Practical Technology

for practical people.

July 17, 2011
by sjvn01
0 comments

Skype Holes

f you really know how Skype works, you know it’s about as safe as juggling firecrackers. Skype, the popular VoIP program, relies on every PC running Skype between you and who you’re calling to serve as stepping stones for your conversation. That’s bad. What’s worse is when Skype doesn’t check to see if Skype calls are actually sent, or received, by the right people.

Or, to quote Levent “Noptrix” Kayan, the security researcher that uncovered this hole, “Skype suffers from a persistent Cross-Site Scripting [XSS] vulnerability due to a lack of input validation and output sanitization of the ‘mobile phone’ profile entry. Other input fields may also be affected.”

What does that mean for you? Noptrix explained, “An attacker could trivially hijack session IDs of remote users and leverage the vulnerability to increase the attack vector to the underlying software and operating system of the victim.”

In plain English, it’s simple for a hacker to take over your Skype session as you login to Skype. From there it’s not much of a trick to take over your Windows PC or Mac and start causing real trouble.

More >

July 14, 2011
by sjvn01
0 comments

IBM throws its source code and support behind OpenOffice

Of all the companies that support OpenOffice, there were only two that didn’t support the LibreOffice fork: Oracle and IBM. I could understand Oracle. While Larry Ellison, Oracle’s CEO, didn’t really care about OpenOffice–after all Oracle essentially gave OpenOffice away to The Apache Foundation–I also know that Ellison wasn’t going to let The Document Foundation, LibreOffice’s parent organization, dictate terms to him. But, I’ve never quite understood why IBM didn’t help create LibreOffice. Be that as it may, IBM will be announcing tomorrow that it’s donating essentially all its IBM Lotus Symphony source code and resources to Apache’s OpenOffice project.

In an e-mail to the Apache OpenOffice e-mail list, IBM’s Open Document Format (ODF) architect Rob Weir let the cat out of the bag that IBM would be putting its Symphony code and resources behind OpenOffice.

More >

July 14, 2011
by sjvn01
0 comments

Five Things to expect from the Amazon Android Kindle tablet

I wish Amazon would stop being coy about its plans for an Android Linux-based Kindle tablet and just announce it already. While Amazon still won’t tell me that they’re building one, the Wall Street Journal is reporting that Amazon is planning releasing an iPad Rival.

OK, enough is enough. While I don’t have any hard facts that anyone from Amazon will officially tell me, here’s what my sources have been telling me to expect. What I’m telling you here is from people both inside Amazon and from Amazon’s partners. Some of it may be wrong. I’m sure though that the broad picture is correct.

More >

July 13, 2011
by sjvn01
0 comments

Netflix and the Internet bandwidth dilemma

I get it. You’re ticked off at Netflix for raising its prices for online video streaming. I understand perfectly. I recently dropped my cable TV service for a combination of Internet TV services-Netflix, Hulu Plus, and Amazon Instant Video–my own iTunes-based video server, and over-the-air (OTA) TV. Of all of them, I watch Netflix the most. I’m not happy about paying more. I also don’t think I have much of a choice in the matter.

You see, Netflix didn’t have much of a choice in raising its prices. Just like the recording industry before it, video content owners are having a heck of a time shifting over from their old selling and broadcast models to Internet savvy business models. So Netflix knowing darn well that the price it was paying for the right to stream videos made a per-emptive move to raise its rates. Yes, they’ll lose some customers, but they’re betting they’ll still have a good revenue stream. They’re going to need that revenue just to keep their video streams flowing.

More >

July 13, 2011
by sjvn01
0 comments

Google needs to clean up its Android Market malware mess

Come on! I like a lot of what Google does, but its refusal to keep malware-laden apps out of the Android Market is inexcusable.

Just today, researchers at Lookout Mobile Security spotted more variants of DroidDream malware in the Android Market. On the same day, Fortinet spotted the Zeus banking Trojan in Android.

It’s not that Android is uniquely vulnerable to malware. It’s not. In fact, Android, which is based on Linux, has not only the Linux operating system’s higher than usual resistance to attack; it also has the advantage of running applications in a Java-like virtual machine (VM), Dalvik. What all that means is that malware should actually have a great deal of trouble running on any Android device, and even if it does get on one, it should be locked in the VM where it can’t harm any other applications.

So why, does security firm Trusteer CEO Mickey Boodaei claim that mobile malware will affect more than one in twenty devices within the next two years? And, specifically that “Compared to Apple’s App Store, Android Market is the Wild West. You can’t always trust applications you download from it.”

I’ll tell you why: Because Google doesn’t do an adequate job of checking programs registered for the Android Market for hostile intent and poisoned payloads before letting the public at them. When you download a malicious program, it’s going to nasty things to you. It’s that simple.

More >