Screenshots of YouTube videos in HD

YouTube began testing HD last fall. Now it’s here. Sort of. A tipster nabbed this screenshot of a YouTube video which gives the use the option to “watch this video in higher quality.” We tried it out and took screenshots from the same frame in the video. Comparison shots, below.

Normal quality:

Higher quality:

The full-screen comparison isn’t exactly startling. Here’s a detail that makes the distinction clearer.

Apple’s MacBook Air was hacked in just two minutes at the CanSecWest security conference’s PWN 2 OWN hacking contest, with former National Security Agency employee Charlie Miller walking away with a $10,000 prize.

Show organizers also offered a Sony Vaio, Fujitsu U810 and the MacBook Airas prizes, saying that they could be won by anybody at the show who could find a way to hack into each of them and read the contents of a file on the system, using a previously undisclosed ‘0day’ attack.

Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but on Thursday the rules were relaxed so that attackers could direct contest organizers using the computers to do things like visit websites or open email messages.

The MacBook was the only system to be hacked by Thursday, however, the word on the show floor is that the Linux and Vista systems will meet with some serious challenges today.

Miller, a former National Security Agency employee best known as one of the researchers who first hacked Apple’s iPhone last year, didn’t take much time. Within two minutes, he directed the contest’s organizers to visit a website that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on.

He was the first contestant to attempt an attack on any of the systems.

Miller was quickly given a nondisclosure agreement to sign and he’s not allowed to discuss particulars of his bug until the contest’s sponsor, TippingPoint, can notify the vendor.

Contest rules state that Miller could only take advantage of software that was pre-installed on the Mac, so the flaw he exploited must have been accessible, or possibly inside, Apple’s Safari browser.

By late Thursday, Apple engineers were already working on patching the issue, said Aaron Portnoy, a TippingPoint researcher who is one of the contest’s judges.

Miller’s $10,000 payday may sound sweet, but it’s not the most Miller has been paid for his work. In 2005, he earned $50,000 for a Linux bug he delivered to an unnamed government agency.

Last year’s contest winner, Dino Dai Zovi, exploited a vulnerability in QuickTime to take home the prize.

Dai Zovi, who congratulated Miller after his hack, didn’t participate in this year’s contest, saying it was time for someone else to win.

Shane Macaulay, who was Dai Zovi’s co-winner last year, spent much of Thursday trying to hack into the Fujitsu Vista laptop, at one point rushing back to his Vancouver area home to retrieve a file that he thought might help him hack into the system.

But it was all in vain.

“It’s one thing to find a vulnerability, it’s another thing to make working exploit code,” said Terri Forslof, TippingPoint’s Manager of Security Response.

Forslof said that a number of “high quality” researchers have said that they will attempt to hack the machines on Friday, the last day of the conference.

She expects both systems to be hacked on Friday, when contest rules will be further eased, and hackers will be able to attack popular third-party software that can be installed on the systems. “I don’t think we’ll have to take any home,” she said.

Sharp has launched a new mobile phone in Japan that features a small QWERTY keyboard and a tool allowing users to easily update their blogs.

The Sharp 922SH went on sale on Thursday and has a 3.5-inch display that folds out to the side so the phone can be used more like a miniature laptop than a traditional clamshell phone. The widescreen VGA display has a resolution of 854 pixel by 480 pixels.

The phone has an RSS reader and a PC-style web browser in addition to one more adapted to mobile use.

There’s a three-row QWERTY keyboard above which sit hot keys for functions such as digital mobile TV and the camera. There are also buttons for phone functions, navigation keys and a shortcut key to Yahoo Mobile, the mobile internet service offered by Softbank, which is the largest shareholder in Yahoo Japan.

The phone works on the WCDMA (Wideband Code Division Multiple Access) used in Japan and the GSM (Global System for Mobile Communications) networks found elsewhere. Its features include Bluetooth and a 2MP main camera and 110,000-pixel sub-camera for videoconferencing. It accepts Micro SD memory cards.

The phone measures 56mm by 116mm by 17mm and weighs 132g. Battery life is 250 minutes of talk time on WCDMA and 270 minutes on GSM with standby time at 340 hours and 310 hours respectively, said Sharp. TV viewing time is 4.5 hours.

The phone is locked to the Softbank network in Japan and there are no plans at present to launch it overseas.

Three-quarters of phishing sites are built on hacked servers that have been tracked down using pre-programmed Google search terms, according to research from brand-protection firm MarkMonitor.

Among other activities, MarkMonitor tracks phishing attacks that target brand names.

Researchers compiled a list of 750 Google search terms that are used to track down websites likely to have easily exploitable vulnerabilities - mostly PHP-based sites.

The search terms return a list of sites likely to have particular vulnerabilities; the attackers then exploit the vulnerability, gain access to the site, and then use it to host malicious code or counterfeit web pages as part of the scam.

MarkMonitor found that 75 percent of the phishing sites it had discovered had been originally tracked down using one of the list of 750 Google search terms. The finding was based on a sample of one-quarter of the phishing sites logged by the firm.

The search terms, called “Google dorks”, are actively traded on internet forums, and are routinely scanned by IRC-based “bots”, which also scan Yahoo and AOL Search results, according to MarkMontitor.

Google has already made moves to block automated exploitation of the “dorks”, but they can still be used manually.

The websites exploited tend to be small, local PHP-based sites, which are less likely to have the latest patches installed, and are invaded via one of more than 1,800 known PHP bugs, MarkMonitor said.

In the fourth quarter of 2007, 412 organizations were targeted by phishing attacks, up 37 percent from the same period in 2006, according to the firm’s Brandjacking Index, published last month.

Auction sites were the biggest targets, accounting for 44 percent of the phishing emails in the fourth quarter, up from 36 percent in the first quarter of 2007.

OpenOffice.org 2.4, the latest version of the free productivity application suite, was released on Thursday and is now available for download for a number of operating systems, including Windows, Linux, and Mac OS X.

An open source project backed by Sun Microsystems, OpenOffice.org is widely regarded as the leading competitor to Microsoft Office. It is also the most prominent software to support Open Document Format (ODF), a set of open standards that challenges Microsoft’s proprietary Office file formats.

This release is mostly an incremental upgrade, however, and isn’t likely to do much to heat up the competition in the productivity applications market. It incorporates mostly minor new features and bug fixes for each of the applications in the suite, including Writer, Calc, the Base personal database, and the Impress presentation software.
The real sparks won’t start flying until the next major milestone for OpenOffice.org, version 3.0, scheduled to ship in September. That version is expected to bring long-awaited support for Microsoft’s Office 2007 file formats, which will make it easier for current Office users to migrate to the alternative suite. In addition, it will bring support for ODF 1.2 and user interface improvements, among other features.

A version of OpenOffice.org ships with most desktop Linux distributions, and current Linux users may wish to wait for their distribution maintainer to offer a version of the 2.4 upgrade that has been specially tweaked for their flavor of Linux. Windows and Mac OS X users can download installers from the OpenOffice.org distribution site.

Motorola announced six new products and technology demonstrations Wednesday that are designed to improve the consumer mobile media experience. The devices include a new mobile TV with a touch-screen user interface.

The new Mobile TV DH02 and the other five products will be shown at the CTIA mobile and wireless conference in Las Vegas next week, Motorola said. The previous version, the DH01, did not have the touch-screen capabilities.

U.S. regulators have not allocated wireless spectrum to allow digital broadcasts for handhelds such as the DH02, but Motorola believes that area will open up later this year or early in 2009, a spokeswoman said. The standard is “far more prevalent” in other areas of the world, she added.

Users of Mobile TV DH02 will be able to click, drag and scroll through icons in menus to reach mobile TV content. For wireless carriers, the device will include support for HSDPA and GPRS networks to allow the carriers to provide interactive services for customers. A few details of the DH02 were released; It has the ability to provide 25 frames per second of digital video and its offers portrait view for navigation as well as landscape view for mobile TV and personal media entertainment. Pricing will depend on individual carriers.

Also Wednesday, Motorola announced a plug-and-play desktop device to support indoor fixed WiMax networks, which are rolling out in some states from carriers such as Clearwire. The new CEPi 150 will likely be sold to consumers by carriers and is designed to provide automatic connections to a WiMax service from a carrier for use with devices within a home. It is also certified for mobile Wimax connections in vehicles. Motorola also will present it during a mobile WiMax demonstration at CTIA.

Analysts noted that Motorola’s product announcements came on the same day that the company announced its intentions to split off its mobile devices division from its other divisions, probably in an attempt by Motorola to show that it still has a robust product line with new innovations.

The other four products are devoted to ways that carriers can improve wireless networks. A new CDMA femtocell will be demonstrated next week, to be installed in a home or small business to enhance wireless voice and data services. Motorola has previously announced a 3G UMTS femtocells. Femtocells are small, low power, self-installed wireless base stations.

Also, The company will demonstrate a single device to be installed in a carrier’s wireless base station that can support both LTE (Long Term Evolution technology) and WiMax, and can be software configurable to support either technology.

In addition, Motorola will provide a separate demonstration of an LTE wireless network supporting high-definition video transmissions, well in advance of the expected rollout of LTE networks in two or more years in the U.S. Finally, the company plans to show at CTIA a network handoff of a voice-over-IP call and a streaming video from a CDMA EV-DO Rev A network to an LTE network.

Advanced Micro Devices on Thursday announced new Phenom chips, including quad-core chips and its first triple-core processors for desktop PCs.

The company’s triple-core Phenom X3 8000 series processors provide an option to mainstream PC buyers who don’t want to spend on a quad-core processor but are looking for more performance than a dual-core processor, said Pat Moorhead, vice president of advanced marketing at AMD.

The chips could be used for high-definition video playback, casual mainstream gaming and productivity applications, Moorhead said.

The company’s first triple-core processors include the Phenom X3 8400, which runs at 2.1GHz, and the Phenom X3 8600, which runs at 2.3GHz. Both will come with 1.5MB of L2 cache and 2MB of L3 cache.

AMD also launched three Phenom quad-core processors on Thursday — the Phenom X4 9750, which runs at 2.4Ghz; the Phenom X4 9850, which runs at 2.5GHz; and the Phenom 9100e, a low-voltage quad-core processor that runs at 1.8GHz and has a 65-watt power envelope during maximum usage. All the processors contain 2MB of L2 cache and 2MB of L3 cache.

PC makers will ship products with the quad-core processors in the second quarter, AMD said.

The triple-core processors are already shipping in volume to PC makers, AMD said. U.S. vendor ZT Systems will list PCs with the new triple-core Phenoms on Monday, with other “major OEMs” and system vendors shipping products next quarter, AMD said. Many major vendors, including Dell and Hewlett-Packard, have already hinted at including the processors in desktops.

Dell has listed plans to use the chip in its OptiPlex 740 business desktop systems. It will ship the triple-core OptiPlex in the second quarter, a company spokeswoman recently said, but she declined to specify which processor will run the desktop. Hewlett-Packard has also listed a desktop on its Bulgarian-language Web site with AMD’s Phenom Triple-Core 8600B processor.

Mesh Computer, a PC vendor in the U.K., is offering the Matrix XXX Plus desktop with the Phenom X3 8400 processor and the Matrix XXX Pro desktop with the Phenom 8600 processor.

Because the triple-core chip is a new concept–set between the widely accepted dual- and quad-cores–it’s unclear how it will fit in the market, said Dean McCarron, founder and principal at Mercury Research.

“You’re going to get a performance enhancement with the extra core above and beyond a dual-core,” McCarron said. But it also falls shy of a quad-core.

AMD designed the triple-core as a way to produce a cheaper chip. The triple-core processor is built on a quad-core CPU, with one core nonfunctional, McCarron said.

The triple-core chip gives AMD a tactical advantage over Intel, McCarron said. Intel will need to answer the triple-core chip with a product priced in the same range while delivering similar performance. Intel can take a dual-core or quad-core processor, adjust features like cache, and price it similar to AMD’s triple-core processor, McCarron said.

The next generation Eee PC laptop by Asustek Computer will come with a multi-touch trackpad in addition to the larger screen, better Webcam and increased data storage, a company representative said Thursday.

The Eee PC 900 boasts an 8.9-inch screen, larger than the 7-inch display on the original Eee PC 701 model, along with a 1.3 MP camera and 12GB solid-state disk drive (SSD). The Webcam on the Eee PC 701 is only 0.3MP and the largest SSD is 8GB.

The Eee PC 900’s oversized touchpad works similar to the Macbook Air. Using two fingers, a person can zoom in and out of documents and photos, scroll up and down, and more, an Asustek representative said.

A picture of the Eee PC 900 can be found on the Federal Communications Commission’s Web site, where details were submitted for approval by the U.S. government regulator.

A few things the Eee PC 900 will not have include a touchscreen and GPS (global positioning system), the Asustek representative said, despite some news reports to the contrary.

The Eee PC 900 will come pre-loaded with either Microsoft Windows XP or Linux OSs, the representative said.

The first devices will likely hit some markets by June this year. Pricing will vary by country, but in Europe, the new Eee PC will cost around $626.

Mozilla patched 10 vulnerabilities, half of them marked “critical,” in its open-source browser as it updated Firefox to version 2.0.0.13. The new Mozilla Messaging spin-off, however, was not able to provide a matching update to its Thunderbird e-mail client, which shares five of the Firefox flaws that were fixed.

Mozilla’s six advisories spelled out five Firefox bugs marked “critical,” three tagged “high” and one each “moderate” and “low.”

“There’s a little bit here to interest most everyone,” said Andrew Storms, director of security operations at nCircle Network Security. “The bulletins claim no favor in the many types of vulnerabilities typically associated with browsers.”

Among the critical flaws were a pair that could be exploited to crash the browser or its JavaScript engine, and perhaps do more. “Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code,” Mozilla wrote in the advisory pegged as 2008-15.

Mozilla also patched potential identity leaks, spoofing bugs and cross-site scripting vulnerabilities in 2.0.0.13. But the fix that caught Storms’ eye was detailed by 2008-18, a fix for LiveConnect, a feature that harks back to Firefox’s predecessor, Netscape Navigator. LiveConnect lets Java applets call a Web page’s embedded JavaScript, or JavaScript access the Java runtime libraries, and is used by both Firefox and Apple Inc.’s Safari 3 browser.

“Sun has updated the Java Runtime Environment with a fix for this problem. Mozilla has also added a fix to LiveConnect to protect users who don’t have the latest version of Java,” Mozilla said in the advisory.

“Here we have Firefox putting out a mitigation step for a bug in Java,” said Storms. “It’s a welcomed addition when one vendor can help out another.”