We are a skeleton crew this week at the CNET offices with a huge number of our editors and camera crews taking on the tech gadget news avalanche that is the annual Consumer Electronics Show. Though the biggest tech conference of the year in Las Vegas generally has little to do with Apple, some news has managed to trickle out about a much sought-after product: namely, an iPhone for Verizon.

Many (including yours truly) watched the live stream of the Verizon press event yesterday hoping to hear word of Apple's smartphone coming to the network, but--even though there were many exciting new handsets and tablets--there was no mention of a Verizon iPhone.

Today we received word that Verizon is inviting people to a press event January 11. Though nobody knows for sure what Verizon will announce, it stands to reason that after introducing its entire product line for 2011, the only thing left to announce might be a Verizon iPhone. We'll just have to wait and see, but it's looking pretty likely that those waiting for a Verizon iPhone may soon get their wish.

This week's apps include an excellent program to make old-time movies and a puzzle game that uses an interesting color-inversion mechanic to create unique challenges.

8mm Vintage Camera ($1.99) lets you make old-timey videos with some cool feature variations and effects. Right when I launched this app I was reminded of popular camera app Hipstamatic, because 8mm Vintage Camera offers a vaguely similar feature set, but is instead used for making stylized videos.

Start your project by flicking the wheel in the bottom right of the screen to choose from five different video effects like the black-and-white 1920s setting or the grainy '70s setting. Then, you can swipe the viewfinder in the upper right to choose from film effects like a shaky border (like old films) or a burning effect that makes the outer edges of the film seem to melt as you shoot. Different lens and film combinations give you several options for how your video will turn out.

Unlike Hipstamatic, 8mm Vintage Camera lets you adjust all your settings on one main screen. In addition to the film and lens choices, you have the option to use the iPhone 4 flash for brighter scenes, a button that gives your film a frame jitter effect, and you can switch between the iPhone 4's front- or rear-facing cameras.

When you're finished, you can hit the My Reels button to browse through your shot videos, and touching a specific project gives you options for saving your video to your photo library, sending via e-mail, or uploading directly to YouTube.

Overall, 8mm Vintage Camera is one of the best apps I've found for making old-timey movies in the iTunes App Store, with just enough lens and film variations to give you plenty to experiment with. Anyone who likes old 8mm films should definitely check out this app.

Shift 2 (99 cents) is the sequel to Shift, a unique puzzle game that uses a Shift button to invert black-and-white objects letting you walk on different surfaces to try to reach the goal. Though difficult to describe, you'll quickly understand once you start playing, and Shift 2 takes the unique game mechanic to new heights across 120 levels. Like the original, you only have a couple of controls on the bottom for running and jumping, and then Shift buttons on both sides at the top to invert the colors.

To get you started, Shift 2 gives you onscreen hints to get you through the first few levels. As new challenges are introduced, such as the new rotator block in this sequel, the game will let you know how to handle each new element.

Once I got used to the controls, Shift 2 sucked me right in with unique challenging levels that offer a lot of room for experimentation to reach the door to the next level. Even after only a few levels, you'll quickly see how Shift 2 uses the inverting black-and-white mechanic to make for interesting challenges, all with an incredibly easy to pick-up-and-play control system. You can even challenge your friends' scores over either OpenFeint or Apple's GameCenter.

Overall, with a unique game mechanic, 120 new levels, new game elements, and the ability to scan bar codes (just like shopping apps) on the developer Web site for new maps, Shift 2 is a great option for those who like challenging puzzle games.

What's your favorite iPhone app? Do you have a better 8mm video app to share? What do you think of Shift 2? Let me know in the comments!

LAS VEGAS--The grandpappy of the torrenting world, BitTorrent, announced yesterday at the 2011 Consumer Electronics Show that it will bolster its torrent-managing software later this year with search and playback features. Similar to competitors such as Vuze and Miro, the ecosystem comes as part of the development of Project Chrysalis, an effort to give BitTorrent a more robust feature set and give consumers a seamless workflow from finding content to playing it back. BitTorrent recently announced that it had reached more than 100 million active monthly users.

The new version of BitTorrent is due in a public beta near the end of the first quarter, according to BitTorrent Chief Strategist Shahi Ghanem. The impetus for the redesign, he said, is that BitTorrent is not easy for the average person to use. "The capabilities of the client are limiting. It's not great at finding content, playing content, or shifting content," Ghanem said. He defined "shifting" content as the ability to easily move it from one device or format to another.

Through the addition of "channels" such as TED, Make, and contracts with musicians and filmmakers, users will be able to browse for new content more easily. You'll be able to rate torrents on the fly using a star system that will appear next to the torrent as it downloads.

You'll also be able to automatically transcode the torrented files from their original format into something that can be easily burned to disc or played back from within BitTorrent. To ensure that users know which devices support BitTorrent, Ghanem said that the company is working on two open standards for hardware. One will encompass what Ghanem described as "connected," and includes processor, storage, and network support. The other is what he called a "disconnected" standard for burning.

To further that end, the company has partnered with Taiwan's Industrial Technology Research Institute (ITRI), a leading high-tech research and development organization. Chips, designs, and devices that comply with these standards will be sold with green stickers bearing the BitTorrent logo and designated as BitTorrent Certified. Ghanem said that the goal is to enable people to transfer content seamlessly and effortlessly between their home computers, tablets, phones, and televisions.

The company is also working on two Android apps, expected in public beta at the same time as the new version of the desktop program. In a brief demo at CES, Ghanem showed working alpha versions of them and the new version of BitTorrent downloading a torrent on a desktop, then streaming it to an Android phone, a tablet, and on to a television.

Changes to BitTorrent have not always been received well by the torrenting cognoscenti, and so the company has promised that the uTorrent client will remain unaffected by the alterations made to the mainline BitTorrent.

BitTorrent protocol originator Bram Cohen demonstrated for me a project he's been working on for the past two years, currently called Project Pheon but eventually to be known as BitTorrent Live. The concept is simple: improve streaming live video, the way that BitTorrent improved the ability to share files. Cohen has reduced the latency of live streaming down to 3 to 5 seconds, and tested it against hundreds of thousands of simulated computers in a test environment. In the real world, he said that Project Pheon has worked with dozens of simultaneous connections.

The project faces serious hurdles, such as not being able to use TCP because the upload queue gets filled, or using timeouts because timeouts effectively kill the live stream. "There's no reason this hasn't been done yet, but there aren't many people working in this space," he said. Project Pheon is based on UDP, the same basis for uTorrent's uTP, and is expected late in the second half of 2011.

Originally posted at CES 2011

Trend Micro recently upgraded its security system for desktop computers to rely heavily on cloud-based detection and protection, and now it's bringing that same network to Android devices.

Trend Micro Mobile Security for Android secures your device in four ways. It offers a "safe surfing" feature that prevents phishing attacks and illicit access to your identity and banking information. It also powers the parental controls for Web site content blocking. There's a customized blacklist for call and text filtering, and a download guard that prevents malicious or fraudulent apps from installing on your device.

Trend Micro is the first security company to extend its proprietary cloud-based heuristic- and reputation-based network to smart phones. The benefit of such networks initially was twofold: to allow for more responsive, reflexive security; and to allow the publisher to shrink the size of the of the desktop client. Similar desktop competitors include Microsoft's Security Essentials and Panda's Cloud Antivirus. Trend Micro's Mobile Security for Android appears to be the first time such a network has been used in mobile protection.

The company also has an iPhone and iPad app called Smart Surfing, which also uses its Smart Protection network to verify the safety of URLs visited on the iOS browser.

Trend Micro Mobile Security for Android comes with a 30-day free trial, and retails for $3.99. You can download it from the Android Market, or scan the QR code.

That didn't take long.

Apple's Mac App Store tallied 1 million downloads in its first day of availability, the company announced today.

"We're amazed at the incredible response the Mac App Store is getting," Apple CEO Steve Jobs said in a statement. "Developers have done a great job bringing apps to the store and users are loving how easy and fun the Mac App Store is."

Apple launched its Mac App Store yesterday to Mac OS X 10.6 Snow Leopard users. It was made available in the free Mac OS X 10.6.6 software update. According to Apple, the store currently has over 1,000 free and paid apps in categories ranging from education to games.

But the Mac App Store's first day didn't bring only good news for Apple.

A reported Mac App Store hack being shared across the Web allows users to take digital receipts from free applications and use them on pirated copies of a paid app. The receipts effectively fool the paid app into believing use has been authorized, thus allowing users to run the programs and pay nothing for them. Apple has yet to comment on the problem.

Originally posted at The Digital Home

A weakness in copy protection--the antipiracy mechanism at the heart of many a digital distribution system--has reared its head with Apple's brand-new Mac App Store.

The store, launched yesterday, includes digital rights management (DRM) technology designed to ensure that only a program's purchaser is authorized to run the program. But a hack distributed online apparently can be used to get around the system in some situations.

Although several have reported successful use of the hack to circumvent copy protection, it stems from problems in how software developers get their applications to verify permission to run, not from an irreparable problem with the Mac App Store's DRM.

Nevertheless, the issue spotlights the painful realities of DRM. When it's used, hackers often find a way around it, as happened for example with Blu-ray and DVD encryption. But commercial content creators naturally are averse to seeing their digital products spreading willy-nilly for free, and Apple's removal of DRM from music in iTunes in 2009 and Amazon's option to lend Kindle books are the exception rather than the rule. Just this week, a group of entertainment industry powers unveiled a new DRM and copy-protection technology called UltraViolet.

Apple didn't immediately respond to a request for comment.

But Big Bucket Software's Matt Comi, developer of a game called The Incident that's vulnerable to the hack, said he'll be releasing a new version of his software.

"Too bad they didn't release a Mac App Store beta to developers--maybe we would've noticed this," Comi said. Despite the problem, he added, "First day's sales came in a few hours ago and we're very pleased."

With the Mac App Store hack, a person copies three files--digital receipts--from a freely downloaded application such as Twitter to another app such as Angry Birds that otherwise would have to be purchased before it runs. That second app essentially uses the free app's authorization. Of course, a bootleg copy of the second app must first be obtained, but that's rarely proved an obstacle in for those evading copy protection technology.

News of the hack spread quickly yesterday--but shortly afterward came more news that apparently at least part of the problem lies with the software developer and Apple's suggested verification procedures rather than with a terminal problem with the technology.

"For apps that follow Apple's advice on validating App Store receipts, this simple technique will not work. But, alas, it appears that many apps don't perform any validation whatsoever, or do so incorrectly, like Angry Birds," Apple watcher John Gruber said.

But another observer, Sean Christmann, also laid some blame on Apple. Although Angry Birds developers followed only two of the five steps Apple recommends for verifying the software is authorized to run, Apple's instructions are flawed, Christmann said in a blog post.

Specifically, he said Apple recommends a verification process that checks a text file separate from the application's binary file--in other words, an ancillary file, not the file the computer actually runs. He recommended a validation procedure that uses the application itself.

"At the end of the day, if your app is popular enough it's going to end up on a pirated site, but for the time being, by following the instructions above, you can avoid having your app easily cracked with TextEdit," Christmann said.

Comi had this description of the matter: "The issue relates to comparing bits of data from one file (the Info.plist, in other words, the app's metadata) to bits of data in another file (the receipt). As long as those files are consistent, the app will launch. Pretty obvious in retrospect but easy to overlook. The fix is to not refer to the Info.plist."

Asked if it plans a new version of Angry Birds, Rovio Mobile said, "We'll look into it."

Chester Wisniewski of security company Sophos also cautioned about a side effect of the problem: people might look for pirated software instead of going through the App Store. "Be cautious where you get things," he said in a video. "Don't pirate software. It's the best way to get trojans onto your system."

The Angry Birds application is a good example. "Unfortunately, Rovio did not follow the best practice guidelines that Apple set forth on what to do to prevent this application from being pirated," Wisniewski said. "It's quite easy to imagine it's going to be widely distributed."

Updated 8:56 a.m. PT and 9:18 a.m PT with comment from Big Bucket Software and Sophos.

Originally posted at Deep Tech

Microsoft said today that it will release two security bulletins next week fixing three holes in Windows, but it is still investigating or working on fixing holes in Internet Explorer that have been reportedly exploited in attacks.

One bulletin due out on Patch Tuesday, rated "important," affects only Windows Vista but the second one, with an aggregate rating of "critical," affects all supported versions of Windows.

Microsoft said it is not releasing updates to address a hole affecting Windows Graphics Rendering Engine that it disclosed earlier this week, or one disclosed in late December, Security Advisory 2488013, that affects Internet Explorer and for which there have been reports of targeted attacks, the company said in a post on the Microsoft Security Response Center blog.

"We continue to actively monitor both vulnerabilities and for Advisory 2488013 we have started to see targeted attacks," the post said. "If customers have not already, we recommend they consult the Advisory for the mitigation recommendations. We continue to watch the threat landscape very closely and if the situation changes, we will post updates here on the MSRC blog."

Also not mentioned in the Patch Tuesday preview announcement by Microsoft is a bug in IE disclosed last weekend by Michal Zalewski, a security researcher for Google based in Poland. Zalewski released a tool he used to find the hole and others in all the major browsers and said that an exploit for the IE bug had been leaked to the Web accidentally. Security firm Vupen has confirmed the critical hole in IE 8. Microsoft says in Security Advisory 2490606 that it is investigating the bug reports.

Josh Abraham, a security researcher at Rapid7, was surprised that Microsoft was not rushing to fix holes that were reportedly being used in attacks.

"With only two bulletins this month, the big shock is that Microsoft is not addressing two security advisories that have already been weaponized," Abraham said. "I would bet that if the malicious attackers start using the exploits, then we will see an out-of-band patch."

Meanwhile, as Microsoft released its Patch Tuesday preview, Sophos is warning people about a fake Microsoft security update e-mail circulating that contained a worm. The subject line says "Update your Windows" and urges recipients to download an attached executable. But Microsoft does not issue security patches via e-mail attachments. Another clue that it's a scam--Microsoft is misspelled in the forged e-mail header as "microsft."

Originally posted at InSecurity Complex