Naspers Could Be The Next Owner Of ICQ (And Why That Would Make Sense)

November 22nd, 2009 by admin No comments »

icq-naspers

Last week, it was reported that AOL – amid restructuring efforts in the lead-up to the imminent Time Warner spin-off and IPO – was putting its instant messaging service unit ICQ on the block and had hired bankers Allen & Co. and Morgan Stanley to assist in the sales process.

According to the reports, AOL was looking to offload the asset for $300 million and talking to a pair of non-US companies about an acquisition (likely in a part cash, part stock transaction).

Question is: who are those potential buyers?

We’ve pinned down one who, sources say, has already engaged in late-stage negotiations with AOL about a buy-out that would occur after its planned December 2009 IPO: meet Naspers, a massive multinational media conglomerate that you’ve possibly never heard of.

Naspers (aka MIH Group) is a nearly century-old media company headquartered in Cape Town, South Africa that is listed on the Johannesburg Stock Exchange and also boasts an ADR listing on the London Stock Exchange. The group’s principal operations are in Internet platforms, pay-television and print media.

So what would make this a sensible move for Naspers?

Naspers’ principal Internet operations are currently in South Africa and elsewhere in sub-Saharan Africa, China, Russia, Eastern Europe, India, Brazil and Thailand. To expand its global footprint, buying ICQ would make sense as it already has stakes in a good number of complementary companies that operate on an international level.

An acquisition of ICQ, which has somewhere in between 40 and 50 million active users around the world – mainly in Germany, Russia, Ukraine and Israel – and is ‘moderately profitable’, would be a good move for the publicly listed media company to make in order to increase its international user base and create synergies between some of its ventures.

As outlined by Quintura CEO Yakov Sadchikov in a blog post speculating about Naspers’ interest in ICQ:

- the group owns a 35% stake in Tencent Holdings Limited, the operator of the wildly popular Chinese instant messaging platform QQ
- it boasts a 43% stake in Mail.ru, leading provider of internet and communication services for Russian speakers all over the world
- it holds 38% of Nimbuzz, a Netherlands-based global provider of instant-messaging and VoIP solutions for mobiles
– it has a 25% stake in global mobile advertising network operator BuzzCity (based in Singapore)
- it fully owns 24.com, one of the largest Internet publishers (offering blogs, email, social network and many other services) in Africa
– it recently acquired a majority interest in Brazil’s mobile services provider Compera nTime
- Naspers owns 100% of Gadu-Gadu, the leading Internet communications provider in Poland with further operations in Romania, Bulgaria and the Ukraine
- it has a 30% stake in MXIT, a mobile instant messaging service for South-Africans
- it’s the owner of Sanook!, Thailand’s no. 1 Web portal

The MIH Group also operates or owns a stake in a number of e-commerce platforms and auction websites, including Ricardo (mostly targeting Western European countries), Poland’s Allegro and Brazilian price comparison service BuscaPé, as well as local social networking sites like India’s Ibibo.

In other words, the group has been consistently building up quite a portfolio of multinational Internet and mobile communication properties, and picking up ICQ would fit perfectly into that expansion strategy.

According to our sources, Naspers was approached by AOL about a potential sale proactively, but is not the only corporation who might end up as the new parent company of ICQ. We reached out for confirmation or more information, but AOL declined to comment saying it doesn’t respond to rumors or speculation as a policy, and the MIH Group has not gotten back to us at this point. AOL is said to also be eying a sale of other properties, including MapQuest and Bebo.

AOL acquired ICQ (well, its then parent company Mirabilis) for $287 million in cash back in June 1998, with another $120 million in earn-outs for its executive team. Most of its 100-or-so employees are still located in Israel, where the company was originally established.

No comments »

Posted in Messengers

Tags:

Live Blog: Google Chrome OS Event

November 21st, 2009 by admin No comments »

demochromeos

We’re here today in Mountain View, CA at the Googleplex for an event during which Google is promising to give a lot of details about Chrome OS. This includes a full product rundown and details about the formal launch, which is expected to occur early next year.

Sundar Pichai, Google’s VP of Product Management and Matthew Papakipos, Google’s Engineering Director for Google Chrome OS are speaking at the event. And there will be a Q&A session afterwards.

Below find our live notes (paraphrased):

SP: Welcome everyone. We’re here today to talk about Google Chrome OS. We aren’t launching it today and not beta today. But we’ve made progress. As of today the code will be completely open. We’re excited to announce this.

ChromeOS2

Google Chrome is foundation of everything we’re doing here. Why do Chrome. It’s been a year. We just announced we’re over 30 million users – and now we’re already over 40 million users. We focused on speed, simplicity, and security. It’s 40% faster in JS than IE8. “One is fast and one is slow.” The most common feed back we get is “Chrome is fast.”

In the last year we’ve updated Chrome about 40 times, but most users don’t even notice. And we’re really focused on HTML5. We really want to push the web forward.

Just this year there is tons of new stuff coming:

1) Chrome for Mac will be ready before the end of the year. Very close now.

2) Chrome for Linux is coming along very well. That’s the foundation of Chrome OS.

3) Extensions are coming. We’ve taken our time to do this right. We have more details coming about extensions with certain partners. These update automatically.

HTML5, we want the web to apps as well as they do natively. We’ve been working hard on this. We want web apps to be able to use system resources the same way. Graphics is one example, we need a way to access to the GPU. Audio/video playback is key. And we need apps to work offline. We’re working with the other major browser vendors to make sure HTML5 comes along.

The growth in netbooks is amazing. Growth is exploding despite the recession. Ultra thin, ultra light computers. The trend is clear that we’re moving to web applications – not desktop applications. It’s the most successful platform out there right now. We’re moving from laptops down to netbooks on the regular computer end. On the other side we’re going from phones to tablets – these are all computers. Laptops are becoming more like phones too – always on connectivity.

ChromeOSspeed

Is there a better model of personal computing? We believe so. That’s Chrome OS.

We focus on three things. Speed. Simplicity. Security.

We want Chrome OS to be blazingly fast, basically instant-on. Chrome (the browser) on Chrome OS is going to be much faster.

In Chrome OS every application is a web application. There are no native applications. That gives us simplicity. It’s just a browser with a few modifications. And all data is Chrome OS is in the cloud. This is key, we want all of personal computing to work this way. If you lose your machine, you just get a new one, and it works. With security, because everything is a web app, we can do different things. No system is ever fully secure. With Chrome OS no user install binaries, so we can see bad things easier. We run completely inside the browser security model.

——–DEMO———

It takes about 7 seconds to to go the log-in screen. And another 3 seconds to log in to your application. And we’re working to make that faster.

Should be no surprise that it looks like Chrome the browser. We are opening up the project a year ahead of release right now. A lot of the UI will change in that time. But many of the core concepts here will carry over into the final product.

It looks like Chrome but it has application tabs. (Just like the pictures we posted.) And there is an App Menu. The UI will change a bit, but we want to give you a way to find your favorite applications. Panels are pesistent lightweight windows that never move. Buddy lists and chat are great for this. Or a notepad. And media pops up in little windows.

ChromeOSsecurity1

Demo of a chess game being played within the browser. And you can allow it to take over the full screen so you don’t realize you’re in the browser.

And we want you to be able to read books in Chrome OS. And YouTube videos look great. And there is an all view mode (and the YouTube video is still playing. You can drag and drop tabs. “It just works.”

What happens if you plug in a camera? It simply opens a window with the camera’s files. I can pull any picture and open it in a new browser window.

ChromeOSsecurity2

Microsoft Office launched a killer-app for Chrome OS (laughs). So if you get an Excel doc, it will open in Office online.

People have many types of files with computers right? They need to get in them. Like PDFs, but these work instantly in the browser too.

———–Time for Matthew Papakipos to go under the hood of Chrome OS—————–

MP: Excited about the tech under the hood. All the code is out in the open now, you can go check it out.

We want this to feel much more like a television than a computer. All Chrome OS devices will be based on solid-state storage.

One of the reasons computers boot so slowly today is that they’re still looking for things like floppy drives. Does anyone use those anymore? No. We cut out a lot of the startup processes. And we open the browser immediately. And we have something called Verified Boot – Chrome OS auto-updates itself with all the security patches. Everytime you boot we double check that you’re running what you should be running. If something fails the cryptographic system check, we reboot to get a clean image. Basically this is system recovery.

Current OSes allow apps to have the same power as you. They can modify files, etc. This means a rogue app can do bad things. In Chrome OS all the apps are web apps, with a different security model. All apps are treated as if they are hostile at a system level. A web app can change files on your hard disk, etc.

And we have security sandboxing – same thing we do in Chrome. Every tab run in Chrome OS is locked down and different from other tabs.

ChromeOS-windows

The File System: It’s always auto-updated. There are a few areas of the hard disk. The root partition is read-only. This is locked down, which is unusual in OSes today. User data is always encrypted. This is key for safety of your data. So important if you lose your machine.

All user data is synced with the cloud at all times. If you lose your machine, it’s not really gone.

———Back to Sundar Pichai——-

This is all about offering a choice for users.

We’re not going to go into too much detail about going to market today. We’re working on the software right now, but we are also working with manufacturers on the hardware level. For example, we only support solid-state drives and certain types of WiFi cards.

You cannot download and install Chrome on any machine. You will have to buy a new one.

End of next year. Before the holiday season.

While netbooks are popular, but some have usability issues. We want to make slightly larger netbooks with full sized keyboards and big trackpads.

Again, the code is all open source now. The Linux kernal, Unbuntu, Moblin have all been important to what we’re doing now. We can’t wait to see what people do with our code now.

If you are a developer and have the right type of netbook (and a screwdriver) you can get Chrome OS running today.

————Video Demo Time———–

———-Q&A Time———

Q: So many questions. One is what is the focus group for this type of device? I have an Android device now – can you run Android apps on Chrome OS? And Android devices are becoming so powerful, so why not just use this – is there a Chrome server solution?

SP: There are many possibilities. What we are doing across Android is great because it’s all open-source too. I think we’re going through a shift in computing, it’s exciting. Time will tell.

Q: Do you know what this Chrome OS netbooks will cost?

SP: You will hear that from our partners. They will be in the price range that people are used to for netbooks today. But it’s hard to predict a year from now. Also remember, they will be bigger.

Q: Price target you want to hit?

SP: No we don’t have one.

Q: What netbook are you running this on right now (for the demo)?

SP: That’s an Eee PC.

Q: With the APIs support W3C working group standards? What about docs for partners?

SP: There’s a lot of documentation on our website. And we’ve been reaching out to partners for a while.

MP: For standards, yes we’re working closely with all the standards group like W3C to standardize as much as we can. But web standards take a while to be finalized. But it’d be nice to see all this on different OSes.

Q: Will there be an app store? What about driver certification? What about editing apps – like editing photos?

SP: We will have more details about the idea of an app store down the line. We care about web apps – on the web there are hundreds of millons of applications.

MP: We’re working closely with hardware makers for the drivers.

SP: Back to apps that you can’t use on the web, like powerful editing. This will be a secondary device, it may be a primary device in terms of time spent on it, but we expect people to have other computers too.

Q: Codec support and native client support?

MP: Yes, everything that works in Chrome will work in Chrome OS.

SP: And we’re investing in new tech to make web apps run just like desktop apps. Chrome OS will also influence Chrome (the browser).

Q: Will you support Silverlight?

SP: Certain select plug-ins we’re trying to work on. But I don’t have a comment on working with Microsoft (laughs).

Q: Other browsers?

SP: Chrome OS is all about Chrome, so another browser can’t really work here. That said, it’s open source, so other browser makers can make their own OSes if they want.

Q: Will the system be exclusive to netbooks or other devices too? Any hardware partners you can make?

SP: Hardware details will come in the middle of next year. We are intially fully focused on netbook-like computers (clam shell). In the future it will be able to work on anything though.

Q: How big is the whole OS?

SP: Since it’s open source, there’s a lot in there right now. But we’re working hard to make it simple.

Q: Offline access with Gears? What about being on a plane?

SP: WiFi is the use case we have in mind. But having said that, there will be ways to plug in and play media (listen to music and read books, etc) And with HTML5 there is offline support.

Q: What WiFi will you use?

MP: We’re focused on 802.11n.

Q: Virtualization, can you run it now?

MP: Sure, you could build it and run it in a virtual machine. That’s a great way to compile and debug.

Q: What about partners like Adobe? So Android’s marketplace is key – what about Android apps on Chrome?

SP: Independent of Chrome OS we’re all about moving web apps forward – including things like Photoshop on the web. Android apps currently will not run on Chrome OS.

Q (from Mike): Steve Jobs said the same thing when he launched the iPhone (about web apps). There will be pressure to get Android like apps right?

SP: Currently we’re only working with web apps. The iPhone was a bit different because THEY made their own native apps. We’re not doing that, we’re doing all web apps for Chrome OS. Netbooks are a better size for web apps.

Q: What processors will this run on?

SP: x86 and ARM eventually.

Q: So different code?

MP: Not ready to answer that, but basically yes.

Q: What about other machine timeline? What about business model?

SP: We’re just focused on netbooks in 2010. For business model, Chrome OS is free, using the web more benefits us for a company.

Q: Any new ads in Chome OS?

SP: No plans for that. These are all just web apps.

Q: What does Chrome OS do that other browsers on other OSes can’t do?

SP: Most of what we show here you can do in other browser. But there are new user concepts we’re exposing, app tabs, panels, and there will be more.

MP: We can do more stuff with the file system and faster boot times.

Q: How do you get people past the cloud reliability? And what about storing this on Google’s servers.

SP: If your cloud is down, it affects every computer now, so this isn’t really much different. Compare the cloud reliability with what you have to do – the cloud compares favorably. In terms of trust, it’s important that users have choice. And things are open so developers can tell users what is going on.

Q: Is the Signature process – is Google in charge of that?

MP: Yes, we’ll open source that as well.

Picture 12

———Google co-founder Sergey Brin Enters———

Q: Chrome runs JavaScript really well – what about supporting Java?

SP: Technically there is nothing limiting what you’re talking about. But we’re focused on web apps.

Q: Dell has a full laptop but also a small netbook that runs ARM and is instant-on. Any plans to be a second OS on a laptop?

MP: No we’re focused on being the core OS on a machine.

Q: What about running printers or flip cams?

SP: We plan for all standard keyboards, mice, and storage devices. For printing – we’ll have more to share next year. Yes Chrome OS will print. We’re working on it.

Q: Is this about moving the community/ecosystem forward again?

MP: Yes definitely, that’s why we’re open sourcing it. Hopefully this will help other products out there. This makes it easier to work with hardware vendors too.

Q (from Steve): Realtime notifications on every page?

SB: I think we definitely need support for that in the browser. And especially in Chrome OS. Hopefully we can solve the problem of chatting when you’re not signed in to Google.

MP: There is a new notification API standard that is being worked on now.

Q: What about Wave.

SB: Wave will work with that.

Q: What is Chrome’s strategic position for Google?

SB: We really focus on user needs rather than strategies based on other companies. Netbooks are now $300 or $400 you can buy a bunch, but there’s no good way to manage a bunch of them — that’s where the web comes in, and Chrome OS comes in.

No comments »

Posted in Google

Tags:

Hands On, Kid Tested: Spin Master Air Hogs Switchblade

November 21st, 2009 by admin No comments »

Switchblade

I’ve been a remote-control-airplane enthusiast for years. I’ve never really been able to get my six-year-old son into it, though: Planes are difficult to control, and he’s a bit afraid of breaking the machines I’ve spent hours putting together.

Big Buck Hunter

Big Buck Hunter

When the chance for him to try the new Spin Master Air Hogs Switchblade ($69.99 list) came along, I thought it would be the perfect opportunity to get him into the hobby. The Switchblade is part helicopter, part plane. It takes off by rotating like a helicopter, but once it’s up high enough, you hit the Morph button to cause the wings to align–and it then flies like a plane.

Once you remove the Switchblade from its box (which includes, naturally, those annoying wire-ties), resist the urge to throw away the packaging. One part of the Switchblade looks like packaging material, but you’ll need it to assemble the launch base; I had to retrieve it from the trash.

No comments »

Posted in Tech Toys

Tags:

World’s Largest Network Radio Telescope Powers Up

November 21st, 2009 by admin No comments »

VLBA_Radio_Telescope

If one telescope is good, 35 is most assuredly better. That’s the number of networked radio telescopes that just powered up to observe 243 quasars across the universe, according to Space.com.

The goal, in what amounts to a record-breaking effort: “improve the precision of the reference time frame that today’s scientists use to measure positions in the sky,” as well as possibly enhance future Earth-based GPS systems.

Quasars emit powerful radio waves, and are distant enough to appear stationary as seen from our planet, the report said. Scientists will combine data using a technique called very long baseline interferometry (VLBI) to measure celestial positions. (Image credit: U.S. Navy/Naval Oceanography Portal)

No comments »

Posted in NASA

Tags:

Water on the Moon! NASA

November 14th, 2009 by admin No comments »

nasa-moon

Although the LCROSS mission last month (aka the “moon bombing”) that was broadcast live on TV and the Internet may have not provided any spectacular footage, it did apparently deliver some remarkable findings.

According to NASA, “the mission successfully uncovered water during the Oct. 9, 2009 impacts into the permanently shadowed region of Cabeus cater near the moon’s south pole.” In other words, we have a pretty huge scientific discovery on our hands: water on the moon!

In addition to finding water, NASA has released the above image, showing the “ejecta plume” from 20 seconds after impact. Although not the Michael Bay movie-like explosion that observers might’ve been hoping for, we now at least have a convincing visual from the mission.

The project is far from complete though, and NASA hints more amazing discoveries might be made. According to Anthony Colaprete, LCROSS project scientist, “The full understanding of the LCROSS data may take some time. The data is that rich. Along with the water in Cabeus, there are hints of other intriguing substances.”

Nicely done, NASA. We forgive you for not providing us with a spectacular embeddable video and the awkward live news broadcasts

No comments »

Posted in NASA

Tags:

Water on the Moon: Even Google’s Celebrating!

November 14th, 2009 by admin No comments »

google-moon

Google’s been on a homepage logo changing spree: they’ve celebrated H.G. Wells, the bar code, Confucious, Gandhi, and Sesame Street over the last few months alone.

If you check Google.com now though, you’ll see that the search giant is celebrating something different: the discovery of water on the moon! NASA made the stunning announcement earlier today after its moon bombing mission successfully revealed water under the lunar surface. And now the Google (Google) logo depicts the bombing revealing water.

When you think about it, Google had a quick turnaround time for this logo. As fellow space enthusiasts, our hats go off to NASA and the men and women behind the successful mission. Hopefully this is only the beginning of something even bigger than ourselves.

No comments »

Posted in Google

Tags:

OpenOfficeMouse crams practically a million buttons onto the back of a rodent

November 8th, 2009 by admin No comments »

openofficemouse-11-06-09-580x387

How many mouse buttons do you really need? If you’re an Apple user, you only need one. A PC owner might get by with a two button mouse, but three buttons are better, since that opens up the easy possibility of tab and new file opening.

But do you need more? Sure. Logitech sells numerous mice with thumb buttons, triggering email, volume, digital audio player track control and more.

More than that? Mouse manufacturers have got you covered! There’s a number of button rich mice on the market today. Are you the top cleric in your World of Warcraft guild? There’s rodents with a dozen buttons or more for the binding of all your healing spells.

But that’s apparently nothing compared to the number of buttons the users of the Open Office productivity suite need. The new OpenOfficeMouse developed by WarMouse in partnership with the OpenOffice.org community doesn’t just put a dozen buttons on the face of the mouse: it crams eighteen in there, each with double-click functionality.

It doesn’t end there. The OpenOfficeMouse supports up to 63 separate profiles, nuzzles a clickable scroll wheel within a hollow of its back, and boasts an adjustable resolution from 400 to 1600 CPI. It even has a built-in analog joystick which can, itself, be used to store up to sixteen different keys or macros.

Utterly insane, and probably comically beyond the requirements of the average Open Office users, but you’ll be able to pick one of these atrocious monstrosities up when they are released for $74.99 a pop.

Read more at OpenOffice.org

No comments »

Posted in Hardware

Tags:

Say Goodbye to Voicemail, Hello To Ribbit Mobile (500 Invites)

November 6th, 2009 by admin No comments »

Ribbitmobile

First, there was Google Voice. And all was good, and not so good. But it showed that there is a better way to manage voicemails than to listen to 15 in a row just to get to the one you care about.

Now, there is an alternative to Google Voice called Ribbit Mobile. And it too is very good. Ribbit Mobile is in private beta, but the first 500 people to sign up with the invite code “techcrunch” will jump to the front of the line.

Ribbit Mobile starts out by taking over your cell phone’s voicemail. You give it permission to do this by entering some codes it presents to you during the sign-up process. So Ribbit Mobile lets you use your existing number, something Google Voice also recently added as an option. Once you set up your voicemail, and record a new greeting message, you can get started.

All voicemails will now get routed to Ribbit Mobile and stored there. Every time you get a voicemail, it appears in your Ribbit inbox, where it can be played on your computer. It is also transcribed (using Phonetag/Simulscribe’s speech-to-text engine). And it is pretty accurate. It was even able to understand and transcribe a message left by my three-year-old son. Every transcribed voicemail also gets sent to you as an email.

So there is really no need to listen to a voicemail again. But you can retrieve them the normal way, by calling an assigned number you can save to your phone. The one drawback I found is that I no longer see the notification on my phone showing how many voicemails I have.

Ribbit also lets you route calls to any number, including Skype and Ribbit’s own Java phone which rings in your browser so you can take calls on your computer. It does not yet, however, let you assign different actions to different callers (put my wife through to my cell, put anyone not in my contacts through to voicemail).

When you are online, you can also sign into various social networks (Facebook, Twitter, LinkedIn, Flickr) and see recent Tweets, status messages, and photos from the person who is calling. It’s very Xobni-like in that way.

Soon there will be an iPhone app, and the ability to send “shouts” to Ribbit Mobile members. A shout is a voicemail that doesn’t actually ring the person’s phone, it just goes straight to voicemail, where it is then transcribed and sent along as a regular text message. Why talk, when you can shout?

Ribbit Mobile will launch with a free basic package, and then start charging between $10 and $30 a month for more services, such as human transcription. Ribbit was acquired by British Telecom last year for $105 million, so it’s not going anywhere.

One day, we’ll get a service like Ribbit Mobile or Google Voice that actually is built into our phones.

Ribbit Mobile

Ribbitmobilebeta

No comments »

Posted in Google, Software

Tags:

Massive Facebook And MySpace Flash Vulnerability Exposes User Data

November 6th, 2009 by admin No comments »

brokensafe

A Facebook developer named Yvo Schaap has uncovered a massive security flaw present on both Facebook and MySpace that would give hackers the ability to steal all of your account data, including your photos, personal messages, and basically everything else you’ve ever put on the social networks, without you ever realizing it.

Update: MySpace tells us that in their case no private data was actually exposed, see their statement below. However, Schaap believes that MySpace is simply wrong, and that they were in fact open to the exploit.

Schaap stumbled upon the exploit and contacted both Facebook and MySpace. According to his blog MySpace has since fixed the bug, and while his blog indicates that Facebook is still working on it we’ve confirmed that they’ve fixed it as well. So what exactly could the exploit do? From Schaap’s blog:

You don’t need much time to think of all the ways this could be exploited. All what has to happen is a active session, or a “auto login”-cookie and a URL which hosts a exploiting Flash file. For example when accessed, a automatic “post update” could be made, that would lure friends of the user to access the exploit URL, and the exploit would spread virally. An more invasive and hidden exploit could harvest all the users personal photo’s, data and messages to a central server without any trace, and there is no reason why this wouldn’t be happening already with both Facebook and MySpace data.

Schaap’s post is accurate regarding Facebook’s problem, but MySpace says none of their private data was compromised. However, Schaap believes the MySpace is totally wrong. We’re waiting for further clarification on their end. Here’s MySpace’s statement:

“We’re 100% dedicated to the safety and security of our users and immediately after MySpace’s security team identified this spoutbuilder issue we blocked spoutbuilder and then helped them resolve their vulnerability. No private MySpace data was exposed and the vulnerability was never exploited.”

If you’ve ever checked that ‘remember me’ button on Facebook the MySpace login screen and have at any point viewed a Flash app taking advantage of the exploit, it’s possible that all of your data was compromised. You wouldn’t even have to neccesarily open anything — if one of the infected items showed up in your News Feed you could have your data stolen without ever knowing it. Yeah, that’s pretty damn scary. For what it’s worth, Facebook gave us this statement:

The security of our users is a top priority for Facebook and we worked with the researcher who identified the issue to fix it. We have not received any reports that it was ever exploited.

Of course, Schaap pretty clearly writes that there’s no way for a user or even Facebook to tell if their data was harvested, so for all we know it could have been used by multiple developers for months or longer (Facebook is currently investigating how long the bug may have existed). Granted, Schaap could be the first developer to ever stumble across the exploit. But the potential of this bug is so huge — allowing a developer to mine all of the data for any user who accessed their app — that less honest developers may well have used the hack for their own benefit. Facebook has previously said that there are a whopping 300,000 developers building on its platform. And we’ve seen time and time again that some of those developers are not opposed to Black Hat tactics. MySpace has had its own problems.

This is obviously bad news for both social networks, but Facebook in particular has long been heralded as the safer of the two, with its extensive privacy settings and authentic identities. Yet the site has repeatedly seen glitches in its security. I’ve written before about the sorry state of our privacy and the security of our data online, and issues like this underscore that the problem isn’t getting any better. Facebook is no longer just a platform for learning about your college buddies — it’s a serious business, used for photos and messages that can be very sensitive. Hell, I’ve heard of journalists who regularly use Facebook to reach out to potential sources, when secrecy is of the utmost importance. Apparently that’s not a good idea.

The security vulnerability works by taking advantage of an oversight in a crossdomain.xml configuration file, which is used by Flash applets to determine if an application has permission to access data on that domain. The crossdomain.xml files at Facebook and MySpace were allowing any applet from any other domain to access data and the API. Combined with browsers keeping a record of your logged in session if you have checked ‘remember me’, the vulnerability means that an invisible Flash applet on any website you visit would be able to read out all your data and send it away somewhere else. For more on cross-domain requests and security, there is a write up explaining all the details.

If you’re interested in the nature of the exploit itself, head over to Schaap’s blog for a full description of how he stumbled on it.

Image by Lisanne!

No comments »

Posted in Social Networks

Tags:

YouTube Gives Partners More Control Over Video Blocking

November 6th, 2009 by admin No comments »

youtube-block

A source just tipped us on some interesting changes Google-owned YouTube has made that give its partners more control over the blocking of video content they upload to the service.

Basically, there are two new buttons in the interface for partners. One says ‘Block by Country’ and provides content partners with the ability to geo-block a single video rather than an entire account, an oft-requested feature that allows partners to restrict the geographical rights for specific videos. This can be helpful for blocking a clip in a region where it might be culturally offensive or where rights issues prevent an account for having distribution rights in a handful of countries.

The second button reads ‘Enable Auto Block outside Ownership’ (yes, that’s a confusing name). The purpose of the button is similar to the first button, but is for content owners who only have rights to a video in a single region. Using this feature they can quickly claim rights to that one region, while automatically blocking access everywhere else.

We reached out to YouTube, who says that the new features “are another way that the site is looking to give partners more control over where their videos are viewed”

No comments »

Posted in Software, Youtube

Tags: