I need flv player. anybody shares with me???

A start-up called 360Hubs is tackling the Web 2.0 market with a set of collaboration, social networking, knowledge management, and Web content management tools.
Other stories on this topic

The company went to market about nine months ago, and has secured a half-dozen customers, including Plaid Robot, which used 360Hubs to build a Web platform for connecting interior designers with the media, 360Hubs President Tony Ferraro says
New! Watch this Network World Webcast - New Webcast: Policy Driven Personality Migration for the Enterprise

The vendor claims its 360Affinity Hub Platform can be deployed in three weeks or less, compared to months for some competitors. The vendor offers an enterprise platform along with products designed specifically for alumni associations, chambers of commerce, churches, franchises, talent agencies and trade shows.

“What we’ve tried to do is build a configurable, deployable repeatable solution,” Ferraro says. “Our customer base is varied quite a bit. It was important we could build a system that could meet the demands of a variety of industries.”

Deployments can cost as little as $10,000 or as much as $800,000. 360Hubs offers the typical blogs, wikis, podcasts, videocasts and tagging capabilities, but customizes the user interface and security to meet each customer’s business model. Customers select from 50 modules that cover many types of organizations.

“We present them with a custom solution for their environment, and it’s fully configurable [by customers] using a point-and-click interface after we deploy it,” Ferraro says.

360Hubs provides the software, but it can be hosted either by the customer or the vendor.

Though 360Hubs started developing its product in 2005, it is just now seeking media attention. Plaid Robot won a “Best of the Web” award from Building, Design + Construction Magazine after creating its Web platform with 360Hubs’ product. 360Hubs customers also include Radiance, an outfit offering a new Visa credit card; Catholic Global Impact, a charity; and ELearningCrew.org, on learning initiatives for global companies.

Based in Riverside, Calif., 360Hubs is led by Ferraro, a 10-year veteran of the enterprise content management market, the company’s Web site states.

Storm may not be the most creative or malicious piece of malware ever written, but it’s on track to become the most productive; threat researchers’ recent estimates put the number of PCs it has infected at more than 1 million.
Other stories on this topic

All security forums RSS feed
Story tools
Sponsored by:
E-Mail article    
print Print article
Contact Contact author    reprint icon Reprint
AIM AIM article    del.icio.us
Reddit Reddit    Digg Digg
Stumble Stumble    Slashdot It!

First showing up on researchers’ radars about a year ago, Storm is defined by some as a worm, others as a Trojan Horse   See FAQ.  Though it has gone by many names, Storm — referring to the spam blasts it’s been behind that mention storms — has stuck.
Read the latest WhitePaper - State of Internet Security Report on Protecting Enterprise Systems     

Although Storm doesn’t use any particularly inventive or malicious techniques, such as erasing files on a hard drive or recording keystrokes to capture passwords and personal information, it has gained notoriety through its writers’ ability to update and adapt both the malware’s code and the spam blasts that lure people to become infected with it — all with the purpose of building a giant botnet.

“Storm is a very aggressive worm,” says John Levine, president of consulting firm Taughannock Networks and co-chair of the Internet Research Task Force's Anti-Spam Research Group. “It’s interesting because it uses a [peer-to-peer] control structure that makes it hard to kill.”

Most threat watchers say no one knows who is behind Storm, but Finnish antivirus maker F-Secure, which takes credit for giving Storm its name, says a group called the Zhelatin Gang is responsible and whom the company believes is operating out of Russia. F-Secure also says that Storm is the largest botnet in the world with just more than 1 million infected PCs; however, other researchers say there’s no way to know how many PCs have been infected.

Almost lost in the hubbub over Thursday's iPhone firmware update and whether it would "brick" unlocked phones was the fact that Apple Inc. patched 10 vulnerabilities -- twice the number of fixes issued since the phone's June debut.

The iPhone 1.1.1 update, which like previous upgrades is delivered through Apple's iTunes software, fixes seven flaws in the built-in Safari browser, two in the smart phone's Mail application and one in its use of Bluetooth, the short-range wireless technology.

The seven Safari vulnerabilities include several cross-site scripting (XSS) flaws, one that can disclose the URL of other viewed pages -- an online banking site, say -- and another that lets attackers execute malicious JavaScript in pages delivered by the SSL-encrypted HTTPS protocol. One of the Safari flaws, and an associated vulnerability in Mail, involve "tel:" links, which can be exploited by hackers to dial a number without the user confirming the call.

But it was the Bluetooth bug that got the attention of security researchers. Symantec's DeepSight threat network team pointed out the vulnerability in an advisory to customers today. "Reportedly, the Bluetooth flaw occurs when malicious Service Discovery Protocol (SDP) packets are handled; any attacker that is within Bluetooth range can exploit it remotely," wrote DeepSight analyst Anthony Roe in the alert. "Successful exploits are reported to allow the attacker to execute arbitrary code."

According to Apple's security advisory, the Bluetooth bug was discovered and reported by Kevin Mahaffey and John Hering of Flexillis Inc., a Los Angeles-based company that specializes in mobile security development and consulting. Flexillis may be best known for its reverse engineering of the exploit used to hack into several celebrities' T-Mobile cell phone accounts in 2005, include Paris Hilton and Vin Diesel.

The Bluetooth bug may prove to be dangerous to iPhones, Roe speculated, since the potential range of the technology is much greater than most people think. While Bluetooth's potential range -- and thus the maximum distance between attacker and victim -- is about 400 feet, "Several proof-of-concept Bluetooth antennas have intercepted Bluetooth signals at almost a mile," he said.

Roe also pointed out that HD Moore, the driving force behind the Metasploit penetration framework, had recently demonstrated that shellcode could be run on an iPhone. Moore, said Roe, proved that "exploiting security vulnerabilities affecting the iPhone is by no means out of reach."

EBay Inc.'s security experts have determined that it's highly likely that whoever posted confidential information about the auction Web site's members in a company discussion forum this week stole the data via an e-mail phishing scam, an eBay spokeswoman said.

The perpetrator of the data disclosure on about 1,200 eBay members didn't hack into eBay systems, spokeswoman Nichola Sharpe said in an e-mail yesterday, reiterating an assurance eBay made when the incident happened on Tuesday.

EBay is working with law enforcement to take action against the fraudster, she said, while declining to answer whether the person has been identified or caught. Because the situation is delicate, eBay can't fully disclose the information it has gathered, she said.

Sharpe also defended eBay's reaction to the incident, in which a malicious user posted members' personal information, including names, addresses, user IDs and, apparently, credit card numbers on the company's Trust & Safety discussion forum.

In a discussion forum thread, some eBay members have criticized the vendor for, in their view, taking too long to shut down the forum used by the fraudster.

EBay took the Trust & Safety forum offline about an hour after the fraudster began posting the confidential data.

Regarding the credit card numbers, eBay now knows they didn't belong to the affected members and is fairly certain that the numbers weren't valid at all. "We have reason to believe this data was falsified to cause public concern," Sharpe said.

EBay hasn't been able to determine when the phishing scam may have taken place, Sharpe said, while declining to comment on whether the data theft may involve more than the 1,200 members whose information was listed.

Sharpe declined to answer whether eBay plans to implement changes to its discussion forums so that potentially malicious postings or suspicious activities can be automatically flagged and alerts triggered.

She also declined to comment on whether eBay has any theories on why the fraudster would choose to disclose the stolen data in such a public and brazen manner.

As part of its investigation, eBay has contacted the affected users by telephone.

In an official blog posting Wednesday night, an eBay staffer urged users to be mindful about phishing scams and how to avoid falling victim to them.

Sharpe said eBay shuts down more than two-thirds of phishing spoof sites in under 24 hours.

"There is no silver bullet to stop spoofing and phishing -- these are Internet problems, which is why eBay collaborates with numerous third parties such as universities, industry leaders and law enforcement to ensure eBay is a safe, transparent place to shop," she said.

EBay members should always check their "My Messages" queue to verify any e-mail from eBay concerning their account. "If an e-mail affects your eBay account, it's in My Messages. If you get an e-mail that looks like it's from eBay about a problem with your account or requests personal information and it's not in My Messages, it's a fake e-mail," she said.

Suspicious e-mails should be reported to these mailboxes: spoof@ebay.com or spoof@paypal.com.

"Never click on a link or reply to e-mails that ask for personal information. EBay and PayPal will never ask you for your account or credit card details, username or password in any communications," she said.

It's also advisable for members to change their passwords frequently.

More information about safety measures on eBay can be found on eBay's Web site.

Google Inc. confirmed that it has acquired Zingku Inc., a mobile social networking company geared toward teenagers and young adults, another in a series of moves to boost its mobile services.

A Google spokesman, in an e-mail, said the company had acquired "certain assets and technology" of Zingku. "We believe these assets can help build products and features that will benefit our users, advertisers and publishers." Details of the purchase weren't disclosed.

Zingku notified its users that it has reached an agreement for Google to acquire its service, according to a statement on its Web site. The company said users have until Thursday to decide whether they want to continue their accounts, which will be transferred to Google, or discontinue them. New accounts have been frozen.

Zingku, started in 2005, is geared to teenagers and people in their 20s. Currently, it is in a "private beta," according to the company. The free service uses standard text and picture messaging on a mobile phone and a Web browser, so users don't need to install additional software.

"With Zingku, things you wish to promote or share, can easily be created and fetched via mobile, instant messenger and Web browsers," according to Zingku. "Our service integrates your mobile phone with a personalized Web site so that you can easily move (zing) things back and forth between the Web and your mobile, as well as powerfully connect with friends and, optionally, their friends."

The acquisition of Zingku is another in a series of moves by Google to give users more services through mobile phones.

In 2005, Google bought Dodgeball, another mobile social network, but Google did little to promote the service, and Dodgeball's founders left Google earlier this year complaining that it wasn't investing enough resources in the service.

In July, Google acquired GrandCentral Communications Inc., which lets users of its software combine all their phone numbers and voice-mail boxes under one phone number so they can manage various phone features online.

Then earlier this month, Google announced that it was launching AdSense for Mobile to automatically match ads with the content of mobile Web pages in 13 countries, including the U.S.

Information from the IDG News Service was included in this report.