According to the report given by Dabah, the flaw is inside of ‘win32k. sys’ – a kernel-mode file that is responsible for the majority of vital Windows features, such as window management and 2D graphics.

As the vulnerability found is related to the Windows clipboard, the user screen can be garbled, or the machine made to completely crash, if particularly malicious data is placed into the clipboard.

In early Windows operating systems (pre Windows NT 4), this vulnerability did not really present itself, as win32k.sys did not run in kernel mode.  Since the move over, however, it can affect every subsequent version of Windows, including Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, for both x86 and x64, both with or without Service Packs.

Despite this, since the issue has gotten a “Less Critical” rating – which means the lack of remote exploitability of the flaw and the complexities in utilizing it for the execution of an attacker’s code – by security group Secunia, Microsoft has not yet declared a patch for the vulnerability even though the company is aware of it’s existence.

Dell confirmed in an interview Monday that the company is currently in talks with Google about using the upcoming Chrome OS on its laptops.

The news comes after Dell put the smack-down on Microsoft last week, promoting its Ubuntu Linux-based products as more secure than those using Windows 7. Now Dell is seeking to use another alternative, turning to Google’s upcoming Linux-based OS scheduled for release later this year.

Details on the deal weren’t all that forthcoming, however there was indication that devices are currently in development, and that the relationship would last between two and three years.

“There are going to be unique innovations coming up in the marketplace in two, three years, with a new form of computing, we want to be on that forefront,” said Amit Midha, Dell’s president for Greater China and South Asia. “So with Chrome or Android or anything like that we want to be one of the leaders.”

Earlier reports indicate that Dell development was previously confirmed by reference within the Chrome OS code itself. HP and Acer were also listed, indicating that these three manufacturers could have Chrome-installed devices ready for consumers by the end of the year.

A member of the JooJoo forums, darkdavy, has hacked his JooJoo to run Windows 7. He admits that it’s running quite hot at the moment but the touchscreen capabilities are in full working order and the battery is lasting up to four hours on one charge. Darkdavy says everything is working fine save for the accelerometers. However, this is easily solved by using display rotation. Engadget points out that other members of the forums have successfully installed Windows 7 Home and Windows Embedded Compact 7 on the Linux-based tablet.

Check out the video below or head on over to the JooJoo forums to see the orignal post for youreself.

The first pictures of the Droid 2 appeared online last night showing a few tweaks and changes but maintaining the same overall design of the first Droid handset. The only real change seems to be the keyboard, which lacks the D-pad of the origianl Droid and sports a slightly spongier looking keyboard.

Droid Life, which was the first to post the images, says the Droid 2 is more about internal changes than external changes. The device is said to pack a 3.7-inch screen, a 750MHz OMAP CPU, WiFi tethering, 8GB of internal storage along with an 8GB SD card, a 5-megapixel camera and a new version of Motoblur. Droid Life reports that the device will ship with Android 2.1 but we’re pretty close to 2.2 so with any luck, the Droid 2 can add that to its resume.

Toms Hardware

Though Apple has added additional data security features to the iPhone with every iteration of the OS—including encrypting files on-device for the iPhone 3GS—vulnerabilities still exist. These issues are of particular concern to enterprise users, since sensitive corporate data may exist on any given employee’s mobile device. A new vulnerability revealed by security researcher Bernd Marienfeldt, however, shows that all someone needs to get at that data is the latest version of Ubuntu.

Noted iPhone data forensics expert Jonathan Zdziarskidemonstrated last year that common hacking tools could remove the data protection features that Apple added with iPhone OS 3.x and the iPhone 3GS. He told Ars that there are ways to get around both the on-device encryption as well as the encrypted backups that can be saved via iTunes. “The only benefit hardware encryption [as implemented] is that it makes wipes faster, by just dropping the [encryption] key,” he said. But even the remote wipe feature can be thwarted by removing a device’s SIM card.

Marienfeldt’s research revealed that standard hacking or jailbreaking tools aren’t even needed to get at the data. The latest version of Ubuntu (10.04) will auto mount the flash storage in an iPhone, allowing access to all of the information contained within. Files can be accessed even if a pin code is set.

Zdziarski warned that the way encryption worked on the iPhone could be exploited in this way if a tool allowed the iPhone’s file system to be mounted. “The [iPhone OS] kernel decrypts it for you when you ask for files, so you get the decrypted copy,” he told Ars last summer.

Many view the  iPad as an entirely new platform, while others view it as just another version of the iPhone or iPod Touch. There is an intrigue within the gadget and geek world around this new tool. As a game enthusiast and regular old geek, I look at this exciting piece of hardware as a new medium for the delivery of everything from innovative gaming experiences to interactive books to novel takes on productivity software, all on one incredibly well-designed device.

Apps that once didn’t really feel at home on the iPhone “Scrabble” for instance, work well on the iPad. All due to the glorious larger screen size, which has taken it from “just another iPhone” to a new platform and social device. Movies can be watched by multiple viewers, great times and memories of fun with the family.

The huge, high-res screen makes a suitable game board replacement, and there’s no need to pack up the pieces after you’re done. Two players can play Flight Control HD across from each other on the same device. It makes real, live social gaming fun again.

There are rumors that Apple may be working on larger iPads for the future. If the company makes them the size of a typical game board, Parker Brothers and Milton Bradley had better watch out. It is much easier to play Monopoly digitally — the banker doesn’t have to do any math.

While iPhone users witnessed the development of some truly revolutionary games, developers will need to be even more creative on the iPad to steal back the lion’s share of user time spent interacting with these other functions.

At the end of the day, the iPad will be all about the apps, and there will likely be some revolutionary games among them. Thinking back to the early days of iPhone app development, it was clear that developers didn’t hit their stride for several months, if not a year. It won’t take as long for iPad apps to take off. And when they do, sit back and enjoy the show — because that’s when the real potential of this device will become clear.

Hospitals, schools and government offices were impacted by the glitch, causing a third of the hospitals in Rhode Island to curtail non-trauma ER and elective surgery treatment until the problem was resolved.

McAfee spokesmen said it appears consumer versions of their products were not affected by the update.

Instructions for restoring the quarantined files can be found here.

McAfee has released a SuperDAT remediation Tool to restore the svchost.exe file quarantined during this debacle.

Article:  False positive detection of w32/wecorl.a in 5958 DAT (for Corporate/Business users) – VirusScan Enterprise

Download the tool and follow these instructions to recover your OS.

The versions included in this swift kick to the curb are:

• Windows XP with service pack 2 (support ends July 13, 2010, along with Windows 2000 Maintenance and Support)
• Windows Vista with no service packs (support ends April 13, 2010)
• Microsoft seems to have “a thing” about the 13th of the month…
• This means you will no longer be able to receive monthly updates, service packs and security fixes from M$oft.

So no problem, you say, I’ll just go download the updates, right?  Sure, if you like to live dangerously.  Read the blog entries on service pack 3 for XP regarding the risks.  Any service pack for Vista is a double-edged sword.  Since Vista is by far the most unstable and unpredictable OS ever released, doing anything at all to it is riddled with risks.  While Vista should have all the service packs you can find for it, the time to install them is ridiculous (about 5 hours for Vista on any given HP machine for reasons we don’t understand) and you can wind up with a machine that is in a reboot / repair loop forever.

Service Pack 3 for XP has caused no end of headaches for some people.  It’s a zero-benefit service pack in our estimation, simply bundling a wad of updates into an SP and shoving a modified version down the pipe to end users labeled a Critical Update.  You are far better off to install it from a disk rather than a download (look for our article on this).

If you are going to install a service pack, BACK UP YOUR DATA FIRST.  Do NOT use Vista Backup to do this (read our blog entry on this as well).  Copy what you need to an external drive manually or download the recommended backup software listed on our Good Things / Bad Things page.

Keep in mind, you NEED the Security Updates for Windows.  You do need to resolve this issue in a timely manner to remain safe.

Not if you don’t change the default username and password combination your system shipped with, it’s not.  This is how the Chuck Norris infection attacks a system – buy guessing common username / password combinations it has in it’s database.  Incredibly simple, as most people don’t change the login security on their routers.  Most don’t even change the SSID (name that’s broadcast by your router) which makes it really easy to guess the security login if you have even rudimentary knowledge of popular routers.

Windows-based computers are inherently insecure.  Almost all viruses are engineered to attack Windows systems, as they constitute the largest percentage of computers worldwide.  That being said, it is a lot easier to infect any device if you can bypass it’s login security.  This is what makes the Chuck Norris infection to clever.  It is OS-independent.

So if you’re infected, what do you do?

Reboot your router?  Since Chuck Norris is memory resident and doesn’t alter any code – or actually “infect” your router, just reboot it.  Not sure how?  Just pull the plug.  Wait a couple of minutes and plug the power back in.  You’re now un-infected?

Want to stay that way – and keep from being hacked by every neighbor kid with a laptop?

1. This infection also exploits a known vulnerability in D-Link routers.  If you have one, check for updates to your router and install them.
2. Login to your router as administrator.  Find your router documentation if you don’t know how
   (whoever setup your router should have provided you with this information – we do.)
3. Change the SSID on your router to something that does NOT give away your name, location or street address.
4. Change the administrator user name and password for your router
5. WRITE THIS DOWN SOMEWHERE!
6. Reboot your router.
7. Reconfigure all your wireless devices to talk to the new SSID.
8. You’re secure.