Microsoft Patches 'Critical' Crack in Windows Operating System

Steve Ballmer, chief executive officer of Microsoft

Nautilus Science & Technology News
By: Marco A. Ayllon
August 3, 2010


Microsoft released an emergency patch for a "critical" crack in Windows operating system software that could let hackers take control of computers over the internet.

"The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed," the US technology giant said in a security bulletin ranked 'Critical.' "An attacker who successfully exploited this vulnerability could gain the same user rights as the local user."

Computer users commonly use shortcuts in the form of on-screen icons they can click to instantly awaken favoured applications.

The Windows flaw lets hackers booby-trap such icons with malicious software that could let them control machines from afar.

Microsoft routinely releases software patches the second Tuesday of each month but resorts to making patches available "out of band" when it deems situations dangerous.

"Several families of malware have been attempting to attack this vulnerability," Microsoft Trustworthy Computing response manager Christopher Budd wrote in a blog post.

"We firmly believe that releasing the update out of band is the best thing to do to help protect our customers."

Some attacks have reportedly been directed at power plants and other vital infrastructure. People using computers running on any version of Windows software were urged to apply the update immediately.

Google Fixes Image Search to Eliminate Clutter, Will Improve Search Results

Nautilus Science & Technology News

By: Marco A. Ayllon
July 20, 2010


Google's image search service will be getting a revamp this week, aimed at making the search function easier to use, and to provide more relevant results. The redesign is essentially the service's first major makeover since Google Images went live in 2001.


At that time, only 250 million images had been catalogued by the Mountain View, Calif. search company. Now over 10 billion images are indexed. With such an increase in volume, obviously the search functionality will need to improve, as does the way the site displays ever larger results.

"We hope [the changes] not only make it easier to search for images, but also contribute to a better aesthetic experience," product manager Nate Smith said. "We see images as a major source of inspiration, a way of connecting the world--and their growth is showing no signs of slowing down."

Such is the focus of the changes. The image page will take on a decidedly Bing-like look, where text in the results are eliminated, and image results are spaced more tightly together. Also "infinite scroll" has been introduced: more results would load as the user scrolls down, up to 1,000 images per page.

Interactivity is also increased. Hovering over an image will give the user a larger preview, along with information on that specific image and possible similar ones. Clicking on it takes the user to a preview of the image overlaid on a cached version of the page that it came from.

At an event at Google's Mountain View campus Tuesday, officials said other features will be on their way, such as timeline-based searching of images. It also said that only 10 percent of users would be able to see the changes starting today: it expects a full launch by the end of the week.

With the new Google Images comes a new advertising format, which for the time being would appear exclusively on the Images section. The new option would allow advertisers to place a thumbnail image beside their ad text.

It is not clear whether the search giant has plans to expand this format elsewhere.

Microsoft is Working With a Tough Patch Job Helping Windows Shortcut Bug

Nautilus Science & Technology News

By: Marco A. Ayllon
July 20, 2010

Another researcher disputes that, says fix could come within two weeks

Microsoft may have a tough time fixing the Windows shortcut vulnerability, a security researcher said today.


A noted vulnerability expert, however, disagreed, and said Microsoft could deliver a patch within two weeks.

"The way Windows' shortcuts are designed is flawed, and I think they will have a very hard time patching this," said Roel Schouwenberg, an antivirus researcher with Moscow-based Kaspersky Lab.

Schouwenberg based his prediction that a patch may prove elusive on the fact that Microsoft has never faced a security issue with shortcuts, and thus has no security processes in place that it can quickly tweak.

For its part, Microsoft considers the flaw a security vulnerability, and has promised a patch. As of Tuesday, however, it had not set a timeline for a fix.

Microsoft has acknowledged that attackers can use a malicious shortcut file, identified by the ".lnk" extension, to automatically execute their malware by getting users to view the contents of a folder containing a malformed shortcut. The risk is even greater if hackers use infected USB flash drives to spread their attack code, since the latter automatically executes on most Windows PCs as soon as drive is plugged into the machine.

All versions of Windows are vulnerable to attack, including the just-released beta of Windows 7 Service Pack 1 (SP1), as well as the recently retired Windows XP SP2 and Windows 2000.

Attackers have exploited the shortcut bug to gain control of important computers at a customer of Siemens, the German electronics giant. Siemens last week alerted users of its Simatic WinCC management software of attacks targeting large-scale industrial control systems in major manufacturing and utility companies.

Time is also working against Microsoft. "This may take them awhile to patch," said Schouwenberg. "But the wider-scale use of this is imminent." Schouwenberg's last comment echoed those of other security experts Monday, when several organizations bumped up their Internet threat indicators in anticipation of impending attacks.

Another problem facing Microsoft is that the code is obviously old, making a quick patch that much more unlikely. The vulnerability exists in Windows as far back as the Windows 2000 edition, which Schouwenberg has tested and successfully exploited.

Schouwenberg compared the age of the code to that which Microsoft was forced to patch in the WMF (Windows Metafile) image format and Windows' animated cursor (.ani) file formats, in 2006 and 2007, respectively.

In both those cases, Microsoft issued emergency patches -- dubbed "out-of-band" or "out-of-cycle" -- outside its usual monthly schedule.

"I'm quite amazed that [the shortcut] bug hasn't been found before by researchers or by Microsoft," said Schouwenberg. "I would have figured that Microsoft would have caught this. But the fact that it's tied so closely with the OS may have been a problem."

Other researchers disputed Schouwenberg's assertion that a patch would occupy Microsoft for a long time.

"My guess is they will address this out-of-band and within two weeks, based on the exploits in the wild and the press coverage of the Siemens' software hack," said HD Moore, the chief security officer of Rapid7 and the creator of the well-known Metasploit hacking toolkit, in an e-mail reply to questions Tuesday.

An exploit of the shortcut flaw was added to Metasploit Monday, and Moore has been tweaking it since. Today, he said he was able to modify the exploit to create a true drive-by attack, where Windows PCs would be immediately compromised if their users were duped into browsing to a malicious Web site.

"It's always possible that Microsoft will find some very clever idea that will let them patch this quickly," said Schouwenberg.

Boeing's 'Phantom Eye' Ford Fusion Powered New Stratocraft

Nautilus Science & Technology News
By: Marco A. Ayllon
July 13, 2010

Twin car engines let robocraft make 4-day flights

US aerospace mammoth Boeing yesterday rolled out its "Phantom Eye" unmanned strato-plane, able to cruise high above the airlanes for up to four days - powered by two ordinary Ford car engines running on hydrogen.

"The program is moving quickly, and it’s exciting to be part of such a unique aircraft," said Drew Mallow, Phantom Eye program manager, in a statement issued yesterday. "The hydrogen propulsion system will be the key to Phantom Eye's success. It is very efficient and offers great fuel economy, and its only byproduct is water, so it's also a 'green' aircraft."


To be specific, the Phantom Eye uses 2.3 litre four-cylinder engines of a type normally found in some models of petrol-burning Ford Fusion, turbocharged and tweaked so as to run on hydrogen at 65,000 feet.

Four days would suggest pretty good fuel economy, right enough. However "green" is a bit of a stretch as hydrogen at the moment is normally made by reforming natural gas. This releases copious amounts of carbon into the atmosphere - usually more than one would generate by running an ordinary fossil-fuelled car engine - so it is hardly green*.

One might also quibble with the "moving quickly" description of Phantom Eye. True, Boeing announced that it would start work on the Eye only in March, which would suggest impressive speed by the Phantom Works engineers.

In fact, however, the company has been touting Ford-powered high altitude drones for several years now. Indeed, back in 2007 it managed to get some military development cash for the previous "Orion" single-engined version, which could also stay up for four days. At that time, Boeing considered that a twin-engined job along Phantom Eye lines would be good for 10 days, not four - though the firm seems to have walked back on that somewhat.

Phantom Eye, then, hasn't appeared with lightning swiftness: though one might excuse the Phantom Works engineers for that. The event which actually got the ball rolling again on the Phantom Eye was Boeing's decision to provide development cash itself, having failed to get any from government customers. Lately, companies such as General Atomics have won a lot of government UAV business by offering finished products rather than insisting on taxpayers furnishing development money up front.

The next move for Phantom Eye is shipment to NASA’s Dryden Flight Research Center at Edwards Air Force Base in California. It's expected to make its first flight next year. ®

Nautilus News Bootnote

*Hydrogen might be made greenly in future by cracking water with electricity; however at current 'leccy prices this is more expensive than gas reforming. Then, hydrogen is difficult and expensive to store and transport afterwards as well. At the moment, for military users - the likeliest initial Phantom Eye customers - it will be easier to set up transportable gas-fuelled hydrogen plants at airbases as necessary.

Google Released DIY Code Tools For Android Phones

Programs can be built by clicking and dragging blocks

Nautilus Science & Technology News
By: Marco A. Ayllon
July 13, 2010


Google has deployed tools that "make it easy for anyone to create programs for Android phones".


Much like Lego, App Inventor lets people drag "blocks" of code around to create applications. Google said it had been working on the system for a year and were pitched at those with little knowledge of programming.

The tools have been tested over the last 12 months by school children and college students, it said. The graphical blocks represent the different functions and capabilities of a smartphone.

For instance, one tester of the App Inventor used the GPS locator, timer, and database querying blocks to produce an app that told his friends where he was every 15 minutes.


MIT inside

The programming system was developed with the help of computer scientists at Massachusetts Institute of Technology (MIT) who created a similar coding system known as Open Blocks.

MIT scientist Mitch Resnick used it to create the Scratch programming language that lets children put together programs by clicking and dragging on-screen blocks.

A Gmail account is required for anyone wanting to use the tools and users must apply via a web form. Tutorials are provided to help people get started with the tools.

The tool may well prompt a spike in the number of apps for Android phones which, statistics suggest, are already enjoying a healthy growth.

Figures gathered by Android app site AndroLib predict that the number of applications will pass the 100,000 mark by the end of July 2010, a ten fold increase compared to this time last year. However, it still has less than half the number of apps available for Apple's iPhone.

Google in its one more innovation has introduced a new tool, which will enable the users to create an Android app in a very short time. A person does not need any coding knowledge to make such application.


The new application of Google will stimulate the young and teen developers to make their own applications for Android platform.

The application by Google has followed the introduction of Ovi App Wizard App by Nokia in the month of May. However, the Nokia app has some limitations.

The Google app inventor is simple and easy, and a very powerful tool to create Android apps. A developer can now create funny jokes app or custom reminder app. To create an app, one needs to use the custom blocks in the tool and then drop them in the phone’s interface.

The team for app inventor has formed various blocks for different functions and purposes. The app permits access to GPS-location sensor of the phone for creating location-services app. The visual interface of the app allows access to the basic functions of the phone. To create app for Android through this new application, a person does not require the knowledge of C++ and Java.

Windows 8 to Leverage USB 3.0, Bluetooth 3.0, Facial Login, 3D Display DirectX

Nautilus Technology & Science News
By: Marco A. Ayllon
June 28, 2010

Software:  OEMs given an an early update on Windows 7's successor


Not wanting to rest on the laurels of Windows 7, the best-selling operating system in its storied history, Microsoft is racing to develop its successor, code-named Windows 8. That upcoming product is rumored to be slotted for a late 2011 launch.

A Microsoft enthusiast blog called Microsoft Journal has posted some leaked pieces of information from a presentation Microsoft gave OEMs about the upcoming OS. The site, run by Francisco Martin, quotes Microsoft as writing, "Windows 8 PC's turn on fast, nearly instantly in some cases, and are ready to work without any long or unexpected delays. When customers want to check e-mail, sports scores, or play media they love to reach for their PCs because they can get to what they want quickly."

Along the lines of improving startup times, Microsoft wrote that it wants to work with OEMs to focus on improving POST performance, S3 resume performance, and general performance optimizations for each of the Off states. All of these improvements would ultimately yield a system that is ready for action faster.

The blog also cites Bluetooth 3.0 and USB 3.0 as critical tools in Windows 8's drive for fast computing.

The OS reportedly will also integrate hardware sensor-driven improvements found in smart phones into desktops and laptops. The leaked text states, "Windows 8 can adapt to changes in ambient light, so that the display is always easy to see."

It also talks about facial recognition-based login technology, stating, "Camera integration will likely be ubiquitous in 2010: Windows 8 could detect my presence and log me automatically."

The post also mentions potential 3D-TV/graphics improvements, including a 3D-display-ready version of DirectX. Hard drive encryption performance improvements also appear to be on the agenda.

iOS 4 Folders: Usable, but Poorly Implemented

Nautilus Science & Technology News

By: Marco A. Ayllon
June 23, 2010

Folders are essentially collections of apps. That concept appeals greatly to people (like me) with screenful-upon-screenful of apps; by grouping similar apps together, you can clean up your many home screens and spend less time swiping.


But there are two elements to iOS 4 folders that are--to use the technical term--really, really annoying.

Annoyance #1

iOS folders can only hold 12 items. That's dopey.

Ignoring the four permanently docked apps at the bottom of each Home screen, you can store 16 apps per page on your iPhone. I imagine I'm not the only person on the planet who, prior to the launch of the new folders feature, organized his apps by screen. My first Home screen was devoted to the apps I use the most often, a few others to my favorite games, and one screen to apps for my kids.

The common factor on each of those organized screens? They all included 16 apps. Apple's design decision to limit folders to 12 apps requires that I reorganize my apps a lot--which isn't just unpleasant, it's unnecessary. Look at the "full" folder pictured to the right.

Are you seeing what I'm seeing? Namely, that nearly 80-pixel-tall region at the bottom of my screen where all you can see is my cobblestone wallpaper? You know what would fit just perfectly there?

Four more apps, that's what. I'm thinking that Apple feared putting any "non-dock" and non-fast-app-switching apps along that bottom row might confuse folks, but I disagree with that hypothetical decision I just invented. As is, even if you're not a former adherent of the "organizing by screenful" mentality, this folder layout involves a bizarre use of wasted space.

I can even explain further why Apple went with the 12-app limit, though that doesn't excuse the choice. The picture at left shows what happens when your folder is in, say, the second row.

Aha! Since this folder was in the second row, the iOS bumps it up a bit to make room to display the full contents, splitting the just-under-80-pixel difference between the top and bottom of the screen. Now there really isn't enough room, sucker!

Except, of course there is.

I'd much rather see folder icons always slide up to the very top or very bottom when opened, to allow space for 16 apps, instead of settling for this overly-constrictive approach.

Of course, limiting the number of apps per folder isn't Apple's only math problem. To wit--

Annoyance #2

Quick! How many apps are in this folder?

If you guessed nine, you could not be more wrong--but don't worry, it's not your fault. This is a bigger challenge to solve than Annoyance #1, but Apple's good at handling big challenges. (The company employs Steve Jobs, for crying out loud.)

Since the folder icon only shows a 3-by-3 grid of the apps it contains, it's currently impossible to look at a folder's icon and tell:

a) whether said folder is full (i.e., contains Apple's current foolish maximum of 12 apps, and thus will ignore any more apps you attempt to drag into it), or
b) precisely how many apps said folder contains, if that number is greater than or equal to nine.

When a folder is full, it still darkens as you drag another app over it, as if to indicate that you're about to add that app to the folder. But since the folder is full to capacity, when you release your finger, the app just slides right back to where it was, and nothing changes.

It's thus imperative that folders reflect their fullness. I'm no designer, but I'm sure Apple could come up with a visual cue to indicate whether a folder is full or not. And again, I'd prefer that fullness only be reached when your folder hits 16 apps, which may only make the icon challenge tougher.

So those are my two objections to iOS 4's current folders implementation. I can admit that I'm happier with folders than I was without them, but my concerns are real, and I don't actually consider them especially picky. Clearly, Apple needs an overall slicker approach to iPhone app navigation, and folders are meant only as a temporary assist in a world fast approaching a quarter million iOS apps. Even as a stop-gap solution, though, this implementation of folders feels half-baked.