G$earch

The Download Blog: Software tips, news, and opinions from Download.com editors

Posted by Harshad

The Download Blog: Software tips, news, and opinions from Download.com editors


Extensions return to Chrome dev for Mac

Posted: 06 Jan 2010 03:27 PM PST

Extension support is active again and bookmark synchronization has arrived in the Google Chrome developer's build for Mac OS X. Default extension support was disabled in Chrome for Mac in December, followed by promises that it would be re-enabled within a month.

Bookmark sync does not yet work flawlessly: a known bug related to the sync process will crash the browser when you add a new bookmark folder.

As highlighted in the red box, RSS support is finally available in Chrome for Mac, via extensions in the developer's build.

(Credit: Screenshot by Seth Rosenblatt/CNET)

The latest developer's build, version 4.0.288.1, is available for Windows, Mac, and Linux. Windows users will only see two bug fixes: one prevented HTML5 audio and video content from not loading, the other stops content scripts from running twice on some occasions.

The Mac and Linux versions, being further behind in development than the Windows version, offer more new features. In addition to extension and bookmark sync support, and fixing the aforementioned HTML5 and script bugs, Google added for Macs "pin tab" as a context menu item, included a "learn more" link on the crash page, and baked in the Esc key as a shortcut to stop the page from loading.

Mac users should also note that to switch from the beta version to the developer's build, you'll need to manually download and install the developer's build. The automatic upgrade path from within the Chrome beta won't work because it's a different development channel--even though they did share version numbers.

In brief testing, both the bookmark sync and the extension support work without problems. If you encounter any problems in the latest Chrome dev, tell us in the comments below.

Do prices matter for iPod games? (poll)

Posted: 06 Jan 2010 01:30 PM PST

Anyone who knows me knows that I'm a cheapskate. (I even have a blog that says so.) Needless to say, when it comes to buying games for my iPhone, I tend to choose titles that are free or supercheap.

In fact, my buying habits work like this: If a game I want costs 99 cents, I'll usually grab it without a second thought. If it's $1.99 or $2.99, I'll sometimes pull the trigger, though not without some hesitation. Anything that costs more, I rarely pony up for it.

Am I alone in this regard? To find out, I created this poll. Cast your vote, then read on for more discussion.

I suspect most people will choose, "It depends on the game." And, sure enough, some games offer relatively limited replay value, and therefore should be priced lower than games you're likely to play endlessly.

On the other hand, why should I balk at spending, $5 for an iPhone game that's every bit as good as a $50 PlayStation game? (PlayStation 2, anyway.) I'll drop five bucks for a Starbucks coffee and cookie, which last all of 10 minutes, but not on a game I might play for weeks. Why?

Maybe it's because I'm spoiled by all the great freebies, like Tap Tap Revenge 3, Unblock Me, and Traffic Rush. Or perhaps there's less perceived value in a game that runs on such a small screen.

In the App Store's early days, it wasn't uncommon for marquis games (like Super Monkey Ball) to debut at $9.99, and that's still true--though many high-profile titles start much lower. Witness the recent arrival of The Simpsons Arcade, which I fully expected to cost at least $7.99--but instead came in at $4.99.

Games that fetch premium prices upon their debut almost always drop in price a short while later. 2XL's ATV Offroad, for instance, had a sticker price of $7.99 as recently as October; however, it is currently selling for just $1.99.

All this begs the question: What's a fair price for an iPhone/iPod Touch game? And what's the most you're willing to pay for one? I'd love to hear your thoughts on the matter--in the comments, of course.

Originally posted at iPhone Atlas

Windows 7 has lots of 'GodModes' (exclusive)

Posted: 06 Jan 2010 12:04 PM PST

Those intrigued by the "GodMode" in Windows 7 may be interested to know that there are many other similar shortcuts hidden within the operating system.

Intended for developers as a shortcut to various internal settings, such features have been around since Vista and even before, according to the head of Microsoft's Windows division, who tells CNET that the so-called GodMode settings folder uncovered by bloggers is just one of many undocumented developer features included in Windows.

In an e-mail interview, Steven Sinofsky, Windows division president, said several similar undocumented features provide direct access to all kinds of settings, from choosing a location to managing power settings to identifying biometric sensors.

As with the all-encompassing GodMode uncovered by bloggers, these other settings can be accessed directly by creating a new folder with any name (GodMode or otherwise) and then including a certain text string. Sinofsky noted more than a dozen strings create particular settings folders, in addition to the overarching GodMode folder option.

Sinofsky and others say the term GodMode was coined by bloggers; it was not something the company used internally to refer to the settings folders. Although Microsoft maintains many such undocumented developer commands to access such settings, all are replicated by the operating system's Control Panel settings.

Such undocumented means of accessing various settings have occurred in previous versions of Windows, and the GodMode identified by bloggers was also present in Windows Vista. Some users of the 64-bit version of Vista, however, say invoking the GodMode folder caused their machines to crash. Microsoft says it has yet to reproduce that problem, though several readers have said they have encountered problems.

It seems that the folks in Redmond have gotten a kick out of all the attention that the Godmode has gotten and have decided to have fun with it. Sinofsky sent a list of other commands that also create special folders (see list below).

Given the Vista issues, though, I would try these only on a Windows 7 machine, ideally a test machine. To make it work, create a new folder with any name, then a period, then one of the text strings below.

For example, the first one could be a folder named "thankscnet.{00C6D95F-329C-409a-81D7-C46C66EA7F33}" (use everything inside quotes--but not the quotes themselves).

Here's the list of strings:

{00C6D95F-329C-409a-81D7-C46C66EA7F33}
{0142e4d0-fb7a-11dc-ba4a-000ffe7ab428}
{025A5937-A6BE-4686-A844-36FE4BEC8B6D}
{05d7b0f4-2121-4eff-bf6b-ed3f69b894d9}
{1206F5F1-0569-412C-8FEC-3204630DFB70}
{15eae92e-f17a-4431-9f28-805e482dafd4}
{17cd9488-1228-4b2f-88ce-4298e93e0966}
{1D2680C9-0E2A-469d-B787-065558BC7D43}
{1FA9085F-25A2-489B-85D4-86326EEDCD87}
{208D2C60-3AEA-1069-A2D7-08002B30309D}
{20D04FE0-3AEA-1069-A2D8-08002B30309D}
{2227A280-3AEA-1069-A2DE-08002B30309D}
{241D7C96-F8BF-4F85-B01F-E2B043341A4B}
{4026492F-2F69-46B8-B9BF-5654FC07E423}
{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}
{78F3955E-3B90-4184-BD14-5397C15F1EFC}

And, as a reminder, to create the Godmode folder itself, use this string:

{ED7BA470-8E54-465E-825C-99712043E01C}

Originally posted at Beyond Binary

Firefox 3.5.7 fix could 'goose' browser upgrades

Posted: 06 Jan 2010 04:52 AM PST

Mozilla released Firefox 3.5.7 and 3.0.17 on Tuesday to fix a common crash problem and the lack of a prominent suggestion to upgrade.

Firefox is supposed to prominently tell people when a major upgrade is available, but Mozilla was puzzled by recent data suggesting that fewer-than-expected people actually installed the new version, according to a bug report.

"What's happening is that users who do not leave their browser open for 12 hours...will never see the major update dialog, only a little notification slider," Mike Beltzner, Mozilla's director of Firefox, said in a December comment.

He wasn't happy that the earlier process didn't work as he'd expected, but saw a silver lining to the change: "We need to fix this immediately on all branches. Added bonus: we're about to goose our Firefox 3.5 numbers!"

The programmers also fixed a high-priority problem that was causing Firefox to crash. Both changes also were made in the 3.0.17 update, Mozilla said.

Mozilla is trying to move to a faster Firefox release cycle, but it's not easy. Mozilla released a fifth Firefox 3.6 beta in December, but missed its deadline to release the final version of Firefox 3.6 in 2009.

After 3.6, Mozilla had been planning to move its next attentions to a range of significant changes for Firefox 3.7, but now is considering a quick fix to Firefox 3.6 called Lorentz that would more quickly build in a significant feature that separates the running of plug-ins, notably Adobe Systems' near-ubiquitous Flash, into a separate computing process. Mozilla expects the change to make the browser less crash-prone, since crashing Flash applications at present bring down the whole browser.

Mike Shaver, Mozilla's vice president of engineering, wouldn't commit to the Lorentz plan in an interview Monday, but expressed some enthusiasm: "I'm in favor of getting Flash-crash immunity to users ASAP," he said.

Firefox 3.5.7 can be downloaded for Windows and Mac from CNET Download.com.

Update at 7:51 a.m. PST: The first Firefox 3.6 release candidate--the version that means the final version may be ready or nearly ready--could arrive this week.

"Just wanted to follow up to let everyone know that after months of development, we've started...Firefox 3.6 Release Candidate builds. We're pretty excited," Beltzner said Tuesday in a mailing list posting.

In meeting notes also published Tuesday, Mozilla said it is "hoping to ship [the release candidate] to our beta audience on Friday of this week." Mozilla has rounded up 800,000 testers so far for the Firefox 3.6 beta.

Originally posted at Deep Tech

CES: Using your smartphone safely (FAQ)

Posted: 05 Jan 2010 04:00 AM PST

Smartphones aren't just smart, they're personal computers. Unlike a desktop or even a laptop PC, those devices and other mobile phones can easily slip out of a pocket or purse, be left in a taxi, or get snatched off a table. They let you store photos, access e-mails, receive text messages, and put you one browser click away from potentially malicious Web sites.

In effect, gadgets like the Apple iPhone and those running Google's Android software can be as risky to use as PCs, except that the wide variety of mobile platforms has deprived malicious hackers of one dominant software element to target, such as they have with Microsoft's Windows operating system on desktops and laptops.

Here is a look at the different types of threats that affect smartphone users and what people can do to protect themselves.

Researchers Collin Mulliner and Charlie Miller at the Black Hat security conference last summer where they proved they could attack my iPhone with a text message, even after a beer or two.

(Credit: Elinor Mills/CNET News)

What's the biggest security threat to my mobile phone?
Losing it. "You are way more likely to leave it in the back of a taxi than to have someone break into it," Charlie Miller, a principal analyst at consultancy Independent Security Evaluators, said in a recent interview. The best way to protect data in the event of losing a device is to not store sensitive information on it, he said. If you must store sensitive information on it, use a password on the phone and encrypt the data. Devices can be configured so that they ask for a password every time e-mail or a VPN is accessed. Use a strong enough password that a stranger can't guess it. And back up your data frequently.

There are also ways to lock the phone remotely or wipe the data if it is stolen. AT&T spokesman Mark Siegel said users who lose their phone should call the company immediately and "with just a keystroke, we can prevent anyone else from using the phone--and from running up charges."

A number of companies offer software and services to protect mobile phones. One of them is a start-up called Lookout that offers a Web-based service that backs up the data, remotely wipes the data if stolen, can help locate the device, and includes antivirus and firewall protection.

Mobile device users should also be careful about leaving the phone unattended, or loaning it to people. Spyware can be installed without you knowing it. For instance, the PhoneSnoop program can be used with BlackBerry devices to remotely turn the microphone on to eavesdrop on nearby conversations.

Can mobile phones get viruses?
Yes. Mobile viruses, worms and Trojans have been around for years. They typically arrive via e-mail but can also spread via SMS and other means. Mobile phone users should be diligent in installing security software and other updates for their devices. All the major desktop security vendors have mobile antivirus and related offerings.

In November, several worms hit the iPhone, but only devices that had been jailbroken so they can run apps other than those approved by Apple. One worm changes the wallpaper on affected devices to a photo of 80s pop singer Rick Astley of "Rickrolling" fame. The second, more dangerous worm attempts to remotely control affected iPhones and steal data such as bank login IDs. Jailbroken iPhones have also been directly hacked via SMS, including by one Dutch hacker who was demanding $7 from victims for information on how to secure their iPhones.

Miller says: "Don't jailbreak your phone. It breaks all the security, basically." If you simply must jailbreak it, you should change the default root password and not install SSH (Secure Shell network protocol).

What are other types of attacks?
Just like with computer users, smartphone users are vulnerable to e-mail and Web-based attacks like phishing and other social-engineering efforts. All attackers have to do is create a malicious Web page and lure someone to visit the site where malware can then be downloaded onto the mobile device. People should avoid clicking on links in e-mails and text messages on their mobile device. (For more anti-phishing tips read "FAQ: Recognizing phishing e-mails.")

SMS offers another avenue for attack. Last year, researchers demonstrated several ways of attacking phone using SMS messages. In one, they exploited a vulnerability in the way the iPhone handles SMS messages. Researchers also showed how an attacker could spoof an SMS to make it look like it comes from the carrier to get the target to either download malware or visit a site hosting it. In another proof-of-concept attack, a text message was used to launch a Web browser on a mobile device and direct it to a site that could host malware. When the attack is used to phish for personal information it is referred to as "SMiShing."

Is it safe to use Wi-Fi and Bluetooth?
Yes and no. If you are doing something sensitive on your phone, like checking a bank account or making a payment, don't use the free Wi-Fi at a coffee shop or other access point. Use your password-protected Wi-Fi at home or the cellular network to avoid what is called as a man-in-the-middle attack in which traffic is intercepted. Pairing a mobile phone with another Bluetooth-enabled device, like a headset, means any device that can "discover" another Bluetooth device can send unsolicited messages or do things that could lead to extra fees, data being compromised or corrupted, data stolen in an attack called "bluesnarfing," or the device being infected with a virus. In general, disable Wi-Fi and Bluetooth unless you absolutely need to use them.

Which is safer: the iPhone or Android?
Apple vets all the apps that are used on the iPhone, and that tight regulation of the Apps store has kept users safe from malicious apps so far. Nothing is foolproof, however. Once apps are approved they can do any number of things. For instance, Apple removed free games in November developed by Storm8 that were found to be collecting users' phone numbers.

From an architecture standpoint, Android offers more granular access control. But the open-source nature of the Android platform means apps aren't as controlled as they are on the iPhone and holes can be introduced by any number of parties. For instance, Miller found a vulnerability in the Android mobile platform last year that could have allowed an attacker to remotely take control of the browser, access credentials, and install a keystroke logger if the user visited a malicious Web page. The hole was not in code written by Google, but was contributed by a third party to the open-source Android Project. However, any risk was mitigated by an application sandboxing technique Google uses that is designed to protect the device from unauthorized or malicious software that gets onto the phone, Google said. Miller recommends that Android users only download software from trustworthy vendors and reputable sites.

Are standard mobile phones safe?
Obviously regular mobile phones don't pose the Web-based threats that smartphones do. But they are still used to store sensitive information that can be accessed by gaining access to the device. For instance, the inbox and outbox for text messages can contain information that can be used for identity fraud, said Mark Beccue, a senior analyst for consumer mobility at ABI Research. "Regardless of what type of cell phone, the most dangerous current threat is through a cellphone's in/out message boxes," he said. "Clear (them) out regularly. Do not transmit full account numbers, PIN or passwords within a text message unless you immediately delete the out box message."

Standard phones that support Java can be susceptible to certain threats that smartphones are. For instance, scammers in Russia and Indonesia are hiding a Trojan in pirated software that surreptitiously sends SMS messages to premium rate numbers - costing as much as $5 each, thus racking up huge bills, said Roel Schouwenberg, a senior antivirus researcher at Kaspersky Lab.

And what about spam?

That's a growing problem on mobile devices. For information on what to do when you get mobile spam read "FAQ: How to vanquish mobile spam."

Originally posted at InSecurity Complex

0 comments:

Post a Comment