

However, Facebook doesn’t agree. Whether or not Cubrilovic’s claim that he notified Facebook without response during 2010 is accurate, he certainly got a hair-trigger response from Facebook this time.

In a comment on Cubrilovic's blog, a Facebook engineer – identifying himself as staffer Gregg Stefancik – said that “our cookies aren’t used for tracking”, and that “most of the cookies you highlight have benign names and values”.

"Generally, unlike other major internet companies, we have no interest in tracking people," the insider added.

LulzSec Hackers betrayed by HideMyAss.com

Written By Unknown on Sunday, 25 September 2011 | 10:00

lulzsec-jail
It was last week, Cody Kretsinger, a 23 years old from Phoenix, Arizona that was allegedly involved in hacking Sony Pictures, got arrested and I was having a battle of the mind on how and what possible means that Feds used to track this guy down.

Well it now seems that what we should believe to be hiding our ass is now exposing our ass. HideMyAss.com allows you to surf anonymously online in complete privacy.

The indictment against Kretsinger says he used a proxy server to hide his identity while carrying out the attack. But it emerged that the site he allegedly used to disguise his identity cooperated with the Feds to track him down.

The details of how it all happened is not yet public, but Hidemyass blog said they had to cooperate with the police when a leaked IRC chat logs that was released, exposed the participants of using various VPN service which their's were among.

It first came to our attention when leaked IRC chat logs were released, in these logs participants discussed about various VPN services they use, and it became apparent that some members were using our service. No action was taken, after all there was no evidence to suggest wrongdoing and nothing to identify which accounts with us they were using. At a later date it came as no surprise to have received a court order asking for information relating to an account associated with some or all of the above cases. As stated in our terms of service and privacy policy our service is not to be used for illegal activity, and as a legitimate company we will cooperate with law enforcement if we receive a court order (equivalent of a subpoena in the US).
You can be sure that HideMyAss is not the only provider to be hit with subpoenas and essentially being forced to hand over user data. It’s likely the FBI and other officials are digging deep and requesting similar information from other VPN providers and online services such as Pastebin, Twitter, and other tools and web services commonly used by hackers.

Full indictment is below:

Cody Andrew Kretsinger Indictment

Adobe patches Flash bug hackers are already exploiting

Written By Unknown on Friday, 23 September 2011 | 13:08

adobe-flash-player
Adobe on Wednesday patched six vulnerabilities in Flash Player, including one it admitted is already being exploited by attackers.

That vulnerability, identified as CVE-2011-2444, shares some traits with an earlier Flash flaw that was used to target Gmail accounts in June.

Adobe labeled CVE-2011-2444 as a cross-site scripting (XSS) vulnerability, a class of bugs often used by identity thieves to steal usernames and passwords from vulnerable browsers. In this case, browsers were not directly targeted; rather, attackers exploited the ubiquitous Flash Player browser plug-in.

Like the June Flash bug, CVE-2011-2444 was reported to Adobe by Google's security team.

Adobe also used almost identical phrasing to describe both CVE-2011-2444 and the June vulnerability in its security advisories.

"There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message," said Adobe in Wednesday's advisory as well as the one it published in June. "This universal cross-site scripting issue could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website."

Adobe declined to comment on how the CVE-2011-2444 vulnerability was being exploited and instead referred questions to Google. The latter did not immediately reply to an emailed query.

Four of the five other Flash bugs that Adobe patched today could be exploited by attackers to run their malicious code on victimized computers, Adobe said in its advisory.

Wednesday's Flash update was the first since Adobe patched 13 bugs on Aug. 9. Adobe has fixed Flash eight times so far this year, including several emergency, or "out-of-band," updates rushed to users because attacks were under way.

The patched versions of Flash Player for Windows, Mac, Linux and Solaris can be downloaded from Adobe's Web site. Alternately, users can run Flash's update tool or wait for the software to prompt them that a new version is available.

Android users must browse to the Android Market to update Flash.

Google silently updated its Chrome browser on Tuesday to include the patched version of Flash Player. Google has been including Flash with Chrome since April 2010, and remains the only browser maker to bundle the plug-in with its own releases.

Alleged LulzSec, Anonymous hackers arrested

antisec
An Arizona man was arrested today for allegedly stealing data from Sony Pictures Entertainment earlier this year, and two others were indicted on charges of participating in a denial-of-service (DoS) attack that temporarily shut down Santa Cruz County servers late last year.


Cody Andrew Kretsinger, 23, of Phoenix was indicted September 2 by a federal grand jury on charges of conspiracy and unauthorized impairment of a protected computer, the FBI said in a statement. Kretsinger could not be reached for comment.

Separately, 47-year-old Christopher Doyon of Mountain View, Calif., was arrested and appeared before Magistrate Judge Howard Lloyd in U.S. District Court for the Northern District of California in San Jose, according to a U.S. Department of Justice statement released this afternoon. Lloyd ordered that a bail study be done and set a court appearance for September 29 at 1:30 p.m. PT.

Doyon, who allegedly uses the alias "Commander X," and Joshua John Covelli, 26, of Fairborn, Ohio, were indicted on charges of conspiracy to cause intentional damage to a protected computer, causing intentional damage to a protected computer, and aiding and abetting by participating in a distributed DoS attack on Santa Cruz County servers December 16, 2010, shutting down the Web site. A criminal summons was issued to Covelli, aka "Absolem" or "Toxic," to appear before Magistrate Paul Grewal in San Jose on November 1.

In the Sony case, Kretsinger is accused of using proxy services via the hidemyass.com site, designed to offer anonymous Internet access, to probe Sony Pictures Entertainment's computer systems in May, according to the indictment, which was unsealed in U.S. District Court in Los Angeles today.

He and other co-conspirators looked for vulnerabilities and exploited them by means of a SQL injection attack between May 27 and June 2, the indictment says. They then allegedly compromised the Sony system, making "tens of thousands of requests for confidential data," and released the information from Sony on a public Web site and on Twitter.

Kretsinger permanently erased the hard drive of the computer he used to conduct the attack, the indictment alleges. He is due to make an initial appearance in federal court in Phoenix today. The U.S. government will request that he be transferred to Los Angeles to face prosecution. He faces up to 15 years in prison if convicted.

He is alleged to have used the hacker handle "recursion" and is believed to be a member of the LulzSec hacker group.

The LulzSec group, believed to be a spinoff of the Anonymous group of online activists, had bragged about breaking into Sony Pictures' system, posting a statement on Pastebin on June 2 and proof of their attack. "We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts," the statement said. "Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 'music codes' and 3.5 million 'music coupons.'"

A week later, Sony said that actually personally identifiable information of 37,500 customers had been exposed in the breach. The breach was one of a series of attacks targeting Sony and its affiliate sites globally that started in May following a legal spat Sony had with a hacker who had modified his Sony PlayStation 3.

In the San Jose cases, the indictments allege that the attack on Santa Cruz County servers was orchestrated by the People's Liberation Front (PLF), which is associated with the Anonymous group. After the city enacted a law restricting camping in city limits, protesters occupied the courthouse premises and several were charged with misdemeanors, the Justice Department said. In retaliation, the PLF organized the DoS attack, the statement alleges.

Covelli is also separately under indictment in U.S. District Court for the Northern District for allegedly participating in a distributed DoS attack on PayPal in December 2010. His next court appearance in that case is set for November 1 at 9 a.m. PT before Judge Lowell D. Jensen in San Jose. Neither Doyon nor Covelli could immediately be reached for comment this afternoon.

The Justice Department and FBI said they could not comment on the San Jose cases beyond the indictments and statements, so it is unclear exactly where Doyon was arrested. Earlier today, Fox News reported that a hacker who is believed to be homeless was arrested in San Francisco on charges of participating in attacks allegedly carried out by activist group Anonymous on Santa Cruz County government Web sites, and that search warrants were being executed in New Jersey, Minnesota, and Montana. An FBI spokesman said that the agency does not typically comment on search warrants.

How to remove the Facebook ticker


If you have checked Facebook recently, you have probably noticed a sidebar ticker has been added to the right-hand column of the newly redesigned News Feed, along with complaints and snarky comments about the new News Feed and this ticker. About the ticker, Facebook says:

Ticker, on the right-hand side of your account, lets you see all your friends' activity in real-time. When you hover over an item on ticker, you can see the full story and join the conversation as it happens. Ticker updates itself as stories happen. This gives you a more complete picture of what your friends are doing, right now.
To my eye, this ticker needlessly busies the News Feed page. It's a Facebook news feed inside a Facebook news feed. It reminds me of the joke about there being so many Starbucks that the coffee giant started opening new Starbucks stores inside existing Starbucks stores.

Facebook doesn't allow you to close the ticker, stating:

You can't close ticker, but you can make it smaller by moving the horizontal bar between ticker and chat. Slide the bar up to hide ticker and make your chat list longer. Pull the bar down to show more of the ticker and hide chat.
Thankfully, there are quick and easy ways in both Firefox and Chrome to get rid of the ticker.

In Chrome, simply install the Hide Facebook SideBar Ticker extension and the ticker will vanish.

In Firefox, you will need to install a user script. To do so, first install the Greasemonkey add-on and then install this user script. When prompted, restart Firefox and the ticker will be gone. Do note that this user script removes the entire right column of Facebook, including the ticker, event invitations, ads, sponsored stories, friends' photos, and so on.

How To Enable Facebook Timeline Right Now

Yesterday, Facebook announced Timeline, a crazy (and kind of creepy) omnibus look at everything that has ever happened in your Facebook lifespan. It’s like a story book of your life from the very beginning your joined Facebook

If you are impatient and want to experience the Facebook Timeline, you can turn it through the developer section of Facebook. The process is simple, takes a few minutes, and will require some patience as Facebook tidies up any lingering issues and bugs. Read on.

1. Visit the Facebook Developer page, and enable it for your account. If you aren't currently logged in, you will be required to do so.

2. The button to create a new app can be found in the top right corner of the Apps page. Make sure to give your app a display name and name space when requested (it doesn't matter what you enter here, no one will see this app, just make something up and continue). Accept the Platform Privacy agreement by checking the box. You will have to have a verified Facebook account, meaning you have either a credit card or phone number on file.


3. After the app has been named and terms accepted, you will then be taken to your shiny new apps' settings screen. You will see an Open Graph option on the left-hand side. Click on it.

4. You will need to define an action for your new app. You can enter whatever you like; no one is going to see this app when all is said and done, so don't fret too much over the details. (We entered "People can 'high five' a 'video'" as our action). Click on Get Started once you have entered your action.


5. Once you are presented with the screen above, you don't actually have to do anything, just scroll to the bottom and select Save Changes. You may have to do this on a couple different screens; just remember to scroll to the bottom and select Save Changes.


6. After you are taken back to the Dashboard for Open Graph, you have completed the setup process. Give it a few minutes, then go back to your Facebook home page. You should then see a big invite to enable Timeline. If you don't see it right away, give it a few minutes

That's it. Once you click on Get It Now, you will then be redirected to your new Timeline. Your Timeline is private, by default, for the time being. You can either edit it until you are ready to publish it, or you can ride it out and let Facebook publish it for you on September 29.

One more note: if you access your Facebook account from another computer, your Timeline is turned off. To get it back, enter the follow URL into your browser: http:www.facebook.com/[yourusername]?sk=timeline. Make sure to replace [yourusername] with your actual Facebook username.

Anonymous Declares 'Day of Vengeance' on Sept. 24

Written By Unknown on Thursday, 22 September 2011 | 09:37

AnonymousLogo_270x265.png
Hacktivist group Anonymous is planning to hold a special "Day of Vengeance" in several cities around the U.S. on Saturday.

Late last night, Anonymous--or at least people claiming to be from Anonymous--posted a press release on Pastebin, saying that Saturday will be marked by peaceful protests in cities across the U.S. combined with cyberattacks on "various targets, including Wall Street, Corrupt Banking Institutions, and the New York City Police Department."

The group suggests following Twitter account @PLF2012, which it says will publish “ongoing reports” throughout the day.


The full press release:

Wednesday – September 21, 2011

On September 17, 2011 approximately 15,000 peaceful demonstrators
in dozens of cities around the USA gathered, marched – and occupied
public space to protest the unjust policies of the US government
and the corruption in our financial institutions. The central
protest site was in the financial district of New York City, where
peaceful protesters faced phalanxes of heavily armed paramilitary
police officers from local and federal jurisdictions. The arrests
began almost immediately, many for violating the 1845 so called
“mask” laws.

Later that day, and according to plan – many of these protests
ended with a peaceful occupation of public space. Again, the
central occupation occurred in NYC. More arrests continued to take
place. All of this was expected, it is part of progressive
activism. Anonymous was content to challenge these stupid “mask”
laws in court. Not only is the Guy Fawlkes mask covered under
freedom expression as a symbol of our movement, but we believe that
everyone has a right to protest anonymously using bandanas, masks -
etc.

But then on Tuesday – September 20, 2011 everything changed in a
flash of police instigated violence. As rain began to fall on the
NYC encampment, heavily armed police moved in; Removing tarps used
to cover media equipment, arresting independent journalists,
confiscating media equipment – and using excessive force against
and arresting innocent peaceful protesters, several of whom were
abused and injured.

http://youtu.be/dyvbI6Eq-qA

This year, we heard President Barack Obama and Secretary Hillary
Clinton say over and over in country after country from the Balkans
through the mid-east to Africa that the right to peacefully protest
and occupy public space is a right that MUST be respected in every
instance. And they are correct, and this also applies to the USA.
In fact, even more so. In the USA of all countries in the world,
the police should have been deployed to PROTECT the protesters -
not a giant brass bull that is the ultimate symbol of greed and
corruption in America. And yet we were treated to the grotesque
picture of dozens of armored police surrounding this brass bull,
while thousands more police were deployed solely to harass, arrest -
and abuse peaceful protesters.

http://bit.ly/qdvYAj

Anonymous & the other cyber liberation groups around the world
together with all the freedom loving people in the USA will NOT
stand for this. We will peacefully yet forcefully resist the abuses
of the NYC Police Department. And so Anonymous announces a
nationwide “Day Of Vengence” to take place in dozens of cities
across the USA on Saturday – September 24, 2011 at High Noon.

Poster – http://t.co/BSuXCdRR

Video – http://youtu.be/2svRa-VSaOU

In coordination with these protests across the USA on September
24th, Anonymous and other cyber liberation groups will launch a
series of cyber attacks against various targets including Wall
Street, Corrupt Banking Institutions – and the NYC Police
Department. We encourage the media to follow the Twitter feed
@PLF2012 for ongoing reports throughout the day.

We Are Anonymous – We Are Everywhere – We Are Legion – We Never
Forget – We Never Forgive

EXPECT US — Anonymous

Gstar Q86 Firmware








Gstar Q86 Firmware







E-touch D35 Firmware



E-touch D35 Firmware

Etouch 529 Pro Firmware



Etouch 529 Pro Firmware




Adobe Luanches Attack on HTML 5 with Flash 11

Written By Unknown on Wednesday, 21 September 2011 | 08:43

Flash_Player_logo
Adobe has announced the next version of its Flash Player, repositioning its media platform for a mobile world where it is being increasingly shunned.

The company today unveiled the Flash Player 11 and the Flash-based runtime AIR 3, with a heavy emphasis on 3D gaming both in the features and in a roll-call of customers endorsing the duo.

Flash Player 11 and AIR 3 are scheduled for release in early October. Adobe didn't give the date, but you should expect release at Adobe's annual Max conference, between 1 and 5 October.

Both support full hardware acceleration for 2D and 3D graphics, which Adobe claims provides rendering performance 1,000 times faster than Flash Player 10 and AIR 2.

There's also something called Stage3D from Adobe's Labs, built to provide more detailed graphics. Stage3D renders "hundreds of thousands" of z-buffered triangles at 60Hz compared to thousands of non z-buffered triangles at 30Hz in earlier versions of Flash.

H.264 hardware decoding is now available for AIR applications on Apple's iOS, while Flash now works with 64-bit on Windows, Mac and Linux and in the browser.

Installation has been simplified: developers can now automatically package AIR runtimes for Android, Windows, and Apple's OS and iOS so the user doesn't have to download.

The news comes gift-wrapped in endorsements from Zynga, EA Interactive, Ubisoft and Pro 3 Games, among others.

Adobe calls Flash Player 11 and AIR 3 "the game console for the Web"; the emphasis on fine-grained rendering, hardware acceleration and H.264 is deliberate.

Gaming looks like it has become one of the niches that Adobe has bet on for the future survival of its software in a world where – at least when it comes to mobile computing – the days of defaulting to Flash for graphics or media content are coming to an end.

Windows 8 has become the latest tablet operating system to block Flash, through Microsoft's Metro UI. A version of Flash for Windows Phone, meanwhile, is still missing. The problem is Microsoft's browser, Internet Explorer, the PC version of which is now being built for the phone and tablet.

You can blame Apple's Steve Jobs, who started things by blocking Flash from the iPhone and then the iPad and then began championing HTML5, Cascading Style Sheets (CSS) and Javascript as the future of online programming. Sounding a lot like Jobs, Microsoft's IE chief Dean Hachamovitch blogged on the Metro UI news:

Running Metro style IE plug-in free improves battery life as well as security, reliability, and privacy for consumers. Plug-ins were important early on in the web's history.

But the web has come a long way since then with HTML5. Providing compatibility with legacy plug-in technologies would detract from, rather than improve, the consumer experience of browsing in the Metro style UI.
It's not all over for Flash on tablets or smartphones, with Flash running on Android and Blackberry machines. Flash can also run on iOS via AIR, it just can't run natively.

Announcing Flash Player 11 and AIR 3, Adobe let rip its standard ubiquity statistic of more than 98 per cent of internet-connected PCs supporting Flash, with some added numbers on the mobile front. Adobe expects that more than 200 million smartphones and tablets including iOS devices will support Flash-based applications via Adobe AIR. By the end of 2015, the number of devices that will support AIR is expected to increase to one billion.

As for the Microsoft question, Adobe reckons it will bring Flash to the Metro UI in the same way it landed on iOS, via the AIR runtime.

Jobs, it has to be said, cynically hyped HTML5 – a spec that is not even finished – and obfuscated what it really is. Jobs's anti-Flash thrust focused greatly on media and presentation; on the HTML5 video codec; the rendering afforded by CSS that is not a part of the core spec; and on using both HTML5 and CSS with Javascript – which comes from completely outside of the HTML family.

But history is written by the victors, and during the time Jobs blocked Flash he convinced Microsoft to dump its own proprietary plug that it built to challenge Flash, a plug-in called Silverlight, for HTML5. Also during this time, HTML5 has been continuing to evolve as a standard – even though it is still not finished – and it has become something even more people in the industry can claim to be aware of.

And while Adobe is talking tough on Windows 8, Flash will have to co-exist on Metro AIR along with Javascript and HTML, a fact that will compound the overall problem for Flash rather than make it go away or reverse its fortunes.

Flash might not be dead yet

Adobe does seem to have accepted that Flash is going to lose ground to HTML5. In a recent blog post, tools group product manager Andrew Shorten essentially called talk of Flash's death greatly exaggerated, but he also reckoned it was incumbent upon Adobe to focus on where Flex – the software development kit for building Flash-based apps – "provides unique value in the marketplace".



"There are countless examples where, in the past, Flex was (rightly) selected as the only way to deliver a great user experience. Today, many of those could be built using HTML5-related technologies and delivered via the browser," Shorten wrote here.

Where does this leave Adobe? It is not giving up. Shorten continued: "That doesn't mean, however, that HTML5 is the right choice for all use cases – the performance, framework maturity and robust tooling provided by Adobe are cited as critical factors by enterprise customers as to why they continue to select Flex."

Instead, we're seeing Adobe position Flash as something for gaming because of the fine level of detail you can get in graphics or because of the rendering speeds. Also, Adobe is punting something that is missing from HTML5: the ability for games' authors to do things like control where their games are published – meaning, ultimately, they will get paid. In other words: digital rights management (DRM).

In the meantime, Adobe is going to embrace HTML5 through its tools. Shorten said: "We will provide tooling to help designers and developers create those experiences – Edge and Muse are two such examples."

Flash 11 and AIR 3 couldn't have arrived at a period of greater uncertainty for Adobe. Thanks to Jobs, it is easy to forget that HTML5 isn't actually a product, it is a spec – and there are plenty of tooling and features missing that you would rely on tech vendors to deliver.

Also, HTML5 isn't just the video or associated graphics capabilities hyped by Jobs; the core spec remains bread-and-butter page markup while there are interesting new possibilities in areas such as offline data access.


For the future that Adobe might wish for Flash, we should perhaps look to Microsoft and Silverlight – once hailed as a plug-in usurper to Flash. Now Microsoft can't admit to having de-prioritised Silverlight and instead talks of its player being suited for use on a case-by-case basis.

Microsoft Secure Boot Firmware may Block Linux Booting

Windows-8-Linux
Computer scientists warn that proposed changes in firmware specifications may make it impossible to run “unauthorised” operating systems such as Linux and FreeBSD on PCs.

Proposed changes to the Unified Extensible Firmware Interface (UEFI) firmware specifications would mean PCs would only boot from a digitally signed image derived from a keychain rooted in keys built into the PC. Microsoft is pushing to make this mandatory in a move that could not be overridden by users and would effectively exclude alternative operating systems, according to Professor Ross Anderson of Cambridge University and other observers.

UEFI is a successor to the BIOS ROM firmware designed to shorten boot times and improve security. The framework, a key part of Windows 8, is designed to work on a variety of CPU architectures.

If the draft for UEFI is adopted without modification, then any system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux. A signed version of Linux would work, but this poses problems, as tech blogger Matthew Garrett explains.

Garrett writes:

Firstly, we'd need a non-GPL bootloader. Grub 2 is released under the GPLv3, which explicitly requires that we provide the signing keys. Grub is under GPLv2 which lacks the explicit requirement for keys, but it could be argued that the requirement for the scripts used to control compilation includes that. It's a grey area, and exploiting it would be a pretty good show of bad faith.

Secondly, in the near future the design of the kernel will mean that the kernel itself is part of the bootloader. This means that kernels will also have to be signed. Making it impossible for users or developers to build their own kernels is not practical. Finally, if we self-sign, it's still necessary to get our keys included by ever OEM.

There's no indication that Microsoft will prevent vendors from providing firmware support for disabling this feature and running unsigned code. However, experience indicates that many firmware vendors and OEMs are interested in providing only the minimum of firmware functionality required for their market.

Garrett concluded that there is no need to panic just yet.

The upshot of the changes is that considerable roadblocks might be placed in the way of running alternative operating systems on PCs. Anderson describes this as a return to the rejected Trusted Computing architecture – which at that point involved force-feeding DRM copy-protection restrictions – which may be far worse than its predecessor.

The professor said:

These issues last arose in 2003, when we fought back with the Trusted Computing FAQ and economic analysis. That initiative petered out after widespread opposition. This time round the effects could be even worse, as 'unauthorised' operating systems like Linux and FreeBSD just won’t run at all. On an old-fashioned Trusted Computing platform you could at least run Linux – it just couldn’t get at the keys for Windows Media Player.

The extension of Microsoft’s OS monopoly to hardware would be a disaster, with increased lock-in, decreased consumer choice and lack of space to innovate.

Anderson concludes that the technology might violate EU competition law in a rallying call on Cambridge University's Light Blue Touchpaper blog here.

Android Bug Allows Hackers to Install Malicious Code Without Warning

android-malware
It's been more than a month since researchers reported two serious security vulnerabilities in Android, but so far there's no indication when they will be purged from the Google-spawned operating system that's the world's most popular smartphone platform.

The first flaw allows apps to be installed without prompting users for permission. The permission-escalation vulnerability permits attackers to surreptitiously install malware in much the way a proof-of-concept exploit researcher Jon Oberheide published last year did. In that case, an app he planted in the Android Market and disguised as an expansion pack for the Angry Birds game secretly installed three additional apps that without warning monitored a phone's contacts, location information and text messages so data could transmitted to a remote server.

“The Android Market ecosystem continues to be a ripe area for bugs,” Oberheide wrote in an email. “There are some complex interactions between the device and Google's Market servers which has only been made more complex and dangerous by the Android Web Market.”

The second bug resides in the Linux kernel where Android originates and makes it possible for installed apps with limited privileges to gain full control over the device. The vulnerability is contained in code device manufacturer have put into some of Android's most popular handsets, including the Nexus S. The bug undermines the security model Google developers created to contain the damage any one application can do to the overall phone.

Oberheide and fellow researcher Zach Lanier plan to speak more about the vulnerabilities at a two-day training course at the SOURCE conference in Barcelona in November. In the meantime, they put together a brief video showing their exploits in action.



One of the hopes for Android a few years back was that it would be a viable alternative to Apple's iOS, both in terms of features and security. With the passage of time, the error of that view is becoming harder to ignore. And if i'm not wrong, Google developers have updated Android just 16 times since the OS debuted in September 2008. The number of iOS updates over the same period is 29.

It's a far cry from the approach Google takes with its Chrome browser, which is updated frequently, and has been known to release fixes for the Flash Player before they're even released by Adobe.

Even more telling, when a new version of iOS is released, it's available almost immediately to any iPhone user with the hardware to support the upgrade. Android users, by contrast, often wait years for their phone carriers to supply updates that fix code execution vulnerabilities and other serious flaws.

Owners of the Motorola Droid, for instance, are stuck running Android 2.2.2 even though that version was released in May 2010 and contains a variety of known bugs that allow attackers to steal confidential data and remotely execute code on handsets the run the outdated version.

Oberheide has more here.

The Most Important Eyeballs Are Your Own.


Forget focus groups, quantitative research and ethnography, the future of marketing lies with noise-cancelling headphones. Yesterday, I donned a pair as part of this art installation at St Pancras station and I saw the light.

The idea of the piece was to transpose the characters from the headphones onto the people moving through the station, its retail units and its food outlets. For a while it worked very well, but then I realised I was cancelling out the soundtrack and focusing solely on the silent interaction of the people around me.

Without the overhearings and the hubbub, it was a different sort of noticing - something akin to that experience of being in a country where you don't speak the language, but without the helplessness.

As long as you remember to leave your preconceptions at the door, you can learn a lot from the mass of non-verbal communication that's highlighted by the silence. It's not the future of marketing research, but it is revelatory.

Google Plus Open Beta With 9 New Features Including Search, Mobile Hangouts, And Open Signups

Written By Unknown on Tuesday, 20 September 2011 | 10:46

google-plus
Google+, the search giant's bid to boost its relevance in the socially networked world of the Web, is now open to the masses.

Google had required invitations to the service, since its debut as a "project" in June. But this morning, Google opened the doors of Google+ to all. Google+ has also graduated to being a "beta" product.

"We're nowhere near done, but with the improvements we've made so far we're ready to move from field trial to beta, and introduce our 100th feature: open sign-ups," Google Senior Vice President of Engineering Vic Gundotra wrote in a blog post. "This way anyone can visit Google.com/+, join the project, and connect with the people they care about."

Google also rolled out a host of new features to Hangouts, the videoconferencing service in Google+. Since its debut, the Hangout feature was limited to Google+ users on a PC, even though the social network was available as an application for devices running its Android mobile operating system as well as Apple's iOS.

Google is now making Hangouts available to mobile devices running Android version 2.3 and later that have front-facing cameras. And it says it will add mobile Hangouts to iOS devices "soon."

Google is also turning Hangouts into a broadcast medium. From launch, Google limited the number of participants in a Hangout to 10. The company is now letting "a limited number of broadcasters," likely those with the biggest Google+ followings, set up Hangouts On Air. The new feature still limits the number of participants to 10. But anyone can tune into a broadcast. The company is kicking off the service tomorrow night with a Hangout On Air featuring Black Eyed Peas member will.i.am.

And Google is giving users the ability to share their computer screens with others during Hangouts as well. Previously, users could watch a YouTube video together. Now, they can share computer screens to show off vacation photos, plan trips, collaborate on documents, or even scribble together on a new Sketchpad feature. And, as is Google's way with beta products, the company says it's testing the various features, which it expects to change over time.

"The extras are still under construction, but we wanted to preview these features and get your feedback sooner versus later," Gundotra wrote.
The company has also created application programming interfaces to let third-party software developers create their own applications that take advantage of Hangouts.

Google has also added search to Google+, a feature that had been surprisingly absent from the search giant's service until now. Users can type queries into the Google+ search box and get results from people and posts from the service as well as content from around the Web.

NetworkMiner, Network Forensic Analysis Tool for Windows

NetworkMiner
NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.

NetworkMiner collects data (such as forensic evidence) about hosts on the network rather than to collect data regarding the traffic on the network. The main user interface view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames).

NetworkMiner can extract files and certificates transferred over the network by parsing a PCAP file or by sniffing traffic directly from the network. This functionality can be used to extract and save media files (such as audio or video files) which are streamed across a network from websites such as YouTube. Supported protocols for file extraction are FTP, TFTP, HTTP and SMB.

NetworkMiner has, since the first release in 2007, become popular tool among incident response teams as well as law enforcement

The new version supports features such as:

  • Extraction of Google Analytics data
  • Better parsing of SMB data
  • Support for PPP frames
  • Even more stable than the 1.0 release
You can download NetworkMiner v1.1 here:

NetworkMiner_1-1.zip

Hackers break SSL encryption used by millions of sites

web-browsers
Researchers discovered that the encryption that's supposed to protect us while surfing the web is totally exploitable by hackers with the necessary know-how.

Thai Duong and Juliano Rizzo plan to demonstrate a proof-of-concept code which will prove that SSL protocols are not as secure as everyone thought them to be.

The researchers claim that their Browser Exploit Against SSL/TLS code, or BEAST, will prove to the world that any cryptographic protocol before TLS 1.1 is vulnerable and can be deciphered fairly easily.

They will attempt to decode an authentication cookie used to log-in to a PayPal account, fact which will diminish the world's faith in one of the foundation blocks of internet security.

Even though later protocols, such as the TLS 1.1 and 1.2 don't present the same weakness, these versions are yet to be implemented into websites and browser applications, which means that most popular websites are unprotected.

The algorithm was laid down in the form of a JavaScript that intercepts encrypted cookies transferred by websites during the authentication process.

“BEAST is different than most published attacks against HTTPS,” stated Duong.

“While other attacks focus on the authenticity property of SSL, BEAST attacks the confidentiality of the protocol. As far as we know, BEAST implements the first attack that actually decrypts HTTPS requests.”

What up until now has been considered to be more of a theoretical weakness has now become something real that puts us all in peril. BEAST is supposed to decrypt the authentication cookie used to access a PayPal account in 10 minutes, which is far less than anyone would expect.

So why don't website and browser developers do something about it, especially since TLS 1.1 is available since 2006?

In order to efficiently update all the security protocols, the process would have to be done by all the major players at once, otherwise, whenever a fix is attempted, incompatibilities will prevent applications that rely on the old system to work.

Out of all the browsers currently available, only Opera implements TLS 1.2 by default, while in Internet Explorer the technology is there, but lies dormant, waiting to be manually activated.

Google Chrome and Mozilla Firefox seem to be the last in this race as they seem to be waiting for each other to start the implementation.

Google Wallet to be launched soon

Written By Unknown on Monday, 19 September 2011 | 12:26

google-wallet
The pieces appear to be falling into place for the launch of Google Wallet today.

Last night, tech-media blog TechCrunch posted an image purporting to be from Google Wallet partners, showing documentation on the service. That documentation says that "Google Wallet is launching September 19, 2011."

Then this morning, another blog, GigaOm, posted an image, taken by one of its reporters at a coffee shop in San Francisco, of a Google Wallet payment reader. The reader provides directions on it, saying users must "tap" their smartphone against the device in order to "pay by smartphone."

The offering, which relies upon near-field communications (NFC) technology to work, allows users to pay for products by simply tapping their smartphone against the Google Wallet-enabled reader.

However, there are a few barriers to entry to get Google Wallet running. For one, users need the Android-based Nexus S smartphone, which has an NFC chip in it. In addition, the service is only available with MasterCard's PayPass system. According to the Google Wallet site, the service will work with Citi MasterCard credit cards and the Google PrePaid Card. In addition, Google Wallet can store "gift cards from participating merchants," Google says.

Mobile payment systems are viewed by many as the next big thing in e-commerce. A slew of companies are vying to carve out a portion of the mobile-payment service in addition to Google, including PayPal, Visa, and American Express. There is also rampant speculation that Apple's iPhone 5 will come with near-field communications, paving the way for that company to also enter the space.

However, such fragmentation could prove troublesome for consumers. In order for mobile-payment services to work, several stakeholders need to be on-board, including merchants, credit card companies, and mobile device vendors.



Exactly when Google Wallet will launch, however, still remains to be seen. The service's official Web site still says that it's "coming soon," and so far, Google has remained tight-lipped on the launch.

15 must have Android apps for IT pros

android
The best Android apps are getting harder to find in the increasingly crowded Android Market. So I've tried to test and rank a few top applications available for Android phones especially for IT professionals. These apps can help connect to servers, monitor computers, access databases, analyze the airwaves, scan networks, and serve as a reference. Here are 15 of these apps, most of them free.

1. ConnectBot (Free)

f you work with Unix-based servers or other network components that support SSH/Telnet connections, you can use this open source client to remotely connect. No need to get on the desktop or boot up your laptop. You can perform admin, maintenance, or troubleshooting tasks via command-line. Additionally, it supports local connections, so you can access the command-line of your Android.

ConnectBot supports generating and importing SSH keys. You can pan between multiple simultaneous connections and copy/paste between them or other applications. It keeps a history of previous sessions so you don't have to keep inputting the host address. Even better, you can create shortcuts to frequent hosts on your Android desktop.

2. AndFTP (Free or $5.59)

You can use this FTP/SFTP/FTPS client to download/upload files or perform administrative tasks from your Android. It features resume support and enables the basic admin tasks: renaming, deleting, updating permissions, and running custom commands. You can also send files via email, messaging, Bluetooth, and via other apps. The Pro version adds support for secure copy protocol (SCP) connections and enables remote/local folder synchronization.

3. Linux Monitor ($2.61)

If you work with Linux servers you can use this simple monitoring app to remotely keep an eye on the vitals: CPU load, RAM and disk usage, and network/port activity. View stats represented in numbers or via progress bars. Though you can monitor multiple Linux machines, you can't monitor or view them simultaneously. You must manually change the monitoring address to switch between them.

The remote Linux machine(s) must be running the Apache web server with PHP, and you must upload a simple PHP script. You can download a sample version to get a feel for the app.


4. Server Monitor (Free)

This simple monitoring app can alert you if a server or a certain component/port of it goes down. This is great if you don't already have a monitoring/alert system put into place or you'd like redundancy. It supports TCP connections as well as SSH tunnels. You add a server hostname or IP address and then you can optionally add specific components or ports to monitor, including SSH over SSH. You can define the polling frequency and toggle sound and/or vibrate alerts. You can set the service to start up automatically during boot or enable manual control.


5. httpmon (Free)

This is another monitoring app, but designed specifically for HTTP servers. You can customize a request URL and check with simple pings or with customizable conditions: the response code or time and header or content contains using substrings, wildcards, or regular expressions. You can also set the desired User Agent used for all the requests, the connection timeout, and the read timeout. On failures, it can notify, flash, alert, and vibrate your phone and/or send SMS messages to others.

6. Cellica Database for Android ($39.99 after 10-day trial)

If you work with databases on a Windows server or PC, you can use this app to access and manage them from your Android. Once you install the required software on the server or PC, you'll have encrypted access to edit fields, apply select queries, filters, sorting, or even create databases. Supported databases include: Microsoft Access, Access 2007, Microsoft Excel, Excel 2007, Oracle, SQL Server, DB2, MySQL, PostgreSQL, FoxPro, dBase, R:BASE and any ODBC Compliant Database.

7. Phoenix MySql Client (Free)

If you only desire a simple connection to MySQL databases, you can use this free app to directly connect. You can then view tables, views, and stored procedures. You can perform SQL queries and execute statements: select, create, insert, etc.

8. Wyse PocketCloud (Free or $14.99)

This remote desktop client supports Microsoft RDP, platform-independent VNC (virtual network computing), and virtual VMware View connections to Windows, Mac or Linux machines via Wi-Fi and cellular connections. It supports both Android smartphones and tablets. You might use it to provide remote tech support or access a PC for its programs or files.

If you download and install their companion software to the Windows or Mac computer, it can auto configure the connection via your Google account so you don't have to mess with router settings or IP addresses. But you can always manually configure the connection as well.

The Pro version removes the advertisements and adds more features: multiple connections, encryption to secure the connections, sound support for RDP, and VMware View support to access virtual machines.

9. Android-VNC-Viewer (Free)

If you prefer VNC for remote desktop connections and don't mind configuring the router and have static IPs or a dynamic DNS host name, you might consider using this simple open source VNC client. It supports VNC connections to most VNC servers on Windows, Linux, and Mac OS X via Wi-Fi and Cellular connections.

Unlike the Wyse PocketCloud client, this app doesn't display advertisements and gives you pinch zooming for free. On the other hand, it can't automatically secure your connections. You'd have to use a separate app, such as ConnectBot, to encrypt your connection to the computer/server you're trying to remotely access.

10. Spiceworks Mobile (Free)

If your organization uses the Spiceworks IT management solution, you can use this client app to view your network and PC inventory, manage trouble tickets, and access and manage users with support of Active Directory. You can also communicate with other IT pros in the Spiceworks community to get feedback, help, or research.

11. ActiveDir Manager (Free or $1.99)

This is a must-have app if you work with the Active Directory in your organization. It lets you view and manage users, groups, and computers right from your Android. You can reset user passwords, disable or edit user accounts, adjust group memberships, and perform other basic admin tasks. It supports Windows Server 2000 and later with StartTLS, SSL, or no encryption. It can directly connect to the Active Directory server via Wi-Fi or VPN.

The only difference between the free and paid version is that the paid version enables saving of the LDAP connection settings and options.

12. Wi-Fi Analyzer (Free)

If you work with the Wi-Fi network at your organization you may want to use this Wi-Fi stumbler and analyzer app when setting up access points, checking channel usage, troubleshooting Wi-Fi issues, or doing Wi-Fi security auditing.

You can view and export the details of access points: SSID, MAC address, encryption, channel, and signal in negative dBm levels via a graphical bar and text readout. You can view channel graphs showing each access point's channel and signal in real-time or a recent history. Then a channel rating page gives you recommendations on which channels to use. You can use the signal meter view to find the access points.

13. SharesFinder (Free)

This scans for Windows (SMB), FTP and HTTP shares/servers on the network you're connected to via Wi-Fi. It's useful if you're trying to access files on the network or when doing security auditing. For each share/server you'll see the IP and media access control address, SMB name, and vendor name.

This app also supports basic file transfers and management of the remote SMB files, such as creating and deleting files and folders. You can login as anonymous or input a username and password. For HTTP resources, it launches the web browser. For FTP resources, you can connect via a third-party FTP client, such as AndFTP.

14. Overlook Fing (Free)

If you do any networking work, this is a must-have app. It can do TCP port scanning, pinging, traceroute, and DNS lookups on a network via Wi-Fi. It also shows the network details (SSID, IP details, and speed) of your current Wi-Fi connection.

You can see and export the details (MAC address, IP and vendor) for each computer or device detected on the network, which are customizable with a name, icon or notes. You can also perform a port scan or ping a particular computer or device. It can also launch third-party client apps for SSH, Telnet, FTP, FTPS, SFTP, SCP, HTTP, secure-HTTP and SMB.

16. Linux Commands (Free)

If you use Linux but aren't an expert at the command-line, this is a great app to have for reference. It lists more than 500 Linux commands that you can browse through. Select a command and you'll see the syntax, description, and any command options. You can even star your favorite commands and have them shown at startup and/or manually access your list of favorites. Though you can find the same info online, this gives you quick off-line access.

Japan's biggest defence contractor hit by hackers

mitsubishi_logo
Mitsubishi Heavy Industries factories that build guided missiles and rocket engines; submarines; and nuclear-power equipment have had their computer networks hacked.

The firm said that the attack resulted in the infection of 10 of its sites across Japan, including its submarine manufacturing plant in Kobe and a facility in Nagoya which makes engine parts for missiles. In total 45 network servers and 38 PCs became infected with eight strains of malware, including Trojan horse programs.

News of the security breaches emerged over the weekend. Mitsubishi said the circumstances of the intrusions – first detected in mid-August – are under investigation, with a report due by the end of the month. In the mean time the firm is playing down suggestions that the malware may have been used to successfully extract industrial secrets via compromised systems.

A Mitsubishi spokesperson said "We've found out that some system information such as IP addresses has been leaked and that's creepy enough.

"We can't rule out small possibilities of further information leakage but so far crucial data about our products or technologies has been kept safe," he added.
Attacks against defence contractors have appeared frequently in the news of late. Earlier this year Lockheed Martin and L-3 Communications said they had each come under attack via an assault that relied on data stolen during the earlier RSA megahack.

Presumed industrial espionage attacks against defence contractors and energy firms are often blamed on China, an accusation that the country strongly denies. Evidence that China is involved tends to come in the form of the origin of the attack (easily faked using a compromised system in China) or regional quirks and the languages used in hostile code (harder to spoof but still inconclusive).

Google Chrome 14 Released

Written By Unknown on Friday, 16 September 2011 | 13:01

google-chrome14
Google Chrome 14 has now been released to the stable channel, making it the first time more than 100 million users will get a chance to see this latest Chrome version in action.

Google Chrome 14 doesn't boast an impressive list of new features or updates, with most of the new things, at least the interesting ones, happening under the hood.

That said, Google Chrome 14 lays the groundwork for future developments with Native Client, Google's technology for running native code from the web, reaching a mature state.

Native Client is enabled by default in Google Chrome, enabling developers to create more powerful and faster web apps than what's been possible before.

"Today, we’re happy to ship a new release to the Stable channel of Chrome, following up on last month’s Beta channel release. This release contains two significant technologies which allow developers to create even more powerful web apps and games," Brad Chen, Software Engineer at Google, announced.

"The Web Audio API enables developers to add fancy audio effects such as room simulation and spatialization," he listed one of the big new features in Google Chrome 14.

"Native Client is an open-source technology which allows C and C++ code to be seamlessly and securely executed inside the browser," he explained.

"Currently, Native Client only supports applications listed in the Chrome Web Store, but we are working to remove this limitation as soon as possible," he added.
Native Client holds a lot of promise and Google has been working on it for a couple of years. It hasn't been easy, but Google has reached a point where it can enable developers to write code once, put it up on the web and have it run, almost as fast as native code running on 'bare metal,' on any (x86) operating system supported by Chrome.

As always, if you already have Chrome installed, it will automatically update itself to the new version soon. If you haven’t taken Chrome for a spin yet, you can download it from www.google.com/chrome.

Windows 8 to come with built-in Malware Protection

Written By Unknown on Thursday, 15 September 2011 | 04:50

windows-8
Microsoft's next version of Windows will ship with "tons of security features," including one that automatically scans boot drives for malware and a revamped version of the Windows Defender antivirus program, company executives said.

At the company's BUILD conference in Anaheim, California on Tuesday, Corporate Vice President of Windows Planning and Ecosystem Michael Angiulo demonstrated an early version of Windows 8 that automatically scanned an infected USB drive used to boot the next generation operating system. Before the OS was able to load, the computer stopped the process and displayed a warning that the boot volume contained an "invalid signature" indicating it had been compromised.

He was able to get the valid version of Windows to load by turning off the system and turning it back on. The presentation starts around the 1:08 mark in the following video:



The technology making this possible is known as UEFI, short for Unified Extensible Firmware Interface. A successor to the BIOS ROM firmware that Microsoft operating systems have relied on since their beginning, UEFI was designed to shorten the time it takes a PC to start up. It was built by Intel, but is designed to work with a variety of CPU architectures.

"It's not just about speed and having a boot that looks better," Angiulo said during Tuesday's keynote, referring to UEFI. "It's about security, too."
Steven Sinofsky, president of Microsoft's Windows and Windows Live division, went on to say that Windows 8 developers "have taken Defender and we've actually built a whole new range of protection, all the way up though antimalware, antivirus." Users are free to run Defender or security software supplied by another company. In all, the new OS will offer "tons of security features," he added.

The company issued a statement Wednesday saying Windows 8 would include "low-level security features such as Secured Boot to help defeat classes of threats, and user facing features including Windows Defender and SmartScreen" spam-filtering. The statement didn't elaborate.

Windows 8 will also offer a new way to log on to PCs equipped with a touchscreen. Sam Bowne, a security instructor at San Francisco City College, provided a screenshot here that describes the feature this way: "You choose the picture – and the gestures you use with it – to create a password that's uniquely yours."

Bowne and his students have been testing the security features in the new Windows beta, according to a source.

"There is built in antivirus, and it works!" he wrote "It stopped not only thr EICAR test file, but more than a dozen malware items in Metasploit. So it might be time to sell your Symantec stock."

How to Install Windows 8 via USB Drive

windows8

Microsoft has just released a developer preview of its new operating system Windows 8. Users can now download the preview and install on their system to see how its works. But there is just one problem and that is you can't update an existing version of windows, it requires a clean installation.

It is a straight forward process when installing it with a CD/DVD Drive but if you're like me that has a 10inch notebook which doesn't come with a DVD drive then the only solution is to install via a USB stick or drive.

Installing Windows 8 from a USB drive is not that friendly because it requires more preparation that just burning an ISO image to disk and putting that ISO into the DVD drive of the computer.

You will need at least four Gigabytes free space of USB drive, which you have to first format with the FAT32 file system. This is done by connecting the USB drive to the company, right click its drive letter and select Format from the options. The Format windows pops up where you need to make sure that FAT32 is the selected file system. Everything else can be left as they are.

installing-windows-8

After the formatting is finished, you will need access to the Windows 8 ISO or DVD. The developer preview is only provided as an ISO image. Check out Windows 8 Download for instructions or download the developer preview right here.

The easiest way to copy Windows 8 to an USB drive and make that drive bootable at the same time is to use Microsoft’s Windows 7 USB/DVD Download Tool. While designed specifically for Windows 7, it appears to work just fine to create a bootable Windows 8 USB key as well.

installing-windows-8

Just select the Windows 8 ISO when asked to pick an ISO image from the computer. Then select to copy the contents to an USB drive. The program will copy all files to the drive and make that drive bootable at the same time. You can download the Microsoft tool from here.

installing-windows-8

Install Windows 8

You plug in your USB key into the computer you want to install Windows 8 on. You need to tell the computer on first start to boot from USB and not from hard drive or another location. This is done in the Bios. You usually enter the Bios with F1, F1, Delete, Esc or another key that is highlighted on the screen on Post. Press that key and look for an entry that says Boot or Boot order and make sure that USB has the highest priority on the system. You can easily repeat the steps if the computer is not booting from USB.

The computer should pick up the installation files on the USB drive automatically and installation should commence.

Windows 8 has the following system requirements:

  • 1 Gigahertz or faster 32-bit or 64-bit processor
  • 1 Gigabyte of RAM for 32-bit, 2 Gigabytes of RAM for 64-bit minimum
  • 16 Gigabyte hard drive for 32-bit systems, 20 Gigabyte for 64-bit systems
  • Direct X 9 graphics card
Note: It is also possible to install Windows 8 by mounting the ISO image directly on another Windows system. The instructions have been posted on Reddit.

If you want to install the Windows Developer Preview, but have no blank DVDs or usable thumb drives, fear not. It’s fairly simple. This assumes you are installing the preview on a computer already running Windows, of course.

  • Download the ISO file from Microsoft.
  • Mount the ISO using Daemon Tools, Clone Drive, or similar.
  • This is important. Do not use the autorun installer. The autorun installer only allows you to upgrade your existing Windows installation and will not allow you to install to a separate hard drive or partition.
  • Navigate to the virtual install disc and go to the folder called “sources”.
  • Run setup.exe and proceed as if installing Windows Vista or 7.

Windows 8 Developer Preview

win8-start-screen
Those of you interested in taking the current flavor of Windows 8 for a spin can now download and install the Developer Preview edition.

Being demoed at Microsoft's Build conference, the Developer Preview is a prebeta version showing off the operating system at its current stage. Though technically designed for developers, no registration is required, so anyone can download and install it.

The Windows 8 Preview is being offered in three different packages--a 64-bit version with various developer tools, a 64-bit version of just the operating system, and a 32-bit version of the OS.

All three come as ISO files--image files of the contents of a CD or DVD. Since each of the packages is several gigabytes in size, you'll need a DVD if you want to burn the files to a disc.

In Windows 7, you can burn the ISO file to a DVD by double-clicking it to open the Windows Disc Image Burner. For older operating systems, you can use a tool such as ISO Recorder to burn the file. Alternatively, you can use such utilities as Virtual CloneDrive or Daemon Tools to "mount" the ISO file as a drive, eliminating the need to burn it onto a disc.

Since this is a prebeta version, you'll want to install the OS on a spare PC or in a virtual environment so that it doesn't interfere with your production or work machine.

Those of you who want to know what you're getting into before you attempt to install the Developer Preview can check out a hands-on early look at Windows 8.

What's next after the Developer Preview?

Speaking at the Build conference yesterday, Steven Sinofsky, senior vice president of Microsoft's Windows division, said that Windows 8 will next segue into one beta version, followed by one Release Candidate. Assuming all goes well, we can then expect the final RTM (release to manufacturing) edition sometime after that.

Sinofsky didn't reveal a specific timeframe for the beta or Release Candidate. However, the company has been expected to launch the beta at the 2012 Consumer Electronics Show in January, according to WinRumors.
 
Support : Creating Website | Johny Template | Mas Template
Copyright © 2011. Turorial Grapich Design and Blog Design - All Rights Reserved
Template Created by Creating Website Published by Mas Template
Proudly powered by Blogger