Netcraft reports that MySpace accounts are at risk from a phishing attack that uses MySpace’s own servers:
Netcraft has discovered that the social networking site, MySpace, appears to have been compromised by phishers who have presented a spoof login form on the main site. This modified login form is designed to submit the victim’s username and password to a remote server hosted in France.
Netcraft has notified MySpace of the issue, although it currently remains live. Because the fraudulent login page is hosted on MySpace’s own servers and does not exhibit any signs of external content, such as cross-site scripting (XSS) or open redirects, it is convincing and even security-conscious users are at risk of becoming victims. The attack is launched from a profile page, where the username is login_home_index_html, and uses specially-crafted HTML in order to hide the genuine MySpace content from the page and instead display its own login form.
More details and the screenshots by following the link, but Netcraft provides a well-regarded, free browser tool bar for IE and Firefox that prevents phishing vulnerabilities including this one via a community reporting process.
As for MySpace, this is yet another peril of allowing users to have in depth control over their own Web space.
Creative has a new software update for some of its Zen personal media players with an interesting property – it disables an advertised feature of the player. Ed Oswald explains at BetaNews:
Creative has apparently bowed to RIAA pressure, issuing a firmware update for two of its players that removes the FM recording feature. In the past, the music industry has argued that recording from radio broadcasts hurt music sales, and has most recently attempted to stop satellite radio services from implementing similar features.
Specifically, the firmware change affects the company’s Zen MicroPhoto and Zen Vision:M players. In the release notes, Creative gives no reasoning for the change other than saying “this firmware removes your player’s FM recording feature.”
The change overshadows other enhancements, including support for Audible Type 4 tracks, the addition of a volume restriction feature, and enhancements to the user interface and usability. But many customers may be less apt to apply the update in order to save the FM recording functionality.
I’m sure the customers can hardly wait to apply the update. Worse yet is the speculation that:
As far as I know, this is something that many companies will have to remove from their players due to RIAA regulations.
I thought it was settled a long time ago in law (in the USA, at least) that end users were permitted to record broadcast music for personal use, but I guess that doesn’t prevent the recording industry from leaning on the hardware manufacturers. Frankly, nothing the recording industry does can surprise me anymore – if they had their way consumers wouldn’t be able to own any device capable of audio or video recording.
Cheap phone calls are a little off my beaten path, but I was interested in the story of Futurephone:
The first question most people seem to ask when they hear about Futurephone.com is: What’s the catch?
It turns out there really isn’t much of one. Eventually — though not yet — you’ll have to listen to a short commercial before your call goes through.
Futurephone, a California startup company, has, for the last three weeks, been offering you the chance to call a number in Iowa, then enter a number you’re trying to reach in any of 50 other countries, and — bingo — you’re on the phone to Shanghai. Or Warsaw. Or Christmas Island.
We tried it, and it works. You call 712-858-8883, and a recorded voice answers, inviting you to hear brief instructions in English, Spanish or Chinese. Then you dial 011, the country code (51 for Peru, for instance, or 359 for Bulgaria) and the local number. If someone is there and awake to answer at the other end, you can talk to the other side of the planet — for whatever it cost you to make a call to Iowa.
What makes it all work is that the price of phone calls has been dropping dramatically, particularly since Futurephone uses VoIP to route the calls. They figure that they can make enough selling 10 second ads before each call to pay for the call and make a profit.
As for the Futurephone phone number in Iowa:
Where, by the way, are you calling when you reach 712-858-8883? It turns out to be an exchange in Superior, Iowa, a town of 142 people on the Iowa-Minnesota border. But Doolin says that’s simply a number his firm was able to use to route calls inexpensively.
More details at the Futurephone website.