Hillary Clinton for Secretary of State?

“Hillary Clinton poised to accept a position as our next secretary of state,” FOX News host Jon Scott reported Friday. Words that I’m sure sent FOX viewers into convulsions. But I’m guessing that even non-FOX viewers have to be wondering if America’s up for a command performance of the rolling Clinton soap opera.

Hillary Clinton Fulfilling Her Domestic Duties

Hillary Clinton Fulfilling Her Domestic Duties

So, what do you think? Is Fox News off-based here by purporting to have their fingers on the pulse of  theAmerican public?

Complete Story

Facebook won $873 million judgment

SAN FRANCISCO (AP) — Facebook has won $873 million judgment against a Canadian man who bombarded the popular online hangout with sexually explicit ”spam’‘ messages.

The victory, sealed with a judge’s order issued last Friday, probably won’t yield a windfall for privately held Facebook Inc., whose revenue this year is expected to range between $250 million to $300 million.

Court records indicate the alleged spammer, Adam Guerbuez of Montreal, has been difficult to find since Facebook sued him four months ago.

Complete Article

Gmail Hack Found. Who’s Stealing Your Domain?

Gmail Hack: A Route to Domain Theft?

From: Mashable.com  November 23, 2008 – 5:03 pm PDT – by Paul Glazowski

Google’s Gmail service has lots prices of fans, but it may also be the cause of a number of domain name thefts in recent weeks.

Attacker Creates a Gmail Filter

According to a proof of concept by Geek Condition, there is a security flaw in Gmail that allows an attacker to forward GoDaddy account reset information to the offending party unbeknownst by the victim. This is done by creating a filter that forwards GoDaddy’s “change of password” mail to the attacker and deletes it from your inbox.

Such acts have been documented three times already this month.

How Your Account is Compromised

But surely in order to set up a Gmail filter and redirect your mail, the attacker needs your Gmail password? Not so, it would seem.

When setting up a filter for your mail, a request is sent to Google containing two key variables: a Unique Account Identifier, and a Session Authorization Key. The Unique Account Identifier never changes, and while the author of the proof declines to explain how it is obtained, he claims the answer can be found via a web search.

Meanwhile, the Session Authorization Key is found by directing a Gmail user to a page containing a malicious script: this grabs the cookie “GMAIL_AT” which includes the Session Authorization key. Once obtained, the required variables are entered into a hidden iframe to create a filter on your account. And…voila…your password reset mails are now being sent elsewhere.

The Fix

For Gmail users, Geek Condition suggests checking your Gmail account for filters you did not create, and (for Firefox users only) installing the NoScript addon.

The fix for Gmail? They might want to make the Session Authorization Key expire after every request, rather than every session.