The only thing preventing Google's Nexus One phone from supporting multitouch features might be Apple's patents . Allow me to explain: There is nothing in the hardware of this device to prevent multitouch as evinced by Google's comment this morning at their press conference. When asked if the Nexus One would one day support multitouch, a Google rep responded, "We'll consider it." In a word, this means that the hardware is ready for users' pinching and zooming, but the current iteration of Google's software is locked to prohibit multitouch for legal reasons. We give the hackers of the mobile world a couple days to hack the device - after all, it's already been done on the Droid. Sponsor Here's a video showing multitouch on a Droid: And here's how that was accomplished. European hackers figured out how to jailbreak the device a scant month after its release. In the States,the folks at AllDroid sussed out how to port the web browser from the Motorola Milestone - which does support multitouch - over to the Droid. Granted, the hack only works for web browsers, but it's a significant improvement for those who can live with a bricked phone. The hack requires the would-be multitouch hero to get root access to the phone and install and delete certain components. Clearly, this user runs the risk of breaking the device and may violate Motorola's TOS and void the warranty. All of the above applies to the Droid. However, the same stipulations that prevent multitouch on that device also apply to the Nexus One: It's not a hardware issue; the software is simply locked. So, we're likely looking at a wait of a few days to see who wants to risk a $500+ device in the quest for an Android-powered multitouch mobile via TOS-violating hacks. Apple's involvement with the stalling or prevention of more and better multitouch devices has been a topic of speculation in the mobile gadget press since last year, when a group of several key patents for specific gestures were published. Since then, several multitouch devices, such as Palm's Pre, have been released without legal fanfare. Still, some speculate that Google's holding out on multitouch for legal reasons. "I think at this point that's more of a legal consideration than a technical one, since many phones that run Android have the capability of supporting multitouch on a hardware level," wrote Jason Chen of Gizmodo when he toyed with the device last month. And Chris Ziegler of Engadget said , "This is still very much a sensitive subject - but at least we have some confirmation that it's a software limitation alone... there's definitely some logic (probably legal logic, but logic nonetheless) behind which devices are getting it in which markets." What do you think - is this a patent issue? Or is the software simply not ready for public consumption yet? Better yet, if you had one of these devices, would you jailbreak it for multitouch capabilities? Let us know in the comments. Discuss

See original here:
One More Thing: Multitouch on Nexus One Is Just a Hack Away (VIDEO)

In a chat today lasting over an hour, we got to talk to a person claiming to be the infamous hacker behind RockYou 's latest data security woes. While he claimed to have no animosity toward users, he had one clear message for websites: Take better care of your customers' data. RockYou isn't the only hacked site storing plain text login information, either. Sponsor What Happened To bring us all up to date, here's the gist of the story so far: The hacker, who we'll call Tom (not his real name) for brevity's sake, tells us that he used an SQL injection to gain direct access to RockYou's database, where he found login information for more than 32 million user accounts. The data was all in plain text and contained third-party site logins, as well. Tom sat on this information for a while. Although he's posted about similar hacks in the past, he also claims to have exposed the same vulnerabilities and gained access to the same kind of data for many major U.S. sites. Tom wouldn't reveal which sites he'd hacked, but he did say that he has no intention of using or publishing the data he's unearthed. But yesterday, incensed by this warning from an Internet security company and RockYou's claims that only some accounts had been compromised by the security breach, Tom posted about the hack on his blog . We (along with several of our peers) were tipped off to the situation via Twitter , and TechCrunch has since written two posts about the data breach. Why This Is a Bad Thing One of the more interesting facets of the story is RockYou's failure to appropriately protect user's login credentials. The hacker showed us an image containing the last few lines of a 32,603,388-line, seven-column dataset weighing in at 276 MB. All the data we saw was in plain text; any grade schooler could have used this information to log in to users' accounts. "If you don't store passwords for accounts, if somebody hacks you, what can he do? Deface your site. The end," said Tom. "That's nothing against 32 million emails with passwords. Count how many of them have PayPal. If I check every one, and only 10 percent of them have it, and I take only $10, it's a pretty nice amount, don't you think?" The hacker makes an excellent point with this object lesson, and he clearly holds RockYou and its ilk squarely at fault. Tom, who says he's employed in a good security-related job, believes there should be laws requiring companies to encrypt user data. He said, "They are now hunting for me, but why? I didn't do anything wrong. They should now be in jail because they put all of these people at risk. This was just for illustration." What We Can All Do Tom says that one out of every three sites he's gained access to store user data in plain text databases. "Server owners can use third-party sites for authentications, like Facebook, Google, OpenID or OAuth." he said. "Why the [redacted] would they want user passwords? I don't understand that." For websites, the hacker recommends using hashes with salt or PCI DSS to protect user data. He said that message-digest algorithm-5 (MD5) was an inadequate solution. "If you're storing it in MD5, it's nothing... It's no problem to use a GPU cracker, or better, a botnet of PS3s. I've got three at home." As far as users are concerned, Tom said, "Companies are putting people at risk by storing their data that way. [Users] should use their brains and generate a strong password for each site. He noted that Roboform , PassPack and KeePass are all good tools for storing and maintaining passwords. Discuss

See the article here:
RockYou Hacker: 30% of Sites Store Plain Text Passwords