According to Microsoft, one in every fourteen downloads is malware, and that Internet Explorer 8 and 9 blocks up to 5 million attacks, daily.

The figures come alongside a post boasting of the Application Reputation mechanism in Internet Explorer 9.

AR uses URL-based tactics to see if the site uses malware, and also check links and files.

Says Jeb Haber, the program manager lead for SmartScreen says:

Using reputation helps protect users from newly released malware programs - pretending to be legitimate software programs - that are not yet detected by existing defense mechanisms.

Reputation also enables IE9 to remove unnecessary warnings for downloads with an established positive reputation. Both publishers and individual applications build reputation. For example, a digitally signed application from a well-known publisher that has been widely downloaded has a better reputation than an unsigned application that has not yet been downloaded widely and has just been posted on a newly created Web site.

Furthermore, the manager adds:

From our experience operating these services at scale, we have found that 1 out of every 14 programs downloaded is later confirmed as malware.

Permalink | Comments

---

Google has announced today that it is currently fixing an Android security flaw that was brought to the public's attention last week by German researchers.

The group explained on Friday that some Google account authentication tokens were apparently being sent OTA unencrypted, leaving users with their data freely available if they were on public Wi-Fi.

Hackers using simple software could steal account info for Google Calendar, Contacts and Picasa accounts.

Users with Android 2.3.4 are free of the issue, but 98.4 percent of Android devices run Android 2.3.3 or lower, making the fix useless for the vast majority.

Google has begun rolling out the server-side patch this week for Android 1.5 - 2.3.3, and it will be completed by the end of the week.

Says Google, via CW:

Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days.

Permalink | Comments

---

Apple has now proposed a smaller standardized SIM card than is currently used, allowing its iOS devices to be marginally thinner.

UK carrier Orange seems to support the proposal:

We were quite happy to see last week that Apple has submitted a new requirement to (European telecoms standards body) ETSI for a smaller SIM form factor -- smaller than the one that goes in iPhone 4 and iPad.

They have done that through the standardization route, through ETSI, with the sponsorship of some major mobile operators, Orange being one of them.

Processing would take some time, but thew first devices using those SIM cards could be out next year.

Permalink | Comments

---

Intel has confirmed today that it will introduce over 10 new tablet running its own chips, trying to steal some market share from mobile architecture giant ARM Holdings.

The company will show off the designs at the Computex computer trade show which starts on May 31st.

Asus and other companies are expected to unveil tablets at the event, as well.

Overall, 35 Intel chip-based tablets are expected to ship throughout the year.

Intel is launching their "Oak Trail" chips soon, boasting low power consumption.

Permalink | Comments

---

Sony just cannot catch a break.

Within three days of the company restoring the PSN after over 3 weeks of downtime, Sony has had to take down its PSN web logins, thanks to a password exploit.

Users trying to sign in via Playstation.com, the PlayStation forums, PlayStation Blog, Qriocity.com or the Music Unlimited are greeted with the following message:

The server is currently down for maintenance. We apologize for the inconvenience. Please try again later.

Additionally (via PCM):

Unfortunately this also means that those who are still trying to change their password ... via Playstation.com or Qriocity.com will be unable to do so for the time being. This is due to essential maintenance and at present it is unclear how long this will take. In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information.

Apparently, the PSN password system has a flaw that allows hackers to change your password as long as they have your date of birth and email associated with the account. 101 million users had their personal data compromised with the original breach, including, you guessed it, DOB and email.

Permalink | Comments

---