Author: Sarah Perez

HipLogic is a new real-time, web-based platform intended as an alternative user interface for some mobile phones. Launching today, this free download currently delivers applications like Facebook, news, and Twitter to both Windows Mobile and Symbian devices with plans to offer an Android version of their software sometime in the future. Although both Microsoft and Nokia have their own mobile application stores, Hiplogic claims to provide a better, “more iPhone-like” experience than what’s currently available.

Sponsor

Mobile phone owners can download the HipLogic software from the company’s website or by visiting the mobile site from their phone’s web browser, m.hiplogic.com. The software works on Windows Mobile 6.0-6.5 platforms and Symbian S60 3rd and 5th editions, the software that powers a large number of Nokia handsets.

Once installed, HipLogic users can access the included free applications like Facebook, Twitter, CBS News and Sports, Entertainment Tonight, Disney, and WeatherBug as well as other various apps for monitoring news, finance information, and RSS feeds. As expected, the Facebook and Twitter applications allow for status updates, however they don’t appear to be as robust as the applications found in either the Windows Mobile or Nokia Ovi stores. Take the Facebook application, for example. The Windows Mobile version integrates with the phone’s camera for uploading of photos and videos. Nokia’s app does the same. HipLogic’s version, on the other hand, appears much more basic.

HipLogic, Before & After

In addition to the included applications, there’s also a HipLogic app store where even more applications are found, both free and paid. The software also works as an alternative web browser of sorts as users can pull up a search box with a click and perform Google searches without ever having to launch the phone’s browser.

Another App Store?

Given that some of the platforms HipLogic aims to support already offer their own application stores – and both Nokia and Windows Mobile allow background applications, too – it’s somewhat confusing as to what problem HipLogic is trying to solve here. While it’s true that HipLogic’s software is designed to provide real-time notifications, those notifications will only appear when the alternative HipLogic UI is running.

On the plus side, however, HipLogic does provide one single access point for all your apps. When you launch HipLogic, you can get to everything that’s been downloaded and when it’s closed, you return to your phone’s regular UI. And if the software, a JavaScript virtual machine platform, can be installed on more low-end “feature phones” in the future, it could indeed bring an iPhone-like app store to those who wouldn’t otherwise have access to mobile applications.

Discuss

A recently discovered security flaw in Twitter’s Flash-based website widget may have allowed attackers access to the login credentials of any Twitter user. According to Mike Bailey, an analyst at Foreground Security, the problem involves a known vulnerability in Adobe’s Flash programming language, the language used to code the Twitter widget. In response, Twitter has disabled the widget in question while they research the issue further.

Sponsor

Oddly enough, the vulnerability in question was initially discovered back in 2006, but many website operators have yet to address it says Bailey, according to a Reuters UK news story about the potential Twitter security hole. After analyzing Twitter’s website, Bailey says the site may have been open to attack from hackers attempting to exploit this particular security hole for over a year.

But the researcher doesn’t blame Adobe for the issue – the company informed programmers how to address the vulnerability years ago. Instead, this problem has to do with the “how the developers at Twitter, or whoever did this, built the Flash applications,” Bailey told a reporter at InternetNews.com.

According to a post on the Twitter Status blog, the company has exercised “an abundance of caution” in disabling access to the widget as they have not yet heard about any accounts being affected by the reported vulnerability. However, says Bailey, there’s no way of know if any users were ever impacted by the issue and, if so, how many. “That is one of the big scary things; if they are being attacked, there is almost no way to find out short of a very close examination of the server logs or client logs, which generally aren’t stored,” he said.

This is by no means the first security issue for the microblogging startup. The company has seen everything from DNS hijacking to the theft of corporate documents and even fell victim to a distributed denial-of-service attack which affected other social media properties on the web including LiveJournal and Facebook. Twitter users have also had their accounts hacked and have had to deal with the constant threat of internet malware posted to the site via shortened links. If anything, a news story about yet another Twitter security threat almost seems like a non-event these days, given how many issues the company has faced over the few short years they’ve been in operation. But considering current Twitter’s status as a piece of our modern-day’s communication infrastructure, it’s unnerving to hear about issues such as these…especially considering how this one in particular should have been addressed from the get-go.

Discuss

Developer Tobias Schneider has created an interesting proof-of-concept Flash runtime that allows Flash to work on the iPhone. The project, a JavaScript with SVG called “Gordon,” allows Flash files embedded in HTML to be viewed within the iPhone’s web browser Safari. Although this workaround to Apple’s restriction of Flash content on their ever-popular mobile device is a bit cumbersome and impractical for real-world use, it’s a geeky and fun project for developers who want to run Flash on the iPhone…just so they can say that they did so.

Sponsor

The Gordon project involves a JavaScript library which parses a SWF and renders some SWF1 tags. “It’s in the spirit of the previous ‘SVG in SWF’ work from Helen Triolo, Claus Wahlers, Brad Neuberg and others,” writes Adobe’s John Dowdell on his personal blog. Gordon renders “one file format in a runtime designed for a different file format,” he says.

In layman’s terms, this workaround lets Safari display Flash content…some Flash content…on the iPhone. But the process of enabling it to work requires quite a few modifications to the original Flash file. And while the concept is intriguing, anyone who actually bothered to use this on a live website would probably get criticized by users for killing the iPhone’s user’s battery – the script is a major CPU hog.

For obvious reasons, Adobe can’t officially sanction the project as a way to sneak Flash onto the iPhone where it’s currently prevented from running per Apple’s restrictions. However, they said applaud the interest and enthusiasm shown by their developer community and that this demonstration “shows the potential of what users want to be able to experience on the iPhone.” Still, they warn that the Gordon project “represents just a limited subset of what the Flash Player can do,” mentioning specifically that without the necessary codec support, you would not be able to playback videos. For example, you would not be able to playback FLV videos encoded using the On2 VP6 codec. You also might not be able to play back F4V content either, unless the H.264 encoded video could somehow be extracted and then played back in QuickTime on the iPhone outside of the application or website.

Whether or not Apple plans to ever lets a proper version of Flash run on the iPhone is still unknown. At one time, we heard that Adobe was working on an iPhone-only version of Flash, but as of yet nothing has surfaced in that regard. Abode’s current solution to the problem is a new release of their Flash Professional CS5 software which lets developers export their files as iPhone apps.

In the meantime, Flash developers interested in checking out the Gordon technology can view the demos hosted here or the source code here on github.

Discuss

Micello, one of the more exciting startups to debut at the most recent DEMO conference, is a mobile mapping solution that is basically “Google Maps for the indoors.” Where traditional mapping services show everything in the world outside, Micello’s goal is to map the world’s inside spaces – places like shopping malls, convention centers, retail stores, airports, college campuses, and more. Today, the company is launching its service by way of a mobile application for the iPhone and iPod Touch.

Sponsor

The free Micello application now delivers over 250 maps of shopping malls across the U.S. with more being daily. At launch time, the majority of those maps are within the San Francisco Bay area, but the company promised at DEMO that they would have over 5000 places mapped across the country by the end of 2010. However, for those in the supported locales, Micello’s free app is going to be a must-have.

The maps created by the company are geo-coded to the real world, allowing you to see their exact location as pins on a map in relation to other area landmarks and infrastructure like roads and parking lots. You can search for a particular indoor map using the included search box (for example, “IKEA”) or, once the map is loaded, search within the app for a particular section (for example, in IKEA you could search for “desks”).

Another great feature about Micello’s application is that the maps are cached for offline use. That’s useful for those wanting to save maps of their favorite spots for when they’re without a connection – in fact, Micello offers a “favorites” feature that does just that. Plus, it makes sense considering that cell phone reception is often poor to nonexistent when inside large structures. Without a signal, you could be out of luck if it wasn’t for this feature. Frequent fliers will also appreciate the app’s offline capabilities since they’ll be able to scope out the route to their next connection before the captain announces the use of portable gadgets is once again permitted.

Future Plans

For now, Micello is working on building out their map database but they soon plan to integrate other sorts of information within their application, too. Down the road, you’ll be able to see data like flight information when you’re in an airport map or a conference agenda when you’re browsing a map of a convention center. This is where Micello’s business model comes into play – the company could charge businesses and other organizations wanting to annotate their listings with additional information.

While Micello is only available as an iPhone application for now, the company plans on offering versions for other mobile applications in the future as well as a Facebook application. Those interested in trying the new service can download the mobile app from here (iTunes link).

Discuss

When Google announced an upgrade to their Google Docs service earlier this month, a company blog post also mentioned several third-party applications which can help make the transition to the online service easier. With these apps, you can transfer and synchronize your local files to Google Docs without having to upload them one-by-one. But which application is right for you?

We took a look at the options Google suggested and have summarized the features, drawbacks and pricing information below. In addition, we also reviewed one other application not specifically mentioned in the Google blog post that may be of use to those moving to the cloud-based service.

Sponsor

1. Memeo Connect for Google Apps

Memeo Connect is a desktop application available for both Mac and PC (XP and higher) which lets you view files on both your desktop and within Google Docs. In the software program, files and folders already online are downloaded to your computer. Local files not yet online can then be moved to the appropriate Google Docs folder via drag-and-drop. The service is relatively simple to use as it presents your documents in an easy-to-navigate window while also incorporating Google’s online features like starred files and shared folders.

One major drawback to Memeo Connect is that there’s no automatic synchronization option. That means you can’t monitor a local folder or folders for new files or changes and then have those documents seamlessly synced to Google’s online service. This feature should arrive in a future update, however, so don’t let its lack of inclusion be a deal breaker for you if the service fulfills all your other needs.

For personal users of Google Docs, the biggest drawback to Memeo is that the service is only available to users of Google Apps Premier edition, a business-level version of the service which also offers calendaring, groups, Web site creation tools, and video sharing to corporate users for $50 per user per year. Memeo Connect itself costs an additional $9/year.

2. Syncplicity

Syncplicity allows a Google Docs user the ability to access, manage, sync, share, and backup their files online. The downloadable software program seamlessly integrates with Windows Explorer for file management purposes. (The Mac software beta program was discontinued in July of last year but the company tells us they’re working on an entirely new version right now.) The Explorer integration is a decidedly helpful feature for those who don’t want to change the way they already work.

In addition, unlike Memeo Connect, automatic synchronization is possible. And that synchronization isn’t only with Google Docs – the software can also sync files to its own website as well as other computers running the Syncplicity software. That means your files are not only available on other machines, they’re backed up in multiple places online too. Another benefit to Syncplicity’s service is its “restore” feature which lets you undelete files using their Web application. Those accidentally deleted files are immediately restored to your PC’s hard drive with a click of a button.

Syncplicity is available in multiple versions for anyone using Google Docs. A free personal edition provides 2 GB of online storage for up to 2 computers while a $15/month personal edition offers 50 GB of storage for up to 5 computers. Businesses can sign up for a separate plan which starts at $45/month for 3 users and goes up from there.

3. Offisync

Offisync is a Microsoft Office plugin which integrates Google Docs directly within your Office software. (See our earlier review here). This is useful for those who only want to upload specific files to Google Docs instead of automatically syncing entire folders. Once installed, the plugin adds an additional menu to Office’s software (either Office 2003 or 2007) where you are provided with buttons which allow you to open, save, search, collaborate, and email your Google Docs files.

The software works on Windows PCs and is available for personal users of Google Docs or Google Apps. An Enterprise version provides the same functionality to business users by providing integration with Google’s website building software, Google Sites, a service which provides a simplified alternative to SharePoint.

With any one of the three tools above, you can easily transition from a desktop-based computing environment to one where your Office documents are created, managed, and maintained in the cloud. However, it’s important to note that Google Docs isn’t the only online office suite available. Companies like Zoho, Adobe, ThinkFree, and others also provide online alternatives to Microsoft Office. In addition, Microsoft itself recently launched its own Office Web Applications into beta.

If you’re a user of any of the programs mentioned here, let us know about your experiences. Would you recommend one program over another? Are there features you would like to see added? Share your thoughts in the comments below.

Discuss

Websense has just launched a new security suite for the web, a product called Defensio 2.0. The main selling point of this software is its ability to protect users from malicious content posted to their Facebook profiles. Using a combination of technologies which include a URL category blocker, a profanity filter, an executable file blocker, and a script blocker, users can configure what content can appear on their Facebook profiles or their public pages. In addition to offering Facebook security, Defensio offers blog protection, too, supporting a number of platforms including WordPress and Drupal.

Sponsor

A Facebook Application You Actually Need

Since Websense’s acquisition of Defensio a year ago, the company has been working on building this “next generation” product which originally functioned as a simple spam-blocking tool used by blogs. As before, the Defensio software uses Websense’s ThreatSeeker Network, a technology that incorporates both automated computer analysis and human intelligence to protect against web-based security threats in real-time.

Now Defensio is going beyond simply providing protection for various website and blogging platforms with their Facebook protection feature. This extra security operates by way of a Facebook application. When you sign up to try the new software, you give the product permission to access your profile in order to block malicious content as needed. Like any other Facebook app, installation is as simple as entering in your Facebook sign- on credentials and hitting “Allow” on a few pop-up windows.

Configuring Your Protection Level

From the software’s Account Management page, you can check or uncheck the type of content you want to restrict from being posted to Facebook or your blog. URLs can be blocked by category like Security (hacking, phishing, spyware, etc.), Legal Liabilities (adult material, gambling, etc.), and more, or the feature can be switched off altogether. You can further customize the protection by entering in keywords to block, just as is typically done with blog comment spam protection systems. You can also enable or disable an executable file blocker and a script blocker which prevents scripts and links to executable files from being posted to your Facebook profile.

Doing Business on Facebook? Take Note

While this system will obviously appeal to any Facebook user concerned with security, the real market for this type of software is with the companies that use Facebook for professional purposes. These days, everyone from major corporations to mom-and-pop shops have set up their own Facebook pages for marketing purposes. Facebook is even being used in place of traditional websites in some instances. Take, for example, the recent commercial for the upcoming movie “When in Rome.” Instead of referring you to a traditional URL like wheninrome-movie.com, the commercial touts the Facebook page: facebook.com/wheninrome as the only place to view the trailer and movie information online.

Clearly, big businesses have a lot to lose if malicious software or objectionable content made its way onto their Facebook pages. Besides the bad press involved with being the source of a malicious attack of some sort, the companies would suffer something even worse (at least in their opinion) – no one would visit their page. That will make the Defensio suite a very appealing option for many companies, no matter what the expense.

Pricing

For now, those interested in demoing the software can do so for free. The company website currently lists monthly pricing as starting at $5/month for less than 100,000 comments (or wall posts). That should suffice for those wanting to run the software for personal use. However, the real money is in the business licensing. Those with 100,000 to 300,000 comments are charged $15/month and those with over 300,000 comments must purchase enterprise licenses. Here, the first 3 licenses are $50/month with each additional license costing another $35. However, Websense admits that pricing levels may be adjusted after the beta period ends. While these rates are reasonable for the protection being offered, at this point Websense could practically charge anything they want since no other company is offering this sort of automated protection for Facebook profiles.

If you’re interested in testing the program yourself, you can sign up for a free trial here.

Discuss

In December, Facebook made a series of bold and controversial changes regarding the nature of its users’ privacy on the social networking site. The company once known for protecting privacy to the point of exclusivity (it began its days as a network for college kids only – no one else even had access), now seemingly wants to compete with more open social networks like the microblogging media darling Twitter.

Those of you who edited your privacy settings prior to December’s change have nothing to worry about – that is, assuming you elected to keep your personalized settings when prompted by Facebook’s “transition tool.” The tool, a dialog box explaining the changes, appeared at the top of Facebook homepages this past month with its own selection of recommended settings. Unfortunately, most Facebook users likely opted for the recommended settings without really understanding what they were agreeing to. If you did so, you may now be surprised to find that you inadvertently gave Facebook the right to publicize your private information including status updates, photos, and shared links.

Want to change things back? Read on to find out how.

Sponsor

1. Who Can See The Things You Share (Status Updates, Photo, Videos, etc.)

Probably the most critical of the “privacy” changes (yes, we mean those quotes sarcastically) was the change made to status updates. Although there’s now a button beneath the status update field that lets you select who can view any particular update, the new Facebook default for this setting is “Everyone.” And by everyone, they mean everyone.

If you accepted the new recommended settings then you voluntarily gave Facebook the right to share the information about the items you post with any user or application on the site. Depending on your search settings, you may have also given Facebook the right to share that information with search engines, too.

To change this setting back to something of a more private nature, do the following:

1. From your Profile page, hover your mouse over the Settings menu at the top right and click "Privacy Settings" from the list that appears.
2. Click “Profile Information” from the list of choices on the next page.
3. Scroll down to the setting “Posts by Me.” This encompasses anything you post, including status updates, links, notes, photos, and videos.
4. Change this setting using the drop-down box on the right. We recommend the “Only Friends” setting to ensure that only those people you’ve specifically added as a friend on the network can see the things you post.

2. Who Can See Your Personal Info

Facebook has a section of your profile called “personal info,” but it only includes your interests, activities, and favorites. Other arguably more personal information is not encompassed by the “personal info” setting on Facebook’s Privacy Settings page. That other information includes things like your birthday, your religious and political views, and your relationship status.

After last month’s privacy changes, Facebook set the new defaults for this other information to viewable by either “Everyone” (for family and relationships, aka relationship status) or to “Friends of Friends” (birthday, religious and political views). Depending on your own preferences, you can update each of these fields as you see fit. However, we would bet that many will want to set these to “Only Friends” as well. To do so:

1. From your Profile page, hover your mouse over the Settings menu at the top right and click "Privacy Settings" from the list that appears.
2. Click “Profile Information” from the list of choices on the next page.
3. The third, fourth, and fifth item listed on this page are as follows: “birthday,” “religious and political views,” and “family and relationship.” Locking down birthday to “Only Friends” is wise here, especially considering information such as this is often used in identity theft.
4. Depending on your own personal preferences, you may or may not feel comfortable sharing your relationship status and religious and political views with complete strangers. And keep in mind, any setting besides “Only Friends” is just that – a stranger. While “Friends of Friends” sounds innocuous enough, it refers to everyone your friends have added as friends, a large group containing hundreds if not thousands of people you don’t know. All it takes is one less-than-selective friend in your network to give an unsavory person access to this information.

3. What Google Can See – Keep Your Data Off the Search Engines

When you visit Facebook’s Search Settings page, a warning message pops up. Apparently, Facebook wants to clear the air about what info is being indexed by Google. The message reads:

There have been misleading rumors recently about Facebook indexing all your information on Google. This is not true. Facebook created public search listings in 2007 to enable people to search for your name and see a link to your Facebook profile. They will still only see a basic set of information.

While that may be true to a point, the second setting listed on this Search Settings page refers to exactly what you’re allowing Google to index. If the box next to “Allow” is checked, you’re giving search engines the ability to access and index any information you’ve marked as visible by “Everyone.” As you can see from the settings discussed above, if you had not made some changes to certain fields, you would be sharing quite a bit with the search engines…probably more information than you were comfortable with. To keep your data private and out of the search engines, do the following:

1. From your Profile page, hover your mouse over the Settings menu at the top right and click "Privacy Settings" from the list that appears.
2. Click “Search” from the list of choices on the next page.
3. Click “Close” on the pop-up message that appears.
4. On this page, uncheck the box labeled “Allow” next to the second setting “Public Search Results.” That keeps all your publicly shared information (items set to viewable by “Everyone”) out of the search engines. If you want to see what the end result looks like, click the “see preview” link in blue underneath this setting. 

Take 5 Minutes to Protect Your Privacy

While these three settings are, in our opinion, the most critical, they’re by no means the only privacy settings worth a look. In a previous article (written prior to December’s changes, so now out-of-date), we also looked at things like who can find you via Facebook’s own search, application security, and more.

While you may think these sorts of items aren’t worth your time now, the next time you lose out on a job because the HR manager viewed your questionable Facebook photos or saw something inappropriate a friend posted on your wall, you may have second thoughts. But why wait until something bad happens before you address the issue?

Considering that Facebook itself is no longer looking out for you, it’s time to be proactive about things and look out for yourself instead. Taking a few minutes to run through all the available privacy settings and educating yourself on what they mean could mean the world of difference to you at some later point…That is, unless you agree with Facebook in thinking that the world is becoming more open and therefore you should too.

Note: Other resources on Facebook’s latest changes worth reading include MakeUseOf’s 8 Steps Toward Regaining your Privacy, 17 steps to protect your privacy from Inside Facebook, the ACLU’s article examining the changes, and DotRights.org’s comprehensive analysis of the new settings. If you’re unhappy enough to protest Facebook’s privacy update, you can sign ACLU’s petition. The FTC is also looking into the matter thanks to a complaint filed by a coalition of privacy groups, led by the Electronic Privacy Information Center. You can add your voice to the list of complaints here.

Discuss

…Before the Mobile Website!

The White House announced the release of a new White House iPhone app via a late-night blog post on WhiteHouse.gov. Included in the mobile application are features like news items, photos, blog posts, videos, and even live video streaming. That’s right – live video. According to White House blogger Dave Cole, the app lets users watch public events like speeches and press briefings in real time using their mobile device. Next week’s State of the Union address by President Obama will kick off this effort, delivering live video of the speech to anyone running the free application on their Apple iPhone or iPod Touch.

Sponsor

The White House App

This downloadable mobile application (iTunes link) is the first of its kind to be released by the current administration… that is, unless you count the Obama campaign’s iPhone application, which offered mobilized access to campaign news, media and events prior to the election. The Obama administration is notable for the way it’s embraced technology, using everything from YouTube for weekly "fireside chats" to wikis for recruiting purposes. They even licensed the transition site Change.gov using Creative Commons, which allowed a company called Cerado the ability to translate the site into a Web-based iPhone application.

What’s most interesting about this new mobile effort is the fact that the iPhone application was launched prior to the mobile-ready version of WhiteHouse.gov’s website. While that effort is “coming soon,” says the blog post, it won’t be available in time for Obama’s next presidential address, and there are no details as to whether or not it will offer any sort of video features, much less live streaming.

Of course it’s important that the government’s efforts aren’t iPhone-only, but it’s clear that the Apple platform is an important part of the administration’s efforts to reach its constituents – especially the young, tech-savvy mobile users who some say helped Obama win the election.

Mobile Web’s Explosive Growth

Also of interest: The White House states that mobile Web use has grown over 100% in the last year in the U.S., and higher worldwide. That’s putting it mildly. Over the past year, we’ve heard from numerous companies and analyst firms regarding the explosive growth of the mobile web. For example, in spring of 2009, Opera reported a 157% increase in usage of their Opera Mini web browser and a 319% increase in year-over-year data traffic. AdMob released a report in October revealing a 19% increase year-over-year in iPhone/iPod Touch data traffic alone, and last month, analyst firm IDC predicted over a billion mobile web users by 2010. Ignoring the mobile masses at this point would be a mistake and it’s clear that the White House understands that. Notes the blog post: “this is just the first step for WhiteHouse.gov’s mobile platform.”

Discuss

According to the analysts at research firm Gartner, mobile application stores are expected to generate revenues of nearly $7 billion over the course of this year. That figure is a combination of the $6.2 billion spent purchasing the mobile applications themselves combined with an additional $.6 billion generated through advertising revenues from in-app ads. Not surprisingly, Apple dominates this market, accounting for 99.4% of the market as of last year, states the report.

Sponsor

Over the course of 2009, mobile application download revenue exceeded $4.2 billion, with eight out of every 10 apps downloaded offered free to end users, says Gartner. Going forward, the analysts predict mobile application stores’ revenue will grow to $29.5 billion by the end of 2013. That revenue, again, will be a combination of paid applications and free applications running ads.

3 Billion in Apple App Sales? Not Exactly

While we’re sure the general trend is correct as far as the growth of mobile application stores and Apple’s position as the market leader, we have to agree with the note that John Gruber recently made on his blog regarding these figures. He quotes a portion of the report where analyst Chris Foresman says:

Earlier this month, Apple announced that sales had topped 3 billion; that means iPhone users downloaded 2.5 billion apps in 2009 alone. Gartner’s figures show another 16 million apps that could come from other platform’s recently opened app stores, giving Apple at least 99.4 percent of all mobile apps sold for the year.

Gruber notes that Apple didn’t actually announce 3 billion in sales, they announced 3 billion downloads. In fact, you can see the original press release making this announcement here. Not only that, but another Gartner analyst Miguel Fontanez told us earlier this month that Apple, as a rule, does not disclose App Store revenues as a separate line item in their revenue reporting. That means that any estimation of Apple’s App Store sales are just that – an estimation.

Last week, in speaking with Peter Farago of Flurry analytics to calculate App Store piracy numbers, we determined that Apple had generated approximately $750 million in sales to date. That’s 3 billion downloads over the lifetime of the App Store with roughly 25% of them being paid downloads. In other words, if Gartner used the 3 billion to determine Apple’s position as the market share leader in sales, then their calculations would be off.

However, as Gruber also notes, if Gartner’s calculations are accurate regarding the other mobile platforms (16 million in app sales, they claim), then it’s clear that Apple still has the app store to beat… even if they don’t account for 99.4% of the market.

We don’t expect Apple’s dominant position to change anytime soon – the company has momentum. In November 2009, Apple announced they offer over 100,000 applications and by now that number has likely grown even more. However, other mobile application stores are growing quickly, too. Google’s Android marketplace, for example, with its open nature unhampered by any sort of bogged-down app review process, has now topped 20,000 applications as of December. The Android mobile operating system is growing in popularity, too (usage increased 3% over the past three months), meaning it will soon be a contender for a hefty slice of that the app store pie in years to come.

Discuss

On Saturday, an exclusive AP report told a story of an AT&T network glitch which allowed some mobile users the ability to login to other people’s Facebook accounts. Although according to the story only a handful of people were affected by this glitch, the security flaw could have “far reaching implications for everyone on the Internet,” wrote the reporter.

After reviewing the details of the incident, the “glitch” appears to be more of an issue with some misconfigured software at AT&T and less of an internet-wide security concern, as previously feared. That being said, the wireless company regarded the incident seriously and has taken measures to prevent similar issues from reoccurring in the future.

Sponsor

Users Logged into Wrong Facebook Accounts

In the AP story, a mother and her two daughters, all of whom are AT&T subscribers, logged into the social networking site Facebook using their mobile phones and found themselves with full access to strangers’ Facebook accounts. This was apparently caused by a routing error on AT&T’s part notes the article. In this modern-day equivalent of “crossed wires,” it seemed the wireless company had lost track of which users were which and had sent back the incorrect web pages to the users’ phones. It turns out that the women were not alone in experiencing these issues – other AT&T customers were affected as well. However, AT&T won’t say how many, only that the problem occurred in “a limited number of instances.” 

Over on the technology news website Slashdot, many speculated about the cause of incident, questioning whether it was a corrupted caching proxy at AT&T or a bug in the HTTP headers set by Facebook that instruct how a response should be cached, among other things. In other words, some weren’t taking it at face value that the problem was entirely AT&T’s fault, despite the fact that an AT&T spokesman claimed that the “network problem behind those episodes” was being fixed.

Server Software Error to Blame

A recent statement from AT&T now reveals a few more details about the problem and what they’re doing to address it. According to Michael Coe, the same AT&T spokesman cited in the AP article, the issue was caused by a “server software connectivity error” which impacted some wireless customers logging into Facebook using AT&T subscriber information. Facebook users who signed up for the service using their mobile phones are able to login to the site using the phone number and password created during the sign up process, Facebook states in a Q&A on their Help Site.

Although Facebook would not comment on the original story, AT&T reports that they did work with the social network in determining the cause of the problem. As it turns out, those affected were logging into Facebook using their AT&T phone numbers as opposed to a username/password combination. Typically, when a username and password is used, a cookie is stored on the mobile device. This small file retains a user’s login credentials, allowing them to access Facebook without having to re-enter their sign in information. When a cookie is not available, the subscriber information is sent to Facebook.com automatically. This is what had taken place in the reported incidents.

No More Logins Using Your Phone Number, Says AT&T

AT&T reports that they’ve now put additional “security measures” in place to prevent a reoccurrence of this issue but won’t elaborate on what precisely those measures involve. In addition, the wireless company states they are working with Facebook to disable the use of subscriber information as a method for automatic login. That means going forward, AT&T users will no longer be able to use their phone numbers as login credentials to access Facebook from their mobile devices. Only a username and password combination will be allowed.

Coe also notes that a similar incident occurred on a customer’s phone in Atlanta, referring to the incident involving the three women. In that case, a misdirected cookie was set on the phone. This is a slightly different issue from what’s described above as it does indeed hint at a routing problem where users are sent the wrong cookie. Although the problem is now resolved, AT&T has still not been able to determine what caused this particular issue. However, the possible routing issue behind this one incident (AT&T could only isolate the problem to one of the three women’s phones) does not appear to be the cause of the other problems. While still somewhat disturbing, especially since the cause is unknown, this singular occurrence does not merit worrying about any “far-reaching,” internet-wide consequences as implied by the original article.

Discuss

According to new data from ChangeWave Research, both usage and consumer sentiment towards Google’s mobile operating system Android has increased over the past several months. As of December 2009, the research firm’s survey shows that 4% of all smartphone owners now use a phone running some version of the Android OS. That’s an increase of 200% since the previous survey released in September.

Sponsor

Respondents were also asked about their plans to purchase a smartphone in the future. Among those who planned to purchase within the next 90 days, 21% said they would now choose Android. In September, that figure was only 6%. At that time, Android was tied with Palm as the least-preferred mobile operating system but by December’s survey, it became the second-most preferred. (Palm, sadly, has dropped to least-preferred).

Apparently, some of Android’s growth has come at the expense of the iPhone. While still the most popular mobile OS to date, those saying they would prefer to own the Apple device over any other smartphone dropped from 32% to 28% over the past three months (September – November 2009). However, Apple’s overall share of the market has increased one percentage point to 31%, notes the survey. Research in Motion (makers of Blackberry phones) retains a 39% share and Palm has slipped to a 6% share.

While this seems like promising news for Android, let’s not forget the recent figures regarding sales of the Nexus One, Google’s self-sold Android smartphone. Once positioned as a potential “iPhone killer,” the N1’s first week sales fell short of expectations with just 20,000 sold since its January 5th launch date. So while consumer sentiment may be on the rise regarding the Android OS, the mobile OS still has quite a ways to go before it catches up with the iPhone 3GS (which, incidentally, sold 1.6 million devices in its first week).

However, positioning the N1 against the iPhone isn’t really a valid comparison -the N1 is only one of many Android handsets on the market today. Other Android-enabled phones like the myTouch 3G and the Droid also have significant and growing install bases. Combined, the overall marketshare for Android is on the rise. This growth is benefitting both Motorola and HTC, each who offer a version of the Droid smartphone. (HTC is also the maker of the N1). Since September, Motorola has increased 12 percentage points in terms of future buying, the first increase ChangeWave Research has seen for the company in three years. HTC has also increased from 5% to 9% in the same time frame, a change prompted both by the N1 release and the November release of the Droid Eris model.

Discuss

According to Amit Singhal, a Google Fellow involved in Google’s real-time search efforts, the way the company ranks Twitter updates in its search results is “definitely, definitely” more than a popularity contest. This quote came during an interview with MIT’s Technology Review where Singhal stressed Google’s focus on a Twitter user’s overall reputation as a ranking measurement as opposed to simply tallying follower counts. That being said, it still sounds as if Google rewards Twitter’s more popular users – that is, the heavily followed accounts on the service. Not only do these accounts have more value than many others, they have a lot of power, too. According to Singhal, when a popular user follows someone else, that other person’s reputation increases as well.

Sponsor

Based on this news, it sounds like racking up follower counts may soon fade as a mechanism for ranking a Twitter user’s popularity. That seems smart since so many followers these days are spammers, bots and other shady marketing types hoping for a return follow. Similar to how spammers send out thousands of emails hoping to get that small percentage of responses that makes their efforts worthwhile, Twitter spammers blindly following thousands, too, in order to increase their own follower numbers.

In addition, a select number of Twitter accounts have been rewarded with followers by way of Twitter’s suggested user list. This list, presented at registration to the site’s new users, offers suggestions of popular Twitter accounts to follow. This heavily debated feature remains controversial since it bestows a large number of followers on those fortunate enough to make the list. However, the list isn’t based on any impartial algorithm but is editorially selected by Twitter company employees instead. (Disclosure: ReadWriteWeb’s Twitter account is included on this list). Despite reports that many of these followers are of little value – they don’t tend to engage and respond to tweets the way an organic follower would – it’s still somewhat of a boasting point for some who use their follower count to prove their social worthiness and popularity.

Granted, Singhal doesn’t come out and say how exactly Google’s algorithm is rewarding these heavily followed users with better rankings in the new real-time search results, only that you earn reputation if “lots of people follow you.” Those popular Twitter users can then help increase other users’ reputation by following them. And even if that new user being followed doesn’t have a high follower count of their own, their reputation increases through association.

We hope that looking at follower counts is only a part of Google’s overall ranking mechanism. A company as savvy as it is has surely learned a thing or two about ranking algorithm. But as with their PageRank technology for ranking web pages, details on their Twitter ranking algorithm is probably not something it plans on revealing anytime soon.

Discuss

Earlier this week, Facebook and security company McAfee announced a partnership which offers Facebook’s 350 million users a free six-month subscription to McAfee’s security software. Interested parties can visit the Protect Your PC tab on the McAfee Page on Facebook to sign up for the deal. However, the most interesting part of this new partnership isn’t the online coupon, it’s the drastic change Facebook is taking to protect its network involving required virus scanning of user PCs. As of now, users whose accounts have been compromised won’t be permitted to log back into Facebook until their PC is scanned for malware and the infections are removed. Is Facebook overstepping its role by getting into the virus-scanning game? Or is this new move a brilliant strategy that will help make Facebook a safer place?

Sponsor

Virus Scanning Now Required Prior to Login for Infected Computers

In a related blog post, Facebook’s Jake Brill notes that one of the company’s biggest challenges is helping people whose accounts have been compromised by spammers. Users who have had their accounts hijacked are now being identified and are temporarily locked out from logging into the social network until they complete a verification process. Facebook sends the affected user an email to verify that they are the legitimate owner of the account. Unfortunately, most hackers are savvy enough to change the email address and security question after compromising your account, which means many users will still have to contact Facebook support.

A better solution, as it turns out, is to make sure that users’ PCs are protected before they ever log in to the site. This way, Facebook can be sure that there isn’t any malicious software running on the user’s computer. Since many hackers are able to spread their malware on Facebook by way of an infected user’s computer, this new process assures that only clean, uncompromised computers are able to access Facebook.

While Facebook isn’t running a scan on all PCs (yet!), the idea to run scans prior to granting access is one that comes from the world of business networks. Most companies that allow remote access to their internal systems either by way of a VPN, Wi-Fi, or an intranet site often also have security measures in place to verify that users accessing their network have malware-free computers. It’s not unusual for companies to run a scan as part of the user-account-verification process prior to login to check the computer for viruses and other malware, and to make sure that the computer is running the appropriate version of the company’s security software.

Thanks to Facebook’s new partnership with McAfee, the company is basically doing the same thing businesses have done for years. However, unlike corporate networks, only Facebook accounts that have been compromised will be subjected to a scan prior to login.

Is Virus Scanning Facebook’s Job?

Obviously, the goal with this new policy is to protect Facebook users. Even one infected machine can have a ripple affect on the network as the hacker or spammer spreads their malware across the site through the compromised account. Still, some people may feel that Facebook is overstepping its role by requiring users to grant the company (by way of McAfee) the ability to download and run code on their machine which scans all the files stored on their hard drive. We would argue that those backing this argument may be just a little too sensitive to privacy concerns, but that’s a matter of personal opinion.

A more valid point may be the fact that users are required to use McAfee software as opposed to their own already installed and configured security suite. (In truth, McAfee runs a web scan on your machine but like any web-based virus scan, code is downloaded and installed on your machine.) Unfortunately, current anti-malware programs have no mechanisms that can report to a website about the status of a user’s machine – that is, whether or not it’s infected or clean. Maybe it’s time that they should?

A third opinion (and frankly, the one this author can get behind) is that this policy change is, in fact, a brilliant move by the company. No other social-networking service goes so far as to verify its users are entering their site with clean, virus-free PCs. And since Facebook is only scanning previously compromised computers, one could argue that it’s actually doing these users a favor. Despite years of warnings, a surprising number of Windows users still don’t run anti-virus programs on their computers. (Macs and Linux have less issues with malware – whether that has more to do with their inherently more secure nature or the unappealing small size of their install base is constantly debated). The problem has become so bad over the years that Microsoft finally released a free anti-virus program called Security Essentials which is available to anyone running a legal copy of Windows.

Requiring this subset of uninformed users to shape up or stay out will certainly help the social network stay safer for the rest of its users. Nevertheless, cynics may wonder how much of Facebook’s decision was truly done in the name of security and how much was simply a desire to take part in what’s likely a very lucrative deal with McAfee. The security company is the other big winner here – it now gets its name in front of hundreds of millions of Facebook users, specifically the ones who need their help the most. Talk about targeted advertising!

It should be interesting to see how big of an impact this policy change has on the safety and security of the social network over time. Assuming it has a notable impact, we may even see other social networks and online communities take the same measures in the future. Whether that would a good thing for the Internet as a whole is still open for debate.

Discuss

An iPhone application released this week from a company called i-Doodz tracks those who have “defriended” you on the social networking site Facebook. Defriended, as the app is called, takes its name from the slang word that means “to remove from one’s list of friends (e.g. on a social networking site)”, according to Wikitionary, an open content dictionary that operates like Wikipedia for words.

The Defriended app gives you an easy way to track these defriending events since Facebook itself doesn’t provide this feature – or at least that’s what the app did until Facebook blocked its operation. Apparently, the social network thinks defriending should be a private matter. As of now, the app is no longer available for download in the App Store.

Sponsor

The way Defriended works – or rather, the way it used to work – was simple. Each time you launched the app, it would scan your Facebook friend list and compare that scan to the previous one. Any friends that went missing between scans were listed.

Unfortunately, the little side project created by an i-Doodz developer was in violation of Facebook’s platform developer agreement. In section 2, Facebook warns developers that they may not circumvent the company’s “intended limitations” on core Facebook features. Specifically, it reads: “you must not notify a user that someone has removed the user as a friend.” In other words, Facebook doesn’t want you to know who doesn’t want to be your friend.

Today, a message on the i-Doodz site states:

Last week our developer was bored one evening, had an idea, and a few hours later uploaded the "defriended" iPhone app. it unexpectedly got a lot of attention, then subsequently Facebook blocked the app, causing it to stop working. We will be looking at how feasible it is to make the app work without a corresponding facebook app, but in the meantime if you’ve bought the app you should ask apple for a refund – and please do…we don’t really want to get money for an app you paid for and that doesn’t work. We apologise for the inconvenience.

Tracking Defriending Events – A Bad Idea

We suppose that if you were notified every time someone removed you as a friend, you might get angry or hurt – feelings Facebook wouldn’t want you to associate with their site. After all, social networking is supposed to be about making connections, not ending them… or is it? Even worse, you might contact the person doing the defriending and ask them, “Why?” This may force them to re-add you out of social politeness when really they had no longer wanted to retain the connection.

Although it seems like a petty move to block Defriender from operating, it makes sense. Social networking connections are meant to mirror our real life friendships… at least that’s what Facebook thinks. As two people go their separate ways in life, friendships fade. They’re meant to. Very few people maintain a meaningful relationship with everyone they’ve ever met and became friends with throughout their life. In fact, if you tried to do so, it would be overwhelming. So while it may be nice to catch up with your best friend from junior high or your old college roommate via Facebook, after some time – and very little interaction after the first “How have you been?” – those connections should be able to fade away again… just like they did in real life.

Even though Facebook doesn’t alert users now when they’ve be defriended, the decision to thin the list is still a bit uncomfortable for some people. What if they notice?! Chances are, if you haven’t communicated with the person in months on end, they won’t. We promise. Still, to avoid the whole messy defriending situation in the first place, the best method is to simply not accept the friend request to begin with. That’s what the “ignore” button is for.

However, if you slipped up and have contaminated your News Feed with these non-friends, it’s time to remove them. An article in the New York Times from January 2009 suggested that proper Facebook friend etiquette involved culling your friend list once per year to remove “total strangers and other hangers-on.” (We think heavy Facebook users may need to do that a little more often.) The article, an examination of our new social morals, shows how the act of defriending is just as much a part of social networking as the initial friending request is. Tracking these events via an iPhone app or any other service would be an unnecessary – and potentially painful – process. Let’s let the defriending continue quietly… the way it was intended to be.

(Image credit: geek.com)

Discuss

According to an independent analysis performed by investment-watching blog 24/7 Wall St., Apple’s iTunes App Store has lost $450 million due to iPhone app piracy since it opened for business back in July of 2008. Although that number sounds high, they note it is small in comparison to the overall size of the App Store marketplace and the millions it generates in revenue each quarter – revenue that ranges from $60 million to $110 million according to previous estimates from a Bernstein analyst report cited in 24/7 Wall St.’s post.

However, in order to generate the $450 million figure, the author of the post uses some questionable back-of-the-envelope calculations that raise some flags. Our sources say that the real number is closer to $15 million to $20 million instead.

Sponsor

Piracy: Not Even a Big Issue

The reason why App Store piracy isn’t as rampant as it could be is simple: Most people don’t bother to jailbreak their iPhones, the first step to gaining access to tools that allow for pirated app downloads. However, keep in mind that jailbreaking isn’t done just for purpose of pirating applications. Thanks to a now-easier-than-ever process for jailbreaking, iPhone owners can choose from a number of software programs that automate the advanced hacking required to gain control over the device. Once jailbroken, you can install all sorts of unauthorized third-party applications to your phone via unofficial app store likes Cydia or Icy. Last year, we looked at a number of reasons why you would want to jailbreak by listing some of the better jailbroken apps, including one that turns your iPhone into a modem, a themeing app called Winterboard, and multiple apps that bring video to the video-less iPhone 3G. But let’s be honest. A good many jailbreakers are hacking their phones to gain access to apps they don’t want to pay for.

In October of 2009, mobile analytics firm Pinch Media dispelled some of the myths about App Store piracy. Most notably, they found that “try before you buy” as a reason for pirating apps was a myth. That’s referring to the claim made by the jailbreaking community that one of the main reasons they pirate apps are because the App Store doesn’t offer trial periods for paid applications. If the developers themselves don’t offer a free “lite” version of the app, there’s no way to tell if the app is going to be worth the price, claim the jailbreakers. But Pinch Media revealed this desire to demo apps was just an excuse. After tracking the jailbroken app ecosystem for many months, the company found that the conversion rate is only 0.43% for pirate-to-paid apps. In other words, the pirates aren’t trying and buying later. They’re just trying and trying and trying.

That can be bad news for some developers. 24/7 Wall St.’s report references developers like Neptune Interactive Inc. and Smells Like Donkey Inc. who each have apps with 90% piracy rates. Another developer, Web Scout Inc., sees a 75% piracy rate for a $.99 game and Fish Labs sees a 95% piracy rate for a $7 game. This seems to show that piracy rates increase with app prices. For example, notes the report, expensive apps like TomTom’s $79.99 GPS program and its Garmin counterpart are found all over file-sharing sites like thepiratebay.com.

However, piracy shouldn’t really be a major concern for developers, no matter what the rate. In fact, after the merger of mobile analytics firms Pinch Media and Flurry, they’re even considering doing away with the piracy-tracking feature due to lack of use among developers. Flurry’s VP of Marketing, Peter Farago, tells us that most of their customers (the developers using the service) are from developed economies like the U.S., Canada and Western Europe. It’s outside of these countries where the majority of piracy takes place, as they noted in a report last year. In these less developed economies, developers aren’t actually losing sales to pirates – those illegal downloads would have likely never been purchases anyway.

$450 Million?

The $450 million figure cited in the report was based on an average piracy rate of 75% per paid app – or three pirated downloads for every one. With 510 million paid app downloads, the number of pirated app downloads is 1.53 billion. With an average price of $3 per app, that would lead to $4.59 billion in losses for both developers and Apple combined. Since most pirates wouldn’t have paid for the apps anyway, the estimated 10% who would have paid brings the figure to $459 million in lost revenue.

Is that fuzzy math? Well, the calculations do make a lot of assumptions to reach the final result. For example, the 510 million is an assumption based on analyzing Berstein’s report, but Pinch Media’s own analysis from October 2009 claimed that number is closer to 610 million. Today they’re saying it’s more like 750 million (3 billion paid downloads over the lifetime of the store, with roughly 25% paid).

Also, using average numbers like the 75% piracy rate and the average price of $3-per-app aren’t going to be anywhere near as accurate as an actual app-by-app review would be. And as Mashable notes, the 75% piracy rate may be accurate for games, but other paid applications are likely to have a much lower rate.

Finally, the 10% who would, in theory, go buy the app later might be an overly generous estimate. Pinch Media found that only one in 14 would do so.

More Like $15 Million

Farago did a little back-of-the-envelope calculations of his own this morning and found the $450 million to be excessively high. With 3 billion downloads over the lifetime of the App Store with 25% paid, that’s 750 million paid downloads. At an average price of $3 per app (the one figure he agrees with in the 24/7 Wall St. report), you’re looking at 2.25 billion in gross revenue. Developers get to keep 70% of that, or 1.6 billion (approx.). But the blog post is asserting that lost revenues from pirated apps are about a third as large? That sounds suspicious. Extrapolating from these figures, even if as much as 10% of the iPhone-owning community were pirates shopping at an alternative app store, we would be talking $160 million in lost revenue (10% of 1.6 billion), not $450 million. A 10% piracy rate is probably not even accurate, though – it’s too high. Farago says they’ve found the rate to be closer to less than 1% in reality. However, since these are rough estimates, he states that Flurry would say the number is more likely to be in the range of $15 million to $30 million at the most – a number much, much lower than what the 24/7 Wall St. blog claims.

In the end, piracy shouldn’t even be that much of an issue for developers. It seems that ever since the launch of P2P networks for file-sharing, everyone from record executives to movie moguls have claimed that piracy is killing their respective industries. But is it really? Those pirated downloads don’t necessarily represent actual lost sales. Without a way to download these things for free, they would have simply never been purchased in the first place (for the most part, that is). The same holds true for app sales. Developers should focus on increasing sales among the user base that is paying by making the app worth the money, updating it with new features and marketing it effectively. Mooning over the lost revenue – be it $15 million or $450 million – won’t help.

Discuss

More sources are now claiming the Chinese government is behind the recent cyberattacks against Google and 33 other Silicon Valley companies, reports security firm Verisign iDefense. The attacks, revealed yesterday via a posting on Google’s official blog, were hacking attempts on the technology infrastructure of Google and other major corporations in sectors that included finance, technology, media and chemical, said Dave Girouard, president of Google Enterprise.

Although Google’s politely-worded blog post doesn’t come out and directly blame the Chinese government for these attacks, many have suspected that is the case, including, apparently, Secretary of State Hillary Clinton. Now even more sources are coming out to confirm the Chinese government’s involvement. According to Verisign, their sources within the defense-contracting and intelligence-consulting communities also believe “agents of the Chinese state or proxies thereof” are to blame for these recent attacks.

Sponsor

About the Attacks

Google has stated that the attackers unsuccessfully attempted to access the Gmail accounts of Chinese human rights activists. However, only two Gmail accounts were accessed and only account information and the email subject lines were seen, not the content of the emails themselves. The company also said that at least 20 other large companies were attacked as well. Now Verisign reports that number is 33.

In light of these attacks, Google boldly declared they are reconsidering their decision to do business in China – a surprising turn for the Internet giant who once claimed that operating in China didn’t violate the company’s motto, “Don’t be evil,” despite the fact that it required censoring search results according to the Chinese government’s wishes. That controversial act, though hotly debated at the time, was not all that surprising. Many Western firms ultimately have to cave in to Chinese demands in order to gain access to the 300 million plus Internet users the country holds. Google, for all their proclaimed high ideals, appeared to be no exception.

Until now.

The company has changed its course, stating that they will no longer censor the search results for their Chinese portal google.cn, launched in 2006 with the lofty goal of providing reliable access to information, albeit filtered information, for millions of Chinese citizens. Google is leaving the next move up to the Chinese government. If officials do not accept Google’s decision to provide unfiltered information, Google says they will have to withdraw from the country.

Policy Change Hints at Government Involvement in Attacks

So what has changed between then and now? The Chinese government hasn’t altered their position on Internet censorship, nor have they asked Google to make any changes to the agreement already in place. Many immediately suspected that the sole reason for Google’s decision has to do with the attacks themselves – attacks that hint at government involvement.

According to Verisign’s sources, that does appear to be the case. The company says they’ve confirmed with two independent sources that both the source IPs and drop server (the server used to host malicious code and store the stolen files) of the attack correspond to a single foreign entity consisting of either agents of the Chinese state or those acting on their behalf.

Verisign also notes that these recent attacks resemble a similar July 2009 incident against 100 or so IT-focused companies. At that time, the hacks involved an emailed PDF file that contained an unpatched Adobe Reader vulnerability, which allowed the attackers to deliver the malicious code. That vulnerability remained unpatched until just yesterday, notes Rick Howard, director of security intelligence for VeriSign iDefense.

While July’s attacks were detected early and were largely uneventful, December’s attacks did find some success. In addition, these same sources claim that the files in both cases share similar characteristics. For example, both attacks used a backdoor Trojan in the form of a Windows DLL, and both share two similar hosts for the command-and-control (C&C) communication. In layman’s terms, if the cyberattack was a ground assault during a war, the C&C would be the general barking out the orders. Also in both incidents, the IP addresses used for C&C are in the same subnet and only six addresses apart from each other. That means both attacks are likely to have been instigated by the same entity and may imply that the recent victims’ technology infrastructure has been compromised since July.

While none of these findings are a true smoking gun pointing to the Chinese government, it is believed that China encourages their hacker community to attack foreign entities while publicly denying any involvement in such attacks. That may be the case now. Or it could be that this time, the attacks are not just being state-permitted, they’re being state-directed.

Discuss