Apple today unveiled the iPhone 3GS, its third iteration of the popular smartphone, which will include a video camera and an improved still camera, as well as a digital compass and faster Web browsing and launching of programs.

Pricing will be $199 for a 16-gigabyte version, and $299 for a 32-gigabyte model. It will be available June 19.

The current iPhone is known as the iPhone 3G, for the third-generation cellular network it runs on; the addition of the “S” is for “speed,” said Phil Schiller, Apple senior vice president. “This is the most powerful, fastest iPhone ever made,” he told attendees at the Worldwide Developers Conference in San Francisco.

The phone will also feature an improved 3-megapixel camera with auto focus, an upgrade from the iPhone 3G and original iPhone, which have 2.0 megapixel cameras. The current iPhone 3G will stay on the market, and cost $99 for the 8-gigabyte model. Until now, pricing on that phone was $199.

It is the lower-cost iPhone that had been rumored in recent months. “We want to reach even more customers,” said Schiller. The $99 iPhone is available immediately.

The 16 GB iPhone 3G, which has cost $299, will be available for $149 “while supplies last,” said AT&T, the exclusive carrier of the iPhone in the United States.

CEO Steve Jobs, on leave since January for health reasons, did not make an appearance at the conference, as some had hoped. He is expected to return to the company later this month, officials said.

Also unveiled Monday were new features of what is called iPhone 3.0 Operating System, which will be available June 17. The software will be a free upgrade for existing iPhone owners, and $9.95 for those who own the iPod touch, which does not have a phone, and uses wireless networks to connect to the Internet.

The ability to cut, copy and paste text will be available for e-mails, Web pages and other programs on the device, as will another key feature: being able to send photos — but not videos — using text messaging.

Photos can now be sent by e-mail using the iPhone, but not text messaging, or MMS, as it is called.

Multimedia messaging for the iPhone, part of the new software for Apple’s device, will be added, but not available until the end of the summer, the company said.

Apple vice president Scott Forstall said AT&T, the exclusive carrier of the iPhone in the United States, will not be ready for multimedia messaging, or MMS, for a few months yet.

Users will be able to shoot video, then edit it, using the iPhone 3GS.

Voice control is another new feature, lettiing users speak commands into the phone to dial by name or number, as well as to tell the phone to play a song on the iPod, which is part of the device.

The iPhone 3.0 software will also include three types of “push” notifications — alerts, numerical badges and sound alerts, Forstall said.

In addition, voice-based, turn-by-turn GPS navigation software will be available this summer as an add-on program provided by TomTom, a leading maker of GPS devices.

Apple has sold more than 40 million iPhones and iPod touches since the devices were first released nearly two years ago, the company said yesterday.

There are now more than 50,000 applications, or programs, in Apple’s App Store, said Forstall. The store was launched last July, and response from software developers has been “staggering,” he said.

The iPhone 3G, which went on sale last July, is facing an increased number of competitors in the past year, from the Palm Pre, which went on sale Saturday, to several models of BlackBerrys from Research In Motion, as well as other phones from HTC (including the Google phone, the G1) and Samsung.

Smartphones, which totaled 17 percent of mobile phone sales in the first quarter of 2008 now account for 23 percent of sales, according to a recent report from The NPD Group.

The iPhone has been the best-selling smartphone in the United States, but in the first quarter of this year was eclipsed by Research In Motion’s BlackBerry Curve models, something The NPD Group attributed to “an aggressive buy-one-get-one’ promotion” from Verizon Wireless.

The iPhone had 19 percent of the smartphone market in the United States as of the first quarter of this year, according to IDC research. RIM, with many different BlackBerrys, led with 55 percent, Samsung with 5 percent, and HTC, T-Mobile’s G1 “Google” phone and Palm each had 4 percent, according to IDC Research.

Bertrand Serlet, Apple’s senior vice-president of software engineering, told developers at the WWDC conference in San Francisco that Snow Leopard would be “faster, more responsive, and even more reliable than before”.Throughout the keynote, Apple poked fun at Microsoft, which is scheduled to launch its next-generation operating system, Windows 7, in October.

“Microsoft dug quite a big hole for themselves with Vista,” said Serlet, referring to Microsoft’s most recent operating system, which was ill-received by users and tech experts alike.

Windows 7, he said, uses the “same old technology” as Vista, while Apple came from “a different place”.

Snow Leopard places an emphasis on speed and efficiency, promising a faster install time and a smaller footprint, taking up 6GB less hard disk space than Apple’s current OS, Leopard.

It will boast a faster web browser, in Safari 4, as well as the ability to prevent whole web pages crashing when plug-ins and videos fail to load.

The new-look Expose tool will allow users to explore files and documents without first opening the associated program, while the new QuickTime software will enable users to edit and share videos from directly within QuickTime.

“We’ve built on the success of Leopard and created an even better experience for our users, from installation to shutdown,” said Serlet.

Snow Leopard will support Microsoft Exchange and build it straight in to programs such as iCal, Address Book and Mail.

Apple said people will be able to upgrade from Leopard to Snow Leopard for $29. UK pricing details have not yet been confirmed. The software will be available in September.

Yahoo! has expanded its partnerships with four top U.S. universities to advance cloud computing research. The University of California at Berkeley, Cornell University and the University of Massachusetts at Amherst will join Carnegie Mellon University in using Yahoo!’s cloud computing cluster to conduct large-scale systems software research and explore new applications that analyze Internet-scale data sets, ranging from voting records to online news sources.

To date, academic researchers have had limited access to Internet-scale supercomputers for conducting systems and applications research. To help alleviate this obstacle, Yahoo! is granting these four universities access to the Yahoo! cloud computing cluster. The Yahoo! cluster, also known as M45, has been operational since November 2007 and in use by Carnegie Mellon. The cluster has approximately 4,000 processor-cores and 1.5 petabytes of disks.

“We have been using the Yahoo! cluster for more than a year now and have made significant progress in a number of key research areas, resulting in the publication of more than two dozen academic papers,” said Randal E. Bryant, dean of the School of Computer Science at Carnegie Mellon.

“Our researchers were able to extract and process documents from the Web in a way that was not possible before, changing the way we think about research problems. We were also able to conduct research over a corpus of 200 million Web pages, processing two orders of magnitude more data. We conducted systems software research, comparing, for example, the performance of the Hadoop file system and other parallel file systems. The simultaneous access to applications and systems software has been a real benefit and we look forward to our continued partnership with Yahoo! and joint contributions to the cloud computing community.”

Yahoo!’s M45 cluster runs Hadoop, an open source distributed file system and parallel execution environment that enables its users to process massive amounts of data. Apache Hadoop is an open source project of the Apache Software Foundation, to which Yahoo! engineers have been the primary contributors to date.

“Hadoop powers many of our most broadly used and complex systems at Yahoo!, from Web search to optimizing content for the home page,” said Shelton Shugar, SVP of cloud computing at Yahoo!.

“Continuing to invest in the open source community and in technologies like Hadoop is an important element in our efforts to drive breakthroughs in Internet-scale computing and ultimately to continually improve the quality of the consumer experience of Yahoo!. By partnering with these top educational institutions to share our M45 cluster and our technical expertise, we hope to further key insights into the next generation of systems software research and development.”

“We are very excited about the new research partnership with Yahoo!,” said Shankar Sastry, dean of the College of Engineering at the University of California, Berkeley.

“Access to the cluster is a first step in helping us analyze the vast amounts of societal-scale information available on the Web, such as voting records, online news sources and polling data. The Yahoo! cluster will also enable us to conduct computationally intensive econometrics research, combining economic theory with statistics to analyze and test large-scale economic relationships.”

“Our partnership with Yahoo! will enable us to attack problems ranging from wildlife preservation and biodiversity, to balancing socio-economic needs and the environment, to large-scale deployment and management of renewable energy sources,” said Bob Constable, dean of the faculty of Computing and Information Science at Cornell University.

“We recently established the Institute of Computational Sustainability at Cornell to focus on computational problems in these areas, and Yahoo!’s cluster will help us solve large scale optimization and machine learning problems to find better ways to manage our natural resources.”

“Our vision is to improve upon current technology through the processing of large data sets,” said Jim Kurose, dean of College of Natural Sciences and Mathematics at the University of Massachusetts, Amherst.

“Yahoo!’s supercomputing cluster will enable us to do data-intensive research on a large set of scanned books drawn from the Internet Archive’s million-book collection. The latter includes 8.5 terabytes of text and half a petabyte of scanned images. Research on such large datasets would not be possible without the use of clusters like the one Yahoo! is offering us access to.”

Partnership with these universities is the next step in expanding Yahoo!’s leadership in supporting cloud computing research. In July 2008, Yahoo! joined forces with HP, Intel, the University of Illinois at Urbana-Champaign, the Infocomm Development Authority (IDA) in Singapore, and the Karlsruhe Institute of Technology (KIT) in Germany to create Open Cirrus, a global, multi-data center, open source testbed for advancing cloud computing research and education. The partnership with Illinois also includes the National Science Foundation, creating a cloud computing cluster that is made available to the entire reach of the NSF academic community.

The international partnership promotes open collaboration among industry, academia and governments by removing the financial and logistical barriers to research in data-intensive, Internet-scale computing. As the Yahoo! M45 cluster is part of the Open Cirrus cloud computing testbed, the above universities will also gain access to and be part of the Open Cirrus community.

“Yahoo! is dedicated to working with leading universities to solve some of the most critical computing challenges facing our industry,” said Ron Brachman, VP and head of Yahoo! Academic Relations.

“The ability to access and analyze massive data sets is becoming increasingly crucial to the advancement of Internet-related computer science and cross-disciplinary research. By expanding our university-facing cloud computing program to partner with more universities, we hope to catalyze data-intensive computing research, furthering our commitment to the global, collaborative research community advancing the new sciences of the Internet.”

Computer spies have broken into the US Defence Department’s costliest weapons programme ever, the $300 billion Joint Strike Fighter project, the Wall Street Journal reported Tuesday.

Similar incidents have also breached the Air Force’s air traffic control system in recent months, it said citing unnamed ‘current and former government officials familiar with the attacks.

‘In the case of the fighter jet programme, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials were quoted as saying, potentially making it easier to defend against the craft.

Many details couldn’t be learned, including the specific identity of the attackers, and the scope of the damage to the US defence programme, either in financial or security terms, the Journal said.

In addition, while the spies were able to download sizable amounts of data related to the jet fighter, they weren’t able to access the most sensitive material, which is stored on computers not connected to the Internet, it said.

Former US officials cited by the Journal said the attacks appear to have originated in China. However, it can be extremely difficult to determine the true origin because it is easy to mask identities online. The Joint Strike Fighter, also known as the F-35 Lightning II, is the costliest and most technically challenging weapons programme the Pentagon has ever attempted.

The plane, led by Lockheed Martin Corp., relies on 7.5 million lines of computer code, which the Government Accountability Office said is more than triple the amount used in the current top Air Force fighter. The Journal said six current and former officials familiar with the matter confirmed that the fighter programme had been repeatedly broken into. The Air Force has launched an investigation.

The intruders entered through vulnerabilities in the networks of two or three contractors helping to build the high-tech fighter jet, it said citing people who have been briefed on the matter.

Pentagon officials declined to comment directly on the Joint Strike Fighter compromises. Pentagon systems ‘are probed daily’, Air Force Lt. Col. Eric Butterbaugh, a Pentagon spokesman, was quoted as saying.

Joint Strike Fighter test aircraft are already flying, and money to build the jet is included in the Pentagon’s budget for this year and next.
Source :- IANS

Google is set to make changes to its search ranking algorithm to combat the spate of links leading to malicious web pages appearing at the top of Google’s search results, according to an inside source.
Obviously if Google fails to do something about this manipulation, users will lose trust and the good ole days of Google will be over fast. A Googler speaking on condition of anonymity told WebProNews a ranking change is pending that tackles spam of this kind. Once the change goes live, users shouldn’t see it “nearly as often.”

A report from security company PandaLabs identified over a million links targeting malicious webpages ranking for auto part searches. Google noted that many of the phrases mentioned in the report were rare. A phrase like [1989 Nissan Pickup Truck Engine Check Light Troubleshooting], for example, only appears on attack sites set up by spammers, which explains why Google brought back so many attack sites in response to it and similar queries.
Google’s response seems also an admission of how difficult it is to provide fresh, timely search results while simultaneously combating spammers. Part of the appeal of Twitter to many people is the platform’s ability to provide real-time information; the live Web works remarkably well there so far because Twitter’s set up isn’t very conducive to spam (yet). At least Twitter has to some extent control over accounts.
Google, on the other hand, cannot control for content appearing on the Web at large, and historically its famous algorithm performed better than any other at weeding out spammy webpages and malicious results. Unfortunately, that was a version of the Web that was more static. The live Web presents entirely new challenges manifesting as the first major weakness the search engine has faced.

The company naturally didn’t have a comment on the recently pondered “link velocity” ranking factor. Search engine optimization experts have identified the speed at which organic links appear as a possible important influence.

Link velocity therefore aids in explaining how blackhatters were able to manipulate search results by dropping enormous amounts of link spam into comment and discussion areas of social sites. The freshness or buzzy nature of a query also aided in this pursuit, and cyber criminals merely have to follow Google Trends and Google News to know which keywords and phrases to target.

Cisco Systems Inc. has issued three security patches to fix bugs that could crash its products and is drawing a warning from the SANS Internet Storm Center.

The updates, issued Wednesday, fix denial-of-service bugs in the SSH (Secure Shell) software in Cisco’s Internetworking Operating System (IOS), which is used to power its routers, and in the Cisco Service Control Engine, which provides carrier-grade networking services.

Cisco has also patched a privilege-escalation vulnerability in its Voice Portal automated telephone customer service software.

In its security advisories, Cisco said that all of the bugs had been discovered by its own researchers, but SANS warned that researchers are likely reverse-engineering the patches and may release exploit code publicly.

These particular updates are getting extra attention from the security community, which is now closely investigating how malicious software might work on IOS, an operating system that has largely evaded serious scrutiny. On Thursday, for example, Core Security Technologies analyst Sebastian Muniz is slated to give a widely anticipated presentation on a Cisco rootkit he calls the DIK (for “da IOS rootkit”) at the EuSecWest Applied Security Conference in London.

Cisco recently changed its software update policy, saying it will now issue IOS patches only in March and September each year, unless forced to rush out a fix for serious bugs that are publicly disclosed or actively exploited. On Wednesday, a Cisco spokesman couldn’t immediately say whether his company considered the IOS patch, which fixes a flaw in the SSH server, an out-of-cycle update.

But Core Chief Technology Officer Ivan Arce said that Cisco’s SSH bug fix is not connected to his company’s rootkit presentation. “It is more likely that this is related to an ongoing distributed SSH brute-forcing attack that a few people reported in the incidents mailing list last week,” he said in an e-mail interview.

The SSH server is used by administers to remotely log into a router using encryption. Bugs in the software could let an attacker repeatedly reload the device or access “spurious” parts of the router’s memory and could be used to disable the hardware in a denial-of-service attack, Cisco said.

“While the ‘Exploitation and Public Announcements’ portion of all three advisories states that the [vulnerabilities] were discovered in-house, it’s a pretty safe bet that a fair number of security researchers are feverishly reverse-engineering the updates to develop exploits,” wrote SANS Internet Storm Center contributor George Bakos in a blog posting.

“Anytime we see a ’spurious memory access’ leading to a denial of service, thoughts immediately go to arbitrary code execution. There is no evidence that this is possible, but in light of the recent work in IOS rootkits, [vulnerabilities] in Cisco devices should not be taken lightly,” he wrote.

Use Virtual Private Networks for Secure Internet Data Transfer

Data sent across the public Internet is generally not protected from prying eyes, but you can make your Internet communications secure and extend your private network with a virtual private network (VPN) connection. A VPN connection uses encryption and tunneling to transfer data securely on the Internet to a remote access VPN server on your workplace network. Using a VPN helps you save money by using the public Internet instead of making long—distance phone calls to connect securely with your private network.

To make a VPN connection, you must be already connected to the Internet. You can make a VPN connection by first dialing an Internet service provider (ISP) or by using an existing connection to the Internet.

To make a VPN connection

1.	Open Network Connections. (Click Start, click Control Panel, click Network and Internet Connections, and then click Network Connections.)
2.	Under Network Tasks, click Create a new connection, and then click Next.
3.	On the Welcome to the New Connection Wizard page of the New Connection Wizard, click Next.
4.	On the Network Connection Type page, click Connect to the network at my workplace, and then click Next as shown below.
5.	On the Network Connection page, click Virtual Private Network connection, and then click Next as shown below.
6.	On the Connection Name page, type the name of the connection or your company name, and then click Next. An example is shown below.
7.	If you are using a dial-up connection to an ISP to connect to the Internet, the Public Network page is displayed. In Automatically dial this initial connection, select the name of the connection used to dial your ISP, and then click Next. An example is shown below.
8.	On the VPN Server Selection page, type the Domain Name System (DNS) name or Internet Protocol (IP) address of your company’s VPN server on the Internet, and then click Next. An example is shown below.
9.	On the Completing the New Connection Wizard page, click Finish.
10.	A Connect dialog box is displayed. Type the user name and password to access your company’s private network and then click Connect. An example is shown below.

In computing, the SSH File Transfer Protocol (sometimes called Secure File Transfer Protocol or SFTP) is a network protocol that provides file transfer and manipulation functionality over any reliable data stream. It is typically used with version two of the SSH protocol (TCP port 22) to provide secure file transfer, but is intended to be usable with other protocols as well.

Compared to the earlier SCP protocol, which allows only file transfers, the SFTP protocol allows for a range of operations on remote files – it is more like a remote file system protocol. An SFTP client’s extra capabilities compared to an SCP client include resuming interrupted transfers, directory listings, and remote file removal. For these reasons it is relatively simple to implement a GUI SFTP client compared with a GUI SCP client.

SFTP attempts to be more platform-independent than SCP; for instance, with SCP, the expansion of wildcards specified by the client is up to the server, whereas SFTP’s design avoids this problem. While SCP is most frequently implemented on Unix platforms, SFTP servers are commonly available on most platforms.

SFTP is not FTP run over SSH, but rather a new protocol designed from the ground up by the IETF SECSH working group. It is sometimes confused with Simple File Transfer Protocol.

The protocol itself does not provide authentication and security; it expects the underlying protocol to secure this. SFTP is most often used as subsystem of SSH protocol version 2 implementations, having been designed by the same working group. However, it is possible to run it over SSH-1 (and some implementations support this) or other data streams. Running SFTP server over SSH-1 is not platform independent as SSH-1 does not support the concept of subsystems. An SFTP client willing to connect to an SSH-1 server needs to know the path to the SFTP server binary on the server side.

The Secure Internet Live Conferencing (SILC) protocol defines the SFTP as its default file transfer protocol. In SILC the SFTP data is not protected with SSH but SILC’s secure packet protocol is used to encapsulate the SFTP data into SILC packet and to deliver it peer-to-peer. This is possible as SFTP is designed to be protocol independent.

For uploads, the transferred files may be associated with their basic attributes, such as timestamps. This is an advantage over the common FTP protocol, which does not have provision for uploads to include the original date/time stamp attribute.

Standardization

The protocol is not yet an Internet standard. The latest specification is an expired Internet Draft, which defines version 6 of the protocol. Currently the most widely used version is 3, implemented by the popular OpenSSH SFTP server. Many Microsoft Windows-based SFTP implementations use version 4 of the protocol, which has weakened its ties with the Unix platform.

The Internet Engineering Task Force (IETF) “Secsh Status Pages” search tool contains links to all versions of the Internet draft-ietf-secsh-filexfer which describes this protocol.

Description
Microsoft DirectX is prone to a remote code-execution vulnerability because the DirectShow component fails to properly handle compressed media files. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application that uses DirectX. Failed exploit attempts will result in a denial-of-service condition.

Technologies Affected
Microsoft DirectX 8.1
Microsoft DirectX 9.0
Microsoft DirectX 9.0 a
Microsoft DirectX 9.0 c
Microsoft DirectX 9.0 b

Recommendations
Run all software as a nonprivileged user with minimal access rights.
To limit the potential damage that a successful exploit may achieve, run all nonadministrative software as a regular user with the least amount of privileges required to successfully operate.
Do not accept or execute files from untrusted or unknown sources.
To reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.
Do not follow links provided by unknown or untrusted sources.
Web users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.
Implement multiple redundant layers of security.
Since this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities.

The vendor has released an advisory along with fixes. Please see the references for details.

References
Source: Microsoft Security Bulletin MS09-011
URL: http://www.microsoft.com/technet/security/Bulletin/MS09-011.mspx

Source: Microsoft DirectX Homepage
URL: http://msdn.microsoft.com/directx/

Hackers who write bot-type viruses have one goal in mind: infect as many machines as possible and preserve the network of zombie (virus-infected) computers. This network of infected machines is called a botnet. Once a machine is infected with a bot, the virus sits quietly in the background and waits for a command from the hacker. For this reason many people are not aware that their computer has been infected with a bot.

The infection cycle looks like this:

1. Virus author sends out email spam containing viruses, or uses some other method of social engineering to trick people into installing the virus on their computer.
2. Infected computers log into an IRC server or other communications medium to form a network of infected systems. This is known as a botnet.
3. The author uses the botnet to send out more spam using the infected computers.
4. Users infect their computers by clicking on links in spam, and the process starts again.
5. At any time, a spammer may purchase access to this botnet from the author to send spam, or a cybercriminal may do this and use the infected machines to attack critical network resources, such as a company server or a website.