Sunday, November 27, 2011

Linux Mint 12 'Lisa' to Come with a Customized Gnome 3 Desktop

Linux Mint 12 'Lisa' will come with its own customized desktop and it will be based on Gnome 3. The core desktop will be based on a series of Gnome Shell extensions called “MGSE” (Mint Gnome Shell Extensions) that will provide a layer on top of Gnome 3.

The main features of MGSE are:

  • The bottom panel
  • The application menu
  • The window list
  • A task-centric desktop (i.e. you switch between windows, not applications)
  • Visible system tray icons
MGSE also includes additional extensions such as a media player indicator, and multiple enhancements to Gnome 3. Thus Linux Mint 12 will be more like a hybrid desktop balancing traditional desktop and new modern technologies.
Also Gnome 2 fork MATE can also make it to the live Linux Mint DVD if all the remaining integration issues are ironed out in time, thus providing users a side by side experience of both Gnome 2 and Gnome 3.


Monday, November 21, 2011

123456: The Worst Passwords of 2011

Internet users never learn. No matter how many times we hear about obvious, hackable passwords, people keep using them. And the situation doesn't seem to be getting better.Below is a list of the 25 worst passwords of 2011, compiled by SplashData. The security software developer generated the list from millions of actual stolen passwords, posted online by hackers. Not surprisingly, the most common passwords are also the worst, including "password," "123456" and "qwerty." Even passwords that seem kind of unique, like "trustno1" and "shadow" are actually quite common. And why does "monkey" always show up on these lists?

Anyway, here's the full list:

1. password
2. 123456
3. 12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football

SplashData has a few recommendations for keeping your data safe:

First, create a strong password consisting of letters, numbers and symbols. If you're worried about remembering long passwords, try using phrases of short words separated by underscores, such as "shiny_phones_rule_1." A phrase is easier to recall than a long, abstract mish-mash of characters.

Second, try not to spread the same password all over the Internet. At the very least, use separate passwords for important uses like online banking and e-mail. The last thing you want is for some poorly protected web forum to hold the same password as your bank account.To make things super-simple, you can also use password management software, such as LastPass, Roboform, eWallet, SplashID or the free KeePass. These programs remember your passwords, allowing you to create long, complex strings of letters and numbers that you otherwise wouldn't be able to remember.

                                                                                                Source :

Thursday, November 17, 2011

New Version of Stoned Bootkit Said to Bypass Windows 8 Secure Boot

A security researcher who has in the past has created low-level rootkits capable of staying resident on an infected machine after reboots, said he has now accomplished the same feat on Windows 8, which hasn't even hit the shelves yet. Peter Kleissner said he has created a new version of his Stoned bootkit that defeats the pre-boot security checks included in the forthcoming OS and survives reboots.

Kleissner is known in the security community for his creation of the Stoned bootkit, a sophisticated form of rootkit that is designed to load from the master boot record and stay resident in memory throughout the boot process. The previous version of the bootkit was designed to work on Windows XP through Windows 7, but the new one that Kleissner has written also works on Windows 8. He said in a message on Twitter Thursday that Stoned Lite is a small footprint bootkit that can be loaded from either a USB stick or a CD.
He said he may also add some other functionality to the software in the near future.
"Might add in-memory patching of msv1_0!MsvpPasswordValidate, so it allows to log on with any password.. nothing new but nice and fancy," Kleissner said in a later Twitter message.

The pre-boot security mechanisms in Windows 8 have drawn a lot of scrutiny in recent months, particularly the fact that Microsoft is implementing a version of UEFI instead of the traditional BIOS. UEFI includes some functionality that allows Microsoft to require that any software loaded during the boot sequence of a Windows PC be signed by one of the keys loaded into the firmware. Open-source advocates have argued that the technology could allow the company to prevent users from loading alternate operating systems, but Microsoft and officials from the Linux Foundation have said that isn't necessarily the case.

Kleissner said that he notified Microsoft of his work and has given the company the source code of the bootkit and the paper he's written for a conference presentation.

Microsoft has not confirmed the details of Kleissner's claims.


Saturday, November 12, 2011

Steam’s 35 Million Users Compromised in Hack

Gamers who use the digital distribution network Steam were warned that their account information may have been exposed to hackers following a compromise of the company's Web page and back end databases.  The incident yielded a slew of sensitive customer information, including user’s passwords and encrypted credit card numbers, Steam said.

The warning came after an investigation of a Web site defacement  that affected Steam's forums on November 6th. Hackers were able to bypass the message boards and access the site’s database, according to a message sent to the site’s users last night by Steam co-founder Gabe Newell.
The database contained customer’s user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card numbers, according to the note.

Newell urged users to keep tabs on their credit card activity and their account statements, but said that there’s no proof attackers took any sensitive information, as a precaution. 

As a result of the hack, all forum users will be required to change their passwords upon logging in, while regular users of Steam are being encouraged to do the same, especially if they use the same password on both accounts.

While it remains to be seen how much personal information was actually swiped from Steam’s database and how well certain passwords and credit card numbers were encrypted, it of course recalls Playstation Network’s mammoth breach from earlier this year.

When hackers made off with the information of more than 77 million members of the video gaming platform worldwide in April, it left the network reeling to cover its tracks and make good on security after a series of embarrassing missteps.


Monday, November 7, 2011

Mozilla Developers Testing Mobile OS

Mozilla has been experimenting with an interesting idea called Boot 2 Gecko. Essentially, B2G (as it’s called) is a mobile operating system based on the Web, as opposed to what the project’s wiki calls “proprietary, single-vendor stacks”. Mozilla has something there--open Web technologies indeed increasingly provide an intriguing platform for lots of things, mobile and otherwise.

The developers on the B2G project are looking at the following areas:

  • New web APIs: build prototype APIs for exposing device and OS capabilities to content (Telephony, SMS, Camera, USB, Bluetooth, NFC, etc.)
  • Privilege model: making sure that these new capabilities are safely exposed to pages and applications
  • Booting: prototype a low-level substrate for an Android-compatible device
  • Applications: choose and port or build apps to prove out and prioritize the power of the system

The B2G project is still pretty new, but according to the project roadmap, testing has already begun and will continue through the rest of 2011. Messaging, telephony, and battery aspects of the OS are underway, and contacts, screen/power management, and settings are either on track or scheduled. Testing for more features is in the offing.

As the end of 2011 quickly approaches (Thanksgiving is in two and half weeks away, people!), a more exciting milestone for the B2G project looms: a product demo, scheduled for sometime in the first quarter of 2012. We may see an actual product as early as the second quarter of 2012.

Mark your calendars, friends; we may be seeing a viable new player in the mobile OS market soon.


Wednesday, November 2, 2011

Angry Birds downloads pass half-billion mark

It started as a somewhat stupid, if entertaining, game (seriously, launching cartoon birds at thieving green pigs?).

But soon Angry Birds became an incredibly successful stupid, if entertaining, game. How successful? According to Finnish developer Rovio Mobile, Angry Birds has just surpassed the 500,000 download mark, making it one of the most successful games in the history of, um, gaming.
And that’s all in less than two years. Angry Birds first surfaced in December 2009 on Apple’s iOS. It proved such a runaway hit (with more than 12 million sales from Apple’s App Store) that Rovio rolled out versions for other platforms, including Google’s Android OS, Symbian, Windows, Mac OS X and PlayStation.

Not only that, the Angry Birds franchise has flown far beyond gaming platforms. Rovio says it has shipped more than 10 million Angry Birds toys worldwide and published numerous Angry Birds books.

Rovio also is set to open the first official Angry Birds retail shop in Helsinki. (Can Angry Birds restaurants and theme parks be far behind?)

Here’s Rovio chief executive Mikael Hed gushing about his company’s incredible fortune:
” This is a fantastic landmark achievement for us, and we’re extremely delighted to see such an incredible amount of people enjoying our games. We remain committed to creating more fun experiences and bringing exceptional quality to Angry Birds Fans everywhere.”

Beyond the half-million downloads, Rovio trotted out some other amazing Angry Birds metrics:
Angry Birds Fans around the world have so far played a total of 200,000 years of Angry Birds, with 300 million minutes of playing time daily. Moreover, more than 266 billion levels of Angry Birds have been played, with 400 billion birds launched into action, and over 44 billion Stars collected in the process.

Sounds like great fun. But think about all the potential productivity wasted on Angry Birds! If you look at the numbers above through the prism of the “10,000 hour Rule” -– which posits that the key to mastery of any discipline is to practice, practice, practice for roughly 10,000 hours –- well, let’s just say there’s a lot of “mastery” being left on the table (or mobile device, as it were) by people engrossed in Angry Birds.

On the other hand, if the hundreds of thousands of people addicted to Angry Birds had spent those countless hours improving their skills and lives -- perhaps achieving that elusive state of true self-actualization and maybe making a valuable, lasting contribution to society -- instead of lobbing cartoon digital birds at green pigs, I guess those 44 billion Stars wouldn't have been collected.