Mozilla issues warning over password-stealing Firefox add-on

Mozilla has issued a warning that an add-on for its popular Firefox web browser called "Mozilla Sniffer" is in fact a keystroke logger. The add-on was included within a collection of tools popular within the security community for discovering vulnerabilities in web applications. Mozilla has already yanked the extension from its site; it will also automatically disable the add-on for an estimated 300 over users who have already downloaded it and installed it.

The nefarious add-on was accidentally discovered by Mozilla user Johann-Peter Hartmann, who was using the sniffer add-on to help a friend with some tests. A parallel tool that Hartmann was running detected a connection to an unrelated address. On further exploration, he discovered that the add-on is secretly sending a copy of the URL, password and other details to a site presumably controlled by the hacker.

For now, Mozilla says that the original site where the data was sent to has been taken down. However, it is not known who is behind it and how much data have been previously pilfered. Even so, Mozilla issued the warning that "Anybody who has installed this add-on should change their passwords as soon as possible."

In response to this debacle, Mozilla says that it is currently working on a new security model that will see new add-ons be code-reviewed before being allowed to be hosted on its addons.mozilla.org site.

For more on this story:
- check out this article at The Inquirer
- check out this article at InfoWorld
- check out this article at Netcraft

YouTube - Keyshia Cole - Trust ft. Monica: ""

• 
  
  
  
  
  Why are songs with such power and emotion not played often. All we hear talked about is sex and getting some.
• 
  
  
  
  
  Trust really is everything when it comes to a relationships. Even with  friendships i can not love somebody i cant trust
  This song is so beautiful. 2talented artist blending 2gether and creating this masterpiece oh this is music worth listerning too!

The Move to an ALL-AES World is Long in Coming.

AES/TKIP/WEP

The Wi-Fi Alliance has a timetable for eliminating outdated WEP and TKIP security from certified Wi-Fi devices:

TKIP and WEP won't be allowed in new devices with the Wi-Fi stamp in a staged elimination over three years starting in 2011.

Anyone reading this site should be well aware that WEP (Wired Equivalent Privacy), the original local-link encryption standard in 802.11b, has been broken since 2001, and horribly so since 2003.

TKIP (Temporal Key Integrity Protocol) was a backwards compatible replacement introduced in 2003, and intended to work with older silicon that didn't have either the circuits or computational muster to handle WEP's real replacement, AES-CCMP  AES (also from 2003) is often called WPA2 encryption, although it's more particularly an encryption type that's part of WPA2.

While TKIP hasn't been broken, it has known vulnerabilities, such as a susceptibility to dictionary-based attacks for short keys (eight characters), and some very clever ways to insert packets through manipulating a flaw in the packet integrity protocol. 

The 802.11n standard only allows the use of AES keys, which sometimes provokes confusing statements about its capabilities. Apple updated a support note on 3 June 2010 which stated that 802.11n with WEP or TKIP could only operate at 54 Mbps, when it's perhaps more accurate to state that 802.11n drops down to 802.11g to handle these older security types.

Kelly Davis-Felner, the Wi-Fi Alliance's marketing director, said, "We had a process within our membership to say we have a few aging security mechanisms, one of which is known to be obsolete - and that would be WEP, of course - and we wanted to define what the roadmap would look like to get the whole industry to end of life" the technology.

The Wi-Fi Alliance is a membership trade group that sets certification standards for products that bear the Wi-Fi seal. As such, its efforts are driven by what the members want, and the group allows a typically consistent approach across the entire industry.

TKIP and WEP will be phased out in stages starting 1 January 2011 until 1 January 2014. Changes affect only new devices seeking certification. Companies can also release 802.11 equipment without the Wi-Fi imprimatur, although that's extremely rare, and essentially unheard of among any major equipment maker.

At the start of 2011, access points will no longer be certified with TKIP as an option by itself, commonly revealed as WPA-PSK, WPA-TKIP, or WPA Personal. Mixed modes, in which an AP can accept either TKIP or AES keys, will still be allowed.

But also starting in 2011, manufacturers can opt to ship Wi-Fi hardware preset to use WPA2 out of the box. Currently, Wi-Fi-certified access points have to be set to open, and a purchaser configures it to use security. This is an interesting change, and part of what Davis-Felner said will be greater efforts in the coming year to promote security.

In 2012, new Wi-Fi adapters won't be allowed to support TKIP.

In 2013, WEP is finally disallowed for APs. Inclusion is there only for certain categories of legacy devices for which no other option is available. WEP is used by point of sale systems and older hardware that can't be upgraded. It's a membership decision, so clearly justified by a remaining installed base.

In 2014, the mixed TKIP/AES mode for access points can no longer be included in certified devices, and WEP cannot be available to new client devices.

Bluetooth Gadget Guide

The Bluetooth SIG (special interest group) announced "formal adoption" of Bluetooth 4.0, which includes a new LE (low-energy) mode. Allowing devices to operate for more than a year on button batteries, the spec will let controllers wake host devices within three milliseconds and transfer data at 1Mbps.
Even in advance of the December announcement, chipmakers were jumping on the Bluetooth 4.0 bandwagon. The previous month, for example, Texas Instruments (TI) had announced what it said was the "world's first single-chip, single-mode Bluetooth low energy device" in the form of the CC2540 SoC (left and below).

Single-mode chips such as the TI part will be destined for highly integrated, compact devices that use a minimum of power. Meanwhile, it's said, current Bluetooth chips will be able to talk to such devices once they have been equipped with a new low-energy software stack.


Bluetooth 4.0 Specifications out for Certification http://bit.ly/aQ4GPX



Bluetooth 4.0 leads Gartner's top 10 mobile tech list-http://bit.ly/cTjc4V 2011 Bluetooth 4.0 will introduce a new low-energy (LE) mode that will enable communication with external peripherals and sensors.
Bluetooth 4.0 and its LE technology "will enable a range of new sensor-based business models in industries such as fitness, healthcare, and environmental control and will be used by handset and PC peripherals to enable new functions, such as PCs that autolock when users move away from them," says the research group. Earlier this month, the Bluetooth SIG announced that Bluetooth 4.0 devices will start arriving in the fourth quarter of this year.

T-Mobile SideKick LX

In the annals of wireless industry history, this week will go down as a bloodbath for mobile devices. After Microsoft (NSDQ:MSFT) halted work on Kin earlier this week, T-Mobile on Friday said it's no longer selling the Sidekick LX and Sidekick 2008.
However, T-Mobile is apparently leaving the door open for future Sidekick devices. "While we work on the next chapter of our storied Sidekick franchise, T-Mobile will continue to provide our loyal Sidekick customers with product service and support. Stay tuned for exciting updates in the months ahead, which we expect will provide customers with a new and fresh experience," a T-Mobile spokesperson said in an e-mailed statement.
The only thing that's surprising is that the Sidekick still has life. The device, regarded as the first true smartphone, was supposed to live on in Microsoft's social networking-oriented Kin phones, but the software giant abandoned that effort this week due to poor sales and a frosty reception from consumers.
The Sidekick's fate was essentially sealed last October when Microsoft's Danger subsidiary, which runs the Sidekick service, suffered a major database outage that led to some users losing contacts and other personal data stored on their devices.
Microsoft said the outage only affected a "minority" of T-Mobile's approximately one million Sidekick subscribers, but the carrier had to suspend Sidekick sales for more than a month while Microsoft worked to stabilize the service platform. Microsoft was also targeted in class action suits from angry Sidekick customers.
But even without the outage, Microsoft's commitment to future development of the Sidekick has been in doubt for some time. Many T-Mobile customers saw Microsoft's February 2008 acquisition of Danger as a death knell for their beloved Sidekick, and in the wake of the outage neither Microsoft nor T-Mobile would confirm plans to develop future models.
T-Mobile in April 2009 unveiled the Sidekick LX, which was the first Sidekick to run on T-Mobile's 3G data network.

 For the rest of IT Channel News click here: 
IT Channel News

Hands on iPhone 4 and the iOS 4 (iPhone OS 4).mov

Quick and dirty USB WiFi dongle waveguide

Quick and dirty USB wifi dongle waveguide - More DIY How To Projects

Don't Blame Google For Grabbing Your Data

All, this data was being publicly broadcast to anyone (and not just Google) who would care to see it. They didn't have to break into your house or network to get it. If I posted private data on a sign outside my house and the Street View cameras captured that in a photo, would Google then be invading my privacy?

No one is accusing Google of doing anything improper with the data. Rather Google is being accused of keeping data that people broadcast (perhaps published or delivered may be a more apt description) to them. 

What WiFI Eavesdroppers See on Unsecured Networks

Introduction To Wireshark





Fortunately, things are getting better. With the more recent versions of PC operating systems (both Windows and Mac) setting up a network has gotten easier. Recent TV commercials for Cisco's Valet networking appear to make it simple to set up a secure wireless network. The commercials tout the ease of setup but only hint that the network is secured (which it is). Cisco's Valet Free Shipping Order online store

This concept is great, and I'm sure we'll see similar offerings from others. Although I'm tempted to scream, "What took you so long?"--I'm glad it's now available.

We still have to large tasks ahead of us. The first is to continually educate people about the need to secure their networks. Second is to figure out a way to handle all of those existing unsecured networks out there.

Channel NewsAsia

HTC EVO 4G review stripped the WiMAX-toting smartphone down to its shockingly red rear panel.

Linux-ready Linksys 802.11n router revue -Linux for Devices

Cisco announced an updated line of Linksys wireless 802/11/b/g/n routers for the home market, including a Linux model. The E2100L Advanced Wireless-N Router with Linux OS offers four 10/100 Ethernet ports, a USB port, a UPnP AV Media Server, and -- like the other E-Series WiFi routers -- provides new, more customizable Cisco Connect software.

The $120 Linksys E2100L Advanced Wireless-N Router with Linux OS is one of four new E-Series routers for the home market, all of which are said to offer 802.11b/g/n WiFi bandwidth at up to 300Mbps. The four E-Series routers also debut the Cisco Connect software, which makes it easier for users to customize and control wireless network settings, claims Cisco.

Cisco Connect auto-assigns the WPA security passkey and SSID for easier installation, says the company. Other features are said to include adding devices, setting device-specific parental controls, and providing visitors with password-protected Internet access on a separate guest network.

According to Cisco, the software provides easier access to customizing advanced settings and changing the network SSID and password than did the previous Linksys software. Meanwhile, advanced users can still opt for changing settings through the default IP address (192.168.1.1).

Linksys E2100L Advanced Wireless-N Router with Linux OS
(Click to enlarge)
The sole Linux model, the Linksys E2100L, offers greater customization flexibility compared to the other E-Series routers, says Cisco. The E2100L appears to be identical to Cisco's first Linksys home router equipped with 802.11n, the Linux-based Linksys by Cisco Wireless-N Broadband Router with Storage Link (WRT160NL), announced last June.

It's difficult to say exactly how similar the products are, as Cisco has not released detailed technical specs, as it did with the WRT160NL. It appears, however, that the only meaningful difference from the WRT160NL, which was said to offer a 400MHz processor, 32MB DDRAM, and 8MB flash, may be the new Cisco Connect software.

Side view of Linksys E2100L
(Click to enlarge)
The Linksys E2100L router establishes an 802.11n WiFi hotpot, but like the WRT160NL, is limited to four fast Ethernet (10/100Mbps) ports rather than the gigabit Ethernet (10/100/1000Mbps) offered with the new, identically priced Linksys E2000 Advanced Wireless-N Router. The Linux model also lacks the E2000's selectable 2.4GHz or 5GHz bands, operating only over 2.4GHz.

On the other hand, the E2100L supplies two key features not offered by the E2000: a USB port for connecting storage devices, and a UPnP AV Media Server, which can stream entertainment content to an Xbox 360, PS3, or another UPnP-compatible device, says the company.

The earlier WRT160NL's USB port was referred to as a "Storage Link" port, a name not used with the new model. In either case, however, it appears to be no different than any other USB 2.0 host port.

As with the WRT160NL, the E2100L is equipped with two detachable antennas, says Cisco. Security features provided by the E2100L are said to include WPA/WPA2 Personal, WPA /WPA2 Enterprise, and SPI firewall protection. (For more technical details on the similar WRT160NL model, please see our earlier coverage here.)

Linsksys E2100L
The remaining two new E-Series models include the $80 Linksys E1000 Wireless-N Router, which offers four 10/100 Ethernet ports, and on the high end, the $180 Linksys E3000 High-Performance Wireless-N Router, says Cisco. The latter is said to offers both 2.4GHz and 5GHz operation, four gigabit Ethernet ports, and a UPnP AV media server. In addition, the company introduced a $70 USB-connected Linksys AE1000 Wireless-N Adapter.

In December, Cisco followed up on the WRT160NL by announcing a similarly styled Linux-based WiFi router, touted as the first 802.11n dual-band clustering access point for small to medium-sized businesses (SMBs). The Cisco AP 541N Wireless Access Point is equipped with dual-band 802.11n, a single gigabit Ethernet port, "robust" security, voice roaming, and clustering technology, says Cisco.

The 802.11n standard boasts as much as twice the range of 802.11g. It also offers better service quality and far greater bandwidth: from the typical maximum of 300Mbps to a theoretical 600Mbps.

Stated Jonathan Kaplan, SVP and GM of Cisco Consumer Products, "Linksys pioneered the first home router 10 years ago, and 50 million units later is the world's leading provider of home wireless routers. The new E-Series caters to Linksys' core technology-minded consumer base, with a simplified product line-up that is ideal for today's sophisticated home network user."

Availability

The Linksys E2100L Advanced Wireless-N Router with Linux OS is available now for $120, says Cisco. All the E-series routers are available immediately at Amazon, Staples, and Linksys.com, and can soon be found at Best Buy, Target, Wal-Mart, and other leading retailers, says the company.

Android 2.2 lays down the gauntlet, includes WiFi tethering

So the iPhone might finally get USB and Bluetooth tethering next month, huh? Well it may turn out to be too little and too late.

At its IO Conference today in San Francisco, Google announced Android 2.2 (code named “Froyo”), and as expected, the new version of its mobile OS includes Wi-Fi tethering — something previously available only on PalmOS phones (like the Pre+) and on rooted Android devices. They even demo’d a Wi-Fi iPad connected to it.

Wouldn’t it be ironic if the iPad could tether to an Android device but not to an iPhone? Actually no, it would be sad.

No word on if and how carriers may charge for tethering on Android, but unlike the current iteration on the Pre+, an additional charge appears likely. In addition to Wi-Fi tethering, Android 2.2 also includes USB tethering, which is faster than Wi-Fi.

And that’s not all. Android 2.2 also includes a rash of other new features, including:

• Adobe Flash 10.1
• apps on microSD
• a JIT compiler
• faster V8 javascript engine
• (optional) automatic app updates
• OpenGL ES 2.0
• a new one-handed camera UI
• revamped Google voice search, and
• desktop to handset music streaming

I hope Cupertino is paying close attention. Customers won’t accept a substandard mobile OS forever. I hope that Apple has some tricks up its sleeves for WWDC on June 7, or iPhone OS 4 is bound to be a disappointment.

Top 10 smartphones and cell phones of 2010

Top 10 smartphones of 2010

 Sprint HTC EVO 4G

Apple iPhone 3GS

Nokia N8

Verizon HTC Droid Incredible

Google Nexus One

 AT&T Palm Pre Plus

 

T-Mobile myTouch 3G Slide 

RIM BlackBerry Bold 9700

T-Mobile HTC HD2 Windows Mobile Device

Motorola Droid - Verizon

High fives for HTML5 at Google I/O - Videos | ZDNet

At Google I/O in San Francisco, Google execs Vic Gundotra and Sundar Pichai push HTML5 technologies to conference attendees. The execs believe switching development efforts from desktop-based applications to Web-based applications is key to continuing growth in the medium.

                    Women in Tech 2010

Last year, our list of the Most Influential Women in Technology raised plenty of eyebrows, ire, and fist pumps of joy — depending on the reader. And we’ve no doubt this list will follow suit. But the overwhelming number of nominees and fresh names proved that, while women in tech may remain at a distinct disadvantage by almost any metric (average salary, top-management representation, etc), there is also plenty to celebrate and be inspired by.

The Entrepreneurs SEE FULL LIST Jen Bekman Founder  20x200 Coming of age during the tech boom, Jen Bekman worked her way up through the online ranks -- New York Online, Electric Minds, Netscape, Disney/GO Networks, AOL, Meetup -- only to split the scene for what seemed like career derailment. READ MORE	The Brainiacs SEE FULL LIST Fernanda Viegas Cofounder  Flowing Media As an undergrad, Fernanda Viégas dropped out twice and studied chemical engineering, linguistics, and education on two continents, before finally finishing with a degree in graphic design. And then, she didn't want to be a graphic designer. READ MORE
The Media SEE FULL LIST Alison Lewis Creative Innovator  Switch Craft An illuminated wedding dress and RFID tea cups that can control videos are just two of Alison Lewis's tech-infused DIY projects, which involve clothing, home accessories, and small electronics and can be found in her book and blog. READ MORE	The Media SEE FULL LIST Darlene Liebman Cofounder and Vice President of Production  Howcast Studios What is Howcast? We're a new media company that creates shortform instructional videos and distributes them online, over on-demand TV, and through our iPhone and Android apps. We launched two years ago and have more than 100,000 videos on the site. READ MORE
The Gamers SEE FULL LIST Susan Wu Cofounder and CEO  Ohai The U.S. virtual goods market will jump 60% this year to $1.6 billion, and analysts estimate worldwide annual revenue could reach $10 billion -- the equivalent of Hollywood’s 2009 box-office earnings. Founder of online-gaming firm Ohai Susan Wu knew that virtual goods (products that exist only online) made real money, and she went after the digital wares like a hot commodity. READ MORE	The Brainiacs SEE FULL LIST Amber Case Cyborg Anthropologist Amber Case is just your ordinary cyborg anthropologist. "My father used to read me bedtime stories out of this book called Evolution of Consciousness," Case says. READ MORE
The Media SEE FULL LIST Meredith Artley Managing Editor  CNN.com Last December, just after CNN.com unveiled a redesign with a simplified, user-centric interface to better showcase its breaking news, a new blog appeared named Afghanistan Crossroads. READ MORE	The Brainiacs SEE FULL LIST Jill Tarter Director  SETI When astronomer Jill Tarter was awarded the TED Prize in 2009, she was given the opportunity to make a wish big enough to change the world, and she did: “I wish that you would empower Earthlings everywhere to become active participants in the ultimate search for cosmic company." READ MORE