1/24/2008

Digg cracks down on group voting

Filed under: — Aviran Mordo

Tonight, Digg has launched a new algorithm to try and prevent groups of users from gaming the system. The new update effectively punishes users who vote in groups in an effort to promote certain stories. The result is that stories that reach the homepage have to be dugg by a diverse group of users.

In a blog post, Digg’s Kevin Rose explains that, “Digg’s promotional algorithm ensures that the most popular content dugg by a diverse, unique group of diggers reaches the home page. Our goal is to give each person a fair chance of getting their submission promoted to the home page.” He goes on to say that as a result of the new algorithm, it will not be uncommon to see stories with over 100 diggs still in the “upcoming” section. As I am writing this, there are three stories in the upcoming section with over 150 diggs, the most popular standing at 155.

Phishing The Phishers

Filed under: — Aviran Mordo

Cheapskate fraudsters hoping to run phishing scams for peanuts have themselves been hoodwinked. Security watchers have spotted a free phishing kit containing a hidden backdoor that siphons off stolen credentials from the fraudsters who use the technology.

Script kiddies are unlikely to twig that captured credit card numbers are being shared with the coders who developed the phishing kit, a recurrent group of Moroccan fraudsters calling themselves Mr-Brain.

Mr-Brain’s website offers easy-to-use phishing site code, email templates and other hacking tools. The website offers phishing kits for many of the most common targets including Bank of America, eBay, PayPal and HSBC.

Only a basic knowledge of PHP coding is required to set up the kits, which fraudsters can have up and running in minutes. Trouble is that as well as sending victims’ login credentials to the fraudsters’ chosen email address, the data is also surreptitiously sent to the Mr-Brain crew, Netcraft reports. The techniques used by the coders are quite sophisticated.

“The configuration script exploits the case-sensitivity in PHP variable names to disguise Mr-Brain’s electronic mail address as an unrelated but seemingly essential part of the script, encouraging fraudsters not to alter it,” Netcraft explains. In this way Mr-Brain receives stolen credentials via a Gmail account.

KDE goes cross-platform with Windows, Mac OS X support

Filed under: — Aviran Mordo

The open-source KDE desktop environment is making the jump across platforms with broad support for Windows and Mac OS X. The core KDE desktop programs, the KOffice suite, and the Amarok music player are actively being ported.

These efforts are largely made possible by the inherent portability of Trolltech’s Qt development toolkit, the underlying framework used by KDE software. Qt is designed for cross-platform portability and even uses native widgets on both Windows and Mac OS X. Trolltech uses a multi-licensing model that makes Qt available under the GPL for open-source software development and requires programmers to buy a commercial license for proprietary development. Previously, only Mac OS X and Linux/X11 versions were available under the GPL, but Trolltech decided to make the Windows version available under the GPL too with the introduction of Qt 4. This finally opened the door for porting open-source KDE applications to the Windows operating system.

Windows Small Business Server at risk from critical flaw

Filed under: — Aviran Mordo

Microsoft said Wednesday that another one of its operating system products is vulnerable to a critical vulnerability, first patched two weeks ago.

In an update to its MS08-001 security bulletin, Microsoft said that the latest release of Windows Small Business Server was also critically at risk from a bug in Windows’ networking software.

The flaw is also considered critical for Windows XP and Vista users. Microsoft did not say why it had initially omitted Small Business Server from its list of critically affected operating systems, but it said that the product’s users were being offered patches via Microsoft’s various automatic update services. “Customers with Windows Small Business Server 2003 Service Pack 2 should apply the update to remain secure,” Microsoft said in its updated bulletin.

The bug lies in the way Windows processes networking traffic that uses IGMP (Internet Group Management Protocol) and MLD (Multicast Listener Discovery) protocols, which are used to send data to many systems at the same time. Microsoft said that an attacker could send specially crafted packets to a victim’s machine, which could then allow the attacker to run unauthorized code on a system.

Microsoft rates the flaw as “important” for Windows Server 2003, meaning that it would be more difficult for attackers to exploit the flaw on this operating system.

Security experts are paying particular attention to this vulnerability because it could be exploited by attackers to create a self-replicating worm attack.

Mozilla security chief confirms data leakage bug in Firefox

Filed under: — Aviran Mordo

Mozilla’s chief of security has confirmed a vulnerability that could cause fully patched versions of Firefox to expose a user’s private data.

The confirmation, which was posted here by Mozilla’s Window Snyder, follows the release of proof-of-concept code by researcher Gerry Eisenhaur.

The bug resides in Firefox’s chrome protocol scheme and allows for a directory traversal when certain types of extensions are installed. Attackers could use it to detect if certain programs or files are present on a machine, gaining information to use in perpetrating another, more malicious exploit.

Normally, Firefox’s chrome package is restricted to a limited number of directories, but a bug in the way it handles escaped sequences (i.e. ../) allows attackers to escape those confines and access more sensitive parts of a user’s computer. The exploit only works if a user has made use of Firefox extensions that are “flat,” this is, those that don’t package their files in a jar archive. Examples of flat add-ons include Download Statusbar and Greasemonkey.

JBoss alumni launch open-source startup

Filed under: — Aviran Mordo

A startup founded by former JBoss developers will come out of stealth mode Monday to announce a new product designed to help businesses zero in on their best sales leads.

The startup, called LoopFuse, has developed a lead generation product that is offered as a paid on-demand service or as open-source software that can be downloaded for free and installed on-site.

The Atlanta-based company is entering a growing market where it will compete with several other small providers, along with established players like Eloqua, based in Toronto. LoopFuse hopes to distinguish itself with its open-source model, which it said will allow it to price its service lower than rivals’ services.

Lead generation products track the activities of potential customers on a company’s Web site and use factors like their job titles and activities on the site to assign “lead scores,” which help salespeople to target their efforts. The products work in tandem with customer relationship management software.

Kim Collins, a research vice president with Gartner, said interest in such products is growing in all industries. The challenge for new companies like LoopFuse — and for customers — is that many small companies are offering similar products, each with a slightly different twist.

“They each do things a bit differently and utilize different channels for [lead] generation and distribution (e.g., Web, sales, e-mail). Some focus more on workflow and process. Others focus more on analytics and scoring. It makes the vendors and their solutions hard to directly compare,” Collins said via e-mail.

Virgin Galactic unveils spaceship

Filed under: — Aviran Mordo

Within a few years, a handful of rich tourists may be blasting into space in a craft that looks a little like a cross between the space shuttle and a corporate jet.

British billionaire Richard Branson and the aerospace designer Burt Rutan unveiled a model Wednesday of SpaceShipTwo, the vehicle they hope will be able to take passengers on suborbital joy rides, sheerly for the fun of it, with test flights beginning as soon as this year.

“Breathtakingly beautiful,” was Branson’s assessment of the ship, which is now under construction at a hangar in the Mojave Desert.

Speaking to reporters at the American Museum of Natural History, the pair also showed off a model of the big, four-engine jet that will help launch the craft into space.

The twin-fuselage airplane, called the White Knight Two, will carry SpaceShipTwo high into the sky beneath a single 140-foot wing.

The spacecraft would then separate from the plane and rocket into suborbital space, where as many as six passengers and two crew members could unbuckle themselves and experience weightlessness and an unparalleled view before gliding back to Earth.

Passengers would get about 4 1/2 minutes of zero-gravity time, floating about a ship roughly the size of a Falcon 900 executive jet, before returning to their seats.

Will Whitehorn, president of Branson’s space tourism company, Virgin Galactic, insisted the project is no pipe dream; construction on the White Knight Two is already more than 70 percent complete. SpaceShipTwo is about 60 percent complete, and the company and Rutan’s aerospace outfit, Scaled Composites, hope to begin test flights this summer.

About 200 prospective passengers from 30 countries have made reservations, shelling out $200,000 apiece.

Powered by WordPress