Windows Shell Shortcut Vulnerability Is Being Actively Exploited

Earlier this week the exploit code for a highly critical Windows vulnerability affecting all versions of Windows from XP to 7 was made public. The bad news is that malware developers are already actively exploiting this bug. Symantec has identified that the W32.Stuxnet worm, which spreads using this vulnerability, has already affected thousands of systems.

The Shell Shortcut Parsing vulnerability is a particularly worrisome bug because there aren’t a lot of things a user can do to protect himself. Even if autorun and autoplay is disabled, users can still get infected. All that the user is required to do is to open the compromised device, network share or WebDav. The only preventive measure is to disable icon rendering. However, doing so will basically cripple the Windows environment. To make matters worse, Steve Gibson from GRC research is claiming that a security researcher has already figured out a way to exploit this vulnerability through favicons.

Microsoft is obviously working hard to patch this severe vulnerability. However, an official patch may take weeks to come. Until then, ensure that your system has up-to-date malware protection, and avoid using Internet Explorer (other browsers can also be exploited, but possibly to a lesser degree).

Psx4droid – PlayStation (PSX) Emulator for Android Launched

Download-PSX4Droid-PSX-EmulatorGood news Android gamers. Psx4droid, the PlayStation (PSX) emulator for Android by zodttd, has been released. Psx4Droid is the first PSX emulator for the Android Market, which already has several impressive NES, GBA and GBC emulators.

Like all other PSX emulators, Psx4droid also requires a BIOS image, which you will have to procure separately. The emulator works with BIN, ISO, IMG, PBP, Z, ZNX file formats. As you might expect, it uses onscreen overlay controls similar to the ones offered by the PS1 gamepads. However, you can also hook up your WiiMote (or other Bluetooth controllers) to get a slightly better gameplay experience.


I haven’t yet had the opportunity to play around with the Psx4droid. However, judging from various forum reviews, the Psx4droid appears to be a pretty decent emulator. Quite obviously, it requires significant processing power and is best suited for the dual core 1 GHz processors. Even then, some games like Tekken 3 might not work perfectly. Games which have been reported to work well include Final Fantasy VIII and Super Puzzle Fighter 2.


If you still have a soft spot for the classics from years gone by, go ahead and pick this up. At $5.99, it might not be cheap. However, if you have loads of backed up PSX games, this app will probably pay-off itself pretty quickly.

[ Psx4droid at AndroLib ]

What The Doodle!? Is a Brilliant Multiplayer Online Android Game

Download-What-The-Doodle What The Doodle!? is a new age adaption of the age-old game of Pictionary. The objective of the game is simple. The drawer has to do express a given word or a phrase through doodles (drawings), while the guesser has to guess the word given to the drawer. Correct guesses award 1 point to both the drawer and the guesser. If no one manages to guess the word, the drawer looses a point.


What The Doodle!? is a multiplayer game and requires internet connectivity. Thankfully, it works well even on EDGE connections. The game offers different lobbies with varying degrees of difficulty; however, most of the time, games are available only in the easiest lobby. Once you enter a lobby, you are automatically assigned random partners to compete with. You also have the option of creating private rooms, where you can play with your friends.


Techie Buzz Verdict

The charm of What The Doodle!? lies in its simplicity. It’s easy to jump into, but tough to master. The fact that you compete against real human beings obviously makes WTD more fun. However, this can also get annoying at times. Like in all multiplayer games, there are cheaters in WTD too. Fortunately, you can boot spoilsports who insist on ruining the fun by spelling out the words. If I had to nit-pick anything else in this game, it would be the drawing tools. While drawing is straight forward, changing colors and accessing other controls are a bit time consuming. Some users might also be put off by the lack of an eraser, but I feel that this only adds to the challenge of the game.


What-The-Doodle-Reccomended What The Doodle!? was an overall winner at the Google Android Developer Contest 2. Once you start playing, it becomes obvious why the judges loved it. It provides a unique opportunity to get creative and have fun in the process. This game is definitely a winner. You can download it for £2.99 from the Market.

Techie Buzz Rating: 4/5 (Excellent)

[ What the Doodle!? at AndroLib ]

Dell KACE Secure Browser: Firefox with Sandboxing

In a surprising move, Dell has launched its own web browser. Even though the browser market is already fiercely competitive, its obvious that a lot of people still believe that there is still room for niche browsers. The new browser, which is called Dell KACE Secure Browser, is based on Firefox.

Secure-BrowserThe standout feature of Secure Browser is sandboxing. It utilizes KACE’s Virtual Kontainer to provide a secure browsing environment. In other words, the browser runs in its own separate compartment which is completely insulated from the rest of the system. As a result, even if you pick up malwares while browsing, your system won’t get infected. As far as the virtual environment is concerned, you can clean it up by simply using the reset functionality.

The Secure Browser is probably the bulkiest browser in the market. The installer itself takes up more than seventy megabytes! Even more annoyingly, the Secure Browser can’t be installed if you don’t uninstall Firefox. It’s hard to imagine too many people adopting this browser. However, that probably doesn’t matter to Dell. In all likelihood, we will soon see Secure Browser being preinstalled on Dell systems powered by Windows.

[ Download Dell KACE Secure Browser ]

White iPhone 4 Delayed Further

Apple-iPhone If you have been waiting for the white iPhone 4, I am afraid, I have bad news for you. The white model of the iPhone has been delayed, again. “White models of Apple’s new iPhone 4 have continued to be more challenging to manufacture than we originally expected, and as a result they will not be available until later this year”, read a statement issued by Apple.

Apple also clarified that sales of the black iPhone, which has been widely criticized for antenna and proximity sensor issues, will not be affected. Engadget had earlier speculated that the the glass manufacturer might be responsible for the delays. However, conspiracy theorists are already suggesting that Apple is delaying the release of the white iPhone 4 to fix the death grip problems. Whatever be the case, you will probably have to wait until the holiday season to get your hands on a white model of the iPhone 4.

Samsung Galaxy S Ad Makes Fun of the iPhone 4

Apple’s ads are well known for mocking their competitors in subtle and not so subtle ways. The Mac vs. PC ad campaign is perhaps the most well-known example of this. However, the much ballyhooed iPhone 4 Antennagate saga has turned the tables on Apple, which now finds itself at the receiving end of ridicule.

Apple is obviously keen to put the whole issue behind itself. But, its competitors have different ideas. The death grip problem has forced Apple to go on the defensive, and that doesn’t happen very often. It’s no wonder then that RIM, Nokia, HTC, Samsung and others are keen on keeping the discussion going.


The above ad for Samsung Galaxy S, which appeared in the UK press, is an obvious jab at the iPhone 4’s reception problems.

Zen Z82: Dual SIM QWERTY Handset with Analog TV

Now that almost every budget phone on the market is dual SIM compatible, cell phone manufacturers are looking for other features to make their handset stand out. Lava Mobiles is trying its luck with alpha keypads, while Samsung is betting on extended battery life. Zen Mobile believes that support for television on the go can help it win customers.


Zen Z82 claims to be India’s first QWERTY handset with Analog TV. Earlier, Samsung had also introduced handsets featuring mobile TV. However, both Corby TV and Metro TV relied on super-fast internet connectivity (EVDO) for this service. Also, neither of those handsets featured a QWERTY keypad.

The Z82 is a dual SIM (GSM + GSM) handset with a 2.4 inch QVGA widescreen, 2 megapixel camera, expandable memory up to 4GB, multi-coloured trackball and 3.5mm jack. It is capable of playing MP3 audio and MP4 video files and supports both FM Radio playback and recording. Zen Z82’s battery is powerful enough to provide up to 5 hours of talk time and 200 hours of standby time. It is available across in stores across India for Rs. 4,799.

Was Yahoo Down For More Than an Hour?

Yahoo-Down Reports are coming in that Yahoo was not accessible to a certain subset of users for well over an hour. It’s not exactly clear what happened, but the problem appears to have impacted a significant number of users. DBKP notes that complaints have been received from users in diverse locations like Virginia, USA and Mumbai, India.

A discussion on Neowin suggests that at least a portion of the affected users were having trouble due to issues with Comcast and AT&T’s DNS service. The problems seem to have been resolved for most users. However, in case you are still having trouble accessing Yahoo Search or Yahoo Mail, try your luck with alternate DNS services like OpenDNS and Google Public DNS. If you are not comfortable with manually changing your DNS settings, DNS Jumper can do it automatically for you.

Yahoo has been accessible on my end throughout the day. However, I use OpenDNS, which apparently is not affected by this outage. Don’t forget to let us know if Yahoo is/was down for you.

Mozilla Fixes 14 Security Issues with Firefox 3.6.7

Firefox Next week, the Black Hat Security Conference is scheduled to take place at Las Vegas. Undoubtedly, hackers attending the event are getting ready with their proof of concepts and exploits. In fact, one security analyst is already making the headlines for discovering security holes in Firefox, Internet Explorer, Chrome and Safari.

In the run up to the event, Mozilla is doing its best to keep hackers at bay by patching up as many vulnerabilities as possible. Yesterday, they released Firefox 3.6.7, which is a recommended stability and security update. This release patches 8 critical vulnerabilities including some that could allow remote arbitrary code execution.

The full change log along with information about each of the fixed vulnerabilities is available here. Earlier this month, Google had also patched as many as 10 vulnerabilities in a Chrome security update.

[ Download Firefox 3.6.7 ]

Safari, Internet Explorer, Firefox and Chrome Leak Sensitive User Information to Websites

Black-Hat-Conference Most of us don’t think twice before saving sensitive information in our browser’s auto-fill database. After all, browsers are desktop applications that reside on our system. So, any data we store in our browser should remain private, right? Wrong.

Jeremiah Grossman, CTO of White Hat Security, has managed to uncover security holes in each of the major browsers that can be exploited by booby trapped websites to gain access to sensitive information.

“Right at the moment a Safari user visits a website, even if they’ve never been there before or entered any personal information, a malicious website can uncover their first name, last name, work place, city, state, and email address”, revealed Grossman in a blog post. According to the proof of concept demonstrated by him, it is possible to fool Safari (v4 and v5) into giving up stored form auto-fill information without user intervention using JavaScript. Apple, which was notified about this vulnerability back in June, has yet to respond.

Internet Explorer 6 and 7 can also be exploited in a similar fashion. However, Internet Explorer 8 appears to be safe for the moment. If you are using the any of the affected browsers, it’s highly recommended that you disable the in-built AutoFill functionality for the time being.

The Register is also reporting that Grossman has discovered critical XSS (cross-site scripting) vulnerabilities in Firefox and Chrome, which can be exploited to gain access to stored website passwords. Grossman is expected to reveal more at the Black Hat Security Conference, which is going to be held next week.