Blackhacker

Coming off a disaterious IPO, Vonage must now defend itself in a Patent suit from Verizon.

This seems to jive with what Bobby X, has talked about in is latest column, where he feels that the whole Net neutrality debate, at least from the Telecoms POV is all about VOIP. I would tend to agree, that for the moment, the Telecoms, appose Net Neutrality because they they want to protect their businesses from these VOIP upstarts, and the success of VOIP really depends on the amount and quality of consistent bandwidth. I also believe that if not stopped hear the Telecoms won’t stop. The next logical service to hijack would be VOD.

PS:
That Bobby X link also has his thoughts on Bill Gates stepping down from duties at Microsoft. A good read for anyone who wishes to understand the inner working of Microsoft.

Netcraft: PayPal Security Flaw allows Identity Theft
A security flaw in the PayPal web site is being actively exploited by fraudsters to steal credit card numbers and other personal information belonging to PayPal users. The issue was reported to Netcraft today via our anti-phishing toolbar.

The scam works quite convincingly, by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal; however, some of the content on the page has been modified by the fraudsters via a cross-site scripting technique (XSS).

Paypal has fixed the flaw that allowed the exploit. This type of exploit is called a Cross-Site Scripting(XSS) attack. The link will lead you to a very technical page which just means that, a web application is taking user information without validating and URL decoding the input. If it is not properly validated and decoded it could be malicious. The app then uses the potentially malicious data to build another web page. A fraudster would then find someway to trick you into accessing this new page. Usually using a technique called phishing, sending a fraudulent email made to appear that it is coming from a site that you normally do business with, like Paypal, or a bank. The fraudster could could then trick your web browser to redirecting you to his own site(if you are no paying attention), usually designed to look like the site you wanted to access. Where you would enter user name, password, or any other personal info he can trick you into entering.