diff options
Diffstat (limited to 'old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon')
| -rw-r--r-- | old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/Facebook.txt | 15 | ||||
| -rw-r--r-- | old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/adium.txt | 20 | ||||
| -rw-r--r-- | old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/adiumvtabs.jpg | bin | 0 -> 19331 bytes | |||
| -rw-r--r-- | old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/facebookcode.jpg | bin | 0 -> 19439 bytes | |||
| -rw-r--r-- | old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/ff3.txt | 17 | ||||
| -rw-r--r-- | old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/ffdownload.jpg | bin | 0 -> 70107 bytes | |||
| -rw-r--r-- | old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/gpack.jpg | bin | 0 -> 10452 bytes | |||
| -rw-r--r-- | old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/gpack.txt | 23 | ||||
| -rw-r--r-- | old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/unhack.jpg | bin | 0 -> 83361 bytes | |||
| -rw-r--r-- | old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/unhack.txt | 9 |
10 files changed, 84 insertions, 0 deletions
diff --git a/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/Facebook.txt b/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/Facebook.txt new file mode 100644 index 0000000..2f90e88 --- /dev/null +++ b/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/Facebook.txt @@ -0,0 +1,15 @@ +Owing to a misconfigured server, Facebook exposed its homepage code to what the company called "a handful of users" over the weekend. The leaked code was promptly posted on a new blog, [Facebook Secrets][1], for all of the internet to see. + +Although Facebook hasn't specified what exactly was wrong with the server, it seem reasonable to conclude that some sort of mod_php error caused apache to serve the code as an ordinary text file rather than processing it as PHP. + +The code leak does not constitute a security breach and there's probably no immediate reason to be concerned about your data. However, given the number of listed includes and auxiliary files listed, hackers now have a much better idea of how Facebook works and where potential vulnerabilities may lie. And it's hardly comforting that such an amateur programming mistake is happening at a site the size Facebook. + +PHP is notorious for just this sort of thing -- serving code as text -- but there are ways you prevent it from happening on your own site. The easiest and most effective way is to use the Apache module mod_security, which can detect and stop PHP source code from being sent at plain text. + +Regrettably for it, Facebook apparently wasn't using mod_security on the particular server that was misconfigured. + +One group that should be quite happy with the leak is ConnectU the company currently embroiled in a lawsuit with Facebook which alleges that the later stole code from the former. If the alleged code happened to be on Facebook's front page, ConnectU's case just got a whole lot stronger, though ConnectU hasn't said anything to that effect. + +Given the amount of personal data that many people have dumped into Facebook, an outside security breach would likely lead to an identity theft nightmare, should it ever happen. And if this weekend's code leak is any indication, Facebook doesn't seem to be operating at the security level you would expect from a site of that size. + +[1]: http://facebooksecrets.blogspot.com/2007/08/facebook-home-page-code.html
\ No newline at end of file diff --git a/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/adium.txt b/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/adium.txt new file mode 100644 index 0000000..e251015 --- /dev/null +++ b/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/adium.txt @@ -0,0 +1,20 @@ +Adium, the popular Mac OS X IM client has reached version 1.1. Although Adium just released a new version about a month ago, the team behind the app [claims][1] that 1.1 has been in the works for over a year. + +[Adium][4] is an open source, multi-protocol IM client popular with Mac users because it allows you to have all your conversations in a single application, regardless of what IM network your friends use, unlike Apple's iChat with is limited to AIM or Jabber. + +New features in Adium 1.1 include greatly improved tabs, support for "nudge" on MSN and "buzz" on Yahoo and improvements to the tool which allows you to hide your contact list at the edge of the screen (similar to Mac OS X's Dock application). + +There's lengthy list of [additional changes][2] you can peruse on the Adium site. + +In limited testing this morning, I found the new tabs to quite a bit improved (the support for vertical tabs is nice given that I tend to have a very narrow window in Adium, making horizontal tabs awkward). The application also feels a bit snappier. + +Adium still lacks support for video chat, but otherwise it remains the best multi-protocol IM app for Mac users. + +Adium 1.1 is free and requires OS X 10.4 (Tiger). + +[via [Digg][3]] + +[1]: http://www.adiumx.com/blog/2007/08/adium-11.php +[2]: http://trac.adiumx.com/wiki/AdiumVersionHistory +[3]: http://digg.com/apple/Adium_1_1_released +[4]: http://www.adiumx.com/
\ No newline at end of file diff --git a/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/adiumvtabs.jpg b/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/adiumvtabs.jpg Binary files differnew file mode 100644 index 0000000..037ac2c --- /dev/null +++ b/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/adiumvtabs.jpg diff --git a/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/facebookcode.jpg b/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/facebookcode.jpg Binary files differnew file mode 100644 index 0000000..3fa98f6 --- /dev/null +++ b/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/facebookcode.jpg diff --git a/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/ff3.txt b/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/ff3.txt new file mode 100644 index 0000000..6eb7aeb --- /dev/null +++ b/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/ff3.txt @@ -0,0 +1,17 @@ +Mozilla Links has posted an [inside look][1] at the new download manager which will become part of Firefox 3. Although Firefox 3 hasn't even hit the beta stage yet, the new download manager is available via the nightly builds. + +As you can see the the screenshot above, the old text links have been replaced with icon buttons and the list is divided into active and complete downloads. There's also a search bar for the heavy downloaders who may need it. + +Not pictured in the screenshot is the familiar "clean up" button, but rest assured it will be there in the final release of Firefox 3. + +The new information icon looks to be the handiest of the improvements -- clicking it reveal details such as the originating website, the location of the downloaded file and more. + +Also under consideration is the inclusion of an option to show the download manager in the status bar or sidebar, something users have requested for some time. + +While the download manager looks to offer a number of improvements, it still lacks some of the nice features found in Camino, which is based on Firefox. + +For instance, in Camino, not only can you clear the list of downloaded files, but you can also move those files to the trash from the same dialogue. + +Since the download manager is a work in progress we'll withhold judgment for the time being. The final version of Firefox is due to be released later this year. + +[1]: http://mozillalinks.org/wp/2007/08/first-look-to-firefox-3s-new-download-manager/
\ No newline at end of file diff --git a/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/ffdownload.jpg b/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/ffdownload.jpg Binary files differnew file mode 100644 index 0000000..aefa4e8 --- /dev/null +++ b/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/ffdownload.jpg diff --git a/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/gpack.jpg b/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/gpack.jpg Binary files differnew file mode 100644 index 0000000..8f1de73 --- /dev/null +++ b/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/gpack.jpg diff --git a/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/gpack.txt b/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/gpack.txt new file mode 100644 index 0000000..8128447 --- /dev/null +++ b/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/gpack.txt @@ -0,0 +1,23 @@ +Google Pack, Google's software download package has been expanded to now offer StarOffice, Sun's competitor to Microsoft Office. [StarOffice][2], which Sun normally sells for $70 is free through [Google Pack][3] (Win only). + +If StarOffice strike you as an odd choice given that OpenOffice is free and open source, which would seem to put it in line with other Google Pack offerings, you're not alone. Google likely chose StarOffice over OpenOffice as part of the company's nearly two year old deal with Sun. + +The software distribution agreement between Google and Sun was first announced back in 2005, but even then the [press release][4] primarily touted OpenOffice, which is built on the same code that runs StarOffice. + +StarOffice 8, the version offered through Google Pack, is a full-fledged office suite with a word processor, a spreadsheet app, presentation tools, database and some math and drawing tools. StarOffice supports most Microsoft Office formats, though not the new OOXML formats included in Office 2007. + +In fact, the main difference between the two is that StarOffice includes proprietary clip art graphics, fonts, and templates as well as some additional Microsoft Office conversion tools. + +Google has made no secret of the fact that it intends StarOffice to compete directly with Microsoft Office -- the help page for the new download says, "with StarOffice, you can easily view, edit, and save Microsoft Office compatible files." + +The Google Pack version of StarOffice also integrates a Google Search toolbar in all of the StarOffice applications. + +At the moment there's no integration with Google Docs & Spreadsheets, the company's online office suite, but it seem reasonable to assume that some sort of synchronization plugin will be available eventually. + + +[via [Google Operating System][1]] + +[1]: http://googlesystem.blogspot.com/2007/08/google-pack-adds-staroffice.html +[2]: http://www.sun.com/software/star/staroffice/index.jsp +[3]: http://pack.google.com/ +[4]: http://www.google.com/press/pressrel/sun_toolbar.html
\ No newline at end of file diff --git a/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/unhack.jpg b/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/unhack.jpg Binary files differnew file mode 100644 index 0000000..f7a607c --- /dev/null +++ b/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/unhack.jpg diff --git a/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/unhack.txt b/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/unhack.txt new file mode 100644 index 0000000..80ca4a7 --- /dev/null +++ b/old/published/Webmonkey/Monkey_Bites/2007/08.13.07/Mon/unhack.txt @@ -0,0 +1,9 @@ +Facebook wasn't the only site with security troubles this weekend. The United Nations website was attacked by "hacktivists," who replaced speeches by secretary-general Ban Ki-Moon with pacifist messages. + +As with the [Facebook code breach][3], the U.N. site left itself open to attack by failing implement industry standard security measures. In the case of the U.N., hackers gained access via a well-documented SQL injection flaw (passing unescaped strings, which allowed the attacker to inject their own SQL). + +While the site was quickly restored and the injected content removed, Hackademix, a security blog, [captured the attack in some screenshots][1]. Hackademix also [notes][2] that the U.N. site is likely not yet protected against similar attacks in future. + +[1]: http://hackademix.net/wp-content/uploads/2007/08/un-ss2.png +[2]: http://hackademix.net/2007/08/12/united-nations-vs-sql-injections +[3]: http://blog.wired.com/monkeybites/2007/08/amatuer-program.html
\ No newline at end of file |
