Saturday, January 19, 2008

Searching for Videos on Skype?


Robert McMillan, IDG News Service Fri Jan 18, 9:10 AM ET

A programming error in eBay's Skype communications software could give cyber-criminals a new way to sneak their malicious software onto a victim's PC.

The flaw, which was reported Thursday by security researcher Aviv Raff, has to do with the way that Skype makes use of a Windows Internet Explorer component to render HTML. Because Skype does not apply strict security controls to the software, an attacker could run scripting code on the victim's system in a dangerous fashion and ultimately install malicious software.
The problem is that Skype runs the IE component with the less locked-down "Local Zone" security setting. Because of this attackers are able to do "all sorts of things... [such as] reading/writing files from the local disc and launching executables," wrote security researcher Petko Petkov, in a Thursday blog post about the issue.

For an attack to work, the bad guys would first need to find a trustworthy Web site that contained a common programming flaw called a cross-zone scripting error. This bug would give them a way to trick Skype into running their malicious script as if it came from a trusted Web site.

In a video posted to his blog, Raff showed how a cross-zone scripting flaw on the Dailymotion.com Web site could be exploited to launch the calculator program in Windows, using Skype's "Add video to chat" feature.

"The user simply needs to visit DailyMotion via Skype's 'Add video to chat' button and stumble upon a move which contains the cross-site scripting vector," Petkov wrote.
Worse, attackers could flood the site with maliciously encoded advertisements in order to boost their likelihood of infecting a victim, he said. "This type of attack is very easy to pull and it requires almost zero preparation."

The flaw affects the latest version of Skype-- version 3.6.0.244-- Raff said. Older versions of the software may also be at risk. "Until the Skype guys fix this vulnerability, I recommend that you stop searching for videos in Skype," he wrote.

Searching for Videos on Skype?



Robert McMillan, IDG News Service Fri Jan 18, 9:10 AM ET


A programming error in eBay's Skype communications software could give cyber-criminals a new way to sneak their malicious software onto a victim's PC.

The flaw, which was reported Thursday by security researcher Aviv Raff, has to do with the way that Skype makes use of a Windows Internet Explorer component to render HTML. Because Skype does not apply strict security controls to the software, an attacker could run scripting code on the victim's system in a dangerous fashion and ultimately install malicious software.
The problem is that Skype runs the IE component with the less locked-down "Local Zone" security setting. Because of this attackers are able to do "all sorts of things... [such as] reading/writing files from the local disc and launching executables," wrote security researcher Petko Petkov, in a Thursday blog post about the issue.
For an attack to work, the bad guys would first need to find a trustworthy Web site that contained a common programming flaw called a cross-zone scripting error. This bug would give them a way to trick Skype into running their malicious script as if it came from a trusted Web site.


In a video posted to his blog, Raff showed how a cross-zone scripting flaw on the Dailymotion.com Web site could be exploited to launch the calculator program in Windows, using Skype's "Add video to chat" feature.


"The user simply needs to visit DailyMotion via Skype's 'Add video to chat' button and stumble upon a move which contains the cross-site scripting vector," Petkov wrote.
Worse, attackers could flood the site with maliciously encoded advertisements in order to boost their likelihood of infecting a victim, he said. "This type of attack is very easy to pull and it requires almost zero preparation."


The flaw affects the latest version of Skype-- version 3.6.0.244-- Raff said. Older versions of the software may also be at risk. "Until the Skype guys fix this vulnerability, I recommend that you stop searching for videos in Skype," he wrote.

Friday, January 18, 2008

Greenest laptop ever?

New Mac greenest laptop ever?

Apple (Cupertino, California) Chief Executive Officer Steve Jobs recently unveiled the new MacBook Air, the company's entry into the ultra-light laptop computer niche market. The new computer features an all-aluminum case, which Jobs noted is one of the most recyclable materials on the market, and the company's first mercury-free display device made with arsenic-free glass. The MacBook Air has primarily bromide- and PVC-free circuit boards, and the packaging is 56-percent smaller than current MacBook models. The new laptop computer also meets Energy Star 4.0 standards and has attained a Silver EPEAT rating. Greenpeace (Amsterdam, The Netherlands), however, is not so impressed. "Apple is getting greener, but not green enough," Rick Hind, legislative director of Greenpeace's toxics campaign, told Wired magazine (San Francisco). "The Macbook Air has less toxic PVC plastic and less toxic BFRs; but, it could have zero, and that would make Apple an eco-leader," he added.

Wednesday, January 16, 2008

Steve Jobs

Jobs Airs Apple's Plans in Macworld Keynote

By Paul HartsockMacNewsWorld Part of the ECT News Network 01/15/08 8:05 AM PT
As Macworld 2008 got under way, Apple CEO Steve Jobs announced an iTunes movie rental store, as expected. The rollout will take time, though. Apple plans to have 1,000 movies available for rental by February, but studios insisted that titles may not appear in iTunes until 30 days after they're released on DVD.
Vendor White Papers – Featured ListingsECT News Network's directory of e-business, IT and CRM white papers provides resources you need to make informed purchasing decisions. Browse Listings.
As throngs of Apple (Nasdaq: AAPL) devotees crowded the Moscone Center in San Francisco and even more remained waiting in line outside, Apple CEO Steve Jobs took the stage to tell a packed room about the computer maker's plans for following up what was a tremendous year for the company.
2008 will usher in an ultra-portable MacBook, which the company has dubbed the "MacBook Air."
Its 13.3-inch display -- the same size as the display on a standard MacBook -- doesn't stand out as considerably tiny, though that configuration allows it to have a full-sized keyboard, according to Jobs.

Light on Toxins

Apple apparently concentrated instead on a slim device profile: It weighs just 3 lbs. and measures .76 inches at its widest and .16 inches at its thinnest. One model uses the same 1.8-inch hard drive as the iPod classic; another more costly model is available with 64 GB of flash memory. The track pad supports some of the same multi-touch capabilities touted by the iPhone. The device, Jobs said, ships in two weeks and starts at US$1,799.
Jobs also talked up the MacBook Air's environmental friendliness, noting that the display is free of mercury and arsenic.
Also on Apple's list of new hardware is Time Capsule, a complement to the Time Machine data backup feature found in OS X Leopard. Time Capsule is a wireless hard drive available in 1 TB and 500 GB configurations that can be accessed and updated wirelessly. It doubles as an 802.11 WiFi base station.
The 500 GB version sells for $299, while the 1 TB model goes for $499. Both ship in February.
Movie and TV Moves
Apple's media delivery strategy entails a push into new outlets. At the keynote, Jobs announced an iTunes movie rental store, as expected.
However, the number of studios involved in the deal extended well beyond most rumors. Jobs claimed every major studio has signed on to some degree -- including MGM, Lion's Gate, Sony and even Universal. As reported earlier, 20th Century Fox is also on board. Movies rented through the service can be ported to iPods and iPhones.
The rollout will take time -- Apple plans to have 1,000 movies available for rental by February, but studios insisted that titles may not appear in iTunes until 30 days after they're released on DVD.
Apple TV also received a significant refresh through a software update that will apparently allow owners to use the device without a Mac or PC. Content can be browsed and selected using a Cover Flow interface directly through the television. Apple TV also cut the price to $229.
iPhone Bones
As for the iPhone, Jobs started by claiming it has captured a 19.5 percent share of the smartphone market, second only to Research In Motion (Nasdaq: RIMM) . In 200 days, he said, 4 million iPhones have been sold.
A new iPhone is not in the cards for Macworld, but Apple has thrown existing users a few bones by way of software.
New software available for the devices includes a maps feature, developed in conjunction with Google (Nasdaq: GOOG) and Skyhook, that indicates the user's approximate location. The offering is similar to a Google Maps feature that's been available for users of other smartphones since 2007.
iPhone users may now customize their home screens to display images other than the standard multi-button interface that comes with each new iPhone.
New applications are in the works for the WiFi-enabled iPod touch, including mail, maps, stocks, notes and weather applications. The software will come included in every new touch sold; however, current owners of the devices will have to pay $20 for it.
All new updates, Jobs said, are available immediately through iTunes.
A Little Less Wow
"The usual wow," summarized attendant Dan Sokol. "That Air notebook, I've got to get inside. The backup device, not so wow. A little expensive and not enough hard drive for me. For other people, I'm sure it will be fine," he told MacNewsWorld.
"There were a couple of good surprises. The rental movies -- we'll see how that goes."
Sokol thinks the amount of time one can keep a movie once it's started viewing, however, should be longer -- a weekend, perhaps.
However, he noted, this year's keynote did not quite live up to 2007's. "You can't follow an act like this one," he remarked, holding up his iPhone.

Tuesday, January 15, 2008

Kansas ewaste

Kansas begins program to better dispose of electronic waste
By: Brie Handgraaf


With a quick turnover on modern technology, landfill operators find it difficult to properly process electronic waste."There are many materials in electronic goods that are hazardous, such as lead and mercury," said Rebecca Clark, senior in biology.Clark is president of Students for Environmental Action at K-State. "Keeping these hazardous substances out of our landfills is good for both the environment and for human health," she said.As part of a new program, the Kansas Department of Health and Environment will use grant money to set up e-waste collection centers across the state."Overall, KDHE and other elected state officials want to promote the recycling of e-waste rather than dispose of it in landfills," said Bill Bider, director of the KDHE's Bureau of Waste Management. "KDHE hopes that the state-sponsored collection centers will complement and further stimulate the growing private sector that processes e-waste into marketable materials."Recycling is a growing business with strict regulations."E-waste management is important to maintain the environment and public health," said Rebecca Roth, senior in anthropology. "I hope that appropriate recycling measures are taken so the chemicals don't make it into the water supply."Through the new e-waste program, recycling centers must obtain permits to process electronic waste."The requirement to obtain solid-waste-processing facility permits will lessen impacts as well by ensuring that workers safely handle e-waste and prevent releases of hazardous constituents to nearby populations," Bider said. "Permits also require financial assurance, which means the taxpayers of Kansas would not be financially responsible to dispose of or recycling e-waste that might be abandoned at these facilities."Bider said convenient recycling centers would decrease the chances of improper dumping and lessen the risks for environmental contamination."By safely recycling e-waste, we are directly affecting our air and water quality both in a local and global level," Clark said. "If all of Manhattan properly disposes of e-waste then we reduce the hazards of local groundwater contamination as well as the need to mine these materials in other areas around the world."For more information, go to www.kdheks.gov/waste/policies/BWM_05-02_EWasteDisp.pdf or www.k-state.edu/environment.

Monday, January 14, 2008

Hybrids

Everything You Know about Green Cars is Wrong
Setting the Record Straight on Hybrids, Electric Vehicles and the Smart


By Jim Motavalli

Much of what you think you know about "clean cars" is wrong, misinformation spread by word of mouth and unreliable blogs (not including this one). Here are some of the prime misconceptions, with corrections applied:
The Lexus RX400h is a hybrid, but that doesn't necessarily make it the greenest choice.
All hybrids are "green." Wrong! The simple fact that a car or truck has some form of electric drive does not confer sainthood on it. For instance, the all-wheel-drive version of the 2008 Chevrolet Tahoe Hybrid gets combined EPA gas mileage of just 20 mpg. In a year it would consume more than 17 barrels of oil. It would also emit 9.2 tons of carbon dioxide (CO2), a middle-of-the-pack score any non-hybrid small car would easily beat.
The Lexus RX 400h hybrid, another huge SUV, manages only 25 mpg combined. It swallows 13.7 barrels of oil and emits 7.3 tons of CO2 in a year, only slightly better than the Tahoe. OK, let's compare these two hybrids with a standard Honda Civic, which gets 29 mpg combined, uses up only 11.8 barrels of oil and emits 6.3 tons of CO2 annually. Better than the hybrids by every green measure!
Electric vehicles (EVs) are no cleaner than gasoline cars because they get their juice from the dirty grid. Wrong! Slate did the math. A 2006 Toyota Corolla getting 31 mpg with a manual transmission would suck up 3.23 gallons of gas in 100 miles, producing 63.11 pounds of CO2.
Let's compare that economy car to the hotshot all-electric Tesla roadster, which will soon be tearing up American roads going zero to 60 in four seconds. In 100 miles, it will use 31 kilowatt hours of electricity, generating 48.05 pounds of CO2. Clear advantage, Tesla. And, of course, that's based on the average power plant. If we stopped burning so much coal and switched to cleaner sources that average would improve considerably.
The humble Honda Civic beats the Lexus and Chevy Tahoe hybrids by important environmental measures.
The new two-seater Smart car is the greenest option. Wrong again! The rather more versatile Toyota Prius hybrid beats it by almost every measure, including versatility. The 2008 Smart fourtwo to be imported into the U.S. gets 33 mpg in the city and 41 on the highway.
The Prius achieves 48/45 mpg for 2008 and has a roomy back seat with quite a bit more storage space. The Prius, being an advanced technology Partial Zero Emission Vehicle (PZEV) trumps the Ultra Low Emission Vehicle (ULEV) Smart there, too. Yes, I hear you, the Smart, starting at $11,590, definitely has the edge on price.
Don't get me wrong; I'm all for clean cars. I just want to make sure we're driving down the right road.
COMMENTS (10)

Sunday, January 13, 2008

What is eWaste?

What is E-Waste?

Many types of electronic products used in the workplace and homes contain hazardous substances like lead and mercury. When these products reach the end of their useful lives or become obsolete, some are considered hazardous waste. In general, hazardous waste may not be discarded in the regular trash. Instead, it must be sent to a facility that has a permit for treatment (including recycling), storage, or disposal.
Electronic hazardous wastes (e-wastes) are different from industrially generated hazardous wastes in that almost every individual, institution and business generates them. Proper management and recycling of e-waste poses lower risks than managing many industrial hazardous wastes.
How do I Know if my E-Waste is Hazardous?

State regulations require the generator of a waste to determine if it is a hazardous waste (this requirement is found in section 66262.11 of title 22 of the California Code of Regulations). Wastes are hazardous waste when they exhibit one or more of the following characteristics: toxicity, ignitability, corrosivity or reactivity. Many electronic wastes exhibit the toxicity characteristic due to the lead content as well as other heavy metals.
In addition to the four hazardous waste characteristics, DTSC has listed, in regulation, specific wastes that are presumed to be hazardous and must be managed as hazardous waste. The law does allow individuals to test specific devices to determine whether or not they are hazardous. However, in the absence of testing, all wastes listed by DTSC are presumed to be hazardous. Several categories of e-waste are included in the list; these are listed below under the heading "How do I Know if my E-Waste is covered by the Electronic Waste Recycling Act?"

Law, Tests, Fact Sheets, and Reports on E-Wastes
How do I Know if my E-Waste is Covered by the Electronic Waste Recycling Act (and therefore needs to be handled differently?)
As part of its implementation of the Electronic Waste Recycling Act. DTSC has tested certain types of electronic devices to determine which would be hazardous waste when discarded; only video display devices that DTSC "determines are presumed to be, when discarded, a hazardous waste" are potentially covered by the Act. Currently these devices include:
cathode ray tube (CRT) devices (including televisions and computer monitors;
LCD desktop monitors;
laptop computers with LCD displays;
LCD televisions; and
plasma televisions.
portable DVD players with LCD screens (added December 31,2006)
Note: Many electronic wastes not covered by the Electronic Waste Recycling Act are still considered hazardous wastes and may not be discarded in the regular trash.
If a consumer purchases a "covered electronic device," the retailer may require the consumer to pay the recycling fee on the device. When the consumer discards a "covered electronic device," it becomes a hazardous waste, called a "covered electronic waste." Qualified e-waste collectors and recyclers may receive cost reimbursement from the fund established from the recycling fees for their management of covered electronic wastes. (Since portable DVD players with LCD screens greater than four inches in size did not become "covered electronic devices" until December 31, 2006, they are not subject to the Ewaste recycling fee until on and after July 1, 2007.)
For more information regarding EWRA, including a listing of the devices that are covered under the law, and the regulations adopted by DTSC and the California Integrated Waste Management Board (CIWMB) to implement the law click here.
How Should I Properly Manage e-waste?

California has adopted Universal Waste Regulations for handling and transporting certain low risk hazardous wastes. Universal wastes include: televisions, computer monitors, computers and other e-wastes. The Universal Waste regulations also apply to other common wastes, such as fluorescent lamps, mercury-containing switches, and batteries.
The management requirements specified in the Universal Waste regulations are easy to understand and comply with. DTSC has prepared several documents that summarize the regulations for managing universal wastes:
Summary of Universal Waste (UW) Handler Requirements - September 2003
Universal Waste Regulations: Current (Unofficial) Version of Chapter 23 of the California Code of Regulations, title 22

HVAC boot cleared of Asbestos in Los Angeles

http://www.ewastedisposal.net