Month: March 2015

Playstation 4 seems to have a lock on the console market these days.

Sony’s PlayStation 4 continues to soar with 20M sold

C|net – By: Don Reisinger – “Sony’s PlayStation 4 continues to cement its position as the leading game console for this generation of devices.

Sony has sold 20.2 million PlayStation 4 units worldwide as of March 1, up nearly 2 million units since the company announced in January that sales had hit 18.5 million units. Sony said the PlayStation 4 is the fastest-selling game console it has ever launched.

The announcement comes as the game industry holds one of its biggest events of the year, the Game Developers Conference. This year’s event in San Francisco has included announcements of new games, new set-top boxes, and Sony’s latest prototype of its Project Morpheus virtual-reality headset.

Sony’s grip on console sales has been tight since the device launched in November 2013. The PlayStation 4 got off to a strong start, thanks in part to its solid game library and a $400 price tag that made it $100 cheaper than its chief competitor, the Xbox One, which launched in the same month.

The price difference became such an issue for Microsoft last year that the company decided to unbundle its Kinect motion-gaming sensor, bringing the price down to match its chief competitor, the PlayStation 4. During the fourth quarter, Microsoft also offered special pricing to boost console sales — an effort that paid off when research firm NPD announced that the Xbox One led the holiday-shopping season in the US.

Still, the Xbox One is trailing Sony’s PlayStation 4 in worldwide sales. In November, Microsoft announced that its console had nearly reached 10 million unit sales. Since then, the company hasn’t divulged sales data. But given holiday sales, Microsoft is believed to have sold millions more since November.

Microsoft declined CNET’s request for more recent sales figures.

In sharper contrast is Nintendo. The company announced earlier this year that through 2014, it had sold 9.2 million Wii U units since its release in November 2012, trailing far behind its chief competitors. Nintendo has said it believes it can still turn the console around by focusing more on first-party software, but the chances that it will catch up with PS4 or Xbox One seem less and less likely.

Looking ahead, Sony’s PlayStation business will play a central role in the company’s operation. Sony said last month that it hopes to generate an operating profit of over 500 billion yen (about $4.2 billion) by March 2018 by focusing on four core areas: the PlayStation gaming division, Sony Pictures, Sony Music and its device business that includes sensors.

Sony said that it will invest heavily in those areas, while spending less in other parts of its business that have been underperforming. Sony didn’t announce a road map for its PlayStation business, but said that the console will be a cornerstone for profit in the coming years.

Actually getting to use that profit may be difficult: Sony expects to finish its current fiscal year, which ends this month, with a net loss of 170 billion yen ($1.4 billion).

Sony declined CNET’s request for comment.”

Windows is working on a patch, but be careful in the interim!

Stop the presses: HTTPS-crippling “FREAK” bug affects Windows after all

Ars Technica – By: Dan Goodin – Computers running all supported versions of Microsoft Windows are vulnerable to ‘FREAK,’ a bug disclosed Monday that for more than a decade has made it possible for attackers to decrypt HTTPS-protected traffic passing between vulnerable end-users and millions of websites.

Microsoft confirmed the vulnerability in an advisory published Thursday. A vulnerability-scanning service at FREAKAttack.com, a site that offers information about the bug, confirmed the advisory, showing that the latest version of IE 11 running on a fully patched Windows 7 machine was susceptible. Previously, it was believed that the Windows system was immune to the attacks.

FREAK attacks—short for Factoring attack on RSA-EXPORT Keys—are possible when an end-user with a vulnerable device connects to a vulnerable HTTPS-protected website. Vulnerable sites are those configured to use a weak cipher that many presumed had been retired long ago. In analyses immediately following Monday’s disclosure of FREAK, it was believed Android devices, iPhones and Macs from Apple, and smartphones from Blackberry were susceptible. The addition of Windows dramatically increases the number of users known to be vulnerable.

Attackers who are in a position to monitor traffic passing between vulnerable users and vulnerable servers can inject malicious packets into the flow that will cause the two parties to use a weak 512-bit encryption key while negotiating encrypted Web sessions. Attackers can then collect some of the resulting exchange and use cloud-based computing from Amazon or other services to factor the website’s underlying private key. The process requires about seven hours and $100. From that point on, attackers on a coffee-shop hotspot, rogue employees working at an ISP, or nation-state-sponsored hackers can masquerade as the official HTTPS-protected website, a coup that allows them to read or even modify data as it passes between the site and the end-user.

Meanwhile, Android and Apple devices

On Thursday, Google developers released an updated version of Chrome for Mac that can’t be forced to use the weak 512-bit cipher, effectively closing the FREAK hole when OS X users are on the Google browser. At the time this post was being prepared, Chrome for Android remained vulnerable, and Google officials have yet to provide any public estimate on when a fix would be available. Apple officials have said patches for OS X and iOS would be released next week. Microsoft’s advisory provided no estimate on when a patch would be available, either. In the interim, people on vulnerable devices should consider using Firefox, which over the past two days has consistently been labeled as safe by the FREAKAttack site.

In recent weeks, security researchers scanned more than 14 million HTTPS-protected websites and found that 36 percent of them supported the weak cipher, meaning they are vulnerable to the attack. As of Thursday morning, vulnerable sites included AmericanExpress.com, Groupon.com, Bloomberg.com, and many more. Microsoft’s advisory offers several work-arounds for more technically inclined readers, but some of them will prevent IE from connecting as expected to certain websites.

Despite the large number of sites and end-user devices known to be vulnerable, there has been considerable debate among security professionals about just how critical the threat posed by FREAK is. Support for the argument the threat is low is the fact that it’s hard or impossible for adversaries to carry out FREAK attacks remotely or in mass numbers. Additionally, Google, Facebook, and most other large sites aren’t vulnerable. These considerations and the perception the threat is low are likely contributing to the slow pace of patches coming from Apple, Google, and Microsoft.

Still other researchers say the severity is much higher. Besides the millions of websites and incomprehensibly high number of end-user devices now known to be vulnerable, other reasons to think FREAK is severe is the fact that it has existed for a decade. That means it’s possible malicious attackers have known about and exploited it for years already.”

Equal opportunity CrapWare, sigh. Just what we DON’T need! Be sure to CLOSELY watch the options as you install it.

Oracle extends its adware bundling to include Java for Macs

ZDNet – By: Ed Bott – For several years, Oracle has been bundling the Ask toolbar with its Java software for Windows PCs, often using deceptive methods to convince customers to install the unwanted add-on.

With the latest release of Java for the Mac, Oracle has begun bundling the Ask adware with default installations as well, changing homepages in the process.

The unwelcome Ask extension shows up as part of the installer if a Mac user downloads Java 8 Update 40 for the Mac. In my tests on a Mac running that latest release of OS X, the installer added an app to the current browser, Chrome version 41. (In a separate test, I installed Java using the latest version of Safari, where it behaved in a similar fashion.)

As with its Windows counterpart, the Java installer selects the option to install the Ask app by default. A casual Mac user who simply clicks through the dialog boxes to complete the installation will find the app installed and enabled in their browser, with the New Tab page changed to one with an Ask search box.

I found it interesting that the Chrome Web Store listing for the Ask Search Extension reveals that the app’s developer is listed as ‘chromewebstore12.’ That developer name is used by three related Ask apps and might lead an unsophisticated user to think that the app is an official offering from Chrome.

The previous Ask Search Extension, with more than 5 million installs and several dozen one-star reviews, is listed as being developed by APN LLC, which is identified in the license agreement for the Java installer.

As with its Windows counterpart, the Ask search page returns low-quality results that are heavily loaded with ads, most of which are not clearly distinguished from organic search listings.

In an apparently unwitting acknowledgment that its software isn’t really a ‘convenient browsing tool,’ as its description suggests, the Help menu for the Ask button on the Chrome toolbar leads directly to a page containing uninstall instructions. The same menu contains a separate Uninstall listing.

In my testing, I found it relatively easy to uninstall the Ask Search extension from both Chrome and Safari, although an unsophisticated user might be intimidated by the process. In both cases, however, the home page remained set to an Ask search page and had to be manually changed.

Oracle has updated its installation instructions for the Mac installer to acknowledge its partnership deal with Ask. The mention of the Ask deal does not appear in the most recent previous version of the same page, saved at the Internet Archive a month ago.

Oracle’s timing in introducing adware with Java for the Mac comes on the heels of Lenovo’s disastrous scandal with the Superfish adware. Despite numerous requests, Oracle has refused to remove the Ask adware from its Java installer for Windows. With this latest move, the company appears to be doubling down on its commitment to sneaking adware onto PCs and Macs running Java.

IAC, the parent corporation that owns Ask.com, is a diverse organization. It also owns Match.com, Tinder, OKCupid, The Daily Beast, Vimeo, Dictionary.com, and HomeAdvisor, among many others. IAC pays a commission to Oracle and other affiliates that bundle the Ask toolbar.

Adware is a big business. In its most recent annual report, filed in February, IAC disclosed that the Search & Applications Division, which includes Ask, made nearly $1.6 billion in revenue and $311 million in operating income in 2014. ‘Substantially all of the revenue’ from that segment comes from a deal with Google. IAC reported that it paid $883 million, primarily in traffic acquisition costs, to partners who distribute its ‘customized browser-based applications.'”

I… obviously didn’t get a show done again! This time, though, I did have a real reason. I had a tooth issue that laid me out! I had a tooth that looked like it was going to need a root canal. My mouth was swollen up, I couldn’t eat. I was miserable! So, since I am still “dealing.” I think I will wait until Saturday to do a show. Sigh.