Netflix was down tonight temporarily with users trying to access the site from the Web or other devices getting the error posted at right.

While the service is back up and running (I'm streaming a movie via PS3 as I type), many experienced the downtime for hours.

Netflix has over 23 million users in the U.S. and Canada.

Angry users have blamed LulzSec for the downtime but it is unclear if the hacktivists are to blame.

For now, users are still reporting sporadic downtime, and there is no word if any data was compromised.

Permalink | Comments

---

ChevronWP7, the group who released the aptly named ChevronWP7 jailbreaking tool for Windows Phone 7 devices earlier this year has posted this week that a Microsoft-sanctioned version of the software is coming soon, for a small fee.

After releasing the tool, which allows users to install homebrew on their phones, the group was contacted by Microsoft and it appears the two have worked together to create a legal way for users to get the most out of their devices.

Says the group:

As announced on the Windows Phone Dev Podcast, we will soon be launching an approved Windows Phone unlocking service as part of ChevronWP7 Labs. This will be available to developers across all skill levels and all regions.

The service will require a small fee — currently via PayPal — to offset costs but we assure you it will be more affordable than the App Hub. Those who wish to write and immediately publish apps are recommended to sign up to the App Hub instead.

The launch is expected within weeks.

Permalink | Comments

---

PowerDVD, PowerDirector, MediaShow and MediaEspresso exploit new AMD hardware.

CyberLink has a track record of trying to keep up with hardware advances in its multimedia products. Now, the company has announced that its flagship products - PowerDVD, PowerDirector, MediaShow and MediaEspresso - have been optimized for the latest AMD A-Series Accelerator Processing Units (APU).

Keeping up with hardware evolution means CyberLink customers can benefit from available hardware acceleration for high-definition (and 3D) playback from Blu-ray, AVCHD etc., enhanced video editing and significantly faster video encoding.

"CyberLink is always striving to innovate the next generation of technology that creates the best consumer media entertainment experience possible," said Alice H. Chang, CEO of CyberLink Corp.

"We are delighted to leverage AMD's high-end A-Series APUs on CyberLink's complete product lineup to deliver enhanced and ultra-fast media experiences for consumers."

The popular PowerDVD 11 application leverages hardware acceleration technology of the AMD APUs in decoding Blu-ray, BD3D and AVCHD content, providing smoother Full HD/3D playback with much lower core CPU usage. PowerDirector 9 utilizes AMD Accelerated Parallel Processing (APP) technology to gain 2.2x faster rendering speed in tests.

MediaShow 5 gains accelerated facial recognition (up to 1.2x faster in tests) making it easier to find people in large volumes of photos in the application's library. MediaEspresso 6.5 pushes up the speed of its transcoding processes (up to 1.9x in tests), significantly reducing waiting time for users looking to share their HD videos.

"We are excited to work closely with CyberLink on its flagship products optimized for AMD A-Series APUs, enabling their customers to enjoy supercharged performance, brilliant HD and support for DirectX 11," said John Taylor, director, Client Product and Software Marketing, AMD.

"Bringing a theater-quality experience into the home or on the go is an excellent example of the type of must-have consumer application that APUs are designed to accelerate."

Permalink | Comments

---

Best Buy has noted this weekend that it will be expanding its current UK-only cloud music platform to the U.S. in an effort to challenge recent launches from Apple, Amazon and Google.

The new U.S. Music Cloud service will be available for BlackBerry and Android users.

Although it has not been officially unveiled, the app is already available in the Android Market.

Just like its rivals, the Music Cloud will allow users to upload their collections online and play it back wherever they have an Internet connection, saving space on their devices.

In the UK, the service is available for BB, Android and iOS.

Permalink | Comments

---

Web payments firm setting the story straight.

There were some media reports in the latter part of the last week that PayPal had been hacked, and that PayPal account information had been made public by attackers. The company has responded to the claims, asserting with authority that, "the PayPal site has not been breached or hacked in any way."

In reality, a group of hackers claimed to have compromized another site, which PayPal points out is "less secure." From the breached website, the attackers mined usernames and passwords of a number of accounts. Upon releasing the information publicly, the hackers suggested that people try accessing personal online accounts on websites using the same credentials, and PayPal was listed as a suggestion.

So there was no breach of PayPal's system, instead the hackers were just suggesting that some users would have used the same password as they did for the compromised website.

"PayPal's security team became aware of this particular security situation early on and proactively began monitoring a number of accounts for suspicious activity, in order to protect our customers," the company stated.

"PayPal always safeguards our customers from qualified unauthorized payments sent from their accounts. We regularly monitor for unusual activity on accounts and will work directly with customers if they suspect their accounts have been accessed fraudulently."

Permalink | Comments

---

If you wondered why Microsoft's thrust to add more features and functionality to its Internet Explorer browser has excluded WebGL, here's an answer.

You could be forgiven to tempt an assumption that a Microsoft snub of WebGL is simply the Redmond-based giant's way of ignoring an open standard, in favor of its own proprietary Direct3D, but Microsoft engineers have put forth some real questions for the emerging standard to answer on security.

WebGL stands for Web-based Graphics Library. It provides an (OpenGL-based) API for 3D graphics within web browsers, filling part of an increasing demand for a much richer web experience for end users. Mozilla, Google and Apple have backed the technology with their browser packages, but Microsoft is not yet ready to endorse it.

Microsoft engineers analyzed WebGL and found that they cannot endorse the technology from a security perspective, finding that Microsoft products supporting WebGL would have a difficult time passing Microsoft's Security Development Lifecycle requirements.

The engineers split the problem into three main concerns with widespread use of WebGL.

• #1 - Microsoft: "Browser support for WebGL directly exposes hardware functionality to the web in a way that we consider to be overly permissive"
  
  The engineers find that WebGL security heavily relies on low level components of the system, such as manufacturer drivers provided for video hardware. The problem is, when the drivers were written by manufacturers, they were written with the assumption that they would only be used by trusted/safe local code. That is, applications installed on a system by the user locally. As it is, developers that code for graphics hardware have to go to lengths just to ensure that their code won't cause any major problems. We have all, at least once, experienced a system that required a display driver update to solve a problem with a game or other software.
  
  The concern of the engineers is WebGL will expose video drivers to exploitation attempts on malicious websites in much the same way as browser vulnerabilities are targeted now. The display drivers and software distributed by manufacturers have never had to deal with this kind of threat before. The engineers do suggest that there might be ways to prevent against such attacks (like how a web browser is hardened by sandboxing and DEP systems), but still, "the large attack surface exposed by WebGL remains a concern."
  
  
• #2 - Microsoft: "Browser support for WebGL security servicing responsibility relies too heavily on third parties to secure the web experience"
  
  This point builds on the first point, highlighting that the on-going security of WebGL would depend on third-parties, as opposed to depending on updates to WebGL technology or updates from browser manufacturers. If a bug is found in Google Chrome, then Google will push out an updated build with the bug fixed and can close that attack target completely. However, in the case of an attack that targets a vulnerability with a certain display driver, this might not be possible for Google to prevent and the browser may still be used as delivery means.
  
  Some suggestions have included identifying and blacklisting certain drivers or hardware configurations, but this brings up questions of disruption of consumer experience. The Microsoft engineers point out that most PC users are not accustomed to updating their system drivers regularly, and even if they are, there are other factors to take into account such as whether a vendor is even providing updates for certain hardware anymore. In some cases where OEM graphics products are included with PCs, retail drivers are blocked from installing. OEMs often also only update display drivers about once per year.
  
  The Microsoft engineers find that this inconsistency makes an efficient security servicing model (like Windows Update) targeting WebGL security impossible.
  
  
• #3 - Microsoft: "Problematic system DoS scenarios"
  
  The engineering team concludes that modern operating systems and graphics infrastructure were never designed to fully defend against attacker-supplied shaders and geometry. Client-side DoS is not considered a high severity threat, but the engineering team says the problem needs to be addressed holistically to prevent possible scenarios such as malicious web sites freezing a system or causing it to crash and reboot.

Microsoft's engineers predicted that WebGL will turn out to be an on-going source of hard-to-fix vulnerabilities, and said it is not a technology that the company can endorse now from a security perspective.

"We recognize the need to provide solutions in this space however it is our goal that all such solutions are secure by design, secure by default, and secure in deployment."

Permalink | Comments

---