Monday, February 20, 2012

Windows 8 Logo Garners More Brickbats than Bravos

Microsoft has never been known for its design verve, especially compared to its rival Apple, so it shouldn’t surprise anyone that its  new logo for its feverishly anticipated Windows 8 operating system is being treated like a piƱata by both design and high-tech critics.
It’s not like the Redmond bunch is trying to emulate the Gang That Couldn’t Shoot Straight. All you have to do is read User Experience Director Sam Moreau’s blog from Friday to realize that.
“The Windows logo is a strong and widely recognized mark but when we stepped back and analyzed it, we realized an evolution of our logo would better reflect our Metro style design principles and we also felt there was an opportunity to reconnect with some of the powerful characteristics of previous incarnations,” he writes.
In considering the logo revamp, Microsoft wanted to return to the windows metaphor embodied in the original logo for the operating system. What sold the company on the new logo, according to Moreau, was a question posed by Paula Scher of Pentagram, who was to become the designer of the new emblem for the operating system: “Your name is Windows. Why are you a flag?” That’s a good question. You have to wonder, though, why someone at Microsoft hadn’t asked it before now.
According to Moreau, the new logo meets a number of design goals set by Microsoft. The company wanted the logo to be both modern and classic. The new logo has the characteristics of signage at airports and subways, he writes — probably not the best choice of examples for eliciting a positive response from users, considering the quality of many people’s experiences associated with those venues.
The logo also had to be “authentically digital” — whatever that means — and it had to be humble but confident, which sounds like something an oenophile would say about a wine than a technologist would say about an operating system.
What Microsoft hoped the new logo would evoke and what it actually evokes, though, are two different things.
Joe Wilcox of BetaNews writes, “There’s something poetic about Microsoft changing Windows’ logo during the centennial anniversary of Titanic’s tragic sinking.” He says the new emblem isn’t distinctive enough and called it “a branding disaster.”
While E.D. Kain at Forbes likes the arrangement of the four blue panels in the new logo — even if it does remind him of the Finnish flag — he finds the emblem looks “washed out” when combined with the words Windows 8. “[S]omething about that makes the whole thing feel very not-modern — certainly not up to par with what looks to be a very sleek overhaul of the Windows operating system itself,” he notes.
Graphic designer Armin Vit knocks the logo’s combining a weak graphic with middle-of-the-road typography from the Segoe font  family. The font is “extremely underwhelming — pair it with the worst rendition yet of the Windows window and you have a real loser,” he writes.
He compares the graphic in the logo to “A window in a $400-a-month studio apartment rental with beige carpeting and plastic drapes.” We dare say not quite the “authentically digital” look Microsoft was looking for.
Admittedly, past Windows logos looked more like flags than fenestrations, writes Larry Dignan for ZDnet. “Unfortunately for me the Windows 8 logo gives me a window, but I want to jump out of it,” he adds.
The new logo may be bland, but that’s not bad, Harry McCracken writes for Time magazine. “I like the logo,” he notes. “Or at least I don’t dislike it.”
“I don’t think Microsoft is attempting to provoke profound emotions here,” McCracken adds. “it’s a simple, low-key iconographic representation of the concept of Windows, and it expresses the same aesthetic as the Metro user interface which is Windows 8′s most important new feature by far.”
The Register’s Iain Thomson, though, probably expresses the feelings of many PC users about the logo when he writes: “[O]ne has to wonder why Microsoft puts so much effort into this sort of thing. After all, when was the last time somebody bought a Windows PC because they thought the logo looked pretty? Not even Apple fanbois take things that far.”
source: PCWorld - By John P. Mello Jr.

Shylock Malware Returns, Refreshed

Trusteer, a Boston-based in-browser web security vendor, issued a warning this week about the return “with a vengeance” of “Shylock,” a polymorphic financial malware variant the company discovered last September that is now showing up again in end-user machines.
It is aimed primarily at global financial institutions. Trusteer code-named it Shylock because, “every new build bundles random excerpts from Shakespeare’s ‘The Merchant of Venice’ in its binary,” according to a blog post by Trusteer CTO Amit Klein. (See also “How to Remove Malware from Your Windows PC.”)
“These are designed to change the malware‘s file signature to avoid detection by antivirus programs,” wrote Klein.
In an interview, Klein said there are hints in Shylock terminology to suggest it is coming from Russia or the Ukraine. But who is involved and exactly where it is coming from remain unknown. “These are very difficult to track,” he said.
Klein said the authors of the malware are “running a surgical operation” aimed at specific targets — a dozen or so large banks, some payment card providers and several web mail providers. Shylock amounts to, “customized financial fraud capabilities for the malware, including an improved methodology for injecting code into additional browser processes to take control of the victim’s computer,” according to Trusteer. (See also “Best Security Suites: PC Bodyguards.”)
So far, while it does not appear to have caused widespread damage, Klein said Trusteer has received some reports from banks regarding compromised machines where fraud took place before they cleaned them.
And he suspects the reason Shylock has not been seen much in recent months is because it has been under development and improvement.
“It is malware in progress,” he said. “They keep throwing in new features, and perhaps have decided it’s stable enough to distribute.”
Evades Easy Detection
Klein said Shylock is distinguished by, “its ability to almost completely avoid detection by anti-virus scanners after installation, (using) a unique three-step process.”
First, it doesn’t run as a separate process, but embeds itself within applications running on a machine. Second, once it detects anti-virus scanning, it deletes its own files and registry entries, and remains active only in memory. That would normally mean it could not survive a system shutdown/reboot. But, Klein says, that is where its third capability comes in — to hijack the Windows shutdown.
“It hooks into the Windows shutdown procedure and reinstates the files and registry keys (previously removed) just before the system is completely shut down and after all other applications are closed (including anti-virus),” he said.
Beyond that, Klein said Shylock is “pretty sophisticated” malware that not only has its own HTML language, “but appears to have a converter that can take Zeus or SpyEye and turn it into its own format.”
Trusteer said machines running its primary product, Rapport, designed to help online banks, brokerages, and retailers secure the consumer desktop from financial malware attacks and fraudulent websites, are not vulnerable to Shylock. Klein said machines already infected can get rid of it by installing Rapport. About the only other way to eliminate a Shylock infection, if the machine does not have an internal battery, is to unplug its power source. But that will also clean the memory.
“If you unplug the computer and force a brutal shutdown, the memory will be reset and Shylock will be gone,” Klein said. “But Windows is going to whine a bit when it wakes up next. It’s tricky to turn off a computer in this way, and you can’t be sure it will restart properly.”
Read more about malware/cybercrime in CSOonline’s Malware/Cybercrime section.
source: PCWorld - By Taylor ArmerdingCSO

Facebook Integration Seems a Natural Fit for Mountain Lion, iOS

When Apple took the wraps off iOS 5 in June 2011, one of the marquee features the company announced was systemwide Twitter integration: Take a photo, see an interesting webpage in Safari, or come across a great video in YouTube, and iOS 5 lets you quickly share it with Twitter through the built-in Tweet Sheet.
When Mountain Lion arrives later this summer, Twitter sharing will come to the Mac, too. Apple announced systemwide integration as part of the features to be included in the next major version of OS X.
But what about Facebook? In December 2011, the social network reported that it had 845 million active users. And 425 million of those active monthly users at some point accessed Facebook from a mobile device. (Analysts estimate that Twitter will achieve a comparatively paltry 250 million active users only by the end of 2012.)
Why don’t Apple and Facebook cater to the nearly one billion users of Mark Zuckerberg’s social network with deep, systemwide integration?
What Facebook sharing could offer
Anywhere iOS can tweet today, and anywhere Apple says thatMountain Lion will offer Twitter integration, Facebook integration would seemingly work swimmingly, too. Today, iPhone photographers who want to share their photos via Facebook generally snap the photos in the Camera app, then switch over to Facebook, tap the button to post a picture, tap the button to choose a picture from the photo library, tap the photo, and then finally can tap to post the photo. To tweet a photo from the Camera app, of course, you take the photo, tap the Share icon, choose Tweet, and then tap to send your post. That’s a lot less tapping.
Because Facebook offers so many more kinds of data than Twitter, Facebook iOS (and Mac) integration could actually appear in more places. For example, including an option to share an event in Calendar as a Facebook event could make good sense.
Apple’s iPhoto desktop software already offers excellent Facebook integration-and no Twitter integration at all. This is clearly not a technological limitation; Apple could integrate with Facebook if it wanted to. So what’s the hold-up?
Did Facebook reject Apple’s friend request?
A Facebook spokesperson told Macworld: “iOS is an important platform for Facebook and we have a good relationship with Apple, working closely with their developer relations team on our Facebook and Messenger apps.”
So, does that “good relationship with Apple” mean Facebook integration may well come to Apple’s two major operating systems soon? “As you know, we don’t comment on what we might or might not do in the future,” the Facebook spokesperson said.
Apple, for its part, indicated that it would have no comment for this story. But the company did speak on the record about its relationship with Facebook back in September 2010, surrounding the launch of its still unpopular music-focused social network, Ping.
When Ping launched, it offered hookups with Facebook Connect, which meant you could find your Facebook-using friends on Ping. Then, Facebook Connect vanished from Ping.
Steve Jobs was Apple’s CEO at the time. He told All Things D’s Kara Swisher that Ping wouldn’t integrate with Facebook, because the latter network demanded “onerous terms that we could not agree to.” Now, prior to Jobs’s statement, Apple had publicly mentioned Ping’s Facebook connection, but something clearly changed within hours of Ping’s launch.
In her report back then, Swisher mentioned that some Facebook executives were irked by design similarities they noted between Ping and Facebook. Apple’s stance, as expressed by Jobs, was that Facebook wanted more personal data about Ping users than Apple was willing to share.
But how much protection is too much protection?
I tweet. I tweet too much. But my wife, parents, mother-in-law, and most of my local friends either created and abandoned their Twitter accounts, or never visited the service at all. But they all have Facebook accounts-and use them.
If Apple’s customers want and could benefit from Facebook integration-and I think they do and would-perhaps Apple should follow in the footsteps of a company that wanted to protect its users privacy, but eventually decided to put the decision in its customers hands. That company? Apple.
When it launched in-app subscriptions for the iOS App Store, Apple initially told publishers that Apple would own all the customer data and not share it. Apple eventually loosened up a bit, offering customers the option to opt-in to sharing their data with publishers. It’s a fine solution, in that it (mostly) appeases publishers, and certainly keeps customer privacy paramount.
That’s the same approach Apple should take with Facebook integration: If users are willing to share with Facebook, Apple should offer them a systemwide means to do so.
source: PCWorld - Lex FriedmanMacworld

Cutwail Drives Spike in Malicious HTML Attachment Spam

Over the past month, we have observed several large spam campaigns with malicious HTML attachments. We believe the botnet behind these campaigns is Cutwail. Here is data we collected, starting from the first day of 2012, illustrating spikes of spam with malicious HTML attachments:
Attaching an HTML file to an email is a tactic we have seen used in phishing. But recently, attackers have spammed out large volumes of HTML attachments that include malicious JavaScript. Here is an example we received a few days ago:
In the image above, we opened message with the attached .HTM file using the Mozilla Thunderbird email client. Although Thunderbird rendered the HTML attachment, fortunately its default settings prevented the malicious JavaScript in the HTML source code from running. The Thunderbird user needs to click the attachment or open the HTML file in a browser for the JavaScript to run.
The image below is another example of a more recent spam campaign. This particular message claims to be an invoice from a random company where an .HTM file is attached pretending to be an invoice file. Here, the sample spam was opened using Microsoft Outlook and the attachment just shows the icon of the default browser of the system. Again, in order for the malicious JavaScript to execute, the user needs to click the attachment to fire up a browser.
So what happens if the unsuspecting user opens the HTML attachment? Here is the HTML source code:
The first half of the HTML code is the benign part. It provides the “You are redirecting…” text in the browser title bar and prints “Please wait… Loading….” in the browser – the cybercriminal perhaps just being courteous. The second and malicious part is the script tag where the obfuscated JavaScript resides. The JavaScript writes an iframe that loads a webpage in the same browser window. But this is not an ordinary webpage; it contains code that attempts to exploit multiple vulnerabilities in the browser and its plugin. In our test machine, the landing page successfully exploited our browser’s default PDF reader with the Libtiff integer overflow in Adobe Reader vulnerability. The exploit ended up downloading and installing malware in our test computer, which at the time of writing, was a data-stealing Trojan with the antivirus detection name Cridex.
The landing page that contains the exploit code is a kit used by cybercriminals particularly for this spam campaign, the Phoenix Exploit kit. This exploit kit is readily available for cybercriminals to buy and use, all they need is their own webserver that can run PHP server scripts. The image shown below is the screenshot of the actual server’s “Phoenix Exploit’s Kit” admin page. The “—“ referrer in the statistics suggests that most visitors were NOT coming from another website but from the HTML files that the cybercriminals spammed out. It also shows over 4000 visitors, 15% of whom were successfully exploited.
source: m86security - By Rodel Mendrez