Leadtek AMOR 8218

While combing through the show floor at Computex, our fortunate selves stumbled upon a new phone-tablet duo at Leadtek's booth. Oh, don't worry, this isn't yet another phone-in-pad design; but actually a VoIP / home phone docked next to an Android tablet. Dubbed AMOR Multimedia Phone 8218, the idea here is that the docking station acts as both a DECT base and a WiFi router, but also packs ZigBee radio to relay data from compatible devices (for healthcare, home surveillance, home automation, etc.) to the web.

Alas, there's no direct interaction between the phone and the tablet, but we were still intrigued by the latter's specs: Android 2.3 (although this demo unit had 2.2), Tegra 2, 7-inch 1,280 x 720 LCD, HDMI-out, and a front-facing camera for video calls. For a home device, this is actually a pretty powerful package and certainly a significant upgrade from the AMOR 8210 announced earlier this year. No word on US availability, but Taiwanese buyers will be able to grab hold of an 8218 starting in September.

Security Boffins Smell

Gmail is not the only e-mail service whose users have been targeted by spear-phishing hackers. Users at Yahoo (Nasdaq: YHOO) Mail and Hotmail are also on the email infiltrators' hit lists, according to security firm Trend Micro (Nasdaq: TMIC).

The attacks on the latter two email systems appear to be separately conducted, said Nart Villeneuve, senior threat researcher at Trend Micro. However, they contain significant similarities with the recently seen attacks on Gmail users.

Earlier this week, Google (Nasdaq: GOOG) disclosed that some of its Gmail users' accounts had been breached by hackers using highly targeted spear phishing methods to gain access to and spy on their email exchanges. Though the list of victims is relatively short, Google claims it includes high-profile individuals like government officials, journalists and Chinese human rights activists.

As a method of stealing personal information, spear phishing has been going on for quite some time.

"These attacks occur all the time," Rod Rasmussen, president and chief technology officer of Internet Identity, told TechNewsWorld.

"It would have been shocking if Gmail was the only email system targeted by this kind of attack," Mike Paquette, chief strategy officer at Top Layer, remarked.

Phishing attacks and other forms of abuse are "a persistent industry challenge," John Scarrow, general manager of Microsoft (Nasdaq: MSFT) Safety Services, told TechNewsWorld.

So far, only Google has apparently made a public complaint, in which it also claims the hacks originated in China, kicking off a war of words between the Washington and Beijing.

However, the identity and origin of the attackers may not be easy to pinpoint accurately.

"It's not difficult for the attackers to mask their true location and appear to be coming from locations in other countries," Nart Villeneuve, a senior threat researcher at Trend Micro, pointed out.

Phishing attacks and other forms of abuse are "a persistent industry challenge," John Scarrow, general manager of Microsoft Safety Services, told TechNewsWorld.

Google and Yahoo did not respond to requests for comment by press time.


About the Gmail Attack
Google has previously said the latest attack hijacked hundreds of users' Gmail accounts through spear phishing.

Spear phishing is a targeted attack in which users are lured to click on a link embedded in an email or an attachment to an email with a subject line that may be of interest to the victim. Rather than the vague and general information contained in a typical phishing email scam, spear phishers use information specific to the victim in order to gain that person's trust.

In some cases, the subject line appears to be work-related; in others, it appears to be from a friend or a courier company such as Federal Express, or it could be salacious -- whatever works, in other words.

"Targeted emails that tempt a user to click a hyperlink are among the most prevalent methods of infecting computers with malware or of stealing information," Top Layer's Paquette told TechNewsWorld.

This is not the first attack on Gmail users; back in March, Google blogged about an attack using an MHTML vulnerability. This vulnerability let attackers load up a malicious document that could execute JavaScript into MHTML.

MHTML is a container format that uses MIME encapsulation to combine several documents into a single file. It's used by Internet Explorer, which had the MHTML vulnerability.

Attacks on Yahoo and Hotmail
Users of the Hotmail and Yahoo Mail services were also targeted by phishing attacks, Trend Micro's Villeneuve told TechNewsWorld.

In the case of Yahoo Mail, the attackers sent an email that contained two attachments, Villeneuve disclosed.

One was a malicious document and the other an unsuccessful cross-site scripting exploit attempt designed to steal the user's Yahoo Mail cookie in order to access the user's account, Villeneuve stated. However, the attacker's code "did not function correctly," he said.

Microsoft sidestepped the question of whether or not Hotmail account holders had been spear-phished.

"Microsoft is not aware of any Hotmail customers being targeted by the specific phishing attacks that occurred earlier this week," Scarrow said.

Attackers can expect no mercy from Redmond.

"We actively prosecute malicious entities that violate the law through spam, phishing and other attacks," Scarrow said.

Practicing Safe Email Access
Attacking people's personal webmail accounts may give hackers access to vital information.

Many people check their personal webmail accounts at work, which lets attackers gain information about the target to use in later attacks, Villeneuve said.

People who check their personal webmail accounts from their office computers also open the door to attackers gaining information about the network the user is on, through tactics such as using the "res://" protocol, and using that information in later attacks, Villeneuve stated.

To minimize the threat from such email attacks, users should use a multi-step login process, IID's Rasmussen said. Google suggests consumers use both a password and another proof of identity such as their phone number, although that might open up new vectors for attack.

Consumers should also change their passwords regularly; use different passwords for their different accounts; check their email settings, especially those for forwarding; and assume the bad guys have broken into their accounts and search for evidence of this "every once in a while," Rasmussen stated.

"Phishing attacks are becoming more targeted," Top Layer's Paquette pointed out. "Unless you've requested the hyperlink, don't click on it," he warned.

It's not easy for enterprises and government agencies to harden their email systems so that compromised emails don't infect the IT infrastructure, Top Layer's Paquette said.

"The compromised website may be so new that there's no way for the email system to know in advance that it's malicious," Paquette pointed out.

However, there are other technologies organizations can use, such as network intrusion prevention systems, that stop the attack even after an infected email has been opened, Paquette said

Window 8 Preview

Judging by recent previews of Windows 8, Microsoft's operating system is in for a big makeover in its next version. It's designed to run on both tablets and PCs, though exactly what about the OS will vary between those two devices isn't yet clear. Visually, perhaps the most striking characteristic of Windows 8 is its use of tiles reminiscent of those found in Windows Phone 7's UI.


Live Webinar: 2011 Payment Security Survey Results
Protecting payment data from getting in the wrong hands can make or break an online merchant's future. Are you doing the right things to keep customer payment data secure? Join Payment Security experts CyberSource and Trustwave to find out.
Learn More/Register.

Microsoft (Nasdaq: MSFT) began its Windows 8 publicity blitz in earnest Wednesday, previewing an operating system that appears to break from the norm in more ways than one.

It has a tile interface similar to that of Windows Phone 7, it will run on PCs and tablets, and it will support both touchscreen and mouse-and-keyboard interactions.

Further, developers will be able to use common Web technologies such as HTML 5 and JavaScript to create Windows 8 apps.

The upcoming version of Windows represents a fundamental change in the OS's design that Redmond hasn't attempted since the launch of Windows 95, said Mike Angiulo, a Microsoft corporate vice president, during a Windows 8 presentation at the Computex conference in Taipei.

The new UI has apparently been well received.

"It looks like the user interface is a winner, building on the differentiated and well-received Windows Phone 7 UI, except with bigger and richer tiles," Al Hilwa, a program director at IDC, told TechNewsWorld.

"Feedback from everybody I've talked to is very good, and the only downside is folks would like to see Windows 8 this year instead of in 2012," Rob Enderle, principal analyst at the Enderle Group, told TechNewsWorld.

Microsoft declined to provide further comment on Windows 8, with spokesperson Jackie Lawrence pointing TechNewsWorld to the company's website for published information relating to the new OS.

What We Know About Windows 8

To publicize Windows 8, Microsoft held a briefing on the OS at the D9 Conference and hosted an unveiling at Computex on Wednesday.

Like Sun's Solaris OS, Windows 8 is aimed at scaling from touch-only small screens through to large screens, Microsoft said. Unlike Solaris, however, Windows 8 can be accessed either through touchscreens or through a keyboard and mouse.

"The big UI change is to make it work seamlessly between tablets and PCs, and it seems to anticipate that most PCs will be touch," Enderle remarked. "Clearly Microsoft is trying to get ahead of where Apple (Nasdaq: AAPL) is going," he added.

Internet Explorer 10 will be bundled with Windows 8. It will be hardware-accelerated and fully touch-optimized.

Windows 8 will offer fast launching of apps from a tile-based "Start" screen. It will replace the familiar Windows Start menu with a customizable, scalable full-screen view of apps.

The new OS will support two kinds of applications: regular Windows apps and apps written in HTML 5 or JavaScript, which will more closely resemble mobile apps.
More on Win 8 Apps

The live tiles will feature notifications, meaning they will always show up-to-date information from a user's apps.

Users will be able to switch easily between apps that are running; they can snap and resize an app to the side of the screen.

Windows 8 apps will be able to use a broad set of new libraries and controls designed for fluid interaction and seamless connectivity, Microsoft stated.

Apps written for Windows 8 will be able to add new capabilities to the OS as well as to other apps through the new interface, Microsoft said.

The fact that Windows 8 targets both desktops and tablets may leave some software developers wondering if they'll be able to address both types of devices with the same app or if they'll have to write two versions.

"I would expect that, to be successful, most apps would need to be addressable both ways," IDC's Hilwa said. "How Microsoft handles that with as common a set of APIs as possible is the key development challenge."

Developers can learn about building apps for Windows 8 at BUILD, Microsoft's new developer conference, to be held in Anaheim, Calif., Sept. 13 to 16. Microsoft has opened registration for the conference.
Compatibility With Legacy Stuff

It's not quite clear whether Windows 7 apps will run smoothly on Windows 8.

Microsoft says it sees easy movement between existing Windows programs and Windows 8 apps, and that the full capabilities of Windows will continue to be available to users. This includes the Windows Explorer and Desktop, as well as compatibility with all Windows 7 logo PCs, software and peripherals.

"It looks like the UI has been rearchitected so it prefers touch in many cases, at least for navigation in apps," Enderle pointed out. "Legacy apps will be using the old interface, and that will be a bit jarring until they're updated, but that always happens when you change the interface."
Will There Be a User Backlash?

With the new UI, Microsoft is working toward a user experience "that's much more akin to the Apple iPad," Charles King, principal analyst at Pund-IT, told TechNewsWorld.

This "could indicate that Microsoft's rethinking how its customers are supposed to interact with computers."

Could the new UI spark a backlash from users who are already familiar with the existing Microsoft UI?

"We've seen Microsoft do this in the past -- Windows XP was a radical shift from Windows 98 in terms of the UI, and the last couple of versions of Microsoft Office moved from traditional pulldown menus to ribbon menus," King pointed out.

"The real question is, is the value of moving to this new model of user interaction going to be worth it to the end user?" King stated.

schemaorg search engines

A la 2006, today, Google, Microsoft, and Yahoo collectively announced that they will be partnering to create schema.org, a resource for site owners and developers to learn about structured data and gain insight into how to improve their sites’ search results. The site adds more than 100 new forms of website markup for content ranging from movies to places in an effort to standardize, and thus improve, how websites are crawled and presented in search results. “The site aims to be a one stop resource for webmasters looking to add markup to their pages”, Google’s announcement reads.

Yahoo was first to break the news, drawing historical comparisons to the last time the three leading search companies put their heads together to create sitemaps standards. It’s a very interesting move, and will no doubt have website creators the world over paying attention to the new standards advocated by schema.org.

Schema has elements of Yahoo’s longtime Search Monkey project and Google’s rich snippets, which enable websites to improve their position in search results by giving them tools and guidance as to how to do so, and uses meta data to enhance the search results display.

In other words, the site will provide a collection of schemas, or HTML tags, webmasters can add to their pages to make it easy for search providers to recognize their sites, which rely on this markup to improve the display of search results, making it easier for people to find the right web pages — and for search engines to display them.

As Google pointed out, it’s a tricky and time-consuming process to add markup to webpages, especially if each search engine asks for data in different ways. How to fix this? Standardize the vocabulary. Which is exactly what they’ve done. And, hey, it might even work on other search engines. Whatever those are. Just kidding, Blekko.

For more, here’s Schema.org’s description of what they’re up to: “Many sites are generated from structured data, which is often stored in databases. When this data is formatted into HTML, it becomes very difficult to recover the original structured data. Many applications, especially search engines, can benefit greatly from direct access to this structured data. On-page markup enables search engines to understand the information on web pages and provide richer search results in order to make it easier for users to find relevant information on the web. Markup can also enable new tools and applications that make use of the structure.”

And for good measure, here’s Yahoo’s announcement, Google’s announcement, and last but not least, Bing’s