What's more, that 100,000-app milestore was reached in just eight months – that's faster than did Apple's iPad (about a year and a half) and Google Play (about two years). You could, of course, argue that Apple and Google created the consumer hunger for apps, and Microsoft merely fed it – and you'd be right.But, hey, let's allow Ballmer & Co. a bit of undiluted happiness. After all, it's been a trying last couple of years for them.In addition to the Windows 8 app store news, Net Applications' Net Market Share stats machine says that as of last month, Windows 8 has squeaked past Windows Vista in installed-base market share, with the new Windows holding a total share of 5.1 per cent, and that Hindenberg of OSes, Vista, falling slightly but measurably behind at 4.62 per cent.
Windows 7 continues to rule the global roost, Net Applications says, with a hefty 44.37 per cent of the pie. Windows XP – still belovéd by many a sysadmin – is not far behind at 37.17 per cent.Despite the popularity of Apple's laptop line – its MacBook Air, the market-watchers at NPD say, holds 56 per cent of the thin and light notebook market – the market share of OS X remains either wimpy or exclusive, depending upon your point of view. Taken together, OS X versions 10.6 (Snow Leopard), 10.7 (Lion), and 10.8 (Mountain Lion) total just 6.63 per cent, Net Applications says.Still, that's better than Windows 8's numbers. Perhaps the recently released Windows 8.1 update will boost Microsoft's must-succeed operating system's 5.1 share, but we're not holding our breath here at Vulture Annex. With the still-lackluster uptake of Windows 8 tablets and the overall sluggardliness of the PC market, Windows 8 has a strong headwind with which to contend.
Intel seems to believe that 2-in-1 tablet-keyboard mashups will resurrect Windows 8's fortunes – but cf. breath reference in the preceding paragraph for the Reg's considered opinion. Although some observers have complained about the quality of apps in the Windows 8 app store, the Reg's Fart App Index™ indicates that the store also falls well below industry standards in another important area.To wit: a search for fart in the iPhone section of the iTunes app store returns a list of 886 apps – including such Oscar Wilde–worthy wit as Farting Frenzy XL, Farthoven, and Ow My Balls! – which is a minor but statistically significant increase in the FAI™ tally, which stood at 857 in January 2012.The same search in the Windows 8 app store, however, turns up a paltry 56 such apps. Obviously, the attendees at last week's Microsoft Build conference were not sufficiently inspired by the tasty-but-potent fare at San Francisco's La Cumbre, El Farolito, Papalote, and their ilk.
Analysis The recent discovery that Apple's iOS hotspot passwords are readily crackable in under 50 seconds is part of a wider problem involving other smartphone platforms, claim researchers.As recently reported by El Reg and others, a team of security researchers discovered from the University of Erlangen, Germany discovered that passphrases auto-generated by the Personal Hotspot are far weaker than Apple claims.Bad though Apple's implementation is, other smartphone manufacturers support similar features and their approach is even worse in some cases, according to preliminary - and overlooked - findings from Andreas Kurtz, Felix Freiling and Daniel Metz, the three members of the Erlangen team.Other mobile platforms might be affected by these deficits as well. Although we did not analyze other platforms in detail, spot-checks have revealed that default passwords in Windows Phone 8 consist of only 8-digit numbers. As this results in a search space of 108 candidates, attacks on Windows-based hotspot passwords might be practicable. Moreover, while the official version of Android generates strong passwords, some vendors modified the Wi-Fi related components utilized in their devices and weakened the algorithm of generating default passwords. For instance, some Android-based models of the smart-phone and tablet manufacturer HTC are even shipped with constant default passwords consisting of a static string (1234567890).
However, future studies will be necessary to evaluate the security level of mobile hotspots on other platforms in more detail.A more detailed look at the security shortcomings of hotspot implementation on other smartphones is not yet available. Kurtz told El Reg: Unfortunately, we did not analyze other mobile platforms in detail.The Erlangen team advises users never to accept the auto-generated passphrases suggested by mobile phones for Wi-Fi hotspots, even if the suggested password appears on casual inspection to be secure. The advice applies to all smartphones but derives from a close look at how Apple's technology works in practice.Apple iPhones and iPads with 3G support can be used as Wi-Fi access points, a feature Apple calls Personal Hotspot. The technology is designed with ease of use in mind, so Apple allows punters to generate a WPA passphrase that users can share amongst themselves and that can be typed in easily.
The password generator creates a pronounceable string of up to six characters, and combines it with a four digit number. That ought to give 30 billion possible combinations. A brute force attack using a decent laptop testing 3,000 WPA keys per second against a sniffed Wi-Fi session would take 120 days to run through all possible combinations.This isn't a practical attack, but Kurtz, Freiling and Metz didn't take such assumptions for granted, instead deciding to investigate how the feature really worked.As a first step they generated a sample of Personal Hotspot passphrases. They wrote down the pronounceable word part of these login credentials before searching the internet to see if the words appeared together anywhere in a downloadable list. As it turned out these iOS Wi-Fi password words almost always seemed to appear as entries from a table used by an open source Scrabble game, containing a dictionary of 52,000 words.If Apple was using words from this list in combination with a four digit number (which multiples the range of possible combinations by 10,000) then they were using a range of just 52 million possible passphrases.
At this point the researchers formed a tentative theory that the Apple passphrase generator has a dictionary list under the bonnet. To find out what going on the researchers set about disassembling the passphrase generator code.They discovered that the software first fed a pseudo-random non-word into a spell checker and captured what came back before adding four pseudo-random digits. Only words of between four and six characters that happened to get returned by the spell checker were accepted.The researchers wrote their own implementation of the passphrase generation code and ran it 100 million times with pseudorandom input. Only 1,842 different words came back, evidence that Apple's implementation was actually far worse than if the fruity firm had just used a Scrabble dictionary. Apple's tool generated only 18 million possible passphrases.
Encryption's fine - it's the passphrases that suck Using a GPU rig of graphics cards, something many attackers would be able to access, the researchers discovered they needed just 50 seconds to run through all possible combinations - making it possible to brute-force crack a hotspot passphrase in less than a minute.The researchers published their findings in a paper entitled, Usability vs. Security: The Everlasting Trade-Off in the Context of Apple iOS Mobile Hotspots. Kurtz, Freiling and Metz note that Apple's crypto-snafu is based on weak default passwords rather than a deeper problem with the WPA2 encryption protocol, which remains secure.Paul Ducklin, writing on Sophos's Naked Security blog, said the issue means users need to come up with their own passphrase rather than accepting Apple's suggested login credentials.
Anyone who knows your WPA key and is around when you connect to your network can decrypt your traffic in real time, Ducklin warns. And anyone who is around when you connect and can sniff your traffic can attempt to crack the password and decrypt your traffic later. Choose your own passphrase, and make it a good one, when using iOS's Personal Hotspot, he concludes.Kurtz, Freiling and Metz also advise avoiding default passwords in a summary of their research that explains why been able to crack passwords quickly is important to potential attackers.As it is always good advice to replace initial default passwords by user-defined strong and secure passwords, this becomes particularly relevant on mobile hotspots passwords, they conclude. “Not piroshki again”, sighed Ed, picking wearily at the polystyrene tray. The greasy snack glistened under the harsh lights of the Sheremetyevo International Airport Transit Zone.“Everyone loves doughnuts Ed,” I replied. “And a piroshki is just a doughnut with horse meat in it,” I said.“AND MUSHROOM AND FINEST HERBS” boomed a voice, apparently from nowhere. This was spooky as there was nobody within 15 yards of us. I had a feeling we were being watched. And listened to.
Entrepreneur, investor, imagineer, internet policy visionary – I am all these things every day. But it was now time to pivot, not for the first time, to Mr Fix-It. Like Jules Winnfield in the movie Reservoir Dogs, I had again been summoned to an international crisis. And for once, it was an international crisis that The Bongster had not actually caused.Ed had #guardiancoffee to thank for his predicament. Most of you are familiar with the data-driven Shoreditch coffee shop – but what isn’t so well known is that the outfit behind the venture also runs a blog – it’s kinda like the Huffington Post. And the blog had entrusted Ed’s travel arrangements to a spotty teenager with bottle-lens spectacles, who, after misinterpreting his own infographic, had diverted our hero onto the wrong flight.The last thing Ed saw as the Aeroflot Tupolev Tu-134 lurched down the runway in a cloud of black smoke was the flaxen hair of top WikiLeaks spokesperson Brynhildur Brynhildurdóttir, as she waved a ticket to Ecuador forlornly from the Norman Foster Partners-designed departure lounge at Beijing International Airport.
Hundreds of millions of Twitter users across the globe had tracked the flight of the young fugitive in real-time as the Tupolev sailed high above the Mongolian steppes, their RTs forming a great silent prayer of information freedom.I was beginning to get the feeling that Ryan Air weren’t so keen on lifting us out of this ex-Soviet hellhole after all. O’Leary had been all promises, but when it came to getting Ed onto the plane, it was one glitch after another. They’d even managed to lose his laptop, and we hadn’t even taken off.“Confinement doesn’t mean you are confined, necessarily,” I told him. “Look at Jools [Assange]. Thanks to some Ecuadorian-French co-operation and a little tunnel work, Jools can hop on Eurostar any time he wants and indulge in his true passion, which is skiing.”
“It's true. Assange was at Tignes twice last season and nobody spotted him. He even crossed the Alps into Klosters. He’s an albino, you see. He blends right in.”Behind me the squeak of tiny wheels announced the arrival of what appeared to be an Airstream Travel Trailer, being pushed on a pallet single-handed by มาลัย. Behind her, two gigantic Russian assistants with shaved heads dressed in complementing pink and yellow suits looked bored.But just as I was musing, and not for the first time, on the astounding physical strength of my tiny Thai assistant, a warning bleep sounded from the prototype Apple iPad Mini Retina Display (Bono Edition) on my knee.Now I knew there was no time to lose. I jumped to my feet, and grabbed Ed roughly by the arm, causing the contents of his piroshki to spill over his Open Rights Group: Protect Your Bits T-shirt [Also available as underpants and boxer shorts].