I’m getting awfully darn tired of having to pay for what I already own.

What do I mean?

Sony just announced that the PlayStation Portable titles you already own may be usable on your PlayStation Vita after all … for a price.

Plenty of people have already noted that the PS Vita doesn’t come with the UMD drive from the PS Portable. Backward compatibility is being ditched more and more these days. If Ninty can do it, so can Sony. Especially on portable gaming, where once it was a veritable guarantee that you could take your old game and plug it into your new Nintendo Gameboy handheld, the last few generations have been shooting that down quite rapidly. And Sony is doing the same.

Except where with Ninty you can pay to download the game you already own on a cartridge, with Sony you … wait … can pay to download the game you already own on disc. Err… So it’s basically exactly the same.

Through a device called the UMD Passport you basically get to re-pay for the PS Portable game that you already own so that you can play it on your PS Vita as well. Prices are reported to be in the range of ¥100 ($1.30) and ¥2,400 ($31.16). So yes, you could be paying over thirty bucks to continue playing a game that you already paid for.

That is, assuming that Sony even brings the UMD Passport to the US. So far they’ve only announced it for Japan.

Is it really too much to ask that we go back to the good old days of backward compatibility? I mean I was playing my old GameBoy carts on my GameBoy Advance, and loving it. Zelda brought back to life. Metroid 2 was still fun. Only since then I haven’t touched a Nintendo handheld because I want my GameBoy to be able to play all of my games, dammit! Nintendo has lost a lot of sales opportunity there from me.

And now Sony is taking the same route?

Nuh uh!

Looks like Sony is going to lose a lot of sales opportunity from me too then. Should have seen it coming though when Sony screwed over their emulation on the PS3.

It’d be pretty sad if I only bought PC games in the future. But then again, what with UMPCs and old games being released for free or even open-sourced, maybe it won’t be so sad after all. For me. For Nintendo and Sony however … too bad. So sad. No more hard-earned money from me.

If I own it, I own it.  I’m not “licensing” it.  I freaking own my copy.  It’s the way it’s always been.  You can’t just change that midstream now.  Though it’s certainly not stopping people from trying to remonetize on what you already paid for.  Like Apple and their iTunes Match, convincing people to pay an additional twenty five bucks a year to listen to music that they already bought.

I’m just really getting tired of these scams.  I’m paying once and only once, thank you very much!

Here’s an interesting attack vector: get your mark to listen to music to hack them.  Sounds silly?  Well it isn’t.

Apple just recently fixed this “binary planting” vulnerability in their iTunes for Windows application.  A remote attacker merely has to plant a malicious DLL using a specific name in the same network share as a media file and as soon as someone comes along to listen to that media file, BAM!  iTunes would load that laced DLL to play the music and execute goodness only knows what evil.

Many sysadmins are sighing with a bit of relief as this attack vector does require a network share to pull off, which is not something they intend to allow hackers to do this on their networks.  But, need I remind you of the Web Client service, enabled by default, with features like WebDAV, which allows remote network shares, as in internet-based, as in not safely behind  your intranet?

Fortunately, besides disabling these features, you also have options like  firewalls to stop the evil WebDAV and likewise outbound traffic.

Also of good news is that Apple has fixed this security hole in iTunes.

But!

Was iTunes the only hole needing to be patched?  Not according to H.D. Moore of Metasploit, who says that about 40 applications are exploitable in Windows because of the way in which Windows loads “safe” file types from network locations.  A problem which affects not only the older and less-secure Windows XP, but even Windows Vista and Windows 7.

So be warned.  Be wary.  And secure those PCs please.

If you think surfing the internet is a scary thing to do, what with so many malicious websites out there ready to infect your computer (or smartphone) then try being a website owner.

Network Solutions, Happily Providing Website Owners With Malware Since…

Take, for example, anyone running a website hosted by Network Solutions.  Turns out that one of their widgets, there to make your website construction easier, was actually infected with malware!

What’s worse, Network Solutions is neither apologizing for infecting your websites, nor even saying how their widget got infected in the first place.  They just tell you to delete it.  Oh.  How informative.  How helpful.

Initial reports based on Google and Yahoo searches estimate anywhere between half a million and five million domains may have been infected.  Network Solutions, of course, denies any such numbers as being so high, but as of yet has failed to provide its own numbers to back that up.

SQL Vs. Apple … And A Whole Lot Of Others

An SQL attack has hit approximately half a million legitimate webpages with database commands that attempt to hide malware exploit links into the webpage code.  Of those infected is included the ever famous Apple, who’s iTunes podcast promotion pages were identified as hit.  Fortunately Apple was quick to clean up their infections.

Plenty of other websites have been hacked by this SQL vuln as well, obviously.  The continued SQL database injection attacks are frequently changing enough that tjey jave yet to be stopped.

Adobe – Chilly Towards A Hot ColdFusion Vuln

Adobe’s ColdFusion application server saw a recent update to patch a security hole that it labeled as “important”. But just how important was patching this exploit?  Well a number of researchers now claim that it should have been labeled “critical” because the vuln could actually let hackers seize control of servers in a “full system compromise”.  It not only allows someone to manipulate the system files, but to also upload scripts and even mess around with the database natively.  As holes go, it really doesn’t get worse than that.

Fortunately, Adobe did patch the hole.  But downplaying the importance of the vulnerability may lead to less people upgrading to the fix as they should.

Disney – Sued For Spying On Your Kids?

Walt Disney’s internet subsidiary, Walt Disney Internet Group, and several partners such as Clearspring Technologies and Warner Bros. Records, are being sued in the US District Court of Los Angeles for allegedly using Adobe Flash Player cookies to track highly personal information about users, the majority of whom are minors.  The Locally Shared Objects (LSOs) otherwise known as Flash Cookies, have supposedly been gathering detailed user information over long periods of time since at least 2007, in ways that, are claimed, violate the sites’ privacy policies.   These LSOs were left behind, and used to respawn deleted browser cookies, becoming “zombie cookies” which allegedly were used to re-identify users to continue tracking them without warning or knowledge thereof.

False rumors have been spread that an upcoming European tour of Guns N’ Roses was canned, thanks to a bit of Twitter hacking of Axl Rose’s account.  The tweet from Axl that all was over was, of course, not really from Axl at all.  And he might have even been able to catch it and prevent the spread, had he ever been using his Twitter account instead of, well, doing anything more entertaining than tweeting.  But, alas, he actually has a life.  And so the hack went uncontested long enough for people to believe it.  It’s nice to see someone on Twitter actually busy with real life for a change.  But it’s also a good reminder that if you choose to have an online presence, maybe you should at least log in every once in a while.  Or just let it drop entirely if you’re too busy to take it seriously.

If you’ve been following Apple and the iPhone third-party application development drama lately, you’ll know full well that Apple isn’t exactly the shining example of perfection that so many worship them as being.  This is no surprise really, as Apple has for a very long time been either bumbling or dishonest or both.  Which might seem like an insult if it didn’t actually just make them like virtually every other for profit company on the face of this planet.

But there’s one saga here that really fails to make any sense, and yet Apple seems adamant on continuing blithly ahead on, and that’s the Eucalyptus e-book reader app.  Like so many other e-book reader apps for the iPhone (Kindle, Stanza, Classics, Book Shelf, Books.app, etc.) it reads … electronic copies of media, like books.  In and of itself there is nothing here that gives Apple any reason to ban Eucalyptus, especially while allowing so many other similar e-book reading apps to exist.

And like other e-book reader apps, Eucalyptus also gets content for free from Project Gutenberg, a collection house of free eBooks.

And that, it seems, is somehow Apple’s problem with Eucalyptus.

Because, you see, Project Gutenberg holds a text-only copy of the Kama Sutra, the famed ancient sex how-to manual from India.  The same one that the other e-book readers have.  And that Amazon’s Kindle especially has some lovely alternate illustrated editions of.  Not to mention, Apple’s own Safari web browser, which certainly has access to content far more graphic than the mere antique love book from the gurus of grind.

So is it really the supposedly objectionable content that keeps Apple rejecting Eucalyptus time and again from the iTunes app store?  While allowing far worse content from other iPhone apps?  It certainly makes one wonder…

One of the nifty things about the iPhone is the wonderful collection of apps available. Of course, that so many of them aren’t free also makes it one of the more annoying things about the iPhone. But that’s another story.  This story is about Apple not paying its third party app developers while lying to them and threatening them.

Yes, you read that right.

Bad Apple!

The huge success of Apple’s iTunes store and third party apps has caught Apple with its pants down.  Unprepared for the surge in usage, Apple’s finance system has fallen to pieces.  There are app developers still waiting for February’s payments.  In some cases they’re still owed money in the tens of thousands of dollars.  A sizable backlog of non-payment is growing.

And what is Apple’s response? Lame excuses like “the check is in the mail” and “oh, a banking error prevented us from paying you”.  Not to mention threatening developers who, in their opinion, email them too much.

Loverly.

For those of you who possibly thought that Apple’s response there may have been warranted, I really invite you to look at the whole story.

Obviously dealing with banks around the world is a complicated issue.  One that Apple, clearly, was not prepared to handle when they started the third-party-app business for the iPhone.  But what really makes it bad, is Apple’s bad attitude.  Their refusal to apologize – or for that matter even just make a general statement – whilst simultaneously feeding these starving developers lies and misdirections is what is shockingly startling from the Apple that everybody knows and loves.

It’s one thing to make a mistake, own up to it, and fix it.  It happens.

It’s another thing entirely to make a mistake and continue to obfuscate and spin the problem while digging the hole deeper and deeper instead of correcting it.  That is bad.

Some, rightly so, are considering their options for legal action.  As the lack of payments continue behind a thin veil of plausible ineptitude developers have reached breaking points well beyond the contractual obligations of Apple.  After all, many of these third-party developers aren’t major software houses.  They’re small companies or even people working by themselves at home.  They don’t have a great wealth of financial backing to support them in lean times.  They have bills to pay and families to support.  And Apple is not paying them their money due, well beyond the point of breach of contract.

And the next big question would be, why is Apple claiming to be so inept in making these payments?  Surely with in cases nearly one-third of these app’s profits going straight into Apple’s  hands, on top of an annual fee, Apple should have more than enough resources to establish a solid iTunes financial department to handle this situation properly.  And yet, they continue to plod on with the same lines whilst failing to pay the developers.

It’s certainly enough to raise doubt as to Apple’s sincerity.  Is this the true face of Apple?