Eyes On Technology Newsletter

Eyes On Technology Free Monthly Newsletter

December 2007

With Christmas upon us it is time to cover some potential Christmas Gifts for the Techno Geek in your house.

Computers have come a long way in this past year and there is an abundance of computer related gadgets and toys to fill any stocking. Adding to the list we have consumer electronics such as new LCD and Plasma TVs (very large stockings required), Blue Ray and HD DVDs, Digital Cameras and a whole slew of new computer and console video games.

While on a recent Australia trip I used the new Canon 40D Digital SLR Camera. What a spectacular product. Digital cameras have come a long way and if you have been holding off on moving to the Digital Photography Age, now is the time. We do a quick review below but for a comprehensive list of features, check out Canon's 40D White Paper. The PDF link is provided below in the product reviews.

In this issue we will highlight some of these great new potential gifts. For a complete listing we recommend a full subscription to "Eyes On Technology" Print or E-Newsletters or to the corporate "Technology & Trends" E-Newsletter. A full subscription will give you a whole years worth of the best new product reviews and ratings.

As usual we remind readers and subscribers to e-mail us with any questions, comments or suggestions.

From all the staff at Eyes on Technology, we wish you a safe and joyous holiday.

Francois Cleroux - editor-in-chief

SECURITY ALERT - Keyboard Security Issues and several general Security Alerts.

NEWS - Some computer related news that may affect you or your company.

EYES ON TECHNOLOGY - Reduce personal Spam with BOXBE. Also; Is your Internet Service Provider (ISP) tampering with your Internet connection? Find out how you can tell.

NEW PRODUCTS - Palm Centro Phone, Canon G9 Digital Rangefinder Camera, Canon 40D Digital SLR Camera, Logitech FreePulse Wireless Bluetooth Headphones.

SERVICE INFORMATION - Need the services of a qualified computer professional?

WIRELESS KEYBOARDS ARE INSECURE

Security research group Dreamlab have released a new white paper entitled ‘27Mhz Wireless Keyboard Analysis Report’ aka “We know what you typed last summer”. The paper, written by Max Moser & Philipp Schrödel describes the inherent design flaw which leaves a majority of consumer grade wireless keyboards wide open to keylogging.

The two major consumer brands affected by this vulnerability are Microsoft and Logitec. In fact Microsoft’s Wireless Optical Desktop 1000 and Wireless Optical Desktop 2000 products are specifically mentioned as being vulnerable. It’s also assumed that other 27Mhz products such as the Wireless Optical Desktop 3000, 4000 and the Laser Desktop series are open to attack in a similar way.

Due to the widespread use of these wireless devices, the huge security implications and the fact that there is no quick fix for this design flaw; Dreamlab have decided not to release a public proof of concept. Despite this I’m sure it won’t be long until code is readily available online. Dreamlab have released a video of an attack in progress.

It’s quite worrying to see just how easy it is to sniff and extract keystrokes from these ‘consumer’ grade devices with no need for dongles, trojans or specialist equipment. The 27Mhz keyboards only use 8bit encryption which can be cracked relatively quickly with quite modest hardware. From what I can tell all that’s required is a 27Mhz capable receiver, a sound card and a computer. The range will obviously be dictated by the receiver and its antenna.

TROJAN SPREADING VIA MSN MESSENGER

US_CERT has notified us of reports that a Trojan (Malware that is disguised as another type of file), is spreading via MSN Messenger. The Trojan arrives as a chat message that appears to contain an image file, that when opened, downloads and installs a Internet Relay Chat Bot. These messages may appear to come from a known contact.

MANY APPLE VULNERABILITIES

In the past few months Apple has been plagued with a slew of released vulnerabilities for its OS X Panther and Tiger products as well as its Apple Quicktime for MAC and Windows. If you run any MAC software or MAC hardware we recommend that you do all you OS and Software updates.

As well an Unpatched Apple QuickTime vulnerability has been exploited. The DeepSight Threat Analyst Team has observed attackers hosting malicious web pages that target a recent and unpatched vulnerability affecting Apple QuickTime. Please ensure that your AntiVirus software is up to date and use caution when browsing the web. These vulnerabilities also exist in Instant Messaging and File Sharing programs.

UNPATCHED QUICKTIME BUG EXPLOITED

The zero-day QuickTime exploit announced about a week ago is being actively exploited in the wild according to Symantec. They are concerned enough to raise their Threatcon level from the quiescent level 1 up to 2 out of 4 ("Medium: Increased alertness ").

At this point in time, Apple has not released an update to QuickTime to address the problem. The attack is a remote buffer overflow, caused by insufficient bounds-checking in QuickTime. Both OS X and Windows installations are vulnerable (although attacks would likely be specific to one operating system or the other).

The QuickTime security fixing time at Apple has been busy for the last couple of years. As ZDNet's Ryan Naraine recounts,"...Apple has patched at least 32 security flaws affecting QuickTime in 2007. Last year, the QuickTime patch count was 28. Five were documented in 2005."

It's a popular target because it's a popular program. Because it's an integral part of the iTumes program, iTunes users are also affected.

ADVATRIX BROWSER HELL OBJECT

Bojan Zdrnja of the Internet Storm Center describes some malware he encountered that does a thorough job of invading your privacy.

It's a BHO (Browser Helper Object), which plugs into Internet Explorer. It comes with a list of "almost 140" sites, generally search engines but also sites like Wikipedia. If the user submits a query to any of these sites, it extracts the query information from the request sent to the site and sends it to its own ad service. This service then serves targeted ads based on the query the user sent to the other site. This is pretty standard spyware behavior, although the "almost 140" sites is quite a large list.

Zdrnja checked and found that Symantec had already written up a different version of the threat and named it Trojan.Advatrix.

Symantec rates the threat "Very Low" based on prevalence in the wild, but their version did more than spy. It attempts to disable the patches for two very serious Internet Explorer vulnerabilities: Microsoft MDAC RDS.Dataspace ActiveX Control Remote Code Execution Vulnerability and Microsoft Windows Cursor And Icon ANI Format Handling Remote Buffer Overflow Vulnerability.

It doesn't uninstall these patches, it just makes them ineffective; such is the power of a BHO. But if this happens, the user is then vulnerable to attacks against the vulnerabilities, and these are two of the most exploited vulnerabilities around.

It just goes to show, once you're 0wned, you're 0wned.

If you require assistance please call your local computer professional.

Disclaimer: Always make sure you backup your DATA before attempting to install any new programs or running any utilities, specially if you suspect you have a Virus or Spyware!! If you have any doubts or require any help, please call your computer specialist. Attempt any suggestions or recommendations in this Newsletter at your own risk.

FBI ANNOUNCES RESULTS OF OPERATION BOT ROAST II

In the second phase of the FBI investigation of botnets, 8 people were indicted, pled guilty, or were sentenced. So far, more than $20 million in losses and more than 1 million victim computers have been identified.

GOOGLE WILL BID FOR 700Mhz SPECTRUM

Its official. Google will be filing an application to participate in the 700Mhz auction come Monday, the company said in a news release. Google’s application will not include any partners.

Says Eric Schmidt, Google’s chairman and CEO in a statement:

"We believe it’s important to put our money where our principles are. Consumers deserve more competition and innovation than they have in today’s wireless world. No matter which bidder ultimately prevails, the real winners of this auction are American consumers who likely will see more choices than ever before in how they access the Internet."

Industrial experts say that Google will have to spend at least $4.6 billion for the 700Mhz spectrum. The general consensus is that the winners in the auction will be the consumer.

The Inquirer observes:

"Maybe the USA will finally see SIMM card slots in their handsets like in Asia and Europe. Possibly running Google’s Android open source mobile operating system."

CANADIAN WIRELESS AUCTION COULD CUT CELLPHONE RATES

Ottawa announced it will hold an auction of the wireless spectrum in May 2008, which could mean more competition and lower cellphone rates for Canadians next year.

Industry Minister Jim Prentice told a press conference in Toronto on Wednesday that about 105 megahertz of spectrum will be sold to bidders. Forty megahertz will be set aside for newcomers to the industry.

"The introduction of new service providers will help to make Canada's wireless market more dynamic, more competitive, and more innovative so as to meet the needs of Canadians," Prentice said.

Prentice said that Canadians are currently paying more for wireless service than other countries. Industry insiders say that's one reason there are fewer wireless users relative to the United States.

TO MUCH SPAM? BOXBE TO THE RESCUE.
by Francois Cleroux

What is Boxbe? Boxbe is “e-mail by invitation,” where you can manage the messages that you receive in your inbox. You can allow certain senders permission from the get-go, but other people have to jump through an encryption loop before their message gets through. In a nutshell, that means you won’t have to worry about junk mail getting through spam filters or worry about legitimate mail getting filtered out as junk.

According to Boxbe’s official press release November 29, 2007:

With the release of Boxbe’s new service, users of Yahoo! Mail, Outlook, and Gmail can now create an ‘email guest list,’ which ensures that they receive messages only from those people who matter to them.

If you are a skeptic, check this product out. Remember though that any new person trying to e-mail you will not get through. You will need to add them to you list of allowed users. And, better, if you want to try it but are afraid of the costs, Boxbe’s service is free. If you don’t believe it, drop on over to Boxbe.com and see for yourself.

IS YOUR ISP TAMPERING WITH YOUR INTERNET CONNECTION?
by Gordon Krushnisky

The Electronic Frontier Foundation (EFF) has released software that will help users determine whether their Net connection is being tampered with by their service provider.

An excerpt from Associated Press:

“People have all sorts of problems, and they don’t know whether to attribute that to some sort of misconfiguration, or deliberate behavior by the ISP,” said Seth Schoen, a staff technologist with EFF.

The new software compares lists of data packets sent and received by two different computers and looks for discrepancies between what one sent and the other actually received. Previously, the process had to be done manually.

ISPs tampering with network users’ connection to crack down on P2P (peer-to-peer) file sharing has been a major issue this year. Last month, the Associated Press in a nation-wide test confirmed that ISPs like Comcast use protocol-level inspections to detect and kill P2P traffic.

Dubbed as the Test Your ISP Project, EFF is developing software tools to let users test their own broadband connections.

Procedures to observe data packets to check for tampering are available here.

More information:

EFF software keeps tab on ISPs (Inquirer)

EFF strikes back against ISP interference (WebProNews)

Disclaimer: Always make sure you backup your DATA before attempting to install any new programs or running any utilities, specially if you suspect you have a Virus or Spyware!! If you have any doubts or require any help, please call your computer specialist. Attempt any suggestions or recommendations in this Newsletter at your own risk. Always read vendors licensing policies before signing up for a service, free or paid.

PALM CENTRO
by Gordon Krushnisky

So, the kids have been hounding you for a new phone? They want a new handset for text messaging, e-mail, and Web browsing—and not just some old flip phone, right? Odds are you're a bit apprehensive about dropping several hundred bucks on a flashy PDA. The Palm Centro for Sprint is the perfect compromise. The $99 U.S. smartphone is basically a starter handset geared to teens and young adults who crave text messaging and e-mail like so much Christmas candy.

To the new user, the Centro is a feature packed, powerful phone that offers much more functionality than the standard run of the mill 12-key cell phone. Because of the Centro's positioning and lower price target you have to overlook the omission of certain features. After all, even with its ripe age, tired look and intermittent faults the Palm OS still remains one of the most intuitive smartphone experiences. By no means is the Centro perfect device but the smaller size and updated software bundle combined with the low price provide a decent value for a capable smartphone.

The Palm Centro is available in the U.S. now from Palm.com and Sprint. It debuts for $99 with a two-year service agreement and an additional $50 instant savings and $100 mail-in rebate. Customers will have to sign up for a data plan that is $25+ more per month, such as the Ultimate Pack, the Pro Pack or one of the Phone as Modem plans in order to qualify for the $99 deal.

CANON POWERSHOT G9 DIGITAL RANGEFINDER
by Andre Cleroux

5 Gold Stars Award Winner.
Eye On Technology Best Buy Award.

The Canon PowerShot G9, following last year's PowerShot G7 model, is visually very similar to its predecessor -- the only obvious changes being a re-profiling of the handgrip and rear panel. Under the skin, the Canon G9 offers a CCD sensor resolution of twelve megapixels (up from ten in the G7), coupled to the same Canon-branded 35-210mm equivalent 6x optical zoom lens.

The Canon G9 includes optical image stabilization, where a lens element is moved inside the lens body to compensate for camera movement. You can frame images with the Canon G9 via its optical zoom viewfinder (an increasingly rare option these days), or on a 3.0-inch LCD display. Optical viewfinders can be rather nice to have, allowing you to save battery life, or get the shot when harsh sunlight makes it harder to see an image on many digicam displays; the LCD will be the better choice when shooting scenes that will be affected by parallax error, or when precise framing is necessary, particularly if using the stabilizer.

In addition to the slight boost in sensor resolution that comes from a slightly larger 1/1.7 inches imager, there are some other changes in the Canon G9. The Raw file format is back on the G9, an option that had been removed in the previous model, much to the chagrin of many G-series fans. The Canon G9's LCD display is also half-an-inch larger, at 3.0 inches with 230,000 pixels. The Canon G9's maximum ISO sensitivity is 3,200, although this can only be accessed in a specific scene mode at a lower resolution -- otherwise the limit remains ISO 1,600, as in the previous camera. Other features of the Canon G9 include USB 2.0 connectivity, and SDHC/MMC card storage.

We fell in love with this camera and have decided its "THE" must have for the year!. Check out Wired Magazines review here (CanonG9 at Wired.com)

The Canon G9 went on sale in October 2007, priced at $500 U.S. -- fully $100 below the initial launch price of the PowerShot G7. Available at most Electronic Retail Stores.

CANON 40D DIGITAL SLR
by Francois Cleroux

5 Gold Stars Award Winner.
Eye On Technology Best Buy Award.

The Canon 40D was announced by Canon on August 20, 2007 as the replacement for the Canon 30D, which can now be had for quite a bargain. The 40D is a 10.1 MP “prosumer” DSLR, slotted between the Canon Rebel XTi (aka 400D) and the Canon 5D. In addition to the sensor upgrade (from 8.2 MP on the 30D), some of the highlighted features of the 40D include:

Improved Image Quality
14 Bit DIGIC III image processor for Enhanced Tonal Range and Speed
Continuous shooting at 6.5 frames/second
Refined AF system now has 9 cross-type AF sensors; center AF point has enhanced sensitivity for f/2.8 and faster lenses
Improved Exposure Control
3-inch LCD display with live view feature
Enhanced Live View
Larger optical viewfinder
Dust reduction system
Three custom user settings
Redesigned menu system from the EOS-1D series cameras

This camera has superb well designed features that weep of Canon quality and gets our 5 Star Best Buy Rating. To get all the information check out Canon's 40D White Paper. The Canon 40D is currently available in stores now with a Street price of $1,199.00 U.S.

LOGITECH FREEPULSE WIRELESS BLUETOOTH HEADPHONES
by Gordon Krushnisky

The FreePulse Wireless consists of a set of headphones and a Bluetooth adapter, along with a charger that charges both headphones and transmitter simultaneously. You can plug the adapter into anything with a standard 3.5mm jack - your MP3 player, PC, stereo and so on - and it will deliver wireless sound to the headphones within a ten meter range, according to Logitech. A collection of small plastic panels that slot on top of the adapter are provided; these adjust it to ensure that it's a secure fit for any iPod model.

The new earphones sport a thinner round-the-back-of-the-head band than last time, and separate, flexible ear hooks. The volume control located on the right headphone was simple to use. Behind the volume control, on the top edge of the right headphone, you'll find the headphone's power button, which doubles as a volume mute button when pressed momentarily.

In terms of quality, the sound delivered is actually very good. It's well rounded and quite meaty, particularly when you switch on the bass boost which gives the lower end a solid dose of pep.

While testing the Bluetooth transmission range of the FreePulse headphones around the gym and at home, I was able to put about 25 to 30 feet between the headphones and the transmitter before hearing any audio dropouts. Battery life held up to its claim of around 7 hours and recharging was quick and easy.

The Logitech FreePulse Bluetooth headphones were not intended to hold up to audiophile scrutiny. The ideal candidate for these headphones is someone looking for lightweight, unobtrusive headphones to use at the gym, or out on a jog--situations where wires are inconvenient and noise-blocking headphones could be hazardous Overall the FreePulse Wireless headset delivers a great product, and while other corded products will most likely have better sound quality, being able to extend to 30 foot away and cutting the cord is well worth it. I was very impressed with this product and would easily suggest it to anyone looking for a Bluetooth headset.

Logitech first released Bluetooth headphones back in 2005, they suffered from a fragile headband, heavy earphones and where relatively expensive at $150 . Fortunately, the Logitech FreePulse Wireless Headphones have solved these problems and do so at a list price of $109 (current street price is less than $90). Available in stores now.

Who is watching over your network and other Information Technology? Support and Network Services should be 'Managed' and 'Comprehensive'. Great thought should be put into every aspect of your Information Systems to ensure your business needs and requirements are met.

Standard Support Practices typically only fix your current problems. These problems may occur again and again with no thought or effort going into resolving the issues or the source of the problems. Many techs simply care about the 'fix' and their money without any thought of your needs an interruptions to your business. We provide complete systems support and services to meet all your needs that include proper Systems Troubleshooting; Conflict Resolution, and Systems Maintenance.

If you have any questions about, or require any of the services of Cleroux.com Technologies Inc. please call 604-779-7099.

Thank you for reading the Eyes On Technology Newsletter.
You have received this e-newsletter for one of two reasons:
1) You signed up for it on one of our web sites.
2) You are a client, customer or friend of one of the Digital Technologies Alliance member companies.

Manage Your Subscription
To quickly unsubscribe from this newsletter, click here Unsubscribe. If you would like to be added to the free newsletter distribution list please e-mail us here Subscribe. To Subscribe to the "Technology Trends" newsletter please e-mail us here TT Subscription for more information and rates.

Distribution of this Newsletter
You are encouraged to distribute this newsletter to friends and colleagues without any modification to any part of the newsletter. If you would like to distribute this newsletter in a modified format, perhaps with your own company Logo or your own advertisement, please contact Newsletter Sales. Modification of this newsletter without explicit written consent from Digital Technologies Alliance is not permitted.

Contact Information
For Sales, Advertising, Sponsorship Opportunities or Editorial questions:
EOT Media Group - 604-779-7099

Editorial Content and Submissions
If you would like to submit editorial content or products for product reviews, please contact us.

Disclaimer
Trying anything mentioned in this Newsletter may cause damage to your computer, could cause your systems not to boot or programs not to function properly or at all. Always make sure you backup your DATA before attempting to install any new programs or running any new utilities, specially if you suspect you have a Virus or Spyware!! Attempt any suggestions or recommendations at your own risk.

EOT Media Group (Canada West)
Head Office
Francois Cleroux
1796 Golf Club Drive,
Delta, BC V4M 4E2
Canada

EOT Media Group (Canada East)
Rick Renaud
604 - 6205 Somerled Avenue
Montreal, QC H3X 2B5
Canada

EOT Media Group (US)
and Test Labs
Gordon Krushnisky
145 Tyee Drive, Unit 32
Point Roberts
WA 98281
United States

EOT Media Group (World Wide)
Debbie Shapiro
17/6 HaVeradim
P.O. Box 8235
Nesher 36781
Israel

©2007 Digital Technologies Alliance. All rights reserved. EOT Media Group, Eyes On Technology Media Group, Digital Technologies Alliance and SpyCatchers are divisions of SpyCatchers Alliance Inc. Cleroux.com is a division of Cleroux.com Technologies Inc.