CBS Website Hacked
That’s right, the television network CBS had their website hacked using the popular iframe method and was actually used for a period of time to distribute malware to it’s visitors. I am not for sure how many visitors CBS has on a daily basis but I am pretty sure it’s probably high volume.
One of the popular features on CBS’s website among visitors is the ability to view missed episodes of their favorite shows like The Unit, CSI: Miami, and NCIS. Below is a report I found on Techworld regarding the attack…
TV network CBS has become the latest big name to have it website used to host malware, a security company has reported.
It appears that Russian malware distributors were able to launch another iFrame attack on a sub-domain of the cbs.com site so that it was serving remote malware to any visitors. A user’s vulnerability to the malware attack launched by the site hack would depend on a number of factors, including the type of security used on a PC, the operating system, and possibly the browser version.
“This saga confirms our many previous warnings that obfuscated code posing a serious threat to Internet users’ PCs, said Finjan CTO, Yuval Ben-Itzhak, who has devoted a fair amount of time in recent months to finding these hacks.
“Our Threats Reports have continued to identify the increasing use of code obfuscation as a means of bypassing traditional signature-based solutions in order to propagate malware,” Ben-Itzak continued, taking a pop at the anti-virus products against which his company in part competes.
“It also highlights the fact that no web portal, no matter how high ranking, can be totally secure against a system hack and consequent infection of its visitors. Web users need to exercise caution at all times,” he said.
Finjan has it had informed CBS of the issue, but that the Russian exploit server had in any case been taken offline, neutering the attack for the time being.
iFrame and SQL injection attacks on big-name websites have been one of the fashionable attacks of 2008, embarrassing a string of household names.
Shopping Discounts on Twitter
If you are like me, you are probably going to spend some time over the next few days doing some Christmas shopping online. If so, I have stumbled onto something pretty cool inside the Twitter social network, just follow couponer and they will keep you up to date w/ the latest specials and discounts from many of the top tier online retailers.
Just today I see that there are discounts on Sears.com, Guitar Hero 3, The Gap, Eastbay, Sony, Wine.com, and one of my wife’s favorites, Duck Duck Goose! Oh, and kudos to these online retailers for doing what they can to make the most out of social networking!
Powell Creative & Gang…
I just saw this on Facebook and had to give a shout out to the gang from Jonesboro (Powell Creative). They showed up on the front cover of the Winter 2008 DXNEWS magazine. This publication is put out for District 10 of the American Advertising Federation. We (Pleth) work very closely w/ Melissa and the gang at Powell Creative in Jonesboro, in fact we just opened a new office right next door! Kudos!
WordPress 2.6.5
Just so no one else out there thinks that they have lost their mind, there was never a wordpress 2.6.4, instead there was a bogus version of wordpress floating around that wasn’t legit so the guys at AutoMattic in an effort to stay ahead of the folks issuing 2.6.4 have opted to skip that version and go directly to 2.6.5.
Wordpress 2.6.5 is a pretty important update in that it fixes a small hole that could possibly be exploited via XSS. I have been updating our hosting wordpress solutions this morning and should have all of our clients updated in the next 20 minutes or so.
WordPress 2.6.5 is immediately available and fixes one security problem and three bugs. We recommend everyone upgrade to this release.
The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy
wp-includes/feed.phpandwp-includes/version.phpfrom the 2.6.5 release package.2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests. For a list of changed files, consult the full changeset between 2.6.3 and 2.6.5.
Note that we are skipping version 2.6.4 and jumping from 2.6.3 to 2.6.5 to avoid confusion with a fake 2.6.4 release that made the rounds. There is not and never will be a version 2.6.4.
Lunascape Web Browser
Matt, our server administrator at Pleth, get’s credited for stumbling onto this cool find. Lunascape is a web browser that uses all three of the rendering engines (webkit, trident, and gecko) instead of relying solely on one.
Personally I haven’t ever heard of anything like this before and am pretty anxious for this software to mature a little bit so we can get a good idea as to how it’s going to perform under pressure. It is being touted as the fastest browser ever…
Do you use multiple web browsers? Juggling multiple web browsers is not so uncommon to overcome incompatibity and inefficiency of web sites or browsers that are not well optimized to web standards. But it’s not that power users who know how to install and use multiple browsers actually love the hassle at the cost of their precious time.
Lunascape is here for you! For the first time ever, there is a web browser that has integrated the three main browser rendering engines with the ability to switch to the optimal engine automatically.
It’s in Lunascape’s DNA to open up new possibilities in the world of web browser. Lunascape was the first web browser with a search bar. The fully customizable skin system is another feature introduced by Lunascape in a web browser for the first time. Triple-engine is the latest addition with more innovations to come. State-of-the-art technical skill in Lunascape leads the world to future web experiences.
Eclipse Aviation
I was surprised to learn tonight that Eclipse Aviation had filed for bankruptcy protection. I have been following this company since my partner Stephen, who is also a pilot, turned me onto it.
There was a lot of buzz about this plane for a while leading up to it’s release, not to mention a long waiting list of people looking to purchase one, hopefully they can get back on their feet one day soon!
NEW YORK (Associated Press) – Eclipse Aviation filed for bankruptcy protection Tuesday after failing to produce its very light jet as fast as its business plan required, forcing the manufacturer to take a loss on each aircraft it built.
The struggling Albuquerque manufacturer of the six-seat Eclipse 500 filed for Chapter 11 protection in U.S. Bankruptcy Court in Delaware.
The filing comes after a troubled year that saw layoffs of more than a third of its work force, the exit of its founder and former chief executive and mounting lawsuits from nearly a dozen disgruntled customers. Earlier this month the company sent employees home for two days after it was late making payroll.
“In the face of unprecedented economic challenges, it is clear that the sale of the Eclipse business through the Chapter 11 process was the right course of action to maximize the value of the business, secure its future and protect the best interests of Eclipse’s stake holders, including customers, suppliers, employees and creditors,” acting chief executive Roel Pieper said in a statement.
Pieper was not immediately available for comment Tuesday.
Under Chapter 11, a company seeks an order from a bankruptcy judge that prevents creditors from immediately seizing company assets. Most companies continue to operate in some form while seeking to reorganize and reduce their debt.
Eclipse Aviation plans to sell nearly all its assets _ valued at between $100 million and $500 million _ at a public auction that would be held in January, court records show. The company has more than $1 billion in liabilities.
Barring an offer from a higher bidder, the company would be sold to an affiliate of its largest shareholder, ETIRC Aviation, called EclipseJet Aviation International Inc., said Brad Robins, managing director of Greenhill & Co. Inc., a New York-based investment bank Eclipse hired as its financial adviser.
The company was able to add 300 European aircraft orders to its books after the Eclipse 500 received certification from the European Aviation Safety Agency on Friday, which is similar to getting Federal Aviation Administration certification in the U.S.
European certification allows Eclipse to sell its aircraft in 37 European countries.
Robins said Eclipse’s plant in Albuquerque, N.M., which employs 945 people, should see no major changes as a result of the bankruptcy proceedings.
“The goal is the company continues to operate; employees are keeping their jobs,” Robins said.
Part of the restructuring will allow Eclipse to obtain $20 million in loans from Eclipse board member Alfred E. Mann and ETIRC, which will be used to pay employees, court records showed.
Eclipse chief financial officer J. Mark Borseth said in an affidavit that keeping employees working is important for the future of the company.
“I believe that if (Eclipse is) unable to honor all such obligations immediately, employee morale and loyalty will be jeopardized at a time when such support is critical,” Borseth said in the affidavit.
He said the company had early production delays caused by introducing several new technologies to build the aircraft.
And Eclipse’s business plan required aircraft to be produced at “unprecedented volumes” to enable the company to price the jet lower than its competitors, Borseth said.
After Eclipse failed to meet production targets, the cost per aircraft increased.
“As a result, Eclipse continued to lose larger than expected sums of money on each aircraft manufactured,” Borseth said.
Eclipse announced earlier this year that it needed $200 million to $300 million in financing to stay afloat, but analysts agreed that in the midst of a global economic crisis, a “white knight” investor was unlikely to appear, making restructuring necessary.
Eclipse’s “experience in the past several years is that they were able to secure financing. I think with the world we’re in today, this (Chapter 11) is the basis in which they could get it,” Robins said.
Valuation of Annual Accounts
Several times my partners and I have played around with the idea of acquiring a smaller hosting company that was for sale on the open market. We have the infrastructure to accommodate several times over the number of clients we currently have and purchasing a smaller company seems like a logical choice for us to quickly grow our client base.
One of the concerns we have about purchasing another hosting company is that our operation is completely different than that of most hosting operations, for instance GoDaddy, they do bargain basement hosting and offer annual renewals on their hosting customers. Several other large bargain basement, barebones hosting operations out there are setup the same way or similar as well.
The vast majority of our clients are billed on a monthly basis. The reasoning for this is because we actually bring a few other products and services to the table and also have a retainer agreement that certain clients take advantage of. We also offer other services outside the realm of hosting such as development.
I ran across this article today, and I actually have an email into this guy to discuss some of this but haven’t heard back from him yet. This is great information if you are in the hosting industry and I recommend you check out Furlow Consulting’s website.
If you are acquiring web hosting companies and a specific target primarily has annual customer accounts, don’t run for the hills, quantify it. Some buyers are immediately concerned about the increased risk of customer renewals for annual accounts which are 6-12 months out. At the same time they do not want to provide service and support each month for free for many of the customers for that period of time. There is a solution.
The two main value drivers in this equation are customer renewal rates and the “Total Customer Support Months” figure, (or “TCSM”). The later is as follows. If a customer signed up or renewed their annual contract 2 months ago, then this customer counts as 10 Customer Support Months. If a customer signed up or renewed 5 months ago then the contributing Customer Support Months is 7. Add this for every customer and you get a Total Customer Support Months. Multiply the total, times the average monthly cost to provide service and support to the average customer and you get the TCSMs figure in dollars. This needs to be subtracted from the valuation of the company if all of the customer accounts were monthly.
For example, if you are analyzing a customer base of 1,200 accounts and they are all billed annually and spread evenly throughout the year so each month 100 are up for renewal, then the TCSM is 7,800 for all of the accounts and the average monthly cost to provide service and support to the average customer is $8, then the value of this issue is $62,400. This figure is of special relevance if the renewals are not spread evenly across the 12 months of the year. It is common for companies to do “marketing blitz’s” from time to time and sign up a lot of annual accounts in a 1-3 month period.
Click here to see the example chart provided in his article…
Customer renewal rates is the other value driver. I will use two examples.
Higher Renewal Rates: The target company has 1,200 customer accounts which pay $240/year ($288,000/year), and they are evenly spread throughout the year so 100 are up for renewal in each of the next 12 months. In looking at the trailing 12 months, on average each month 95% of the customers renewed for another year, so the initial forecast for the next 12 months is that 1,140 will renew and pay $273,600, not counting new customers.
Lower Renewal Rates: The target company has 1,200 customer accounts which pay $240/year ($288,000/year), and they are evenly spread throughout the year so 100 are up for renewal in each of the next 12 months. In looking at the trailing 12 months, on average each month 50% of the customers renewed for another year, so the initial forecast for the next 12 months is that 600 will renew and pay $144,000, not counting new customers.
Forecasting Renewal Rates: I wish forecasting annual customer renewals would be as easy as taking the seller’s historical rates and forecasting it out 12 months, but it’s not.
- It is important to realize at first the target company’s renewal rates will be par for the course, but over time the buyer’s renewal rate will be the correct rate to forecast. If the buyer’s rate of renewal is 60% and the seller’s rate is 90%, it goes without saying the buyer needs to think hard and fast about why and DO NOT forecast the acquired base at 90% renewal for a long period of time.
- Some of the factors which will affect a change in the renewal rates of the acquired base are the acquirer’s billing methods, pricing, service, support etc. Changes in each of these will affect renewal rates and should be factored in to the forecast.
- Look at the quarterly changes in customer renewal rates prior to closing. Look at the trailing 4 quarters renewal rates. Are they getting better or worse? … take into consideration the trend as opposed to using just last years total renewal rate.
- Figure out why did the renewal rate change? Did the seller keep lowering prices faster than others in the industry, hence the renewal rates increased a bit quarter over quarter? Or, did the renewal rates fall slightly because a year ago there were 300 accounts per support employee, six months ago there were 500 and for the last quarter there were 700 accounts per support employee.
In conclusion, yes, there is a reduction in the value of a web hosting company which has primarily annual customer accounts, but it has a lot more to do with Total Customer Support Months “TCSM’s”than it does renewal rates, because even monthly customer accounts have renewal rates.
Furlow Consulting – Valuation of Annually Billed Customer Accounts
MySpace Ad Platform
I am a little late to the punch on this one but MySpace has launched their own self-serve advertising platform. I am not a huge MySpace fan so this one almost slipped by me. I spent a little time tonight checking it out and I have to admit that their application for building the ads is pretty nice and very simple to operate.
Unlike Facebook Ads, which I am sold on completely, I am not recommending that any of my clients jump into they MySpace marketplace and start doing any advertising yet. Here’s my rationale on that…
You have to take into consideration the market you have on MySpace. Granted, there are a few of us old timers on MySpace but not that many compared to what I am seeing on Facebook. I have been using this comparison of MySpace’s Audience versus Facebook’s Audience. MySpace is like going to a bar, the music is loud and it is dimly lit, Facebook is like going to Starbucks, it’s a relaxed atmosphere where you can interact with more attentive people. Not to mention, the music at Starbucks is worth listening too…
With all of this being said, I suppose if I had a client that was selling a product that was targeting the teenage market I would probably advise them to look into MySpace, unfortunately I don’t have any clients at this time that really fall into that category so I probably won’t have any news to report on how well MySpace’s ad platform works. However, if any of you are using it, I would love to hear your experiences, shoot me a comment…
MySpace Launches “My Ads” Self Serve Ad Platform: Is This Their Google Moment?
Facebook Application Verification Fee
A hot topic in the Facebook Developer Community right now has to do with the idea that Facebook will soon start charging a $375 application verification fee annually to developers who develop applications for the Facebook platform. In exchange, the developers applications will be awarded an official facebook stamp of approval badge and priority listing above other applications. I want to go on record as saying that I am personally in favor of this, I think that it will reduce the number of spammy applications that are out there as well as life the bar in terms of what goes live.
If a developer has to have his application approved, and he actually has a small investment in the application, it’s more likely that his application will function that much better upon it’s release, not that any existing applications mis-function, but I think that it goes without saying that quality is always a good thing. I also think that with developers paying a verification fee that they will likely build more useful applications that could potentially yield something that most social networks are missing right now and that is a profit model and a game plan. One of my biggest complaints all while watching the social landscape grow and grow is that there really isn’t anyone outside of the social network itself that is profiting, and of course the networks don’t profit directly from their vast user base, instead their income comes from the very intelligent, targeted ad solutions that they have running.
Facebook Irks Developers With Application Verification Fee
Posted on: Wednesday, 19 November 2008, 11:24 CST
Facebook’s recently announced plan to charge a fee in order to verify applications built for its social network has many developers up in arms.
In order to verify each application developed for the site, Facebook said it will charge developers $375 annually. The verification fee is optional and is reduced to $175 for students and nonprofits.
Platform program manager Sandra Liu Huang said Tuesday that Facebook opened the Application Verification Program to developers on Monday.
Developers who pay the fee and register their application for Facebook verification will earn a special badge that will put their application in a more prominent place among the 48,000 already available for Facebook users.
The fee will cover costs on Facebook’s end related to reviewing the applications, and it will recur each year along with a fresh application review, Huang said, adding that she expects that several hundred will become verified initially.
Some developers are not thrilled about the new verification concept.
Mike Knoop, 19, who developed an application that lets Facebook users request phone numbers from their friends, is not opposed to paying a fee to participate but doesn’t like the idea of paying each year.
“Because its recurring every 12 months, I think that’s going to shut out a lot of the smaller developers that don’t have the initial capital to invest in Facebook applications,” he said.
Huang said if Facebook eventually finds that the costs of reviewing the applications declines, it would be open to lowering the reverification fee.
“I think that the $375 verification fee can be justified if it were a one-time fee. But recurring every 12 months? This will be the big wedge between those apps which get verified and those which don’t even apply. I’m very curious to see what percentage of apps get verified,” another developer wrote on the official Facebook discussion forum.
Another developer said the verification process would also ass a notion of distrust among users.
“Users already distrust applications on Facebook platform. Now they will distrust unverified applications even more. This seems unfair. My application is already ‘well designed,’ ‘trustworthy’ and ‘meaningful’ to thousands of users. Why should I pay $375 a year just because Facebook allowed so many useless, spammy applications in the first place?”
Meanwhile, rival social network MySpace in a statement said: “MySpace led the way in creating policies that promote a healthy ecosystem, which includes treating all developers, large or small, equally. We already review every app before it goes live, and the cost is nominal so we have no plans to charge developers.”
Facebook Irks Developers With Application Verification Fee – Technology – redOrbit
Verizon Leaks Obama’s Phone Records
Wow, talk about a breach of security. Apparently some Verizon employees are out of a job following their exploits of dipping into President-Elect Barrack Obama’s cell phone records. I just can’t imagine someone’s mindset thinking that they could get away with something like this. All I can say is that I hope they didn’t jeopardize national security or sell this information to a third party because if they did I bet that unemployment is going to be the least of their worries.
Also, just on a sidenote, this has me wondering just what type of clearance an employee has to have with a wireless company to have the neccessary credentials to access records and call logs like this, whether you realize it or not this can be some pretty sensitive information. But with all of this being said, I wonder if the President’s cell phone records are a matter of public record once he takes office just like any other elected officials would be? Just wondering out loud…
(CNN) — Verizon Wireless has fired employees connected to a breach of records from a cell phone used by President-elect Barack Obama earlier this year, a Verizon source told CNN on Friday. An Obama spokesman said Verizon Wireless workers looked through an old phone’s billing records.
The source would not say how many people were terminated, but said “we now consider this matter closed.” Verizon reported the breach Thursday, and Obama spokesman Robert Gibbs said the transition team had been notified Wednesday. Gibbs said the president-elect no longer uses that phone, which has been inactive for months.
The fired employees were hired “to take care of customers,” the Verizon source told CNN, and were not authorized to access customer records unless asked to do so by the customer.
The source also said the employees in question could not have read text messages, if Obama sent or received them, and would not have been able to access the content of any voice mail messages, although they would have been able to see if any had been left.
“This was some employees’ idle curiosity,” the source said, adding that records of no other customers of note were breached.
Ari Schwartz of the Center for Democracy and Technology said the employees probably had access to the dates and times of calls, the length of calls and the telephone numbers of those Obama spoke with. Verizon CEO Lowell McAdam said Thursday that the company initially put all employees who had access to the account — “whether authorized or not” — on leave during an investigation.
McAdam said the device on the account was a simple voice flip-phone — not a BlackBerry or other smartphone designed for e-mail or other data services — meaning none of Obama’s e-mail could have been accessed.
Verizon Wireless, meanwhile, has launched a separate internal investigation to determine if Obama’s information was shared only among employees or whether “the information of our customer had in any way been compromised outside our company, and this investigation continues,” McAdam said in an internal company e-mail obtained by CNN.
The company has alerted “the appropriate federal law enforcement authorities,” McAdam said.
Verizon fires workers over Obama cell phone records breach – CNN.com
