This is what work at Medeco looks like.
UPDATE: This was actually a little test on posting directly from a photo taken on the iPod Touch, and posted to a WordPress blog. Kurt Wilhelm was the unsuspecting subject in this picture.
Game of the week: Fantastic Contraption
June 17, 2011 By Leave a Comment
This week’s GotW is Fantastic Contraption, a puzzle game where the goal is to get a pink ball into the pink area.
You have a work shop area, where you build the contraption to move the pink ball to the target area. When you press the Start button, your contraption takes off and moves by itself (hopefully) into the direction of the target (hopefully).
There are several different levels of difficulty, and the full version ($10) gives you access to more user-generated levels and the ability to generate your own levels.
Maintenance on website for speed issues
June 9, 2011 By Leave a Comment
We’re experiencing some speed issues with the website currently, and we’re trying to get these resolved as quickly as possible. Bear with us please.
It’s not too late to change your Facebook password – is it?
June 8, 2011 By Leave a Comment
For the last several years, ever since Facebook allowed third-party access to your data, your account with Facebook could have been taken over.
Not by Firesheep (although the principal is similar), but because of the third-party application actually leaking an access token outside of the conversation between you, Facebook and the third-party.
In a nutshell, the sequence of events allowing this are as follows:
- You’re logged in to Facebook, and want to play a game (start up a third-party application)
- The third-party application presents a permission dialog page, where you allow the application access to your friends, your personal information, and posting on your wall.
- The third-party application gets an access token from Facebook, which allows it to do all these things without you having to explicitly give them permission every time.
- That token is exchanged with Facebook every time the third-party issues requests.
So far it is very similar to the Firesheep issue. However, the twist here comes if the third-party application uses a legacy Facebook API:
- The access token is sent as part of the URL
- The application requests resources from another site (such as an advertiser).
- The advertiser receives the referring URL, which contains the access token.
Now the advertiser has the access token that the third-party application uses, and can use that to do the same actions you allowed that application. Best case it now has a list of your friends, worst case you’ve just given the advertiser the right to post on your wall.
And since requests are normally logged, it is even possible that when the advertiser’s site gets hacked, the hacker finds the log, containing these access tokens, and can do these same actions.
Symantec has identified this issue back in late April, and Facebook has since then taken steps to remedy this problem. However, none of these steps completely remedy the problem until September 1st, when the legacy API calls that allow this venue of attack are disabled, and replaced by OAuth.
So what can you do to prevent your account being used as a beach head of attack?
- Review what rights you’ve given to what applications, and delete rights you no longer use or think are unnecessary. This is done in Facebook under Account, Privacy Settings, Apps and Websites, Apps You Use.
- Insist on using HTTPS wherever you can, and think twice about third-party applications that do not support it.
- Change your password. Changing your password invalidates the previous security tokens.
Symantec states that to their knowledge no Facebook users were impacted by this issue. However, this is a definite possibility of attack, and a few good security principles can keep your account safe (or safer) from attacks.
Google I/O 2011 – Keynote Day 2
May 12, 2011 By 1 Comment
I was unfortunately tied up for the whole afternoon and part of this morning with production issues, but here is a little bit of information about the 2nd keynote for Google I/O 2011.
The keynote for Google I/O 2011 Day 2 is centered on the Chrome browser, and the HTML5 push.
- Chrome has now 160M active users (on Automation Adventures, the number one browser is Firefox with 35%, followed by Chrome and IE, both with close to 29%)
- Voice recognition built into Chrome
- Demo with clicker – easy addition of speech recognition
- Demo of Google Translation with speech recognition
- TinkerCad demo of HTML5 and WebGL
- Chrome WebStore In-app payments: 17 million installed, 2x more time spent in apps, 2.5x more transactions. Literally 1 line of code to activate.
- Webstore will expand around the world, available in 41 languages.
- Angry Birds now available in the Chrome Web Store!
- Chromebooks coming next month. Samsung and Acer will be producing Chromebooks, which will be available June 15th through Amazon.com and Best Buy. Available in 7 countries.
- Monthly Chromebook subscriptions for businesses ($28/user/month) and schools ($20/user/month). Also starting June 15th. More info here.
The main focus seems to be on ease of management for the IT department: the hardware and OS fade away by being replaced by the netbooks, and the applications are centralized web applications. The main pain will actually be felt by the same IT department, since a lot of the applications in most organizations are not web based. Virtualization is an alternative there, but I haven’t seen a proven and reliable Remote Desktop or Virtual Machine client for Chrome OS yet. Until then, this remains an interesting alternative to installing a browser on a bare machine…
Recent Comments