Microsoft latest security risk: "Cookiejacking"

BOSTON (Reuters) - A computer security researcher has found a flaw in Microsoft Corp's widely used Internet Explorer browser that he said could let hackers steal credentials to access FaceBook, Twitter and other websites.

He calls the technique "cookiejacking."

"Any website. Any cookie. Limit is just your imagination," said Rosario Valotta, an independent Internet security researcher based in Italy.

Hackers can exploit the flaw to access a data file stored inside the browser known as a "cookie," which holds the login name and password to a web account, Valotta said via email

Once a hacker has that cookie, he or she can use it to access the same site, said Valotta, who calls the technique "cookiejacking."

The vulnerability affects all versions of Internet Explorer, including IE 9, on every version of the Windows operating system.

To exploit the flaw, the hacker must persuade the victim to drag and drop an object across the PC's screen before the cookie can be hijacked.

That sounds like a difficult task, but Valotta said he was able to do it fairly easily. He built a puzzle that he put up on Facebook in which users are challenged to "undress" a photo of an attractive woman.

"I published this game online on FaceBook and in less than three days, more than 80 cookies were sent to my server," he said. "And I've only got 150 friends."

Microsoft said there is little risk a hacker could succeed in a real-world cookiejacking scam.

"Given the level of required user interaction, this issue is not one we consider high risk," said Microsoft spokesman Jerry Bryant.

"In order to possibly be impacted a user must visit a malicious website, be convinced to click and drag items around the page and the attacker would need to target a cookie from the website that the user was already logged into," Bryant said.

Facebook leaked keys to account data: Symantec

US computer security firm Symantec has said that Facebook accidentally left a door open for advertisers to access profiles, pictures, chat and other private data at the social network.

Facebook told AFP that there was no evidence anyone stepped through that door and swiped any information from the accounts of its more than 500 million members.

Symantec discovered that certain Facebook applications leaked tokens that act essentially as "spare keys" for accessing profiles, reading messages, posting to walls or other actions.

Facebook applications are Web software programs that are integrated onto the leading online social network's platform. Symantec said that 20 million Facebook applications, such as games, are installed every day.

"We appreciate Symantec raising this issue and we worked with them to address it immediately," Facebook said in response to an AFP inquiry.

The tokens were being leaked to third-party applications including advertisers and analytics platforms, allowing them to post messages or mine personal information from profiles, according to Nishant Doshi of Symantec.

"Fortunately, these third-parties may not have realized their ability to access this information," Doshi said in a blog post.

"We have reported this issue to Facebook, who has taken corrective action to help eliminate this issue."

Symantec estimated that as of April, nearly 100,000 applications were giving away keys to Facebook profiles.

"We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties," Doshi said.

Facebook confirmed the problem, which was discovered by Doshi and Symantec colleague Candid Wueest, according to the computer security firm.

But Facebook said the Symantec report had a few "inaccuracies."

There was no evidence that the problem resulted in private information being gleaned from Facebook members' accounts, according to the California-based social networking service.

"In addition, this report ignores the contractual obligations of advertisers and developers which prohibit them from obtaining or sharing user information in a way that violates our policies," Facebook said.

There was no reliable estimate of how many tokens have been leaked since the release of Facebook applications in 2007.

Despite whatever fix Facebook has put in place, token data may still be stored in files on third-party computers, Symantec warned.

"Concerned Facebook users can change their Facebook passwords to invalidate leaked access tokens," Doshi said.

"Changing the password invalidates these tokens and is equivalent to 'changing the lock' on your Facebook profile."

Five game accessories you don't need

he video game industry is littered with terrible gadgets. But while the gaudiest gear -- Nintendo's ROB the Robot and PowerGlove, or the original Xbox's massive Steel Battalion setup -- score headlines, it's the smaller bits and baubles that can really make you crazy.

Intended to make your gaming experience smoother, easier, smarter, or prettier, the worst extras often wind up spending more time in a drawer than your hands. Here are a few pieces of gaming hardware you should probably play without:

HDMI CablesExpensive HDMI Cables

It's a common tale: You tear open the box for your brand new home console, start setting it up, but are miffed to find that the system didn't come with the correct cable to take advantage of your HD TV. You'll need an HDMI cable -- and that's where things get kooky.

We're not going to venture too deeply into the debate about whether 'high-end' HDMI cables deliver better visual quality than cheap ones. That's something videophiles can quibble over. The fact is: The majority of the population isn't nuance-focused enough to see a dramatic difference between bargain basement cables and, for instance, these clinically-insane $1,000 cables. Save your money -- and your mind -- by keeping your HDMI purchase under $20 and spend the extra dough on a new game or two.

8-in-1 Wii Sports PackWii Sports add-ons 

There are really too many of these silly plastic extensions to list separately. Put simply, any device you stick your Wii remote into that looks like a tennis racket, golf club, baseball bat or any other full- or partial-sized sporting utility does nothing more than make you look like a dork. On top of that, the added weight may slow down your reaction time and make you a worse player. And, let's face it, there are enough recorded accidents from the Wii without having to add accessory-related damages to the mix. Unless your kid is absolutely begging for a plastic fishing rod or something, leave the Wiimote alone.

Glowing PS3 controllerCheap, gimmicky third-party controllers

While there are a handful of good third-party controllers on the market, most are bad ideas. In general, they're less comfortable than first-party controllers, and it's not uncommon for the triggers to get stuck and for parts to break when subjected to heavy usage. Need another controller? Spend the extra $10 or so and grab one from the company that made the console. They know it best -- and they've spent the most time and money researching what players truly want from a gamepad.

Check out the Craziest Game Controllers

3rd Space VestsGaming Vests

Everyone wants their game to be more immersive. That's especially true in shooters like Call of Duty and Bioshock. But there's a point where immersion goes too far. That point is the video game vest.

Goofy vests have been around for ages (N64 Rumble Vest, anyone?), but these days the market is corned by the 3rd Space Game Vest. Taking force feedback to the next level, the vest ... well, let's allow the company's marketing to explain: "Sense the direction and force of bullet fire, crushing explosions, and fear-inducing finger taps, perfectly synced with the on-screen action." Using an air compressor to simulate the impact of bullets, this vest will simultaneously make a questionable fashion statement and set you back $139. Wear a jacket instead.

DSi ZoomDSi Zoom Lens 

Look, we know it's cool that the Nintendo DSi comes with a camera, but no one in their right mind is going to use this thing as their primary method of capturing life's Kodak moments. Fun for parties? Sure, but attaching wonky, unwieldy lenses to a streamlined device like the DSi is just silly. If you absolutely feel the need to buy attachable lenses, maybe it's time to start looking into DSLRs.

Chinese tech giants fight over 4G phones

Two of China's biggest technology companies have launched a court battle in Europe over mobile phone patents in a rare public clash between firms Beijing is promoting as national champions.

The fight between Huawei Technologies Ltd. and ZTE Corp. highlights the challenge for communist leaders who need to manage Chinese corporate ambitions as they try to create global competitors in telecoms, energy and other fields. It is the first case of its kind between major Chinese companies, which usually settle disputes in private.

"We're going to see more of this in this industry and others," said David Wolf, a technology marketing consultant in Beijing. "The government will find, wow, we've got these national champions, but now they're trying to kill each other."

The dispute centers on fourth-generation mobile technology, which companies that are developing it say will deliver more stable connections, wireless broadband and other advances. It is in limited use in the United States and being tested elsewhere.

Control of key patents could help decide which equipment suppliers are positioned to reap billions of dollars in sales once it is rolled out in other markets.

Huawei and ZTE make network gear, the core of phone systems. They have multibillion-dollar annual sales in China, Africa and Latin America and see themselves as potential global 4G leaders. That fits with Communist Party hopes to transform China from a low-cost factory into a creator of profitable technology.

Huawei announced last week it filed patent infringement lawsuits against ZTE in France, Germany and Hungary. ZTE rejected the claims and said it has asked a French court and Chinese regulators to invalidate a Huawei patent.

Huawei and ZTE are among China's first wave of fledgling multinational companies. They compete with Nokia-Siemens Networks, Ericsson and Alcatel-Lucent and have a small but growing U.S. and European presence.

Their dispute comes amid mounting complaints by foreign business groups about Beijing's industrial policy. They say China is improperly supporting favored companies by limiting market access and providing low-cost loans and other support.

Huawei's lawsuits accuse ZTE of infringing patents for data cards and improperly using a Huawei-registered trademark on some of its products.

"We will do whatever is required to ensure that the use of Huawei's intellectual property by any company is based on internationally accepted protocols and practices," said Huawei's chief legal officer, Song Liuping, in a statement.

ZTE said its lawsuit accused Huawei of infringing its 4G patents. The company said it also has asked a French court and China's State Intellectual Property Office to invalidate Huawei's patents for a rotary USB connector used to exchange data between devices.

"ZTE respects the intellectual property rights of other companies, but it will not stop protecting its own intellectual property rights," said a company statement.

Huawei, founded in 1987 by a former Chinese military engineer, has 110,000 employees and reported 2010 revenues of 182 billionyuan ($28 billion). ZTE, founded in 1985, has 70,000 workers and reported 2010 revenues of 70 billion yuan ($10.8 billion).

Their status as industry leaders gives both high-level political influence. But Chinese leaders want both to succeed — a possible reason for a stalemate and the decision to go to court.

An impartial ruling by a European court also might add to the winner's appeal for potential customers by reinforcing its status as a technology creator, rather than a Chinese policy tool.

"They are making an interesting statement by filing those lawsuits not in Chinese courts but overseas, because Chinese courts are perceived to be very political, and they want this matter obviously adjudicated on the legal merits," said Wolf, CEO of Wolf Group Asia.

Huawei and ZTE are unusual among major Chinese companies because they compete directly with each other, offering similar products in the same markets.

Authorities who want China's potential global companies to focus their competitive energies on foreign rivals have tried to head off clashes in other industries by assigning different markets or products to individual enterprises.

In aerospace, a plan to create a homegrown jetliner to compete with Boeing Co. and Airbus Industrie was assigned to one state-owned company while a potential rival was told to develop a smaller regional jet instead.

Huawei has suffered setbacks as it tries to expand in the United States. It was forced in February to unwind its acquisition of 3Leaf Systems, a maker of cloud computing technology, after it failed to win approval from a U.S. security panel.

In a separate case, Huawei won a court order that temporarily blocked the sale of Motorola Solutions Inc.'s network business to rival Nokia-Siemens Networks. Huawei said the deal might reveal business secrets because Motorola sold Huawei equipment. Motorola settled with Huawei for an undisclosed fee.

Also this month, Ericsson said it has filed lawsuits against ZTE in Britain, Germany and Italy accusing the company of infringing patents for handset and network technology. The Swedish company asked the courts to block ZTE from selling mobile phones that contain the disputed technology and some network products.

___

Huawei Technologies Ltd: www.huawei.com

ZTE Corp.: www.zte.com.cn

Area-51 ALX Desktop

Let the Bragging BeginThe new Area-51® ALX is Alienware's most powerful desktop, giving you the most bone-shaking, body-quaking performance in the universe. With the highest overclocked CPUs, the most extreme graphics and new aggressive design, you'll be the deadliest force that’s known and feared by all other gamers. Go ahead — the bragging rights are now yours.

The Fastest Speeds Possible

Accelerate your gaming speed to heart-stopping levels with Intel®Core™ i7 975 Extreme processors, pre-overclocked by Alienware's experts for ultimate power. Get the advantage of CPUs pushed up to two or three additional bin speeds — as high as 3.86GHz. With the highest overclocked speeds around, you'll be amazed by what you can do.

The Ultimate Visual Experience™Conquer and destroy any competition with the most powerful graphics in the universe. ATI CrossFireX™ and NVIDIA® SLI graphics deliver higher frame rates at HD resolutions, all while maxing out game settings. Choose the GPU brand that best fits your needs. Then add a second graphics card to experience a new level of spectacular performance — all of it cooler and quieter, thanks to the liquid-cooled configuration.

ATI CrossFireX - Dominate any game with the ultimate multi-GPU performance gaming platform, enhanced by the latest Microsoft DirectX technology.


NVIDIA SLI - Don’t dial back game settings; crank ’em up. With NVIDIA SLI graphics and Microsoft DirectX technology, you will experience your digital media like never before.

Multi-GPU Support - Add a second graphics card to increase your gaming performance by up to 100%, while enjoying more vivid images and faster transitions. With dual graphics cards, you can power up to four independent digital displays. Stay deep within your game on a main monitor and still keep up with your other tasks.

Unmatched Visual Immersion - Build your system with the best gaming GPUs and still have room for the other essentials of an immersive experience, including crystal clear sound and optimized networking.

Your Command CenterAlienware Command Center provides intuitive, user-friendly access to exclusive applications, including AlienFX® lighting effects, Alienware thermal controls and AlienFusion power management. Updates and new releases download directly into Command Center, creating a constantly evolving tool for personalizing your system.

AlienFX Lighting — Choose from an array of 20 colors — up to an amazing 64 million lighting color combinations — to customize the effects across several distinct zones.

Designed for Total DominationThe power of the Alienware Area-51 ALX is undeniable — inside and out. Take command immediately with Alienware's all-new, anodized aluminum case design that includes motorized vents for managing your thermals and intimidating the competition.

Active Venting — This Alienware-exclusive feature helps your system stay cooler in the heat of battle. Controlled through Alienware's Command Center, the series of motorized vents can be programmed to allow greater airflow in high-performance situations.

Easy, Lighted Access - Look inside the Alienware Area-51 ALX, and you'll see why it's easier than ever to make this desktop your own. You can access most of the core components without any tools for faster upgrades. And the chassis includes two-zone, internal theater lighting — powered by rechargeable batteries — so you can service the system even when the A/C cord is unplugged.


Liquid Cooling - Eliminate distractions with high-performance CPU liquid cooling, which is more than twice as quiet as the standard heatsink and fans on other PCs. The efficient cooling also increases the reliability of your overclocked settings.

Tech Spec

Processor

Intel® CoreTM i7 990x (4GHz/12MB cache)
Intel® CoreTM i7 990x (3.46GHz/12MB cache)
Intel® CoreTM i7 960 (3.2GHz/8MB cache)

Operating System

Genuine Windows® 7 Ultimate 64-Bit
Genuine Windows® 7 Professional 64-Bit
Genuine Windows® 7 Home Premium 64-Bit

Memory2


Up to 12GB2 Tri-Channel DDR3 SDRAM at 1333Mhz - 3 DIMMS
Up to 6GB2 Tri-Channel DDR3 SDRAM at 1866Mhz - 3 DIMMS
Up to 12GB2 Tri-Channel DDR3 SDRAM at 1600Mhz - 3 DIMMS

Hard Drive Help Me Choose

Up to 2000GB3 SATA II hard drive (7200RPM)
Up to 1280GB3 SATA II hard drive (10000RPM)
Up to 512GB3 Solid State hard drive

Optical Drive

Single Optical Disc Drive Options

16X Dual-Layer Burner (DVD±RW)
24X Dual-Layer Burner (DVD±RW)
Dual Layer Blu-ray Disc™ Reader (BD-ROM, DVD±RW, CD-RW)
6X Dual Layer Blu-ray Disc™ Burner (BD-RE, DVD±RW, CD-RW)

Dual Optical Disc Drive Options

Drive 1: 16X Dual-Layer Burner (DVD±RW)
Drive 2: Dual Layer Blu-ray Disc™ Reader (BD-ROM, DVD±RW, CD-RW)
Drive 1: 16X Dual-Layer Burner (DVD±RW)
Drive 2: 6X Dual Layer Blu-ray Disc™ Burner (BD-RE, DVD±RW, CD-RW)
Drive 1: 24X Dual-Layer Burner (DVD±RW)
Drive 2: Dual Layer Blu-ray Disc™ Reader (BD-ROM, DVD±RW, CD-RW)
Drive 1: 24X Dual-Layer Burner (DVD±RW)
Drive 2: 6X Dual Layer Blu-ray Disc™ Burner (BD-RE, DVD±RW, CD-RW)

Video CardHelp Me Choose

2048MB AMD RadeonTM HD6870
2048MB AMD RadeonTM HD6950
NVIDIA® GTX580 GeForce®

Ports

Front I/O Ports

(3x) High-Speed USB 2.0
(1x) eSATA
(1x) Firewire IEEE 1394
(1x) Microphone In
(1x) Headphone/Speaker Out

Rear I/O Ports

(1x) eSATA
(1x) RJ-45 Gigabit Ethernet
(6x) High-Speed USB 2.0
(1x) Firewire IEEE 1394
(1x) Microphone In
(1x) Line-In
(1x) Front Left/Right Speakers
(1x) Center Speaker
(1x) Rear Left/Right Speakers
(1x) Side Left/Right Speakers
(1x) SPDIF Digital Output (TOSLINK)
(1x) SPDIF Digital Output (Coax)
(2x) PS/2 (mouse/keyboard)

HDTV Tuners Options

Internal PCI-e Digital/Analog TV Tuner (Optional)

Power

Alienware™ 1100 Watt Multi-GPU Approved Power Supply

Chassis

Motherboard and Chassis Form Factor

ATX Motherboard, Full-Tower Chassis

System Dimensions

557.6 mm (22") - Height
595.5 mm (23.4") – Height - Vent Open
656.3 mm (25.8") – Depth
277.1 mm (10.9") – Width
15.4mm (0.6") - Deployed Rear Foot Height Adder
Average Weight - 38 kgs (84 lbs.)

Motherboard

Alienware™ Approved Intel® X58 ATX Motherboard

Processor Cooling

High-Performance Liquid Cooling

Exclusive ALX Chassis Features

Anodized Aluminum Chassis Finish
Motorized Front Door