Want a job? Hand over your Facebook password – SciTechBlog – CNN.com Blogs
What the Hell?
Want a job? Hand over your Facebook password – SciTechBlog – CNN.com Blogs
Want a job? Hand over your Facebook password
Posted: 06:11 PM ETHow would you like to apply for a job and have your prospective employer ask for the usernames and passwords for all your social-networking accounts?
That’s what’s happened to applicants for jobs with the city of Bozeman, Montana, who were surprised to discover they needed more than a work history and references.
“Please list any and all, current personal or business websites, web pages or memberships on any Internet-based chat rooms, social clubs or forums, to include, but not limited to: Facebook, Google, Yahoo, YouTube.com, MySpace, etc.,” reads a background-check waiver form that applicants had to sign. (There’s no mention of Twitter.) The form then contains three lines where applicants are to list their logins and passwords.
The request raised questions about privacy rights in Montana, whose constitution states: “The right of individual privacy is essential to the well-being of a free society and shall not be infringed without the showing of a compelling state interest.”
Is discovering a job applicant’s cheeky status updates or stupid YouTube videos a “compelling interest” for the city of Bozeman?
Chuck Winn, Bozeman’s assistant city manager, thinks so.
“Before we offer people employment in a public trust position, we have a responsibility to do a thorough background check,” Winn told CNET on Thursday. “Shame on us if there was information out there available about a person who applied for a job who was a child molester or had some sort of information out there on the Internet that kind of showed those propensities and we didn’t look for it, we didn’t ask, and we hired that person,” Winn said. “In many ways we would have let the public down.”
Hmm. Maybe I’m out of touch here, but do people really list their pedophiliac tendencies on Facebook?
According to CNET, Bozeman city offices have been flooded with angry calls and e-mails since this news broke earlier this week. In an unscientific online poll by a Montana TV station, 98 percent of respondents opposed the city’s request on privacy grounds.
The furor led city officials to reconsider. After a closed-door meeting Friday, Bozeman officials suspended the practice, according to several Montana media outlets — who first announced the news on Twitter.
Posted by: Brandon Griggs
Filed under: Social-networking sites
Microsoft MVP again(?)
Well April 1st came and went and I never did receive an official e-mail stating I was re-awarded the MVP award this time around.? On the other hand I was not on a list I saw of people that were not re-awarded either, so I have kind of kept quiet about it up to this point.? An e-mail and phone to my lead has had no response yet.
Today however, I got an e-mail stating that my MVP Award Kit has been shipped, so I guess they want me around for another year.
This will make my fourth consecutive MVP award (unless there was a mistake some where), and once again I am honored to be part of such a talented group.
The Mastering System Center Configuration Manager 2007 R2 Book is real!The Mastering System Center Configuration Manager 2007 R2 Book is real!!
Filed under: In case you missed it, On a personal note.., Tech Stuff
For those of you that are still interested, I received my copies of Mastering System Center Configuration Manager 2007 after work last Friday!? This book is finally real!
Fix for ComicBase 12 install problem on Vista
Filed under: Comic Book Related Merchandise, In case you missed it, Tech Stuff
I just got my ComicBase 12 CD in the mail for my birthday and I was having trouble installing it on my Vista laptop.
Everything would go fine until I hit next to start the install right before (I would find out) is the accept the license agreement screen. The install would just error out and close. I looked in the Application Log and found this:
Log Name: Application Source: MsiInstaller Date: 1/11/2008 6:28:41 PM Event ID: 1033 Task Category: None Level: Information Keywords: Classic User: HANFORDMAN\Chris Computer: HanfordMan Description: Windows Installer installed the product. Product Name: ComicBase 12. Product Version: 12.0.3. Product Language: 1033. Installation success or error status: 1603.
After doing some research, I found that this is a common thing with Vista and has happened with other products.
With out getting to techinical, you can fix things by running this command at a command line:
regsvr32 %SystemRoot%\system32\vbscript.dll
After you do that, everything works fine.
Another Mass Compromise at a Hosting Facility – TrendLabs | Malware Blog – by Trend Micro
Any of you bloggers out there using iPowerWeb?? If you are, you might want to check your site!!
Another Mass Compromise at a Hosting Facility - TrendLabs | Malware Blog – by Trend Micro
Another Mass Compromise at a Hosting Facility
December 15th, 2007 by Feike Hacquebord
This week, hundreds of Web sites of the customers of Web hosting
company iPowerWeb got compromised. This incident shows an interesting
mix of hacking technology, Google index poisoning and social
engineering.A malicious third party added extra directories to the hacked Web
sites and seemingly installed scripts in these new directories that
will redirect victims to traffloader.info. This latter site will
further redirect to sites that attempt to lure Internet users into
installing a codec Trojan, a Zlob Trojan or rogue antispyware.The redirection to the malicious sites with Trojans only happens
when victims land on the hacked Web site via a Google search. To get
actual traffic to the compromised sites, the hackers poisoned the
Google index database with tens of thousands of hacked URLs. Yesterday,
well-chosen queries into Google showed about 60,000 malicious URLs
hosted on Web sites of iPowerWeb indeed.One of the tactics used in poisoning Google’s index is that the
malicious URLs appear as “normal” SEO (search engine optimization) spam
Web sites to the Googlebot that crawls the sites. Normal Internet
users, however, are confronted with a malicious redirection instead
(when they arrive at the site via a Google search). So, here, SEO spam
techniques are combined with Trojan infection chains and social
engineering.The mass compromise might be the result of a security breach of just
a few servers of iPowerWeb. One possible scenario is that hackers got
root permissions on shared webservers and were therefore able to modify
webserver settings. Another scenario is that the hackers successfully
installed a Trojan on an iPowerWeb server, that is able to change
network traffic in a local area network. Once such malicious software
gets installed, all Web sites hosted on different servers in the local
area network may appear as compromised from the outside, while the
contents of the Web sites were actually not changed at all on the
physical hard drives. The attacker just injects his malicious code in
the network traffic between the Web sites and Internet users.The danger of these attacks shows the need for continuous scanning
of servers at hosting facilities for malicious content like Trojans and
exploits.
Powered by ScribeFire.
Wizarduniverse.com Infected?
This definitely looks suspicious, its trying to load a javascript from 208.122.2.22 which resolves out to http://voxel.net/
a media hosting company.
This is exactly why i use Firefox withNoScript, to protect myself from stuff like this. I submitted the info
to the guys at the Internet Storm Center, they will figure out what is
up. I would be careful going there, or just skip it all together, there isn’t anything worth reading anyway.
Blog@Newsarama » Wizard website is viral. In the wrong way.
Wizard website is viral. In the wrong way.
Tuesday November 20, 2007, 12:15 pm
Admit it; you’ve always thought that Wizard was bad for comics. But did you know that it’s bad for your computer, as well?
“AVG detects a virus everytime I go to the Wizard site today. Just giving a heads up to those who haven’t visited the site yet.”
“I too just got an error from mine. Virus detected on Wizarduniverse.com”
“The site said I needed a chinese language pack for some reason when I was on there earlier today.”
“It may not be a virus, perhaps the site is coded ina away it
ehibits ‘virus like’ activity that triggers your AV proggy. Similar to
the way steam from a shower could trigger older model smoke detectors.”“Could be, but they need to fix that, who really wants to go there
and take the chance? Besides I’ve been there before and it never
triggered it, shouldn’t it do it everytime? Not just every now and then
for a week or so?”“I got something on my home pc last weekend, My AV picked it up. The
only site I looked at, beyond here and the BBC News website, was
Wizard’s…”Consider this a warning.
Powered by ScribeFire.
Some kudos for my other blog…
Filed under: Comic Book News, In case you missed it, Marvel Comics, On a personal note.., Tech Stuff
Not bad 
Friday, October 12, 2007 8:03 AM
cmosby
[Edit]This blog has been named one of the “Blogs to visit when attackers target Microsoft Windows”
I have to thank Rod Trent for bring this to my attention this morning.
Bill Brenner over on TechTarget had this to say in a recent blog post.
“In times like these, when IT administrators are trying to determine which flaws to deal with first, it helps to have an array of security blogs
to visit where the vulnerability details are sliced and diced and fellow IT pros can explain how they are addressing a threat in their
environments.I visit many of these blogs when trying to figure out which security issues need to be written about on any given day, and would like to devote this week’s
column to sharing them. And so here’s my list:”Not only am I on the list, but I am second in line
Not bad for a blog with no content huh?
In any case I am really glad to see that there are people out there that appreciate my meager attempts at trying to keep the community informed on various security issues. This and all of the people that have come up to me at MMS to give thanks for what I do really make it all worth while.
Thanks again!
Powered by ScribeFire.
Announcing “Mastering System Center Configuration Manager 2007″ Book
This is why i haven’t posted anything in a while, I have been very busy..
Well its official, I will be taking over the primary writing duties on the “Mastering System Center Configuration Manager 2007” book that will be published by Wiley. Chris Urban (former MVP now Microsoft employee) will be writing the rest.
This opportunity kind of fell in my lap after the original author, Brad Price; decided to change careers and go into business for himself. Thanks go out to John Hann for introducing me to the right people, which led to this great opportunity.
This has happened fairly recently but I am already hard at work on the book, and I have been having a lot of fun playing around with ConfigMgr. So far from what I have seen, it is a truly awesome product.
More information on the book can be found here? Note that my name isn’t on the book here yet, hopefully it will get updated soon.
Dan Didio’s Blog on MySpace.com hacked
Looks like Dan Didio’s blog on MySpace.com was hacked and two spam posts (with a racy picture) were inserted last night. I sent a message to let them know, but they are still there as of this morning, so I guess no one has noticed. Below is example of the text.
WHATEVER YOU DO, DON’T CLICK ANY LINKS IN THESE POSTS!!! They will probably install malware on your computer.
Hopefully someone that has better contacts at DC will read this and let them know before someone gets infected by this.
OMG KELLY IN HER DO ME PANTIES
Current mood:
pleased
Today turned out to be a good day after all.
I was feeling a little down because I broke my cellphone last monday
and the plan didnt cover a new one. So like the next day I was on
myspace and some guy i dont even know who he was, sent me this link to
this iphone survey on myspace so i filled it out and never expected to
hear anything about it again. Well friday comes around and I go out and
get the mail and there is this package that says generous genie on it
so i open it up AND IT IS A NEW IPHONE!I love this thing. the camera on it works REALLY good. check out this pic i took of my girl kelly. haha i cant believe she wears stuff like that!
Powered by ScribeFire.
WordPress › Blog » WordPress 2.1.1 dangerous, Upgrade to 2.1.2
Filed under: Administrative, In case you missed it, Tech Links, Tech Stuff
Patch now!!
WordPress › Blog » WordPress 2.1.1 dangerous, Upgrade to 2.1.2
March 2, 2007
WordPress 2.1.1 dangerous, Upgrade to 2.1.2
Long
story short: If you downloaded WordPress 2.1.1 within the past 3-4
days, your files may include a security exploit that was added by a
cracker, and you should upgrade all of your files to 2.1.2 immediately.Longer explanation: This morning we received a note to our security
mailing address about unusual and highly exploitable code in WordPress.
The issue was investigated, and it appeared that the 2.1.1 download had
been modified from its original code. We took the website down
immediately to investigate what happened.
It was determined that a cracker had gained user-level access to one
of the servers that powers wordpress.org, and had used that access to
modify the download file. We have locked down that server for further
forensics, but at this time it appears that the 2.1.1 download was the
only thing touched by the attack. They modified two files in WP to
include code that would allow for remote PHP execution.This is the kind of thing you pray never happens, but it did and now
we’re dealing with it as best we can. Although not all downloads of
2.1.1 were affected, we’re declaring the entire version dangerous and
have released a new version 2.1.2
that includes minor updates and entirely verified files. We are also
taking lots of measures to ensure something like this can’t happen
again, not the least of which is minutely external verification of the
download package so we’ll know immediately if something goes wrong for
any reason.Finally, we reset passwords for a number of users with SVN and other access, so you may need to reset your password on the forums before you can login again.
What You Can Do to Help
If your blog is running 2.1.1, please upgrade immediately and do a
full overwrite of your old files, especially those in wp-includes.
Check out your friends blogs and if any of them are running 2.1.1 drop
them a note and, if you can, pitch in and help them with the upgrade.If you are a web host or network administrator, block access to
“theme.php” and “feed.php”, and any query string with “ix=” or “iz=” in
it. If you’re a customer at a web host, you may want to send them a
note to let them know about this release and the above information.Thanks to Ryan, Barry, Donncha, Mark, Michael, and Dougal for
working through the night to figure out and address this problem, and
thanks to Ivan Fratric for reporting it in the first place.Questions and Answers
Because of the highly unusual nature of this event and release, we’ve set up an email address 21securityfaq@wordpress.org that you can email questions to, and we’ll be updating this entry with more information throughout the day.
Is version 2.0 affected?
No downloads were altered except 2.1.1, so if you’ve downloaded any version of 2.0 you should be fine.
What if we update from SVN?
Nothing in the Subversion repository was touched, so if you upgrade
and maintain your blog via SVN there is no chance you downloaded the
corrupted release file.
Technorati Tags: Blogging, Wordpress, Security patch, upgrade
powered by performancing firefox
