Monthly Archives: November 2013

Starting in January, Google’s Chrome browser will not allow you to install extensions that aren’t hosted in Google’s own Chrome Web Store.

While Google had recently increased its security measures for keeping malicious extensions out of Chrome by adding additional warnings and disabling silent extension installs, the team clearly felt that it had to go a step further to keep Windows machines safe. The leading cause of complaints from its Windows users, Google says, is still due to malicious extensions that override browser settings and change the user experience in unexpected (and undesired) ways. Given that these malicious extensions are virtually always hosted outside of the Chrome Web Store, the team has decided to simply shut down the ability to install extensions from third-party sites.

Users will still be able to do local installs during development and admins can use their Enterprise policy settings to allow their users to pre-install and allow certain extensions. This move also won’t affect Chrome Apps.

For developers who need to migrate to the Web Store now, this move should be pretty straightforward. Most Chrome extension developers are probably using the store already anyway, so this shouldn’t be too hard for most of them. The one thing they do have to do, though, is pay a $5 fee to sign up.

Via: techcrunch

Concerns over NSA tampering provokes wide crowdsourcing response from security community

A unique effort to crowdsource a security audit of the popular TrueCrypt open source encryption software appears to be going viral three weeks after it was launched by two U.S. based researchers in response to concerns that the National Security Agency may have tampered with it.

The intiative has so far garnered more than $57,000 in donations and bitcoins and attracted over 1,000 volunteers from 30 countries, including a techncial advisory group comprised of some of the world’s best regarded cryptographers.

The initiative’s IsTruecryptAuditedYet website has received more than two million hits from users in 70 countries.

“The response has been amazing,” said Kenneth White co-founder of the TrueCrypt Audit Project and principal scientist at BAO Systems, a health information systems company. “Donations have ranged from as little as $3 to as much as $10,000, with the majority in the $10 to $25 range.”

“It’s been incredibly humbling. As important as the financial contributions, we have had terrific offers of technical and logistical support from friends, colleagues and complete strangers,” he added.

TrueCrypt, a free, open source encryption file and disk encryption softare tool for Windows, Mac OS X and Linux, is widely used by corporations, lawyers and other professionals and individuals around the world to encrypt sensitive and confidential data.

According to the anonymous group that developed the software, there have been close to 29 million downloads of TrueCrypt. In addition, countless more copies of the softeware have been distributed via magazine cover CDs and downloaded from servers hosted by others.

The software’s popularity stems from it ease of use, its ability to do on-the-fly encryption of data and its robustness.

But recent disclosures about the NSA’s alleged attempts to subvert popular encryption technologies have prompted some to question the trustworthiness of TrueCrypt — or any other encryption technology.

In TrueCrypt’s case, the concerns are exacerbated because few know who developed the software. Other facets of the technology have raised concerns as well.

In October, Matthew Green, a cryptographer, professor at Johns Hopkins University and co-founder of the TrueCrypt Security Audit initiative, outlined the concerns in a blog post.

For instance, said Green, the Windows version of TrueCrypt differs from the Linux version in a manner that suggests a possible backdoor or other deliberate compromise in the software.

“Even if the Truecrypt source code is trustworthy, there’s no reason to believe that the binaries are. And many, many people only encounter Truecrypt as a Windows binary. In my very humble opinion that should worry you,” Green wrote in arguing for a comprehensive audit of the software by the security community.

In the three weeks since the blog post, the response has been overwhelming, says White.

Going forward, the effort will be to do a thorough legal review of the open source license under which TrueCrypt is being made available, White said.

The audit will include research on the history of the code, a formal cryptanalysis, a software security audit and a reproducible process for building the software. “Because the development team prefers to work anonymously and with limited communication to the outside, some of these tasks are more complex than is typical in reviews of this sort,” White said.

“We have had brief contact with the TrueCrypt team, but were encouraged by their stated desire in welcoming an independent audit,” White dded.

The TrueCrypt security audit team is presently working with a few attorneys who specialize in privacy and security law, and also with experts in open source software licensing, he said.

After the project was announced, an independent researcher at Concordia University in Montreal published an analysis on the source code build process for the Windows version of TrueCrypt. “This is a crucial necessary step for a reproducible build,” White said.

“We are still discussing the best strategy for the technical audit, which may include a combination of academic, private sector and fully open, public security research,” he said.

The team is also reviewing two proposals for a commercial audit of the software by private firms with deep credentials in software security engineering, he added.

In addition, a highly respected group of technical advisers including noted cryptographer Bruce Schneier, Moxie Marlinspike former security director at Twitter, and staffers at Electronic Frontier Foundation and the Tor Project are working on a roadmap for the technical analysis.

The project’s IndieGoGo crowd funding campaign will continue through Dec. 13.

The bulk of the technical analysis will require another four to six weeks of full time effort which means the audit could be completed by February 2014. “This is complex multi-platform software comprised of over 70,000 lines of C, C++ and assembler code,” White explained.

“In the next few days, we are rolling out an updated site which will include more about our organizing structure and the backgrounds of our technical advisory group which reads like a Who’s Who of the security and privacy communities.”

Via: csoonline

Research released has revealed that the theft of mobile phones is on the rise.

According to research done by British insurance firm LV=, the number of phones stolen annually has risen 25 per cent in the last three years, and is costing the UK £37 million a year. Apparently, only 1% of stolen phones are ever recovered by police.

Of course, the way this hurts you in the pocket will vary depending on how flashy your mobile phone is and what data you keep on it. Apple iPhones and the swankiest Android smartphones can easily cost hundreds of pounds, and this makes them a more attractive target for muggers and pickpockets.

But there is a deeper risk than just the monetary value of the phone’s hardware – the data you keep on it.

More and more of us are accessing our personal (and sometimes corporate) email from our smartphones. You may also be using your phone to link to your social media accounts, engage in online shopping or even handling your financial affairs.

According to researchers, 59% of adults do not have any form of password protection on their phone and only a small number of people bother to log out of banking or social networking apps, making it too easy for criminals to steal information and exploit victims’ identities.

Protecting your phone

Here’s some advice on protecting your phone from thieves.

Firstly, be careful not to flash your expensive smartphone around. Too many people draw attention to their phones when they’re out in public, or wear earphones over their clothes showing any potential thief which pocket a phone is being carried in.

Secondly, secure your phone with a PIN code (Android users typically use an equivalent swiping pattern) or a longer password – and set it to lock your phone when it hasn’t been used by you for a few minutes. A permanently unlocked phone is just making life too easy for data thieves.

Of course, make sure you don’t choose one of the top 10 passcodes you should never use on your iPhone.

A longer password or passphrase is a better choice.

Finding your phone

So, your cellphone is lost – how can you find it again?

Modern smartphones incorporate GPS functionality, which can help you track them down if you lose possession of them. But you have to enable this functionality before it is stolen.

iPhone users could try Apple’s own “Find my iPhone” app. Similar functionality is available for Android users via apps like Sophos’s free Mobile Security app.

(If you’re interested in learning more about this topic, read a great article by TV news reporter Benjamin Cohen who describes the lessons he learnt after he was mugged for his iPhone.)

Wiping your phone remotely

If you think the chances of recovering your phone are remote, or your worried that someone else could access data and information about you via your lost phone, you should attempt to wipe it remotely.

Apple’s “Find my iPhone” app can do this for iPhone users, Sophos Mobile Security for Android can lock or reset devices to their factory settings (effectively wiping data) in case of theft or loss.

Mobiles used by your workforce

If you are responsible for protecting mobile phone devices used by your company’s workers then security will be an important issue for you – potentially you have corporate secrets at risk if a user loses a phone.

The enterprise edition of Sophos Mobile Control delivers mobile device management for business, enabling BYOD (“Bring Your Own Device to work”), managing what apps can be installed and ensuring policy compliance for all your mobile devices – whether they be iPhones, iPads, Androids, BlackBerrys or Windows Mobile devices.

Here are the highlights of Sophos Mobile Control:

• Enforces your security policies to ensure compliance
  
• Let’s you turn on the built-in security features of iOS (iPhone/iPad), Android, BlackBerry and Windows Mobile devices, including password protection or any iOS encryption.
  
• Ensures that only registered devices that meet your policies – i.e., not rooted (Android) or jailbroken (iOS) – have full access to corporate data and that the users of non-compliant devices are blocked or face other consequences until the situation is rectified.
  
• Helps locate, lock or wipe lost devices, from the admin web console or the self-service portal.
  
• The security dashboard gives you an immediate overview of your company’s device status.
  
• Let’s you prove your corporate compliance with easy inventory and reporting tools.
  

If you’re an Android consumer – try out Sophos’s free security app (aside from helping you secure your smartphone from thieves, it also protects against Android malware!).

Via: sophos

iPads were plucked from users’ hands at a UK Cabinet meeting last week, because of fears that they might be bugged by foreign intelligence agencies.

The Daily Mail reported that the Ministers were using the devices for a presentation by Cabinet Office Minister Francis Maude and Mike Bracken, who’s in charge of the Government Digital Service.

The talk was on the topic of saving the economy close to £2 billion ($3.19 billion) a year within the next four years.

Typically, the Cabinet isn’t particularly generous about applause for presentations, the Daily Mail said, but this time, when the talk wrapped up, Ministers clapped.

That’s when the government’s security team pounced, the Mail reports, whisking all iPads out of the room to avoid careless talk reaching the wrong ears.

It doesn’t stop there, The Telegraph subsequently reported.

Given the security force’s fear that foreign intelligence agencies have developed the ability to turn mobile devices into eavesdropping bugs without their owners’ knowledge, all tablet computers – which, one assumes, covers all manufacturers’ gadgets, and not just Apple’s – are now banned from Cabinet meetings.

The Telegraph’s Matthew Holehouse writes that Ministers in sensitive government departments have also been given soundproof, lead-lined boxes that they’re required to store their mobile phones in while having sensitive conversations.

The concern, he writes, is that

China, Russia, Iran and Pakistan have developed the ability to turn mobiles into microphones and turn them into transmitters even when they are turned off.

The news comes fast on the heels of reports last week from Italian newspapers (including La Stampa) that delegates to the G20 summit near St. Petersburg, Russia, received USB sticks and mobile phone chargers boobytrapped with Trojan horse malware.

The devices reportedly were able to secretly tap emails, text messages and telephone calls.

According to Corriere della Sera, when he got back to Brussels, the G2 European Council President, Herman Van Rompuy, sent the devices over to his security managers.

They in turn asked for help from the German secret service.

Their analysis resulted in a memo going out to member states indicating that the USB stick and power cables were “suitable for the illegal collection of data from computers and cell phones” and that member states should “take every possible precaution in case these items have been used and if not to entrust the security structures for further inspection.”

Russia has denied the allegations.

What are the lessons here for businesses? Typically, most don’t struggle with the fear of a nation turning their employees’ devices into surveillance bugs.

But with or without the threat of foreign intelligence spying on your organization, iPads, or any other tablet for that matter, are in many ways just smartphones in a bigger form.

That means they carry the same risks to a company’s network security.

Such devices also usher in the bring-your-own-device migraine.

Practical tips in these surveillance-happy times

The traditional, centralised approach of configuration management, software, patching and security is often impossible, if not irrelevant, on such platforms, as Sophos’s Ross McKerchar has described in his article about handling smartphones in the workplace.

That article has tons of good advice on handling device security, including segregating a user’s personal iPad or other device so that they don’t have direct, unrestricted connectivity to crucial servers unless absolutely necessary; having clear policies on passwords and jailbreaking; evaluating the risk profiles of platforms (Android vs. Apple); educating users; and more.

But wait, there’s more!

Ross followed up with this article, which delves into what an attacker might do with the juicy tidbits on a stolen or lost device. This includes the social engineering stunts that can be pulled, given that the device would likely contain the owner’s address, date of birth and information that could then help to answer account security questions.

Still worried about your mobile phone being a bug? Advice for the truly surveillance nervous: Before you read either article, lock your cellphone in your car trunk.

Don’t read the articles out loud, and try to avoid moving your lips while you read.

Via: nakedsecurity

This tool instantly checks Apple inventory at nearby locations.

Apple launched the iPad Air today, which means these sharp tablets are going to be flying off the shelves. If you want to get your hands on one without having to schlep to every Apple Store in the vicinity, this tool can help.

Created by developer Mordy, Apple-Tracker.com looks up information from Apple for the iPhone 5s, iPad Air, and (coming soon) the iPad mini with Retina display.

It’s super simple to use too. Just select your device and enter your zip code to get the chart of availability for various models. You can filter by color and carrier as well. Like so:

Email alerts are also available for the iPhone 5S and coming soon for the iPad Air.

Go check it out here. [via BGR]

Via: itworld

Officials at the Centers for Medicare and Medicaid Services are concerned that a lack of testing posed a potentially “high” security risk for the HealthCare.gov web site serving 36 states. Security issues are a new concern for the troubled HealthCare.gov web site. If they cannot be resolved, they could prove to be more serious than tech glitches.

Defending President Barack Obama’s much-maligned health care law in Congress, Health and Human Services Secretary Kathleen Sebelius was confronted with a government memo that raised security concerns about the Web site consumers are using to enroll.

The document, obtained by The Associated Press, shows that administration officials at the Centers for Medicare and Medicaid Services were concerned that a lack of testing posed a potentially “high” security risk for the HealthCare.gov Web site serving 36 states.

Security issues are a new concern for the troubled HealthCare.gov Web site. If they cannot be resolved, they could prove to be more serious than the long list of technical problems the administration is trying to address.

“You accepted a risk on behalf of every user that put their personal financial information at risk,” Rep. Mike Rogers, R-Mich., told Sebelius during questioning before the powerful House Energy and Commerce Committee.

Sebelius countered that the system is secure, although the site has a temporary security certificate, known in government parlance as an “authority to operate.” Sebelius said a permanent certificate will only be issued once all security issues are addressed.

Earlier, the secretary said she’s responsible for the “debacle” of cascading problems that overwhelmed the government Web site intended to make shopping for health insurance clear and simple.

“Hold me accountable for the debacle,” Sebelius said during a contentious hearing before the powerful House Energy and Commerce Committee. “I’m responsible.”

Sebelius is promising to have the problems fixed by Nov. 30, even as Republicans opposed to Obama’s health care law are calling in chorus for her resignation. She told the committee that the technical issues that led to frozen screens and error messages are being cleared up on a daily basis.

Addressing consumers, Sebelius added, “So let me say directly to these Americans, you deserve better. I apologize.”

But even as she started her testimony, some consumers trying to log into the federal Web site that serves 36 states were getting this message: “The system is down at the moment. We are experiencing technical difficulties and hope to have them resolved soon. Please try again later.”

The Sept. 27 memo to Medicare chief Marylin Tavenner said a Web site contractor wasn’t able to test all the security controls in one complete version of the system.

“From a security perspective, the aspects of the system that were not tested due to the ongoing development, exposed a level of uncertainty that can be deemed as a high risk for the (Web site),” the memo said.

It recommended setting up a security team to address risks, conduct daily tests, and a full security test within two to three months of going live.

HealthCare.gov was intended to be the online gateway to coverage for millions of uninsured Americans, as well those who purchase their policies individually. Many people in the latter group will have to get new insurance next year, because their policies do not meet the standards of the new law.

Sebelius’ forthright statement about her ultimate accountability came as she was being peppered with questions by Rep. Marsha Blackburn, R-Tenn., about who was responsible. It was Blackburn who introduced the term “debacle.”

Rep. Henry Waxman of California, the ranking Democrat on the committee, scoffed at Republican “oversight” of a law they have repeatedly tried to repeal.

“I would urge my colleagues to stop hyperventilating,” said Waxman. “The problems with HealthCare.gov are unfortunate and we should investigate them, but they will be fixed. And then every American will have — finally have access to affordable health insurance.”

Sebelius entered a hearing room so packed with lawmakers, photographers and others that she had trouble finding a path to her seat after shaking hands with the committee members.

Many in the crowd chuckled at her quandary, which was far easier to negotiate than the questions that awaited her about the messy launch of Obama’s health care web site. The crowd parted, and she found her way to her seat at the witness table, facing a wall of expectant lawmakers.

The standing-room-only hearing room was silent when she swore an oath to tell the truth and began her statement. “I apologize,” she told the rapt committee.

Sebelius faced questions about problems with the Web site as well as a wave of cancellation notices hitting individuals and small businesses who buy their own insurance.

Lawmakers also want to know how many people have enrolled in plans through the health exchanges, a number the Obama administration has so far refused to divulge, instead promising to release it in mid-November.

Some committee members expressed doubts about whether consumers’ personal information is safe on such a balky Web site.

 Medicare chief Marilyn Tavenner was questioned for nearly three hours by members of the House Ways and Means Committee who wanted to know why so many of their constituents were getting cancellation notices from their insurance companies.

The cancellations problem goes to one of Obama’s earliest promises about the health law: You can keep your plan if you like it. The promise dates back to June 2009, when Congress was starting to grapple with overhauling the health care system to cover uninsured Americans.

As early as last spring, state insurance commissioners started giving insurers the option of canceling existing individual plans for 2014, because the coverage required under Obama’s law is significantly more robust. Some states directed insurers to issue cancellations. Large employer plans that cover most workers and their families are unlikely to be affected.

The law includes a complicated “grandfathering” system to try to make good on Obama’s pledge. It shields plans from the law’s requirements provided the plans themselves change very little. Insurers say it has proven impractical. The cancellation notices are now reaching policyholders.

Tavenner blamed insurance companies for cancelling the policies and said most people who lose coverage will be able to find better replacement plans in the health insurance exchanges, in some cases for less money. Change is a constant in the individual insurance market, she added, saying that about half of plans “churn” over in any given year.

Via: enterprise-security-today

Microsoft just published its January-to-June 2013 Security Intelligence Report (SIR).

(Yes, I was surprised at the timing, too, since we’re already two thirds of the way through the next reporting period. But there you are, and here it is [PDF].)

I will dutifully declare that I have still to finish reading the report in full.

At 160 pages, even if some of them are blank, or contain corporate boilerplate, I just haven’t got through it yet.

But I have read one of Microsoft’s recent blog postings about the report, highlighting the part in which rates of malware infection and encounter are compared across the four flavours of client-side Windows: XP, Vista, 7 and 8.

The results seem to tell a pretty clear visual story about why you should get rid of Windows XP as soon as you can:

→ The numbers on the left and right sides can’t directly be compared because they’ve been scaled differently for readability. The infection rate shows computers cleaned up out of every thousand on which Microsoft’s Malicious Software Removal Tool (MSRT) was used. The encounter rate shows computers on which malware was detected – and almost certainly prevented from infecting – out of every hundred protected by a Microsoft virus blocker.

The obvious conclusion from the above is that your chance of being exposed to malware, and thus potentially infected if you were unprotected, is similar on all versions of Windows.

Windows 8 users, at first glance, appear to enjoy a slight advantage in exposure rate, with 12/100 computers measured to be actively under attack, against 16/100 or more for the other flavours of Windows.

The SIR doesn’t offer an explanation, but we can always speculate:

• Perhaps more recent versions of Internet Explorer are more likely to prevent you browsing to potentially infectious websites in the first place, thus reducing exposure?
  
• Perhaps Windows 8 has stronger internal safeguards against exploits, thus stopping some attacks before they get as far as provoking an anti-virus warning?
  
• Perhaps some Windows 8 users made the switch for security reasons, and are therefore less likely to put themselves in harm’s way?
  

Likewise, Windows 7 seems to be at a very slight disadvantage, with 19% of computers visibly attacked, against 16% with XP and Vista.

That might not be a statistically significant difference (nor might the apparent advantage of Windows 8, of course), or it might be a simple side-effect of that fact that Windows 7 is the most prevalent version of Windows.

The most common platform, you can argue, is more likely to be singled out by malware writers who don’t want to go to the trouble of building a multi-version exploit.

But the statistical significance of the left-hand numbers seems, at least on the surface, to be undeniable.

When users went to the trouble of looking for malware, presumably because they thought they had slipped up and got infected, they were 5.7 times more likely to find some on XP than on Windows 8.

In short, the apparent conclusion is that XP is more than five times as permeable to malware than Windows 8.

Therefore, you can argue, XP’s imminent – and, after 12 years, not exactly unexpected or untimely – Goodbye, Farewell and Amen moment should be applauded, and moving on to a more recent operating system will bring clear and immediate security benefits.

On the other hand, you can keep putting these numbers through the wringer and argue that they don’t prove much of anything at all.

For example, the MSRT only deals with a small subset of malware out there – it’s always been something of a stopgap measure for the most commonly-known malware families.

In other words, you might choose to explain the lower apparent infection rates on Windows 8 merely as a sign that the MSRT tends to miss more malware on Windows 8, being biased as a side-effect of history to detecting malware that only works on XP.

You can argue that, because the MSRT quite explicitly isn’t a broad-spectrum anti-virus, the figures on the left don’t denote infection rates at all, but are nothing more than a measure of the effectiveness of MSRT by Windows version.

The truth, I guess, is somewhere between the two.

While XP may not be an ecosytem that is 5.7 times more dangerous than Windows 8, I think it is reasonable to accept that Microsoft’s data supports the claim that you are at much greater risk if you keep on using it.

If you need any more evidence, I suggest you take a look at our recent article series Anatomy of an exploit – inside the CVE-2013-3893 Internet Explorer zero-day.

There, we show the sort of tricks needed to pull off a drive-by exploit against Internet Explorer 9 on Windows 7, which involves working around not only Data Execution Prevention (DEP), but also Address Space Layout Randomisation (ASLR).

Without ASLR, DEP offers only a very mild extra resistance to attack – and XP doesn’t have ASLR.

That alone is probably reason enough to move before next April’s end-of-updates deadline.

Via: sophos

For years now, most of us have been quietly not turning off our phones and devices at landing and takeoff, and merely putting the screens to sleep and stuffing them in seat pockets instead. Now, we’ll be able to do that officially and more, according to the FAA. The American government organization overseeing air travel announced that travelers won’t face regulations that are quite as strict when it comes to electronics on planes.

Don’t start celebrating just yet – this doesn’t mean you can continue playing Candy Crush while waiting for your massive, heavy hunk of metal to defy physics and launch itself into the air as of this very moment. The changes will differ depending on each airline, the FAA says, since there are differences between types of planes and how things are run at each different carrier, but the FAA anticipates that most will allow passengers to use their gadgets “in airplane mode, gate-to-gate, by the end of the year.”

Passengers can use e-book readers, play games and watch videos on devices, and can hold gadgets during both take-off and landing, or else stow them in the seatback pocket. These gadgets need to be in Airplane Mode or have cell service turned off during both landing and taxi/take-off, but you can actually use Wi-Fi during your flight and continue to use Bluetooth accessories connected to your phone.

There are still some things the FAA says travelers need to be aware of regarding these rules, to make sure they’re still in compliance with guidelines. Here’s a full list of those points flagged by the regulatory organization:

1. Make safety your first priority.

2.  Changes to PED policies will not happen immediately and will vary by airline. Check with your airline to see if and when you can use your PED.

3.  Current PED policies remain in effect until an airline completes a safety assessment, gets FAA approval, and changes its PED policy.

4. Cell phones may not be used for voice communications.

5.  Devices must be used in airplane mode or with the cellular connection disabled. You may use the WiFi connection on your device if the plane has an installed WiFi system and the airline allows its use.  You can also continue to use short-range Bluetooth accessories, like wireless keyboards.

6. Properly stow heavier devices under seats or in the overhead bins during takeoff and landing. These items could impede evacuation of an aircraft or may injure you or someone else in the event of turbulence or an accident.

7. During the safety briefing, put down electronic devices, books and newspapers and listen to the crewmember’s instructions.

8.  It only takes a few minutes to secure items according to the crew’s instructions during takeoff and landing.

9.  In some instances of low visibility – about one percent of flights – some landing systems may not be proved PED tolerant, so you may be asked to turn off your device.

10. Always follow crew instructions and immediately turn off your device if asked.

Earlier this year, the FAA seemed ready to relax the rules around personal electronics use in-flight, but they quickly noted that this didn’t mean we’d see blanket bans lifted immediately. Now, the FAA is taking pains to roll this out more quickly, and is “streamlining” approval of the new rules via clear instructions and guidelines for airlines about implementation of device use.  Delta has announced that it’s the first to submit its plan to comply with the new regulations, and that it will do so by November 1, it hopes.

With any luck, some passengers might be able to watch Home Alone 2 on their new iPad Air while winging their way home to enjoy a family Christmas dinner. It’s about time.

Via: techcrunch

A new patent application published by the USPTO (via AppleInsider) indicates that Apple has been thinking about how to practically deliver the benefits of solar power to mobile devices, without requiring clumsy and gigantic external converters. Solar charging is still fairly fringe when it comes to the general gadget-using population, but Apple’s patent, filed originally in 2012, looks like it could provide a way to make getting your power from the sun something that’s generally palatable within a few years’ time.

The system in Apple’s patent is a power management array for accepting both power adapter and solar power direct from gathering devices or traditional mains-based chargers. So in other words, you could plug in your MagSafe or iPad/iPod adapter, or alternatively hook a MacBook or other piece of hardware directly to a solar panel with a simple cord. There’s also a means for accepting both inputs at the same time, according to the patent, for a power balance that would likely charge your device quicker but with more economical use of juice from the grid.

The key to this patent is that the system described is both composed of readily available power management techniques achievable with existing hardware, and; able to be built using componentry that takes up very little space, making it theoretically possible to integrate it into existing device designs without much modification. Both of those indicate that Apple could build this into products sooner, rather than later, should it choose to go that route.

I’d still expect this to take a while to come to fruition, if it does at all, but it is one way that Apple could explore the possibility of expanding device battery life in non-traditional usage situations, like while out and about in nature and separated from any mains access. The key will be whether this can be done without making any sacrifices to battery or device size, and that seems to be where Apple is focusing its R&D efforts around solar, according to this application at least.

Via: techcrunch

Are you running out of disk space in your Windows 7 PC? Microsoft has released a update for Windows 7 SP1 systems, that adds a new option named “Windows Update Cleanup” in the Disk Cleanup utility. This makes it easy to clear a large amount of disk space consumed by obsolete or superseded Windows Updates stored in the Winsxs directory. The amount of disk space freed up can vary in your system, depending upon the updates installed. I could clear 6 GB of disk space in my Windows 7 PC.

Note:
Windows Update Cleanup option is accessible only when Disk Cleanup is run as Administrator. Alternately, you can elevate Disk Cleanup by clicking click Clean up system files button in Disk Cleanup dialog box.

(Free space in the system drive before cleanup)

Select Windows Update Cleanup and click OK. Restart Windows. The Windows Update Cleanup task is carried out only on the next restart.

(Free space in the system drive after cleanup)

More Information

The update adds a new Disk Cleanup handler/key named “Update Cleanup” under this key:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ VolumeCaches \ Update Cleanup

… which references the GUID {C1A6713B-F5BA-4340-BFE5-07DA0ED49A27} (Superseded Updates Cleanup)

Detailed information about the update (KB2852386) is available in Microsoft Knowledgebase article Update is available that enables you to delete outdated Windows updates by using a new option in the Disk Cleanup wizard in Windows 7 SP1.

Via: winhelponline