17 year old windows Flaw, still a serious vulnerability

Google researchers discovered a serious security flaw in the windows NT kernel, that allows a hacker to execute malicious code on the victims computer in the kernel mode.This flaw affects all windows Nt based Operating systems, including win NT 3.1 to win7.
Microsoft also issued an advisory regarding this flaw, But also noted that this flaw does NOT affect Windows OS for x64 based architectures such as the Itanium-based computers.

A possible workaround to this situation is to turn of/disable MSDOS & WOWEXEC subsystems of the OS to prevent further attacks & this can be done from GROUP POLICY Editor in windows

HTC Nexus One review

Plus points: The Nexus One has a beautiful display, a very fast processor, and a loaded feature set. The enhanced voice capabilities works flawlessly, and the phone delivers solid performance.

Minus Points:Like other Android phones, the Nexus One forces you to store apps on the internal memory. The media player is average, and has some important features missing like multitouch support, dual-mode capability for GSM and CDMA networks, and hands-free Bluetooth dialing. Currently, Outlook calendar syncing is not available.

The End Result:  It may not have all the features we'd like, but the Nexus One greatly enhances the Google Android family with a fast processor, good call quality, and improved voice control features. What's more, that all versions of the phone will be unlocked.

Apple invites the PRESS for a launching event on 27th Jan

Apple has sent out email invitations to prominent Press people for an event to be held at the Yerba Buena Art Center in San Francisco, with the theme  “Come See Our Latest Creation,”.

It is expected that Apple may introduce the much rumoured tablet PC at this even

Hackers Targeted the Google internal SPY System

Google uses internal systems to collect user data, which maybe presented to the governments, if required.
Google used to provide information of certain individuals/activists to the Chinese government on warrant basis.

The question arises, then why would the Chinese govt hack google, if Google was already complying with them, the answer probably is to get data more data on other individuals.According to the google official blog, several gmail accounts of activists in Europe & china were accessed by third parties, here's the complete detail from the official google blog:-  1/12/2010 03:00:00 PM
Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident--albeit a significant one--was something quite different.

First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses--including the Internet, finance, technology, media and chemical sectors--have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.

Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.

Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers.

We have already used information gained from this attack to make infrastructure and architectural improvements that enhance security for Google and for our users. In terms of individual users, we would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online. You can read more  here about our cyber-security recommendations. People wanting to learn more about these kinds of attacks can read this Report to Congress (PDF) by the U.S.-China Economic and Security Review Commission (see p. 163-), as well as a related analysis (PDF) prepared for the Commission, Nart Villeneuve's blog and this presentation on the GhostNet spying incident.

We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech. In the last two decades, China's economic reform programs and its citizens' entrepreneurial flair have lifted hundreds of millions of Chinese people out of poverty. Indeed, this great nation is at the heart of much economic progress and development in the world today.

We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time  we made clear that "we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China."

These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.

It is confirmed, It was the CHINESE!

Today the NSA (National Security Advisor) to Indian Prime Minister Confirmed that the attempts to hack sensitive Indian Networks was carried out & generated from CHINA.
GOOGLE also hired forensic Experts from a washington based consultants who confirmed that such kind of attacks, that were carried on 30 US companies including Google, Yahoo & Adobe, would have not been possible without the support of chinese authorities. The investigating consultant noted that the sophistication of the code used for the attack was of very high level, which would not have been possible for some 16 yr old hacker to write or execute. McAfee also pointed out that the code used was of very sophisticated level.
The consultant also said that the techniques of the attackers allowed them to masquerade as legitimate users “so traditional means of, for example, intrusion detection or antivirus security are for the most part ineffective.”

KDE Ships First Release Candidate of New 4.4 Desktop, Applications and Development Platform for Linux

January 8th, 2010. Today, KDE has released the first release candidate of the next version of the KDE Software Compilation (KDE SC). KDE SC 4.4 Release Candidate 1 provides a testing base for identifying bugs in the upcoming KDE Software Compilation 4.4, with its components the KDE Plasma Workspaces, the Applications powered by KDE, and the KDE Development Platform.

The list of changes between 4.3 and 4.4 is especially long. Important changes can be observed all over the place, here are some listed changes:-

• The Nepomuk Semantic Search framework has made leaps: A new storage backend makes it a lot faster. New user interfaces to interact with the Nepomuk database are first delivered with KDE 4.4.0. A timeline view of your files makes finding files used in the past easier.
• The Plasma Desktop has been further polished. Many user interface elements have received attention by developers and designers. The new widget explorer provides a richer experience for managing desktop widgets. Plasma widgets can now be shared with other users over the network and the handling of storage devices in the desktop shell has been streamlined. Also, in 4.4 Plasma's little sibling, the Netbook shell debuts as a technology preview.
• New applications on the horizon range from Blogilo, a rich-client blogging tool toCantor and Rocs, two scientific applications for advanced math and graph theory needs. Many other applications, such as the Gwenview image viewer and the Dolpin file manager have been further improved.
• The KDE Development Platform adds the new KAuth authorization framework for easy and secure privilege escalation, printing of odd and even pages, scanner support for the Windows platform and the first pieces of integration of the popular webkit rendering engine.

These are only some of the new features one can expect from the new KDE Software Compilation 4.4, there is also a longer list of the changes. The long list of changes also comes with an even longer list of smaller and bigger bugfixes and performance enhancements which lead to a noticable improvement of the user experience.

The release is named after Cornelius Schumacher, who is and continues to be one of the cornerstones of the KDE community.

AMD launches the new Radeon HD 5670, below 100$ & DirectX 11

After a long interval, AMD’s staggered launch of the Evergreen family picks back up today with the launch of the Radeon HD 5670. The 5670 marks the desktop launch of Redwood, the 3^rd chip in the Evergreen family, designed to fit in below the Juniper chip that powers the Radeon HD 5700 series.Here's the specification:

	ATI Radeon HD 5750	ATI Radeon HD 4850	ATI Radeon HD 4770	ATI Radeon HD 5670	ATI Radeon HD 4670
Stream Processors	720	800	640	400	320
Texture Units	36	40	32	20	32
ROPs	16	16	16	8	8
Core Clock	700MHz	625MHz	750MHz	775MHz	750MHz
Memory Clock	1.15GHz (4.6GHz data rate) GDDR5	993MHz (1986MHz data rate) GDDR3	800MHz (3200MHz data rate) GDDR5	1000MHz (4000MHz data rate) GDDR5	1000MHz (2000MHz data rate) GDDR3
Memory Bus Width	128-bit	256-bit	128-bit	128-bit	128-bit
Frame Buffer	1GB / 512MB	1GB / 512MB	512MB	1GB / 512MB	1GB / 512MB
Transistor Count	1.04B	956M	826M	627M	514M
TDP	86W	110W	80W	61W	59W
Manufacturing Process	TSMC 40nm	TSMC 55nm	TSMC 40nm	TSMC 40nm	TSMC 55nm
Price Point	$129 - $149	$99-$129	$129	$99 / $119	$60-$90

IE flaw helped hackers hack Systems of more than 30 US based companies

The attack by chinese hackers on many corporate networks Including that of Google, Adobe, Yahoo was carried out based on an unpatched flaw in the Internet explorer the can permit remote execution of code.The attack was targeted on Win XP machines running Internet explorer 6.
Microsoft has issue following advisory regarding the vulnerability: The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.
The flaw affects Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are affected.


To exploit, an attacker could host a specially crafted Web site, or take advantage of a compromised website, and then convince a user to view the Web site. In all cases, however, an attacker would have no way to force users to visit these malicious Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message, that directs users to the attacker’s Web site. It could also be possible to display specially crafted Web content using banner advertisements or other methods to deliver Web content to affected systems. The Microsoft investigation concluded that setting the Internet zone security setting to “high” will protect users from the vulnerability addressed in this advisory.
Microsoft is considering an emergency patch to fix this vulnerability. 

Chinese hackers hack deep into sensitive Indian Network

Yesterday news broke out about Chinese hackers hacking into Indian PMO's (Prime Minister's Office) systems & stole sensitive information ,which may include that of the NSA (National Security Advisor).
The question arises how was all this possible & what methods/technology were used?
         From the nature of the attack (as described on NEWS channels) & according to my understanding, the chinese used advanced BOT-NET technology to gain backdoor access & steal sensitive information.
          For those who may not know about BOT-NETS, here's a brief description:- hackers infect computers with advanced spywares called BOTS(in this case through email).These bots install themselves silently into the Master Partition of your harddrive & load into your system's main memory even before the OS is loaded, during the boot sequence. These BOTS open backdoor PORTS of your computer & are also intelligently programmed to send sensitive data such account ID's, passwords by recording your keystrokes, to their authors,who are also termed as BOT-MASTERS.
    Not only this, the BOT-MASTERs also controls the functioning of such infected Computers over the internet through the BOTS, for such reasons in Hackerz term, the infected PC is also called as ZOMBIE-PC (ZOMBIE, coz the system is controlled remotely).
    Now hackers use thousands of such ZOMBIE-PCs as a network (also called as ZOMBIE Network) to direct attack on organizations, corporations or even countries.
One famous example was TORPIG BOT-NET which consist of on an average 100,000 infected PC's & was used for stealing credit card records & banking details of infected users & transfered almost 70GB of data evry day from infected Systems to the BOT-MASTER.Using such large quantity of infected system, gives the hackers computing power nearly equal to a mainframe or maybe a supercomputer & thus is possible to hack into protected military or corporate networks
you can read more about the torpig botnet by clicking here

Can Linux run windows software/Games??

Over the past few years, there has been a common question on the Linux vs. Windows desktop front: does the Linux desktop have the ability to play various major release games, and if so what is the performance difference between the two? Linux is commonly overlooked as a viable gaming platform in most communities. Our intention today is to shed some light on what does and does not work inside Linux, as well as give solid performance data for those looking for another option in the gaming world. Each OS has areas where it shows superiority over the other, but for the sake of staying true to the purpose of this article we will only be focusing on the game performance/functionality differences.

Unfortunately there are very few game releases that support running inside Linux natively. To combat this issue there are a few Linux projects that will allow Linux users to run Windows applications - note that we did not say "emulate Windows". We have selected three Linux projects in order to complete our initial round of testing. Our open source project selection "Wine" is a free, easily downloadable project that is created to support both Windows games and applications. The second selection, "Cedega", is a closed source implementation of Wine focused on gaming. The final selection is Crossover Games which like Cedega is a closed source implementation of Wine allowing for enhanced usability and gameplay over Wine.

Some are probably asking at this point, what is Wine? The Wine project was started in 1993 to allow Windows applications to be run under Linux. Wine takes the Windows API (Application Programming Interface) and implements it in the Linux user space. Since Wine is running in user space and is not a part of the Linux Kernel, it relies on the wineserver daemon to provide your basic Windows kernel functionality as well as other various tasks of X integration.

What's the answer to the initial question, "Is Linux ready for gaming?" As you probably expected, the answer is both yes and no. If you're looking for an out-of-box solution for running older games, Linux is a decent alternative to Windows. The longer a game has been around, and the more popular the game, the better the odds that someone has already taken the time to get it working properly under one of the Wine projects. Naturally, that means the reverse is true: newer titles are less likely to work without some extra effort (and sometimes not even then). Even if you do manage to get a new release running, you should expect to see anything from graphical glitches to completely unplayable gameplay.

Nvidia introduces the newTEGRA SoC(System on Chip)

NVIDIA announced its second generation Tegra SoC. It's creatively named the Tegra 2 and this is what it looks like in block diagram form:

The SoC is made up of 8 independent processors, up from 7 in the original Tegra. The first two are - a pair of ARM Cortex A9 cores. These are dual-issue out of order cores from ARM running at up to 1GHz.

The next processor is an audio decode core. NVIDIA acquired PortalPlayer in 2007 for somewhere around $350M. PortalPlayer SoCs were used in the first five generations of iPods. PortalPlayer contributed to much of NVIDIA's know how when it came to building SoCs and audio decoders. NVIDIA is particularly proud of its audio decode core, claiming that it can deliver system power in the low 10s of mW while playing an MP3. It's difficult to quality that claim. Microsoft lists Zune HD battery life at 33 hours while playing MP3s, while Apple claims the iPod Touch can do the same for 30 hours. 

Tegra's video decode processor accelerates up to 1080p high profile H.264 video at bitrates in the 10s of megabits per second. The Samsung SoC in the iPhone 3GS is limited to only 480p H.264 decode despite Samsung claiming 1080p decode support on its public Cortex A8 SoC datasheets. NVIDIA insists that no one else can do 1080p decode at high bitrates in a remotely power efficient manner. Tegra's 1080p decode can be done in the low 100s of mW. NVIDIA claims that the competition often requires well over 1W of total system power to do the same because they rely on the CPU to do some of the decoding. Again, this is one of those difficult to validate claims. Imagination has demonstrated very low CPU utilization 1080p H.264 decode on its PowerVR SGX core, but I have no idea of the power consumption.

The GPU in Tegra 2 is the same architecture as Tegra 1 (OpenGL ES 2.0 is supported), just higher performance. NVIDIA expects a 2 - 3x performance increase thanks to improved efficiency, more memory bandwidth and a higher clock rate.

The original Tegra only supported LPDDR1, while Tegra 2 supports LPDDR2. The Zune HD's Tegra SoC had a 32-bit 333MHz datarate LPDDR1 memory bus, resulting in 1.33GB/s of memory bandwidth. Tegra 2 in a single package with integrated memory should deliver about twice that.

Popular PC game breaks 1Billion$ sales record

Today Activision announced that Infinity Ward’s Call of Duty: Modern Warfare 2 has broken the $1 billion in retail sales worldwide.
The game generated more than $550 million in worldwide sales over the first five days of its release. this beats the worldwide box office gross figures for movies as Avatar, Harry Potter and the Half-Blood Prince and The Dark Night.
Call of Duty:Modern Warfare 2 has exceeded our expectations and shattered theatrical box office and video game records.

For additional information about the game, visit www.modernwarfare2.com.

Now Google throws open online data storage space(GDRIVE) for you

Along with Google Docs now a new feature will be added, also called as GDRIVE that will allow users to store upto 1GB of data free, online on google servers

Instead of emailing files to yourself, which is particularly difficult with large files, you can upload to Google Docs any file up to 250 MB. You’ll have 1 GB of free storage for files you don’t convert into one of the Google Docs formats (i.e. Google documents, spreadsheets, and presentations), and if you need more space, you can buy additional storage for $0.25 per GB per year. This makes it easy to backup more of your key files online, from large graphics and raw photos to unedited home videos taken on your smartphone. You might even be able to replace the USB drive you reserved for those files that are too big to send over email.

Can Business/Colleges/Organizations Adopt OSS/FOSS

Open source community provides wide variety of softwares from Complete office applications like OpenOffice.org to CAD/CAM to scientific softwares,finance, engineering based, to programming IDE's ,to animation. The question is can colleges/Organisations go completely open source?
          
Colleges & other business organisation pay every year thousands of dollars as licensing fees for the proprietary software. whereas OSS applications are free of cost, have wide community based support,have no licensing hassles & are updated much frequently than proprietary software.

for the list of wide variety of OSS for any field  Click here

AMD unveils the ATI Mobility Radeon 5000 Series

At CES,AMD is taking this opportunity to announce the next version of their Mobility Radeon lineup

Performance with ATI's mobile graphics chips has generally been competitive with NVIDIA products in recent years. In fact, ATI is keen to point out that their market share for discrete mGPUs has increased to over 60% in 2009, with a whopping 13% increase in 2Q09. Since NVIDIA is the only other discrete mobile graphics solution, ATI's win is NVIDIA's loss.

The Specifications of the 5000 Series is as follows:

considered as one of fastest mGPU's on mobile platform & Based on DIRECTX 11 technology, the new ATI 5000 series are set to be the best in the block. whats ur view, let me know

Applet tablet PC-iSlate release

The Apple tablet is expected to be released within next few weeks

will keep you posted on new developments

Intel showcases two Devices based on Moretown & Moblin

At CES intel displayed two devices based on it s ATOM chip codenamed MORETOWN, which is expected to be released in the second quarter(Q2) of 2010.The first device Was an OpenPeak Tablet

The other one is a smart phone by LG runnin Moblin based On Atom  processor.The UI is looks same as that of Moblin Desktop, with some changes

Mozilla Firefox3.6 RC available

Mozilla releases Firefox 3.6 just six months after release of Firefox 3.5
you can download it Firefox 3.6 RC

Here’s the features, as listed by the Firefox team:

Users can change the browser’s appearance with a single click usingPersonas.

Firefox 3.6 alerts users about out of date plugins to keep them safe.

Changes to how third-party software integrates with Firefox to increase stability.

Improved automatic form fill provides better options from your form history.

Open, native video can now be displayed full screen, and supports poster frames.

Support for the WOFF font format.

Improved JavaScript performance, overall browser responsiveness and startup time.

The ability to run scripts asynchronously to speed up page load times.

Support for the HTML5 File API

Support for new CSS, DOM and HTML5 web technologies.

Intel showcases 3D holographic displays

At CES LAS VEGAS intel displayed its latest milestone in technology with its holographic display, which can display images,videos in 3dimension. check out the demonstration video at CES at http://www.youtube.com/watch?v=73CGOjkwKdQ

It seems after HiDef TV(HDTV) 3DTV may be the next big thing in display technology? wots ur say???

Light peak technology

Light Peak is the code-name for a new high-speed optical cable technology designed to connect your electronic devices to each other. Light Peak delivers high bandwidth starting at 10Gb/s with the potential ability to scale to 100Gb/s over the next decade. At 10Gb/s, you could transfer a full-length Blu-Ray movie in less than 30 seconds. Optical technology also allows for smaller connectors and longer, thinner, and more flexible cables than currently possible. Light Peak also has the ability to run multiple protocols simultaneously over a single cable, enabling the technology to connect devices such as peripherals, displays, disk drives, docking stations, and more.