Hasta La Gadget!

It’s never good when you have to make an official report to the public about a hacker attack your multi-billion dollar social network has had. That’s what’s happened this week as Facebook’s Chief Security Officer Joe Sullivan lets it be known that several engineers on staff with Facebook had been the subject of a zero-day Java exploit. The good news is that no customer data was exposed (that’s your stuff), the bad news is that Facebook wasn’t the only company targeted by this attack.

According to Sullivan, this attack worked as a “watering hole”, using an unnamed “popular mobile developer Web forum” as a trap for unsuspecting visitors. When the first user on Facebook’s engineering team visited the site, that engineer tripped a wire, so to speak, that let the zero-day Java exploit begin to take hold of machines at Facebook. The attack here is related back to a Java exploit documented by Oracle earlier this month.

Similar attacks have been popping up recently in several places, one of them relating to Twitter’s recent incident in which 250,000 account passwords were stolen. Another related event occurred with Mozilla as they made Java instances blocked by default – can’t be too careful!

With the Facebook situation it would appear that even the patch from Oracle wouldn’t have helped the engineers as Sullivan notes that this attack was “injected into the site’s HTML.” In this case any user visiting the site with Java enabled would have been infected, bar none. This situation did allow the hackers to gain access to some “corporate data, email, and come software code.” How much and how serious this breach really was is not being made entirely clear.

What is being made clear by Sullivan is that Facebook’s engineers are attempting to reduce the amount of products they use that are dependent on Java. Of course that’s not the end of the story as the hacking attack community rolls on – a cat and mouse game ensues for all time. Check the timeline below for more Java-related history to see how one bit of software history may be on its way out.

[via Ars Technica]

Facebook security reveals zero-day Java attack is written by Chris Burns & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Dan Rose, vice president of Partnerships at Facebook, just took the stage with host Mike Issac here at D:Dive Into Media 2013. In a nutshell, Rose is responsible for relationships with the myriad developers that end up in News Feeds in some way — regardless of whether the program is built for Facebook, or simply a program that shows interactions on Facebook. Right out of the gate, Issac asked about the ever-changing News Feed, and what users can expect from that in the future.

Rose noted that Facebook is constantly “trying to find that perfect equilibrium between a great user experience, while still being enticing to developers. We listen to users on Feedback who tell us if something is valuable. Hiding a post is negative, while Liking or commenting on a post would be positive — sometimes our algorithms don’t hear the user signal fast enough. In those cases, we work closely with our partners so that they understand why we’re making those changes. We want people to continue using Facebook, and the only way we do that is if we keep things interesting and we respond to user input.” In other words, it’s a constant battle between users who don’t want to be spammed by pitches in their feeds, and developers who want to get as much visibility as possible by getting into those very feeds.

He continued: “If a developer says ‘What’s the one thing I should focus on?’, the answer is simple: create great content. We’re spending a lot more time focusing on that, particularly on media content. Recently, we increased the size of photos for news sites — that’s a much better experience. That image needs to be large so that it captures the essence of the brand, rather than a thumbnail. With those larger images, people click more often (around 15 percent more). It does a better job of honoring their content.”

Filed under: Cellphones, Internet, Mobile, Facebook

Comments

The team behind the Google+ video chat environment “Hangouts” has updated the system this week to work with internet connection speeds of all varieties. To attach to those that normally wouldn’t be able to keep up with a video chat interface (be it Hangouts, Skype, or otherwise), the Google developers working with Hangouts have revealed two new features: a Bandwidth Slider and “Audio-Only mode.” This means Google+ is ready to do not just video chat, but phone calls as well – almost as if Google Voice has come to visit!

With Google+ invading on not just Skype’s territory here, but Facebook Messanger’s as well, it’s not surprising to see updates coming in faster and faster each month. Back when Google+ was first introduced, Hangouts were all but a whisper on the radars of their future competitors. Now it would appear that Google+, a social network of some note, is sending the message loud and clear: “we want everyone!”

This update comes from Google developer Tim Blasi who writes specifically to those of you out there working with “low and/or unreliable connectivity.” With the Bandwidth Slider you’ll be able to literally push the quality of your video feed up or down for quality based on how powerful your web connection will allow. This will also be nice for those of you that want to video chat but don’t need the top quality you’re allowed.

With Audio-Only Mode you’ve got a one-button tap to take you out of the video game entirely. This button has you continue to speak in a group Hangout as you normally would, but with your profile image replacing what would normally be your video feed. Sound like a winning combination to you?

We’ve also this week seen an update for Skype for iOS that included automatic call recovery as well as instant messaging improvements. The war is getting hot right here and now! Have a peek at the timeline below to see what Google+ Hangouts has brought to the table over the past few months as well.

[via Google+]

Google+ Hangouts get “bandwidth slider” to battle Skype is written by Chris Burns & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Both iOS and Android will be seeing an update to Twitter today with several feature boosts for connectivity of all kinds. The first of these changes comes in the way you Discover content with your Discover tab. That’s one of four major tabs in the official Twitter app at the moment, here coming with a stream that now incorporates Trends, Activity, and Tweets galore – after a few of one, there’s a few of another, and so on and so forth.

The Discover tab also now pushes you to explore Activity and Trends from a set of previews that appear right up near the top of the stream. With this new version of Twitter – again, for both iPhone/iPad and Android devices of all kinds – you’ll be seeing a brand new mix of results. Each time you search now you’ll be seeing a set of Tweets, Photos, and Twitter accounts that relate to your query. Also if you’re using the iOS version of this update to Twitter you’ll now be seeing a search button right from your home screen – right up in the upper right-hand corner near the tweet button (it’s the magnifying glass.)

With this update to Twitter you’ll be working with improved links. In this case it means that clicking a URL inside a Tweet will bring you directly to that website. In the past if you were using the official Twitter app you’d have had to see the full tweet first, then you’d be able to link out to the webpage you’d wanted to get to in the first place.

Your ability to Connect has been improved in this version of Twitter with the “Interactions” view turned on automatically. This view allows you to see all retweets of your tweets, mentions people have made of you, and new followers you’ve attained since you last checked. This change can be reverted back to the original “mentions only” view by heading to your Connect Tab in Settings – from there you’ll be able to easily tap on “mentions only” to switch back.

This version of Twitter will be available immediately if not soon from your respective app store, be it the iTunes App Store or Google Play – have at it!

[via Twitter]

Twitter update brings big Search and Discover boost is written by Chris Burns & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Media companies have been alight with hacking attempts and security breaches, including two recent statements from the New York Times and Wall Street Journal stating that they were the target of Chinese hackers. Now Twitter has come forward, stating that it recently noticed unusual access patterns that got its hackles up, resulting in the discovery of unauthorized attempts to access users’ information. As many as 250,000 accounts could be compromised.

While looking into the issue, Twitter found one attack as it was happening and put the kibosh on it. Still, when looking into the issue, the social network has found that information for about 250,000 compromised, including usernames and emails, encrypted/salted versions of passwords, and session tokens. To keep users safe, Twitter took several actions for those accounts.

All passwords and session tokens for the compromised accounts have been reset and revoked, with notification emails going out to those users informing them about what happened and how to create a new password. The social network likewise is encouraging its users to use safe passwords comprised of uppercase and lowercase letters, numbers, and symbols totaling a minimum of ten characters.

Users are being encouraged to disable Java in their browsers, which is notorious for the security threat it poses. Twitter said in the announcement that this was not an isolated attack, and that it was performed by “extremely sophisticated” hackers who knew what they were doing. The social network is cooperating with government and law enforcement agencies to identify who is responsible.

[via Twitter]

Twitter says it was targeted by hackers, 250,000 accounts compromised is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.