Engadget announces here a new version of the Engadget Application:
Engadget for iPhone / iPod touch 2.0.1 was just approved by Apple and is now available on the Apple Store. The big new feature is landscape mode in article, comment, and sharing views, but we’ve also bumped up font sizes, made some improvements to the commenting experience, and added the ability to edit tweets directly in the app. Oh, and you can also now email photos from galleries from within the app, and customize the toolbar. Of course, that’s in addition to regular features like offline viewing, built in streaming for The Engadget Show, and in-app tip submissions — you know, for when you see the iPhone 3GT leak out.
Engadget is the definitive source and final word for news on gadgets and technology. From the latest smartphone news, to reviews and hands-on looks at laptops, HDTVs, gaming, and more, Engadget brings you all the tech news you need. The iPhone app delivers that experience straight to your iPhone or iPod touch, instantly.
A new announcement from Mozilla on CNET:
Mozilla has officially decided that the next major version of Firefox will require
at least Mac OS X 10.5 when running on Apple computers.
“We believe a Mac OS X 10.5 minimum will allow us to provide the best experience possible to our users,” Mozilla Mac programmer Josh Aas said Tuesday in a mailing list announcement. Firefox is built on a browser engine called Gecko, and the upcoming version 1.9.3 will have technology for Mac OS X 10.4 and before removed, he said.
The recently released Firefox 3.6 works on Mac OS X 10.4, aka Tiger. Mozilla will support it for some months after the browser’s replacement version is issued, which means 10.4 support should continue into 2011. (more…)
Computerworld’s story based on IBM announcement:
The ProtecTIER appliance combines a virtual tape library and an index engine
IBM announced today that it’s bringing data de-duplication to its mainframes through an upgraded gateway appliance that has the ability to compress up to 25TB of tape application data into 1TB of disk space.
IBM said its System Storage TS7680 ProtecTIER Deduplication Gateway for System z, a data protection platform for z/OS environments, is available immediately.
“Data de-duplication can dramatically extend storage capacity,” Cindy Grossman, IBM’s vice president for tape and archive storage systems, said in a statement. “Today’s announcement will help clients manage more data with less infrastructure, simplify information protection, while helping to reduce operational cost and energy usage.” (more…)
Gizmodo has a new review here about Google’s search algorithm.
Wired’s Steven Levy takes us inside the “algorithm that rules the web”—Google’s search algorithm, of course—and if you use Google, it’s kind of a must-read. PageRank? That’s so 1997.
It’s known that Google constantly updates the algorithm, with 550 improvements this year—to deliver smarter results and weed out the crap—but there are a few major updates in its history that have significantly altered Google’s search, distilled in a helpful chart in the Wired piece. For instance, in 2001, they completely rewrote the algorithm; in 2003, they added local connectivity analysis; in 2005, results got personal; and most recently, they’ve added in real-time search for Twitter and blog posts. (more…)
About the Critical Security Controls for Effective Cyber Defense on SANS:
The Twenty Critical Security Controls have already begun to transform security in government agencies and other large enterprises by focusing their spending on the key controls that block known attacks and find the ones that get through. These controls allow those responsible for compliance and those responsible for security to agree, for the first time, on what needs to be done to make systems safer. No development in security is having a more profound and far reaching impact. (more…)
A new article about on InfoWorld.com about latest developments in security:
The Web traffic study also finds issues with botnets, corporate policies, and outdated browsers
Rather than targeting Web and email servers, attackers these days are prone to going after enterprises from the inside out, compromising end-user systems and then using them to access confidential data, according to a Web traffic analysis report by security-as-a-service provider Zscaler.
Based on a recent study of traffic passing through its global network, Zscaler’s “State of the Web — Q4 2009” report also notes trends, including issues with botnets, corporate Internet access policies, and the use of the Internet Explorer 6 browser. Officially released on Tuesday, the study analyzes Web traffic volumes covering several thousand Web transactions per second and hundreds of billions of Web transactions. (more…)
A new article on Computerworld about computers reliability and support ranking.
Apple leads Asus, Lenovo, Toshiba and HP
in support firm’s annual ranking
Apple’s computers again took the top spot in an annual reliability and support ranking, Syracuse, N.Y.-based technical support franchise Rescuecom said today.
Macs were the most reliable – and Apple’s support the most dependable – for the third year running, said Josh Kaplan, president of Rescuecom.
“They’ve maintained that position without fail, which is first of all a testament to the reliability of their machines,” said Kaplan. “And their support, with the Apple stores and the Genius Bars, is second to none.”
Apple’s computers beat machines sold and supported by Asus, Lenovo, Toshiba and Hewlett-Packard to take first place, a spot Apple also grabbed in Rescuecom’s 2007 and 2008 rankings. (more…)
SANS has an article about the Top Security Risks and Vulnerability Exploitation Trends. This report is based on year-round research conducted by leading experts and features real-world attack data and analysis from some of the most respected organizations in the industry.
Two risks dwarf all others, but organizations fail to mitigate them
Priority One: Client-side software that remains unpatched.
Waves of targeted email attacks, often called spear phishing, are exploiting client-side vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office. This is currently the primary initial infection vector used to compromise computers that have Internet access. Those same client-side vulnerabilities are exploited by attackers when users visit infected web sites. Because the visitors feel safe downloading documents from the trusted sites, they are easily fooled into opening documents and music and video that exploit client-side vulnerabilities. Some exploits do not even require the user to open documents. Simply accessing an infected website is all that is needed to compromise the client software.
Priority Two: Internet-facing web sites that are vulnerable.
Attacks against web applications constitute more than 60% of the total attack attempts observed on the Internet. These vulnerabilities are being exploited widely to convert trusted web sites into malicious websites serving content that contains client-side exploits.
Operating systems continue to have fewer remotely-exploitable vulnerabilities that lead to massive Internet worms.
Other than Conficker/Downadup, no new major worms for OSs were seen in the wild during the reporting period. Even so, the number of attacks against buffer overflow vulnerabilities in Windows tripled from May-June to July-August and constituted over 90% of attacks seen against the Windows operating system.
Rising numbers of zero-day vulnerabilities
World-wide there has been a significant increase over the past three years in the number of people discovering zero-day vulnerabilities, as measured by multiple independent teams discovering the same vulnerabilities at different times. Some vulnerabilities have remained unpatched for as long as two years.
Here is the 2010 list of the CWE/SANS most dangerous programming errors.
It’s an interesting read. Here are the errors that seem to pertain most to
web development (in decreasing order of seriousness):
 346 CWE-79 Failure to Preserve Web Page Structure (‘Cross-site
 330 CWE-89 Improper Sanitization of Special Elements used in an SQL
Command (‘SQL Injection’)
 261 CWE-352 Cross-Site Request Forgery (CSRF)
 194 CWE-434 Unrestricted Upload of File with Dangerous Type
 157 CWE-98 Improper Control of Filename for Include/Require
Statement in PHP Program (‘PHP File Inclusion’)
 154 CWE-209 Information Exposure Through an Error Message
 142 CWE-601 URL Redirection to Untrusted Site (‘Open Redirect’)
 141 CWE-327 Use of a Broken or Risky Cryptographic Algorithm
Discuss in comments!
Gizmodo has an interesting review of Windows Phone 7 here.
From the review:
Windows Phone 7 snuck up on the world today, but having played with it,
I’ll tell you Microsoft is putting all it’s muscle behind this. No matter who
you root for, to be anything short of impressed is stupid.
How does it feel? Nothing like an iPhone, for starters. The slippery rotatey
screens may take a little getting used to, but they feel right. Microsoft
deliberately wanted to get away from icons and this notion that all
behaviors get the same size button on the home screen, and you definitely
get more of a sense of priorities here: Entertainment, social networking,
photo sharing—those matter, and oh yeah, here’s a phone if you need a
call, and here’s a browser if you need that too.
It’s hard to tell from looking at this stuff, but much of it is customizable,
including almost everything on that home screen. Don’t let the uniformity
of design language fool you, there will be a lot you can do to differentiate
from other people.