Yahoo! to lay off 600 to 700 workers

NO HOLIDAY CHEER: Yahoo! is preparing to lay off between 600 and 700 workers in the latest shake-up triggered by the Internet company's lackluster growth. - AP

SAN FRANCISCO: Yahoo! Inc's holiday trimmings will include 600 to 700 layoffs in the Internet company's latest shake-up triggered by lackluster growth.

Employees could be notified of the job cuts as early as today, according to a person familiar with Yahoo!'s plans. The person asked for anonymity because Yahoo! hadn't made a formal announcement.

The planned cutbacks represent about 5% of Yahoo!'s workforce of 14,100 employees. It will mark Yahoo!'s fourth mass layoff in the past three years.

The latest two housecleanings have come under the company's current CEO, Carol Bartz, a Silicon Valley veteran hired nearly two years, despite a lack of experience on the Web or in advertising - Yahoo!'s main source of revenue.

This week's round of reductions is expected to be concentrated in Yahoo!'s US products group, which already has been undergoing an overhaul since Bartz hired former Microsoft Corp executive Blake Irving to run the division last spring.

The job cuts won't come as a shock. News of the looming layoffs was first reported last month by two popular technology blogs, TechCrunch and All Things Digital.

Yahoo!'s feeble financial growth, stagnant stock price and recent management defections have raised questions about whether Bartz herself might be shown the door before her contract expires in January 2013.

The company's revenue had edged up by less than 2% to US$4.8bil (RM15.4bil) through the first nine months of the year, reflecting the difficulty Yahoo! has had selling ads while other Internet companies such as Google Inc and Facebook are thriving.

Google's revenue climbed 23% to nearly US$21bil (RM67.2bil) through the first nine months of the year. Privately held Facebook doesn't disclose its results but it is growing so fast that it had to move into larger headquarters earlier this year.

The malaise has spurred speculation that opportunistic buyout firms might put together a takeover bid for Yahoo!, possibly in partnership with another embattled Internet icon, AOL Inc.

Bartz, 62, has repeatedly insisted Yahoo!, which is based in Sunnyvale, is heading in the right direction, although she has cautioned it might be another year or two before there's a significant improvement in the company's financial results. - AP

Saudi Arabia blocks Facebook

CONTROVERSIAL: Facebook has been banned in Saudi Arabia. - AP

RIYADH: An official with Saudi Arabia's communications authority says it has blocked Facebook because the popular social networking website doesn't conform with the kingdom's conservative values.

The official says Saudi's Communications and Information Technology Commission has blocked the site and an error message shows up when Internet users try to access it.

He says Facebook's content had "crossed a line" with the kingdom's conservative morals, but that blocking the site is a temporary measure.

The official spoke on condition of anonymity because he wasn't authorised to speak to the media.

Pakistan and Bangladesh both imposed temporary bans on Facebook this year. - AP

Microsoft updates Hotmail and Messenger

Windows Live Hotmail 2011

Microsoft has updated two of its most popular online services, Windows Live Hotmail and Messenger 2011.

The biggest improvement in the update is that users will be able integrate multiple social networks and other e-mail via the two services.

Yes, this essentially means you can now check updates from Facebook, MySpace and LinkedIn all from one window within the newly updated Windows Live Messenger 2011.

The updated instant messaging client will also allow users to chat with their Facebook friends from Messenger.

Users will be able to use tabbed conversation windows to manage all their chats within one location instead of having multiple windows pop up.

Also, adding favourites in Messenger now filters your contacts to those that matter. In addition users can enjoy Messenger's new improved HD video chat feature.

Windows Live Hotmail 2011 has also been upgraded and redesigned to help users manage their inboxes.

The new Sweep feature is designed to help clean up junk mail from your inbox. With a few clicks through simple menus and actions, Hotmail will discard all messages from a particular sender.

Users can also filter their e-mail with a single click, showing only those that are unread and group e-mails from social networks.

Additionally Hotmail allows users to add accounts from other web e-mail services like Yahoo! and Gmail.

Mac Trojan Horse Boonana/Koobface - Reviewed

A trojan horse has been discovered that affects Mac OS X users, dubbed “trojan.osx.boonana.a” or ‘Koobface.’ An infected machine will hijack users social network accounts and attempt to spread the trojan further by sending out spam messages from your username.

Thus far the trojan has been spread through Twitter, Facebook, MySpace, and eMail. Here is the method of operation:

The trojan behaves like a worm, by trying to bait users on various social networks to click a link. The link asks “Is this you in this video?” and, if clicked, will send a user to another website which attempts to load a Java applet, giving the user a standard Mac OS X Java Security Alert and certificate request.

If the Java applet is allowed to load, it will download files to your local machine and then start a background process which attempts to propagate the trojan. You can simply click on “Deny” to prevent any further trouble, which prevents the malicious code from loading.

Intego explains the trojan as follows:

This threat is a Mac OS X version of the Koobface worm, which is served as part of a multi-platform attack via a malicious Java applet. The malware itself is made up of a number of elements, though in order to simplify, we will use the term “Trojan horse” to describe it. (Technically, it propagates as a worm, is installed via a Trojan Horse, and installs a rootkit, backdoor, command and control, and other elements.)

The trojan also effects Windows users. The easiest way for Mac and Windows users to protect themselves from the trojan is to avoid clicking dubious links from untrusted sources and to deny sketchy Java applets. Another option is to disable Java in your web browser.

If you are concerned that you have been affected by the Koobface trojan, you can get a free removal tool through SecureMac, who rates the risk as “Critical.” Currently the download link sends you to MacScan, but this is expected to change when the removal tool is released.

Microsoft and Facebook now team up on social search

WORKING TOGETHER: Microsoft online services division president Qi Lu (left) and Zuckerberg talking about the two company's search collaborations at the Galileo Auditorium on Microsoft's campus in Mountain View. - AP

SEATTLE: Microsoft Corp is starting to incorporate what your friends do on Facebook right into its Bing search engine. The software maker has a new feature that can show what someone's Facebook friends "like" on the search results page.

On Facebook and sites around the Web, people can click a "like" button to show support or share information with Facebook friends.

In the coming weeks, if you use Bing to search for a topic in the news, articles that friends have shared on Facebook might appear, along with their names and Facebook profile photos. Restaurants and movies that friends have "liked" could help you decide what to do on your next date.

Microsoft also added Facebook profile results to people searches. In the past, a search for an old friend from elementary school who shares a name with a celebrity would leave web surfers swimming in search results for the celebrity. Now, if that friend is part of your extended Facebook network, a link to his or her Facebook profile might pop up at the top of search results.

The new features were unveiled at a media event at Microsoft's Silicon Valley offices in Mountain View, California.

As these features trickle out to Bing users, those who are also logged in to Facebook will see a small notification asking if they want to see Facebook friends' information incorporated into search results.

Bing is using Facebook's existing "instant personalisation" feature, which customises websites based on the likes and interests of Facebook members and their friends.

Tailoring search results based on what friends do online is not a new idea. Google Inc, the most-visited search engine, has added ways for people to recommend certain search results or re-order the list of links on a search results page. But neither feature has really caught on.

The tie to Facebook could help No 3 search provider Microsoft nab more web searches. Not only is it competing with Google, Microsoft is racing against Yahoo! Inc.

Microsoft is currently providing search technology to Yahoo!, the No 2 search engine, but the companies are still making separate decisions about how to display results. Microsoft gets some search-ad revenue from queries made on Yahoo!, but searches on its own site are more lucrative.

Privacy concerns have plagued Facebook over the years as the company has encouraged members to reveal more details about themselves. The site has a history of introducing features that people must then remove, or opt out of, instead of waiting for members to actively sign up for the new features. That approach has riled privacy advocates.

Facebook has responded with more granular controls so users can decide exactly who can see their photos, status updates and other details.

Privacy questions dominated a question-and-answer session after the announcements. Facebook CEO Mark Zuckerberg emphasised that Bing only taps into information that Facebook users have already designated as public.

To turn off instant personalisation entirely, go to "privacy settings" on Facebook, click on "applications and websites" and select "edit settings" next to "instant personalisation."

Microsoft has been working with Facebook since 2006. In 2007, the Redmond, Washington-based software maker invested US$240mil (RM768mil) in Facebook in exchange for a 1.6% stake.

The companies said more integrated features will be coming to Bing in the future. - AP

Xperia X10: Keep in touch with style

Managing Facebook and Twitter updates becomes even easier with the Sony Ericsson Xperia X10.

When you look at the Sony Ericsson Xperia X10, the first thing that will grab your attention is its large 4in screen.

The screen dominates the front of the smartphone and is capable of displaying beautiful and vivid pictures.

The X10 runs on Android 1.6 which is a tad older than other smartphones in the market which use Android 2.1.

I'm really new when it comes to the Android operating system or even smartphones so it took awhile to adapt to the user interface. I found it cool that I could switch screens by just swiping my finger horizontally or vertically on the screen.

However, I was not thrilled that applications took a littler longer to launch. As I am a little impatient, the screen will be covered with fingerprints due to repeated tappings by the time the app actually launched.

Facebook Review: A tool for cops and robbers

In Venezuela criminals use Facebook to research targets. Cops use it too — but not always for scrupulous purposes.

CARACAS, Venezuela — It has taken Venezuela by storm, but it seems that Facebook and other social networking sites also come with their perils.

Police here revealed that a pair of students at a private university in Caracas had been robbing their virtual friends’ homes using information they had compiled using Facebook.

Police raided the apartment of one of two students who, working in tandem with another couple, had been using Facebook to befriend classmates. They then used the information their new “friends” posted on their profiles to find out where they lived, what they owned and when they were not at home.

"They observe the families’ movements, they study the residencies — the comings and goings, the security measures," said Wilmer Flores Trosel, director of the CICPC, Venezuela’s eqivalent of the FBI.

Security analysts in Venezuela say it is becoming increasingly frequent for criminals to use social networking sites such as Facebook, Twitter, Sonico and Hi5 as a source of information for house robberies, fraud and kidnappings.

And it's not just the criminals capitalizing on this online data source, the police too are using it, to go after both hard-core criminals and political protesters. In a country with little tolerance for dissent, many fear the government has designs on controlling these sites. And the crimes aided by Facebook, might give them cause to do just that. [more]

Source : globalpost.com

How to hide your Facebook friends list

Facebook last Wednesday announced new privacy settings that give users some additional control over what information they share, while taking away the ability to hide a few pieces of information from the general public.

One particular piece of publicly available information--users' friends lists--caused a bit of an uproar from a number of sectors, including business people who don't necessarily want to expose their professional networks to the public and their competitors. It is also a concern to some parents who might not want their kids--or a list of their kids' friends--to be widely available.

Facebook quickly backtracked. A day later, the company announced on its blog that users can now uncheck the "Show my friends on my profile" option in the Friends box on their profile so that your friend list won't appear on your publicly viewable profile.

Unfortunately, they weren't very clear on exactly how you make the change. You won't find this checkbox in your Facebook privacy settings. Instead you have to follow these steps:

1. Click on Profile on the blue bar a the top of the screen:

2. Scroll down to the beginning of your Friends list and click on the pencil to the right of the word Friends:

3. Uncheck the box that says "Show Friend list to everyone":

You can't hide your friends from your friends and applications
Unchecking that box will hide your friends list when a non-Facebook friend views your public profile, but it will not hide your Facebook friends list from your friends when they look at your profile. Also, this information will be available to applications and application developers.

In addition, this procedure does not hide other publicly available information including your name, profile picture, gender, current city, networks you belong to, and pages you're a fan of.

Double-check your privacy settings
Most Facebook users have by now gone through the mandatory privacy settings wizard, but you can revisit your settings at any time by hovering over settings in the tool bar on the top of the screen and selecting privacy settings. If you don't do this, a fair amount of your information might be available to the public including the names of your kids and other family members (with links to their Facebook accounts), your relationship status, and where you work.

To find out how your Facebook profile looks to the public, click on Profile Information in privacy settings and then on Preview My Profile...on the upper right section of that page.

Bug: Lessons for Developers

Sanitize all inputs. That includes every bit of data processed by the application, whether loaded from a Facebook user’s profile, loaded from a database, submitted with a form, or received from the query string of an address. Never assume that a given parameter will be clean or of the expected type.

Sanitize all outputs. When displaying a notice or error message, load predetermined strings instead of using dynamic inputs. Never reuse the address of a page without fitering it for injection attempts. Filter any information you output to an application page or via an AJAX interface.

Avoid user-generated HTML. Generally, users should never be allowed to input HTML, FBML, or other rich-text formats. When allowing rich-text data, use pre-built, tested code for processing and displaying it, rathering than trying to create your own filters.

Check every page. Many vulnerabilities appear in secondary pages, such as ad loaders or AJAX interfaces. Verify security precautions in every part of the application. If possible, consider storing secondary files in a folder other than that of the application’s canvas pages.

Verify Facebook sessions. Never rely on a cookie, a query string, or data generated within the application to verify the current user. Facebook provides applications with session information they can always check before making requests or loading information.

Use server whitelisting. If your application does not use AJAX or does not otherwise make requests using the Facebook JavaScript API, take advantage of the server whitelist feature in the application properties and only allow requests from your server.

Understand third-party code. Take the time to examine any code given to you by other developers, such as JavaScript tools or advertising network receiver files, before including them in your application. In particular, third-party code that arnesses a user’s session secret violates rules given by Facebook.

Don’t simply obfuscate. Never rely on JavaScript obfuscation or compression to hide vulnerabilities in application pages. Such techniques may slow down an attacker for a short while, but they can always be worked around or reversed.

Educate your users. Avoid incorporating design patterns that train users to accept bad practices, such as entering third-party passwords. Communicate clearly your policies on privacy, data retention, and information security.

Lessons for Facebook

Stop the charade. Nearly all instances of user information and content are essentially public. Many users have an understanding of privacy and control not reflected by the findings of this series and others. Either take necessary action to address these issues, or drop illusory privacy controls.

Talk to developers. Several resources exist for helping developers get started on the Platform, but Facebook has published much less content reminding developers of security precautions. If you associate your brand with third-party code, you have a reponsibility to help ensure the safety of that code.

Truly verify applications. The current Verified Applications program apparently does not address basic security flaws. Also, while opening the floodgates to any application has benefits, it also poses serious risks that may justify putting a few limits or checks in place.

Limit application access. While it’s encouraging to hear that Facebook will be adding granular access controls in response to the Canadian Privacy Commissioner, it’s disheartening that such steps took so long and are still nearly a year off from full implementation.

Take clickjacking seriously. This series has only begun to demonstrate the implications of clickjacking. Single-click authorization of applications, even when one exempts from the Platform, only adds to the danger of clickjacking on Facebook pages.

Improve request verification. The Facebook JavaScript API may provide much useful functionality, but it also opens the door to simple API requests with merely a session secret. Other means exist for ensuring that requests come legitimately from an application instead of an attacker.

Distinguish your brand. With the current Facebook Platform, any vulnerability in a third-party application becomes a vulnerability for Facebook. Either users should be able to trust applications to the same degree as Facebook, or Facebook should more clearly distinguish third-party content.

Educate your users. People click applications without a second thought to the risks of rogue applications or possible security problems. Users may seek to share personal information with friends, but fail to realize how that information is used by third-party code.

Malaysian surfers slowing down to facebook due to Moracot

Internet users in Malaysia may have trouble surfing websites hosted in the United States and Taiwan for the next couple of weeks due to damage to a submarine cable system.

Internet service provider TM said there would be slow connectivity after the Asia-Pacific Cable Network 2 (APCN2) submarine cable system was damaged by unknown causes.

The ISP has posted an alert on its website (www.tm.com.my) informing users of this, a company spokesman said.

The damage was first discovered in July. Internet connectivity was supposed to return to normal by Aug 16.

However, TM discovered two more faults which occurred on Aug 6 and Aug 12.

The last damage was detected near Taiwan but the cause has still not been ascertained.

“Our technicians are on the job and we are waiting for confirmation on what caused the damage to the APCN2 system,” said the spokesman, adding that a full recovery of Internet services will now be delayed.

The company was also unable to confirm whether the damage was caused by Typhoon Morakot, which swept over Taiwan and caused Internet users in Singapore to experience a slowdown.

The Straits Times reported that the typhoon, which caused the worst flooding in Taiwan in 50 years, damaged the APCN2 system and made it difficult for Internet users in the island republic to connect to websites hosted in the United States and Taiwan.

The last time users here experienced a major slowdown in Internet services was when the same cable was damaged by an earthquake in December 2006.

source: thestar