HTML 5 Web code weakness allows data dump on computers

Ajay

The loophole exploits a feature of HTML 5 which defines how websites are made and what they can do.

Developer Feross Aboukhadijeh found the bug and set up a demo page that fills visitors’ hard drives with pictures of cartoon cats.

In one demo, Mr Aboukhadijeh managed to dump one gigabyte of data every 16 seconds onto a vulnerable Macbook.

Clever code

Most major browsers, Chrome, Internet Explorer, Opera and Safari, were found to be vulnerable to the bug, said Mr Aboukhadijeh.

While most websites are currently built using version 4 of the Hyper Text Markup Language (HTML), that code is gradually being superseded by the newer version 5.

One big change brought in with HTML 5 lets websites store more data locally on visitors’ PCs. Safeguards built into the “local storage” specification should limit how much data can be stored. Different browsers allow different limits but all allow at least 2.5 megabytes to be stored.

However, Mr Aboukhadijeh found a way round this cap by creating lots of temporary websites linked to the one a person actually visited. He found that each one of these associated sites was allowed to store up to the limit of data because browser makers had not written code to stop this happening. By endlessly creating new, linked websites the bug can be used to siphon huge amounts of data onto target PCs.

Only Mozilla’s Firefox capped storage at 5MB and was not vulnerable, he found.

“Cleverly coded websites have effectively unlimited storage space on visitor’s computers,” wrote Mr Aboukhadijeh in a blogpost about the bug.

Code to exploit the bug has been released by Mr Aboukhadijeh and he set up a website, called Filldisk that, on vulnerable PCs, dumps lots of images of cats on to the hard drive. So far, no malicious use of the exploits has been observed.

In a bid to solve the problem, bug reports about the exploit have been filed with major browser makers.

 

courtesy: http://www.bbc.co.uk/news/technology-21628622

Hacking group Anonymous – Twitter account hack

Ajay

Hacker collective Anonymous has suffered an embarrassing breach, as one of its popular Twitter feeds is taken over by rival hacktivists.

Little-known group Rustle League said it had hacked the @Anon_Central account which has 160,000 followers.

It follows some high-profile Twitter hacks in recent days – including accounts for Burger King, Jeep and BBC Top Gear presenter Jeremy Clarkson.

Experts warn that users need to strengthen their passwords.

“The reason Anonymous fell victim is probably human weakness,” said Graham Cluley, senior consultant at security firm Sophos.

“Chances are that they followed poor password practices, like using the same password in multiple places or choosing a password that was easy to crack.

Everyone should learn better password security from incidents like this – if it can happen to an account run by Anonymous supporters, it could happen to you,” he said.

On Monday, the account for Burger King was breached and on Tuesday that of Chrysler-owned Jeep was broken into.

 

courtesy: bbc news

Apple CEO Tim Cook slammed by calling lawsuit a “silly sideshow”

Ajay

Einhorn made headlines last week by suing Apple and lambasting the company for hoarding billions in cash. Einhorn’s hedge fund, Greenlight Capital, wants Apple to give some of its $137 billion cash hoard back to shareholders in the form of preferred stock.

At a Goldman Sachs (GSFortune 500) conference in San Francisco moderated by Goldman CEO Lloyd Blankfein, Cook shot back about the Einhorn lawsuit,

“Frankly, I find it bizarre that we would find ourselves being sued for doing something that’s good for shareholders,” Cook said, calling the lawsuit a waste of time and money.

Cook also cited one of Einhorn’s lines in the complaint: “Apple doesn’t have a ‘Depression-era mentality,'” Cook said. “Apple makes bold and ambitious bets on products, and we’re conservative financially.”

Though Cook said Apple isn’t spending a lot of time thinking about the suit, the company is reviewing Einhorn’s proposal. Apple will the let shareholders vote at the company’s annual meeting this month whether to block the possibility of ever issuing preferred shares. Greenlight promptly filed a lawsuit in federal court.

 

coutesy: http://money.cnn.com/2013/02/12/technology/apple-cook-einhorn/index.html

LinkedIn proves it’s no Facebook (in a good way)

Ajay

Post-IPO life hasn’t been kind to Facebook and other newly public social startups, whose plummeting shares have left investors downtrodden. But LinkedIn, the first of the big social network upstarts to go public, continues to prove it can be a money-making machine.

Wall Street analysts had high expectations for LinkedIn’s (LNKD) fourth quarter, and the company still beat on both counts. LInkedIn netted $40.2 million, or 35 cents per share — more than three times as much as the $13 million it made a year earlier.

Sales came in at $303.6 million during the past quarter, up 81% over the year.

Shares rose 19% in morning trading, reaching an all-time high of $147.43.

As a business networking site, LinkedIn might not be as sexy as Facebook (FB) and other buzzy startups. But from the start, LinkedIn stood out from the newly public pack. The likes of Yelp (YELP), Pandora (P) and Groupon (GRPN) weren’t profitable when they decided to go public, but LinkedIn was earning money and had a solid business model to boot.

The company has touted its multiple-revenue-stream approach, and all three money-making sectors were strong last quarter.

Sales from job-recruitment tools rose 90% over the year, accounting for more than half of the company’s overall revenue.

Ads and other marketing revenue increased by more than two-thirds over the year. Advertising represents just a quarter of LinkedIn’s revenue — at Facebook, by contrast, ad sales account for 84% of revenue, and they were up only 41% last quarter.

The final fifth of LinkedIn’s sales comes from subscribers who pay for premium accounts.

The company didn’t shed much light on mobile, however, a continued pressure point for social networks like Facebook. Facebook shares are finally turning around now that the company is beginning to serve ads to mobile users, and Zynga posted a surprise profit on Tuesday as its mobile userbase expanded.

On a conference call with analysts, CEO Jeff Weiner said about 27% of the site’s visitors last quarter came from mobile apps, a 15% jump from a year ago, and about one-third of people looking at job postings came from mobile devices.

One analyst on the call asked about LinkedIn’s ongoing testing of mobile ads, and Weiner stressed it’s “still early.” Because of the limited space on smartphones in particular, the company wants to “be thoughtful” about its mobile ad rollout, Weiner said.

Meanwhile, LinkedIn’s overall userbase is growing. The company passed the 200 million member mark during the fourth quarter, representing a nearly 40% increase from the same quarter last year. It’s adding about two members per second, and the international market is especially hot: More than 64% of LinkedIn members live outside the United States.

The company also touted its fourth-quarter redesign of LinkedIn profiles, saying that nearly twice as many members updated their pages versus the fourth quarter of 2011. LinkedIn did not provide specific numbers on that point.

LinkedIn expects sales of about $307 million for the first quarter, and about $1.43 billion for the full year. Both figures were in line with the outlook analysts expected.

The social network continues to outperform more traditional job search competitors as well. Monster Worldwide (MWW) Thursday morning reported a $73 million loss last quarter, and the company decided to exit some foreign markets to focus on its U.S. business. To top of page

 

Courtesy: http://money.cnn.com/2013/02/07/technology/social/linkedin-earnings/index.html

Kaspersky anti-virus cuts web access of thousands of PCs

Ajay

Thousands of computers running Microsoft’s Windows XP operating system were unable to connect to the internet after installing an anti-virus update.

Users said they were also unable to access their internal company networks.

Russian IT security company Kaspersky Labs told users to disable its anti-virus software or roll back the update.

Two hours later it issued a fix – but since their PCs were unable to auto-install new code from the net, users had to perform several tasks first.

Kaspersky told its customers: “Please disable the web AV component of your protection policy for your managed computers.”

It then told them to go the repositories section, download an update and re-enable the protection.

Repair jobsThe company issued a statement, apologising “for any inconvenience caused by this database update error”.

“Actions have been taken to prevent such incidents from occurring in the future,” it said.

Dorset-based IT consultant Graham Lord wrote on the micro-blogging site Twitter: “Bravo on breaking the internet on all your XP clients.

“Your update just set back one of my repair jobs by a day’s work.”

But Spain-based security blogger David Barroso tweeted: “So Kaspersky QA [quality assurance] team failed with this update but they quickly released a fix, which it is something good.”

 

WP Twitter Auto Publish Powered By : XYZScripts.com