chain

A survey has revealed that fully 30 per cent of British parents' Facebook "friend" requests to their children get rejected, and that many then resort to using other people's login details in order to keep track of their offspring's Web-2.0 activities. This sad commentary on the number of parents who feel able to speak to their kids as opposed to interacting with them primarily online

Open...and Shut Facebook isn't necessarily the new Compuserve, and Google might not be angling to be the Hotel California of tech, but all of the big web giants seem intent on locking their users into experiencing a single-vendor web. Facebook riled users this week by throttling their ability to export their Facebook friends' data for use with Google+ or other services, while Google dumped Twitter from its realtime search in favor of its own Google+. The web as an intersection of seemingly infinite networks threatens to become a limited patchwork of monopolized web experiences that only grudgingly talk with each other. Not that the web giants are the only ones playing this game. Apple has spent the last few years tying together a seamless hardware/software/web experience that blocks rivals in the interest of "delighting" users. Never mind that Apple's apparent lock on manufacturing processes could well be enough to ensure its lead, the Cupertino giant is also determined to ensure that Apple collects a toll at every step of its users' interaction with iOS devices: hardware (cha-ching!), apps (cha-ching!), media (cha-ching!), and so on. iCloud, Apple's newest salvo, does nothing to liberate users' data from the tyranny of individual devices, and instead locks them down more than ever, with Steve Jobs holding the key. As much as I've pooh-poohed the efforts of Diaspora and other open alternatives to the increasingly closed web, it's clear that something must be done to reverse course on this Compuservification of the web. Actually, something already is, but it seems to be taking far too long. That "something" is competition, and we'll see it evolve from closed-versus-closed to open-versus-closed, with some unlikely adherents of the open (standards/source/APIs) religion. Like Microsoft. Or Google. Google, of course, is often associated with the open camp, and for good reason. But it seems to have lost its open way of late, and instead apes the worst of Apple and Facebook. Hence, Android has become more closed, and Google Search starts to play favorites rather than algorithms. But my money is still on Google to revive its open approach to computing and the web. As Google employee Tim Bray writes: "We're working out ways for the people of the future to talk with each other." Bray isn't referring here to Google. His "we" refers to Google and Facebook, and presumably others. Because that's how Google tends to think: not as a monoculture but rather as a connecting point between different networks. There's simply no way that we will allow ourselves to be corralled into closed communication. Google will be on the side of openness, because its business depends upon it. The trick will be whether it allows its dominance of networking to restrict its users' sociability. That's perhaps a weak play on words, but in a social-network battle with Facebook, Facebook clearly wins on 'social' but Google feels much stronger in 'network'. I and the majority of people I know have a Gmail account, and increasingly use Gtalk for chat. Facebook messaging still feels like an awkward add-on to the Facebook experience, while in Googleland, messaging is the experience. Now it just needs to get social right, which should feel different from Facebook (as Google+ does): more communication-focused, less news feed

David Beckham's website was hacked and defaced on Sunday in an attack timed to coincide with the birth of his first daughter. Instead of the usual content about football and his celebrity friends, visitors to Golden Balls' website who showed up on Sunday were confronted with a picture of a dog attempting to eat a poster displaying an advert for dog food, alongside a message saying "ScooterDAshooter = FAIL". The defacement of a celebrity's website is sometimes used as a tool to to distribute malware, but that was not the case here, where the hacker apparently carried out the attack just for the pure devilment of the prank. Beckham undoubtedly outsources the management of his site. In any case he was otherwise occupied over the weekend with the birth of his first daughter, Harper Seven. The attack follows other recent assaults on celebrity websites including those of Amy Winehouse and Ronaldinho, who was unkindly compared to Jar Jar Binks. An attack on Diego Maradona's website by a Peruvian football fans labelled the football legend a "cry-baby". Such attacks are normally pulled off using easy-to-exploit website vulnerabilities, but can have serious implications for site owners, warn security experts. "This attack is part of a worrying trend in web attacks, as it is only a matter of time before criminals choose to use celebrity websites to distribute malware to unsuspecting visitors," said John Stock, senior security consultant at vulnerability management specialist Outpost24. "If this hacker had chosen to place malware on Beckham's site, the implications could have been highly embarrassing, especially with the recent news of the birth of Harper Seven likely to lead to a spike in visitor numbers. "While David Beckham is clearly not responsible for the day-to-day security of his website, whoever he outsources the job to should be facing some penalties for this own goal," he added. Source: theregister

Microsoft has disabled the search results on its Security Centre after malware-spreaders abused the function to promote shady pornographic websites serving Trojans as well as cheap thrills. Only the Security Section of Microsoft's website was affected by the search-engine poisoning attack. Such attacks are often used to place scareware portals and the like high in the index of searches for terms in the news, such as royal weddings, celebrity deaths and natural disasters. In the case of the Microsoft security search results, only searches for a limited range of terms return links to dodgy sites. These search terms include "porn" or "streaming" (a much more plausible search term for someone visiting the centre and presumably looking for security-related information rather than cheap thrills). Many of these sites are serving up malware as well as smut, net security firm GFI Software warns. "Since only specific terms are used, if you search using a different term, say 'united nations', you'll get real, normal results," explains Alex Eckelberry of GFI Software. "In other words, blackhat SEOs are seeding illegitimate search results within the Microsoft search results. Pretty tricky and impressive. There are a number of ways this could be done (for example, using the ability on the site to Twitter a search result)." In an update, Eckelberry added that Microsoft has temporarily disabled the search feature on its Security Centre, presumably while it cleans out its search index. Source: theregister

Yahoo! is being criticised for the new Ts & Cs for its webmail service, which give it the right to scan your emails as well as making you responsible for telling anyone who might be emailing you, but the ICO has no problem with the changes. Such scanning has been common for some time; Google was the first to scan all messages. But this led some to choose Yahoo! on the basis that it did not carry out such snooping. Even more controversially, Yahoo! suggests it is the users' job to warn anyone who emails them that their messages will also be scanned. Consumer lobby group Which?'s in-house lawyer Georgina Nelson said: "The obligation to notify those who email you that their message will be scanned is nonsensical and unrealistic. When exactly are you supposed to do this?" The changes come as part of Yahoo!'s email upgrade. The company said all users will see a pop-up when they make the change. Yahoo told PC Advisor that anyone who didn't like the changes should simply keep using their old account. But Yahoo! did say it would continue to scan old-school accounts for spam. An ICO spokeswoman said: "We've spoken to Yahoo about their email scanning feature. As with any business or organisation that changes the way its customer data is used, Yahoo has an obligation to be upfront with their users to make sure their information is being processed fairly. This includes making sure they have clear and accessible privacy notices which will allow users to make informed decisions in relation to privacy and other aspects of the service. Source: theregister

I was looking through some News when i came across this Video and I foud it to be interesting, on how the group AnonymousFeels that they arnt a bunch of hackers or terriosts. but misunderstood people from all over. So I've added it here for you all. Here is also a reason as to why they hacked PS3 http://www.youtube.com/watch?v=0UmdcNqZmw8&feature=player_embedded#at=187http://www.youtube.com/watch?v=JUqYuanc1Lc&NR=1

The time has come. I have reached the end of the 30 Days With Ubuntu Linux series, and it is time to wind down and reflect on my experience. Just as I did last month with 30 Days With Google Docs, I will list my top five complaints, followed by the five things I like the most, and finish up with an overall summary of my thoughts. Before I dive into today's list of the five things I like least about Ubuntu Linux, I need to clarify two things. First, the 30 Days With Ubuntu Linux project is about more than just the core OS of Ubuntu Linux itself. There were comments throughout the thirty days from people who felt that some of the posts were off-topic, but the 'topic' is the experience of a Windows user trying to jump into, and make sense of a Linux world, including all that it entails from financial software, to installing a webcam. Second, I want to state up front that I actually had a hard time coming up with five things. I don't want to steal any thunder from the final Day 30 post, but in general I found Linux, and the tools available for Linux to be quite capable. There is really nothing about my experience this month that was a total deal-breaker.[/color] Read More Here PCW Source: PCW

Paul Ceglia, the man who claims he has a contract that entitles him to 50 percent ownership in Facebook, has lost his high-power legal representation at a critical juncture in the case. Ceglia filed a notice of substitution of counsel today with the U.S. District Court for the Western District of New York to replace the law firm of DLA Piper, a 4,200-attorney international law firm, with the San Diego-based Lake law firm, a firm of four lawyers that also represents 200 medical marijuana collectives. DLA Piper's withdrawal comes on the day that Ceglia's latest filing was due and ahead of Thursday's scheduled hearing on expedited discovery. A DLA Piper spokesman confirmed the law firm had withdrawn from the case but declined to comment further. "We have withdrawn from the case and no longer represent Paul Ceglia," said DLA Piper spokesman Brian Kiefer. "Due to our attorney-client privilege obligations, there will be no further comment." Facebook declined to comment on the filing and representatives for Lake did not immediately respond to a request for comment. This is the third time Ceglia has changed legal representation in the case. Former New York attorney general Dennis Vacco and Terrence Connors have also represented Ceglia in the matter. DLA Piper began representing Ceglia in April when he filed a revised complaint against Facebook and its chief executive and co-founder, Mark Zuckerberg. In the filing, Ceglia cited more than a dozen e-mails purportedly between himself and Zuckerberg that detail discussions on design, development, business plans, and eventual contract disputes regarding The Face Book, as it was then called. In a filing responding to Ceglia's revised lawsuit, Facebook and Zuckerberg called the e-mails forgeries. "The contract is a cut-and-paste job, the e-mails are complete fabrications, and this entire lawsuit is a fraud," Facebook said and requested it have the opportunity to inspect the original contract, e-mails in native form, and all computers in Ceglia's possession as well as those in his parents' house. DLA Piper said in a statement at the time that "Mr. Ceglia welcomes the opportunity to expedite discovery in this case." Ceglia, of Wellsville, N.Y., claimed in a lawsuit filed last year that he entered into a contract with Zuckerberg in 2003 to design and develop the Web site that would ultimately become Facebook--a company that now has an estimated value of more than $70 billion. Ceglia said he hired Zuckerberg through a Craigslist ad to write code for a project called StreetFax and paid Zuckerberg $1,000 for coding work; he also allegedly invested $1,000 in Zuckerberg's The Face Book project, which gave him a 50 percent interest in the company as well as an additional 1 percent interest for every day after January 1, 2004, that The Face Book was delayed. Zuckerberg acknowledged that he signed a contract to write code for StreetFax but said the contract was "doctored" to make it appear to be about Facebook development. Last year, Ceglia produced a canceled check that he said proved he paid Zuckerberg $3,000 for some freelance software development work for a project called "The Face Book." Facebook initially said it believed the contract was a "likely" forgery. It has since become more forceful and said it considers it to be an outright fake. Read more:http://news.cnet.com/8301-1023_3-20075244-93/man-suing-for-half-of-facebook-loses-lawyer/#ixzz1QeyPiZbd'> http://news.cnet.com/8301-1023_3-20075244-93/man-suing-for-half-of-facebook-loses-lawyer/#ixzz1QeyPiZbd Source: CNET

The security breach of the week goes to... (drum roll please...) Sony! The website for Sony Pictures France was hacked Monday, June 20th, and 177,172 emails were taken through a SQL injection attack. As CNET notes, it was the same method used against SonyPictures.com, Sony Pictures Russia, Sony Ericsson, and Sony Music Entertainment Japan. The hacker community's ownage of Sony has spawned a new term: sownage. The term is appearing on Twitter and numerous other websites. The term even has its own Facebook page. The DataLossDB website posted an article discussing that while it was attempting to track everyone involved with the Epsilon breach the rapidly occurring attacks on Sony kept them working overtime just updating the database. In order to keep track of all the sownage there is now posted a concise history of Sony hacks. The site lists 20 separate hacks between April 26 and June 20 of this year. What is not often conveyed in the news is that these attacks are separate events. Thus, the 100+ million accounts that have been compromised were not from a coordinated effort. The article sums this up well saying, If anyone... ANYONE at all uses the term "advanced persistent threat" in describing the attacks on Sony, please hit them very hard before disregarding them as ignorant charlatans hell-bent on serving their own interests. Given the wide variety of attackers (see below), the attacks on Sony can only be described as an uncoordinated effort at best. The 20 attacks don't even include the number of DDoS attacks against Sony. Perhaps the worst part about these attacks against Sony, as well as those against other organizations, is that they have not been sophisticated ones. Many of them are basic SQL injection attacks (the number one method of attack). The hacker groups Anonymous and LulzSec have made headlines as chief participants in some of the major breaches, but the one against Sony Pictures France goes to a hacker going by the name of Idahc. According to an interview with Forbes he is an 18-year old from Lebanon. He considers himself a grey hat hacker (as opposed to white and black hat hackers) in that he seeks to make the internet more secure by provoking companies to fix their security flaws. Unlike other hacking groups, instead of selling or publicizing the entire database he posted just a few of the emails on pastebin. Hopefully, corporations will begin to implement basic security features on their website to prevent becoming sowned. Until then, keep up with the latest sownage by following the DataLossDB on Twitter or at Yahoo Pipes. Source: SecurityPro

Rapid updates, manageability gaps make Chrome and especially Firefox tough to accept for large businesses with managed networks and stability concerns. In my experience dealing with businesses, it's rare to find them using anything other than Internet Explorer as their preferred web browser, and no surprise why. The other major browsers make life really hard for IT support. Whatever your opinion, it's way easier to support IE in an enterprise than Firefox or Chrome. Firefox especially. It's old news that Mozilla doesn't have a manageable install version (a .MSI file) and they're not interested in creating one. This alone makes deployment and patching much harder than with IE, whose updates come out automatically through WSUS and other patch management systems. So we already knew that Mozilla was uninterested in the needs of enterprise administrators, but just to make sure, Mozilla's Asa Dotzler (pictured nearby) announced as much to the public: Enterprise has never been (and I'll argue, shouldn't be) a focus of ours. Google is different. They have gone to some effort to accommodate the needs of business, such as by providing a .MSI version and creating group policies that allow administrators to control installation and updating. They're minimal settings; IE has extensive group policy support that allows administrators, for example, to control home pages and security settings. But at least there's something there. But where both Firefox and Chrome fail enterprises is in the simple frequency with which they update their products. When Firefox 5 was released the other day I was curious and looked it up: It was less than 3 months since Firefox 4 had been released. This after pretty long life spans for the 2.x and 3.x generations. And Mozilla has made it clear that they will be keeping up this new, rapid pace. You might call it the Netscaping of Mozilla. Google has Mozilla beat hands-down though. The first stable release of Chrome was on December 11, 2008. Version 12, the current stable release, went out on June 7, 2011. That's an average of 75 2/3 days between stable releases. This is why I don't bother with the "unstable" beta and dev releases. Read the blog on which Asa Dotzler was commenting: The author relates the story of a guy who is trying, sincerely, to help 500,000 corporate users run Firefox. It's not easy to manage that many computers dude! He's been hard at work for some time getting the rollout to Firefox 4.0 going, and now Firefox 5 is out and with it the really bad news: Firefox 4 has reached its end of life, less than 3 months after being released. This will be SOP from now on: When Firefox n is released, Firefox n-1 will be EOL'd. This is, of course, how Google handles it too. Once a version goes stable, the previous version goes in the garbage. The guy in the blog feels like he has a big knife with a Mozilla logo on it digging deep into his back and I don't blame him. You and I on our personal computers can just decide to update something on a whim, but the guy in the blog claims to have thousands of internal apps running on his 500,000 Firefox 3.6 desktops and Mozilla has just told him they don't care about his problems. On the other side of things, look at how Microsoft handles these things. They are currently supporting 4 major versions of Internet Explorer, and the number is likely to go up. They have committed to support Internet Explorer 6 into April of 2014, part of their commitment to support Windows XP till then which is, if you ask me, accommodating to such an extreme as to be irresponsible. They are, at the same time, conducting a campaign to persuade people not to use IE6. In the time before IE6 gets offed, Microsoft is likely to release IE10 and maybe IE11. Why does Microsoft have such incredibly long support cycles? Because enterprises demand them. They want stability and predictability so that they can plan. It's the exact opposite of the strategy chosen by Google and, especially, Mozilla. Source:

Zombie movie star Simon Pegg was obliged to warn his followers after his Twitter feed was hacked to post links to malware. Supposed links to a screensaver for Pegg's alien comedy Paul actually contained a Trojan horse. A Twitter update promoting the app was posted to Pegg's @simonpegg account inviting his 1.2 million followers to try out the software. Fans quickly reported that the app had triggered anti-virus scanners. Pegg responded by warning fans to avoid the link which he said he did not post. The Shaun of the Dead and Spaced star blames hackers for the scam. The Hot Fuzz star joked that the malware supposedly shrunk iPads to the size of iPhones, and vice versa. However, in reality, the malicious code is a Windows-only threat, identified by Sophos as VBBanker-A. Sophos has a write-up of the whole unsavoury business here. Pegg is the latest in a string of celebrities whose Twitter feed has been hacked for one reason or another. Previous victims include Ashton Kutcher, Britney Spears and British TV property show presenter Kirsty Allsopp. In other instances people in the public eye have claimed that their Twitter feed had been hacked in an attempt to cover up for their own ill-judged updates. Disgraced US congressman Anthony Weiner unsuccessfully attempted this "evil hackers did it" defence after he tweeted pictures of his crotch to various female acquaintances. In cases where celebs are genuinely hacked, weak password security of one sort or another is usually behind the hack. Source: theregister

MasterCard's website became difficult to reach on Tuesday following the launch of an apparent denial of service attack. Twitter user @ibomhacktivist claimed responsibility for the reported assault, which it said had been motivated by Mastercard's decision to suspend an account maintained by WikiLeaks in the wake of the whistle-blowing site's decision to start releasing leaked US diplomatic cables last November. Or something like that. "MasterCard.com DOWN!!!, thats what you get when you mess with @wikileaks @Anon_Central and the enter community of lulz loving individuals ," @ibomhacktivist tweeted. The assault follows a decision by anarchic hacking crew LulzSec to disband last week following a seven-week hacking spree. The six-member LulzSec crew has reportedly rejoined Anonymous, the much longer established group from which LulzSec had apparently originally splintered. The whole hacktivist scene has become a bit of a soap opera of late with numerous groups getting involved. On the one side we have Anonymous, LulzSec (deceased), Tony Blair webmail server hackers TeaMp0isoN and now ibomhacktivist. On the other there's ex-military hacker Th3J35ter and other patriot hackers who disapprove of WikiLeaks's actions. Added to this are various copycat hackers and others anxious to pile into the action. And, not forgetting that denial of service attacks and most of the other assaults happening between most of the warring groups are illegal, the police are getting into the act and arresting various participants in the bun fight. It's a safe bet that intelligence agencies are also far from disinterested observers in all this. It's a mess akin to nothing so much as the custard pie fight in the original war room ending of Doctor Strangelove, or perhaps an episode of Jackass, and it looks set to continue at least until the end of summer, if not beyond. Source: theregister

Google has released a new version of Chrome Frame – the Internet Explorer plug-in that turns Microsoft's browser into a Google browser – letting users install the plug-in even when they don't have administrator privileges on their machines. The new version runs a "helper process" when IE starts up that can then load the Chrome Frame plug-in when it's requested, and you don't need admin privileges to do so. "Yay for clever technical hacks that help users circumvent ossified IT bureaucracy," said one commenter on Hacker News. But admins aren't likely to feel the same. Google is well aware of this. But the company says that if admins don't like it, they can use separate Google admin tools to stop it from happening. Mountain View announced its "non-admin" Chrome Frame last month at its annual developer conference in San Francisco, but it has only just released a stable version of the new plug-in here. The change is part of Google's ongoing effort to bring the latest web applications to the older versions of Internet Explorer still running on so many machines across the globe. IE8 and earlier versions of Microsoft's browser lack support for HTML5, Canvas, and the latest CSS/Layout handling – not to mention slow JavaScript engines – but they're still widely used in the enterprise. Older versions of IE can sit on machines for years, as admins seek to ensure that custom web applications will run properly. What's more, many machines are still on Microsoft's Windows XP operating system, which means they can't be upgraded to Microsoft's latest version of Internet Explorer, IE9, the release that finally brought the browser into the modern world. IE9 won't run on Windows XP. In essence, Chrome Frame equips Microsoft's browser with the rendering and JavaScript engines at the heart of Google's Chrome browser, and despite vehement objections from Microsoft – and others – Google is intent on slipping the plug-in into as many existing installations of IE 6, 7, and 8 as it possibly can. On one level, Google is even hoping to get Chrome Frame into Internet Explorer 9, which does not support WebGL, the new standard for hardware accelerated 3D inside browsers. "Google Chrome Frame ... is a bridge of sorts," Google's Alex Russell said last month at Google's developer conference. "Instead of asking users to replace their browser – or asking IT organizations to run two browsers side-by-side – Google Chrome Frame puts the power of Google chrome inside Internet Explorer." If you visit a site that has been set up to do so, it will launch Chrome Frame rather than Microsoft's native engine. And users can set Chrome Frame as their default engine via a registry key. Google also provides tools that allow websites to readily encourage users to install Chrome Frame, and some sites, including Yahoo!, are already doing so. Google's Gmail uses Chrome Frame, and the company says the email service runs 30 per cent faster on the plug-in than on older version of IE. Google has long urged admins to adopt Chrome Frame, offering tools for managing the installations and updates of the plug-in, but now it's also allowing end users to install the plug-in without an administrator's approval. Last month, Russell briefly touched on Google's technical workaround – which involves the use a Browser Helper Objects (BHOs) – but he provided little detail. "A very small portion of Chrome Frame lives inside the process space of IE," he said. "This is how BHOs – which are these little processes that IE decides to launch at startup time – work. We need some way to get Chrome Frame loaded. We figured out a way to do that. So once that's done, everything else can work as normal. We just have to be inside the process space." Google can do so even if the user doesn't have admin privileges. When we asked Google about its end-run around admin controls, it pointed out that admins can still prevent the installation of the plug-in using Google Update controls. "An admin can still apply policies as before, if they wish," a company spokeswoman told us. "They can have a policy in place that will prevent users from installing Chrome Frame, if desired, just as they can any other Google software managed by Google Update." It's a typical Google defense. The company is offering a way for you to prevent something from happening. But you first you have to realize it's happening. And Google knows that many will fail to realize it. One wonders what Microsoft thinks of all this. But when we asked the company to comment, its response was guarded. "We believe we deliver the best out-of-the-box browsing experience enabling users to get the best of the web without needing additional plug-ins or add-ons," said a company spokeswoman. Microsoft wail Chrome Frame first hit the web in September 2009 as a developer preview, when Mountain View was preparing to expand access to Google Wave, the now-defunct communication platform that relied heavily on fresh standards such as HTML5 and requires rather speedy JavaScript and DOM performance. The day the plug-in was first released, Microsoft let out a wail. "With Internet Explorer 8, we made significant advancements and updates to make the browser safer for our customers," the company told us. "Given the security issues with plug-ins in general and Google Chrome in particular, Google Chrome Frame running as a plug-in has doubled the attack area for malware and malicious scripts. This is not a risk we would recommend our friends and families take." Days later, Mozilla complained as well. Mozilla VP of engineering Mike Shaver pointed out that Chrome Frame sidestepped IE's built-in security tools, and he argued that it would end up confusing netizens. "The user’s understanding of the web’s security model and the behaviour of their browser is seriously hindered by delegating the choice of software to the developers of individual sites they visit," he said, alluding to the fact that after you install Chrome Frame, individual websites decide when to launch it. "It is a problem that we have seen repeatedly with other stack-plugins like Flash, Silverlight and Java, and not one that I think we need to see replayed again under the banner of HTML5," Shaver said. Mozilla boss Mitchell Baker agreed. "If you end up at a website that makes use of the Chrome Frame, the treatment of your passwords, security settings, personalization, and all the other things one sets in a browser is suddenly unknown," she said. "Will sites you tag or bookmark while browsing with one rendering engine show up in the other? Because the various parts of the browser are no longer connected, actions that have one result in the browser you think you’re using won’t have the same result in the Chrome browser-within-a-browser." With the release of the Chrome Frame beta the following summer, Google addressed some of this criticism. If you're using IE's private browsing mode and the browser flips on Chrome Frame, Google will turn on a similar setting. And in similar fashion, the plug-in also dovetails with IE's cache-clearing and cookie-blocking tools. This may have satisfied some, but the latest version of the plug-in is sure to raise the ire of others. During his talk last month, Russell even acknowledged this. But his ultimate answer was to point admins to Google's official tools for managing Chrome Frame. "[Chrome Frame non-admin installs] scares the bejesus out of a lot of IT administrators. And admittedly, their concerns aren't wrong. If you're an IT administrator, you want your users to be running a locked-down configuration," he said. "So over the last year, we've done a lot of work to make sure Chrome and Chrome Frame can be administered in the way that you want." There you have it. Google has offered a way for users to skirt admin controls. And if admins don't like it, they can put a stop to it by setting up other controls. Of course, many won't even be aware that "non-admin" Google Chrome Frame even exists. There's a reason Google has launched the thing.

Open...and Shut As much as 95 percent of the world's software is written for internal, enterprise use, rather than by vendors for sale, a point famously made by Eric Raymond in The Cathedral and the Bazaar. Much of this software, in turn, has no proprietary value for the enterprises that develop it. So why isn't the world deluged with enterprise-written open-source software? Why do so many CIOs gladly use open source but not contribute to it? Because open source is hard. Really, really hard. I've been relearning this lesson lately as I've helped advise a senior IT executive at a Fortune 500 company. His team dearly wants to open-source some promising code it has developed, code that serves a need within his own large enterprise but could be of significant value to a wide array of enterprises. But they can't. Again, it's not for lack of desire or effort. They've bought into Red Hat CEO Jim Whitehurst's call to unlock the treasure trove of isolated, enterprise code. And they're trying hard to meet the basic elements of successful open-source projects: code modularity, great documentation, permissive licensing, etc. So what is holding them back? More than anything else, project governance and community leadership. Among the elements of successful open-source communities (warning: PDF), it's critical to have a governance model that promotes open, meritocratic leadership within the project. It's equally important to kickstart the project with a project leader (think: Linus Torvalds) that can inspire outside developers to contribute. This is where things go off the rails for my enterprise friend, and I'd argue where things almost always go awry for enterprise contributions of internally-developed enterprise code. It's hard enough to run the gauntlet legal departments set up: while vendors are used to the idea of indemnifying customers for use of their software, enterprise IT is not. Few legal departments want the potential risk associated with releasing code that is generally a) not directly driving their business and potential lawsuit bait. It's just not worth it. But even if one can circumnavigate these legal hang-ups, the leadership conundrum remains. In part because of other legal hang-ups. For example, even if one open-sources one's code under an open-source license that disclaims responsibility for the code, management of the project is like waving a banner to would-be litigants that screams, "Sue me! I'm in charge of this code!" So enterprises are likely to try to find a partner of some kind to take over management of the open-source code. But unless this partner has a strong desire and self-interest in seeing the code community thrive, they're unlikely to do an adequate job. All of which leaves us with a gargantuan pile of closed-source code that is unlikely to ever be open-sourced. There are, however, other options beyond a full open source approach. Perhaps a better bet is simply to release software as open source

The Metropolitan Police are still holding a 19-year-old man on suspicion of involvement with the LulzSec group of hackers. LulzSec itself, via Twitter, refuted claims that he is some sort of leader. The group also posted the identities of two US residents they accuse of talking to police. The group warned: "There is no mercy on the Lulz Boat." Meanwhile UK papers have named the alleged hacker as Ryan Cleary, of Wickford, Essex. Police sources told the Currant Bun they believe he is "a major player" within LulzSec. LulzSec said he ran an IRC server used to host chatrooms. The group said: "Clearly the UK police are so desperate to catch us that they've gone and arrested someone who is, at best, mildly associated with us. Lame." "We use Ryan's server, we also use Efnet, 2600, Rizon and AnonOps IRC servers. That doesn't mean they're all part of our group." The hackers also suggested people continue to release fake LulzSec news because it helps separate the fact-checking media from "the peon masses". The Met confirmed to us they are still holding a 19-year-old for questioning. He has not been charged yet. Cleary's mum told Sun Ryan was agoraphobic and has a history of mental illness. Ryan's half-brother told the paper: "Ryan used to be part of WikiLeaks. He has upset someone doing that and they made a Facebook page having a go at him." He was arrested by members of Scotland Yard's e-crime unit acting on intelligence from the FBI. Because LulzSec attacked websites belonging to the US Senate, CIA and FBI there are fears that Cleary could face extradition to face charges in the US. Source:

It appears that LulzSec is the latest target of hacking. If this story on Australia’s ABC technology Website is accurate, then the hacktivist group has made itself unpopular enough to become itself a target. TeamPoison says it posted a message on the Website of a Dutch LulzSec member; this cannot be confirmed, because the Website has been taken offline. Although the Website is down, Google has apparently indexed the message (although, alas, apparently not cached it). If the TeamPoison threat is genuine, LulzSec members could be in for a torrid time of it: the hack message threatens to strip away their anonymity in dramatic fashion, including “pictures, addresses, passwords, IPs, phone numbers etc”. The message claims that LulzSec and Anon’s IRC servers are both down, but El Reg can’t confirm this at the time of writing. The attack comes a day after the arrest of an accused LulzSec member, and accusations that this week's breach of UK census data was by LulzSec, a claim the group denied. The hacktivists have taken down the CIA website, EVE Online, and the US Senate. Even the posting of customer details from Maxpro Technologies on the PasteHTML Website has been attributed by some to LulzSec although signed "UberLeaks". However, to Vulture Central, a US manufacturer of valves seems somewhat distant from LulzSec's usual targets - and too minor to qualify for the prefix "Uber".

Thousands of Australian websites have irretrievably lost their data and email files following a malicious security hack on Australian domain registrar and web host Distribute.IT. The company has been scrambling to save data and get customers back online or moved to safe servers since the security breach occurred over a week ago, but has largely failed to recover data from the affected server

Google has released an extension for its Chrome browser that helps developers and security testers identify websites that execute unsafe code on end user computers. The release of DOM Snitch, as the experimental extension is known, comes five weeks after application security provider Mind Security published a Firefox extension called DOMinator that does much the same thing. Both programs vet website-supplied code that gets executed by an end user's browser, which in geek speak is often referred to as the DOM, short for document object model. Using DOM Snitch, web developers, penetration testers and unitiated browser users can observe DOM changes in realtime without having to analyze JavaScript with a debugger or a similar tool. The extension records the specific address and a complete stack trace that helps assess the likelihood of the code being vulnerable to common exploits, such as XSS, or cross-site scripting, attacks, or functions that allow one site to read or modify data set by another site. The interface highlights activity logs in red when a security bug is spotted and yellow, green or gray shade when less severe issues are detected. Google stresses that there are no guarantees that DOM Snitch will work flawlessly for all web applications. The documentation goes so far as to refer to the browser extension as still being in the alpha stage. Still, the free download is an easy way to quickly spot bad coding practices on all your favorite websites. https://code.google.com/p/domsnitch/downloads/list Source: theregister

Yet another web authentication authority has been attacked by hackers intent on minting counterfeit certificates that would allow them to spoof the authenticated pages of high-profile sites. Israel-based StartCom, which operates StartSSL suffered a security breach that occurred last Wednesday, the company said in a tersely worded advisory. The certificate authority, which is trusted by the Microsoft Internet Explorer, Google Chrome, and Mozilla Firefox browsers to vouch for the authenticity of sensitive websites, has suspended issuance of digital certificates and related services until further notice. Eddy Nigg, StartCom's CTO and COO, told The Register that the attackers targeted many of the same websites targeted during a similar breach in March against certificate authority Comodo. The hackers in the earlier attack managed to forge certificates for seven addresses, including Google mail, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.com, and Microsoft's login.live.com. The earlier breach touched off a frantic effort by the world's biggest browser makers to blacklist the counterfeit credentials before the hackers could use them to create spoof websites that contained a valid cryptographic stamp validating the sites' authenticity. It took more than a week for the fraudulent credentials to be blocked in all browsers, and even then, many widely used email programs still weren't updated. The hackers behind the attack on StartCom failed to obtain any certificates that would allow them to spoof websites in a similar fashion, and they were also unsuccessful in generating an intermediate certificate that would allow them to act as their own certificate authority, Nigg said in an email. The private encryption key at the heart of the company's operations isn't stored on a computer that's attached to the internet, so they didn't get their hands on that sensitive document, either, he said. Last week's attack is at least the fifth time an entity that issues SSL, or secure sockets layer, certificates has been targeted. In all, four of Comodo's resellers have suffered security breaches in the past three months. The susceptibility of CAs to hackers represents one of the many significant vulnerabilities of the SSL system, which serves as the internet's foundation of trust. Once a CA's root certificate is included with a browser, it can be responsible for validating tens of thousands or hundreds of thousands of individual websites. That makes it impractical to remove the root certificate even if there is good reason to be wary of it. Nigg declined to state how many certificates StartSSL has issued during its tenure, but he did say it is among the top 10 issuers. It is unclear when the CA will resume services Source: theregister

While there have been cyber attacks made against other companies and government organizations in the last couple of months, Sony has been by far the company that has suffered through the most attacks. Today CNet's News.com reports that yet another web site owned and operated by one of Sony's divisions has been attacked. Two hackers claimed they took over 177,000 emails from the Sony Pictures France web site. The two hackers who accomplished the attack said they got through via an SQL injection. The duo posted 70 of the emails on a Pastebin web page. Sony Pictures has yet to confirm the attack saying only, "We are currently investigating this claim." One of the hackers, known as "Idahc", stated in a Forbes.com interview last week that he is launching these attacks as a way to get companies like Sony to improve their web site security systems. This is the 20th cyber attack on a web site or server owned and/or operated by the Japanese company in the past couple of months. Of course the biggest attack happened on April 20 when hackers attacked the Sony Playstation Network online gaming service. Sony said that tens of millions of PSN accounts were exposed although no financial info was apparently taken. Sony shut down the network for a few weeks and has only just recently brought the Playstation Network back to full operations. It also compensated PSN users for the system downtime with free downloadable games as well as other offers. Source:

This morning a post on Pastebin outlined a serious security issue that was spotted at Dropbox: for a brief period of time, the service allowed users to log into accounts using any password. In other words, you could log into someone's account simply by typing in their email address. Given that many people entrust Dropbox with important data (one of the service's selling points is its security), that's a really big deal. We've now confirmed with Dropbox that the service did have this issue yesterday — Dropbox says that it began after a code push at 1:54 PM PDT and was fixed at 5:46 PM PDT (they had the fix live five minutes after they discovered it). So, in total, the bug was live for around four hours. The question now is how many people were affected. The company will be announcing that "much less than 1 percent" of users logged in during this time, and that all sessions have now been logged out as a security precaution. The team is now investigating if any accounts were improperly accessed, and says that anyone who was impacted will be notified. The issue was posted to Pastebin by Christopher Soghoian, who has previously criticized Dropbox for the company's misleading description of its security practices (Dropbox used to claim that employees at the company had no way of viewing user files, but in reality a small number of them do have administrative privileges). Soghoian didn't discover the password issue himself — it was relayed to him and he anonymized the email exchange. Security scares are the last thing Dropbox needs. The company has seen very strong growth over the last year and is rumored to have a valuation that may be as high as $1.5 or 2 billion. But all of this growth is contingent on people trusting the service — the whole point is that you're mirroring your most important and most frequently-accessed files between multiple computers. If people start worrying that their Excel spreadsheet or banking data or private IMs could be exposed, they'll turn elsewhere. Most people probably don't care if Dropbox employees could conceivably access their files (after all, the same is true at Google and Facebook). But an authentication system that's accepting the wrong password? That's something that anyone can understand (and get scared about). I love Dropbox and have been using the service for years now, but gaping security holes like this simply aren't acceptable — especially when there are other services that offer similar functionality. Even if nobody accessed my account (which is probably the case), the fact that this could happen is unnerving. Here's one of the email messages posted to Pastebin that describes the issue:

As what exactly the Google +1 Button does continues to mystify some users, security researcher Ashkan Soltani and Brian Kennish, former Googler and the mind behind Facebook Disconnect, have decided to kill two buttons with one browser extension, creating Like +1. Unlike the +Like extension, which allowed you to Facebook Like Google search results, Like +1 turns all offsite Like Buttons into hybrid Like+1 Buttons, allowing you to consolidate some of your social button clicking behavior into one click, so you can simultaneously +1 something while you also Like it. In addition to saving you the exertion of clicking two different buttons and letting you view your Facebook Liking behavior on your Google profile, the extension saves all your Like+1 activity locally. So if you ever want to export a Facebook independent record of your Liking, or +1ing you're good. Like +1, compatible with Chrome, Firefox, IE and Safari courtesy of WebMynd, is great news for people who are suffering from button fatigue. Now you'll only have to do 50% of the work and actually get to see the fruits of your labor in your Facebook feed. "The web has too many buttons," Kennish says. Yeah, just look at the top of this post. Read More [HERE] Source: Techcrunch

Been playing on my server with a few italian scripts and found some old ones to be very useful. I have a variety of Italian scripts and will add them here to the IRC Downloads. this one is called Dragon Fire all around very good script with a lot of details and creativity.

A new map pack for Portal 2 has been released, adding new six chambers designed to be played with the Razer Hydra motion controller. The controller features two control sticks that can be used to pick up items, stretch special cubes and rotate portals. The Hydra works with all Portal 2 single player and co-op missions, but the MotionPack levels will feature special items and puzzles that take advantage of the controller's unique abilities. The MotionPack comes bundled with with Razer Hydra controller, which can be bought in the US now through Steam, or directly from Razer for $140. According to Razer's site, the Hydra is compatible with 125 other games, including Assassin's Creed, Batman: Arkham Asylum, Call of Duty and Battlefield: Bad Company 2. You'll find the full list here. The controller consists of a central orb that sits on your desktop and two handheld control sticks. The orb generates a low level electromagnetic field, and the Hydra uses magnetic sensors to determine the exact position and angle of the two handheld devices. Razer say the unit boasts an "ultra precise sensor for 1mm and 1 degree tracking" and "ultra-low latency" for faster response. It's impossible to know how the Hydra really feels until it's in our hands, but a series of demo videos on the Razer site gives us an idea of the movements needed to perform in-game actions. You can watch the videos below. The motions appear smaller and more subtle than the wild arm waving that we've seen on similar devices like the Wii-mote. The Hydra is only available in the US, for now. It's currently available to pre-order from Razer EU for 140 Euros, and is listed as "shipping in June." The MotionPack is the first piece of DLC for Portal 2, but there's more in the pipeline. We can expect more test chambers, leaderboards and challenge modes later this summer. The release of the Razer Hydra on Steam is another landmark moment. If Steam can sell a motion controller, why not any other piece of hardware? http://www.youtube.com/watch?v=7_1Ao2cd5BM&feature=player_embedded Source: PCgames

The Mozilla Project has rolled out release candidate versions of its Firefox 5 browser for both desktops and mobile, marking the last iterations before the final versions debut. Labeled as the seventh beta version, the desktop software was released into the project's beta development channel as part of Mozilla's new rapid release development process. The mobile version for Android was released simultaneously. Both are available for download from the project's "Future of Firefox" page. After entering beta last month, the final version of Firefox 5 will be unleashed on Tuesday, June 21. Firefox 6, meanwhile, is expected to arrive in August. Increased 'discoverability' Since software release candidates are typically more or less identical to the final versions that follow them, this last pre-final desktop version offers a revealing sneak peek at what we can expect to see next week. At the top of the list of new additions, for example, is added support for CSS animations, which make it possible to animate transitions from one CSS style configuration to another. Firefox's Do Not Track header preference, meanwhile, has been moved "to increase discoverability," the project's developers note. Performance has been improved in canvas, JavaScript, memory and networking, while there's also improved standards support for HTML5, XHR, MathML, SMIL and canvas. Better desktop environment integration For Linux users, the Firefox 5 release candidate offers better desktop environment integration, while spell-checking has also been improved for some locales. Background tabs now load more quickly, and WebGL content is no longer allowed to load cross-domain textures. Finally, because Mozilla has noticed that "very few users actually want to switch back and forth between different levels of stability and feature support for a single Firefox install," as Director of Firefox Development Johnathan Nightingale recently put it, the Firefox development channel switcher introduced in previous Firefox beta updates has been removed. More details are available in the software's http://www.mozilla.com/en-US/firefox/5.0beta/releasenotes/ Source: TECHWORLD