Tuesday 24 May 2011

Apple AirPlay lands on Windows Media Center

Apple AirPlay lands on Windows Media Center: "


No music yet, but it's a start

Apple AirPlay lands on Windows Media Center





A clever chap by the name of Thomas Pleasance has got in touch with Pocket-lint with news of a big breakthrough - Apple AirPlay via a PC using Windows Media Center.


Now, before you go getting all excited about streaming your iTunes music collection to your nettop and home cinema system, we better tell you that there's no music support at the moment, just video and picture streaming from your iPad, iPhone or iPod touch.


The add-in works in tandem with Apple's Bonjour service and apparently works 'seamlessly'.


It's only in its first beta stage at the moment but Thomas has already hinted at some of the new features going forward, including extenders support.


It's music that we want though, so we'll be keeping a keen eye on Thomas' progress and we'll let you know if and when that support lands.


In the meantime you can download the free add-in at madeformediacenter.com. It's free.





Tags:
AirPlay Windows Media Center Software Apple


Apple AirPlay lands on Windows Media Center



Apple AirPlay lands on Windows Media Center originally appeared on http://www.pocket-lint.com on Tue, 24 May 2011 10:55:00 +0100

" I will give it a try and report back my findings both good and bad "

" The Roving Giraffe News Report " provided through Ace News Service

Monday 23 May 2011

A New Suite of Safety Tools

A New Suite of Safety Tools: "

Safety has always been a social experience: as friends and family, we look out for each other and pass along advice to help each other stay safe. Safety on Facebook works the same way. By keeping each other informed, people make Facebook a more trusted environment. Today, we're making it easier to stay safe with the launch of new safety resources, tools for reporting issues and additional security features.

More Resources for Families

During President Obama's White House Conference on Bullying Prevention last month, we announced plans to expand our existing safety resources with new content for families. Beginning today, you can visit the newly redesigned Family Safety Center. There, you'll find useful articles for parents and teens and videos on safety and privacy, as well as many other resources. In the coming weeks, we'll also be providing a free, downloadable guide for teachers, written by safety experts Linda Fogg Phillips, B.J. Fogg and Derek Baird. We hope this guide will help educators with social media in the classroom.

Meet some of the team who work on safety at Facebook, many of whom are also parents.

Social Reporting Tools

We also recently unveiled a new social reporting tool that allows people to notify a member of their community, in addition to Facebook, when they see something they don't like. Safety and child psychology experts tell us that online issues are frequently a reflection of what is happening offline. By encouraging people to seek help from friends, we hope that many of these situations can be resolved face to face. The impact has been encouraging, and we're now expanding social reporting to other major sections of Facebook, including Profiles, Pages and Groups.

Advanced Security Features

We're also starting to introduce Two Factor Authentication, a new feature to help prevent unauthorized access to your account. If you turn this new feature on, we'll ask you to enter a code anytime you try to log into Facebook from a new device. This additional security helps confirm that it's really you trying to log in.

We announced earlier this year that people could experience Facebook over a secure connection using HTTPS. This feature helps protect your personal information and is particularly useful if you're uncertain about the security of your network or you're using public wifi to access Facebook. Today, we're improving HTTPS so if you start using a non-HTTPS application on Facebook, we automatically switch your session back to HTTPS when you're finished.

We think that social solutions to safety will become increasingly important to using the web. Tools like social reporting will help make our community even stronger, and we encourage you to use them.

Arturo, a director of engineering at Facebook, is excited about social reporting.


"

" The Roving Giraffe News Report " provided through Ace News Service

'Toyota Friend' Social Networking Service Is A Twitter For Car Owners

'Toyota Friend' Social Networking Service Is A Twitter For Car Owners: "

TOKYO -- Toyota is setting up a social networking service with the help of a U.S. Internet company and Microsoft so drivers can interact with their cars in ways similar to Twitter and Facebook.

Japanese automaker Toyota Motor Corp. and Salesforce.com, based in San Francisco, announced their alliance Monday to launch 'Toyota Friend,' a private social network for Toyota owners that works similar to tweets on Twitter.


Read More...

More on Social Networking



" This should be really interesting and will it be a prelude to other similar companies using social media as an avenue for getting facial and social awareness of peoples needs. ?

" The Roving Giraffe News Report " provided by Ace News

Numbered: The Week's Must-See Tech Stats

Numbered: The Week's Must-See Tech Stats: "

'Numbered,' our weekly digits digest, is bringing you the numbers behind the news.

This feature highlights the top new stats, facts, and figures to bring you the latest on tech, by the numbers, and quantify the changing state of mobile, social media, and more.

In this week's edition: Sony predicts major losses, LinkedIn's value soars, Microsoft warns of attacks, and more. See last week's stats here.


Read More...




"

" The Roving Giraffe News Report " provided through Ace News Service

President Obama's cybersecurity plan - Part 2 Data Breach Notification Act

President Obama's cybersecurity plan - Part 2 Data Breach Notification Act: "
ID theftFollowing up on yesterday's post outlining the proposed changes to RICO and the Computer Fraud and Abuse Act, today I will dissect the White House's proposal for the National Data Breach Notification Act.

Currently 47 states have data breach notification laws with varying rules and requirements. This makes it very difficult for national and multinational organizations to understand when they must report lost or stolen data and how they must report it. The idea of a national law in the US has been debated for a couple of years now, and this proposal seems to strike a nice balance.

First, the definition of Personally Identifiable Information, or PII:


  1. Full name plus any two of the following

    1. Address and phone number
    2. Mother's maiden name
    3. Month, day, and year of birth

  2. Social Security Number (SSN), driver's license number, passport number, alien registration number, or other government issued identification number

  3. Biometric data such as fingerprints, retinal scans, etc.

  4. Unique account numbers, financial account numbers, credit card numbers, debit card numbers, electronic IDs, user names or routing codes

  5. Any combination of the following

    1. First and last name or first initial and last name
    2. See item four above
    3. Security codes, access codes, passwords or source codes used to derive the aforementioned

RolodexThe new rules would apply to any business possessing the PII of 10,000 or more individuals in a 12-month period. They would supersede any existing state laws, creating one unified national standard.

Organizations discovering lost or stolen PII would have 60 days to notify affected customers unless law enforcement or national security concerns intervene. If there are extenuating circumstances, organizations can provide proof to the Federal Trade Commission (FTC) that they require up to an additional 30 days.

FTC fight back against ID theft logoThe proposal includes a 'safe harbor' provision when measures are in place to protect data (encryption). Organizations must still report the data loss to the FTC within 45 days, including a professional risk assessment, logs of access to the data and a complete list of users who had access to the protected data.

If data is determined to be properly protected and evidence is submitted on time, individual notifications would be unnecessary. Financial institutions who only lose account numbers are also exempt if other protective measures are in place to prevent fraud.

After a data loss incident, organizations would be required to notify individuals by letter, phone or email.

Notices would include what information was compromised and a toll-free number to contact the company responsible to obtain more information. If a third party lost the data, the notice must include the name of the original collector (direct business relationship) of the PII.

States may pass laws requiring notifications to include information about identity theft/fraud prevention.

When more than 5,000 victims are involved, organizations would be required to do the following:


  • Place advertisements in mass media ensuring potential victims are aware of the risk they are being exposed to.

  • Notify all consumer credit reporting agencies of the victims within 60 days of discovery.

Police badgeBusinesses would be required to notify the Department of Homeland Security for law enforcement purposes when any of the following are true:


  • The breach contains, or is believed to contain, PII on 5,000 or more individuals.

  • The breach involves a database or network of databases that contain PII on 500,000 or more individuals.

  • The breach involves a database owned by the United States government.

  • The breach involves PII of employees or contractors of the United States government involved in law enforcement or national security.

Notice to DHS must occur 72 hours before individual notices are served, or 10 days after discovery of the incident, whichever comes first.

The proposed rules would be enforced by the FTC after consultation with the US Attorney General to ensure there is no interference with ongoing criminal investigations. State Attorneys General would also be able to enforce the rules within their jurisdiction after notifying the FTC.

Penalties for non-compliance would be $1000 per person affected per day, for a maximum of $1 million. There would not be a maximum penalty if it is determined the non-compliance was willful or intentional.

Organizations that are required to comply with HIPAA or HITECH data protection laws are exempt from this legislation.

It appears the Obama Administration and Howard Schmidt, the President's Cyber-Security Coordinator, have taken careful notes from the different laws passed by individual states. This proposal is a great start to making data security a priority and contains provisions to make adjustments after implementation.

Why not download the 'The State of Data Security' report we published today? It covers the most prominent data loss incidents and details the actions you can take to prevent you from being the next company to have to notify your customers.




" WELL DOES IT GO FAR ENOUGH - OR TO FAR - LEAVE YOUR COMMENTS ?

" The Roving Giraffe News Report " provided by Ace News

Google rolls out silent fix for Android security vulnerability

Google rolls out silent fix for Android security vulnerability: "

AndroidsThere's good news for any owners of Android devices worried about the recently announced security vulnerability that could allow allow unauthorised parties to snoop on your Google Calendar and Contacts information.


Google has already started rolling out a fix!


The issue had already been fixed in Android 2.3.4 (codenamed Gingerbread), but as we mentioned earlier this week over 99% of Android users are running earlier versions of the operating system.


Google has started to implement a server-side patch that addresses the issue for all versions of the Android OS. The great news is that it doesn't require a software update on the Android devices themselves - meaning the fix is automatic and worldwide. Effectively this is a silent fix.


The fix addresses a vulnerability with the use of authTokens for Google's Calendar and Contacts apps discovered by researchers at Germany's University of Ulm, but a similar issue with Picasa is still being investigated. If not fixed, the problems could mean that a hacker could snoop on your activity when you use an unencrypted WiFi hotspot and steal personal information.


Google reckons the work will be complete, and all devices secured from this vulnerability, within the week by forcing its servers to use an encrypted HTTPS connection when Android phones try to sync with them.


Here's what a Google spokesperson had to say:


'Today [May 18th] we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days.'


So, it's a very good thing that this problem is being fixed. Of course, concerns still remain as to how easy it would be to fix a serious security vulnerability on the Android devices themselves, given that Google is so reliant on manufacturers and carriers to push out OS updates.





"

" The Roving Giraffe News Report " provided by Ace News

Microsoft study asserts social engineering more common than exploitation

Microsoft study asserts social engineering more common than exploitation: "

OK buttonEarlier this week Microsoft posted a blog entry showing statistics from their SmartScreen technology built into Internet Explorer (IE) 7, 8 and 9.


Their conclusions? One in every 14 downloads is malicious (of the malicious files that Microsoft is aware of) and this represents between two and five million malware attacks per day against IE users. Microsoft uses this to assert that users are falling prey to malicious downloads far more often than drive-by exploits.


While these statistics are fascinating, and very useful for those of us without the ability to collect this type of information, Microsoft is comparing apples to. . . nothing.


SmartScreen itself is unable to prevent exploits from convincing Adobe Reader, iTunes, Real Player, Adobe Flash, Java and other technologies from downloading malicious content, and Microsoft hasn't presented any data on how often exploits are actually being used.


The purpose of their post is to point out the success of Microsoft's reputation filtering they added in IE 9. While it is an interesting step forward, Microsoft's own statistics raise more questions than they answer.


Microsoft states that 90% of downloads do not trigger a warning, which implies that 1 in every 10 times I try to grab something I get a scary warning message. When I receive this scary warning message, there is a 30% to 75% chance that it is a false positive.


This reminds me of an article I wrote for Virus Bulletin last year about browser SSL certificate warnings. Considering the scary warning messages that browsers display to users and the frequency with which they are confronted with these warnings, we end up training our users to simply click through.


Users think, 'If this were truly dangerous, it would have simply been blocked, right?' Microsoft's statistics show that in a real world attack 99% of users did delete the file, but this warning message is still a new phenomenon. It will be interesting to see how many click through over the long run.


Even worse, if up to 75% of the time you get the warning you are downloading a legitimate file, will you continue to pay attention to the warning when it really matters?


Later in their post they claim that a typical user is presented this warning only two times per year. If that is true, that means users are only downloading 20 files per year and won't see this too often. I don't know anyone who only downloads 20 files per year.


These numbers just don't really add up.


Microsoft also points out that applications triggering the warning are not Authenticode signed most of the time. While the concept of digital signatures representing trustworthiness is at the heart of many security solutions, its implementation is often flawed.


As we saw with the Stuxnet worm last year, legitimate signing certificates that were 'trusted' were stolen and used by malware authors to increase their chances of bypassing security technologies.


I do not believe most computer users are equipped with the knowledge necessary to make good decisions regarding deeply technical problems. When they are confronted with a question attempting to stop them from making a mistake it is often viewed as an annoying roadblock.


Earlier this month we saw a large number of Apple Mac users falling victim to a fake anti-virus attack that required them to type their administrative password. Clearly users will jump through hoops when presented with the opportunity if they are being tricked into doing something they think they want to do.


As security experts we need to make safety online as black and white as possible. While SmartScreen is doing a great job at stopping known badware, I'm not convinced that reputation technologies that require users to make technological decisions are the right answer to the problem.





"

" The Roving Giraffe News Report " provided by Ace News