Webware

This message could lead you to the Koobface virus, say security experts.

(Credit: McAfee Avert Labs)

A worm responsible for sending Facebook users malicious code appears to be limited in nature, although the social engineering attack may be used again, say experts.

Facebook representative Barry Schnitt said the worm isn't new; it dates back to August, although the variant that first appeared on Wednesday targets only Facebook users.

After receiving a message in their Facebook in-box announcing, "You look funny in this new video" or something similar, recipients are then invited to click on a provided link. Once on the video site, a message says an update of Flash is needed before the video can be displayed. The viewer is prompted to open a file called flash_player.exe.

A new mass-mailing virus targeting Facebook users directs victims to a site asking to download a Trojan masked as an Adobe Flash update.

(Credit: McAfee Avert Labs)

Schmugar said the prompt for a new player should be a warning. "The messages you tend to get from these sites don't look quite right." For instance, IE will tell you where the update is coming from, and usually it's not an Adobe site.

If the viewer approves the Flash installation, Koobface attempts to download a program called tinyproxy.exe. This loads a proxy server called Security Accounts Manager (SamSs) the next time the computer boots up. Koobface then listens to traffic on TCP port 9090 and proxies all outgoing HTTP traffic. For example, a search performed on Google, Yahoo, MSN, or Live.com may be hijacked to other, lesser-known search sites.

Schmugar said this version of Koobface includes a bot-like component that could install other malicious apps at a later time.

Facebook's Schnitt said, "Only a very small percentage of Facebook users have been affected and we're working quickly to update our security systems to minimize any further impact, including resetting passwords on infected accounts, removing the spam messages, and coordinating with third parties to remove redirects to malicious content elsewhere on the Web."

Facebook has posted instructions on how to remove the infection.

McAfee's Schmugar said this attack is similar to e-mail attacks 10 years ago in that Koobface is using infected friends lists, reminiscent of early mass-mailing worms. As was the recommendation then, he advises users not to open any unexpected e-mail attachments, even if they are from someone you know.

The second--and likely last--beta version of Firefox 3.1 is "due out very shortly," Mozilla programmer Ben Turner said Thursday.

One big change in the 3.1b2 is the addition of "Web workers," a feature that lets the browser process tasks in the background. That feature, part of the still-evolving HTML 5 specification, adds another level of sophistication for programmers writing Web applications and gives multicore computers a better way to use their processors' abilities.

"We've been hard at work with folks from Google, Apple, and others to get this new spec nailed down," Turner said of the Web workers work.

Google and Apple also build their own browsers, as does market-leading Microsoft and ever-scrappy Opera. With the browser wars back in full force, those organizations are racing to outdo each other on features and performance.

He gave one illustration of Web workers in action running a JavaScript program that emulates a decades-old processor design, the 8080. One thread emulates the processor in the background while another handles user interaction such as checking for typing on the keyboard.

No more SMS two-step.

"They wrote this for you," Josh said in IM to me about Devicescape's Easy Wi-Fi for AT&T, an app that directly addresses my complaints about the free Wi-Fi that AT&T now provides to iPhone users at Starbucks and various airports.

As I wrote, I dislike the Safari/SMS two-step required to authorize the iPhone to use the AT&T free Wi-Fi. Yes, it's looking a gift horse in the mouth. But I am a professional crank. I really do get paid for this.

Anyway, the Easy Wi-Fi app bypasses the SMS process with a single button. You do have to pre-load the app with your phone number. But only once. And you also have to connect to the AT&T access point through the iPhone's control panel first, but once you've done that, you just press the big Log In button and you're connected.

I tried this app at a Starbucks. I downloaded the app over my phone's cellular connection, put in my phone number (both things I'll never have to do again), connected to the store's Wi-Fi router, fired up the Easy Wi-Fi, pressed Log In, and I was connected. Much better than the old way. Thank you, Devicescape.

Easy Wi-Fi is free through Friday. Then it goes up to $1.99. So grab it now (iTunes link).

First spotted: Gizmodo.

Google has begun to push out an updated interface to Google Reader users. The new look does away with much of the color seen in previous iterations of the RSS reader, while setting up a foundation for a more streamlined and customizable navigation system.

Part of that navigational change now hinges on small widget-like enclosures, which users can collapse down to take up less space. This is quite similar to what's being done over on iGoogle, and on Gmail to some degree, which could signal the future support for third-party widgets. Considering users can spend hours using the Web app, this could add extra utility, or simply carve out a little more space for ad units.

Each enclosure has its own contextual menu which lets you tweak sorting options on a per-subscription basis. There's also a new option to hide and show the read counts, which will let you feel less guilty if you're coming back to feeds you haven't checked in long time.

The new Google Reader is a little less blue, and now features collapsible navigation on the left-hand side, opening it up to possibly handle widgets in future versions.

(Credit: CNET Networks)

Another big change is the automation of feed bundles. Since October of last year, Google has provided groupings of feeds that users can subscribe to at once. These were chosen by Google staffers, which is now a completely automated process done with an algorithm. Google has not said if these feed choices are coming from Google Reader subscription numbers in particular, or from other company properties like search, iGoogle, and the Google toolbar. Nonetheless is means bundles will be faster to update with new feeds. There is, however, not an option to "subscribe" to these bundle feeds to get new recommendations as they're added--something I'm hoping will come in a later release.

If you don't yet have the new interface, just check back later. Out of three of my Google accounts, it's only live on one. Typically Google gets out new features to everyone within about two days.

Correction, 4:05 p.m. PST: The name of the senior product manager for Google Apps was misspelled. It is Rajen Sheth. Also, Pingdom had an incorrect number for total downtime in its "more likely" scenario. It is 55 minutes.

Pingdom argues Google can get away with more outages because smaller ones fall between the service level agreement gaps.

(Credit: Pingdom)

Pingdom, a company that monitors Web site availability, has concluded that Google gives itself a lot of wiggle room in its service level agreement for its Google Apps service.

The service level agreement (SLA) gives credit to paying customers if the service falls short of promised availability--99.9 percent measured monthly for Google Apps. Pingdom points out that because Google only counts downtime periods that last at least 10 minutes, the company could get away with intermittent problems that are shorter.

"What if Google Apps was down for 9 minutes, up for 1 minute, down 9 minutes, etc.? That would mean 54 minutes of downtime each hour, but Google still wouldn't count it because none of the individual downtimes lasted 10 minutes (or) more," according to a blog entry Thursday. In a "more likely" scenario with outages lasting 3, 8, 12, 5, 9, 14, and 4 minutes, the total of 55 minutes of actual downtime would only be counted as 26 minutes for purposes of the SLA.

Google, while concerned about uptime, isn't as concerned about the SLA terms or what it called Pingdom's "hypothetical scenario," though.

"If you look at our SLA and compare to others' in the industry, it's identical," said Rajen Sheth, senior product manager for Google Apps, pointing as an example to Microsoft's hosted Exchange service. Service providers need to set a threshold somewhere "to distinguish between a real outage and intermittent errors," he said, and Google is trying to be transparent about where it sets its.

That may sound like dodging the question about an accumulation of small outages, but the company does have a point that a blip probably shouldn't count as much as a catastrophe. Realistically, shortening the interval would probably squeeze Google on the other end to lower its 99.9 percent uptime commitment or perhaps raise its $50 per user per year price. There's no free lunch here for customers.

And after all, although SLAs are important, customers will rapidly abandon ship if a service breaks, credit or no credit.

Notably, Google monitors not only each customer account's uptime, but also each user of that account. It also gives credits even if only part of the service goes down while other parts are available, Sheth said. And though only some customers were affected by a significant Gmail outage in August, Google offered SLA credits to all Google Apps customers.

Google has promised a better dashboard to inform customers about outages. "During the times when we've seen outages, the No. 1 thing we need to do is communicate with our customers," Sheth said.

Testing Opera 10 alpha confirms that it can boast that it's the second browser in development that is fully compliant with the Acid3 benchmarks. It's also markedly faster than Opera 9.62 at processing JavaScript, but it's still twice as slow as the fastest Web browser currently available.

Opera 10 alpha is Acid3-standards compliant.

(Credit: CNET Networks)

On both Windows and Mac, it was no surprise to see the Acid3 standards test come up 100 out of 100 since that was the big news from Opera Software earlier today. The browser is also three times faster than the current stable release, with the SunSpider Java test clocking in at 5740.8 milliseconds. That's compares very favorably to Opera 9.62, which I benchmarked at 15468.8ms, but is still slower than Firefox 3.1 beta. Mozilla's latest developer build zips in at 2787.6 ms when running its new TraceMonkey JavaScript engine.

The majority of the changes in this Opera alpha release are aimed at developers. The average user will rarely, if ever, come into contact with them. That doesn't mean they're not important, though, with further support for CSS3. These changes include sourcing fonts, transparency rendering, animation framerates, and two key evolutions in Opera Dragonfly. You can use the DOM inspector to determine the source of traffic, useful for Ajax debugging, and the ability to edit attributes in real-time.

There are three minor but important user-level changes. It's hard to believe that HTML support in Opera Mail was missing before now, but you'll now be able to see all those holiday e-cards within Opera. There's also a spell-checker rolled in for text fields, not just e-mail.

Opera 10 features an auto-install option for updates.

(Credit: CNET Networks)

The last new feature, automatic program updates, could be potentially risky. Certainly in Firefox it would likely lead to the disabling of many extensions, although there's not much of a chance of that happening in Opera with its smaller developer community. The bigger concern is one of control: Do you choose which version of a program you get to use, or does the publisher of the program? As annoying as Apple's update monitor and nag screen are, they don't force users to update--you can opt out.

It took a little of hunting to find, but the default setting in Opera 10 seems to be the more standard notification behavior. If you'd like to tweak your update settings, go to Tools, Preferences, choose the Advanced tab on the right and then Security from the list of options. The Opera update drop-down menu allows you to change the default to Don't check for updates or Automatic updates.

The big news of the standards compliance will only take Opera so far if other browsers match that mark. It'll be interesting to see, as Google Chrome introduces extensibility, if Opera will go that route or if it'll try to maintain its niche market as a solid and fast out-of-the-box browser. However, Opera 10 was surprisingly stable during a half-day of testing for an alpha release, crashing not even once.

Corrected SunScript to SunSpider.

With the overall economy slumping, the tech industry is taking its fair share of hits. We'll keep updating the chart below as news of company changes comes in. See our complete coverage of how the tech sector is faring here: Tracking the tech downturn.

Know of a layoff not listed here? Let us know on this form or e-mail us.

See also: The spreadsheet of sunshine: Who's hiring.

If you're up on your pirate lore, or perhaps have your Pirates of the Caribbean plot flow-chart handy, you'll know that sea-faring criminals are no friends of Johnny Depp-devouring monsters. As on the high CGI seas, so in the stormy waters of the Firefox add-on world. Yesterday's Pirates of the Amazon plug-in, which adds torrent links to songs and movies in the Amazon.com store, is met today by The Kraken, a plug-in that adds Amazon.com links to torrent Web sites.

The Kraken adds Amazon results to MiniNova and The Pirate Bay searches.

(Credit: CNET Networks)

The Kraken is extremely simple and there's no configuration required. When you visit popular torrent Web sites The Pirate Bay or MiniNova and search, Kraken will insert its own results box at the top of the site's search engine results that links back to Amazon.com. Kraken did not work with ISOHunt, Torrentz, or TorrentReactor when I checked them.

The plug-in defaults to showing only one result during your first search. To see more hits, click on the Show Top 10 Items for a longer list, or click on the Show All link at the bottom of the list to jump to the relevant Amazon.com page. Share opens a window to quickly e-mail off your Kraken results.

The Kraken obviously isn't going to change anybody's mind about torrenting copyrighted media, but it's encouraging to see that at least somebody out there has a sense of humor instead of firing off threatening and specious letters that probably cost more in attorney's fees than in recovering theoretically lost earnings.

Microsoft's improved photo-hosting site offers slide shows, but images don't fill the screen.

(Credit: Microsoft/CNET News)

For a company that's trying to take on the online might of Yahoo and Google, Microsoft has had a decidedly inferior photo-sharing site. Now that's changing, though.

As part of an overhaul of its online properties, the company announced a number of improvements to its Windows Live Photos site.

Among the new features:

• 25GB of storage space and no more 500-shots-per-month limit on uploads.

• A what's new feed to show what photos your contacts are adding, part of the social side of Windows Live.

• A new slide show view.

• Better permissions for controlling how photos are shared.

I found the new site workable but still imperfect.

The photos.live.com site bears a strong resemblance to Yahoo's Flickr.

(Credit: Microsoft/CNET News)

The most glaring ugliness to me was that the slide show is limited to small versions of the images. That's no problem on an 800x600-pixel screen, but even Flickr, which still hasn't figured out how to dynamically scale images on its regular photo pages, has full-screen slide shows.

Another hitch was that it's apparently impossible to rename your photos. So pick a file name you like before you upload. And you can't change the order of photos shown unless you want to diddle with the photos' "date taken" metadata, which sounds like a bad idea for any number of reasons.

As a fan of keyboard controls, though, I do like the fact that I can use the arrow keys to cycle through photos in an album, though it works only intermittently.

Google, likely in reaction to the official rollout of Facebook Connect, has opened up its universal log-in system, Google Friend Connect. Journalists on Thursday received a hurried e-mail saying, "Starting today, any website owner is welcome to add Friend Connect to his or her website -- no need to be whitelisted. We'll be posting on the Official Google Blog soon with additional details."

As with Facebook Connect, the advantage to users on Friend Connect sites is that they can register using a log-in that they're comfortable with and probably use every day--their Google or GMail ID and password.

Friend Connect appears somewhat easier and more straightforward to implement than Facebook Connect. Also, Friend Connect is linked to Open Social. "Any website that implements Friend Connect becomes an OpenSocial container, capable of running OpenSocial applications," the e-mail said.

Friend Connect can also update social services like Orkut and Plaxo, but nothing with the size of Facebook's network.

Google makes it easy.

I still give the nod to Facebook Connect in this stage of the battle for the ownership of online identity. I do like the Friend Connect features, but Google doesn't offer site managers the free marketing that comes with the Facebook program.