Samsung Galaxy S3 64GB Model

Samsung's UK-based retail partner Expansys has reportedly stopped taking orders for the 64GB version of the Galaxy S3 smartphone, leading some to speculate that the Korean tech giant has decided demand is too soft to manufacture and ship the model.

The Galaxy S3 was originally supposed to come in three flavours — with onboard storage clocking in at 16GB, 32GB, or 64GB  — but GSM Arena reported Tuesday that Expansys is telling customers that Samsung "has decided not to release the [64GB] unit."

On the other hand, Australian phone seller Mobicity is apparently taking orders for unlocked 64GB versions of the Galaxy S3.

Samsung hadn't responded to a request for comment as of last night.

If the GSM Arena report is accurate, however, it remains more than a bit mysterious as to just how and when Samsung was planning to release the 64GB Galaxy S3 in the first place. The model was supposed to be sold internationally with the exception of the US, according to AnandTech and a few other sources.

The thing about the Android 4.0-based Galaxy S3 is that it's already got up to 64GB of expandable memory courtesy of its microSD slot, meaning that you could stuff a ridiculous 128GB of onboard storage into the ephemeral 64GB version of the handset if you chose to. By comparison, the most expensive iPhone 4S has 64GB and that's it.

Judging by the comments on GSM Arena, a lot of folks think 128GB in a smartphone is more than a bit excessive. Maybe there's a niche market for the 64GB Galaxy S3, but it could be that Samsung is discovering it's pretty small.

App Release

A package of apps have been released by a number of developers and their apps have jumped straight up to the top 25. Have a look on the store and see what you think.

Serial hacker says latest Android will be "pretty hard" to exploit

The latest release of Google's Android mobile operating system has finally been properly fortified with an industry-standard defense. It's designed to protect end users against hack attacks that install malware on handsets.

In an analysis published Monday, security researcher Jon Oberheide said Android version 4.1, aka Jelly Bean, is the first version of the Google-developed OS to properly implement a protection known as address space layout randomization. ASLR, as it's more often referred to, randomizes the memory locations for the library, stack, heap, and most other OS data structures. As a result, hackers who exploit memory corruption bugs that inevitably crop up in complex pieces of code are unable to know in advance where their malicious payloads will be loaded. When combined with a separate defense known as data execution prevention, ASLR can effectively neutralize such attacks.

Although Android 4.0, aka Ice Cream Sandwich, was the first Android release to offer ASLR, the implementation was largely ineffective at mitigating real-world attacks. One of the chief reasons for the deficiency was Android's executable region, heap, libraries, and linker were loaded at the same locations each time. This made it significantly easier for attackers designing exploits to predict where in memory their malicious code can be located.

"As long as there's anything that's not randomized, then it (ASLR) doesn't work, because as long as the attacker knows something is in the same spot, they can use that to break out of everything else," Charlie Miller, a veteran smartphone hacker and principal research consultant at security firm Accuvant, told Ars. "Jelly Bean is going to be the first version of Android that has full ASLR and DEP, so it's going to be pretty difficult to write exploits for that." Miller has spent the past seven years writing software exploits that can install malware on Macs, iPhones, and Android handsets when they do nothing more than browse a booby-trapped website.

By contrast, Apple's competing iOS has offered fully implemented ASLR and DEP for the past 16 months. Not that Apple developers' track record of adding the protection has been perfect. The 2009 debut of OS X Snow Leopard also failed to randomize core parts of the OS. Those omissions were finally fixed with the later release of OS X Lion.

Unlike its Android predecessors, Jelly Bean provides randomization for what's known as position-independent executables. That will make it significantly harder to use a technique known as return-oriented programming when exploiting buffer overflows and other memory-corruption vulnerabilities discovered in the mobile platform. Jelly Bean also provides defenses to prevent information leakage exploits that can lead to much more serious OS exploits.

Android has yet to introduce code signing, a protection designed to prevent unauthorized applications from running on the device by requiring code loaded into memory to carry a valid digital signature before it can be executed. It has long been present in iOS.