So Sprint just published an official fact sheet for a U301 USB modem with support for both WiMAX and EV-DO -- it's not accompanied by any press release or product page on Sprint's online store, but we can only assume this means that a release is around the corner. Of course, the dual-mode capability alone doesn't set it apart -- the carrier's existing U300 model already handles those duties with aplomb -- but what seemingly sets the U301 apart is its support for Mac OS. We'd just as soon they'd release drivers for the U300, but failing that, alright, fine, we'll take a new modem. If we're sustaining over 3Mbps down, we'll take a lot of carrier and manufacturer abuse, actually.

Sprint puts out fact sheet for dual-mode U301 WiMAX modem, release imminent? originally appeared on Engadget on Sat, 19 Dec 2009 04:24:00 EST. Please see our terms for use of feeds.

Permalink   |  Sprint  | Email this | Comments

• You’ve Got A Date With FAIL, It’s On Your Google Calendar
• WhitePages Now Lets You Control Your Own Listings

A Facebook developer named Yvo Schapp has uncovered a massive security flaw present on both Facebook and MySpace that would give hackers the ability to steal all of your account data, including your photos, personal messages, and basically everything else you’ve ever put on the social networks, without you ever realizing it.

Schapp stumbled upon the exploit and contacted both Facebook and MySpace. According to his blog MySpace has since fixed the bug, and while his blog indicates that Facebook is still working on it we’ve confirmed that they’ve fixed it as well (we’re waiting on a statement from MySpace). So what exactly could the exploit do? From Schapp’s blog:

You don’t need much time to think of all the ways this could be exploited. All what has to happen is a active session, or a “auto login”-cookie and a URL which hosts a exploiting Flash file. For example when accessed, a automatic “post update” could be made, that would lure friends of the user to access the exploit URL, and the exploit would spread virally. An more invasive and hidden exploit could harvest all the users personal photo’s, data and messages to a central server without any trace, and there is no reason why this wouldn’t be happening already with both Facebook and MySpace data.

In other words, if you’ve ever checked that ‘remember me’ button on Facebook or MySpace’s login screen and have at any point viewed a Flash app taking advantage of the exploit, it’s possible that all of your data was compromised. You wouldn’t even have to neccesarily open anything — in Facebook’s case, if one of the infected items showed up in your News Feed you could have your data stolen without ever knowing it. Yeah, that’s pretty damn scary. For what it’s worth, Facebook gave us this statement:

The security of our users is a top priority for Facebook and we worked with the researcher who identified the issue to fix it. We have not received any reports that it was ever exploited.

Of course, Schapp pretty clearly writes that there’s no way for a user to tell if their data was harvested, so for all we know it could have been used by multiple developers for months or longer (Facebook is currently investigating how long the bug may have existed). Granted, Schapp could be the first developer to ever stumble across the exploit. But the potential of this bug is so huge — allowing a developer to mine all of the data for any user who accessed their app — that less honest developers may well have used the hack for their own benefit. Facebook has previously said that there are a whopping 300,000 developers building on its platform. And we’ve seen time and time again that some of those developers are not opposed to Black Hat tactics. MySpace has seen its own share of problems.

This is obviously bad news for both social networks, but Facebook in particular has long been heralded as the safer of the two, with its extensive privacy settings and authentic identities. Yet the site has repeatedly seen glitches in its security. Today’s bug is by far the worst vulnerability in recent memory.

The security vulnerability works by taking advantage of an oversight in a crossdomain.xml configuration file, which is used by Flash applets to determine if an application has permission to access data on that domain. The crossdomain.xml files at Facebook and MySpace were allowing any applet from any other domain to access data and the API. Combined with browsers keeping a record of your logged in session if you have checked ‘remember me’, the vulnerability means that an invisible Flash applet on any website you visit would be able to read out all your data and send it away somewhere else. For more on cross-domain requests and security, there is a write up explaining all the details.

If you’re interested in the nature of the exploit itself, head over to Schapp’s blog for a full description of how he stumbled on it.

Image by Lisanne!

Crunch Network: CrunchGear drool over the sexiest new gadgets and hardware.

• Zynga CEO Mark Pincus: “I Did Every Horrible Thing In The Book Just…
• WSJ: Facebook, MySpace & Others Share Identifying User Data With…

When was the last time you actually looked in the phone book to find someone’s number? For anyone under 40, the Web has already replaced the phone book with people search. But the listings are not always complete or up to date. One of the largest people directories online, WhitePages, is adding consumer-editing capabilities to make its people database more accurate.

You can now edit your entry, and control to some extent the information that is shown on the site. For instance, you can correct and update any addresses or phone numbers associated with your name. WhitePages also lets you hide your contact information and be contacted instead through WhitePages, which acts as a communication proxy on your behalf. (It forwards contact requests via email or text message).

Since the summer, WhitePages has allowed people to add their own listing, but now they can edit existing listings as well. The crowd-sourced approach is a little like JigSaw for sales contacts, except you are not supposed to edit anyone’s contact information but your own. In the future, WhitePages will allow you to add links to your Facebook, LinkedIn and other social network profiles as well.

This sets a good precedent. Companies that traffic in personal data on the Web should always let the people described by the data correct it amend it, or hide it if they choose. In the end, the Web will end up with much richer data, and consumers will feel like they can at least control what information is out there about them.

Crunch Network: CrunchGear drool over the sexiest new gadgets and hardware.

• You Know Where Else It’s Hard To Delete Your Account? Mahalo
• Social Gaming Execs Discuss Growth, Monetization, And The Future Of…

Imagine a small device that you wear on a necklace that takes photos every few seconds of whatever is around you, and records sound all day long. It has GPS and the ability to wirelessly upload the data to the cloud, where everything is date/time and geo stamped and the sound files are automatically transcribed and indexed. Photos of people, of course, would be automatically identified and tagged as well.

Imagine an entire lifetime recorded and searchable. Imagine if you could scroll and search through the lives of your ancestors.

Would you wear that device? I think I would. I can imagine that advances in hardware and batteries will soon make these as small as you like. And I can see them becoming as ubiquitous as wrist watches were in the last century. I see them becoming customized fashion statements.

Privacy disaster? You betcha.

But ten years ago we’d be horrified by what we nonchalantly share on Facebook and Twitter every day. I always imagine what a family in the 70s would think about all of their photo albums being posted on computers and available for the entire world to see. They’d be horrified, they couldn’t even imagine it. Heck, a life recorder is less of a privacy abandonment step forward than we’ve already taken with the Internet and electronic surveillance in general.

A Business Week article talks about a ten year old Microsoft project called SenseCam (more here) that is just such a device.

It’s clunky today and doesn’t do most of the things I mentioned in the first paragraph above. But a true life recorder that isn’t a fashion tragedy isn’t that far away.

In fact I’ve already spoken with one startup that has been working on a device like this for over a year now, and may go to market with it in 2010.

The hardware is actually not the biggest challenge. How it will be stored, transcribed, indexed and protected online is. It’s a massive amount of data that only a few companies (Microsoft, Google, Amazon) are equipped to really handle anytime soon.

But these devices are coming. And you have to decide if you’ll be one of the first or one of the last to use one.

Will you wear one? I will. Let us know in the poll below.

Would You Wear A Life Recorder?(survey software)

Crunch Network: MobileCrunch Mobile Gadgets and Applications, Delivered Daily.

• WhitePages Now Lets You Control Your Own Listings
• Massive Facebook and MySpace Flash Vulnerability Exposes User Data