YouTube HD

Screenshots of YouTube videos in HD

YouTube began testing HD last fall. Now it’s here. Sort of. A tipster nabbed this screenshot of a YouTube video which gives the use the option to “watch this video in higher quality.” We tried it out and took screenshots from the same frame in the video. Comparison shots, below.

Normal quality:

Higher quality:

The full-screen comparison isn’t exactly startling. Here’s a detail that makes the distinction clearer.

Apple MacBook Air Hacked In Two Minutes

Apple’s MacBook Air was hacked in just two minutes at the CanSecWest security conference’s PWN 2 OWN hacking contest, with former National Security Agency employee Charlie Miller walking away with a $10,000 prize.

Show organizers also offered a Sony Vaio, Fujitsu U810 and the MacBook Airas prizes, saying that they could be won by anybody at the show who could find a way to hack into each of them and read the contents of a file on the system, using a previously undisclosed ‘0day’ attack.

Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but on Thursday the rules were relaxed so that attackers could direct contest organizers using the computers to do things like visit websites or open email messages.

The MacBook was the only system to be hacked by Thursday, however, the word on the show floor is that the Linux and Vista systems will meet with some serious challenges today.

Miller, a former National Security Agency employee best known as one of the researchers who first hacked Apple’s iPhone last year, didn’t take much time. Within two minutes, he directed the contest’s organizers to visit a website that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on.

He was the first contestant to attempt an attack on any of the systems.

Miller was quickly given a nondisclosure agreement to sign and he’s not allowed to discuss particulars of his bug until the contest’s sponsor, TippingPoint, can notify the vendor.

Contest rules state that Miller could only take advantage of software that was pre-installed on the Mac, so the flaw he exploited must have been accessible, or possibly inside, Apple’s Safari browser.

By late Thursday, Apple engineers were already working on patching the issue, said Aaron Portnoy, a TippingPoint researcher who is one of the contest’s judges.

Miller’s $10,000 payday may sound sweet, but it’s not the most Miller has been paid for his work. In 2005, he earned $50,000 for a Linux bug he delivered to an unnamed government agency.

Last year’s contest winner, Dino Dai Zovi, exploited a vulnerability in QuickTime to take home the prize.

Dai Zovi, who congratulated Miller after his hack, didn’t participate in this year’s contest, saying it was time for someone else to win.

Shane Macaulay, who was Dai Zovi’s co-winner last year, spent much of Thursday trying to hack into the Fujitsu Vista laptop, at one point rushing back to his Vancouver area home to retrieve a file that he thought might help him hack into the system.

But it was all in vain.

“It’s one thing to find a vulnerability, it’s another thing to make working exploit code,” said Terri Forslof, TippingPoint’s Manager of Security Response.

Forslof said that a number of “high quality” researchers have said that they will attempt to hack the machines on Friday, the last day of the conference.

She expects both systems to be hacked on Friday, when contest rules will be further eased, and hackers will be able to attack popular third-party software that can be installed on the systems. “I don’t think we’ll have to take any home,” she said.

Sharp Launches Mobile Phone for Bloggers

Sharp has launched a new mobile phone in Japan that features a small QWERTY keyboard and a tool allowing users to easily update their blogs.

The Sharp 922SH went on sale on Thursday and has a 3.5-inch display that folds out to the side so the phone can be used more like a miniature laptop than a traditional clamshell phone. The widescreen VGA display has a resolution of 854 pixel by 480 pixels.

The phone has an RSS reader and a PC-style web browser in addition to one more adapted to mobile use.

There’s a three-row QWERTY keyboard above which sit hot keys for functions such as digital mobile TV and the camera. There are also buttons for phone functions, navigation keys and a shortcut key to Yahoo Mobile, the mobile internet service offered by Softbank, which is the largest shareholder in Yahoo Japan.

The phone works on the WCDMA (Wideband Code Division Multiple Access) used in Japan and the GSM (Global System for Mobile Communications) networks found elsewhere. Its features include Bluetooth and a 2MP main camera and 110,000-pixel sub-camera for videoconferencing. It accepts Micro SD memory cards.

The phone measures 56mm by 116mm by 17mm and weighs 132g. Battery life is 250 minutes of talk time on WCDMA and 270 minutes on GSM with standby time at 340 hours and 310 hours respectively, said Sharp. TV viewing time is 4.5 hours.

The phone is locked to the Softbank network in Japan and there are no plans at present to launch it overseas.

Google Search Behind Most Phishing Sites

Three-quarters of phishing sites are built on hacked servers that have been tracked down using pre-programmed Google search terms, according to research from brand-protection firm MarkMonitor.

Among other activities, MarkMonitor tracks phishing attacks that target brand names.

Researchers compiled a list of 750 Google search terms that are used to track down websites likely to have easily exploitable vulnerabilities – mostly PHP-based sites.

The search terms return a list of sites likely to have particular vulnerabilities; the attackers then exploit the vulnerability, gain access to the site, and then use it to host malicious code or counterfeit web pages as part of the scam.

MarkMonitor found that 75 percent of the phishing sites it had discovered had been originally tracked down using one of the list of 750 Google search terms. The finding was based on a sample of one-quarter of the phishing sites logged by the firm.

The search terms, called “Google dorks”, are actively traded on internet forums, and are routinely scanned by IRC-based “bots”, which also scan Yahoo and AOL Search results, according to MarkMontitor.

Google has already made moves to block automated exploitation of the “dorks”, but they can still be used manually.

The websites exploited tend to be small, local PHP-based sites, which are less likely to have the latest patches installed, and are invaded via one of more than 1,800 known PHP bugs, MarkMonitor said.

In the fourth quarter of 2007, 412 organizations were targeted by phishing attacks, up 37 percent from the same period in 2006, according to the firm’s Brandjacking Index, published last month.

Auction sites were the biggest targets, accounting for 44 percent of the phishing emails in the fourth quarter, up from 36 percent in the first quarter of 2007.

YouTube Rolls Out Usage Analytics

In a move likely to appeal to the growing number of companies looking to add video their Websites, YouTube on Thursday rolled out a tool that can closely monitor how uploaded videos are used.

The YouTube Insight tool, available without charge, provides users with detailed statistics on how often their videos are viewed and where the users are located, said YouTube product manager Tracy Chan, in a blog post. In addition, the tool can measure how popular a video is in a specific region compared to all videos viewed there during a specific period of time.

Chan said that users can access the data by clicking on a button labeled “About This Video” in their Insight accounts.

“ gives the creators an inside look into the viewing trends of their videos on YouTube and helps them to increase views and become more popular,” Chan noted. “Partners can evaluate metrics to better serve and understand their audiences, as well as increase ad revenue. And advertisers can study their metrics and successes to tailor their marketing — both on and off the site — and reach the right viewers. As a result, Insight turns YouTube into one of the world’s largest focus groups.”

Josh Catone, a blogger at Read Write Web, noted that the Insight package does not provide users with important metrics like search engine referral data. The tool also cannot provide general link information or say whether users stop watching a video before it was finished, Catone said.

However, Catone did say that Insight does “add another piece of the puzzle for YouTube to become what Google wants it to be: the place where all the world’s videos are stored.” Along with this month’s addition of an API that allows third-party sites to access YouTube’s underlying libraries and infrastructure to create their own YouTube-like videos, the new analytics tool “simply makes YouTube that much more attractive to use as a video host,” Catone noted.

OpenOffice Update Arrives

OpenOffice.org 2.4, the latest version of the free productivity application suite, was released on Thursday and is now available for download for a number of operating systems, including Windows, Linux, and Mac OS X.

An open source project backed by Sun Microsystems, OpenOffice.org is widely regarded as the leading competitor to Microsoft Office. It is also the most prominent software to support Open Document Format (ODF), a set of open standards that challenges Microsoft’s proprietary Office file formats.

This release is mostly an incremental upgrade, however, and isn’t likely to do much to heat up the competition in the productivity applications market. It incorporates mostly minor new features and bug fixes for each of the applications in the suite, including Writer, Calc, the Base personal database, and the Impress presentation software.
The real sparks won’t start flying until the next major milestone for OpenOffice.org, version 3.0, scheduled to ship in September. That version is expected to bring long-awaited support for Microsoft’s Office 2007 file formats, which will make it easier for current Office users to migrate to the alternative suite. In addition, it will bring support for ODF 1.2 and user interface improvements, among other features.

A version of OpenOffice.org ships with most desktop Linux distributions, and current Linux users may wish to wait for their distribution maintainer to offer a version of the 2.4 upgrade that has been specially tweaked for their flavor of Linux. Windows and Mac OS X users can download installers from the OpenOffice.org distribution site.