Woods survives minor scare to win 13th major title

By SAM WEINMAN TULSA, Okla. - In the final moments of another triumphant week, everything had returned to balance in Tiger Woods' world.
In Tulsa, Tiger Nabs 13th Major New York Sun
Woods's PGA Victory, Like in 1999, May Be Start of Title Binge Bloomberg
The Australian - Long Beach Press-Telegram - Augusta Chronicle (subscription) - FOXSports.com
all 2,917 news articles »


http://news.google.com/nwshp?hl=en&tab=wn

Facebook Source Code Leaked

We just received a tip that the source code for the Facebook main index page has been leaked and published on a blog called Facebook Secrets. There are at least two possible ways that the source code got out - the first is that a Facebook developer has sent it out, or the more likely option that a security hole or other method has been used on either one of the Facebook servers or in their source code repository to reveal the code. The blog that published the code only has a single post on it, so it was created exclusively to publish this code - meaning that whoever is behind this both isn’t taking credit for the hole and doesn’t want to be associated with it. While there is no certain way to verify if the code is actually from Facebook, by taking a quick look through the code and by double-checking some paths that have been referenced, we can say with some certainty that this seems to be both real and also a recent version of the main Facebook page.

There are a number of clear ramifications here. The first is that the code can be used by outsiders to better understand how the Facebook application works, for the purposes of finding further security holes or bugs that could be exploited. Since Facebook is a closed source application, without access to the code security holes are usually found through a process of black-box testing, whereby an external party will probe the application in an attempt to work out how the application behaves and to try and find potential race conditions. In closed source applications it is common that developers rely on the closed nature of the application to obfuscate poor design elements and the structure of the application. An attacker getting access to the source code more often than not leads to further security holes being discovered. It is for these reasons that it is often claimed that open source software is more secure than closed source software, since there are many more eyes auditing the code and obfuscation can’t be used as a security measure.

The second implication with this leak is that the source code reveals a lot about the structure of the application, and the practices that Facebook developers follow. From just this single page of source code a lot can be said and extrapolated about the rest of the Facebook application and platform. For instance, the structure doesn’t follow any object oriented development practices, and it seems that the application is one large PHP file with a large number of custom functions living in the same namespace (they also seem to be using the Smarty templating engine).

This leak is not good news for Facebook, as it raises the question of how secure a Facebook users private data really is. If the main source code for a site can be leaked, then it can be said that almost anything is possible. Facebook has become such a success and has such a high profile that it has become a magnet for attacks against its systems. Most large scale applications suffer a breach at some point or another, since the odds are always stacked in favor of attackers, but companies can respond in a number of ways and the hope here is that Facebook will handle this situation gracefully. I don’t doubt that Facebook will pursuit this case with a lot of energy to both find the cause of why the code has leaked as well as to find who was responsible. They will also need to take some very quick short term measures to mitigate the risk to users since you can bet that right this minute there are hundreds of potential attackers pouring through the leaked code and probing their systems. At a quick glance, I know that I can see some obvious things in the code that both reveal certain hidden aspects of the platform and give a potential attacker a good head start.

Update: Facebook have sent us an official response (and Brandee Barker from Facebook has left a comment below): “A small fraction of the code that displays Facebook web pages was exposed to a small number of users due to a single misconfigured web server that was fixed immediately. It was not a security breach and did not compromise user data in any way. Because the code that was released only powers the Facebook user interface, it offers no useful insight into the inner workings of Facebook. The reprinting of this code violates several laws and we ask that people not distribute it further.” It seems that the cause was apache and mod_php sending back un-interpreted source code as opposed to output, due to either a server misconfiguration or high load (this is a known issue). It is also apparent that other pages have been revealed, and that this problem has occured before, but only now has somebody actually posted the code online.

Hey, Maybe Vonage Isn’t Dead Yet

Vonage released its second quarter financial results today (I’ve embedded the release below with the new Zoho Viewer that launched last night). And while the stock continues to slide, revenues are way up and losses are slowing. Perhaps they can avoid the fate of competitor SunRocket, which shut down last month.

The company also says that they have “substantially completed” the workaround deployment for two of the patents at issue in the company-threatening patent litigation with Verizon. And development of the workaround for the third patent at issue is completed says Chairman Jeffrey Citron. A Federal court will have to agree before the company is in the clear.

Revenues for the quarter were a record $206 million, a 43% increase from the same period last year. Net losses were $34 million, down from $74 million in Q2 2006. The company still has $344 million in cash, although $66 million of that is reserved for collateral in the patent litigation.

Some bad news, though - customer churn increased to 2.5%/month. The company says they are extending the grace period for non-payment to encourage retention…but they may be retaining the deadbeats.

I am a long time Vonage customer but will soon be switching to Ooma (which, by the way, became available for purchase this morning) and getting rid of that $25/month Vonage fee. Vonage is a lot cheaper than a normal phone line, but free is hard to compete with. Perhaps some of the new hardware Vonage is testing with some customers will help them.

SONY ERICSSON - W830i This 116 grams phone has a Lithium Polymer battery type, which allows you talk time of 450 minutes and stand by time of 350 hour

SONY ERICSSON - W830i This 116 grams phone has a Lithium Polymer battery type, which allows you talk time of 450 minutes and stand by time of 350 hours. It has added features like 262K colour TFT display with resolution of 240 x 320 pixels, fm radio, push email client, voice dial, voice mail, call conferencing, triband, vibration mode, predictive text input, polyphonic ring tones, stopwatch, calculator, calendar, tasks, handsfree speaker, ring tone composer, countdown timer, SMS, EMS, MMS, GPRS, EDGE, Bluetooth, Infrared, USB connector, flight mode, inbuilt Dictaphone, equalizer, mp3, mpeg4 and media player, and is WAP enabled. It comes with dual camera - 2MP camera with 4x zoom, flash, white balancer, self timer, night mode, multi-shot, light effects and video recording. This phone is PDA enabled and has a cHTML, WAP 1.2.1, WAP 2.0 browser. It has an inbuilt memory of 16MB and slot for memory stick pro duo. View More Price Rs. :- 17,000 User Rating : 9.00 Spectacular

SAMSUNG - SGH-D900

SAMSUNG - SGH-D900 aaaThis 85 grams phone has a Lithium-ion battery type, which allows you talk of 198 minutes and stand by time of 250 hours. It has added features like 262k colour TFT display with resolution of 240 x 320 pixels, voice dial, voice mail, call conferencing, quad band, vibration mode, predictive text input, document viewer, currency converter, tv-out port, polyphonic ringtones, mp3 capability, handsfree speaker, inbuilt dictaphone, flight mode, email client, SMS, EMS, MMS, GPRS, EDGE, Bluetooth, USB Connector and is WAP enabled. It comes with a 3MP camera with features like 14x digital zoom, flash, auto focus, photo effects, image quality adjuster and video recording. This PDA enabled phone has an inbuilt memory of 60MB and comes with a microSD card slot. Price Rs. :- 19,990 User Rating : 5.50 Good