Exploit code for the unpatched bug in Internet Explorer was published on the Web yesterday, a step security pros said earlier would be the precursor to widespread attacks.
Israeli researcher Moshe Ben Abu used a clue in a Wednesday blog post by security vendor McAfee Inc. to grab an in-the-wild exploit, strip it of its obfuscations and use it to craft a working attack module for the popular Metasploit open-source penetration framework.
“It was quite easy,” said Abu in an e-mail reply to questions late yesterday, referring to the time it took him to build the Metasploit module from the exploit code he’d found. “[It took] no more than a few minutes.”
Abu’s exploit was added to the Metasploit tree earlier Wednesday after review by the Metasploit development team, confirmed HD Moore, the creator of the Metasploit framework and chief security officer at security company Rapid7 LLC, which manages the open-source Metasploit project. Abu has contributed 10 exploit modules to Metasploit in the past three years, added Moore.
Microsoft Corp. first warned users of the vulnerability in Internet Explorer 6 and IE7 on Tuesday, when it issued a security advisory, typically a first step in the path toward delivering a patch when exploits or attacks are public.
By Wednesday, antivirus companies were reporting that hackers were using the exploit to launch drive-by attacks from malicious sites, including the one hosting the code that Abu found.
Abu claimed that the exploit worked on fully-patched PCs running Windows Vista Service Pack 2 (SP2) and IE7, as well as machines running Windows XP SP3 and IE6 or IE7. But the attack code isn’t foolproof: It works between 60% and 75% of the time, said Abu.
Moore said the exploit’s success rate is in the lower end of Abu’s range. “The exploit is somewhat unreliable, as it shares traits with other use-after-free flaws, such as the bug exploited in the ‘Aurora’ attacks,” said Moore, talking about the IE6 exploit used to hack into Google Inc.’s corporate network. “Based on our testing, we are seeing the exploit work best against Windows XP SP3 IE7 with rates close to 60%, without DEP [data execution prevention]. Other platforms are less reliable right now, but it’s likely just a case of tuning the parameters for each target.”
Security experts consider public posting of exploit code, especially when it’s added to the popular Metasploit, as a milestone that usually means attacks will grow in number as other hackers use the code.
They also have said it’s a signal that Microsoft might rush out an emergency fix. “Generally, one of the indicators is if an exploit has gone public,” said Andrew Storms, director of security operations at nCircle Network Security Inc., in an interview Tuesday. “That often determines how quickly they’ll patch.”
Microsoft hasn’t committed to a patching schedule for the IE bug, but the company said on Tuesday that one option would be to deliver an “out-of-band” update before its next Patch Tuesday, April 13.
Until a patch is available, Microsoft has recommended that users modify access to the “iepeers.dll,” disable scripting and enable DEP. Users can also upgrade Internet Explorer to IE8, which does not contain the bug.
Have you spent too much time waiting for large files to crawl between a computer and an external hard drive? Don’t fret — USB 3.0 has arrived. Not only can it move data faster and provide more power, but it’s compatible with USB 2.0 devices.
The key to blending old and new is NEC’s μPD720200 controller chip. It has the circuitry for USB 2.0 and 3.0 transfers inside and can use either, depending on what’s plugged in. Right now, it’s the only game in town, but look for other companies, including Symwave, Fujitsu and Via, to introduce their own USB 3.0 chips in the coming months.
The first round of USB 3.0 cards and devices works with Windows Vista and Windows 7; Apple hasn’t decided whether to support the new standard. The basic software for USB 3.0 has been in the Linux kernel since last fall, and the needed drivers are slowly coming out.
Unlike the change from USB 1.0 to USB 2.0, USB 3.0 brings actual physical differences to the connectors. The flat USB Type A plug (that goes into the computer) looks the same, but inside is an extra set of connectors; the edge of the plug is colored blue to indicate that it’s USB 3.0.
On the other end of the cable, the Type B plug (that goes into the USB device) actually looks different — it has an extra set of connectors, so it looks a bit like a USB plug that’s been crimped a little ways down one end. There’s also a new Micro Type B plug that has all its connectors laid out horizontally.
The USB 3.0 plug has an extra set of connectors.
As a result, you won’t be able to fit a USB 3.0 cable into a USB 2.0 device. However, you will be able to plug USB 3.0 devices — and cables — into your current computer; you just won’t get the speed advantage. (Note: To get the most out of USB 3.0, the cable needs to be less than about 9 feet long, down from the USB 2.0 16-foot limit.)
The reason for the new connector is that the USB 3.0 cable contains nine wires (four more than a USB 2.0 cable); eight carry data and one is used as a ground. Despite the increase in wires, however, the cables should be no thicker than those used by USB 2.0. There will be a big difference in performance, however. USB 2.0 is like a single-lane country road that needs to handle the morning-commute traffic in and out of L.A. There are jams and slowdowns when too much data is going back and forth. With nine wires available, USB 3.0 has an additional two lanes of traffic in each direction to smooth the flow between the computer and the device.
Unlike USB 2.0, which requires synchronous transfers, where the data is asked for and then sent, the 3.0 host controller doesn’t have to poll the USB device every time it wants to send data. This streamlines the flow with high-speed asynchronous transfers.
While SuperSpeed’s peak speed is 5Gbit/sec., it will drop to a slower speed on occasion — for example, when it moves data into and out of older devices or when it’s being used with a too-long cable.
On top of faster data speeds, USB 3.0 provides up to 150 milliamps (mA) of electricity — 50% more than USB 2.0 — to an unconfigured device while the computer it’s connected to is finding and loading its needed software. Once the device has been configured and accepted by the computer’s operating system, USB 3.0 can deliver 900mA to the device, compared with USB 2.0’s 500mA. This should be more than enough to power a hard drive or a camcorder — or even a USB device (such as a monitor or a projector) that needs more power than is available via a USB 2.0 port.
USB 3.0 offers power conservation as well. While USB 2.0 is either on or off and wastes power when it isn’t being used, the new spec comes with three levels of power use that draw progressively less power.
But be aware that first-generation USB 3.0 implementations are power-hungry. The Lenovo ThinkPad W510 that I used for testing ran for 2 hours 19 minutes while continuously playing music from a USB 3.0 external drive — and ran for an additional 34 minutes when it used a USB 2.0 port.
How we tested
To gauge the abilities of the USB 3.0 spec, I connected each device to a Lenovo ThinkPad W510 that came with an Intel Core i7 processor, 8GB of RAM and a 500GB hard drive. It also has four USB ports: two USB 3.0, one USB 2.0 and one combo USB 2.0/eSATA.
Of course, the first round of USB 3.0 devices will be mostly working off of computers that still offer only USB 2.0 — either using the 2.0 ports or using adapters that will, hopefully, bring the system up to USB 3.0 specs. I tested this by using a Fujitsu LifeBook A6220, which has a 2-GHz Core 2 Duo processor, 3GB of RAM, a 15.4-in. screen and four USB 2.0 ports. I connected each USB 3.0 device to its USB 2.0 port and then to each of two USB 3.0 ExpressCard controllers: the StarTech 2 Port ExpressCard SuperSpeed USB 3.0 Card Adapter ($50) and the USB 3.0 ExpressCard adapter that came with the Seagate BlackArmor drive.
To evaluate the speed of the three USB 3.0 devices, I used PassMark’s DiskMark software, which is part of the PerformanceTest suite. The tests include:
Sequential Read: The software creates a large test file on the external drive, and the data is read sequentially from beginning to end by the system.
Disk Sequential Write: The software creates a large test file, and the data is sequentially written on the external hard drive.
Disk Random Seek RW: The software creates a large test file on the external drive, and the data is read randomly. After a seek is performed to move the file pointer to a random position in the file, a 16KB block is read or written on the drive. Then the test is repeated until all the data is transferred.
DiskMark: This weighted average score of the other tests gives a good indication of the drive’s overall performance in real-world situations.
I also took an 8.45GB folder containing 1,450 files and timed how long it took to transfer them between the system and the drive. Between runs, I emptied the system’s Recycle Bin.
To see if USB 2.0 devices work as promised with USB 3.0 hardware, I put together a group of 10 old and new USB 2.0 devices, including an optical drive, mouse, webcam, external hard drive, video camera, keyboard, speakers, SD card, USB key and media player. I plugged them into each of the three controllers, watched to see if they automatically connected and verified that they were working. All passed the test.
Finally, to see how the new hardware affects battery life, I played an uninterrupted stream of music from an external USB 3.0 hard drive on the ThinkPad W510 while using PassMark’s BatteryMon to monitor how quickly the system’s 9,500mAh battery drained. I did this using the drive with both USB 3.0 and 2.0 and compared the results.
With its sensuously curved case and jet black finish, Buffalo’s DriveStation USB 3.0 HD-HXU3 is not only stylish, it’s a reliable place to stash your data.
The 1.5TB version of DriveStation ($175-$200 retail) consists of a 3.5-in. SATA drive with 1.36TB available for use. Buffalo also sells a 1TB drive for $131-$168 (retail) and a 2TB model for $244-$280 (retail).
Like the StarTech dock, the drive comes with an AC adapter. It set itself up automatically on the first try, without any additional software. I really liked its LED activity light, which glows blue for USB 3.0 and green for USB 2.0.
It also comes with a number of utilities, including Memeo backup software, a disk formatting application and a power conservation application. Throughout the testing, the DriveStation stayed cool and silent. At times, it was so quiet that I was hard-pressed to tell it was running, even while data was being transferred.
Buffalo DriveStation USB 3.0 HD-HXU3
Test results
Unlike the Seagate and StarTech devices, the DriveStation did not come with a controller card (and Buffalo doesn’t offer one separately). I connected the DriveStation to the Fujitsu laptop using the ExpressCards from Seagate and StarTech, and directly to the Lenovo ThinkPad W510.
When the DriveStation was plugged directly into the ThinkPad’s USB 3.0 port, it had a DiskMark score of 319.9, compared with a score of 115.2 when connected to a USB 2.0 port.
The DriveStation had the best Random Read-Write speed, at 27.4Mbit/sec., which translates into sustained back-and-forth data transfers. It also did exceedingly well on Sequential Writes when paired with the StarTech card, and Sequential Reads when connected to the ThinkPad W510.
Its speed when moving the 8.45GB folder of files was in the middle range of our tested devices, with average read and write speeds of 350.2Mbit/sec. and 339.9Mbit/sec., roughly double the results when doing the same task with USB 2.0.
Bottom line
I like the way the Buffalo DriveStation looks on my desk and that it’s significantly faster than USB 2.0 devices. Interestingly, the DriveStation was slower than the Seagate mobile drive on most tests involving the USB 3.0 ExpressCards; on the other hand, it did slightly better than the Seagate when plugged directly into the USB 3.0-equipped ThinkPad.
Seagate’s BlackArmor PS 110 USB 3.0 Performance Kit ($180) can make mobile data move a lot faster. Small enough to go where you go, the 500GB portable drive is a convenient way to carry around your files and/or backups.
At 0.5 by 3.2 by 5.1 in. and weighing 6.2 oz., the PS 110 is about the same size as other portable drives, such as Western Digital’s My Passport Essential drive. Inside is a 2.5-in. SATA drive that spins at 7,200rpm and yields 465GB of usable space.
The BlackArmor kit includes its own ExpressCard adapter so that you can enjoy USB 3.0 speeds on a USB 2.0 laptop; the card offers a single USB 3.0 connector (not quite as convenient as the StarTech card, which gives you a pair of USB 3.0 slots). It also requires a second USB connection on the host computer to power the drive.
Seagate BlackArmor PS 110 USB 3.0 Performance Kit
The BlackArmor drive installed its drivers automatically when I plugged the unit into the computers. The ExpressCard adapter also set itself up without any problems and connected with both the USB 3.0 and USB 2.0 devices neatly.
The drive comes with Seagate’s BlackArmor backup program and 256-bit AES encryption software for scrambling your files so only you can read them. When data is being transferred onto or off of the drive, its LED glows blue; however, unlike the DriveStation, the BlackArmor drive doesn’t indicate whether you’re running it as a USB 2.0 or USB 3.0 device.
Unlike the other two drives tested here, which use a full-sized USB 3.0 plug, the BlackArmor uses a Micro USB 3.0 plug. In my testing, the drive worked dependably with the StarTech and Seagate ExpressCard adapters and with the ThinkPad W510.
Test results
With the drive plugged directly into the ThinkPad’s USB 3.0 port, the BlackArmor had a DiskMark score of 275.4, just a bit slower than both the Buffalo DriveStation and the StarTech Dock with the Western Digital drive. However, it sped ahead when connected to the StarTech USB 3.0 ExpressCard with a score of 432.9, the highest DiskMark score in these tests.
Let’s say you already have a good hard drive with all your data on it, and all you want to do is speed it up to USB 3.0 speeds. StarTech’s inexpensive SuperSpeed USB 3.0 to SATA Hard Drive Docking Station is a good place to start. At $76, it can goose your drive to top speed.
The beauty of the StarTech dock is that it works with both 2.5- and 3.5-in. SATA drives. It’s also easy to install: The drive drops right in through a hinged door that gives way as it enters the dock. There’s no software to load — just turn the dock on; as data starts moving back and forth, the power light in the switch goes from blue to purple. (However, it’s not as cool as the Buffalo’s light, which indicates whether the device is connected to a USB 2.0 or 3.0 port.)
StarTech SuperSpeed USB 3.0 to SATA Hard Drive Docking Station
The drive dock comes with a 3-foot USB 3.0 cable, and StarTech sells a USB 3.0 ExpressCard adapter for $50. The card has two USB 3.0 ports, unlike the Seagate card’s single port. The dock automatically connected with the ThinkPad W510 and both of the ExpressCard adapters I used.
Test results
I tried it out with a 320GB Western Digital WD Caviar Blue SATA hard drive. The StarTech dock was able to write data faster than the other two drives — it moved 437.6Mbit/sec. using the StarTech ExpressCard. That’s more than three times its speed when it was connected to the USB 2.0 port of a notebook. It was able to read from my 8.45GB folder of files at a class-leading 370.2Mbit/sec. but could write to the folder at just 257.9Mbit/sec.
Bottom line
StarTech’s SuperSpeed USB 3.0 to SATA Hard Drive Docking Station is a good, inexpensive way of creating a fast external hard drive. Just be sure to bring your own drive.
The Lenovo ThinkPad W510 is one of the first notebooks on the market with USB 3.0 ports. At $2,300, you’re paying two or three times as much as you would for a lesser system, but you’ll get a great array of high-performance components.
Created with the power user in mind, the 15.6-in. ThinkPad W510 I used as a testbed for benchmarking USB 3.0 gear has a pair of USB 3.0 connectors with their distinctive powder-blue plugs. There are also two USB 2.0 slots, one of which doubles as an eSATA connector.
Inside the ThinkPad’s traditional black case is a 1.73-GHz Intel Quad-Core i7 820QM processor that comes with a whopping 8MB of cache. The W510 is available with a 2-GHz version of the Core i7 that adds $200 to its price tag.
Lenovo ThinkPad W510
The system comes with 8GB of 1-GHz DDR3 memory and tops out at 16GB of RAM. There’s also a 7,200rpm 500GB hard drive and a DVD Super Multi optical drive.
But the W510’s crown jewel is its graphics. It’s got the latest Nvidia Quadro FX 880M graphics engine with 1GB of dedicated memory. This can be augmented with up to 3GB from RAM, giving it 4GB of memory on tap — more than enough for the most demanding video editors, Photoshop gurus or CAD designers. It’s all topped off with a bright 1920-by-1080 high-definition screen, although the optional $450 touch screen intrigues me even more.
The W510 measures a stout 1.5 by 14.5 by 10.4 in. and weighs in at 6.5 lbs. with its nine-cell battery. Add to that its mammoth AC power adapter, and you have a 7.8-lb. travel weight that’s on a par with many 17-in. notebooks’.
It may be big and expensive, but the ThinkPad W510 is one powerful portable.
Conclusions
USB 2.0, introduced in 2002, is obviously showing its age. “Eight years is a long time to wait for an update,” says Brian O’Rourke, principal analyst at In-Stat, a market intelligence company. “We’ve clearly outgrown USB 2.0, and the new spec is aimed at those who move large chunks of data. Moving big files around will no longer seem to take forever.”
There will, no doubt, be an onslaught of USB 3.0 equipment in the near future, including computers, drives, webcams and memory keys. According to O’Rourke, “2011 will be the year of USB 3.0, with a huge variety of devices available. By 2013, I expect that over 1 billion USB 3.0 drives will be sold worldwide.”
In my tests, the first round of USB 3.0 hard drives delivered 400Mbit to 440Mbit/sec. of actual throughput. This is between two and three times what USB 2.0 is capable of and can reduce the time to transfer 10GB of data from about 10 minutes to between 3 and 4 minutes.
In the coming years, look for this increased speed to enable new technologies, such as kiosks that can put an entire high-definition movie on a memory key in a minute, self-powered DisplayLink USB high-resolution monitors and flash-based HD camcorders that can transfer their raw video in a few minutes.
For me, the most exciting step forward is that USB 3.0’s speed will make it possible to put an entire system — OS, programs and data — on a memory key that’s fast enough to work seamlessly. Who needs to lug a laptop around when you could just carry a memory key and a USB 3.0 card, and plug them into any computer?
Meanwhile, if you’re shopping around for a new system, it’s a good idea to see whether the computer offers USB 3.0. If it doesn’t, then make sure it at least has an ExpressCard slot, so that when it’s time to start buying USB 3.0 devices, you can also get an adapter — and take advantage of the speed.
USB 3.0 Performance
DiskMark
Sequential
Read/Write
Random Read/Write
Read from/
write to folder
Buffalo DriveStation w/Seagate ExpressCard
317
334.4Mbps/
340.0Mbps
26.9Mbps
382.8Mbps/
399.5Mbps
Buffalo DriveStation w/StarTech 2 Port ExpressCard
316.3
351.2Mbps/
440.0Mbps
27.4Mbps
228.6Mbps/
211.7Mbps
Buffalo DriveStation w/ThinkPad W510
319.9
334.4Mbps/
354.4Mbps
26.2Mbps
439.2Mbps/
408.5Mbps
Buffalo DriveStation w/USB 2.0**
115.2
132Mbps/
98.4Mbps
25.4Mbps
172.4Mbps/
176.2Mbps
Seagate BlackArmor w/Seagate ExpressCard
345.3
340.8Mbps/
399.2Mbps
23.3Mbps
204.8Mbps/
168.7Mbps
Seagate BlackArmor w/StarTech 2 Port ExpressCard
432.9
466Mbps/
468.0Mbps
23.6Mbps
285.4Mbps/
226.9Mbps
Seagate BlackArmor w/ThinkPad W510
275.4
296.8Mbps/
276.8Mbps
22.6Mbps
372.7Mbps/
226.7Mbps
Seagate BlackArmor w/USB 2.0**
148.2
164Mbps/
140.8Mbps
22.7Mbps
137.6Mbps/
117.4Mbps
StarTech Docking Station* w/Seagate ExpressCard
386.1
391.2Mbps/
438.4Mbps
24.3Mbps
413.6Mbps/
349.2Mbps
StarTech Docking Station* w/StarTech 2 Port ExpressCard
385.9
392.0Mbs/
437.6Mbps
24.0Mbps
325.8Mbps/
189.2Mbps
StarTech Docking Station* w/ThinkPad W510
314.8
374.4Mbps/
300Mbps
22.1Mbps
414.6Mbps/
235.3Mbps
StarTech Docking Station* w/USB 2.0**
142.1
164.8Mbps/
139.2Mbps
23.2Mbps
117.4Mbps/
131.4Mbps
*With WD Caviar Blue drive
**Using Fujitsu LifeBook A6220
The drive’s Sequential Read and Write scores were also the fastest of the group, with 466Mbit and 468Mbit/sec. of throughput respectively, about three times the speed it delivers with USB 2.0.
On the downside, it was the slowest of our three test drives when it came to reading and writing the 8.45GB folder of assorted files, with speeds of 287.6Mbit and 207.4Mbit/sec.
Bottom line
At $180 (direct) for 500GB, including an ExpressCard adapter, the BlackArmor PS 110 is a good buy that can open up the benefits of USB 3.0 for those who are on the go or on a budget.
Microsoft Corp. in recent months has slowly boosted its share of the search business, but it still remains well behind a so-far unbeatable foe in its battle with Google Inc.
Hit wise, an online traffic monitor, today reported that Google last month remained firmly at the head of the search pack while Microsoft’s well-regarded Bing search engine gradually picked up a little traction.
Google held a 70.95% share of the search market in February, according to Hit wise. In recent months Google has maintained its wide lead, with search market share totals ranging from a low of 70.60% last October to a high of 72.25% in December.
Microsoft Bing, which held third place behind Google and new partner Yahoo Inc. last month, has been moving in the right direction, rising from 8.92% of the search market in December to 9.37% in January and improving again to 9.70% last month.
Ezra Gottheil, an analyst at Technology Business Research, isn’t surprised that Bing has been slow to make its mark in a market so dominated by Google.
“Even if [Bing] is getting traction, growth would be slow,” Gottheil said. “People don’t change without some impetus. Google isn’t broken. Why fix it? At best, it’s going to be a long road for Microsoft.”
On the other hand, Gottheil noted that Bing isn’t doing badly for a relatively new product — “9.7% of a huge business is a large business,” he said.
Meanwhile, Yahoo has been seeing a fairly steady decline since last September, according to Hitwise. While Yahoo did manage to hold firm at 14.57% of the market in both January and February, its share is down from 16.38% six months ago.
Gottheil noted that Yahoo’s decline, while steady, has not been especially sharp. “A couple of points probably doesn’t mean that much, [so] there’s no reason for anyone — Google, Bing, or Yahoo users — to change.”
Microsoft over the past year has been spending a lot of money and development resources to capture some of Google’s hefty share of the search market.
Its latest move — signing a deal to have the Bing search engine power multiple Yahoo sites — could prove the most significant so far. That deal was approved last month by both the U.S. Department of Justice and the European Commission.
The partnership also calls for Yahoo to sell premium search advertising services for both companies.
Part of the new service is a new Twitter tool to shorten URLs, so users will see some links in e-mail notifications and direct messages from other users written as twt.tl, Twitter said in a blog post.
“By routing all links submitted to Twitter through this new service, we can detect, intercept, and prevent the spread of bad links,” the blog post said. “Even if a bad link is already sent out in an email notification and somebody clicks on it, we’ll be able keep that user safe,” it said without elaborating.
Phishing attacks ballooned on Twitter last year as the service grew in popularity. Twitter’s new link-screening service comes after it last year started using Google’s Safe Browsing API to check for malicious content in links posted by users.
As Richard Farson’s truism “no one smokes in church no matter how addicted” points out, context informs almost everything that happens in an environment. Online social experiences are no exception.
How a product’s social model is set up can impact not only who contributes, but how much, and why. From permission-based subscriptions to one-click follows, Luke will discuss the attributes and implications of several popular social models by looking at data and behavior in the Web’s most popular social applications.
The Media Lab is very much focused on technology and has produced innovations such as electronic ink, wearable computers and early platforms for social networking. With its expanded focus now including human adaptability, research projects include affective computing, 6-D imaging and the future of the automobile.
The new six-story building is adjacent to the existing home of the Media Lab and is connected to it on several floors.
“We’ve only been here [in the new building] a short amount of time, so we’re still figuring out the best way to make full use of the new space, to be able to really make it our home,” said Mitchel Resnick, director of the lab’s Lifelong Kindergarten Group.
The new building houses seven laboratories in a very open layout. The lab workspaces vary in size from 5,000 to 8,500 square feet. The complex also houses conference rooms, a small café, and administrative, event and exhibition space.
The building was designed by Fumihiko Maki and associates. Almost all of the complex’s outer walls are glass. The inside of the building is equally transparent with a mix of glass, white walls and a few splashes of color. The glass walls are intended to enhance the sense of community among students and researchers.
“To me it feels like a big kindergarten, though some people might see that as demeaning or insulting … but to me it’s a great compliment,” Resnick said. “We want people here at the Media Lab to have creative operations the same way that kids in kindergarten work together playfully.”
The Media Lab gets the bulk of its funding from more than 60 corporate sponsors, each paying at least US$200,000 a year. In turn, all sponsors have royalty-free access to license any technology that the Media Lab develops. There have been more than 90 companies spun off from the Media Lab.
The lab, celebrating its 25th anniversary, was founded in 1980 by Nicholas Negroponte, who went on to create the One Laptop Per Child project, and Jerome Wiesner, former MIT president and science adviser to President John F. Kennedy.
In architecture, parti refers to the underlying concept of a building. Will it be a public structure that provides safety or a commercial building focused on customer up-selling?
Design principles are the guiding light for any parti. They articulate the fundamental goals that all decisions can be measured against and thereby keep the pieces of a project moving toward an integrated whole. But design principles are not enough.
Every design consideration has a set of opportunities and limitations that can either add to or detract from the parti. Designers who want to bring coherent visions to life need to learn the detailed ins and outs of design considerations so they can select the best solutions from the options available.
This combination of design principles at the top and design considerations at the bottom allows designers to fill in the middle with meaningful structures that enable people and organisations to interact, communicate, and get things done.
The Web has been transformed by the recent proliferation of rich interactions and social applications. But the workhorses of the online world, Web forms, have been slow to evolve with these changes. As brokers of crucial online interactions like e-commerce checkout and registration, forms bridge the
gap between people, their information, and your product or service. As a result, Web form design matters. But web forms aren’t keeping up.
Building on topics in his top-selling book, Web Form Design: Filling in the Blanks, Luke Wroblewski will walk you through the latest applications of rich Web form interactions (made possible by dynamic technologies like Ajax) including: flexible inputs, dynamic help systems, inline validation, selection dependent inputs, and more. He’ll also outline how gradual engagement approaches to form design can create compelling new user experiences for a wide variety of Web applications and services. Learn how these modern approaches to Web form design can enhance your sites!
Google announced its latest acquisition on Monday, the online image editing service Picnik.
In Google’s own words, Picnik was “one of the first sites to bring photo editing to the cloud.”
Picnik features a Flash-powered interface that lets you tweak, crop, and touch-up your photos in your Web browser, avoiding the need to launch Photoshop, iPhoto, or your other favorite photo-editing software.
The site already integrates with Google’s photo-sharing site Picasa, along with Facebook, Flickr, Yahoo Mail, and Photobucket.
A blog post on Picnik says that support for all the non-Google sites will remain.
Fans of Picnik needn’t panic; Google says it’s not planning any big changes to the site, and plans, instead, to focus on new features.
“We’re not announcing any significant changes to Picnik today, though we’ll be working hard on integration and new features,” Google said.
“As well, we’d like to continue supporting all existing Picnik partners so that users will continue to be able to add their photos from other photo sharing sites, make edits in the cloud and then save and share to all relevant networks,” the company said.
Microsoft told Windows XP users today not to press the F1 key when prompted by a Web site, as part of its reaction to an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer (IE).
In a security advisory issued late Monday, Microsoft confirmed the unpatched bug in VBScript that Polish researcher Maurycy Prodeus had revealed Friday, offered more information on the flaw and provided some advice on how to protect PCs until a patch shipped.
“The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer,” read the advisory. “If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.”
Last week, Prodeus called the bug a “logic flaw,” and said attackers could exploit it by feeding users malicious code disguised as a Windows help file — such files have a “.hlp” extension — then convincing them to press the F1 key when a pop-up appeared. He rated the vulnerability as “medium” because of the required user interaction.
Windows 2000, Windows XP and Windows Server 2003 are impacted by the bug, said Microsoft, and any supported versions of Internet Explorer (IE) on those operating systems — including IE6 on Windows XP — could be leveraged by attackers. Previously, Prodeus had said that users running IE7 and IE8 were at risk, but had not called out IE6.
Until a patch is ready, users can protect themselves by not pressing the F1 key if a Web site tells them to, said Microsoft.
“As an interim workaround, users are advised to avoid pressing F1 on dialogs presented from Web pages or other Internet content,” said David Ross with the Microsoft Security Response Center (MSRC) engineering staff in a blog entry on Monday.
“The prompt can appear repeatedly when dismissed, nagging the user to press the F1 key,” Ross added.
The security advisory made the same recommendation: “Our analysis shows that if users do not press the F1 key on their keyboard, the vulnerability cannot be exploited.”
Users can also stymie attacks by disabling Windows Help. The advisory explained how to entering a one-line command at a Windows command-line prompt to lock down the Help system.
The company took Prodeus to task for taking the bug public, something it regularly does when researchers disclose a vulnerability or post sample attack code before a patch is available.
“Microsoft is concerned that this vulnerability was not responsibly disclosed, potentially putting customers at risk,” said Jerry Bryant, a senior manager with the MSRC, in an e-mail. By Prodeus’ account, he notified Microsoft of the flaw Feb. 1, about four weeks before publishing his findings.
Microsoft has not set a timeline for a fix, saying only that, “Microsoft will take the appropriate action to help protect our customers.” The next scheduled security patch date for the company is March 9.
Although it does not rate the severity of vulnerabilities in its advisories, Microsoft noted that hackers exploiting the VBScript flaw using Windows Help and Internet Explorer could grab complete control of a Windows system.
Customers running Windows Vista, Windows Server 2008, Windows 7 or Windows Server 2008 R2 are safe from such attacks, Microsoft said.
By Gregg Keizer Exploit code for the unpatched bug in Internet Explorer was published on the Web yesterday, a step security pros said earlier would be the precursor to widespread attacks. Israeli researcher Moshe Ben Abu used a clue in a Wednesday blog post by security vendor McAfee Inc. to grab an in-the-wild [...] […]
By Brian Nadel Have you spent too much time waiting for large files to crawl between a computer and an external hard drive? Don’t fret — USB 3.0 has arrived. Not only can it move data faster and provide more power, but it’s compatible with USB 2.0 devices. Developed by the USB Implementers [...] […]
By Sharon Gaudin Microsoft Corp. in recent months has slowly boosted its share of the search business, but it still remains well behind a so-far unbeatable foe in its battle with Google Inc. Hit wise, an online traffic monitor, today reported that Google last month remained firmly at the head of the search pack while Microsoft’s well-regarded [...] […]
By Owen Fletcher Twitter launched a new link-screening service on Tuesday aimed at preventing phishing and other malicious attacks against users of the popular microblogging service. Part of the new service is a new Twitter tool to shorten URLs, so users will see some links in e-mail notifications and direct messages from other users written as twt.tl, [...] […]
Description: (download audio lecture) As Richard Farson’s truism “no one smokes in church no matter how addicted” points out, context informs almost everything that happens in an environment. Online social experiences are no exception. How a product’s social model is set up can impact not only who contributes, but how much, and why. F […]
By Nick Barber MIT has expanded the footprint of its Media Lab with a new US$90 million, 163,000-square-foot modern building. The Media Lab is very much focused on technology and has produced innovations such as electronic ink, wearable computers and early platforms for social networking. With its expanded focus now including human adaptability, research pro […]
Description (download pdf presentation ) In architecture, parti refers to the underlying concept of a building. Will it be a public structure that provides safety or a commercial building focused on customer up-selling? Design principles are the guiding light for any parti. They articulate the fundamental goals that all decisions can be measured against and […]
The Web has been transformed by the recent proliferation of rich interactions and social applications. But the workhorses of the online world, Web forms, have been slow to evolve with these changes. As brokers of crucial online interactions like e-commerce checkout and registration, forms bridge the gap between people, their information, and your product or […]
Exploit code for the unpatched bug in Internet Explorer was published on the Web yesterday, a step security pros said earlier would be the precursor to widespread attacks.
