Zune HD Movies & A Whole Lot More

With TV shows, music video, and video podcasts already proliferating the Zune marketplace, it was really only a matter of time before Microsoft dipped its toes into HD movies -- not to mention kind of a logical step since Xbox Live was getting its movie section Zune-branded. BostonPocketPC writer Steven Hughes has uploaded pictures of an alleged pamphlet handed out at Best Buy's Zune HD showings that, among other things, make reference to finding Zune Marketplace content including HD movies. Ban on HDTV Media Center recordings notwithstanding, things are looking great for Zune 4.0 software.
The ID (Industrial Design) of the Zune is really cool mainly due to the addition of the OLED (Organic Light Emitting Diode) technology lending to its svelte thin size. This device is really thin! Placed next to an iPod Touch for size comparison and when placed next to an 8GB Flash Zune, The Zune blows the itouch away!! The weight is very light and barely noticeable in one’s pocket. This is a hit!

Apple Releashes Snow Leopard

Apple began shipping its newest operating system to customers on Friday, a little earlier than expected. Mac OS X Snow Leopard is not as much about adding new features as it is about refining the code in the operating system. For instance, according to Apple, 90 percent of the Mac OS X code has been worked on for the Snow Leopard release. Snow Leopard could include some features that would make it secure, or at least push it closer to the level of security that Vista and Windows 7 have, experts said this week. Macintosh is not more secure from a software standpoint than modern Windows; it's merely safer to use because malware writers prefer to target the platform with the biggest install base. Mac OS X Snow Leopard will cost $29 as an upgrade for Leopard users. For Mac OS X Tiger users, the Mac Box Set, which includes Mac OS X Snow Leopard, iLife '09 and iWork '09, will cost $169.

Hands-on look at the Zune HD Web browser

Here we have the Zune HD's mobile Web browser, which we're told was engineered by Microsoft's Internet Explorer team. The browser displays Web pages in a similar fashion as Apple's iPhone and iPod Touch, using pinching and flipping gestures to zoom and scroll through content. Pages also reorient themselves based on the position of the device, flipping from landscape to portrait view depending on the tilt of the screen.

Photo by Donald Bell/CNET

Twitter Facebook War

On Thursday night, Facebook announced that it's launched its first official Twitter app--sort of. In a post on the company blog, Facebook announced that updates to "fan pages," public profiles for celebrities, brands, organizations, and what-have-you, can now be sent out through Twitter.
"Public figures, musicians, businesses and organizations of all types who've created Facebook Pages often want to share a status update, a photo or an event with as many of their supporters as possible," the post by Facebook employee Michael Gummelt read. "Celebrities may want to share personal news or charities may want to put out calls for help to both their Facebook fans and their Twitter followers, all at the same time."
This is basically something that many blogging and publishing services already do: offer a way to automatically syndicate a short blurb and a link onto Twitter. It's a no-brainer. But Facebook and Twitter have a complicated history. Facebook attempted to acquire Twitter last year, and Twitter turned the offer down. Then, earlier this summer, Facebook did acquire FriendFeed, a social-network aggregator that failed to gain mainstream traction but pioneered many of the real-time, streaming features that are now central to both Facebook and Twitter.

Apple Not So Secure

Apple has released Safari 4.0.3 to fix at least six security vulnerabilities that put Mac and Windows users at risk of hacker attacks.
The update is considered highly-critical and should be immediately applied on both Windows and Mac systems because of the risk of information disclosure, phishing and remote code execution attacks.
Here’s a snapshot of the vulnerabilities being fixed:

* CVE-2009-2468 (Windows XP and Vista) — A heap buffer overflow exists in the drawing of long
* text strings. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
* CVE-2009-2188 (Windows XP and Vista) — A buffer overflow exists in the handling of EXIF metadata. Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
* CVE-2009-2196 (Mac OS X, Windows XP and Vista) – Safari 4 introduced the Top Sites feature to provide an at-a-glance view of a user’s favorite websites. It is possible for a malicious website to promote arbitrary sites into the Top Sites view through automated actions. This could be used to facilitate a phishing attack.
* CVE-2009-2195 (Mac OS X, Windows XP and Vista) — A buffer overflow exists in WebKit’s parsing of floating point numbers. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
* CVE-2009-2200 (Mac OS X, Windows XP and Vista) — WebKit allows the pluginspage attribute of the ‘embed’ element to reference file URLs. Clicking “Go” in the dialog that appears when an unknown plug-in type is referenced will redirect to the URL listed in the pluginspage attribute. This may allow a remote attacker to launch file URLs in Safari, and lead to the disclosure of sensitive information. This update addresses the issue by restricting the pluginspage URL scheme to http or https.
* CVE-2009-2199 (Mac OS X, Windows XP and Vista) – The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious website to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by supplementing
* WebKit’s list of known look-alike characters. Look-alike characters are rendered in Punycode in the address bar.

Game Sales Drop

Sales of video games and consoles in the US fell to $848.9m (£512.2m) in July, down 29% from $1.19bn in the same month last year.
It was the fifth consecutive monthly decline in the figures from the research group NPD.
Nintendo's Sports Resort game for the Wii console was the month's best-seller with 508,000 copies bought.
The Wii remained the top-selling console, followed by Microsoft's Xbox 360 and Sony's Playstation 3.
About 250,000 Wii consoles were sold, which was roughly half the level from the same month last year.
There is optimism that sales will be boosted in the second half of the year by sales of new titles such as The Beatles: Rock Band, and the latest games in the Halo and Madden football series.
"I think the silver lining is, we're in the trough of the decline," said Michael Pachter, an analyst at Wedbush Morgan.
The thing is there are no good games out.

Apple iPhone SMS Flaw Patch

Apple has issued an iPhone 3.0.1 software update for flaw.
The flaw potentially allows an attacker to take control of a targeted phone by way of a specially crafted text message. Once the flaw has been exploited, an attacker could install malware on the device or use it to perform spam runs and further attacks.
Discovery of the flaw was credited to security researchers Charlie Miller and Collin Mulliner. The two researchers formally announced and detailed the flaw earlier this week at the Blackhat security conference.
The researchers noted that similar flaws exist in the SMS components for the Google Android and Windows Mobile platforms.
As with all other iPhone software updates, users can download and install the new fix through iTunes. The update is installed when the user plugs the handset into an authorised Mac or PC system.
Discovery of the vulnerability comes as experts and cyber criminals have been giving increased attention to mobile phones. Security researchers have been attempting to secure handsets against attack, while hackers have been exploring potential avenues of attack and uses for compromised devices.

Twitter Gets A denial-of-service attack

Twitter was inaccessible for several hours on Thursday morning, followed by a period of slowness and sporadic time-outs (and more outright downtime). The company is blaming an "ongoing" denial-of-service attack but has not said anything further. Facebook has also confirmed that it was targeted by a DoS attack that rendered some of its features slow or non-functional.
"We are determining the cause and will provide an update shortly," Twitter's staff posted at 6:43 a.m. PDT on the service's status blog.
Then, around 7:49 a.m. PT, the company posted, "We are defending against a denial-of-service attack and will update status again shortly."
Around 8:15 a.m., the status blog post was updated with "The site is back up, but we are continuing to defend against and recover from this attack." (I still was unable to access Twitter.)
Way back when, Twitter outages were so commonplace that it was worth reporting when it didn't crash--as when it stayed afloat during the entire South by Southwest Interactive Festival in 2008.
Twitter wants to establish itself as a communications standard rather than just a social-media brand. It's been a crucial platform for information exchange in the face of global events where more traditional means of broadcasting have been inaccessible or blocked.