Sunday, April 22, 2007

Discover Your Internal Power with Web 2.0



New blog that provides very useful information about soft skills.
mindrs is a blog focused on providing its audience with a database of most of soft skills & human development related resources from around the world. Its purpose is to show your internal power and how to improve and use it effectively.

Monday, April 2, 2007

March's Latest 39 Web 2.0 Applications


This list is wrap-up for all web 2.0 applications that released/published in March. The list is categorized in tags (Chat & Networks, Sharing, Files, Email ,Video & Music, Blogs, Business & Management, Programming & Web Masters Tools, Marketing and Mapping).

Chat & Networks

  1. Twitter - A global community of friends and strangers answering one simple question: What are you doing? Answer on your phone, IM, or right here on the web!
  2. yackpack - Simplify your connected life the way only YackPack's patented interface can. See at a glance who is in the 'office', and hold a conversation as if you're right there - no 'calling', no 'composing a message', no 'opening a chat window' - just instant, effortless communication.
  3. experienceproject - It's a community website that builds custom emotional support and friendship networks for members, based on who they are, not who you know. Life experiences are the nodes in the network, and the more one has in common with another, the stronger the link. It's also anonymous, so people don't have to worry about being judged by others.
  4. ThisNex - It is a shopcasting network where you can recommend, share and discover great products. Every product on ThisNext is picked by the ThisNext community (That means you!). You can organize your picks into product playlists we call shopcasts.

Sharing

  1. bzzster - Bzzster allows you to recommend about cool videos, news stories, blog posts to friends easy and something you look forward to doing. Bzzster goal is to make Bzzster the best way to recommend links.
  2. grapheety - Explore the world or your own neighborhood with Grapheety. Share an experience for someone else to discover. A site for sharing stories via location. (google maps) The goal being to detail people's stories all over the globe, so a person exploring can see what's going on before they go there.
  3. Sloog - It is a bookmarking service for Second Life residents. It allows users to save favourite places and avatars and search for them later, both in-world with a simple plug-in (HUD) or via the web browser.
  4. Ideawicket - It is a platform for people with novel ideas, designs, innovations and inventions to showcase their creations. Share your ideas for new products, new designs, better processes, new uses, new art or your original creative work. You can post solutions for everyday products, processes and services that save time, cost and space, increase productivity and efficiency, foster easier communication, improve consumer experience, are socially and ecologically responsible, delight the senses or enhance quality of life
  5. MegaBuzz - It is a Web site, where users can ask questions, share opinions, and choose sides on hot topics for points and prizes. MegaBuzz fills a gap in the social media space by bringing together people, viewpoints, and money
  6. Quickeo - It is an application for people who want to share their private digital photos, videos, music and other files with their friends, family and community – not the whole world. It simplifies the transfer of private multi-media files for both the sender (no uploading to a server necessary) and the receiver (no downloading necessary).
  7. mythings - We all have things - consumer electronics, valuable furniture, collections, or collectibles. Whether you have a household of stuff, a collection of great art, wines, comic books, or sports memorabilia - you name it, MyThings provides a safe, easy-to-use place for you to catalog it and track it online.

Files

  1. Weebly - Weebly is the easiest way to create, upload a website, and share it with the world for free. From personal to professional sites, Weebly will enable you to spend your time on the most valuable part...

Email

  1. forlater.net - Easy to use e-mail reminders. Just enter your message, the method and a date. forlater will then remind you at the right time.

Video & Music

  1. Vmix - The VMIX free video sharing and hosting community allows you to upload your favorite homemade videos and funny video clips and share them with your friends ...
  2. Koonji - It is an interactive guide that assists you with any online activity, for example buying a tv, planning a birthday party, finding a job, etc. It provides a step-by-step process for accomplishing the task and travels with you to guide you through the process. It also learns from the community as they are using it so that it can get better over time.
  3. Jabbits - It is the place where People can ask a question and watch other people’s answers. If you know the answer to someone’s question let everybody know. Have a great idea or thought? Bounce it off others and find out what they think. Watch and listen to other’s viewpoints. Broaden your horizons or confirm your point of view
  4. Foxytunes - Planet is an aggregates music videos, photos, news, bios and much more from any number of sources all over the Web into one convenient place. The Planet is universal - it can support any music site, service or store. Many great sites are already supported, and the list will be growing fast
  5. 5min - It is a place to find short video solutions for any practical question and a forum for people wanting to share their knowledge. 5min aims is to create the first communal Life Videopedia allowing users from all over the globe to contribute their knowledge by sharing visual guides covering variety of subjects.
  6. eyejot - Eyejot is the first, comprehensive, client-free online video messaging platform ideal for both personal and business communications. It offers everyone the ability to create and receive video messages in a self-contained, spam-free environment. With no client to install, you can start using Eyejot immediately with any browser, on any platform. It even features built-in support for iTunes (and iPods™), mobile devices and social networks like MySpace.

Blogs

  1. BlogRovr - Download BlogRovr’s browser plug-in and tell Rovr what blogs you like. While you browse, Rovr will show you posts from them about the page you’re on. Rovr’s tray slides in briefly showing summaries of the posts it finds. Click on the summaries and read the full posts, hovering right on the pages they discuss.
  2. Nexo - It was created to simplify your life by providing an online service that lets you coordinate communications and collaborations with all your different groups of friends, colleagues, neighbors, teammates and community. Nexo provides a website, email communications, real-time updates and social networking all in one. Nexo makes it easy to keep everyone up-to-date and makes it fun and easy to participate.
  3. Huminity - It is built to facilitate friendships, make it easy for people to find and make friends, find jobs faster, make better deals and reach anyone in the world, through combining Instant Messaging with Social Networks open a whole range of possibilities to enrich everyone’s life.
  4. TwitThis - It is an easy way for people to send Twitter messages about your blog post or website. When visitors to your website click on the TwitThis button or link, it takes the URL of the webpage and creates a shorter URL using TinyURL. Then visitors can send this shortened URL and a description of the web page to all of their friends on Twitter.
  5. Blogsticker - It is a new and original service that allows you to display stickers on your blog.

Business & Management

  1. Salary - Salary builds on-demand software around a deep domain knowledge in the area of compensation to help customers win the war for talent by simplifying the connections between people, pay and performance. Salary's cutting edge technology is integrated with actionable data and content, empowering customers to make the best decisions about pay and performance and help them to attract, motivate, reward and retain top performers.
  2. Approvr - It has created a web-based Approval Workflow Manager to give users a faster, more efficient way to manage proofing and approval of documents. Approvr’s simple workflow allows organisers to quickly send documents for approval, and reviewers to easily review and comment on those documents. Approvr brings simplicity and ease-of-use to a traditionally difficult and time-consuming process.
  3. HiTask - It is a simple task management application that is designed to satisfy both sophisticated followers of David Allan’s 'Getting Things Done" methodology and anyone who just needs a quick and easy tool to manage their everyday tasks. HiTask gives you maximum comfort with minimum features to make your working day run smoothly and easily.
  4. Goplan - It is an online project management solution. It allows teams and individuals to collaborate through tasks, file management, real-time chat, online calendaring, and many other features. As an always-on access-anywhere hosted solution it saves companies the trouble of purchasing, maintaining and securing a platform for collaboration
  5. City Book - It was designed to make finding a business quick and easy. The location based services provide users with information on where good businesses are based around their areas, and the deals provided by these businesses. City Book gives users the power to recommend good businesses they may have used as well as review hotels and restaurants. This allows businesses rated better to show higher up in search results - thus helping other users and good businesses themselves.
  6. Hitflip - It run Europe's biggest P2P swap platform for media products (DVDs, games, CDs, audiobooks, and books).Hitflip aims to excite their members by making the swap of media products as easy and cheap as possible. All members have to do is enter which products they have and which ones they want, and Hitflip does the rest
  7. lyro - It aspires to become the world's largest repository of online business cards – where everybody who’s anybody can be found. Lyro makes it faster and easier for potential customers, business partners, colleagues and acquaintances to search, find, and contact you.
  8. WeSquare - It gives businesses and professionals something which was previously unthinkable: the ability to work with any client, be they in the same city, country or another continent. A limited base of clients has now become boundless.
  9. Barracuda Suite - It is the flexible and intelligent way to manage your retail business. It's simple to use interface shows you just what you need, when you need it. It's intelligent structure automates your most common tasks like inventory reconciliation, order fulfillment, credit card processing, customer management and much more.
  10. iZeit - It is an easy to use online PHP calendar. Unlike other online calendars such as Google or 30Boxes, iZeit runs on your own server, so it's totally customizable.
  11. Huddle - It is a network of secure online spaces that combine powerful document, project & team tools with the simplicity of a social networking site. Collaborate on documents (with access control, version management and approval workflow), create project milestones and share ideas online. Fully hosted, no special software required. Free package (1 project huddle, 5 users, 25MB of storage) and several paid subscriptions available.

Programming & Web Masters Tools

  1. Tapefailure - Tapefailure lets you record your users' browsing sessions and play them back, just like a tape, as well as view numerous useful statistics about your users. Tapes can be viewed online or downloaded for later, offline, viewing. Statistics include percentage of page scrolled, distance the mouse has been moved, average number of clicks per page, user sight focus, and general paths, and numerous others.
  2. SWiK - It is a community driven resource for open source software. Try starting a page about your favorite project, syndicating a blog for a topic, or browsing through tags people have added to projects or pages.

Marketing

  1. Gumiyo - It provides a totally new way to post, find, and target online classified ads that connect buyers and sellers. As an online marketplace and an innovative classifieds site, Gumiyo helps you publish ads to a wide yet targeted audience - wherever they are. Gumiyo is accessible from your mobile phone or from your web browser. Gumiyo teamed with JAJAH, PayPal, Amazon Web Services m-Qube and many classifieds sites such as Froogle, Google Base, Edgeio, Trulia, Vast.com, Oodle.com and more

Mapping

  1. Kayuda - It is a web-based visual wiki, a mind-mapping tool, and a non-linear writing tool that allows you to track ideas and the relationships between them. It's free, and any number of people can collaborate simultaneously in real-time

Fortify Software Documents Pervasive and Critical Vulnerability in Web



Advisory details a fix for ubiquitous JavaScript Hijacking vulnerability that allows an attacker to emulate a Web 2.0 user’s identity to fraudulently access software applications


PALO ALTO, Calif., April 2, 2007 - Fortify Software, the leading provider of security products that help companies identify, manage and remediate software vulnerabilities, today announced that its Security Research Group has documented the first major vulnerability associated specifically with Web 2.0 and AJAX-style software. Termed JavaScript Hijacking, the vulnerability allows an attacker to steal critical data by emulating unsuspecting users. To combat this issue, Fortify has released an in-depth security advisory that details this vulnerability, how enterprises can determine if they are vulnerable and how they can fix the issue. A copy of this advisory can be downloaded at www.fortifysoftware.com/advisory.jsp.

JavaScript Hijacking appears to be a ubiquitous problem. As part of Fortify’s work, the 12 most popular AJAX frameworks were analyzed, including frameworks from Google (NASDAQ: GOOG), Microsoft (NASDAQ: MSFT), Yahoo! (NASDAQ: YHOO) and the open source community. Fortify determined that among them, only Direct Web Remoting (DWR) 2.0 implements mechanisms for preventing JavaScript Hijacking. The rest of the frameworks do not explicitly provide any protection and do not mention any security concerns in their documentations. Even if an application does not use any of the frameworks listed above, it may be vulnerable if it contains AJAX components that use JavaScript as a data transfer format for sensitive data.

“With recent surveys from McKinsey indicating that almost 75 percent of enterprises plan on increasing their investment in Web 2.0 technologies, it is clear that we need to address the issue now,” said Brian Chess, Fortify Software’s co-founder and Chief Scientist. “Unlike vulnerabilities that are tied to a specific application or operating system, there is no single vendor to which this issue can be reported and resolved. In fact, many rich Web applications don't use any framework at all. As a result, we need to educate software developers about the risk that Web 2.0 brings.”

Fortify contacted a large group of security researchers, enterprises deploying Web 2.0, industry analysts, software developers and framework architects to determine the best course of action. The general consensus was that Fortify needed to inform the industry in a timely fashion while ensuring a fix was available. Fortify’s Web 2.0 Security Advisory was written to explain the issues to the business community as well as help developers fix the problem at the source code level.

“There are some worrying estimates of the percentage of websites with vulnerabilities, so I think it's good for the industry to focus on greater security, particularly in understanding the risks,” said Joe Walker, CEO of Getahead Ltd. and a developer and consultant working on advanced web development techniques like AJAX. “I'm pleased to see that Fortify is spending time to explain the problem and investigate the issues.”

Although Web 2.0 functionality has already seen mainstream use by consumers (e.g. social networking sites like MySpace), enterprises are recognizing the growing value of pushing applications to the Web, and are rapidly deploying frameworks to facilitate quick access to information, improve application performance and encourage collaboration. According to a March 2007 McKinsey survey, the industries most likely to adopt Web 2.0 technologies are retail, high tech, telecommunications, finance and pharmaceuticals.

The vulnerability opens businesses up to malware that can allow an attacker to access proprietary information. JavaScript Hijacking allows an attacker to pose as the user accessing the Web 2.0 application. Once the attacker successfully emulates the victim, they can read sensitive data transmitted between the application and the browser that uses JavaScript as a transport mechanism. These attackers can then buy and sell goods, trade stocks, adjust security settings for an enterprise network or access and manipulate customer, inventory and financial information.

Any framework or application that meets these criteria may be at risk from JavaScript Hijacking and the developers responsible for these frameworks and applications should take immediate measures to prevent the vulnerability. Fortify Software advocates a two-pronged approach that allows applications to decline malicious requests and prevent attackers from directly executing JavaScript the applications generate.

Security researchers like Jeremiah Grossman have already demonstrated the viability of this new class of vulnerability in specific instances. “New technology often leads to new risks and opens unforeseen avenues of malicious attack. Once understood, developers need to ensure the necessary safeguards are in place when they break new ground,&rdquop; said Grossman, CTO of WhiteHat Security. “Those responsible for the security of Web 2.0 deployments need to take this issue seriously and implement the steps necessary to resolve the issue before the risk results in an incident.”

About Fortify Software, Inc.

Fortify Software products protect companies from the threats posed by security flaws in business-critical software applications. Its software security products—Fortify SCA, Fortify Manager, Fortify Tracer and Fortify Defender—drive down costs and security risks by automating key processes of developing and deploying secure applications. Fortify Software's customers include government agencies and FORTUNE 500 companies in a wide variety of industries, such as financial services, healthcare, e-commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by a world-class team of software security experts and partners. More information is available at www.fortifysoftware.com.

March Web 2.0 Wrap Up ...

This list is wrap-up for all web 2.0 applications that released/published in March. The list is categorized in tags (Chat & Networks, Sharing, Files, Email ,Video & Music, Blogs, Business & Management, Programming & Web Masters Tools, Marketing and Mapping).



read more | digg story

March Web 2.0 Wrap Up ...

This list is wrap-up for all web 2.0 applications that released/published in March. The list is categorized in tags (Chat & Networks, Sharing, Files, Email ,Video & Music, Blogs, Business & Management, Programming & Web Masters Tools, Marketing and Mapping).



read more | digg story