Blog

Eric Butler’s new ‘hack Facebook’ plugin for Firefox

Oh the mischief this new Firefox plugin is going to cause.

Firesheep adds a sidebar to Mozilla’s Firefox browser that shows when anyone on an open network — such as a coffee shop’s Wi-Fi network — visits an insecure site. “Double-click on someone [in the sidebar] and you’re instantly logged on as them,” said [plugin author Eric] Butler in his short description of his add-on.

Computer World says the Firesheep add-on has been downloaded more than 50,000 times since it was released Sunday. You can download Firesheep from Butler’s Web site. It’s extremely easy to install: just download the .xpi file; drag it to a Firefox window; and restart.

And it’s not just Facebook that Butler’s plugin makes double-click hackable, either. Others include:

  • Amazon.com
  • Basecamp
  • bit.ly
  • CNET
  • Dropbox
  • Facebook
  • Flickr
  • Foursquare
  • Google
  • Gowalla
  • Windows Live
  • Tumblr
  • Twitter
  • WordPress
  • Yahoo
  • Yelp
  • and others

The plugin is relatively easy to customize, too, meaning that someone with not much more than basic programming skills could easily add other domains to Firesheep’s default list. TechCrunch offers a pretty thorough explanation of how Firesheep works and the plugin’s impact, as well as a possible defense. The truth is, though, using the Internet on a public Wi-Fi network is inherently insecure. But that isn’t news, is it?

Top 100 Web sites in Cambodia

I was just doing some research into a new project and stumbled across Alexa’s “by country” rankings. Alexa is one of the world’s top Web traffic monitoring firms, with a database of statistics on hundreds of thousands of Web sites. Their numbers aren’t perfect, of course. Alexa tracks search and traffic data only from its own community. But that community is mostly representative of the larger Web, and the Alexa numbers are invaluable not only for the insight they offer, but because this kind of traffic information is not publicly available anywhere else on the Web.

Alexa Top 100 Sites in Cambodia.

A map of online communities

At first glance, the Map of Online Communities (2010 update) looks like so much more social network geekery.

Even upon closer inspection, it’s mostly just more social network geekery. Still, it’s a fascinating graphic — not only because the mountain of hours it must have taken to complete, but because the map quickly illustrates the complete contours on the entire social networking world, from Facebook as the massive, dominating China-esque center, to Twitter to Skype to YouTube, and a whole raft of lesser states. The map shows where people are most active in the online world. And where they are not. Strategize accordingly.

(HINT: You cannot afford to overlook Facebook.)

The promise of email marketing

In a blog post titled “Email Marketing: ‘I am not dead yet‘,” email marketing consultant Jeanne S. Jennings offers some fairly compelling reasons for getting serious about email marketing.

Each year, the Direct Marketing Association ranks marketing channels by the ROI generated. Email has lead their rankings for a number of years; in 2010 they project that email marketing will return an average of $42 for each dollar spent, down from more than $43 in 2009. Email is the leader by more than a nose; the #2 channel was Internet search advertising, which returned just under $22 per dollar spent in 2009.

Getting the right strategy in place, however, is not easy. Exact Target offers a 60-second quiz to help get you started.

More privacy troubles for Facebook

Facebook — for reasons of apathy, negligence or worse — still cannot secure the private details of its users.

Many of the most popular applications, or “apps,” on the social-networking site Facebook Inc. have been transmitting identifying information—in effect, providing access to people’s names and, in some cases, their friends’ names—to dozens of advertising and Internet tracking companies, a Wall Street Journal investigation has found.

The issue affects tens of millions of Facebook app users, including people who set their profiles to Facebook’s strictest privacy settings. The practice breaks Facebook’s rules, and renews questions about its ability to keep identifiable information about its users’ activities secure.

This unlikely will be the last time that the personal details of Facebook users get exploited for company benefit. Since its earliest beginnings, Facebook has gobsmacked many with its profoundly cynical privacy policies. At first, people were outraged. Then they were just angry. Now, the site is so large and so popular, and it has been pimping its users’ data for so long, that news of more blatant privacy violations elicits hardly more than a sigh.

I guess Zuckerberg was right after all.

Paddy Rice relaunch

Paddy Rice, the Irish sports bar on the river front in Phnom Penh, just rolled out a new look. The bar opened about 8 months ago. The first site was done in a bit of a hurry. Now, with a few months of life (and content) behind them, the redesign seems more substantial and focused.

Orange and green are the colors of the Irish flag.

Paddy Rice.

A different kind of crazy

After reading the first few paragraphs of this article in Slate, I thought surely this is the product of some science fiction writer’s imagination.

Around my son’s first birthday, I started holding my iPhone up to his ear when my wife called and saying, “It’s your mama, Luka. It’s your mama.” Our boy often made cooing sounds in response to her voice.

And when I snapped photos with the phone, I showed them to Luka in the moment. He responded with giddy joy.

We quickly fell into a ritual in which I played a slide show of the photos and video in the phone as I put him to bed. Along with Luka, his mother appeared most often in the photos. Usually, by the second run-through, he would be asleep. Once in a while, when I nodded off first, I woke up to discover Luka tapping the screen to replay the video.

And then one day, about two months later, my iPhone rang. My wife’s name appeared on the screen. Before I responded, Luka called out, “Mama!” I was so surprised—and proud. Evidence of their special bond, right? Soon after, Luka blurted out “Mama” again, while we were all in the living room. But he wasn’t facing his mother. He was facing the phone.

Viewed from the perspective of decidedly low-tech suburban Phnom Penh, life in the developed world looks disturbingly wired. Creepy even.

In a peculiar side note, the author of the article, Eric Pape, is a former Phnom Penh-based journalist. Pape worked at The Cambodia Daily in the 1990s. He co-authored “A Tragedy of No Importance,” an in-depth review of the 1997 grenade attack on Sam Rainsy, and he also helped inspire “Shake Girl,” a graphic novel based on the life of Tat Marina.

Pirates of anonymity

The perils of assuming you are anonymous.

ACS: Law, a law firm based in Great Britain that tracks down alleged illegal file sharers for the porn industry, saw its database compromised over the weekend by members of the Internet forum 4chan. In addition to private e-mails and financial data belonging to the law firm, the names of people whom ACS: Law has accused of downloading unauthorized copies of porn movies were also revealed.

That sounds bad enough. But it gets worse.

The blog Torrentfreak reported that among the information posted to the Web were e-mails from people pleading for mercy and “married men who have been confronted with allegations of sharing gay porn.”

Unfortunate, no doubt. Here in Cambodia, such high-tech attempts at tracking down online pirates seem remote. Untoward political speech and affronts to culture still remain the Kingdom’s most offensive topics. A few crude attempts appear to have been made at limiting information in this vein. Though like many law enforcement efforts, that crackdown too proved short-lived and of questionable success. Real-world piracy — that is, the millions of bootleg $2 music and software disks available in every local market — is still a much bigger problem, and costs the country far, far more money.

Weaponized software

Iran is fighting off a significant cyber attack, reports The New York Times. The worm, dubbed Stuxnet, represents a hellish breakthrough in the evolution of computer viruses.

Stuxnet, which was first publicly identified several months ago, is aimed solely at industrial equipment made by Siemens that controls oil pipelines, electric utilities, nuclear facilities and other large industrial sites. While it is not clear that Iran was the main target — the infection has also been reported in Indonesia, Pakistan, India and elsewhere — a disproportionate number of computers inside Iran appear to have been struck, according to reports by computer security monitors.

The Christian Science Monitor first reported on Stuxnet in June.  The primary source of the CSM story was computer security expert Ralph Langner, who has been chronicling his research of the virus on his Web site. Langner called Stuxnet the “hack of the century,” and said “Stuxnet is going to be the best studied piece of malware in history.”

Wired magazine, unsurprisingly, has the definitive story.

“It’s the most complex piece of malware we’ve seen in the last five years or more,” says Nicolas Falliere, a code analyst at security firm Symantec. “It’s the first known time that malware is not targeting credit card [data], is not trying to steal personal user data, but is attacking real-world processing systems. That’s why it’s unique and is not over-hyped.”

… Eric Byres, chief technology officer for Byres Security, says the malware isn’t content to just inject a few commands into the PLC [Programmable Logic Controller] but does “massive reworking” of it.

“They’re massively trying to do something different than the processor was designed to do,” says Byres, who has extensive experience maintaining and troubleshooting Siemens control systems. “Every function block takes a fair amount of work to write, and they’re trying to do something quite radically different. And they’re not doing it in a light way. Whoever wrote this was really trying to mess with that PLC. We’re talking man-months, if not years, of coding to make it work the way it did.”

Pchum Ben 2010

Thanks to Miss Lady J, I was up at oh-dark-thirty this morning to take some pictures at Wat Ounalom for the upcoming FCC newsletter.

Today marks the first day of Pchum Ben, Cambodia’s grandest religious holiday. It’s somewhat analogous to Mexico’s Day of the Dead festival, but without all the cool skeleton paraphernalia. Or tequila.

Pchum Ben — often clipped to just Pchum (p’CHUME) by the locals — lasts 15 days and culminates with a 3-day public holiday. Buffalo racing, wrestling and other pious endeavors are popular. For more than that, though, you will have to wait for Laura’s story.