Myspace Worm Using Quicktime HREF Track

Apple Quicktime

Just great. For a long time I have been trying to figure out a way not to let Quicktime spawn web pages. Not only is it annoying but now it can get you phissed: 

It begins with a QuickTime file being embedded in a Profile page. If the user “runs” the file (simply visiting the infected page is enough to trigger the attack in most cases), it uses the HREF function to activate some JavaScript.

Allowing JavaScript from a movie file….whoops.

When this happens, the profile page is “infected” and pastes a fake overlay of options onto the profile page – the most serious of which is (of course) the fake login button. If your page has been affected, you will see a strange, blue navigation bar such as this on your page. If this is the case, you will need to clean out your profile and check if any of your friends have also been infected – if they are, you will continue to be reinfected…most likely via the friends list itself. We have seen reports of users complaining that even when they’ve removed the fake navigation bar from their page, it comes right back if one of their friends is infected – so it looks like the friends list is being exploited in much the same way the Orkut worm used a similar feature to spread. Except in this case, the only option to fix the problem is get your friend to remove the infection code from their page, or remove your friend from your list indefinitely.

Going back to the fake login, if you enter your details, you have officially been Phished.

Myspace Worm Using Quicktime HREF Track

Ptotopage V3

Protopage V3I’m a big fan of Protopage mainly because I forget things. Think of it as your plastic homepage. Very versatile and flexible. There has been a new release that adds all sorts of new features to it like streaming video windows, DIY widgets, Flickr photo feeds, and an improved RSS reader.
For more on the latest updates and stuff like that you can read the developers blog page. I think that once you give it a try your going to like it.

Protopage V3

Veterans Day, Remembrance Day

poppysToday as I get ready to do some holiday server upgrades where I work, I can’t help but think about Veterans Day (or in other parts of the world, Remembrance Day or Armistice Day). Today is when we thank all of those who have fought for our freedoms and our way of life. We can never forget what they have done for us, if it wasn’t for them the world could be a much different place. I wish I could personally thank each person that has served their country but many have passed on either naturally or because they never came back from their mission. But for the ones that are still here, either still serving or living their lives like all of us now, I thank  you for what you have done. On the 11th hour or the 11th day of the 11th month or the year 1911, hostilities ended on the western front. It was hoped to be the war to end all wars, World War I. Sadly this was not true. At 11am people around the world pause for two minutes of silence in honor of those who gave their lives during those great conflicts. One minute for each war. It’s also a tradition to buy a poppy pin in support of veteran groups everywhere. If you see someone selling poppy pins today, buy one and shake the hand of the veteran selling it. Thank them for whey they have done because you have just met a true hero.

TWiT is Dead, Long Live Net@Night

net@night Sweet! I was a bit annoyed when I found out that my favorite podcast, er, netcast, ‘This Week in Tech’ (TWiT) had been put on hold because no one was available. Thats burn out, pretty sure of that. Anyway, Leo Laporte is back! He and Amber MacArthur will be doing a tech review show so we can still get our dose of Leo. I’ll miss the grumpy Dvorak but maybe he will be back as a guest. The cool think about all this is the show will be netcast’ed live so people can call in. I love that! That to me is the one big dynamic thing that podcasting, er, netcasting (I’ll get that right someday) has been missing. Radio call in shows have been doing it for decades but that works because of the serious money used to get phone lines, equipment, and hardware. If this software they they are using (Talkshoe) works then this could be the start of a true revolution in Internet entertainment. Think if Sirius used this during their regular Internet radio broadcasts?

Amber and I are proud to announce the first live TWiTcast. We’re reinventing Inside the Net, and renaming it net@nite. You’ll still be able to listen to the show as a podcast every Tuesday, but you can also listen live as we record it Sunday nights. Even better, you can participate.

Web 2.0 on TWiT 2.0

Lik-Sang Out of Business Due to Sony Lawsuits Oh man, this is a definite sign of the times. Now I’m regretting not buying those maracas controllers for my Dreamcast when I had the chance. If you have ever needed an odd chunk of gaming gear for your PS1, Dreamcast, Nintendo, or just like playing Japanese games on US/European consoles you have probably visited this site. All I can hope is that someone fills in their place soon., the popular gaming retailer from Hong Kong, has today announced that it is forced to close down due to multiple legal actions brought against it by Sony Computer Entertainment Europe Limited and Sony Computer Entertainment Inc. Sony claimed that Lik-Sang infringed its trade marks, copyright and registered design rights by selling Sony PSP consoles from Asia to European customers, and have recently obtained a judgment in the High Court of London (England) rendering Lik-Sang’s sales of PSP consoles unlawful.

[via boingboing

Important Notice: Out of Business due to Multiple Sony Lawsuits