Aug 11
We just received a tip that the source code for the Facebook main index page has been leaked and published on a blog called Facebook Secrets. There are only two possible ways that the source code got out - the first is that a Facebook developer has sent it out, or the more likely option that a security hole has been used on either one of the Facebook servers or in their source code repository to reveal the code. The blog that published the code only has a single post on it, so it was created exclusively to publish this code - meaning that whoever is behind this both isn’t taking credit for the hole and doesn’t want to be associated with it. While there is no certain way to verify if the code is actually from Facebook, by taking a quick look through the code and by double-checking some paths that have been referenced, we can say with some certainty that this seems to be both real and also a recent version of the main Facebook page.
There are a number of clear ramifications here. The first is that the code can be used by outsiders to better understand how the Facebook application works, for the purposes of finding further security holes or bugs that could be exploited. Since Facebook is a closed source application, without access to the code security holes are usually found through a process of black-box testing, whereby an external party will probe the application in an attempt to work out how the application behaves and to try and find potential race conditions. In closed source applications it is common that developers rely on the closed nature of the application to obfuscate poor design elements and the structure of the application. An attacker getting access to the source code more often than not leads to further security holes being discovered. It is for these reasons that it is often claimed that open source software is more secure than closed source software, since there are many more eyes auditing the code and obfuscation can’t be used as a security measure.
The second implication with this leak is that the source code reveals a lot about the structure of the application, and the practices that Facebook developers follow. From just this single page of source code a lot can be said and extrapolated about the rest of the Facebook application and platform. For instance, the structure doesn’t follow any object oriented development practices, and it seems that the application is one large PHP file with a large number of custom functions living in the same namespace (they also seem to be using the Smarty templating engine).
This leak is not good news for Facebook, as it raises the question of how secure a Facebook users private data really is. If the main source code for a site can be leaked, then it can be said that almost anything is possible. Facebook has become such a success and has such a high profile that it has become a magnet for attacks against its systems. Most large scale applications suffer a breach at some point or another, since the odds are always stacked in favor of attackers, but companies can respond in a number of ways and the hope here is that Facebook will handle this situation gracefully. I don’t doubt that Facebook will pursuit this case with a lot of energy to both find the cause of why the code has leaked as well as to find who was responsible. They will also need to take some very quick short term measures to mitigate the risk to users since you can bet that right this minute there are hundreds of potential attackers pouring through the leaked code and probing their systems. At a quick glance, I know that I can see some obvious things in the code that both reveal certain hidden aspects of the platform and give a potential attacker a good head start.
Crunch Network: MobileCrunch Mobile Gadgets and Applications, Delivered Daily.
Source: Nik Cubrilovic
written by
Aug 11
air-conditioner, air condition, AirCondition, cheap, texas, cooling, AirConditioning, mod, car, ac, air conditioning, hack
Filed under: Transportation
Trust us, Texas isn’t the only place on the verge of melting right now, but this solution to solving one’s automotive AC problems is the perfect marriage of tawdry and frugal. As you can clearly see in the photo above, a University of Houston graduate student opted to retrofit a home air-conditioner into his vehicle rather than coughing up $1,200 to have it repaired the right way, and while we’ve no idea how much he spent on the unit itself, the wiring, or the additional gas thanks to the added drag, we have a sneaking suspicion that this mod was about more than dollars and cents. Click on through for a few more photos, but please refrain from trying this on your own ride, cool?
[Via Wired]Continue reading Grad student bolts air-conditioner onto car to beat Texas heat
Read | Permalink | Email this | Comments
Office Depot Featured Gadget: Xbox 360 Platinum System Packs the power to bring games to life!
Source: Darren Murph
written by
Aug 11
“The uproar over online hunting has far outpaced its actual practice. It would appear that there’s only been one such site in the US, which wasn’t even up for very long in 2004″ i.e. the practice of using a mouse click to kill animals on a distant game farm for a fee. See submitters comment.
Source: Digg / Technology
written by
Aug 11
![]()
Apple isn’t just sitting on the sidelines as startups like iLike and MOG and others try to tackle the social music space. Many of these services gather user music preferences via an iTunes plugin. You are then able to tell the world what music you are listening to, get recommendations for new music you might like, etc. People love this stuff, as evidenced by iLike’s ridiculous growth and Last.fm’s $280 million acquisition by CBS.
Apple has launched My ITunes, a set of widgets that may be a first step in taking their fair share of the social music market. Niall Kennedy caught site of it a couple of days ago.
iTunes is giving you an effortless way to keep your friends up-to-date with your favorite music, TV shows, movies, and more. My iTunes widgets are simple, self-updating add-ons for your web page, social-networking profile, or blog.
Use My iTunes to share your top reviews, favorite artists, and new music, movies, and TV shows from the iTunes Store with anyone who visits your site.
There are currently three embeddable widgets to choose from. One shows recent iTunes purchases. Another shows music you’ve reviewed on iTunes. The last shows a sort of tag cloud of artists you’ve purchased on the iTunes store. The widgets can be customized by size and color.
The first and last widgets only work if you’ve actually bought stuff on iTunes. I’ve bought enough things to create a thinly populated widget below. But what would be far more interesting is a widget that, like iLike, shows your favorite music and plays at least a 30 second snippet of each song.
Crunch Network: CrunchGear drool over the sexiest new gadgets and hardware.
Source: Michael Arrington
written by
Aug 11
Filed under: Laptops
Notebook Italia has shots and specifications for a rumored 17-inch Dell Precision M6300 laptop, which could replace the ageing Dell Precision M90. We’ll start with the most interesting feature, which is a BTO option for up to 8GB of installed RAM available when you include a copy of Vista 64-bit. Beyond that, the M6300 is rumored to feature Intel Core 2 Duos from 1.8GHz up to 2.4GHz, with a 2.6GHz Intel Core Extreme X7800 topping out the line. It’ll also come with options for NVIDIA Quadro FX 1600M, 2600M, or FX 3600M graphics cards. There will apparently also be options for 1440×900, 1900×1200, and 1920×1200 glossy and matte displays, and a Blu-ray drive configuration. The word is that this model could ship by August 31st, so at least you haven’t got long to wait.
Read | Permalink | Email this | Comments
Office Depot Featured Gadget: Xbox 360 Platinum System Packs the power to bring games to life!
Source: Conrad Quilty-Harper
written by
Aug 11
![]()
Online porn is usually a cutting edge industry and it is always all about the money. The industry is often first to the Internet with new features that eventually trickle down to mainstream consumer sites.
The latest wave of web innovation, though, was centered squarely on consumer sites. And the porn guys have adapted many of those features to create massively successful second generation adult content sites. PornoTube was the first we came across, in mid 2006. Others, like EroShare, have followed. We also mentioned Red Light District, a virtual world, in a recent roundup post.
Go2Web2 has just posted a roundup of some additional ones. Some of these have fantastic names - MegaRotic, Fantasti.cc, NippleByte, and StumblePorn, for example.
Many of these sites are little more than lead generation tools for more traditional porn sites (and if you are going to visit them, put on some protection first). But it is fascinating to see the industry try anything new to get new money in. Lots of competition and lots of money drive all of this.
Crunch Network: CrunchBoard because it’s time for you to find a new Job2.0
Source: Michael Arrington
written by
Aug 11
Download Squad reviews the new Mahalo Follow continuous search feature. Offering live search comparisons side-by-side with other engines, Mahalo Follow also brings an interesting feature to the table: continuous search that follows your browsing, constantly evolving the results it presents based on the sites you visit.
Source: Digg / Technology
written by
Aug 11
PC World - MySQL AB has made it harder for developers to use the enterprise edition of its database software for free, sparking a debate about whether the company has strayed from its obligation to its open-source community.
Source: DAN MITCHELL
written by
