This is what tech folk at RIAA, the “Famous” Recording Industry Association of America, been facing for the past few days.
Apparently, some geeks found out that RIAA’s main web site is powered by an older version of Exponent Content Management System (CMS). This version of the CMS contains many vulnerabilities including “SQL Injection”. As soon as this piece of information is realeased through posts on Reddit, some “happy” people started to “experiment” around the exploit. Eventually, the site was brought down and some hacker made the site to link to popular pirate sites like Pirate Bay.
As we all know, the worst of the worst bug to have on a public serviced web site is “SQL Injection”, especially if the site’s database stores high sensitive information. In this case, I doubted that RIAA had anything valuable to anyone.
This all goes back to the hot topic of “Security”. Rule number one: treat every visitor as if he/she is evil. Apparently to RIAA, only single Mom and poor college students who jack a couple mp3s are evil. Like one of the comments on Reddit points out:
I guess that’s the kind of thing you get when you hire more lawyers than programmers.
Of course RIAA has restored their site. But to replace with another version of CMS or a different solution might take while. So be aware, it will go down at any moment again.
Looking back at 2007, it was definitely an interesting and exciting year. Here are a few highlights (the ones i can remember at least)
Release of Mac OSX Leopard
Adobe AIR
Adobe Flex Chart 2
Aptana Reached v.1.0
jQuery and Prototype both released its own official book
Gmail got a total face lift on the core
Google released many new applications (too many to list)
Microsoft SilverLight
IE8 was finally announced
Now 2008 is here, it’s going to be another interesting year again. Here are the stuff that are on my watch list (besides BeiJin Olympics - WooHoo):
Internet Explorer 8 - some sort of beta and crossing my fingers that it will be released
Firefox 3
HTML 5 - not that i’m over predicting, but looking at the WebKit’s advanced movements on HTML 5 implementation, we might just have a chance of having it here earlier.
Google Knol - yes, the wiki
Other Google applications
Adobe AIR - hopefully it gets out of beta
SilverLight - not a fan, but interesting to see how it will act this year
ECMAScript 4
WebKit
Okay, i just figured the list can go on and on and i can possibility put everything here, which is what makes 2008 interesting.
I’m going to take this chance to thank everyone who has read my blog in 2007. Although I have been doing a pretty lousy job of keep it updating everyday, but I truly thank everyone whether you were just passing by, bookmarked it, or left a comment. Let’s all have a happy 2008. Cheers everyone!
I was on a business trip last week in China and now I’m finally back to the states. Some of you might have noticed the lack of posts for the past few days. I’m going to make up for those as soon as i’m recovered from the stupid jet lag.
Over 200 European Web sites selling airline tickets, including many run by leading airlines, are misleading to consumers and will be shut down if they do not improve, the European Union’s consumer chief said on Wednesday. Consumer Protection Commissioner Meglena Kuneva gave airlines such as Ryanair and the owners of the other travel Web sites four months to “get their act together” or face possible closure of their sites.
I don’t think aireline websites are the only ones out there that are misleading and are far freaking behind. Look at the real estate websites in the states, government web site, school website…. Oh yes, the list goes on. It’s not that expansive to hire a web team on part time to put up a nice and useful website.
Only one day after Mac OSX Leopard was released, a team of hackers had come up a patch that lets people to install it on regular PC. It works, but not fully tested yet. Full story can be found at
Well its been only a day since the Mac OSX Leopard was released officially by Apple and the hackers have managed to create a patched DVD that everyone like you and me can use to install Leopard on PC’s without having to buy a Mac.
It requires an USB drive to hold a shell script that needs to be manually run after the installation. The steps listed are pretty simple and clear. Here are a few screenshots of installed results:
I wish Apple will release an official version of the Mac OSX for PC instead of a Hacked version. I remember trying to get Panther to work on my PC at one point and it was super painful to get every piece of the hardware to work. But i don’t think it would be anytime soon that Apple decides to completely take over the PC+Windows market.
For any of you who checked out my blog today, you might’ve noticed it was showing domain expired. I appologize for the down time. It was my own mistake of not seeing the domain was actually expired a couple days ago.
I went ahead and renewed it. Fortunately, it is with Godaddy and it was brought back almost instantly after the renewal.
This is by far the best looking theme i’ve every come across with. It is absolutely amazing. The plugins were very easy to be added and supported by Redoable. The changes to be made to customize my blog was very minimal and everything (the codes) is self documented and explained.
Apparently there was a database failure, I lost all of the previous posts. But now i’m back again with a new look.
For those of you searching for jFileManager, I’m afraid it is no longer available. I’m not planning on bringing it back again since it was out dated anyways.
The good news is some of the posts are still retrievable from google’s cached page and timemachine. I’m trying to scramble those back together at the moment.
