May 292013
 

150px-Ruby_on_Rails.svg

Attackers are exploiting an extremely critical vulnerability in the Ruby on Rails framework to commandeer servers and make them part of a malicious network of hacked machines, a security researcher said.

Ars first warned of the threat in early January, shortly after Rails maintainers issued a patch for the vulnerability. Ars warned at the time that the vulnerability gave attackers the ability to remotely execute malicious code on underlying servers. Criminals’ success in exploiting the bug to make vulnerable machines join a botnet suggests that many server administrators still haven’t installed the critical update more than four months after it was issued.

Servers that have been exploited are infected with software that caused them to join an Internet Relay Chat (IRC) channel on one of at least two servers, security researcher Jeff Jarmoc said in a post published Tuesday to his personal website. Attackers can force servers to download and execute malicious code and join new IRC channels from there.

MORE:   Critical Ruby on Rails bug exploited in wild, hacked servers join botnet | Ars Technica.

 

 

 

May 292013
 

 random-numbers

I’ve been hearing for years that designers need to learn to code. At first I thought I’d just end up doing two jobs instead of one. But the better I get at coding, the more I understand how connected they are. As a designer in the digital spectrum, you realize that your very work–your material, which exists in the world–is code. How can you design something if you don’t know how it works? So, designers, step into the ring.

THE FIRST PUNCH

I want you to download Processing. It’s a language built on Java and it focuses on images and animation. It’s good for designers because it gives you solid visual feedback about what your code is doing. After you download Processing, I want you to watch the video below. It’s a Processing sketch (a sketch is what the programs are called in Processing), and this is your first gentle punch. The video is about ten minutes long and shows a few simple examples of how to use numbers in different ways in order to make simple shapes on the canvas. Try to follow along with me and type everything out as I do, because I think it’ll help you learn.

MORE:   Designers: Learn To Code! Here’s How To Start | Co.Design: business + innovation + design.

 

 


 

May 292013
 

 facebook

A new scam going around Facebook recently begins with a message to page owners about a new “Fan Page Verification Program.” From there, users are prompted to share their Facebook email and password, which is part of a phishing scam.

Similar to another scam that targeted page admins in the past, the message purports to be from Facebook Security and is designed to trick users into sharing their Facebook login information. This latest scam, detailed by Hoax-Slayer, tells page owners that they qualify for a new security feature and must choose a 10-digit security code by May 30, otherwise their page could be suspended. The message includes a link to a site with form fields for their page URL, email address, password and a “transferring code” of their choice.

MORE:   ‘Fan Page Verification’ scam goes after Facebook page admins.

 

 


 

 

May 282013
 

 facebook

Marketers at Vistaprint, Dove and Nissan will have been very busy recently. All three have fallen victim to advertising appearing next to compromising content on Facebook. The companies found their collateral next to materials supporting and making light of domestic abuse which has led to a customer backlash and severe criticism in the media.

Both companies were quick to respond to the issue, with Vistaprint posting an explanation on their Facebook page, and Nissan on their Twitter feed. While Dove hasn’t replied on either platform, it’s written to campaigners to apologise. However, the fundamental problem with the Facebook platform is that it targets individuals and not the content of each of the pages where the adverts land. Because of what might be totally innocent searches of Facebook or page ‘Likes’, adverts can then appear on pages which have the worst kind of content on them. And according to Facebook’s own rules, it’s up to users to self-regulate the site. There are no protective measures in place for brands.

All of this comes at a time when the pressure group the Everyday Sexism Project has been challenging brands to better manage where their advertising appears. The group wants companies to introduce stricter practices to help prevent against them appearing to support such material.

MORE:   Vistaprint’s Facebook fail just the tip of the iceberg « iMediaConnection Blog.

 

 


 

May 282013
 

 CSS3_logo

Knowledge needed: Basic HTML, Basic CSS/CSS3

Requires: Code Editor

Project time: About an hourDOWNLOAD SOURCE FILESVIEW DEMO

Create a modern CSS3 hover effect by using CSS transitions, transforms and delays

A CSS transition gives us the ability to animate changes to a CSS property value. This can be used to smoothly change a value, and by using transition delays we can cue the transition of elements. A CSS transform allows us to transform elements in two or three dimensional space. In this tutorial, we will be using 2D transformations.

MORE:   Create modern CSS3 hover effects | Tutorial | .net magazine.

 

 


 

May 282013
 

 

Opera has built a new Web browser from the ground up, and it’s available now on Windows and Mac.

The new Opera, which the organization is calling Next, its channel for what used to be known as “beta,” was built from scratch, it claims. What has resulted is a much cleaner interface and a host of features that Opera says, will make it easier for users to find contents.

The big change is that Opera has replaced its proprietary engine Presto with the Chromium engine. That will allow the company’s browser to load more quickly and handle slow network connections more effectively.

MORE:   Opera Next makes its debut on Windows, Mac | Internet & Media – CNET News.

 

 


 

May 282013
 

 random-numbers

In March, readers followed along as Nate Anderson, Ars deputy editor and a self-admitted newbie to password cracking, downloaded a list of more than 16,000 cryptographically hashed passcodes. Within a few hours, he deciphered almost half of them. The moral of the story: if a reporter with zero training in the ancient art of password cracking can achieve such results, imagine what more seasoned attackers can do.

Imagine no more. We asked three cracking experts to attack the same list Anderson targeted and recount the results in all their color and technical detail Iron Chef style. The results, to say the least, were eye opening because they show how quickly even long passwords with letters, numbers, and symbols can be discovered.

The list contained 16,449 passwords converted into hashes using the MD5 cryptographic hash function. Security-conscious websites never store passwords in plaintext. Instead, they work only with these so-called one-way hashes, which are incapable of being mathematically converted back into the letters, numbers, and symbols originally chosen by the user. In the event of a security breach that exposes the password data, an attacker still must painstakingly guess the plaintext for each hash—for instance, they must guess that “5f4dcc3b5aa765d61d8327deb882cf99″ and “7c6a180b36896a0a8c02787eeafb0e4c” are the MD5 hashes for “password” and “password1″ respectively. (For more details on password hashing, see the earlier Ars feature “Why passwords have never been weaker—and crackers have never been stronger.”)

While Andersons 47-percent success rate is impressive, its miniscule when compared to what real crackers can do, as Anderson himself made clear. To prove the point, we gave them the same list and watched over their shoulders as they tore it to shreds.

MORE:  Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331” | Ars Technica.

 

 


 

May 212013
 

 facebook

Since the beginning of last year, we’ve seen a steady increase in the number of ad placements and supported platforms available to advertisers on Facebook. Now, knowing what options you have at your disposal is more important than ever!

Facebook took improvements in ad space pretty seriously and implementing these changes proved to be a successful – Facebook’s mobile efforts, in particular, are starting to achieve impressive results.

During the first quarter of 2013, 30% of Facebook’s ad revenue came from mobile devices, rising from 23% during the previous quarter and 14% the quarter before that. In the first quarter of 2012, Facebook mobile constituted 0% of its total revenue. The company has also begun focusing more on ads in the News Feed, opening up a lot of opportunities for advertisers.

Ad Placement Options

Currently, there are six different ad placements available to advertisers:

Homepage

All Facebook

News Feed (desktop, mobile)

Typeahead

Logout Page (available only through Facebook IO)

MORE:   Know Your Place! Where to Put Ads on Facebook | Social Media Statistics & Metrics | Socialbakers.

 

 


 

May 212013
 

Facebook is maturing as an ad platform, but are brands really seeing ROI? Here’s a case study that examines the true potential of this social network.

When Southeast Toyota Distributors decided to focus ad spend on Facebook, it didnt guarantee dealerships that sales would rise. However, after launching several local Facebook campaigns, revenue with a Facebook footprint started to pour in.

 

MORE:  Do Facebook ads work? – iMediaConnection.com.

 

 


 

May 202013
 

 

Google has announced a revamping of Google Maps and it is much more than a few changes. It is a reworking of the entire Google Maps interface from the group up, designed to make Maps more intuitive for users.

One major change is users can now click on any area of a map, and Google will respond by showing you information about what is in the area that you could be interested in, such as restaurants, businesses, and hotels. This is designed to make it easy for visitors to see what is near a particular location, such as discovering what is located near a hotel when someone is visiting a city.

There is much more connection with Google+ and what they display on the map popups, meaning it is much more critical for businesses to make sure their Google+ page is active with correct information, including hours and photos, and user reviews of their business.

MORE:  Google Maps Gets a Brand New Look | ClickZ.