Mark Zuckerberg fan page hacked on Facebook: What really happened?

There was a lot of hoo-ha and speculation yesterday after Mark Zuckerberg's official Facebook fan page was updated with an unauthorised post.
Mark Zuckerberg hacked
At first Facebook declined to comment on what - at first glance - appeared to be an embarrassing security faux pas by Zuckerberg or one of his staff authorised to update the page. Understandably there was speculation that Zuckerberg or one of his colleagues might have had their passwords guessed or stolen, or perhaps had been 'sidejacked' by a tool such as FireSheep while using an unencrypted free WiFi hotspot.
Those were certainly our first thoughts, but now new information shared by Facebook's security team with the press tells a different story.
Squiggly imageFor instance, CNET's Elinor Mills reports that Facebook discovered that an API bug allowed unauthorised parties to post status updates to public Facebook fan pages.
This meant that personal information wasn't stolen from anyone's Facebook account - which is a very good thing.
So, it wasn't a story of a 26-year-old logging in at Starbucks and not realising that someone could be intercepting the communications. And it wasn't a tale of a junior member of staff choosing a password like "123456789" for their Facebook account, and being given the keys to administer a page with 2.8 millions fans.
Those kind of mistakes aren't uncommon, of course, and are security issues which you should be mindful of if you are responsible for the protection of computers and online activity inside your own organisation.
Instead, it turns out that the true story of the Zuckerberg fan page hack is much worse. Because a vulnerability in the way that Facebook was coded allowed unauthorised parties to post updates to pages, which could have potentially been used for the purposes of phishing, spam and even malicious attack.
Because it wasn't just Zuckerberg's fan page which was affected. Facebook declined to say which other pages had been hit by hackers exploiting the vulnerability - but it appears that other "high-profile" pages were also impacted. Facebook has not revealed whether they believed that French President Nicolas Sarkozy's fan page (which was also breached earlier this week) had been affected by the same bug.
So, what does this mean for you if you're a sysadmin responsible for securing your company's Facebook presence?
Well, the good news is that Facebook says the API bug has now been fixed. They haven't, however, said if they have informed the owners of any other Facebook fan pages or removed posts which may have been published via the flaw.
So, if you are the administrator of a popular page on Facebook it wouldn't do any harm to check that all is in order. You may also want to ensure that your public forums are regularly monitored just in case a similar incident occurs in the future, which might result in your Facebook fans receiving unauthorised updates.
After all, would the API vulnerability have been found so promptly if it hadn't impacted the official fan page of Facebook's CEO?
Furthermore, now would be a good time to audit your Facebook page administrators - ask yourself who has access to post to your company's pages and are they following sensible security practices (such as unique, hard-to-crack passwords and use of https when accessing the site).
Accessing Facebook via https
This may not have been the issue in the case of the Zuckerberg fan page defacement, but it still makes a lot of good sense to follow these guidelines inside your company.
If you want to keep abreast of the latest Facebook security news, why not join our Sophos Facebook page where a community of over 50,000 users regularly discuss the threats.
[ Read More ]

How to learn to gamble in an online casino

Gambling in an online casino can require more and better skills then when you are playing in a land based casino. This is why it is very important to pick the online casinos that are best for you. Here I have written some helpful ideas on how to find the online casino that is right for you.
Gambling in an online casino is not exactly the same as playing in a regular casino. Yes the rules are the same but the way you play may be slightly different. 

One of the major differences between gambling in an online casino and a regular land based casino is the fact that you can't look into the eyes of another player. Let's say you are playing poker and you suspect the other player may be bluffing you can look at them to try to get a read on them to see if they have a tell, but in an online casino you have to be sharper then that.

In an online casino or online poker room you need to be good enough to know from the way the other players at the table are playing if they are bluffing or not, as opposed to at a regular casino or poker room where you can look into their eyes and try to get a read on them.

Other then poker most of the games are almost exactly the same as in a land based casino. If you are new to gambling online you may want to check out some online casino review sites. These sites not only offer reviews from independent reviewers, but you can also find reviews from regular everyday players like yourself and read about their experience both good and bad and make up your own mind.
To do this I recommend going to yahoo.com and typing In casinos into the search engine, and if you check out the top 5 or 6 sites I guarantee you will find all the information on what sites are reliable and which ones are a rip off. Some of the sites even offer their readers weekly gambling Horoscopes, and recipes for foods perfect for the next time you invite the guys over for poker night.


Before spending any money in any of the online casinos, open a free account and try the games out for free, see if you enjoy the software and the different options. Make a list of things you liked and things you did not like and find the site that offers you more of what you want and less of what you do not want.


Make sure to read all of the rules for each online casino. They will tempt you by offering you bonuses just for signing up, but make sure you read and understand the rules for accepting the money before you accept it or spend any of the allegedly "free" money.


Many of the online casinos will offer you a tutorial explaining how to use the features and to play each game and I highly recommend that you use it, because if you make a mistake the online casinos will not give you a refund.

Other then this the only advice I can give is that the more you play the better you will get, and will therefore be able to win more money.



[ Read More ]

Monitoring RSS Feeds

Measuring and tracking RSS while a fairly simple concept, is really anything but. Unlike websites, RSS have the added caveat of potential syndication, making accurate tracking a challenge to anyone but the extremely tech savvy.

It is not unrealistic for marketers to want to know how many subscribers they have, which items in their feeds attract the most interest, or how many click-throughs are generated as a result of an RSS feed.

 There are a number of 3rd party providers who focus on tracking the consumption of RSS feeds. Some solutions are rudimentary but likely sufficient for a small business testing the waters with RSS. Other RSS tracking solutions are more complex and while they can come close to being accurate, with syndication there is no solution that tracks with 100% accuracy.

Techniques Used to track RSS Consumption
Small businesses can view web logs to provide information on how many times a specific file (RSS feed) is requested. The logs and information is rudimentary but will give a basic sense of a feeds success. Many 3rd party tracking options have additional tracking information available.

Hosting
The most common method to track the number of feed accesses or individuals accessing a feed is to use a 3rd party feed host. Companies like FeedBurner essentially track feeds based on accesses. The downside to using a 3rd party like Feedburner, is that the url is a FeedBurner url and any PageRank or popularity associated with the url will benefit the feed host rather than the feed creator. Additionally, no distinction is made between unique views or syndicate feeds.

FeedBurner provides a free no frills service to host RSS feeds and they have been proactive in circumventing user concerns. Recently implementing a service that eases users concerns about migrating from FeedBurner. There is a 3 step process for users interested in migrating from FeedBurner's free service, implementing a permanent redirect, and url forwarding.

Some publishers, who were concerned about lock-in or wanted to retain control of the domain and feed urls often resist a hosting service. The new program FeedBurner Partner Pro is not free, but allows for users to point to their own domain, retaining complete control of their feeds without sacrificing statistical tracking.
The downside to using a service like FeedBurner is that some filtering applications used on corporate proxy servers block feeds residing on FeedBurner or other free hosts.

Redirects
Companies like SyndicateIQ have more complex tracking solutions that generate unique urls for each subscriber. The tracking benefits to such a customized solution is obvious. Individual user habits can be monitored and any users abusing their access and inappropriately syndicating a feeds content can have their feed turned off. The downside of course is that the success of RSS is in a large part due to the anonymity. Users don't want their personal habits tracked.

Considering the venture capital interest in these 3rd party hosting services. It is important to note that their value is in the data that they collect. As with any 3rd party service, it goes without saying that publishers should read the privacy policy carefully, be aware of who owns the rights to the collected information, and how that information might be used. It goes without saying that the value in many of the free services currently available lies in their aggregate data.

Uniquely Named Transparent Images
Uniquely named transparent 1x1 graphics can be added to the description field of an RSS feed. Users can use standard web logs to see the number of times the image is viewed and determine the number of times the feed was accessed.

Companies Specializing in Tracking and RSS Metrics

Pheedo - Pheedo creates tools that enable individuals, organizations and corporations to promote, analyze, and optimize their weblogs and content.
http://www.pheedo.com

SyndicateIQ - SyndicateIQ's position in the content distribution chain provides clients a set of analytics.
http://www.syndicateiq.com/

FeedBurner - FeedBurner offers a full range of services to help you build awareness, track circulation, and implement revenue-generating programs in your feed(s).
http://www.feedburner.com

Each individual using RSS needs to make a decision of the extent and importance of the analytics they require. Realizing that any system they employ is not going to be perfect.
[ Read More ]

Free Spam Blockers vs Paid Ones

bLoG okE: Free Spam Blockers vs Paid Ones Free spam blockers Vs, Paid ones are a topic that lurks at the back of your mind before opting for one. You may face the need of protecting your computer from the damages that spam can do to your computer. They not only occupy storage and memory space of the computer, but also spread viruses that can crash the whole system. It is best to avail the trial period to judge the type of spam blocker that suits your need.

Free spam blockers Vs, Paid ones

It is becoming impossible to stop email spam for both internet users and online business owners. Spam not only eats away the storage and memory space of the computer, but also poses various other problems. They can force your ISP to disconnect your internet connection. The virus in the spam can slower down your machine and cause the whole system to crash. It can not only steal all your confidential information, but also delete completely from the computer all the files and documents that you have stored. Thus, the spam blockers play a very important role in protecting your computer from any such damages.
[ Read More ]

bLoG okE: The Basics Of Domain Name Registration And What It Means To You.

[ Read More ]

"Coins for President"

Statement of President Susilo Bambang Yudhoyono (SBY) of his salary that has not increased for seven years, triggering the emergence of a coin-raising fun for the president in a number of social networks like facebook and twiteer. In fact, there have been allusions to the movement logo "coin of love for the president" on facebook with the logo similar to airplane piggy bank. the description of this group, the admin took facebookers set aside money each Rp. 1000 to help President SBY buy presidential plane. "If the population there are approximately 200 million people, well it is enough for each person donate Rp.1000, surely he would moved and more in love with his subjects, even big reward if you make people happy. Thx:)," the citation information of this group. Until the post is made, there are already 196 people join. 

While in twiteer circulating movement "coins to the president" a very similar logo with the logo of the movement "coin justice to Pritchard." In the center logo is yellow, black and white were the words "Help Salary President".
Movement with the exact same logo appears also on facebook and until this post made 4370 people already there. wall on this account is full of mockery of the government. on this account info written invitation to help a president who lack salaries.
President Yudhoyono said that presidential salaries have not increased for seven years in a speech closing the TNI leadership meeting / Police 2011 in Jakarta, Friday (21 / 1). Meanwhile, Coordinating Minister Hatta Rajasa Denying President SBY "Curhat" while revealing that his salary has not increased for seven years.
Meanwhile, political analyst from the University of Paramadina, burhanudin Muhtadi judge convey the substance of which the president would not hurt. because, in fact it was seven-year presidential salary does not rise. At issue, is not quite right when it was on to convey directly by the President.
[ Read More ]

"Koin untuk Presiden"

Pernyataan presiden susilo bambang yudhoyono (SBY) tentang gajinya yang belum naik selama tujuh tahun memicu munculnya gerakan iseng penggalangan koin bagi presiden di sejumlah jejaring sosial seperti facebook dan twiteer.
Bahkan, telah muncul logo sindiran untuk gerakan "koin cinta untuk presiden" di facebook dengan logo celengan mirip pesawat. pada keterangan group ini , sang admin mengajak facebooker menyisihkan uangnya masing-masing Rp. 1000 untuk membantu presiden SBY membeli pesawat kepresidenan. " andai di kira-kira penduduk ada 200 juta jiwa, yah cukuplah tiap orang nyumbang Rp.1000, pasti beliau akan terharu dan semakin cinta sama rakyatnya, malah pahalanya gede lho bikin orang bahagia.  thx :)," demikian kutipan keterangan group ini. Hingga posting ini di buat, sudah ada 196 orang bergabung.
Sementara di twiteer beredar gerakan "koin untuk presiden" yang logonya mirip sekali dengan logo gerakan "koin keadilan untuk prita". Pada bagian tengah logo berwarna kuning, hitam dan putih itu tertulis "Help Salary Presiden".

Gerakan dengan logo yang sama persis muncul pula di facebook dan hingga posting ini di buat sudah ada 4.370 orang. dinding pada akun ini penuh dengan ejekan terhadap pemerintah. pada info akun ini tertulis ajakan untuk membantu presiden yang kekurangan gaji.

Presiden SBY mengungkapkan bahwa gaji presiden belum naik selama tujuh tahun dalam pidato penutupan Rapat Pimpinan TNI/POLRI 2011 di Jakarta,  Jum'at (21/1). Sementara itu, Menteri Koordinator Perekonomian Hatta Rajasa Menyangkal Presiden SBY "Curhat" saat mengungkapkan bahwa gajinya belum naik selama tujuh tahun. 

Sementara itu, pengamat politik dari universitas paramadina, brhanudin muhtadi  menilai substansi yang di sampaikan presiden tidak ada salahnya. sebab, faktanya memang sudah tujuh tahun gaji presiden tidak naik. Yang menjadi persoalan, kurang tepat bila hal itu di sampaikan langsung oleh Presiden.

[ Read More ]