How to Stop Bom Sabado Worm? Here is the way!

Everyone whose orkut account has been affected with the Sabado Worm, can use this simple trick to get out of this issue. People whose account is not yet affected, please follow the below steps to keep this worm away from your accounts.

The worm injects a hidden iframe containing a malicious javascript [do not click this] http: //tptools. org/ worm . js [do not click this], which steals the user cookie which contains the password in an encoded form. Even though the attacker does not get to know your password, they can login to your account using your credentials by impersonating the cookie to fool the identification system. 

So a trivial solution is to diable javascript, another solution is to disable iframes or u can take an advanced measure by blocking the domain http : // tptools . org / by editing your hosts file and redirecting it to a safe address, say 127.0.0.1 go to C:>windows>system32>driversetc There is a file named %u2018hosts%u2019. It is a read-only file. Go to it's properties and un-check the read-only option and edit it with you favourite editor. add this line at the end of it 127.0.0.1 tptools.org save it. and then restart your network interface. ( in simple words, just reconnect your internet connection ). Bingo!! the worm%u2019ll became useless!!!! 

Orkut is attached by Bom Sabado Worm!!!

In a major XSS (cross-site scripting) attack this week, Google owned Orkut was flooded with "Bom Sabado" scraps.

The word "Bom Sabado" means "Good Saturday" in Portuguese, which is the also the official language of Brazil, one of the last remaining Orkut bastions in the world.

The worm seems to be posting scraps with the text "Bom Sabado" and also adding affected users to new Orkut groups. Such XSS attacks have targeted Orkut in the past too.

Experts have advised users to avoid logging on to Orkut till Orkut engineers fix the hole and also not to click on any suspicious links. Orkut had just last month announced new updates to the website.

Earlier this week, the popular microblogging website Twitter was also at the receiving end of an XSS exploit. The attack, which emerged and was shut down within hours Tuesday morning, involved a XSS flaw that allowed users to run JavaScript programs on other computers.

Earlier on Sep 2010, the most popular social networking hub with more than 500 million users, Facebook, also faced networking glitches due to an outside technical problem. It was Facebook's most tragic outrage in its history.

YouTube tests new live streaming platform!

The world largest video sharing service, YouTube is testing a new live streaming platform. The trial would continue for two days - September 13-14. The new service begins as a limited trail with four participating partners.

YouTube had previously hosted live streaming of events such as the U2 concert at Rose Bowl and season three of the Indian Premier League (IPL). YouTube will evaluate the results of the test before planning a roll-out for its partners worldwide.

The new YouTube platform integrates with the existing YouTube channels and broadcasters need only a webcam or an external camera to use the feature, when it is made available.

With the new service YouTube adds to the competition of websites such as, ustream.tv, livestream.com and justin.tv.

YouTube's IPL live streaming had exceeded the website's expectations. The official IPL channel on YouTube racked up nearly 55 million views, against YouTube expectations of around 10 million streams.

Does that mean a free Television Era's begining??

Here you have' e-mail worm hits corporate world!!

A new virus based in e-mails with the subject line "Here You have" began running rampant Thursday, hitting corporate America hard.

So far, the virus has already been sighted at ABC/Disney, Google, Coca Cola and NASA, several individuals with knowledge of the situation told. Comcast was forced to shut down its e-mail servers entirely after being hit, a spokesperson said on Twitter.

E-mails that carry the virus contain a link that encourages readers to click on a PDF document file. But rather than a PDF, the file  contains a Windows script that transmits a virus and spams the entire contact list of the person who opened the file.

The worm is similar to the ILoveYou and Anna Kournikova worms, which spread in 2000 and 2001, and is a type of malware that has not been a major problem since around 2002, according to David Cowings, a senior manager with Symantec Security Response. "It looks like we've had a resurgence of mass-mailing worms," he said.

This latest worm seems to do nothing more than send itself out, using the victim's contact list. Cowings said "It appears to be mailing itself to all of the mailing lists that are in someone's contacts. It may also go to individuals," he said. The worm appeared to be affecting Outlook e-mail users, but it's not clear if it is also affecting users of other mail programs.

The body of the e-mail typically says something like, "Hello... this is the document I told you about, you can find it here." Because the worm is spreading via contact lists, the e-mail often comes from someone the victim knows.

A note posted on the McAfee site Thursday afternoon said: "It looks like multiple variants may be spreading and may take some time to work through them all to paint a clearer picture."

Google Instant: A new faster search system in real time!!

Internet giant Google today introduced "Google Instant", an enhanced version of its search engine that locates the content defendants as the user enters the terms to search. Google adds innovation and speed thanks to its new search function has been presented Wednesday at a news conference.

With this new feature, the user will not have to complete the search, because the results will appear as you type the text, which saves 2 to 5 seconds per search, and "more than 3,500 million seconds a day and a eleven hours every second "globally, the company said.

This breakthrough was described by the Vice President of Search Products at Google, Marissa Mayer, as a "fundamental change" in how to locate content on the Internet.

The new search system will be available in the U.S. throughout the day today for Google Chrome, Mozilla Firefox, Safari and Internet Explorer 8 and next week will start in domains related to six other countries: Spain, United Kingdom, France, Germany, Italy and Russia. The company goal is to offer in the coming months this instant service to a greater number of languages and countries.

In addition to automatically predicting the content that appears on the screen without pressing the button "enter", "Google Instant" includes a system of "auto" of terms to help guide users to refine your search.

Google is betting that in a world of nearly instant communication that search is going to have produce an answer just as fast as updates are spat out from Twitter or other real-time Web services. It's a bit chaotic at first and will certainly throw a few searchers off their game as well as make those in the search-engine optimization game a little anxious.

Should it prove popular with users, however, Google Instant is also the type of search innovation that might be difficult for competitors to duplicate in a matter of weeks or even months, giving Google a distinct advantage heading into a new era of Internet search.

New application measures mobile phone radiation

AN Israeli company has developed software that monitors a mobile phone's radiation levels and alerts the user if the levels becomes excessive.

Tawkon (pronounced talk-on) said the aim was to reduce a phone user's exposure to emissions without having to give up their phone.

Tawkon's application is already available for Research In Motion's BlackBerry handsets and will be launched for Google's Android-based phones and Nokia's Symbian later this year.



"We are the first solution that can be downloaded to a phone," Tawkon co-founder and CEO Gil Friedlander told Reuters. Until now radiation emissions were measured with an external device.

In many countries handset manufacturers must disclose the maximum level of radiation emitted and similar legisation is starting to appear in the United States, Friedlander said.

The application monitors the phone user and if radiation levels reach a certain threshold called the "red zone" an alert is emitted along with suggestions to minimise exposure.

"There are simple things you can do such as changing the phone's position from horizontal to vertical," Friedlander said.

On many phones the antenna is on the bottom and often covered by the user's hand, causing the phone to emit more radiation. Connecting an ear piece or switching on speakerphone will reduce radiation exposure. In addition, Tawkon is connected to GPS and the software will show users where to move to reach a "green zone" and reduce exposure.

"We don't want people to stop using phones but to use them more responsibly," the Canadian-born Friedlander, 44, said.

Tawkon initially targeted its software for the iPhone, but said Apple rejected it in March for sale in its App store.

"The media picked up on it... and a week later I got a phone call from Apple saying they wanted to talk with us. They are trying to see how they can get it into their App store," Friedlander said.

Friedlander would not disclose how many users Tawkon has but said every three days the number of downloads doubles.

San Francisco became the first US city to pass a law requiring retailers to post radiation levels on cell phones and Friedlander said he believes Tawkon will benefit from this increased awareness. It will launch its application for phones based on Google's Android software in San Francisco in a month.

"It will take a few years until research (on the health effects of cell phone radiation) will be more conclusive," Friedlander said. "A lot of regulatory bodies are concerned this will be too late for a whole generation. To take precautionary measures is the right thing to do."

HTML 5: A way to revolution!

The HTML5, the next version of the language used to create web pages, has drawn attention for its ability to display video within a web browser without plug-ins like Adobe Flash. However, ultimately a series of lesser-known features may have a far greater impact on how users experience the Internet.

Experts say that HTML5 does behind the scenes-such as network communications and storage features of browser-can make pages load faster (especially on mobile devices slow), make web applications work much better, and even allow browsers to read older websites more easily.

Many websites today act like desktop applications, for example, the office productivity suites and internet-based photo editing tools. However, many of the sophisticated features of these sites rely on developers to build connections between different web technologies such as HTML, JavaScript and style sheets (CSS), a connection that does not always work perfectly. As a result, Web sites can become slow, work differently in different browsers, and be vulnerable to security holes.

Bruce Lawson, who preaches about open Web standards Opera Software says that for Web sites running Internet functions for which it was originally designed, developers must perform complex coding tasks easily, can end up making mistakes and introducing applications to fail.

The group working on HTML5, says Lawson, was assigned the difficult task of making the specification was more tolerant than their predecessors, so that the oldest web sites or miscoded work better in browsers authorized to implement HTML5. They also wanted to extend the specifications and to support modern trends, such as rich internet applications. "The foundation of HTML5 is relentlessly pragmatic," he says. "It is designed to reflect what people are really doing."

Experts point out a feature called Web Sockets as an example of the improvements that the HTML5 can provide. Sockets provides a Web site an application programming interface (API) that opens a permanent connection between a page and a server, so that information can pass between them in real time. Normally, the browser must make a request each time you want an update.

The effect is like going from having a conversation via email to switch to using instant messages, said Ben Galbraith, who co-founded the web development site Ajaxian.com, and is the director of relations with Palm developers. With email, each message is sent as a single event, while instant messaging allows conversation flowing and is establishing permanent connection.

In the past, Web developers have managed to develop different ways to keep browsers and servers in constant communication, although Galbraith describes the techniques as "clever hacks" that are complicated to implement and do not scale well. Web Sockets, he says, promises an easy way for developers to create web pages that change in real time, something increasingly important with the proliferation of more data sources in real time, such as instant status updates from users social networks. Users would benefit from web applications with real-time feeds and a run smoother and with fewer errors.

The HTML5 could also help make web applications work better when the devices are disconnected from the Internet or intermittently connected, as is usual with smart phones, said Alon Salant, co-owner of Carbon Five, a company based in San Francisco that specializes in creating web applications. A feature called Web Storage allows applications to store more data in web browser, recover smarter, and control how browsers have certain parts of pages to speed loading.

Galbraith is also excited about several features of the new version of CSS, designed to work with HTML5. These features make Web pages more responsive to user input and allow high-quality graphics-areas in which web pages are usually not good. The HTML5 allows developers to integrate animation window on a page, but Galbraith said that the new CSS functionality would have a better performance.

Lawson points out that users will also see an improvement in performance with other features of HTML5. For example, a number of improvements in the way the browsers handle forms will reduce the amount of JavaScript necessary and accelerate page loading, especially on mobile devices.

Chris Blizzard, Mozilla evangelism director, points out the importance of the parser of HTML5. The parser reads a browser trademarks used to build a page and look for ways to show it on screen. Blizzard says this is one of the most important parts of the specification. His intention is to make the browser more interoperable, particularly in the way they handle poorly written code. Instead of letting each browser maker decides how to handle imperfect code, the parser specifies what should be the responses to the errors. This should give users a more consistent experience, regardless of the browser you are using, he says.

While the HTML5 seems to present a long list of big changes, says Lawson, the main objective is to provide a simpler way of doing so developers are already doing today, making it less likely to make mistakes. Lawson said: "The greater simplicity, greater robustness and therefore the greater the end-user experience-that's how I see it."

A Strong Password Isn't The Strongest Security

Make your password strong, with a unique jumble of letters, numbers and punctuation marks. But memorize it, never write it down. And, oh yes, change it every few months. These instructions are supposed to protect us. But they don’t!

Some computer security experts are advancing the heretical thought that passwords might not need to be “strong,” or changed constantly. They say onerous requirements for passwords have given us a false sense of protection against potential attacks. In fact, they say, we aren’t paying enough attention to more potent threats.

Here’s one threat to keep you awake at night: Keylogging software, which is deposited on a PC by a virus, records all keystrokes — including the strongest passwords you can concoct — and then sends it surreptitiously to a remote location.

“Keeping a keylogger off your machine is about a trillion times more important than the strength of any one of your passwords,” says Cormac Herley, a principal researcher at Microsoft Research who specializes in security-related topics. He said antivirus software could detect and block many kinds of keyloggers, but “there’s no guarantee that it gets everything.”

After investigating password requirements in a variety of settings, Mr. Herley is critical not of users but of system administrators who aren’t paying enough attention to the inconvenience of making people comply with arcane rules. “It is not users who need to be better educated on the risks of various attacks, but the security community,” he said at a meeting of security professionals, the New Security Paradigms Workshop, at Queen’s College in Oxford, England. “Security advice simply offers a bad cost-benefit tradeoff to users.”

One might guess that heavily trafficked Web sites — especially those that provide access to users’ financial information — would have requirements for strong passwords. But it turns out that password policies of many such sites are among the most relaxed. These sites don’t publicly discuss security breaches, but Mr. Herley said it “isn’t plausible” that these sites would use such policies if their users weren’t adequately protected from attacks by those who do not know the password.

Mr. Herley, working with Dinei Florêncio, also at Microsoft Research, looked at the password policies of 75 Web sites. At the Symposium on Usable Privacy and Security, held in July in Redmond, Wash., they reported that the sites that allowed relatively weak passwords were busy commercial destinations, including PayPal, Amazon.com and Fidelity Investments. The sites that insisted on very complex passwords were mostly government and university sites. What accounts for the difference? They suggest that “when the voices that advocate for usability are absent or weak, security measures become needlessly restrictive.”

Donald A. Norman, a co-founder of the Nielsen Norman Group, a design consulting firm in Fremont, Calif., makes a similar case. In “When Security Gets in the Way,” an essay published last year, he noted the password rules of Northwestern University, where he then taught. It was a daunting list of 15 requirements. He said unreasonable rules can end up rendering a system less secure: users end up writing down passwords and storing them in places that can be readily discovered.

“These requirements keep out the good guys without deterring the bad guys,” he said.

Northwestern has reduced its password requirements to eight, but they still constitute a challenging maze. For example, the password can’t have more than four sequential characters from the previous seven passwords, and a new password is required every 120 days.

By contrast, Amazon has only one requirement: that the password be at least six characters. That’s it. And hold on to it as long as you like.

A short password wouldn’t work well if an attacker could try every possible combination in quick succession. But as Mr. Herley and Mr. Florêncio note, commercial sites can block “brute-force attacks” by locking an account after a given number of failed log-in attempts. “If an account is locked for 24 hours after three unsuccessful attempts,” they write, “a six-digit PIN can withstand 100 years of sustained attack.”

Roger A. Safian, a senior data security analyst at Northwestern, says that unlike Amazon, the university is unfortunately vulnerable to brute-force attacks in that it doesn’t lock out accounts after failed log-ins. The reason, he says, is that anyone could use a lockout policy to try logging in to a victim’s account, “knowing that you won’t succeed, but also knowing that the victim won’t be able to use the account, either.” (Such thoughts may occur to a student facing an unwelcome exam, who could block a professor from preparations.)

Very short passwords, taken directly from the dictionary, would be permitted in a password system that Mr. Herley and Stuart Schechter at Microsoft Research developed with Michael Mitzenmacher at Harvard.

At the Usenix Workshop on Hot Topics in Security conference, held last month in Washington, the three suggested that Web sites with tens or hundreds of millions of users, could let users choose any password they liked — as long as only a tiny percentage selected the same one. That would render a list of most often used passwords useless: by limiting a single password to, say, 100 users among 10 million, the odds of an attacker getting lucky on one attempt per account are astronomically long, Mr. Herley explained in a conversation last month.

Mr. Herley said the proposed system hadn’t been tested and that users might become frustrated in trying to select a password that was no longer available. But he said he believed an anything-is-permitted password system would be welcomed by users sick of being told, “Eat your broccoli; a strong password is good for security.”

Apple and Google are preparing to bring the Internet to television

After years of timid attempts, technology companies have decided to bet heavily on the integration of the Internet on television with the launch this fall in the U.S. of novel devices to interact with the "idiot box."

The updated Apple TV, which was filed this week, we must add the anticipated sale of products Revue Google adapter-TV- or its competitor Boxee Box, expected a market still looking for an efficient way to spread the liability viewer restless spirit of the Internet.

To date, those wishing to enjoy Web content while watching TV they have done acquiring some of the faces flat screens with Internet applications or purchasing devices that are a bridge between the two universes as XR Roku, Tivo or Apple TV. However, none of these devices can freely surf the Internet and are limited to providing access to a number of content such as YouTube, Flickr, Facebook or channels rental of films and series such as Netflix and Amazon VoD.

Aims to fill a void that Google with its Google TV service will be available built into Sony TVs or via modem Reveu box manufactured by Logitech, whose estimated price could be around $ 200.

Google TV platform, and includes the above applications, is designed to surf the Web from your TV using Google Chrome as if they used a computer, follow the same philosophy as creators of Boxee, a software to watch series and movies Internet, which developed the Boxee Box. That device, valued at $ 199 and is slated for release in November, which will be announced as the largest set of applications for viewing content available on the Internet, also serve to surf the Internet.

The new Apple TV filed Wednesday by the company CEO, Steve Jobs, will seek another approach is less ambitious in terms of interaction, but more simple and economic management, $ 99. The device will hit U.S. stores in October with the idea of becoming a home video store with competitive rates and access to some Internet applications, an offer similar to that currently includes Roku XR, which moves in the same strip of price.

A matter of time to know what vision ends up convincing the viewer, the most interactive Google or Apple the most practical of a commercial pulse is called upon to modify more or less the way television is consumed. Amazon also announced its jump to this growing sector.

Key players in this technology race are content providers, mainly the large television networks and Hollywood studios, which since the advent of the Internet have seen a loss of income, especially in DVD sales, a business area would suffer even more.

Google may launch their music service along with Android 3.0!

You may have heard a thing or two about Google’s music service, likely to be dubbed Google Music.  The idea was discussed at I/O back in May, which expectations we would see something around September.  Well, September is here, and we’ve really heard nothing new about Google Music, until now.

Reports are now coming in that sources are revealing that Google Music may be landing sometime around Christmas.  Sources are also revealing that Google is planning to launch the service along with Android 3.0.  There’s only one catch, it seems that Google Music, being spearheaded by Andy Rubin himself, is having zero luck in signing deals with any major record labels.

Music is not the only area where Google is reportedly having difficulty getting content providers to come on board.  There have been numerous reports that they are having an equally difficult time swaying studios and networks to partner with them over Google TV.  One thing is for certain, though, and that is Google had better hurry up and get some record labels on board, or they will be launching a shiny new music service with no music to be found.

Gmail's Priority Inbox Auto-Filter importent E-Mails!

Google Inc. can sift through more than a trillion Web links in a matter of seconds, but can the Internet search leader help people wade through their overflowing e-mailboxes?

That's the challenge Google will try to tackle Tuesday with the introduction of a tool called "Priority Inbox" in its Gmail service.

The feature relies on formulas devised by Google engineers to automatically figure out and highlight which incoming messages are likely to be the most important to each Gmail user.

Users who opt to turn on the Priority Inbox will see their messages separated into three categories. "Important and unread" e-mails will be at the top followed by messages that have been previously stamped with a star by an accountholder. Everything else appears at the bottom.

Switching back to the standard view of the inbox can be done with a click on a link along the left side of the Web page.

Google's e-mail analysis is based on a variety of factors, including a person's most frequent contacts and how many other people are getting the same message. The content of the e-mail also is factored into the equation.

Although it might unnerve some people, the notion of Google's computers scanning through the content of individual e-mails isn't new. Google has been doing it for years to determine what kinds of ads to show to the right of e-mails and to block junk e-mail commonly known as "spam."

With more than 100 daily e-mails pouring into some inboxes now, people now need help to identify "the bacon and baloney" along with the spam, said Keith Coleman, Gmail's product director.

Google helped create the information clutter six years ago when it introduced its free Gmail service with a then-unheard of 1 gigabyte of storage per account. Other e-mail services quickly expanded their capacity limits to remain competitive, and now most inboxes can store multiple gigabytes of information.

Google updates its privacy policy!

Google has relooked and renewed its privacy policy after the settlement of privacy lawsuit over its Buzz. The users are warned with new privacy policy when they visit the Gmail website.  The company faced the lawsuit due to disclosure of private information including all contacts of Gmail.


“Long, complicated and lawyerly—that’s what most people think about privacy policies, and for good reason. Even taking into account that they’re legal documents, most privacy policies are still too hard to understand,” Associate General Counsel, Mike Yang, said in the Google’s official blog.

He further said that Google is not changing anything with regards to policy. He indicated that only thing that will be changed is the wording of the language.  “So we’re simplifying and updating Google’s privacy policies. To be clear, we aren’t changing any of our privacy practices; we want to make our policies more transparent and understandable,” he further said.

Google is going to delete 12 product-specific policies because of the duplication with Google main policy. In simple words, any policy that is being covered by both Google’s main policy and product specific privacy policy will be removed from product’s privacy policy.  Google is also updating the main privacy policy by “cutting down the parts that are redundant”.  The new privacy policy will be effective from October 3.