With world governments advising citizens to switch from Internet Explorer to alternative browsers, and an unpatched security hole in at least two major versions of Internet Explorer, Microsoft has to do something to restore faith in their browser. Easiest way to do it, apparently, is saying that other browsers are even worse than IE.

Microsoft’s UK security chief Cliff Evans told Techradar that “The net effect of switching [from IE] is that you will end up on less secure browser,” and that “the risk [over this specific] exploit is minimal compared to Firefox or other competing browsers… you will be opening yourself up to security issues.”

Evans then downplays the seriousness of this problem. “The reality of the risk is minimal, even if you have IE6; you would have to go to a website running the exploit,” he says. Even if we disregard the fact that many very serious browser vulnerabilities work in that way – e.g. you have to visit a website running an exploit to be affected – there’s still the fact that this particular vulnerability isn’t just lab-tested, it’s been successfully used on unsuspecting victims in the real world. This alone makes it as serious as security holes go.

Evans continues to undermine the security record of other browsers. “There are broader risks and issues with other browsers,” he claims, at the same time admitting that the IE vulnerability that caused this entire mess probably isn’t present with other browsers. “I’m not aware that the vulnerability exists in other products, but those products may have other vulnerabilities,” he says.

While one can say that absolutely no piece of software is ever completely secure, this logic is flawed. Microsoft’s IE has a serious, unpatched security vulnerability, and pointing to possible holes that other browsers may or may not have won’t make it go away.

Dan Worth, V3.co.uk, Tuesday 19 January 2010 at 11:51:00

 The number one problem facing carriers and their customers over the coming year will be botnet-driven distributed denial-of-service (DDoS) attacks, according to Arbor Networks’ fifth annual security report.Arbor surveyed 132 large IP network operators globally, and found that more than a third of respondents believe that sophisticated DDoS attacks against services and applications will be the biggest threat in 2010, replacing large-scale botnet-enabled attacks.

There was also a reported rise in the size of DDoS attacks to a high of 49Gbit/s, up from 40Gbit/s in 2007, although this was a slow down in growth compared to recent years.

James Clegg, regional director for northern Europe at Arbor, warned that, although the attacks have slowed down, they are becoming more intelligent.

“Because DDoS attacks are now targeted at specific areas of web sites rather than the entire site, the speed of the attacks has not increased as dramatically because the more defined nature of the attacks means that speed is not as important,” he said.

Clegg also argued that the rise in cloud-based attacks shows that firms must be more aware of security measures given the open nature of cloud services.

“With applications on cloud services, any security breaches are visible for all to see so businesses can no longer attempt to cover up any hacks. We’ve seen attacks like this take on a political nature recently, such as on Twitter or the Estonian and Georgian attacks of 2007,” he said.

The report also uncovered grave concerns about the move from IPv4 to IPv6. Many companies are worried that a “perfect storm” is arising because they are not ready for the move, and admit to a lack of testing and deployment experience that could lead to vulnerabilities.

Others complained of missing IPv6 security features in routers, firewalls and other critical network infrastructure.

The findings will be backed up by a warning from the Number Resource Organisation today that IPv4 addresses will be exhausted within two years.

Many firms also said that several non-technical obstacles, such as a lack of skilled resources, management understanding and clearly-defined operational responsibilities, are preventing them from better managing threats.

Daniel Robinson, V3.co.uk, Tuesday 19 January 2010 at 11:59:00

Open Mobile Platform can pick the most cost-effective connection for mobile users

 

Mobile access firm iPass has introduced a major overhaul of its service with the goal of cutting costs and giving enterprise customers greater flexibility in the communications services they use.

The new platform is also designed to make it simpler for end users to get connected while on the move, according to the firm.

Available immediately, the iPass Open Mobile Platform gives customers greater freedom to choose which networks they wish mobile staff to use, doing deals with local carriers, for example, rather than buying into global access through a single provider or relying on networks already affiliated with iPass.

“We’re giving enterprises the tools for carrier independence, so they can decrease connection costs. At the same time we’re bringing down user support costs, making it simpler for users to get connected,” said iPass senior product marketing manager Matt Cooke.

The Open Mobile Platform is a cloud-based service with access via a portal for administrators to apply policy controls, as well as analysis on mobile network usage in order to hone those policies in the future.

“Customers have told us that things are chaotic, with employees buying their own 3G adapters and devices and enterprises struggling to manage. At the same time, workers are using the virtual private network less as more use is being made of cloud-based resources,” said Cooke.

Because the iPass service has always used a software client on each endpoint, the company is “uniquely placed to help”, according to Cooke.

The lightweight Open Mobile Connect client will make life easier for workers by automatically selecting the best available connection based on policy rules set by the IT department, and the most cost-effective connection.

“Open Mobile Connect will characterise all networks to make a decision, and it will also walk you through connecting to a public hotspot if you need to enter a key or buy a voucher,” said Cooke.

However, while iPass is positioning its client as the mobile connection manager of choice, it will “play nicely” with other connection managers, such as those supplied with 3G modems by mobile operators, applying security policies to ensure that the endpoint protection is up to date.

Licensing for the new iPass service is on a per-active user basis, and costs “just a few dollars per seat”, according to Cooke.

“But the real value of the service is how much it saves you on network usage costs,” he added.

Existing customers will given a migration path to the new platform, iPass said.

Having previously crunched the numbers on smartphone features and cost of ownership, service comparison site BillShrink now offers an informative infographic showing the costs of every carrier’s 500, 1000, and unlimited minute plans, with and without texting and data.

BillShrink’s chart shows the cost per month of having a standard cell or smartphone on Verizon, Sprint, AT&T, or T-Mobile, in the average plan divisions, with extras like a messaging plan and basic or smartphone data. It’s really helpful, but there’s a caveat—no contract purchase is ever a straightforward process. One-time deals, promotions, and slight variations offered on each plan make this chart more of a starting point for your shopping, not a final word.

Here’s the full-size chart. Click on the link at bottom for a full-size download version and BillShrink’s further notes on the real costs of cellular contracts.

Cell Phone Plans: The Ultimate Comparison [BillShrink]

After news about the landing of US Airways 1549 in the Hudson first broke on Twitter in January 2009, the microblogging service quickly captured the imagination of a new group of potential users. Throughout the first months of 2009, Twitter grew at a rapid pace, peaking at a growth rate of 13% in March 2009.

Now, however, according to the latest data from HubSpot, Twitter’s growth is slowing dramatically. In October 2009, Twitter’s growth rate had fallen to 3.5%. On a positive note, though, the average active user on Twitter today is more engaged than six months ago.

Most Twitter users, however - even if they are now more engaged on average - still have fewer than 100 followers. Only 18% of all Twitter users have more than 100 followers. A total of 81% of all users are currently also following less than 100 people. Just 6 months ago, the average user was just following around 40 accounts.

HubSpot’s analysis also shows that more Twitter users now include bios (54%), links (65%) and location data (41%) in their profiles.

International Footprint Increases

As we pointed out earlier this month, social media analytics firm Sysomos also noted that most of Twitter’s growth is currently happening internationally. According to HubSpot’s analysis of over 5 million Twitter accounts, 40% of the top 20 Twitter locations are now outside of North America. In July 2009, only 15% were from outside North America.

For Twitter, this means that its current user base is making better use of the service, but the company also has to worry that its growth is slowing down. Maybe some of the earlier high growth rates were inflated by spam accounts, but a 3.5% growth rate is very low and the overall trend is only pointing down at this time.

Everyone is trying to come up with the next generation cool gadget but most doesn’t even come close to the success of the most sought after gadgets. Searches goes beyond the material boundaries and some companies even spend silly amounts of money trying to incorporate the phone into our very own biological protection layer, the skin. There is a lot of speculation going on where things might be heading in the year of 2010 but it’s really anyones guess what will make us all greed over having it.

Some suggest that the “Palm Phone” (striking sounding like the Palm Pilot, however this really means it) will be the next phone that everyone will use. It’s a wearable wrist phone that easily can be twisted into a palm projected dial pad on which you can maneuver the many features of the phone. I am sure that there’s even going to be a video mode on the phone which somewhat brings it to sound like something straight taken from Star Trek.

However, I think we have a long way to go in order to be able to accept such a concept. We’re far too used to the touchscreen and the many applications that can be utilized with it to step back and get half the features just in order to have it projected and worn on our wrists. But this again only my own suggestions and ideas. With a bit of development maybe this could be something cool and unusual but that’s really up to some heavy guessing. At the present time this is of course only a concept and there’s no telling if it will ever be realized.

Abstract

Last week in our Mobile Web Meets Internet of Things series, we looked at barcode scanning and RFID in the next generation iPhone. We expect to see Apple and Android battling it out for both barcode and RFID supremacy this year.

Another key technology in the Internet of Things - where everyday objects are endowed with Internet connectivity - is sensors. In fact we’ve seen the most activity so far in the Internet of Things from sensor data. So in this post we explore how mobile phones and sensors are mixing; and what to expect in 2010.

RWW’s Mobile Web Meets Internet of Things Series:

Last year we wrote a lot about sensors and discovered that there are two common scenarios for sensors + mobile phones:

1) Everyday objects with sensors pumping out data on things like temperature, noise and activity; the mobile phone reads and analyzes this data.

2) The phone is used as a sensor itself. For example the iPhone has a built-in accelerometer, which is basically a motion detector.
This is used for game control and also for re-sizing your iPhone display from portrait to landscape. The iPhone also has a microphone (which can be used as a noise sensor), a proximity sensor, and an ambient light sensor.

iPhone as Sensor

A good example of scenario 2 is WideNoise, an iPhone application that samples decibel noise levels and displays the data on an interactive map. WideNoise is essentially a sound sensor, using the iPhone’s microphone.

You can take a sound reading on WideNoise and, if you so desire, share that with the community. I must admit that I haven’t found too much practical use for this app yet. However one of the use cases cited is checking it when house-hunting, to assess the average noise levels of the neighborhood. It’s one of those apps that will become more useful the more data is added to it by the community - but we all know that’s a hard thing to achieve for a young startup.

Mobile Phones Reading Sensor Data

Sensors are rapidly growing as a source of data on the Web. A corollary is that sensor networks are an enormous opportunity for some of the big tech companies. In November we wrote about HP’s CeNSE project, which aims to be a “Central Nervous System for the Earth.” CeNSE is a research and development program to build a planetwide sensing network, using billions of what HP calls “tiny, cheap, tough and exquisitely sensitive detectors.”

According to HP Labs, CeNSE sensors will enable real-time data collection, analysis and better decision making. And what will be a key tool for doing all of that? You guessed it, the mobile phone. Imagine for example getting a real-time update of traffic conditions on your mobile phone, via sensors on a major stretch of highway.

Those are the two main ways that sensors and mobile phones are mixing currently. Let us know in the comments if you have a favorite mobile phone app that outputs or inputs sensor data. Also please share other use cases.

Image credits: seizethedave; raneko

Phil Muncaster, V3.co.uk, Sunday 17 January 2010 at 13:15:00

Alibaba Group, which owns Yahoo China, describes Yahoo’s comments as
‘reckless’

Yahoo’s continued presence in China could be in doubt after its partner in
the country,
Alibaba
Group, criticised the internet giant for its comments on the recent attack
by Chinese hackers on Google and other companies, according to reports.

Yahoo sold its China business to Alibaba in 2005. The Chinese internet
company runs retail site Taobao.com, payment platform Alipay and e-commerce site
Alibaba.com, but Yahoo retains a 30 per cent stake in Alibaba.

After Google revealed last week that it and at least 20 other big name firms
had been hit by a highly sophisticated attack originating from China, Yahoo
condemned the incident and said that it stood aligned with Google in opposing
all actions which violate user privacy, despite
going
on to say “our position in China will remain business as usual”.

However, Alibaba spokesman John Spelich is reported as saying in a statement
that his firm has “communicated to Yahoo that Yahoo’s statement that it is
‘aligned’ with the position Google took last week was reckless given the lack of
facts in evidence”.

He added that “Alibaba doesn’t share this view”, a position which could cause
problems for Yahoo if it wants to maintain its stake in the company and token
presence in the region.

It is thought that Yahoo was one of the other firms to be hit by the targeted
hacking attacks, although it has yet to confirm or deny this. The US government
is
expected
to issue a formal complaint to the Chinese authorities about the incident
early this week.