The Black Hat security conference attracts the creme de la creme of the security industry. This year the organizers even offered a paid live stream for those unable to make the trip to Vegas. Called Black Hat Uplink, the service carried a $395 price tag. But as security expert Michael Coates found out, the price could be waived entirely, thanks to “a combination of logic flaws and misconfigured systems which provided access to a testing login page that could be used with user credentials that were not fully "registered" (e.g. no payment received). “
Coates, who oversees web security at Mozilla, wrote on his blog that he was unable to attend this year's event and so decided to closely monitor it online. “In this process I noticed the new "Black Hat Uplink" service that would allow remote individuals access to streaming Black Hat talks from two select tracks,” he wrote.
“I identified a series of flaws that would enable the creation of an account with only providing an email address (e.g. no name, address, phone etc) and I was never asked to enter any credit card data. Odd I thought, perhaps you enter the credit card info upon your first login.” Upon completing the registration, he was faced with a slight problem: he didn't have a registration email do direct him to the login page.
“A few select Google searches and I ended up on a relatively vanilla looking login page. I have a username and a key, let's give it a shot. To my surprise the login was accepted and I was now sitting in front of the live Black Hat video stream.”
He wasted little time in contacting the event's organizers, holding off the public disclosure until they had fixed the flaw. He also revealed that Black Hat used a third-party solution for the video feed. Can't see them using the same vendor for the next event, though.
Google pulled off a coup last year when it was awarded a contract worth $7.25 million by the City of Los Angeles to move 30,000 employees to its cloud-based email solution. It was a huge triumph not only because CSC’s (Computer Sciences Corporation) proposal for Google Apps – both companies have joined forces for this project – was picked from 15 proposals but also due to the fact that Microsoft was among those snubbed. This was seen as an alarming development for Microsoft’s popular Office productivity suite.
Google and CSC’s victory celebrations are long over and the June 30 deadline history, but so far only 10,000 city employees have been moved to Google apps while the rest, including 13,000 L.A.P.D members, are still stuck with a traditional email solution provided by Novell. The delay stems from the security concerns raised by the Los Angeles Police Department, which is particularly worried about data encryption.
"We've had a lot of technical issues, some we've created and some we haven't," said Los Angeles CTO Randi Levin. "We underestimated the amount of time it was going to take." According to a MarketWatch report, the two companies have agreed to compensate the city for all costs it incurs during the course of the delay.
Google Voice. Situation: It's a pretty awesome competitor to good ol' Skype, especially when you use its crazy powers to forward calls from your magical number to physical locations all over the world. I, for one, use Google voice to get into my own apartment. Ringing me up on the ol' call box in front of my condo complex calls my Google Voice number (local calls only!), which in turn buzzes up my cell phone which, in turn, lets me go home.
That's just one interesting use of an otherwise awesome service. There are many more. Problem: There are not nearly as many apps--Web-based or downloadable--that allow you to interact with Google Voice in unique, cool ways. I've scrounged together five for your enjoyment but, honestly, we're scraping the barrel this week in terms of available software.
So, that said, go register a Google Voice number. And while you're doing that, start skimming this article for awesome new ways to use the service!
We're almost at the point where we can consider landlines to be old school, or so suggests a new study by the Pew Internet & American Life Project. According to Pew, 59 percent of Americans hop online wirelessly using their mobile phones or laptop.
To come up with that figure, Pew surveyed 2,252 American adults, 47 percent of which said they surf the Internet through Wi-Fi or a mobile broadband card. Another 40 percent said they surf, fire off emails, and IM friends and co-workers on their mobile phones, up from 32 percent one year ago.
"The growing functionality of mobile phones makes them ever-more powerful devices for on-the-go communications and computing," said Aaron Smith, a research specialist at Pew. "Cell phones have become for many owners an all-purpose chat-text-gaming-photo-sharing media hub that is an essential utility for work and a really fancy toy for fun."
It's not really young adults, either. While adults between the age of 18 to 29 use the Web more than anyone else, those who fall into the 30 to 49 age bracket are now "significantly more likely" to take pics, send texts, and surf the Web, record video, use email, and perform other online tasks with their mobile phones.
It can be difficult to think about how the rest of the world works when one's caught up in the latest and greatest software tools on a weekly (or just frequent) basis. And I'm not just tooting my own horn on this one. You, as a Maximum PC reader, are likely infused with more knowledge about the best the software world has to offer by virtue of your thirst for knowledge for all things extreme and PC-related.
In short, you know your chops.
I thus found myself a little taken aback earlier this week. I met somebody new during the course of my normal nine-to-five and, during our introductory discussion around the ol' office cube, I noticed that she was using Yahoo Messenger. No harm there, right? As I casually brought up the Greatest IM Client Ever, Pidgin, I also managed to sneak mention of good ol' Firefox and Chrome into the discussion. In fact, I think I even made it a joke: Hey, Yahoo isn't as bad as Internet Explorer, right?
Every now and then, I'm reminded of the Internet's power to really screw things up.
As I go about my normal day as a technology journalist, half of the stories I catch across the wire are usually something related to the unfolding social landscape of the Web 2.0. Google's catching Facebook; Facebook's catching Google; Someone is making a new way to interact with Twitter (oh joy!) I find this relatively disinteresting, save for the fact that each new announcement heralds in just one more way by which every action in our lives is transforming into an accessible, traceable record for all to see.
One of my friends unfortunately learned this lesson a little too well this past week. It cost him a pretty solid gig at the ol' Washington Post, and now has me forever wondering if my "Apple Rules, Woo" comments throughout Maximum PC's various articles might, too, have gone a step too far...
But I don't blame me; I blame our growing culture of online social oversharing. And with new products and linked networks coming in on a near-weekly basis, at what point do we stand up and wrest our digital lives back from everyone else's radars? Is it already too late?
Here we go, Web developers. I know we all hate the ritual process of testing the look and feel of a site in different resolutions. I, for one, get the foul taste of bile in my mouth whenever I have to consider designing a site for ya'all still trapped on 1024-by-768 displays. Ugh.
Of course, I'll be darned if I'm going to try and measure my browser window to make sure that I'm rendering everything at the correct size these lesser resolutions call for. Which is exactly why one of the first add-ons I go searching for when installing a new browser is the ol' "Make My Browser Whatever Size I Want Automatically" plugin. In Chrome's case, it's called Resolution Test.
Security is important, yo. While a lot of sites on the ol' World Wide Web might support HTTPS connections, that doesn't mean that typing www.sitename.com into your browser will always pull up an encrypted connection between you and your final location. But don't take my word for it. Quoth the Electronic Frontier Foundation:
"Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site."
So how, then, do we address this problem? Step one is staring at the little lock icon within your browser. If the lock ain't locked, then you're not rocking a secure connection. Easy as that.
Google debuted its open, royalty-free WebM video format last month. Based on the open-source V8 video codec, WebM is meant as a challenger to the propriety H.264 video codec, which threatens to saddle web video with hefty licensing fees and royalties.
Google, Opera and Mozilla are easily its most prominent backers, with the trio pledging WebM support in their respective browsers. As for the rival camp, Apple's weight is firmly behind H.264, whereas another important patron, Microsoft, has decided to support both H.264 and WebM beginning with IE9.
“Like every codec, WebM is not immune to change; the difference in our project is that the improvements are publicly visible, and compatibility and implementation issues can be worked through in an open forum,” Jim Bankoski, Google's Codec Engineering Manager, wrote in a blog post.
Oh Optenet, you were doing so well laying out interesting statistics from your latest study, which shows that pornographic websites now account for over a third of the Web (37 percent, for those of you who were wondering), but then you had to go and sully it all by adding in commentary out from left-field.
We were totally fine looking at the hard numbers culled from a sample of 4 million URLs, and were even disgusted, as you probably guessed we would be, to learn that illegal content such as child pornography and illegal drug purchases has increased by 17 percent in the first quarter of 2010 compared to the same period in 2009. And sure, we'll admit to being surprised that websites related to online RPGs, like World of Warcraft, Final Fantasy, and Grand Theft Auto 4, have skyrocketed by 212 percent in the first three months of 2010, but with statistics on drug purchases, child porn, and even terrorism thrown into the mix, was it really necessary to single out videogames as the bane of the Web?
Hit the jump to find out what has us so flabbergasted.