In this edition of the Weekly Wrapup - our newsletter summarizing the top stories of the week - we analyze how Google CEO Eric Schmidt thinks the Web will evolve, review Hulu’s latest plans to make money, investigate use cases for Google Wave, ask why VCs aren’t investing in Augmented Reality, review the latest Mobile Web statistics, and more. We also check in on our two main channels: ReadWriteEnterprise (devoted to ‘enterprise 2.0′ trends and products) and ReadWriteStart (dedicated to profiling startups and entrepreneurs).

Sponsor

Subscribe to Weekly Wrapup

You can subscribe to the Weekly Wrapup by RSS or by email (form below).

RWW Weekly Wrap-up Email Subscription form:

Web Trends

Google’s Eric Schmidt on What the Web Will Look Like in 5 Years

Google CEO Eric Schmidt envisions a radically changed internet five years from now: dominated by Chinese-language and social media content, delivered over super-fast bandwidth in real time. Figuring out how to rank real-time social content is “the great challenge of the age,” Schmidt said in an interview in front of thousands of CIOs and IT Directors at last week’s Gartner Symposium/ITxpo Orlando 2009.

Mobile Web’s Explosive Growth

Mobile ad firm AdMob has revealed the dramatic changes the mobile industry has seen in their latest Mobile Metrics Report. It was only a year ago that the Motorola RAZR scored as the number one phone in America. One year later and half of the top ten are touchscreen devices, six include Wi-Fi capabilities, and six have mobile application stores. And as you would expect, this new crop of super-powered phones are making heavy use of the mobile web.

Why Aren’t VCs Backing Augmented Reality?

Some people believe that Augmented Reality (AR), the class of technologies that place images or data on top of other views of the physical world, could be the web browser of the future. AR has rocketed out of the research labs and is catching mass market interest fast - e.g. mobile phones displaying restaurant reviews when you look through your phone’s camera. Why then are VCs not investing more in Augmented Reality? Here are three reasons why we think investment in this sector has been slow so far.

Facebook Announces Roadmap for Developers

This week Facebook published a developer roadmap outlining upcoming relevant changes and a rough timeline for each. Changes include developer access to user emails, more prominent app displays on user profiles, all-new homepage dashboards for apps and games, and improvements to Open Graph and Analytics APIs. Read on for details and screenshots of the new faces of Facebook apps.

SEE MORE WEB TRENDS COVERAGE IN OUR TRENDS CATEGORY

ReadWriteEnterprise

Our channel ReadWriteEnterprise, devoted to ‘enterprise 2.0′ and using social software inside organizations.

Calendaring, Scheduling Meetings: Timebridge CEO Interview Reveals Strategic Importance of This Space

We have looked at Calendaring many times (such as in our round-up of 10 players). In our own work, we have started working with both Tungle and Doodle. To understand more about why this market is strategically interesting, we recently spoke with Yori Nelken, CEO of Timebridge (see our previous coverage here).

ReadWriteStart

Our channel ReadWriteStart, sponsored by Microsoft BizSpark, is dedicated to profiling startups and entrepreneurs.

Paul Graham: Priority Access to Twitter Is Practical Necessity

If hardcore hackers had any doubts whether the real-time web was a legitimate development environment, Y Combinator co-founder Paul Graham is dispelling them. In an interview with Graham, ReadWriteWeb learned that the entrepreneur-turned-investor issued a “Request for Startups” (RFS) asking for ideas from companies utilizing Twitter and Justin.tv’s live video API. Groups who are accepted to Y-Combinator and fall under these categories will be given “priority access” to Twitter and Justin.tv.

SEE MORE STARTUPS COVERAGE IN OUR READWRITESTART CHANNEL

Web Products

Google Wave Use Cases: Education

Google Wave is a much hyped new Internet-based communications and collaboration platform. It was announced at the end of May, released as a ‘Preview’ product shortly after and 100,000 more invites were made available at the end of September. Early users reported mixed feelings. But one month after Google Wave was opened to tens of thousands of people, how are people using it now? What use cases are being discovered? We started this series by looking at the education sector.

What are Hulu’s Mysterious Plans?

Everyone is looking to Hulu as the future of Internet TV. A joint venture between several major networks, Hulu delivers free, ad-supported programming via online streams - an untested model for long-term profitability, at least when it comes to television. While consumers have been enjoying the service since its launch in 2007, recent statements by a News Corp exec have people wondering: can Hulu make the ad-supported model work? Or does the company have other plans?

Google Launches Music Search: Partners with MySpace, Lala, Gracenote and Others

This week Google announced the launch of Google Music. This new service is powered by Lala and MySpace’s iLike. Other partners include Gracenote, iMeem, Pandora and Rhapsody. Google has also partnered with the major music labels: EMI, Sony Music, Universal Music Group and Warner Music. Through Lala and iLike, Google will also be able to feature music from a large number of independent labels.

Google Search Gets Personal: Social Search Launches in Google Labs

Social Search went live in Google Labs this week. Google announced that it was working on this Social Search feature at the Web 2.0 Summit last week. Social Search taps into a user’s social network profiles and displays relevant links and status updates that members of a user’s own social network have shared at the bottom of the default search results page. According to Google, Social Search will enhance the search experience on Google by providing users with more personally relevant search results.

Brizzly Adds Facebook - Aims to be The Blogger.com of Social Media

Brizzly wants to be to microblogging what Blogger.com was to blogging five years ago. Currently, Brizzly offers a user-friendly browser-based interface for Twitter and Facebook. The Facebook integration went live this weekand more social media applications will be added as the product evolves. Brizzly shares much of the same philosophy as Blogger. It’s simple to use and aims to make microblogging easy to understand and use by a mainstream audience.

Currently Brizzly is in private beta, but ReadWriteWeb has scored 2000 invites for our readers to test it out! (see the post for the code).

SEE MORE WEB PRODUCTS COVERAGE IN OUR PRODUCTS CATEGORY

That’s a wrap for another week! Enjoy your weekend everyone.

Discuss

I was interviewed last week by Richard Wallis for the track plenary I am doing in London for Online International.

Here’s a link to the podcast which hopes to promote the speech and the conference.

Stephen Abram – Open in Libraries Technology & Education

“Stephen Abram is Vice President, Innovation for library system vendor SirsiDynix. He is track keynote speaker for the The Open Movement in Libraries, Technology & Education track, on the third day of the conference.

In this first podcast in our Online Information 2009 series, Stephen first explores the meaning of the, often over used, openness concept. Are we talking about openness of systems, software APIs, open source, approach, minds, libraries, or a combination of several. of these.

With such a broad topic, it was inevitable that we addressed many many aspects of the influences of technology and attitudes on the way libraries are evolving. Touching on the library system industry, and how it has and is changing, postulating on the future of libraries, and external influences from our rapidly changing world, this is a great introduction to his presentation and the track it kicks off.”

Follow the link to the MP3 file.

Stephen

Thanks to the popularity of social networking sites like Facebook and Twitter, it’s a given that malicious hackers will devise ways to exploit the sites’ numerous users in order to infect their computers with malware. This unwanted software is designed to do a number of terrible things ranging from identity theft to turning computer into remote-controllable “zombie” machines.

Without sufficient anti-virus and malware protection programs installed, social networking users can easily become victims to these ever-evolving attacks. However, the best way to avoid becoming a victim yourself is to be aware of what’s out there and what sorts of things you should avoid. Below are the best practices which you should use on Facebook and Twitter in order to keep yourself safe.

Sponsor

The Problem with Malicious Links

One of the most common vectors for attacks are malicious links posted either to Twitter or to your Facebook wall. In the past, such as with the malware known as Kooface, the troublesome links could be easily identified because they would often use a consistent phrase followed by a URL. For example, in August, Koobface was posting links that read “my home video :)” which was followed by a URL and then a random component on the end such as "HA-HA-HA!!", "W.O.W.", "WOW", "L.O.L.", "LOL", ";)" or "OMFG!!!"

Although the end piece changed from tweet to tweet, the message itself remained the same. However, security researcher Costin Raiu of Kaspersky Lab tells us that easy-to-identify messages are not as common anymore. Today, it’s much harder to identify malicious links thanks to two newer techniques being used by hackers. Below those two newer methods are described in more detail as is the tried-and-true method of spreading malware via email.

Method 1: Hijacking Twitter’s Trending Topics

The first technique, which really became popular in August of this year, involves hackers creating Twitter new accounts and then posting messages related to whatever trending, or “hot,” topic was being heavily discussed on Twitter at that time. This would allow the post to be aggregated in Twitter search results where unsuspecting users would click on the included link. The text accompanying the link would be intriguing to those interested in the subject, enticing them to click through.

Method 2: Hijacking Legitimate Accounts

The second technique involves infiltrating legitimate accounts through phishing attempts and other methods so that the hacker essentially has control over a “real” account. After control has been established, if on Twitter, the hacker will then tweet out links that redirect users to malware-infected sites. Because the tweets come from an account that already has an established set of followers, those reading the tweets assume it’s safe and don’t hesitate to click the links.

After infecting the account of a Facebook user, malware often uses that particular person’s account to spread, too. As with the malicious links on Twitter, because it appears that the links posted are from a trusted friend, other users don’t realize that the posted link is harmful.

On Facebook, one of the most problematic malware programs is Koobface, a particular type of malicious software that sees 20 to 30 new variations per day. Despite the number of variants out there, Koobface’s M.O. is relatively consistent: it tricks people into clicking links. These links appear on social networks like Facebook and Twitter, but also on MySpace, hi5, Bebo, Friendster, and others.

Method 3: Dangerous Email

A third method to encourage social networking users to click on infected links is the old but still effective technique of sending out spoofed email. Hackers can create email messages that appear to be sent from a social networking site. The messages prompt you to “update your account” or open an attachment containing your new password among other things.

Image Credit: Last Watchdog

Image Credit: Last Watchdog

Although many users are now wary of email, these techniques are still being seen in the wild, so it’s clear that to some extent they still work.

How To Stay Safe

There are a number of best practices that you should follow in order to stay safe and avoid infection. They are as follows:

1. Don’t assume a link is “safe” because it’s from a friend: As noted above, your friend’s account may be infected. You should never assume that a link is safe just because a friend tweeted it or posted it to your wall. Use your common sense. If it doesn’t sound like something they would say, be wary, don’t click. If you’re unsure, try to contact them through another channel and see if the link is legit.
2. Don’t assume Twitter links are safe because Twitter is now scanning for malware: In August, Twitter partnered with Google to use Google’s Safe Browsing API, a technology that checks URLs against Google’s blacklist. This prevents spammers from posting malicious URLs to Twitter, but it does NOT prevent them from posting shortened URLs which direct users to those same malicious sites. It’s better than no protection at all, but it’s not going to keep you entirely safe.
3. Don’t Assume Bit.ly Links are Safe: Earlier this year, Twitter’s default URL-shortening service Bit.ly, began warning users of malware. Bit.ly also uses Google’s Safe Browsing API along with two other blacklists to identify malicious links. Although the service doesn’t prevent users from posting these links, it will warn upon clicking that the site being linked to is infected. However, as Raiu tells us, this is not 100% effective either. Kaspersky has identified a number of malicious links which Bit.ly did not block. However, you can assume that Bit.ly is generally safer than the other URL-shortening services because it uses this technology and because the hackers are generally avoiding this service at the moment because of its built-in protection. But it is not completely safe - nothing ever is.
4. Use an up-to-date web browser: Kaspersky recommends using the latest version of your web browser and keeping it up-to-date with the necessary patches. That means Internet Explorer users should be on IE8 - and since this browser is attacked the most, it’s critical that you make sure it stays updated as needed. Firefox is the second most attacked browser, but fortunately, it has a self-updating feature built in. Google Chrome is also good because it has a self-updating feature as well as another security feature that runs plugins in “sandboxes,” or restricted environments. If an attacker was able to exploit the browser and run malicious code, it would be isolated to this sandbox and would not able to effect the entire machine. Opera and Safari are also good browsers and should be kept current, too.
5. Keep Windows up-to-date: As always, Windows users should make sure their systems are current with the latest patches from Microsoft. Automatic updates should be turned on.
6. Keep Adobe Reader and Adobe Flash up-to-date: At the moment, Adobe Reader and Flash are the two most targeted programs by hackers. A lot of malware specifically goes after known vulnerabilities within Adobe’s software. In addition, a common method of attack, such as that used by Koobface, is to redirect a victim to a malware-infested site where the user is prompted to update their Flash player or Adobe Reader in order to see the website content. NEVER do this. Always go to Adobe’s site on your own to download the latest version or update the software on your computer using its own built-in update mechanisms.
7. Don’t assume you’re safe because you use a Mac: While it’s true that Mac users are less targeted than Windows users, they are not immune to malware, despite what those commercials may say. Although Apple did include some malware protection in their latest operating system, it only protects users from two trojans; you cannot count on it alone to protect you. There are a couple of hundred of trojans currently in the wild that specifically target Mac machines, according to Kaspersky. In fact, there may even be as many as a thousand, but researchers are unable to identify all of them because Mac users don’t typically run anti-virus software which is how much of the data is collected. These days, when a user clicks an infected link, the malicious web page will now sometimes identify whether that user is coming from a Windows or Mac machine and then display the appropriate version of the trojan accordingly. A particular family of trojans known as “DNS Changer” trojans are the most common ones used to attack Mac machines. The only way to really be sure that you’re protected against these malicious programs is to run anti-malware software on your Mac, but most Mac users won’t do so, preferring to take their chances since their risk is lower.
8. Be wary of email messages from social networks: Because email addresses can be “spoofed” by hackers, you can’t assume that an email from Facebook or Twitter is really from those the site it claims to be from. As always, you should never open attachments you were not expecting to receive and you should be wary of clicking on links - especially if you’re being told to “update your account.” If you do click on a link and are taken to a web page that asks you to log into the site, DON’T DO IT. It would be handing over your password to the hackers. Instead, you should always access the sites directly by typing in their URL in your browser or clicking a saved link in your Favorites.

It’s Not Just a Matter of Common Sense Anymore

As the above best practices show, a lot of the things you can do to protect yourself from malware are the same as they have been in the past - keep your computer and browser up-to-date, don’t open attachments, etc. However, malware is trickier to identify these days thanks to social networking sites. It now uses the trusted identities of your friends in order to lull its victims into a false sense of safety. You can no longer simply assume that because someone you know posted a link, it’s automatically safe. You can’t even assume that the networks themselves are safe, either. They’re not always scanned for malware-laden links, and when they are, such as is the case with Twitter, it’s not a 100% effective method.

Security researchers are actively working on better ways to fight this problem - for example, Kaspersky just announced their “Krab Krawler” project which will help keep their blacklists current by scanning for malicious links on Twitter, but it’s not a tool that end-users can download to protect themselves; it’s only one of many methods that security firms use to collect data about the malware on the internet. The best way to stay safe is to follow through with all the best practices - not just one or two. Malware isn’t ever going away, so everyone must do their own part in order to stay safe on the web.

Discuss

It’s one day before Halloween and while other bloggers are writing about horror movies and costumes, I honestly can’t think of anything more scary than the thought of myself attempting to raise a baby. ReadWriteWeb’s own Sarah Perez is about to boldly go where many women have gone before. As a tribute to her bravery and baby bump we’re doing a roundup of baby gift registries:

Sponsor

1. Kaboodle: This service offers parents-to-be a drag and drop interface for users to create their registries. Some of the featured stores within the site include Sears, Costco and BabyStyle. While a number of registries only offer toys and clothing, this site is great because it allows users to choose from a variety of items that they actually need. After creating your Wish List you can also share it via Facebook and Twitter.

2. The Bump: Brought to you by wedding network The Knot, The Bump is a baby registry where users can direct friends to their complete list of baby registries. Some of the available stores include Pottery Barn Kids, Baby and Child Restoration Hardware and Target. While the service is a great idea in theory, it could be improved if registration info was carried across sites.

3. Amazon Baby: Amazon offers parents an easy registry tool and the fantastic thing is that most friends and family members can skip the credit card form as they’ve already got accounts. If you’re worried that your friends will give your kid something impractical or dangerous, you may want to direct them to the baby buying guides.

4. Babies R Us: Although a sub-site of Toys R Us, Babies R Us allows parents to register for practical items as well. The site offers a variety of strollers, car seats, cribs and pacifier sterilizers to choose from. The great thing about this site is that there is a wide selection of organic and natural products including warmers for BPA-free bottles and organic cotton washcloths.

5. Giggle: Some of the items on this list include high-end products like the Babycook BPA-free Cuisinart-style baby food maker and more affordable products like milk freezer packs. This service allows expecting parents to search for their favorite items or add items based on those that are most popular within the community. One of the nice things about this site is that parents can add items using an “add to registry” browser button.

Photo Credit: Joel Schlabotnik

Discuss