Knowledge's Blog

Facebook is susceptible to certain types of attacks that could allow someone to hijack an account while a user is interacting with another Web site, a security researcher warned on Monday.

Reseacher Nitesh Dhanjani also said a design flaw in Facebook is granting third-party apps permission to access user profile data without express approval from users.

Facebook used to display a pop-up window warning users when they added any third-party app that doing so would authorize the app to get access to user profile information. This allowed users to change their mind before adding the app. The company has changed its policy and now some apps can choose to use a new implicit authorization feature that does not warn Facebook users that a third-party app is trying to request their data, Dhanjani said.

“This allows Facebook to gain increased adoption of third-party apps, which can translate to revenue,” he said, adding that any warning would deter some users from adding new apps.

“The only information apps can access without first showing the ‘Allow’ screen is publicly available information (the limited set of info that includes name, profile picture, gender, networks, friend list, and pages) and information set to be visible to everyone on the Internet,” Facebook spokesman Simon Axten said.

In separate but related research, Dhanjani and Israeli security researcher Shlomi Narkolayev said attackers could use clickjacking attacks to hijack Facebook accounts by tricking users into clicking on sites hiding malicious code. A Web site that looks like an e-commerce site or that shows videos could hide a Facebook log-in page behind it so that when a user clicks on the site to play a video, for instance, the user’s account is opened instead behind the scenes, without the user realizing it. Click here to read more.. »

LAS VEGAS – Ford Motor Co. is adding Twitter messages and Internet radio to its in-car entertainment and communication service, known as Sync, and suggests that the voice-activated system is safer for drivers than trying to manipulate applications on their cell phones.

Ford CEO Alan Mulally told an audience at the International Consumer Electronics Show on Thursday that Sync is designed as a way for drivers to do things like chat with their kids and make dinner reservations, “all while keeping their eyes on the road and their hands on the wheel.”

Ford is one of many companies at CES that are showing off information and entertainment technologies for car drivers and passengers. Such products have been available for several years, but their proliferation is leading to increased fears about whether drivers can stay focused on the road while listening to tweets and requesting stock quotes.

Paul Green, a professor at the University of Michigan Transportation Research Institute who studies the effects of distractions for motorists, said automakers are making a “reasonable effort” to minimize the problem. It’s unclear how successful they are, though, because vehicles are becoming more and more complicated, adding to a driver’s workload.

Green said that since Sync uses voice-activated commands, it should make it Click here to read more.. »

The experimental Fishbowl for Facebook application connects you with all your Facebook data without a browser. Its layout differs somewhat from what you’d get on the Web page, but it’s otherwise pretty similar.

The Microsoft-made app requires .NET 3.5, and will install it for you automatically if you don’t already have it. When it first runs it will ask for your Facebook login, as well as permission to publish posts without prompting you, and also to allow the program to access your News Feed and Wall.

Fishbowl displays a left-side list of feeds that matches what you’ll see on Facebook’s page, starting with the News Feed. But it tends to display feeds differently than how they’d look in your browser. For instance, it enlarges and slightly tilts your friends’ profile pictures, which makes them stand out more.

The app also differs in the way it handles your Facebook friends. You can choose from a low, medium or high “Interest Level” for your friends, and then allow you to view them them based on your assigned interest. Other features allow for a mini-mode, a small display with just the latest update, and a row of friends’ pictures that link to their profiles.

If you’re a Facebook fanatic you might like Fishbowl’s different layout, but the app doesn’t offer any must-haves. If you do try it, keep in mind that Microsoft bills it as an experimental program and doesn’t offer any support. Also, you can still visit your account in a browser as per usual after trying Fishbowl.

Engineers didn’t make huge improvements to technology in 2009. The year’s big tech names — Twitter, Facebook, Google, Apple, Amazon — all existed before January.

Instead, this is the year technology changed us.

At year’s end, we’re connected to each other and to the Internet like never before. In 2009, we carried tiny computers in our pockets, through which we fed the Internet constant real-time info about where we were and what we were doing.

Our app-laden phones helped us manage our on-the-go lifestyles; our books fell off the shelves and into e-readers; our televisions and video games unchained themselves from home entertainment centers; and our mobile updates helped organize protests and even threaten governments.

We could have done any of these things in 2008. But we embraced in unprecedented numbers a digital-centered life in 2009.

Here’s a look back at how it happened. It’s CNN.com’s 10 biggest tech trends of the year, listed in no particular order. Think we missed something? Please let us know in the comments below. Click here to read more.. »

Hackers briefly blocked access to the popular Internet messaging service Twitter, steering traffic to another Web site where a group reportedly calling itself the “Iranian Cyber Army” claimed responsibility.

Users trying to reach Twitter early Friday were redirected to a Web page that CNN reported had a picture of a green flag and a message that said, “This site has been hacked by the Iranian Cyber Army.”

There was no evidence the hackers are actually linked to Iran. Web sites like Twitter and Facebook helped bring attention to the Iranian opposition during the country’s crackdown after its June elections, with users posting minute-by-minute updates and amateur video.

Twitter later Friday posted a message on its blog that said its Domain Name Systems‘ records “were temporarily compromised but have now been fixed.” The site says it will update with more details “once we’ve investigated more fully.”

A high-profile electronic privacy group filed a federal complaint against Facebook on Thursday — and now, Facebook is lashing back.

The Electronic Privacy Information Center (EPIC) called upon the Federal Trade Commission to investigate Facebook’s recent changes to its users’ privacy options. The changes, rolled out earlier this month, have been criticized by some for opening up previously masked personal details to the public eye.

“These changes violate user expectations, diminish user privacy, and contradict Facebook’s own representations,” EPIC’s complaint (PDF) alleges. Click here to read more.. »

(NYT) — Facebook and LinkedIn are great for connecting with friends and business associates you already know. But what if you want to expand your social circle and meet new people?

For that, there’s By/Association, a still-tiny site that is a new twist on social networking — not that its founders would describe it that way.

“We’ve stripped out everything that would make it a social network,” said Michael Karnjanaprakorn, who is heading the venture. “You can’t search for people, see other profiles or pictures. It doesn’t matter what they look like – it’s not a dating site.”

Instead, he said, the idea is to foster introductions between creative types who are looking to expand their social horizons.

“I know a lot of people in the tech and design community in New York but don’t know any knife-makers or doctors,” said Mr. Karnjanaprakorn. “I wanted to meet people in other industries — someone I would never meet otherwise but would really get a lot of value out of meeting.”

By/Association is the latest creation of All Day Buffet, a new-media start-up in New York that hosts conferences and provides marketing consulting for companies. Mr. Karnjanaprakorn is one of the company’s founders.

By/Association is a private service. Members are screened after filling out a somewhat lengthy online application with a series of questions about themselves and their interests. Since the service was introduced in July, more than 700 people have submitted applications, and the service has about 450 members.

“We only reject people that write one-word answers or don’t take it seriously,” Mr. Karnjanaprakorn said.

The matchmaking is currently done by hand, by examining applications and choosing people in corresponding cities who seem like a good fit. As the program expands, Mr. Karnjanaprakorn said, the company might employ a software-driven recommendation system to help facilitate matchmaking. Those who are matched get an introductory e-mail message, and it is up to them to decide what to do next.

The site covers London, Los Angeles, San Francisco and New York, with plans to expand to Toronto and Chicago by the end of the year.

“We want to grow it slow and grow it right,” Mr. Karnjanaprakorn said. “We aren’t trying to blow this out and make it like Facebook.”

The service is now free, but the company says it plans to charge an annual membership fee as it grows larger in major cities. The idea is that members will eventually be able to organize and host events through the service, similar to what Meetup.com does.

“We know it’s not going to be perfect all the time, but we hope we can get at a secret sauce of finding someone interesting to meet,” Mr. Karnjanaprakorn said.