Microsoft Give Users The Option To Kill Sidebar And Gadgets To Protect Themselves….. What?

In a recent security note, Microsoft has released a FixIt tool that completely disables the sidebar functionality along with gadgets to protect users from an unspecified security threat:

Disabling the Windows Sidebar and Gadgets can help protect customers from vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets. In addition, Gadgets installed from untrusted sources can harm your computer and can access your computer’s files, show you objectionable content, or change their behavior at any time.

An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

So there’s a threat out there that users can choose to protect themselves from by disabling a function of Windows Vista or 7, but we don’t know what the threat is. That tells me this. If there was an active exploit floating around out there, Microsoft would be way more aggressive about this and they wouldn’t be giving users the choice to disable the sidebar and gadgets. That says to me that this risk is real, but theoretical at this point. You’ll have to make the decision on your own to use this FixIt tool or not depending on your paranoia level. Though I will point this out. Gadgets are entirely optional and are proactively downloaded and enabled by users. So if you don’t want your Windows Vista or 7 system compromised, don’t download stuff that comes from questionable sources. That’s a better way to protect yourself.

Hey IT Nerd! What Is A Retina Dispaly And Why Do I Want One?

With the new MacBook Pros not to mention the most recent iPad, iPod Touch and iPhone 4S, Apple have tossed around the words “retina display” in relation to their displays. So what sets the retina display apart from other displays? Retina displays have pixel density that is so high that the eye would not be able to notice pixelation at a typical viewing distance. The other thing that these displays bring is much higher resolutions. For example, in the new MacBook Pros, you get a display that has a resolution of 2880×1800 on a 15″ display. That’s better than 1080p resolution.

Why do you want one? Simple. If you surf the Internet, type up letters using Microsoft Word and do other mundane tasks like that, the answer is no. It’s completely overkill for those tasks. However, if you edit video, pictures, or you simply want the sharpest display possible then the retina display is for you. In either case, you should see the displays in action at your local Apple store and judge for yourself if the retina display is right for you.

Nielsen Says Android Leads, Apple Follows, And Blackberry Dying In Q2 2012

Nielsen released stats about smartphone purchases in Q2 2012. A bunch of things pop out. First of all, 2 of 3 Americans are opting for smartphones. But what are they opting for? Here’s the stone cold truth:

Android continues to lead the smartphone market in the U.S., with a majority of smartphone owners (51.8%) using an Android OS handset. Over a third (34.3%) of smartphone owners use an Apple iPhone, and Blackberry owners represented another 8.1 percent of the smartphone market.

Well. I think that tells a lot. Nobody wants a Blackberry which is just one more nail in their coffin. Consider that not to long ago Blackberry marketshare was 15%. Another thing to note is that Apple isn’t as dominant as you might think in the smartphone market. They may sell more than any smartphone manufacturer. But clearly all the Android manufacturers combined give Android a bigger market share. That’s something that cannot be ignored.

Let’s see what happens in Q3. Android 4.1 should be out by then along with the much rumored iPhone 5. And there will be no new Blackberry product on the streets. I can guess what the results will be.

Yahoo Hacked….. 450K Logins Posted….. Time To Wake Up Says Hackers [UPDATED]

News.com is reporting that Yahoo has had an epic hack. And those how did the hack sent a message on the tail end of the hack:

The hacked data, posted to the hacker site D33D Company, contained more than 453,000 login credentials and appears to have originated from the Web pioneer’s network. The hackers, who said they used a union-based SQL injection technique to penetrate the Yahoo subdomain, intended the data dump to be a “wake-up call.”

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” the hackers said in a comment at the bottom of the data. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

The subdomain in question is Yahoo Voice. Here’s what Yahoo had to say:

Yahoo confirmed that it is looking into the matter. “We are currently investigating the claims of a compromise of Yahoo! user IDs,” it said in a statement, according to the BBC. The company also told the BBC that it was unclear which portion of its network was affected, after first having said the problem originated at Yahoo Voice.

If this is the case, and it looks like it is, then the Yahoo’s of the world need to tidy up their security. Clearly if this group, or any group for that matter, can get this info, then security on the web is in need of serious improvement.

UPDATE: Yahoo has confirmed that the usernames and passwords of more than 400,000 accounts were stolen from their servers earlier this week and that data was briefly posted online. The information has since been removed but it wasn’t just credentials for Yahoo, but also Gmail, AOL, Comcast, Hotmail, MSN, SBC Global, BellSouth, Verizon and Live.com as well. Yikes! If you are now paranoid about the security of your Yahoo account, you can use this to check to see if you’re one of the unlucky 400,000.