Tim Bray of Sun Microsystems delivered an awesome keynote speech at the Future of Web Apps Expo 2008. Unlike many keynotes (which generally tend to be upbeat), Tim spoke about the economic tough times ahead, and what you can do to get though them. There’s some very solid advice in this presentation.
This is yet another reason why premium email solutions, like those offered by Pleth Networks, are a wise investment even for personal usage over free hosted email solutions.
I ran across this security notice this evening on Netcraft and thought that it was a pretty big deal. If the media wasn’t buried so deep in the presidential race I suspect this would have been pretty well publicized but it turns out, most of you are probably learning about this for the first time here.
Turns out that Yahoo email user account information was recently exploited. Details of this exploit from Netcraft can be found below. I should also probably state for those of you that aren’t already aware that I co-founded a company, Pleth Networks, LLC, who sells a premium email solution for individual and enterprise level accounts. If you are interested in email solutions for your business or even a personal email account that you can have peace of mind about, click here to contact us.
Here’s some info regarding the exploit / vulnerability taken from Netcraft’s website.
The Netcraft toolbar community has detected a vulnerability on a Yahoo website, which (at the time of writing) is currently being used to steal authentication cookies from Yahoo users — transmitting them to a website under the control of a remote attacker. With these stolen details, the attacker can gain access to his victims’ Yahoo accounts, such as Yahoo Mail.
The attack exploits a cross-site scripting vulnerability on Yahoo’s HotJobs site at hotjobs.yahoo.com, which currently allows the attacker to inject obfuscated JavaScript into the affected page. The script steals the authentication cookies that are sent for the yahoo.com domain and passes them to a different website in the United States, where the attacker is harvesting stolen authentication details.
When websites use cookies to handle authenticated sessions, it is extremely important to protect the cookie values and ensure they are not seen by other parties. Cross-site scripting vulnerabilities often allow these values to be accessed by an attacker and transmitted to a website under their control, which then allows the attacker to use the same cookie values to hijack their victim’s session without needing to log in. This type of attack can be mitigated to some extent by using HttpOnly cookies to prevent scripts gaining access to the cookies — a feature that is now supported by most modern browsers.
Earlier this year, Netcraft blocked a similar flaw on another Yahoo website. The previous attack targeted a cross-site scripting vulnerability on Yahoo’s ychat.help.yahoo.com site, which was served securely using a valid SSL certificate, adding further credibility to the attack. The attacker used the vulnerability to inject malign JavaScript into one of the site’s webpages. Unlike the current attack, the injected code was sourced from a server in Spain, but also resulted in the victim’s cookies being stolen and transmitted to a PHP script on the same server.
Netcraft found that the Yahoo cookies stolen by the attacker would have allowed him to hijack his victims’ browser sessions, letting him gain access to all of their Yahoo Mail emails and any other account which uses cookies for the yahoo.com domain.
Simply visiting the malign URLs on yahoo.com can be enough for a victim to fall prey to the attacker, letting him steal the necessary session cookies to gain access to the victim’s email — the victim does not even have to type in their username and password for the attacker to do this. Both attacks send the victim to a blank webpage, leaving them unlikely to realize that their own account has just been compromised.
The Netcraft Toolbar protects users against both of these attacks, warning that the malformed Yahoo URLs contain cross-site scripting elements, and that the URLs have been classified as known phishing sites.
Netcraft has informed Yahoo of the latest attack, although at the time of writing, the HotJobs vulnerability and the attacker’s cookie harvesting script are both still present.
Ongoing Phishing Attack Exposes Yahoo Accounts - Netcraft
I thought that it was interesting that even during an economic downswing that Acxiom was able to post a 20% Increase in earnings this quarter. They released their earnings today, and ACXM Shares closed today slightly higher, this will definitely make the shareholders happy given that just about everything in their portfolio has taken a beating as of late. Here’s a snippet from Arkansas Business:
Despite a decrease in revenue, Acxiom reported a 20 percent increase to $15.85 million, or 18 cents per share, in earnings during its second quarter. Earnings for the quarter ending Sept. 30, excluding extraordinary items, were at about 18 cents per share, up 20 percent from $9.19 million, or 15 cents per share, during the same quarter last year. The interactive marketing services company recorded revenue of $328.9 million for the quarter, down 5.7 percent from the same quarter a year ago.
Acxiom’s earnings for the quarter are slightly above analysts’ earnings estimate of 17 cents per share, but below their revenue estimate of $341.3 million. Including an unusual gain of $2.4 million for the second quarter of the company’s fiscal 2009, Acxiom (Nasdaq: ACXM) reported earnings per share of 20 cents.
For the six months ending Sept. 30, the company reported $660 million in revenue, down slightly from $683.5 million for the same period last year. Earnings per share for the six month period, including extraordinary items, were 34 cents, compared with a 6-cent loss during the previous year.
Acxiom Reports 20 Percent Increase in Earnings on Down Revenue - ArkansasBusiness.com
I have been in the process of updating my church’s website over the past few weeks to incorporate some new features and plugins that we were needing.
For the redesign I started w/ one of Brian Gardner’s premium themes and customized it quite a bit to include the featured gallery plugin on the home page as well as the new Facebook Connect application that allows users to comment on the church website using their Facebook accounts. You can click here to visit the website or click on the screenshot below.
This is the second church website that I have built on the Wordpress CMS but I would love to open up that market for a couple of reasons. One reason is that Wordpress lends itself well to the needs of most churches today. If you have a church website project that you would like for us to look at, please feel free to contact us.
I just thought that this was too funny not to post. This is our Chihuaha Mojo, that stays with my parents. He is absolutely spoiled rotten too and probably has one of the worst dispositions known to man. He can go from adorable to insane in a matter of seconds. This is one of his more adorable moments.
Mom had him dressed up for the Razorback game this past weekend w/ Ole Miss in a Razorback sweater. He also has one of those hog nose things but doesn't like to wear it.
I don’t usually blog about things off the topic of web / software development but I feel like this is worthy. I know that everyone has seen a spike in their energy bills at some time or another in their lifetime so this of interest to everyone, from homeowners to high-end datacenter managers.
A friend of mine turned me onto this product the other day. Basically bolts right onto your wall just above your breaker box. The bottom line, without getting all technical, this little box can cut your energy costs considerably!
If you are interested in learning more about this product, you can give my friend Kris Shinn a shout, by telephone: 501-412-3343, or email: shinn_kris@yahoo.com. This product is not a big investment either, and has some guarantees that go along w/ it if you purchase one, Kris can better fill you in on all of the details, etc. I just wanted to pass this product along in case anyone is looking for ways to cut their overhead by reducing their energy costs.
Here’s some basic info:
The US-CITY Energy RKW-110 and the RKW-310™ is housed in a metal box that fits neatly next to your breaker panel, saving you money year after year and protects the entire home or business. The US-CITY Energy RKW-110™ and RKW-310™ was designed with the homeowner and business owner in mind, providing lower energy bills, increased motor and appliance life, as well as surge and lightning protection for all of the equipment inside of your home or business.
Residential and Commercial customers throughout North America could see as much as 25%-35% Savings on their electrical usage (and thus power bills). The US-CITY Energy RKW-110™ and RKW-310™ is UL Tested and CSA certified.
Money isn’t all that you are saving when you use US-CITY Energy™ products. It’s an energy-wise purchasing decision with many positive environmental implications. Power Suppliers also benefit by being able to supply power to more customers without the generation or acquisition of additional power.