Aza Raskin, the creative lead for Firefox, has just posted about a new type of potential phishing attack , dubbed “tabnabbing.” Raskin has a proof-of-concept and an explanation for how this type of attack could work. Tabnabbing operates in reverse of most phishing attacks in that it doesn’t ask users to click on a obfuscated link but instead loads a fake page in one of the open tabs in your browser. Check out this tabnabbing scenario: You have a bunch of open tabs in your web browser, an e-mail page, Facebook, your bank account and maybe a bunch of news sites. While you’re reading your favorite Mashable.com content, the attack is able to hone in on tabs that haven’t been used or aren’t in focus and replace the favicon (the icon in your tab bar) and the title of the tab. When you click on that tab, a fake page is loaded in its place, maybe it is loaded to look like a standard login page. Because you already had this tab open legitimately before, you don’t bother paying any attention to the URL in the address bar and you enter in your login information. You’ve just sent your info to a nefarious third party. Raskin shows off how this works in this video: Pretty scary, right? Raskin details some methods that could make this sort of attack even more insidious, including checking to see if a user is currently logged in or out of a certain site in order to better offer up a believable fake page. How would this attack get on your system to begin with, you might ask? Plugins and add-ons are the most common way that intruders can gain access to your system. Client-side script injections by way of JavaScript, Flash, ActiveX and so on are responsible for many browser attacks. This is just one more reason to always make sure you’re using an up-to-date web browser. The Fix Raskin’s proof of concept is scary, but it isn’t fool proof. This is what you can do to keep yourself safe from these types of attacks: Keep your web browser up-to-date. Also make sure that plugins and extensions are up-to-date and from trusted sources. If you’re a Windows user, make sure you have anti-virus or anti-malware software on your computer Pay attention to the address in your browser’s toolbar, especially when it comes to login pages. It’s easy to get into muscle-memory mode and just assume that a tab is unchanged, but for important user accounts, keep an eye on that location bar. Consider using some sort of password management tool. Raskin points to the Firefox Account Manager as one method of using the browser for your identity manager, but plugins and tools like 1Password are good choices too. Rather than typing in user names and passwords individually, using an identity manager that compares the site you are on against the stored data in its database (making sure the addresses and DNS addresses matchup) will prevent you from entering in information into a false site. As of right now, this is not an attack that is out in the wild — it’s a proof of concept. However, tabnabbing does illustrate some of the ways that users can have information compromised by way of indirect attacks. For more technology coverage, follow Mashable Tech on Twitter or become a fan on Facebook Tags: Browsers , phishing , security , tabnabbing
We joked last week when Google changed its logo to a playable game of Pac-Man that the world’s collective productivity would take a sharp plunge, but it turns out that’s exactly what happened. The blog for time management tool RescueTime did the math and determined that Google Pac-Man consumed 4,819,352 hours of time, or $120,483,800 in productivity. The cost was determined by looking at how much time was spent on Google’s homepage the day the Pac-Man logo was up (48 seconds) versus the average amount of time spent on other days (11 seconds) and multiplied by the number of visitors to the site that day (503,703,000). The cost seems like a bit of a stretch, though. RescueTime assumed that the average Google user makes $25 per hour; that’s considerably higher than median income in Internet-connected nations. Also, you probably can’t assume that everyone who visited the site Friday was on the clock at work. If you haven’t wasted time at work playing Google Pac-Man already, you still have a chance to add to that lost productivity tally. Google has preserved the Pac-Man game logo at www.google.com/pacman (you can also download the game ) even though the front page has returned to normal. For more business coverage, follow Mashable Business on Twitter or become a fan on Facebook Tags: Google , online games , pac-man , productivity , rescuetime , search engine
The Dell Streak , a miniature tablet computer that runs a version of the Google Android smartphone operating system, launches in the UK early next month, followed by releases in the U.S. and the rest of the Europe later in the summer. Apple broke the dam by launching the iPad , so now we’re seeing lots of competing tablets show up. We’ve known that a Dell tablet has been coming for some months now. These devices should be easier to use on the go in your busy lifestyle than laptops with keyboards — in theory, anyway. The Streak will run Android 2.2 later this year, and with that upgrade will come Adobe Flash 10.2 support . Features and Specs The device has a 5-inch screen with 800 x 480 pixel resolution, and Dell has modified Android to take advantage of the additional screen space. For example, the notifications tray displays types of notifications that don’t show up on most Android smartphones. The Streak can be used to surf the web, run Android apps, play music and videos and make phone calls, though it’s quite a bit larger than most phones. You don’t have to hold it up to your ear, though; you can use a 3.5mm jack or Bluetooth to connect a headset. Other features include multi-touch (pinch-to-zoom is supported), GPS, 3G, Wi-Fi, a 1 GHz Snapdragon processor, a 5-megapixel camera and a VGA front-facing camera for video chat functionality “down the road.” Up to 32 GB of storage is supported. Demonstration Video Here’s a video demonstration straight from Dell. Unfortunately, it doesn’t radiate either hipness or accessibility. Dell will have to roll out some better marketing in the future if it wants this device to find mainstream success. Images For more technology coverage, follow Mashable Tech on Twitter or become a fan on Facebook Tags: android , dell , dell streak , Tablet
Yahoo announced today that it has acquired Koprol, a location-based social network in Indonesia. The service is similar to Foursquare and Gowalla , enabling users to connect and share photos, reviews and other information in real-time using their mobile phone browser. This acquisition is especially interesting in the context of Yahoo’s new partnership with Nokia . Yahoo says it plans to continue to invest in the evolving Koprol service, including mobile applications, like its newly released app for the BlackBerry. Yahoo explains that the company “is focused on providing personally relevant content to its global users on multiple devices and access points” and that it plans to “leverage the rich community of information generated by Koprol users to make its properties and applications, including its homepage and media and communications products, even more locally relevant.” Still, it’s unclear why Yahoo is making this type of acquisition. It may be a strategic move for Yahoo’s Asia region, and the company may not intend to grow the network beyond the area. How or if Koprol will hook into Yahoo’s other location-based tools and APIs, like Fire Eagle , has not yet been revealed. What do you think of Yahoo’s latest acquisition? For more business coverage, follow Mashable Business on Twitter or become a fan on Facebook Tags: geolocation , koprol , location , Yahoo
The top stories in the mainstream press are markedly different than those that lead on social media platforms, a recent study by the Pew Research Center’s Project for Excellence in Journalism revealed. Furthermore, what is popular on one social network rarely proves popular on another. In a 29 weeks that the Center tracked news items on blogs, Twitter and YouTube , the three platforms only shared the same top story once — the week of June 15-19, 2009, when Iranian citizens flocked to the streets to contest the results of the presidential election. Let’s take a look at what was popular on the different social networking sites and how that compares to what gained traction with traditional news media in 2009. Blogs Of the three social media platforms examined, news-oriented blogs and mainstream media have the greatest overlap. Bloggers tend to credit traditional news outlets for their information and focus on the same topics, mainly political and international news. Even so, the two had the same top story for a mere 13 of the 49 weeks they were evaluated together. Although blogs cover many of the same topics, the study found that bloggers tend to focus on more ideological and emotional stories — particularly those concerning human rights, like access to healthcare services or privacy on Facebook — and often with a personal or partisan angle. Bloggers also like to make a story out of “off-beat” or “buried” items in mainstream media coverage. Although bloggers often attribute their material to the mainstream press, this rarely happened in the reverse. Over the course of the year, the study found only one story that the mainstream media picked up from the blogosphere: a story based on a number of controversial e-mails about climate research dubbed “Climate-gate” . Because bloggers are so largely dependent on the mainstream media for their information — more than 99% of the stories cited in blogs linked to the websites of traditional news outlets — it will be interesting to see what will happen once major sources like The New York Times and The Times go behind paywalls . Where will bloggers get their information? Will they be as likely to link to stories if they are behind paywalls? How dramatically will that hurt referral traffic to traditional news sites? Twitter Compared to the blogosphere, Twitter’s community uses the platform more for sharing important breaking news items than for personal or political discussion, a method shaped both by the 140-character word limit — which does not allow for lengthy reflections — the service imposes, and because it is able to disseminate information through lists of followers quickly. Perhaps unsurprisingly, technology was far and away the most popular new topic on Twitter in 2009; of all the news stories shared or discussed on the platform, 43% were focused on technology. Technology makes up a marginal 1% of news coverage at mainstream outlets and 8% of blogs. Notably, few Twitter users appear to be interested in economic news; 1% of all news tweets were about the economy, compared to 10% of articles in the traditional press and 7% posts on blogs. Although technology is the Twitter community’s primary interest by and large, the top news subject in the latter half of 2009 was the aftermath of the Iranian election results. It remained the top news story on Twitter for seven straight weeks, much longer than on any other platform. Collectively, Twitter was more concerned with foreign events than the blogosphere and the traditional press, likely because its userbase is much more international . YouTube Like Twitter, YouTube is more of a platform to share and curate important information than a forum for lengthy discussions, although viewers are often active in the comments. Because videos take a long time to edit and upload, there is less of an emphasis on breaking news than on Twitter. What’s unique about YouTube is that its focus on politics and foreign events far surpasses that of any other platform. Of the news videos on YouTube, politics attracted 21% of views and international news attracted 26%, compared to 15% and 9% in the mainstream media, respectively. The study smartly points out that this is because “videos transcend language barriers in a way written text cannot.” What This Means for Mainstream Media The study underlines the large disconnect between what mainstream media thinks is “top news” and what social media users consider newsworthy, as well as the different kinds of content and discussion each platform attracts. It also suggests that if traditional news companies want to succeed online — that is, if they want to attract a large number of page views and be relevant to users on the web — they may need to alter their content to match readers’ interests. What do you find most interesting about the study? What does it imply for the future of news media, both new and old? [img credit: DRB62 ] For more social media coverage, follow Mashable Social Media on Twitter or become a fan on Facebook Reviews: Facebook , Twitter , YouTube Tags: blogosphere , BLOGS , new media , news media , old media , technology , twitter , youtube
This post is part of Mashable’s Spark of Genius series, which highlights a unique feature of startups. If you would like to have your startup considered for inclusion, please see the details here . The series is made possible by Microsoft BizSpark. Name: moBistro Quick Pitch: Create your own mobile websites that are compatible on 98% of all smartphones with a simple user backend. Genius Idea: moBistro is a service that makes it easy for business owners to create mobile versions of their websites without having to do any coding on their own. Many of the features are aimed at restaurant owners, who often have Flash-based websites that break on most mobile phones. While other sites like MoFuse also offer mobile website creation, moBistro is unique in its restaurant-focused options. Users can easily add in location data, links to external sites like OpenTable, events that can become accessible in a calendar, menus, special offers and more. Everything on your moBistro site is manageable through a control panel that was designed to be easy to use and operate. When it comes time to serve the website, moBistro will automatically redirect mobile phones to the correct version of the site, depending on what capabilities the phone has. You can customize moBistro to fit with your business’s branding and color scheme and you can monitor mobile web traffic from Google Analytics. moBistro doesn’t just create the mobile-friendly version of your website; it hosts it too. That’s good for users who don’t want to have to deal with configuring their web server to serve the mobile version of their sites, however, it does make the product more expensive. While we think the services offered by moBistro are great, we think the pricing — which starts at $19.99 per month — is a bit high for this kind of service. Still, the ability to easily create mobile-friendly content that can work on hundreds of devices without having to do any coding is an idea that should appeal to lots of business owners who are trying to figure out how to best address the mobile web. Sponsored by Microsoft BizSpark BizSpark is a startup program that gives you three-year access to the latest Microsoft development tools, as well as connecting you to a nationwide network of investors and incubators. There are no upfront costs, so if your business is privately owned, less than three years old, and generates less than U.S.$1 million in annual revenue, you can sign up today . Entrepreneurs can take advantage of the Azure Services platform for their website hosting and storage needs. Microsoft recently announced the “new CloudApp()” contest – use the Azure Services Platform for hosting your .NET or PHP app, and you could be the lucky winner of a USD 5000* ( please see website for official rules and guidelines ).” Tags: mobile web , mobistro , Web Development
The Lazarus Effect, a new documentary presented by (RED) — the organization that is working the help eliminate AIDS in Africa — is debuting tonight on HBO, Channel 4 in the UK and YouTube. Directed by Lance Bangs and produced by Spike Jonze, the thirty-minute film follows four people in Africa whose lives were saved thanks to antiretroviral drugs. The film will first air on HBO and 9:00 p.m. EDT and at 11 p.m. GMT on Channel 4 in the UK. Then at 9:30 p.m., the film will air on YouTube , where it will available globally and remain online for the rest of the year. This is the first time that an HBO film is getting this kind of global distribution and the film is the centerpiece of (RED)’s digital campaign for the coming year. Check out this trailer to see what the film is all about: The iPad, Facebook and Twitter In addition to being available on YouTube, (RED) will release a free iPad app tomorrow in conjunction with the film. The app will contain the full-length film, as well as additional information about how antiretroviral drugs work and photos of the transformative effect that ARVs have had in Africa. The app will also include ways for users to take action by joining (RED) or lobbying governments. We think that having an iPad app is a really cool part of the campaign — especially since the device’s design makes it a great way to watch a film and then dive into more details about the people, the issues and the potential solutions. Facebook and Twitter are also both going to be used to promote the film and its overall message. (RED) is asking that users tweet and post status updates with the #lazaruseffect hashtag to spread the word about the cause — including facts like “40 cents a day in Africa = 2 lifesaving pills.” HBO also built a special Lazarus Effect Facebook page that users can use to send pre-formatted messages to Twitter or Facebook. Social Media Meets Global Need We’ve written a lot about the role that social media and new technologies are playing in campaigns for the global good. As we’ve seen with the Red Cross’s efforts in Haiti, social media can be a powerful tool to get a message across to lots of people all over the world. The overall message of the film — that HIV/AIDS is preventable and treatable, and that access to treatment is a fundamental part of helping eradicate the disease — is one I fully support. Check out the film, whether you watch on HBO, YouTube or the iPad and then get the word out about what we all can do to help. For more entertainment coverage, follow Mashable Entertainment on Twitter or become a fan on Facebook Tags: hbo , ipad apps , lazarus effect , outreach , Red , youtube
According to Apple’s latest commercial , “iPad goes anywhere” — anywhere that is, except for Yankee Stadium . Yahoo! Sports confirmed with the stadium that the iPad falls under its “no laptops” security policy and patrons won’t be able to enter the ball field with one in their possession. Say what now?! So the TSA says that you don’t have to take an iPad out of its case to go through security, but Yankee Stadium says the device is a no-go? The discussion surrounding the ban was spurred from a message by poster Spacekatgal on the IGN Boards . Spacekatgal tried to bring her iPad in to the Yankee/Red Sox game, only to be turned away at the gate. Undeterred, she did re-enter the stadium with her iPad in her jacket — but the ban exists all the same. Now while you can reasonably argue why someone would want to bring an iPad (or any electronic device aside from a cell phone) into a ball game, the out right ban of such a device does strike us as pretty funky, especially when at a stadium that has WiFi throughout the complex. In any event, if you want to bring an iPad to Yankee Stadium this summer (assuming you’re sitting in the shade), you might want to make sure you’ve got a bag or windbreaker that can mask said device from the security guards. Or you could just leave the gadgets at home and watch the game. What do you think of this security policy? Let us know! For more Apple coverage, follow Mashable Apple on Twitter or become a fan on Facebook Reviews: Facebook , Twitter Tags: Baseball , ipad , ipad ban , yankee stadium
Tonight is the series finale of Lost and ABC is going all out, dedicating four hours of programming to the finale. The action isn’t just taking place on television, the network is getting into the live fanchat action too. Starting at 6:30 pm EDT and running until 3:00 am EDT, Lost fans can chat with other fans live at http://abc.go.com/shows/lost/live-chat-intro . The chat, which starts just thirty-minutes before the east coast broadcast of the Lost retrospective special, will be accessible using your Facebook, Twitter or MySpace accounts. For a show that has had such a strong online following, we think this is a pretty shrewd move on ABC’s part. Keep in mind that if you join in the chat after 9pm eastern time, it’s possible you could catch some spoilers regarding the finale, so west coast fans, it’s probably better to get offline at 6pm until the finale starts on your end. On Facebook, ABC has created an event for the Lost Series Finale that includes a full schedule of the television events. Earlier today, the Lost producers posted a link to a special musical tribute montage created and edited by Alex Levy, the music editor for the show. Will you be chatting about Lost online tonight? What are your plans for staying spoiler-free? Let us know! For more entertainment coverage, follow Mashable Entertainment on Twitter or become a fan on Facebook Tags: fan chat , lost , lost finale , televisiont , tv
If Friday’s Google Doodle didn’t feed your Pacman Fever, you download the special Google version of Pacman and play on your own time! Over at StackOverflow , users worked together to figure out how to extract and host the special version of Pacman, created by Google in honor of the yellow guy’s 30th birthday, for play online or off. You can play the game live at http://macek.github.com/google_pacman/ or you can download the code and run the game from your browser anytime, by downloading the source at Github. This is what you want to do: 1. Go to http://macek.github.com/google_pacman Click on the “Download Source” button near the top of the page. It doesn’t really matter what option you choose for downloading, TAR or ZIP, but if you are on a Windows machine, choose Zip. 2. Unzip the Folder The folder will have a name like “macek-google_pacman.” Once unzipped, you’ll see some files and a folder labeled source. Double click on the index.html file. 3. Play Google Pacman Enjoy! Other Pacman Options If you find your Pacman needs not being met by the Google version of the game, there are some other free or inexpensive alternatives! Namco has a special website set-up in honor of Pacman’s 30th Anniversary which includes history about the game, art, and games you can download for your PC or mobile device. Windows users can download the original Pacman game from Namco’s official site for just $2.99 . You can download a trial version first to see if it’s worth the $3. Mac users can enjoy Pac The Man X , a free Pacman clone for Mac OS X. The game supports one or two players and is fun, but be aware that it moves much faster than the original game. Linux users can enjoy NjAM , which our friend Richard Stallman will like, as its licensed under the GPL. On the iPhone, Ms. Pacman and Pacman Championship Edition are both on sale for $0.99. Pacman Lite is also available for free. On the Android front, at one time, Namco had an official Pacman game available in the Android Market but we don’t know its current status. However, Mazeoid , a Pacman clone, is available for free. You Tell Us: Best Pac-Man Ever So what is your favorite Pac-Man game of all time? The Arcade, the NES, maybe a mobile version? Let us know! Tags: games , pac-man , pacman , software
