Facebook has rushed to fix a security flaw that allowed users to eavesdrop on the live chats of their friends and see their pending friend requests.
The exploit used the site's privacy features - intended to protect a user - to expose the personal information.
With just a few clicks users could spy on their friends' personal chat messages and see who had requested to join their network.
Facebook temporarily removed the chat facility while it fixed the flaw.
The exploit - originally reported by the blog TechCrunch - worked via an option in privacy settings that allows people to preview their profiles as it would appear to their friends.
Prompt fix
But it was never intended to show others what their friends were actually doing.
"For a limited period of time, a bug permitted some users' chat messages and pending friend requests to be made visible to their friends by manipulating the 'preview my profile' feature of Facebook privacy settings," Facebook said in a statement.
"When we received reports of the problem, our engineers promptly diagnosed it and temporarily disabled the chat function. We also pushed out a fix to take care of the visible friend requests which is now complete," it added.
The chat function will be turned back on "shortly" it said.
"For any organisation, whether you are a social networking site or not, privacy breaches are worrying," said Candid Wueest, security expert at Symantec.
"Unfortunately, this isn't the first privacy breach of its kind to plague a social networking site - other high-profile sites have also been affected with similar problems."
He praised Facebook's quick response to the issue.
"Facebook has acted quickly in fixing the alleged flaw, whereas some social networking sites have been known to take days to fix issues reported," he said.
Ref : BBC News
Thursday, May 6, 2010
Wednesday, May 5, 2010
Solving your location-based services needs with Yahoo! (and some other) technology
Last week Yahoo!'s European Geo team was at the Location Business Summit in Amsterdam. Our main goal there was showing people what technology Yahoo! offers when it comes to finding things on this planet, and what you can do with the technology.
Location Business Summit impressions
Overall, the experts at the summit agreed that location-based services are very good business and a marvellous idea, but also that there is quite a problem with accuracy.
To provide our users with a great experience when finding things in their surroundings, we need to pinpoint their physical (real) location. Without the users telling us where they are, this is normally done by checking their IP number on the Web — which can be terribly far off. For example, to see just how far your own IP is away from your real location, you can use this tool on a Firefox browser. You will see your IP location and get asked to share your location with the website. Allow this and you can see the distance. Click the following screenshot to try it out:
Distance between IP location and real location
The workarounds are device services like the W3C geo location API used in the demo.
Aside from accuracy, attendees of the summit mentioned these other issues:
* Finding the place of a latitude/longitude (lat/lon) location
* Finding the place of an IP number
* Finding the places in a certain text
* Analyzing already existing Web content and finding places
* Finding things around you and geographical hierarchies
YQL Geo library
All these issues can be easily resolved, if you know how to use the tools. By using various geo services out there and Yahoo! Query Language (YQL) to mix and match them, we built a simple JavaScript library called YQL Geo. It solves most of these problems.
Finding a current user's location
Using it, you can find the location of the current user with a simple JavaScript call:
yqlgeo.get('visitor',function(o){
alert(o.place.name + ',' + o.place.country.content +
' (' + o.place.centroid.latitude + ',' +
o.place.centroid.longitude + ')'
);
});
The library automatically checks whether the visitor's browser supports the more accurate W3C Geo API and asks them to share their location if it does. If there is no support, it falls back to the IP lookup.
Turning text into a location
You can also turn a text (name) into a location using the following code:
yqlgeo.get('paris,fr',function(o){
alert(o.place.name+' ('+
o.place.centroid.latitude+','+
o.place.centroid.longitude+
')');
})
This wrapper call uses our Placemaker Service under the hood and automatically disambiguates for you. This means that Paris is Paris, France, and not Paris Hilton; London is London, England, and not Jack London.
Naming a latitude/longitude
You can get the name of a lat/lon location:
yqlgeo.get(33.748,-84.393,function(o){
alert(o.place.name + ',' + o.place.country.content);
})
Analyzing a website content
And you can analyse the content of a website:
yqlgeo.get('http://icant.co.uk',function(o){
var out = '';
var all = o.place.length;
for(var i=0;i
};
alert(out);
});
You can try out each of these on the YQLGeo Demo Page. Also, you can peek under the hood (and learn all about the YQL statements) by checking the YQL Geo source code on GitHub.
GeoPlanet data
Once you have the location, the next big question is how to go on from there. To this end, we offer the GeoPlanet data and web service. Using this in-depth and validated data set, you can start at a certain location and find the children, siblings, parents, and neighbors in the geographical hierarchy.
To explore the detail and depth of the data set yourself, check out the GeoPlanet Explorer:
The GeoPlanet Explorer
Where On Earth IDs, Concordance, and Geosetta
All in all, we have you covered for most of your geo needs — and by mixing the Yahoo! data with other sources like Geonames, you can get an even richer experience.
One remaining issue is that different geo data service providers have different ways of describing their data. Latitude and longitude are ambiguous: the same location could, for example, be the centre of a city or a landmark on top of it. This is why Yahoo!'s services use the Where on Earth ID to disambiguate. Other services have similar systems.
To use these different systems together you need a translation service, which is the newest offer we have. Our translation service is called Concordance. Using this service, you can convert between different services.
You can play with the system using the Geosetta demo:
Translating between geo service identifiers with geosetta
In summary
The world of location-based services is not hard to master. The main issue we have right now is that all the building blocks for the solution are scattered across providers and the Web, and are hindered by licensing problems. If we put them together, we could give our visitors an amazing geo experience without having to jump through hoops to solve the issues.
Location Business Summit impressions
Overall, the experts at the summit agreed that location-based services are very good business and a marvellous idea, but also that there is quite a problem with accuracy.
To provide our users with a great experience when finding things in their surroundings, we need to pinpoint their physical (real) location. Without the users telling us where they are, this is normally done by checking their IP number on the Web — which can be terribly far off. For example, to see just how far your own IP is away from your real location, you can use this tool on a Firefox browser. You will see your IP location and get asked to share your location with the website. Allow this and you can see the distance. Click the following screenshot to try it out:
Distance between IP location and real location
The workarounds are device services like the W3C geo location API used in the demo.
Aside from accuracy, attendees of the summit mentioned these other issues:
* Finding the place of a latitude/longitude (lat/lon) location
* Finding the place of an IP number
* Finding the places in a certain text
* Analyzing already existing Web content and finding places
* Finding things around you and geographical hierarchies
YQL Geo library
All these issues can be easily resolved, if you know how to use the tools. By using various geo services out there and Yahoo! Query Language (YQL) to mix and match them, we built a simple JavaScript library called YQL Geo. It solves most of these problems.
Finding a current user's location
Using it, you can find the location of the current user with a simple JavaScript call:
yqlgeo.get('visitor',function(o){
alert(o.place.name + ',' + o.place.country.content +
' (' + o.place.centroid.latitude + ',' +
o.place.centroid.longitude + ')'
);
});
The library automatically checks whether the visitor's browser supports the more accurate W3C Geo API and asks them to share their location if it does. If there is no support, it falls back to the IP lookup.
Turning text into a location
You can also turn a text (name) into a location using the following code:
yqlgeo.get('paris,fr',function(o){
alert(o.place.name+' ('+
o.place.centroid.latitude+','+
o.place.centroid.longitude+
')');
})
This wrapper call uses our Placemaker Service under the hood and automatically disambiguates for you. This means that Paris is Paris, France, and not Paris Hilton; London is London, England, and not Jack London.
Naming a latitude/longitude
You can get the name of a lat/lon location:
yqlgeo.get(33.748,-84.393,function(o){
alert(o.place.name + ',' + o.place.country.content);
})
Analyzing a website content
And you can analyse the content of a website:
yqlgeo.get('http://icant.co.uk',function(o){
var out = '';
var all = o.place.length;
for(var i=0;i
};
alert(out);
});
You can try out each of these on the YQLGeo Demo Page. Also, you can peek under the hood (and learn all about the YQL statements) by checking the YQL Geo source code on GitHub.
GeoPlanet data
Once you have the location, the next big question is how to go on from there. To this end, we offer the GeoPlanet data and web service. Using this in-depth and validated data set, you can start at a certain location and find the children, siblings, parents, and neighbors in the geographical hierarchy.
To explore the detail and depth of the data set yourself, check out the GeoPlanet Explorer:
The GeoPlanet Explorer
Where On Earth IDs, Concordance, and Geosetta
All in all, we have you covered for most of your geo needs — and by mixing the Yahoo! data with other sources like Geonames, you can get an even richer experience.
One remaining issue is that different geo data service providers have different ways of describing their data. Latitude and longitude are ambiguous: the same location could, for example, be the centre of a city or a landmark on top of it. This is why Yahoo!'s services use the Where on Earth ID to disambiguate. Other services have similar systems.
To use these different systems together you need a translation service, which is the newest offer we have. Our translation service is called Concordance. Using this service, you can convert between different services.
You can play with the system using the Geosetta demo:
Translating between geo service identifiers with geosetta
In summary
The world of location-based services is not hard to master. The main issue we have right now is that all the building blocks for the solution are scattered across providers and the Web, and are hindered by licensing problems. If we put them together, we could give our visitors an amazing geo experience without having to jump through hoops to solve the issues.
Tuesday, May 4, 2010
Internet Marketing
Suatu lahan yang menjanjikan, tidak hanya orang IT yang bisa terjun di dunia ini. Banyak juga orang yang di luar IT yang telah menghasilkan banyak uang di lahan ini. Pernah mencoba untuk mempelajari, tetapi gagal
Subscribe to:
Posts (Atom)