Shaun Stanislaus’s Tech blog

Just another WordPress.com weblog

Top 13 Twitter Don’ts

The number of new Twitter users has soared over the past few months, as the microblogging service has taken the media by storm. If you’re one of those new users, you may be baffled by Twitter’s peculiar culture, or nervous that you’ll commit some kind of microblogging faux pas.

Don’t worry, we’re here to help. While there aren’t specific rules for how to use Twitter, avoiding these 13 Don’ts will help you fit right in—and may even gain you some adoring new followers.1. Don’t live-tweet TV shows. @CorinneIOZO warns that lots of people use DVRs or watch shows on Hulu these days, so spoiling big moments (“OMG, the smoke monster was actually from outer space! No way!”) is a major no-no. As an alternative, tweet an inside joke that the show’s viewers will get, but that doesn’t give away any important details.

2. Don’t say anything that could get you fired or prevent you from getting a job. @JoelSD points out that if your tweets are public, they really are open to everyone, as has been demonstrated time and time again.

3. Don’t be boring. A simple rule that @kmonson follows is “Never tweet about food or the weather.” If your friends see one more “Good morning Twitterverse!” or “I had some awesome corn flakes for breakfast,” you’re getting un-followed.

4. Don’t forget the Twitter lingo: RT is retweet, and @name is how you respond or give props to someone. Feel free to be generous with both your RTs and your @s.

5. Don’t tweet more than ten times a day, or more than five times an hour, says @JasonCross00. It gets annoying and takes space and attention away from other Twitterers’ links and observations. If you have that much to say, maybe it belongs on a blog.

6. Don’t reply to every single tweet. As @seanludwig points out, it gets old fast.

7. Don’t tweet drunk, cautions @whitneyarner. Just like in real life, your followers might get a kick out of your drunk tweets, but you’ll probably regret them in the morning.

8. Don’t tell us about something cool or life-changing without a link or picture (use a service like TwitPic for your photos, and a URL shortener like TinyURL or is.gd for your links).

9. Don’t retweet something and leave off the original Twitter poster. Always give credit to those who wrote it first.

10. Don’t ignore people who send you a direct message or a reply, says @LanceUlanoff. Part of the Twitter experience involves conversing with your followers when possible.

11. Don’t #hashtag every topic. After a while, your topics will be ignored.

12. Don’t whine about people not following you, pleads @SaschaSegan. If you’re good at providing interesting stuff and you’re patient, you’ll get the followers you crave so badly.

13. Don’t tweet your bathroom habits. Seriously. Just don’t do it.

April 20, 2009 Posted by | Uncategorized | , | 13 Comments

Many still vulnerable to Conficker

Sophos has sent an alert saying many users still have yet to patch their PCs against the exploit that makes them vulnerable to the Conficker worm.

Sophos’ senior technology consultant Graham Cluley, said in a blog post Thursday, the antivirus company found 11 percent of users who had taken an endpoint assessment test at its Web site did not have the Microsoft OS08-067 patch installed.

The patch, available since October last year, fixes a vulnerability which allows the Conficker worm to infect PCs.

The Conficker saga has been broiling for the last month or so, where it received a swarm of media attention leading up to Apr. 1–when it was expected to detonate. Its real effects were seen about a week later, when it started dropping a mystery payload on infected computers.

Microsoft has also put up a US$250,000 reward for information leading to the arrest and conviction of the criminals behind the worm.

Cluley said in his blog post the 11 percent of infected PCs is “pretty depressing news”, given the press coverage the worm has received.

“It appears that the percentage of computers not patched against the exploit is holding steady,” he added.

The goal of Conficker’s creators remains unclear. While researchers have said the worm’s payload dumping activity indicates a profit motive, such as stealing passwords or spam-generation, Conficker has yet to fully reveal its intended function.

There are a number of tests and checks online, including an eye chart from the endpoint assessment test for the Microsoft patch.

Sophos is offering a tool to remove the Conficker worm from infected PCs, as well.

April 17, 2009 Posted by | IT News, Security | , , , , , , , , , , , , | Leave a comment

Twitter spoofing: The next logical exploit

First it was spoofing e-mail, then IM, and now spoofing Twitter is the new means of exploit. How attractive really is the ROI for attackers?

I just completed an article titled “URL shortening: Yet another security risk“, in which I discussed URL shortening and how phishers/attackers subverted it to drive unsuspecting users to malicious Web sites.

After reading the many comments, I was happy to note that in general users are getting savvier about misdirection exploits.

This appears to apply to Twitter as well, even though messages or tweets, with shortened links make it more vulnerable.

Fortunately, Twitter has an additional advantage in that we the users get to pick who can send us tweets. This capability significantly reduces the risk simply because you know who’s sending you the message.

Well, maybe not
I’ve just finished reading an article by Washington Post’s Brian Krebs titled “Twitter security hole left accounts open to hijack“. It seems that it’s not that difficult to spoof Twitter messages.

Krebs quoted Lance James a security researcher and author of “Phishing exposed“:

“Anyone could authenticate and hijack a Twitter account by using SMS spoofing services, such as my-cool-sms.com, or phonytext.com. These Web sites allow users to mask what phone number they are texting from by letting the user input whatever phone number they want to appear in the from field.”

Oh great, this totally negates the one advantage that Twitter had over IM and e-mail. It’s not hard to see that phishers/attackers would want to leverage SMS spoofing along with URL shortening to redirect victims to malicious Web sites.

Help from the cellular network operators
One good thing that Krebs alluded to was the fact that SMS spoofing may only work if the attacker is located outside of the United States:

“Twitter co-founder Biz Stone wrote in an e-mail.[Mobile] carriers in the U.S. have their own systems for blocking SMS spoofing. Indeed, most U.S.-based mobile carriers have put in place measures to block SMS spoofing on their networks. But this is generally not the case for international mobile networks.”

It appears that United States is one of the few countries forcing cellular carriers to clamp down on SMS spoofing. That’s great, but spoofing Twitter messages is still possible just about everywhere else. I’ll give you two guesses where most phishing and malware exploits originate, and the first one doesn’t count.

Proof of concept
H Security (a German security company) verified that SMS spoofing works in an article titled “Twitter spoofing fix fails in UK and Germany“. The article provides the following details of the process:

“In the UK, we had a mobile phone associated with a Twitter account. By taking only the number of the mobile phone and setting it as the sender field on PhonyText then sending an SMS to +447624801423, the UK number for sending SMS tweets, we were able to see our message appear in the tweets on the honline page.”

The article goes on to explain what this potentially means:

We then promptly removed the association between the phone and the Twitter account. An attacker could have created a message directing followers to malware sites, to other risky locations on the web, or posted tweets designed to ruin the reputation of the account owner.”

What this means
First, the ability to spoof a Twitter message enhances all the normal misdirection schemes that are already in play. The fact that shortened URLs are common place in Twitter messages makes it even easier to pull the scheme off.

The damages from the SMS spoofing and URL shortening exploit can be as simple as malware being loaded on victims’ computers to as complex as stealing sensitive financial information from the victims. Also a cruel joke could be played on Twitter accounts that don’t have unlimited texting. It would be easy to run up some monster phone bills as noted in the Twitter support section:

“Twitter charges you nothing, but how much it costs to use Twitter with text messaging depends on your text messaging plan. Standard text messaging rates (such as international text messaging fees) do apply. Consult your service provider to ensure that your text plan covers your Twitter usage.If you’re using our international number, give your provider the Twitter phone number you’ll be using to see if you’ll incur extra charges. If you’re using Twitter from outside of the US, please consult your carrier, as every provider has a different policy.”

Final thoughts
Following spoofing’s logical progression was easy for the phishers and malware creators of the world. Yet, from the comments I’ve read, it seems like it’s getting harder for them to find chinks in the armor. That’s good and should be heartening to all of the people who are trying to keep the Internet the amazing place it is.

Still, there needs to be awareness and vigilance as long as the possibility of a ROI is perceived by the dark side.

April 15, 2009 Posted by | hacker, IT News, Security | , , , , , , , , , , , , , | Leave a comment

Eight ways IT consultants can succeed in a turbulent economy

Committing to client satisfaction, marketing creatively, and guarding expenses are among the best methods any IT consultant can employ to succeed. Find out what else Shaun Stanislaus recommends you should do — as well as what not to do — to succeed in this economic climate.

——————————————————————————————–

While growth opportunities exist for independent consultants, recessionary environments require that IT professionals carefully plan investments, resources, and initiatives. Intuit’s financial software application sales, for example, are performing well despite the economic downturn. But it doesn’t necessarily make sense for an IT consultancy to dedicate its entire focus to becoming a QuickBooks shop just because that segment is showing some life. Instead, it may make more sense to add those skills as an additional, complementary competency. Nor should IT consultants make rash decisions concerning other aspects of their business.

Here are actions IT consultants can implement to survive downturns and better manage financial storms.

#1: Focus on the client

When the economy sours, client satisfaction becomes paramount. Forging long-term relationships with clients, in which their specific needs and objectives come first, will help you stand a much better chance of prospering.

Even when PC and server shipments drop, businesses and charities still upgrade and replace older equipment and add new systems and software. By earning clients’ trust, you become a business partner during good times and bad.

When listening to clients’ needs, truly listen. If a client suggests he needs to update a CRM platform, refine a database, or smooth e-mail communications, don’t interpret that as the client saying he needs three new 64-bit servers loaded with quad-core CPUs to power the corresponding back end. Instead, the client is saying he has a problem that needs fixing. Remember that it may be possible to leverage existing equipment and systems, tweak network or firewall settings, or maybe just upgrade software applications, as opposed to replacing the entire infrastructure.

#2: Market your business at all times

People can’t hire you if they don’t know what you do. While it sounds simple, it’s amazing how often businesses miss opportunities to promote themselves.

For example, do you ever use a restaurant’s pen to sign the credit card receipt for dinner? Why do the pens waiters and waitresses hand you so often promote an insurance office or bank instead of their own establishment?

To brand yourself, always carry business cards and put professional logos on your vehicles. Visit local EmbroidMe and SIGNARAMA franchises for help promoting your business, whether you need signs, decals, briefcases and attaches, clothing, or more.

#3: Treat yourself as a client

Ask yourself what advice you’d give your organization if you were hired to help solve its problems. Really… you should try it.

Would you recommend continuing to run Exchange, SQL Server, your test software environments, Remote Web Workplace, Outlook Web Access, file and print services, your company’s Web site, your organization’s SharePoint site, and Intranet, fax services, and more on your aging Pentium-powered server with 1 GB RAM? Or would you tell the client there’s nothing you can do to help until they upgrade their dangerously obsolete equipment?

#4: Leverage your investments

Be reasonable with expenses and ensure any investment has a direct tie to fueling existing business, generating new revenue, or reducing operating costs.

If you don’t know the exact return a significant new hardware, software, or systems investment will provide, sit down with trusted employees and/or advisors to review the expense. The toughest recession since the 1930s is no time to overextend the company’s finances, but it’s also no reason to forego carefully considered investments that can better position your organization for growth and success.

#5: Maintain your skills

Sure, maintaining your skills is easier said than done, but it’s critical to your success.

New technologies — including new Linux distributions and Microsoft server and desktop operating system platforms — will prove critical to the success of your consulting and contracting organization. Many clients will request information on such new releases, and these new systems could be the best fit for solving a variety of clients’ issues. Thus, it’s essential that you become familiar with the features and capabilities of new technologies. It’s also important that you learn the limitations, bugs, and workarounds inherent in all new systems.

There are a variety of sources to help maintain your knowledge, but you should start by researching vendor options.

Microsoft offers partners the Microsoft Action Pack Subscription (MAPS) program, which provides registered partners with internal-use, full-version software. Consultants can load new operating systems and applications on test machines to obtain first-hand experience installing, configuring, and troubleshooting important new products. In addition, Microsoft includes sales and marketing materials and tools in MAPS.

Training providers can prove helpful, too. If your personality is better matched to learning new material in a structured classroom environment, check out technology training classes in your area. You’re likely to find local colleges, technical schools, and other training providers who offer targeted instruction. New Horizons and ITT Technical Institute are two options.

Computer-based training is another option. Several respected companies, including CBT Nuggets, PrepLogic, and SkillSoft, offer products to help you train at your own pace.

#6: Keep your regular rates

Deflation is more often associated with an economic depression, as opposed to a recession. IT consultants have very real costs associated with their businesses (computers, fleet leases, Internet connectivity, mobile phones, accounting services, electricity, office rent, etc.). Don’t panic and lower rates. If your organization doesn’t cover its costs of conducting business, it cannot survive tough economies. Committing to client satisfaction, marketing creatively, and guarding expenses are among the best methods any organization can employ to succeed.

#7: Strengthen vendor relationships

You shouldn’t underestimate the importance of strong vendor relationships, particularly those providing general IT support and services. Consultants receive a serious competitive advantage when they can customize systems, fulfill orders quickly, and receive attractive pricing or discounted support services.

Vendors are much more likely to negotiate discounts and package deals during periods of recession, too. Strong long-term vendor relationships are just as important as long-term client relationships. Without flexible vendor relationships (which are built over time), you’ll find options for assisting their clients limited.

That’s not to say you should just start taking vendors to lunch. Instead, you should take time to contact sales representatives and vendor account executives to learn what’s new in the pipeline, what promotions and pricing strategies are becoming more important for the vendor, and what trends the vendor is noticing and/or tracking. By knowing a vendor’s needs and by becoming more familiar with important vendors’ products, services, and challenges, you can learn how a vendor’s products or services (and any unique benefits and advantages) might best address and solve clients’ needs.

#8: Choose niches carefully

IT consultants often target a specific niche, such as physicians’ offices, manufacturing firms, or energy companies. Software developers may not have a choice; the platform they develop may be so specialized that’s their only real outlet.

But if you have a choice, you should consider expanding your market focus to include multiple vertical industries. By targeting clients across a variety of industries, you can better insulate yourselffrom the effects of economic recession. Many Windows consultants, for example, are finding their services remain in demand. That’s a common factor, after all; dentists, physicians, manufacturing firms, and restaurants all are among those segments largely using Windows.

While not all consultants can target multiple industries, those who can should — now more so than ever.

April 7, 2009 Posted by | Consulting | , , , , , , , , | Leave a comment

List of Full WEB 2.0 API

Advertising

Google AdSense Advertising management
Google AdWords Search advertising
Microsoft adCenter Online advertising services
UrlTrends Link tracking and search optimization
Wordtracker Search engine optimization services
Yahoo Ads Online ad management
Yahoo Search Marketing Search advertising platform
Answerbag Questions and answers service
Blogwise Blog and feed search service
SplogSpot Database of spam blogs

Blog Search

Blogwise Blog and feed search service
SplogSpot Database of spam blogs
Tailrank Blog search and news aggregation service
Technorati Blog search services

Blogging

Akismet Blog spam prevention service
Blogger Blogging services
FeedBlitz Blogs by email service
FeedBurner Blog promotion tracking service
LiveJournal Blogging software
Performancing Blog management
TypePad Blog management
Weblogs Blog ping service
Windows Live Spaces Blog services

Bookmarks

Blogmarks Social bookmarking
del.icio.us Social bookmarking
linkaGoGo Social bookmarking service
Ma.gnolia Social bookmarking service
OnlyWire Social bookmarklet service
Shadows Social bookmarking and community
Simpy Social bookmarking

Calendar

30 Boxes Calendar service
Google Calendar Calendar service
Spongecell Online calendar service

Chat

AOL Instant Messenger Instant messaging chat service
AOL Presence Online presence service
Google Talk Chat application
IMified Instant messenger buddy
Lingr Online chatroom services
MSN Messenger Chat and messaging
WebAIM Web based instant messaging
Yahoo Messenger Instant messaging

Community

Blue Dot Content sharing community
coRank Distributed user reviews service
Facebook Social networking service
PartySpark Social events service
RockYou Super Wall Content sharing platform within Facebook
Twitter Community site

Email

Email Address Validator Email address validation service
ExactTarget Email delivery services
IntelliContact Email marketing service
JangoMail Bulk email service
Mailbuild Email forms and templates service
Publicaster Email marketing management
StrikeIron Email Verification Email verification service
Vertical Response Email management services
Webmail.us Email hosting service
WhatCounts Email management services
Yahoo Mail Web based email system

Enterprise

Employease On-demand human resource management
Google Provisioning User provisioning for Google Applications
Lokad Time series forecaster
NetDocuments Enterprise document management service
NetSuite Business application suite
Salesforce.com CRM services
WebEx Conferencing and collaboration services

Events

Eventfinder Events calendar
Eventful Events discovery and demand
Spraci Events and clubs database
Upcoming.org Collaborative event calendar
Zvents Local events search and community

Financial

Blinksale Online invoicing services
Currency Rates Currency rates
Dun and Bradstreet Credit Check Credit check
FreshBooks Online invoicing and time tracking
KashFlow Online accounting software
Moneytrackin Expense tracking
NetAccounts Online accounting service
Prosper Peer-to-peer network
StrikeIron Historical Stock Quotes Stock price quotes for US equities
StrikeIron Mutual Funds Historical mutual funds
StrikeIron Stock Quotes Basic Real-time stock quotes
Wesabe Personal finance management and community

Government

Cicero Lookup service for US elected officials by address
Civic Footprint Political geography lookup for Illinois
Democracy In Action Advocacy services for nonprofits
FedSpending.org Database of US government spending
Follow The Money Database of US campaign contributions
GovTracker Rhode Island state data services
LOUIS US federal documents database
Open Patent Services European Patent Office web services
Sunlight Labs US Congress database service
TheyWorkForYou Track the UK Parliament
Who is my Representative Database of US congressional representatives

Internet

Alexa Site Thumbnail Thumbnail images of web site home pages
Alexa Top Sites Web site traffic rankings
Amazon EC2 Elastic Compute Cloud virtual hosting
Clicky Web site analytics
Compete Internet web site metrics and analytics
Cordurl Geo coordinate translation
Dapper Service for API creation
Domain Tools Internet domain name lookup
Durl.us URL shortening
Ecommstats Web analytics
Hostip.info IP lookup
HTML2PDF HTML to PDF conversion
Internet Archive Non-profit Internet library
IP Address Lookup Determine IP address from domain name
Mint Web site metrics and reporting
Mon.itor.us Web site monitoring services
MyNotify Feed publication
Nenest Web forms and application framework
Outune Web map engine
Pingdom Web site monitoring and reporting
Qurl URL redirection
SoftLayer Systems management and monitoring
UnAPI Proposal for web clipboard
W3Counter Web site metrics tools
Webride Attaches discussions to any site
WebThumb Thumbnail image generation
Windows Live Custom Domains Web site administration
Yahoo Site Explorer Web site analysis service

Job Search

Indeed Job search services
SmashFly Job board posting service

Mapping

ArcWeb Mapping and GIS services
BigTribe Location based advertising
deCarta Location-based services
EarthTools Web services for geographical information
FeedMap Blog geo-coding
Garmin MotionBased GPS services and mapping
geocoder Geocoding services for US
geocoder.ca Geocoding services for Canada
GeoIQ Geospatial analysis and heat mapping service
GeoNames Geographic name and postal code lookup
GetMapping Aerial photography and mapping service
GlobeXplorer Mapping services
Google Maps Mapping services
HopStop Mass transit and walking directions
iShareMaps On Demand UK Postcode Geocoder
Map24 AJAX API Mapping services
Mappr Photo mapping
MapQuest Online mapping service
Mapstraction Mapping API abstraction layer
MetaCarta Location and geotagging services
Microsoft MapPoint Mapping services
Microsoft Virtual Earth Mapping services
Multimap Global online mapping service
NASA Satellite mapping images
Naver Maps Korean mapping service
Nearby.org.uk Geocoding service for UK
Ontok Geocode any US address
OpenLayers Mapping API abstraction layer
OpenStreetMap The Free Wiki World Map
Platial Collaborative geographic service
Plazes Location discovery service
Poly9 FreeEarth 3D mapping service
Pushpin Mapping service
Urban Mapping Urban geo-spatial data services
USGS Elevation Query Service Determine elevation based on latitude and longitude
ViaMichelin Mapping, directions, and travel booking
Wayfaring Map creation and sharing service
WHERE GPS Mobile GPS widget platform
Where Is Tim Web Service Location tracking
Where2GetIt Geospatial Non-mapping geospatial services
Where2GetIt SlippyMap Online mapping service
Whereis Australian and New Zealand mapping service
Wigle Wireless network mapping
Yahoo Geocoding Geocoding services
Yahoo Map Image Map image creation service
Yahoo Maps Mapping services
ZeeMaps Embedded maps and international geocoding
ZoomIn Australian mapping service

Media Management

BBC Multimedia archive database
Grouper Video Video sharing service
Orb Digital media remote access and management
Phanfare Photo and video sharing service
Streamload Online media storage

Medical

cPath Medical database lookup
Kegg Bioinformatics data services
NCBI Entrez Life sciences search services
SeqHound Bioinformatics research database

Messaging

411Sync SMS, WAP, and email messaging
Aql SMS solutions portal
Clickatell SMS Messaging services
Jaiku Social messaging service
Mobivity SMS marketing messaging service
Movil SMS messaging
PartySync Messaging services
Sabifoo IM to RSS conversion service
SmsBug SMS messaging services
StrikeIron Global SMS Pro SMS messaging services
StrikeIron Mobile Email Mobile email messaging service
Textamerica Moblogs
Trekmail Messaging services
Twittervision Location based data for the Twitter service
Userplane Communication software for online communities
Vazu SMS messaging service

Music

AOL Music Now Music playlist management
Digital Podcast Podcast search
Faces.com Photo and media sharing service
Feedcache Feed caching service
Freedb / CDDB Online CD catalog service
Last.fm Music playlist management
MP3Tunes Music services
MusicBrainz Music metadata community service
MusicDNS.org Music fingerprinting service
MusicMobs Social music service
OpenStrands Music recommendation and discovery
Rhapsody Online music services
SeeqPod Music recommendation service
SNOCAP Digital music marketplace
Soundtoys Visual artists works repository
Tunelog Music metadata management
WebJay Music playlist management
Winamp Customizable music player
Yahoo Music Engine Desktop music player

News

AmphetaRate News aggregator
ClearForest Semantic Web Services1 Natural language processing tools
Daylife Online News Service
Digg
Findory Personalized news aggregation
Macromedia News Aggregator Data access service
Moreover News delivery
NewsCloud Social news service
NewsIsFree Online news aggregation

Office

Backpack Online information manager
Big Contacts Web based contact management
EditGrid Online spreadsheet
Google Documents List Document management services
Google Spreadsheets Online spreadsheets
Numbler Online spreadsheet service
SlideShare Presentation sharing community
Zoho Online office suite

Photos

AOL Pictures Online photo management
Buzznet Photo sharing
Flickr Photo sharing service
Fotolia Royalty free stock photos
Google Picasa Photo management and sharing service
imageLoop Animated slideshow service
Panoramio Photo upload site with organizer
Pixagogo Online photo services
Riya Photo search
ShutterPoint Stock photography service
Smugmug Photo sharing service
Snipshot Online photo editing service
WebShots Photo sharing service
Yahoo Photos Online photo service
Zoto Photo sharing service

Recommendations

Criteo Distributed recommendation service
EasyUtil Recommendation service
RapLeaf Portable ratings system
Yelp Local user reviews and city guides

Reference

Aonaware Dictionary Dictionary lookup service/td>
City and State by Zip Code Address lookup service
Dun and Bradstreet Research company background data
Bussines Verification Business research services
FUTEF Wikipedia API Third party Wikipedia web service
ISBNdb Books database
Library of Congress SRW Information database search
Microsoft MSDN Technical reference library
OpenDOAR Academic research repository
PhoneVal Phone number validation service
RealEDA Reverse Phone Lookup Lookup address and name via phone
SRC Demographics Demographic reference data
StrikeIron Address Verfication Global address verification service
StrikeIron Do Not Call Telephone number verification
StrikeIron Insider Trading Insider trading transaction information
StrikeIron Phone Number Enhancement Adds address and statistical data based on phone number
StrikeIron Residential Lookup Residential directory lookup and validation service
StrikeIron Reverse Phone Lookup Reverse phone lookup services
StrikeIron Sales Tax Basic Sales and use tax data service
StrikeIron Super Data Pack APIs for variety of reference data sources
StrikeIron US Census Census data information service
StrikeIron Zacks Company Profile Corporate profiles web service
Talis Library 2.0 reference services
UrbanDictionary Slang dictionary lookup
US Yellow Pages Telephone directory
Yahoo Answers Community driven reference service

Search

Alexa Web Information Service Web site information and traffic data
Alexa Web Search Web Search Engine
Amazon A9 OpenSearch
Gigablast
Google Ajax Search Web search components
Google Code Search Code search service
Google Desktop Desktop search and gadgets
Google Search Search services
Kratia Democratic search engine
Naver Korean search engine
Vast Structured web search
Windows Live Search Internet search
Wink Social search service
Yahoo Image Search Image search services
Yahoo Local Search Local search service
Yahoo My Web Search Personalized search services
Yahoo Related Suggestions Search suggestion service
Yahoo Search Search services
Yahoo Term Extraction Contextual search service
AOL Open Auth Authentication services

Shopping

Amazon eCommerce Online retailer
Amazon Historical Pricing Historical product sales data
Authorize.Net Internet based payment gateway services
AvantLink Affiliate marketing network
CNET Shopping services
Commission Junction Online affiliate programs
DataUnison eBay Research eBay pricing and sales trend data
Direct Textbook Book price comparison service
eBay Online auction marketplace
GoodStorm Online retail ecommerce
Google Base Platform for structure and semi-structured data
Google Checkout Shopping cart services
PriceRunner Shopping comparison engine
Shopping.com Online retail shopping
SwapThing Community driven swapping site
UPC Database UPC lookup service
Windows Live Expo Online classifieds service
Yahoo Shopping Shopping services
Zazzle On-demand product creation service

Storage

Amazon S3 Online storage services
Box.net Online file storage
MoveDigital File delivery and management services
Omnidrive Online storage services
Open Xdrive Online data storage service
Openomy Online file system
Tagalag Email tagging
TagFinder Tag extraction service
Tagthe.net Tag recommendation service
TagTooga Tag based Internet directory

Video

Truveo Video search
Blinkx Video search
Dave.TV Video distribution network
LiveVideo Video repository and user community
Revver Video services
Veoh Virtual television and video network
Video Detective Film trailers, cast, images, and related information
Yahoo Video Search Video search
YouTube Video sharing and search

Widgets

ClearSpring Widget creation, distribution, and tracking services
Google Gadgets
Netvibes Personalized home page with widgets
Pageflakes Personalized start page and widgets
Serence Klip Desktop gadgets
SpringWidgets Widget platform
TagWorld Social web services
Windows Live Gadgets Online gadgets service
Windows Sidebar Gadgets Desktop gadgets
Yahoo Widgets Desktop widgets
Yourminis Personalized start page

WIKI

DBpedia Structured query interface to Wikipedia
JotSpot Wiki-style collaboration tools
PBwiki Consumer wiki farm
WikiMatrix Wiki search and comparison service

April 5, 2009 Posted by | IT News, Life skills | , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | 6 Comments

Business Productivity

Business Productivity

Handshake is the place to meet your next friend, programmer, project manager, accountant, interface designer and more. By adding someone as a contact here, you can collaborate online in 8apps. Handshake is social networking with purpose.

BlueTie.com is a free Web-based email, calendaring, and file sharing for new and growing businesses. Each account includes up to 20 users with domain name support.

Business IT Online offers free online small business software applications that take away the need for a costly networked IT solution. It provides the host, maintain it, upgrade it, secure it and back it up so all you need to do is use it. Among the applications are the following:

8 apps calendar

  • Calendar Online – an integrated online scheduling application to help you manage your personal activities and track team and resource availability.

8 apps cashflow

  • Cash Flow management software enables you to stay on top of your finances and avoid the number one reason why small businesses go out of business.

8 apps contacts

  • Contacts Online keeps a secure and easily accessible central database of business contacts for your team. Business IT Online’s unique contact filter allows you to store contacts as individuals or companies and find the contact details you need, much faster.

8 apps documents

  • Documents Online If you want to work from home as well as the office, it might seem like a distant dream to be able to access all of your important files from multiple locations. Business IT Online is your solution.

8 apps marketing

  • Marketing Online is a free online business profile (a ‘BIO’) to promote your products and services and win new business.

Central Desktop is a full work suite for project teams including spreadsheets, file sharing, calendar and more. It was created for business teams, not the IT department. That is why no technical knowledge or programming experience is required.

Colligo software enables mobile teams equipped with wireless capable laptops to instantly and securely network together no matter where they are working – at the client site or on the road. Once connected, they can share files, share an Internet connection, share a printer, collaborate on a document, chat, compare calendars and much more.

Concept Share allows you to easily share designs inside Workspaces that contain designs related to a certain topic or project. It’s easy to invite people into a workspace. Invite team members, managers, clients, and consultants to add and reply to comments, chat and markup designs. People do not have to be in the workspace at the same time to contribute. Workspace members can log-in anytime to any workspace they are member. If members do happen to be in the workspace at the same time they can collaborate with real-time chat and real-time comment updates and concept updates.

Confluence is an enterprise wiki that makes it easy for your team to collaborate and share knowledge. Adding, sharing and finding content has never been easier. These benefits come with all the additional features needed to make it a part of your business: enterprise security, simple installation and management, user-friendly WYSIWYG interface, powerful tools for structuring and searching your wiki, professional features such as PDF export and automated refactoring, and more.

Contact Office allows to easily manage your data (emails, contacts, meetings, documents, tasks, …) in your virtual office from any computer with a Web browser and an Internet connection. Share your data and access shared data efficiently in the context of work or leisure groups. Your data are safe and available anytime on the Web, on a PDA (online or offline) or on a WAP capable cell phone.

Copper is a web-based project management and collaboration tool used by teams to share and manage clients, projects, tasks, files, contacts and events quickly and easily.
Used by leading organizations like Apple, Cisco, Praystation, and Ogilvy One, yet affordable for all business sizes, discover how Copper can help your business by signing up for your free trial.

CrossLoop is a free secure screen sharing utility designed for people of all technical skill levels. CrossLoop extends the boundaries of VNC’s traditional screen sharing by enabling non-technical users to get connected from anywhere on the Internet in seconds without changing any firewall or router settings. It only takes a few minutes to setup and no signup is required.

Eloops software includes project management, calendar, data backup, and social networking software.

Foldera is a free and intuitive filing system of web-based folders that automatically organizes your work WHILE you work. Whether you work alone or in a workgroup environment, Foldera is super easy to use and makes working with multiple files and people seem practically effortless.

Google Docs & Spreadsheets is a free web-based word processing and spreadsheet program that keeps documents current and lets the people you choose update files from their own computers. You can, for example, coordinate your student group’s homework assignments, access your family to-do list from work or home, or collaborate with remote colleagues on a new business plan. Google Docs & Spreadsheets allows you to import your existing documents and spreadsheets, or to create new ones from scratch. You can edit your documents from anywhere. Google Docs & Spreadsheets accepts most popular file formats, including DOC, XLS, ODT, ODS, RTF, CSV, etc. Besides, you can publish your documents and spreadsheets online with one click, as normal-looking web pages, without having to learn anything new.

Huddle is a network of secure online spaces that combine powerful document, project and team tools with the simplicity of social networking site. It is ideal for brands, advertising, marketing, PR, design, legal and accountancy companies as well as freelancers and consultants. Use huddle to manage multiple projects from one interface, securely share and approve documents, deliver superior client service and add value to your existing relationships.

Joyent is run by, and for, people who love publishing on the Web. Design, develop and deploy applications using our collaboration software, data backup services and on-demand computing solutions. The ease with which Joyent solutions scale to meet increased demand allows startups and developers to focus on growing their business – instead of watching over their servers.

long jump

LongJump is a dynamic business applications that manage and coordinate teams and information. The LongJump Catalog provides affordable, web-based applications you can subscribe to that power your business. It makes it easy to centralize your business data to share with your team, while also automating common business processes. Customize or create your own applications that address your unique business needs without writing a single line of code.

Mindquarry is an Open Source collaborative software platform for file sharing (documents, images, media files, etc.), task and project management, team collaboration and Wiki editing that meshes simplicity and functionality. As a result, knowledge workers are able to connect with team members and share information from wherever they are, effectively improving team-work and increasing productivity within the company.

Near-Time integrates wikis, weblogs, and file-sharing to deliver the fastest ROI for your collaboration investments.

Nexo is a free service that allows groups to collaborate online. Groups can share interactive calendars, pictures, videos, tasks, polls, comments, blogs, files and much more.

Octopz contains a full range of powerful features to enhance effective online collaboration including: one-click participation (recipients of an email invitation simply click on a link to join the virtual Meeting Room), on-screen annotation, support for digital Media/Content,
Text Messaging/VoIP/Webcams, archiving, administrative tools, and more.

OpenTeams.com is web-hosted collaborative software to foster a more innovative culture. In addition to project collaboration, blogging, social networking, community building, and knowledge management, OpenTeams is an innovative initiative development solution where employees collaboratively seed and mature new ideas for additional revenue, productivity, and cost-savings.

QuickBase.com is flexible online working application. With QuickBase from Intuit, your team finally has an easy way to organize, track and share information – all from a single web site. Watch productivity soar with QuickBase’s customizable online workgroup applications.

PlanHQ.com is an online business planning tool that takes your plan away from being a static document and turns it into a dynamic and up-to-date overview of where you’ve been, where you are and where you’re going. With PlanHQ, your business plan changes as your business changes, not just once or twice a year. Your whole team is actively involved in creating your plan and can align and prioritize all their work against goals. This means that everyone is always working to plan and ensures you achieve your goals.

ProjectSpaces is a simple, secure and powerful web-based workspace to help your project teams, workgroups, committees, partners, and others quickly and easily connect, share and collaborate. ProjectSpaces is easy to use and can be set up in just a few minutes. It was created for the average computer user – not techno geeks. You can share documents with project team members regardless of geographic constraints. At one glance, view and access your most recent tasks, announcements, events and discussions on your project homepage. Participants have the ability to directly update status of their tasks and other information.

Solodox allows to create a document right in your browser. Edit on any machine you can find anywhere. You can create a project for your group. Invite members to read or edit the project.
Share your document with your friends. Do a simultaneous editing with your friends.
Download documents as HTML/RTF/Word/Text file to the machine of yourself. Solodox supports English, Japanese and Chinese.

TeamWorkLive is an intuitive, secure, web-based project management and collaboration tool. It helps you run your projects more efficiently, promotes collaboration and accountability among team members, and makes your clients happier through increased transparency. TeamWork Live is hosted so there is no software to install or support. All you need to get started is a web browser and an Internet connection.

TheOpenDoc is a free collaborative application, that enables teams to work efficiently together over the Internet. Through workspaces you can easily create and share with friends, business partners and colleagues.

Thinkature is a real-time collaboration application for the web. Use it to record ideas on cards, show relations with connectors, draw diagrams to express complex ideas, add images from the web or from your own hard drive. You can separate ideas by color and more.

Tracbac is a visual collaboration platform for designers and clients to interact over a modern browser. It succeeds in narrowing the gap between designers & clients by providing a rugged and easy to use collaboration platform. TracBac is web based and does not require installation of any software. A regular PC or Mac with a browser and an Internet connection is all it needs to get going.

uhuroo

Uhroo is the fastest and easiest way for teams to connect, share, collaborate, and stay on the same page. Uhuroo provides everything a team needs to share information, manage collaborations, and ensure that all their information and conversations remain secure and available.

Vyew is a free online meeting service that brings people and content together. Use Vyew to host live conferences or collaborate over time. Vyew is safe, reliable, and you don’t need to configure anything. All you need is a web browser (IE 6+, Firefox, or Safari).

WebOffice makes working together easier. You can share documents, calendars, information, and conduct live meetings from the office or the road. WebOffice brings together powerful, professional web-based business applications specifically designed to make collaboration easy and cost-effective. Everything you need to manage your business on the web is together in an integrated, centralized place.

Wrike a leader in on-demand Online Project Management. Wrike helps to save time for marketing agencies, software development teams, event organizers, publishers, financial services firms, process engineering companies and many others. Wrike is a Web application, so you do not need to download or install anything. Our patent-pending technology works with your e-mail client. So you can keep track of tasks with e-mail. Wrike can help you to turn e-mail overload into nice-looking project plans.

Writewith is a web-based software application designed for anyone who needs to work on a document with anyone else. Writewith.com can be used for office memos, group projects, news stories or even drafting a letter with a friend.

Yugma is a free web collaboration service that enables people to instantly connect over the Internet to communicate and share content and ideas using any application or software. Whether you are using Windows, Mac or Linux computer, you can connect on-demand and real-time with co-workers, clients, friends and family — regardless of whether they are across the city, nation or even the globe.

Zimbra is open source server and client software for messaging and collaboration – email, group calendaring, contacts, and web document management and authoring. The Zimbra server is available for Linux, Mac OS X, appliances, and virtualization platforms. The Zimbra Web 2.0 Ajax client runs on Firefox, Safari, and IE, and features easy integration / mash-ups of web portals, business applications, and VoIP using web services.

Zoho – offers a word processor with collaboration features, spreadsheet, presentation tool to create, edit, publish, and show presentations, wiki writer, notebook, project management, CRM solution, database creator, calendar, web conferencing, email and chat and more.

Creative Collaboration

Kalabo.net is an online service that allows musicians of all skill levels to collaboratively mix and modify each others original work. Download original free tunes from around the world. Mix the tunes or record your own tracks over them. Share the tunes with others to mix themselves

Glypho.com is a site dedicated to group writing of fiction.

Novlet.com is a web application designed to support collaborative writing of non-linear stories in any language. With Novlet you will be able to read stories written by other users, create your own ones, and choose the plot you like most from several alternatives. Novlet stories are divided in passages, text sections usually made of a few paragraphs: users can continue stories or add alternative storylines by creating their passages after existing ones. The only limit is your fantasy.

WebBrush it is on-line multi-user web application for creating and discussing some charts, diagrams, schemes, sketchs; discussing some ideas, projects, plans, tasks; sharing your photos, some graphical materials.

WriteMaps.com is a free web-based tool that allows you to create, edit, and share site maps online. As a WriteMaps user, you and your team will be able to build and access your site maps from anywhere, without having to rely on proprietary desktop apps and static files. To get started, take the tour or sign-up for an account!

Family and Social Collaboration

cozi

Cozi Central helps busy families manage schedules, appointments, shopping and communications from wherever you are — the kitchen, car, office or even the grocery store. Cozi Central is available as a software download and in a Web version.

Famundo for Families is your family hub, making your family’s schedule manageable and giving you control over your daily life. It offers Family Calendar, Address Book, Message Board and Family Library.

Grouptivity is a web service platform that replaces “email a friend”. Grouptivity provides web publishers visibility over the distributed web content, and monetization opportunities.
It provides a significantly better experience for your web visitors to share and discuss web content.

LooseStitch lets you create and share outliner documents, brainstorm ideas, jot them down, call friends over, get feedback, and many more.

Mecanbe lets you create, customize and share Goal-Lists to help advance in any area of life. You can rate your goal performance periodically and view charts of your ongoing progress.
Share strategies for success and help empower the rest of the world.

Stixy is an online bulletin board. You can create as many Stixyboards as you like, one for each project. UseStixy to easily organize and share: your family’s schedule, projects at work, an upcoming holiday, your photos, or share a file or two with a friend.

Wamily is a social collaboration application. You can use it for your group, team, family or club organization.

Mindmapping

bubbleus

Bubbl.us is a simple and free web application that lets you brainstorm online. With bubbl.us you can create colorful mind maps online, share and work with friends, embed your mind map in your blog or website, email and print your mind map, save your mind map as an image .

Comapping is a tool for the globalized world where complex problems must be solved quickly and intelligently. This often implies that a team must collaborate to achieve the solution. Comapping unleashes the potential of such collaborations – even if the collaborators are separated by geographical and/or time-zones. It allows you to easily keep track of who should do what and when. It is straight-forward to agree on tasks while collaborating on how a specific challenge should be met.

Gliffy is free, easy and fun. It offers diagramming in your web browser without downloading additional software. You can add collaborators to your work and watch it grow. Link to published Gliffy drawings from your blog or wiki. Create many types of diagrams such as Flowcharts, UI wireframes, Floor plans, Network diagrams, UML diagrams, or any other simple drawing or diagram.

Kayuda provides many things to many people. Authors use it to create stories. Gamers use it to create campaigns. Businesses use it to collaborate on projects. Individuals use it to brainstorm ideas.

Mind42 is a browser based online mind mapping application. With mind42.com installing mindmapping tools is no longer needed- for a hassle-free mindmapping experience. Just open the browser and launch the application when needed. It allows to keep track of all your ideas, whether alone, with colleagues and friends or working together with the whole world.

Mindomo is a versatile Web-based mind mapping tool, delivering the capabilities of desktop mind mapping software in a Web browser – with no complex software to install or maintain.
Create, edit mind maps, and share them with your colleagues or your friends.

Mindmeister allows to create, manage and share mind maps online and access them anytime, from anywhere. In brainstorming mode, fellow MindMeisters from around the world (or just in different rooms) can simultaneously work on the same mind map – and see each other’s changes as they happen. Using integrated Skype calls, they can throw around new ideas and put them down on “paper” at the same time.

April 5, 2009 Posted by | Industry Best Practice, IT News, Technology | , , , | 1 Comment

Conficker’s autorun and social engineering guide

We wrote several diaries about Conficker (or Downadup, depending on the AV tool you are using). F-Secure posted some interesting information about the number of infections which is almost certainly in millions (and who knows how many machines will stay infected as the owners will not even notice anything).

One of the reasons for infecting so many machines is that Conficker uses multiple infection vectors:

  1. It exploits the MS08-067 vulnerability,
  2. It brute forces Administrator passwords on local networks and spreads through ADMIN$ shares and finally
  3. It infects removable devices and network shares by creating a special autorun.inf file and dropping its own DLL on the device.

F-Secure also blogged about the autorun.inf file where they noticed that it contained a lot of garbage (about 60 kb of random binary data). This fooled some AV programs so they didn’t scan the device properly (otherwise, they would have picked up the referenced DLL also stored on the device).

After removing garbage, one can see a nice autorun.inf file containing all important keywords. This grabbed my attention:

[Autorun]

Action=Open folder to view files
Icon=%systemroot%\system32\shell32.dll,4
Shellexecute=.\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

So, as you can see, the first part, “Install or run program” is there because Vista detected an autorun.inf file containing the shellexecute keyword. However, the text comes from the Action keyword and the icon is extracted from shell32.dll (the 4th icon in the file) – and it’s the standard folder icon! This can easily fool a user in clicking this one and thinking it will open the USB stick in Windows Explorer instead of the second (the real one). The first option will run Conficker, of course. Very smart. For administrators among you, I would suggest that you disable AutoPlay in your environments, unless it’s really necessary. Depending on the environment you might even completely disable USB, if you don’t need it. The following article explain nicely how the AutoPlay feature works and how to disable it (http://technet.microsoft.com/en-us/magazine/2008.01.securitywatch.aspx). Or check this article on the Autorun registry key (http://support.microsoft.com/kb/953252). UPDATE – fixed a typo in the vulnerability, it is MS08-067 (not MS08-068) – Nick Brown sent a URL to his blog where he described another method for disabling Autorun by modifying the IniFileMapping registry key, see more at http://nick.brown.free.fr/blog/2007/10/memory-stick-worms.html

April 2, 2009 Posted by | social engineering | , , , , , , , , , , , | 1 Comment

New Conficker worm Alert

A GOVERNMENT information security watchdog has issued a warning to take precautions against a fast-mutating malicious computer program poised to strike on Wednesday. In a bulletin sent out on Monday, the Singapore Computer Emergency Response Team (SingCert) warned that the latest variant of the Conficker worm, known as Conficker.C, may ‘become active on April 1’. SingCert, a unit of technology sector regulator Infocomm Development Authority of Singapore, identifies information security threats and coordinates computer security responses to events like hacking attacks. Conficker targets computers running Microsoft Windows software, automatically jumping from an infected computer to another over a local network or by hitching a ride on a portable storage devices like USB-drives. Only computers that have not been updated with new security signatures are vulnerable. The worm is one of the more sophisticated such programs developed to date. Unlike earlier versions like 2004’s Sasser worm, which was easily found and subsequently de-wormed by a vigilant user, Conficker’s creator, who remains at large despite a US$250,000 (about S$380,000) bounty put up by Microsoft, regularly comes up with new and improved versions of the worm to foil such efforts. The newest variant, Conficker.C, the fourth incarnation of the worm since it was first discovered last year, disables security features like Microsoft Windows Automatic Update. One of Conficker’s key features is its ability to call up a ‘master computer’ via the Internet for directions, which is also present in its newest variant in a new and improved form. On Wednesday, Conficker.C infected computers will do just this, SingCert warned on Monday, although ‘the exact nature of the activity that will occur on that day is not known at this time.’ Since it was released last year, Conficker has claimed more than ten million victims worldwide, including computers used by the British Parliament. While definitive statistics of Conficker infections here are not available, at least 269 companies have been infected as at January, according to security company F-Secure. Visit SingCert’s website at http://www.singcert.org.sg for instructions on how to check if your computer is infected, and how to remove the worm.

March 31, 2009 Posted by | IT News, Security | Leave a comment

EliteTorrents Admin Sentenced to Prison

Daniel Dove is the first person ever to be convicted by a jury in the US for using BitTorrent to illegally distribute copyrighted material.

Several months ago I mentioned how 26yo Daniel Dove had become the eighth person to have been successfully targeted as part of the Department of Justice’s “Operation D-Elite,” which so far has resulted in the convictions of seven former leading members of the EliteTorrents BitTorrent tracker site. Fellow admins Scott McCausland, Grant Stanley, Sam Kuonen, and Scott Harvanek all plead guilty to similar copyright infringement charges rather than take their cases to trial.

On June 27th, 2008 a federal jury in Big Stone Gap, Va., convicted Dove, formerly of Clintwood, Va., on one count each of conspiracy and felony copyright infringement making him the first person ever to be convicted after a trial by jury in the US for using BitTorrent to engage in criminal copyright infringement. He faced as much as 10yrs in prison.

The jury was presented with evidence that Dove was an administrator of the site’s “Uploaders,” who were responsible for supplying pirated content to the group. The evidence showed that Dove recruited members who had very high-speed Internet connections, usually at least 50 times faster than a typical high-speed residential Internet connection, to become Uploaders. The evidence also showed that Dove operated a high-speed server, which he used to distribute pirated content to the Uploaders.

Acting Assistant Attorney General Matthew Friedrich then announced yesterday that he had been formally sentenced by U.S. District Court Judge James P. Jones to 18 months in prison for “…his role as a high-ranking administrator of a P2P Internet piracy group.” In addition, Dove was ordered to serve three years of supervised release and fined $20,000.

At its height, EliteTorrents attracted more than 125,000 members and distributed about 700 movies, which were downloaded a total of 1.1 million times.

http://www.zeropaid.com/news/9744/Elite … 2C000+Fine

March 28, 2009 Posted by | IT News | | Leave a comment

When to upgrade to Windows 7?

IT shops continue to hold off on Vista upgrades in favor of waiting for Windows 7, but individual corporate circumstances may require some action sooner rather than later.

Gartner Inc., the Stamford, Conn.-based consulting firm recently polled 166 of its US-based clients representing three million PCs, and just under 100 of its European-based clients representing just under one million PCs. Vista adoption continues its slow pace, with roughly half of respondents saying they will not upgrade or are making no plans either way.

In fact, by the end of 2008 only 6% of the organizations had started installing Vista. That’s about half of the number of organizations that had installed Windows 2000 by the same time in its evolution, said Michael Silver, a Gartner analyst and one of the report’s authors.

Only one-third of respondents said they would roll out Vista in 2009 in both North America and Europe.

Get thee off of XP

Skipping Vista does have its consequences. It means that IT shops with four or five-year hardware refresh cycles will have a truncated OS upgrade cycle as they move to Windows 7, Silver said.

Silver advises IT shops to at least move some end users off of XP. “We have a lot of clients that skip an OS and they call us up late in their OSes life,” he said. “They say, we can’t get off of Windows 2000 fast enough. We don’t have the budget and our applications don’t support it anymore.”

XP will only be supported with security fixes until April 2014 and it’s unlikely that most Windows 7 deployments will begin until 2011. A release candidate of Windows 7 is widely expected in September 2009, but it will take a while for third-party applications to support a new release, as is typical.

If IT shops start a Windows 7 deployment in early 2011 it means that, through regular attrition, it will be hard for them to get off XP before Microsoft ends support and the third-party vendors pulling back on their own XP support. Support for XP by third parties is expected to become a problem by 2012, Silver said.

Add Windows 7 to your budget on new and existing PCs for 2011 and 2012.

For IT shops interested in running hosted virtual desktops,  it’s better to run Windows XP on the same hardware than running Windows Vista because XP is less resource intensive and requires less disk space. The tools to manage hosted virtual machines are still in their infancy.

By the time Windows 7 becomes mainstream, virtual desktop infrastructure (VDI) and the management technology that supports VDI should be mature.

March 28, 2009 Posted by | Industry Best Practice, IT News, Technology | , , , , , | Leave a comment