Adobe Reader security flaw – unlimited bad publicity
The recently discovered Adobe Reader bug allows an attacker to inject JavaScript via a PDF which is hosted on a trusted domain. For example, assume that a user clicks on a link in site A (which is not very trusted) to go to a PDF on site B (which is a trusted site). Site A can inject JavaScript via the PDF link which will appear to be executed from site B! This is possible since additional commands can be sent to Reader when opening a file.
What makes this scary is that there is nothing site B can do to prevent this (of course, other than taking down all PDF documents)! But this flaw appears relatively harmless since only things that can be snooped are the cookies and session data. It won’t be able to format your machine or steal your local files.
Adobe recommends upgrading your Adobe Reader to version 8 to fix this bug. Adobe may not enjoying all the bad publicity it is getting!
History of iPod and why Steve is God!
iPod from Apple has turned 5 this year. It is one of the world’s best selling gadgets and is a cultural icon in western countries.
Following Discovery channel documentary looks at the history of the iPod. It also looks at how Steve turned around apple with iMac and was inspired by Napster to start iTunes/iPod.
Did you know that iPod started with a smile? 
The documentary is pretty interesting, watch it when you have time (40+ minutes). If you are part of the iPod cult, missing this video will be a sin!
Yahoo on click fraud
Click fraud is one of the biggest challenges faced by paid search networks such as Yahoo and Google. It is well known that many of the “get rich through web” schemes are nothing but networks of click fraud groups.
Last month Jeffrey K. Rohrs wrote a blog post titled “The Sausage Manifesto – An open letter” directed at the pay per click advertisers,
Indeed, today’s PPC traffic is very much like sausage-a tasty mystery meat comprised of a variety of high quality ingredients as well as some bits and pieces that the engines would frankly prefer you don’t ask much about. Those bits – invalid clicks, fraudulent clicks, and clicks from search garbatrage are increasingly hitting the radar of advertisers and, quite rightly, they are beginning to ask some pretty meaty questions of Google, Yahoo, and others such as:
* How do you define an invalid (i.e., non-billable) click?
* What is the true size of the click fraud problem?
* ……..
Here is the response of John Slade (Yahoo! Search Marketings Senior Director of Product Management),
With that belief in mind, Yahoo! is working hard to put our money where our mouth is. We proactively identify suspicious clicks and remove them from our billing system 24 hours a day, 7 days a week – as a result, we’ve given away billions of clicks for free. We’ve invested significant technological, financial and human resources in clickthrough protection since we started this industry in 1998 and are redoubling our efforts by dedicating even more resources to this issue. You’ll be hearing more specifics from us soon, but I can tell you that we have in fact committed to building a Traffic Quality Resource Center, are continually expanding our clickthrough protection team and will be announcing new leaders within our organization who will focus entirely on enhancing and overseeing our traffic quality initiatives.
So I think, search engines will be substantially increasing the size of their click fraud protection teams. A combination of human and automatic checking can only be effective in tackling this problem.
Youngest Web designer?
Check out the Web site of Presentation higher secondary school, Kerala, India. It is designed by Sreelakshmi Suresh, an eight year old student of the school. This probably qualifies her as the Youngest Web designer of the World.
The Web site is simple and elegant (It is a static Web site, but still impressive for her age) . No wonder that it has also won a lot of awards, including American Association Of Webmasters Merit Award. She is also the youngest member of the association. She was also interviewed in the local media giving her celebrity status here!
Google Code Jam for latin america 2007 is open
Google has started registrations for the latin american edition of its Code Jam competition. First prize offered is R$6,000. Finals for the event is scheduled on March 1st. Following softwares can be used for the competition,
- Java 5.0 (build 1.5.0_03)
- .NET Framework version 2.0.50727
- GCC 4.0.2
- Python 2.3.4
From the latin america code jam site,
Registration for the Google Code Jam Latin America 2007 is open from Tuesday, January 2, 2007 at 10:00AM GMT/UTC -2 through Tuesday, January 23, 2007 at 10:00AM GMT/UTC -2. There is no limit to the number of registrants for the competition, but only the top 500 scorers from the Qualification Round will advance to Round 1 of the Code Jam on January 30, 2007.
The competitors with the top 250 scores from Round 1 will advance to compete in Round 2.
The competitors with the top 50 scores from Round 2 will be invited to compete for R$75,000 in cash and prizes at the onsite Championship Round at the Google Office in Belo Horizonte, Brazil.
For more info, check the Code jam FAQ.
“hi im mohan i am having problems” – A spammer without life?
I saw this as the 10th most searched term on technorati and looked up “hi im mohan i am having problems” on google and it returned over 352,000 results!
I guess this spammer is based out of India and seems to have done a really neat job in spamming a lot of Websites! He seems to spam for all subjects from airline tickets to prescription drugs.
He didn’t even spare this anti-spam blog! From the post,
SPAM: hi im mohan i am having problems.
(I would say you do have problems – there’s no cure for stupidity)
IP: 194.165.130.93
All three point to a pay-per-click redirect page. Hence the reason he wants to spam..
His email address is nearly always an “@mail.com” address. Easy enough to stop… You know, Akismet works pretty well if you allow it to – and teach it along the way with what spam it misses…
But what surprised me was that lot of these spam messages have no content at all!
Leaked video of Saddam’s hanging – probably taken using mobile phone
Someone present at the execution seems to have captured Saddam’s hanging secretly on a mobile. Not very clear and blurs towards the end. Seen via liveleak.
Saddam hussein execution and internet search surge
Yahoo is reporting that execution of saddam has created a surge in Yahoo search. Searches on Hussein were up 1,349% and the term has become the most-searched on Yahoo. Other popular searches were “iraq news”, “iraqi tv”, “iraq hanging video”, “pictures of saddam hanging”, “saddam execution footage” and “saddam execution live”
Following diagram shows the surge in searches on Yahoo.
Here is a leaked mobile phone video of saddam execution found on liveleak.
100 things we know this year!
BBC has an interesting article on – 100 things we didn’t know last year. Some of my favorites are,
- Standard-sized condoms are too big for most Indian men
- The fastest supercomputer in the UK can make 15.4 trillion calculations per second
- Sex workers in Roman times charged the equivalent price of eight glasses of red wine
- More than one in eight people in the United States show signs of addiction to the internet, says a study
- Eating a packet of crisps a day is equivalent to drinking five litres of cooking oil a year
- For every 10 successful attempts to climb Mount Everest there is one fatality
- The egg came first
- Thinking about your muscles can make you stronger
Google blog top entries for 2006
Google blog last year got an impressive 7.6 million unique visitors and 15 million page views! As you can guess most of the referrer traffic was from digg.com and slashdot.org. Here is a list of most popular Google blog entries for 2006,
Firefox 2.0.0.1 is released with security fixes
Mozilla today released 2.0.0.1 version of Firefox. This was auto updated by version 2.0 on my PC. It is basically a collection of security fixes and enhanced support for Windows Vista. Interestingly on Windows Vista Firefox can not yet be set as the default browser! Check this bug for details.
The version number 2.0.0.1 looks funny though!
List of major security fixes in Firefox 2.0.0.1,
- XSS using outer window’s Function object
- RSS Feed-preview referrer leak
- Mozilla SVG Processing Remote Code Execution
- XSS by setting img.src to javascript: URI
- LiveConnect crash finalizing JS objects
- Privilege escallation using watch point
- CSS cursor image buffer overflow (Windows only)
- Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)
For further info check out Mozilla Firefox 2.0.0.1 release notes.
The end of Furl?
Social bookmarking site Furl is going downhill! It seems that manipulating Furl is child’s play. Most of the time what you see in the “Today’s popular items” on Furl home page is spam. This?Ç reduces Furl to a mere page archiving system for the individual users.
Check out the Furl homepage as of today (14 Dec). Except the last entry all others are manipulated using newly created user entries. The Furl signup does use a captcha, but it seems?Ç smart guys?Ç have written programs to get around it.
When you look at the members who furled it what you find is a bunch probably auto created furl users,
Christmas gift from flickr – Increased upload limit
Christmas gift for Flickr?Ç (photo sharing site?Ç from Yahoo)?Ç users! There will be no limits on the monthly upload for Flickr pro users (earlier there was a 2GB monthly limit) and for free accounts the monthly upload limit is increased to 100MB from 20MB!
Here is what Flickr now offers,
Free account
100 MB monthly upload limit
3 photosets
Photostream views limited to the 200 most recent images
Only smaller (resized) images acessible (though the originals saved in case you upgrade later)
Pro Account ($24.95 per year $47.99 for 2 years)
Unlimited uploads
Unlimited storage
Unlimited bandwidth
Unlimited photosets
Permanent archiving of high-resolution original images
The ability to replace a photo
Ad-free browsing and sharing
Google adsense adds 4 new languages
From today Google adsense is supporting 4 new languages – Croatian, Czech, Slovak, and Traditional Chinese. This brings the total number of languages supported to 22. In addition Arabic, Bulgarian, Greek, and Hebrew are supported for search alone.
I have been waiting for Google to enable my mother tongue (Malayalam). I don’t think it will happen anytime soon. Meanwhile there are a lot of Malayalam sites which are hosting ads in their site violating adsense terms of service. I think Google is ignoring most of these violations as I am seeing these sites running for years!
IdeaWins by Microsoft – A chance to start your business!
Microsoft is running competition called “IdeaWins” for the best small business idea. The best entry will get $100,000 in venture capital to start the business and free retail space in New York city! This competition is open till 31st January 2007 and only residents of United States can participate.
The ideawins site is also offering free download of Microsoft Office Accounting Express 2007.
I was wondering what type of business idea can I submit? Here is what the site says,
The Dry Shower? Caffeinated Salad? GPS Shoes? Entries can be submitted for almost any original idea for a consumer-based based business that sells goods and services at a storefront retail location and via the Internet. However, please note that ideas that fall in the following categories will not be eligible for this Contest: Not-for-Profit, sexual aids, pornography, tobacco, alcohol, firearms or other weapons, and any unlawful activity.
Further Reading
Idea Wins competition