A nasty security bug in Skype‘s iOS app can lead to users’ personal information being stolen.

The cross-site scripting (XSS) vulnerability, demonstrated in the video below, is present in Skype 3.0.1 and earlier versions of Skype’s iOS app.

It lets an attacker create malicious JavaScript code that runs when the user views a text message in Skype’s chat window. The code can be used to access any file that the Skype app itself has access to, including the address book on your iPhone.

The technical explanation of the bug can be found here.

Skype is aware of the issue and is working on a fix. “We are working hard to fix this reported issue in our next planned release, which we hope to roll out imminently,” Skype said in a statement.

[via Superevr]

More About: hack, hackers, security, Skype, vulnerability

For more Dev & Design coverage:

Hacker collective Anonymous is preparing to launch its own social network called AnonPlus. The move comes after Google banned Anonymous’s Google+ account called “Your Anon News” due to a violation of its community standards.

Details about the project are scarce. Currently, AnonPlus.com is merely a splash page, containing a message that explains the group’s motives behind the project. “Welcome to the Revolution,” it says, “a new social network where there is no fear…of censorship…of blackout…nor of holding back”.

Another message on the site explains that the project is for “all people not just anonymous,” adding that the actual site will go up soon but it will not happen overnight.

A link to the developer forum, where a possible user interface and design ideas are discussed, shows that the project is indeed in a very early stage.

A somewhat similar project, Diaspora, aimed to create an open-source social network as an answer to Facebook. After launching in late 2010, however, there has been no significant news about the project.

[via Wired]

More About: Anonplus, anonymous, hack, hackers, social network

For more Dev & Design coverage:

The Web Development Series is supported by Rackspace, the better way to do hosting. Learn more about Rackspace’s hosting solutions here.

Everyone loves a bad-guy-gone-good story, and these black hat hackers who went from lives of crime to corporate nine-to-fives epitomize that genre.

Let’s first make an important distinction: Hackers are not criminals. In fact, “hacker” is a term of high praise in the developer community. But when a hacker is dubbed a “black hat,” it means he or she has broken laws in the pursuit of hacking — perhaps even that he or she has done so for personal gain.

However, many black hat hackers have gone legit in their more mature years. While it’s not uncommon to see former cybercriminals switching teams to work as IT security consultants, many of the more high-profile black hat hackers also find themselves writing books, doing journalism and even getting public speaking gigs in the cybersecurity world.

So with that understanding, let’s turn our gaze upon these seven fascinating personalities who once hacked indiscriminately and are now employed respectably — some of them even by the companies they once hacked.

Ashley Towns

Towns created the first-ever iPhone worm, a rickrolling bit of code that only affected jailbroken iPhones. Mere weeks after the worm started spreading, Towns was hired by mogeneration, a company that develops iPhone apps, mostly for other clients such as TrueLocal, FoodWatch and Xumii.

Call of Duty Hacker

A 14-year-old Dublin schoolboy hacked into the Microsoft Xbox system this spring. In stark contrast to how Sony handled PlayStation hackers like geohot, Microsoft decided to work with the kid instead. The company hopes to teach the indubitably talented hacker to “use his skills for legitimate purposes.”

Christopher Tarnovsky

Hardware hacker Christopher Tarnovsky began his journey repairing satellites for the U.S. Army. He started dabbling in illegal hacking in the late 1990s. However, he didn’t get into serious legal trouble until he was hired by Rupert Murdoch’s News Corp. to hack a rival company’s satellite TV chip. These days, Tarnovsky runs a hardware security firm and sticks to gray hat hacking, like proving Infineon’s “unhackable” chip was anything but in 2010.

Jeff Moss

Moss is the founder of the Black Hat and DEF CON computer hacker conferences. In the days before the Internet was a big thing, he ran BBSes for hacking and phreaking and provided a hub for a huge, underground network of hackers of all stripes, from the curious to the criminal. In 2009, he was was sworn into the U.S. Homeland Security Advisory Council. And in April 2011, Moss was named chief security officer for ICANN, the agency that oversees the Internet’s domain names.

Michael Mooney

Mooney is best known for creating the Twitter bug Mikeyy, a worm designed to showcase Twitter’s security vulnerabilities. While the exploit was more gray than black hat, the worm could have gotten Mooney into serious legal trouble. However, Twitter didn’t press charges, and the 17-year-old Mooney was offered jobs by two software development firms. The teen accepted a position at web app shop exqSoft Solutions.

Owen Thor Walker

Also known as “akill,” Walker was charged as (and admitted to) being the ringleader of an international hacking group that caused nearly $26 million of damage. In 2008 he was hired by TelstraClear, the New Zealand subsidiary of Australian telecommunications company Telstra, to work with its security division, DMZGlobal.

Robert Tappan Morris

Morris is best known for creating the first Internet worm, the Morris Worm, in 1988. Later, he co-founded an online store, Viaweb, with Paul Graham, who would later found startup incubator Y Combinator. Viaweb was one of the first web-based computer applications. Now, Morris teaches computer science at MIT.

Series Supported by Rackspace


The Web Development Series is supported by Rackspace, the better way to do hosting. No more worrying about web hosting uptime. No more spending your time, energy and resources trying to stay on top of things like patching, updating, monitoring, backing up data and the like. Learn why.

More Dev & Design Resources from Mashable:

How the WordPress SEO Plugin Can Help Your Blog [INTERVIEW]
Closed or Open Source: Which CMS is Right for Your Business?
A Look Back at Eight Years of WordPress
HOW TO: Get Started with the Less Framework
4 Free Ways to Learn to Code Online

image credits: iStockphoto, airportrait, Flickr/pikturz, Wikipedia, Wired, Flickr/ICANN

More About: black hat, career, developers, hackers, jobs, web development series

For more Dev & Design coverage:

The Free Software Foundation is has launched second editions of two landmark publications by Richard Stallman, a.k.a. rms, “the last true hacker.”

The volumes, Free as in Freedom 2.0 and Free Software, Free Society: Selected Essays of Richard M. Stallman, 2nd Edition are both now available from the FSF store as free downloadable PDFs and as signed copies. Signed hard copies cost $50 each.

And while you’re shopping, you can also pick up a stuffed baby gnu, the FSF mascot, for $25.

The free-software activist launched the GNU Project in 1983 to create a free Unix-like operating system. He also founded the Free Software Foundation in 1985. The Linux kernel was built on and still supports GNU Project components that came before it and laid the foundation for open-source operating systems.

Stallman is also the main author of several copyleft licenses, including the GNU General Public License, the most widely used free software license.

Stallman’s life work revolves around freedom, by which he means four things:

  1. The software should be freely accessible.
  2. The software should be free to modify.
  3. The software should be free to share with others.
  4. The software should be free to change and redistribute copies of the changed software.

These principles underlie and inform the free and open-source software movement, and they also are used in many of the arguments for Creative Commons licensing for art and music.

image courtesy of Flickr, jolieodell

More About: foss, free software, free software foundation, fsf, hackers, open source, rms, Stallman

For more Dev & Design coverage:

If you’re a developer and you’d like to use your powers for the greater good, we have three ways for you to use your unique talents to affect positive change.

Random Hacks of Kindness

Random Hacks of Kindness is a community that focuses on developing practical and open-source solutions to global challenges. These challenges can range from disaster risk management to climate change adaptation. Solutions so far have included apps such as I’m OK, an SMS app that lets people in disaster-afflicted areas notify family members of their status, and CHASM, an app for landslide risk visualization.

These apps are made by thousands of software experts, volunteer devs and designers from 26 cities around the world. Currently, 120 distinct projects make up RHoK’s opus. Projects continue year-round, but events can be organized to create sprint scenarios.

Random Hacks of Kindness was founded in 2009 as a partnership between Google, Microsoft, Yahoo!, NASA and the World Bank.

Hack for Change

From Change.org comes Hack for Change, a weekend-long event to be held in San Francisco on June 18 and 19, 2011. (Disclosure: Mashable is a sponsor of this event.)

At the hackathon, 50 devs and designers will split into teams and spend 24 hours creating web or mobile apps they believe will affect positive change. Devs can use any publicly available APIs in their apps, and several companies with APIs popular in this arena will be presenting before the hacking begins.

Anyone can apply to attend and hack in this event, and invitations will be confirmed at the beginning of June.

Code for America

Code for America is still seeking fellows for its 2012 cycle. This organization assembles teams of crack developers to build open-source apps for governments. Each year, many cities and states apply for the CfA program, and many more developers vie for a spot as a CfA fellow.

The chosen hackers are sent to the cities where the apps will be built and used. Each dev is given a stipend, as well as mentorship and post-program recommendations.

CfA Fellowship applications are due July 31, 2011 for the 2012 fellowships.

image courtesy of iStockphoto, nyul

More About: developers, development, devs, hackers, hacking, social good

For more Dev & Design coverage:

If you’ve always wanted to tinker with hardware — up to and including building robots — but didn’t know how to start, Grant Imahara of the science-themed, blow-em-up TV show MythBusters has some advice:

“Anything that’s already broken is fair game! The worst-case scenario is it stays broken. The best-case scenario is you find out how it works or, even better, transform it into something else.”

Hardware hacking, like other kinds of hacking, boils down to getting your hands dirty and possessing a desire to know what makes things tick. And for many hackers, that desire starts at an early age.

“I think it’s something you’re born with — the desire to know how things work inside,” Imahara tells Mashable. “And you can tell your kid is a hardware hacker if none of the Hot Wheels cars have wheels, if the remote control gets take apart on a weekly basis.

“The best thing to do is give them more things to take apart so they can see how things work on the inside. Give them tools, and teach them how to use those tools.”

Imahara, who is hosting a Memorial Day Science Channel special on combat robotics, says he also started hacking at a tender age. “Even when I was young, I would build things with Lego or make ‘robots’ out of cereal boxes — long before I learned metalwork. The desire to build was always there.”

Although Imahara has a degree in electrical engineering, he says the robot-builders he’s met — especially those who take their bots into combat competitions — come from a wide range of educational and professional backgrounds.

“When I started Battle Bots in 1999, the guy sitting next to me was a high school teacher with no robotics experience at all. There were special effects guys, engineers, software guys who just wrote code — all kinds of people who had a desire to build something,” he says. “And they would do it in their garages or even their kitchens…. You don’t need to be an engineer or have your own machine shop.”

Imahara also notes how much the tools for would-be hardware hackers have grown in the past decade or two.

“I remember when I was a kid and I was interested in robots, there was really nothing out there but Erector Sets and Tinker Toys,” he says. “But now there’s such a variety of robotics-specific choices that you can buy off the shelf and get someone building and programming and exploring.”

For older sorts, Imahara also gives a nod to Maker Faire, which he calls “fertile ground … It’s about ideas, and taking those ideas into something physical.”

He recommends taking a trip to Amazon to browse through the many available books on robotics. His own book Kickin’ Bot is a specific how-to guide for building combat robots.

“And these days,” Imahara adds, “you’ve also got the Internet. There are thousands of webpages and open-source guides.”

Image based on photo from Flickr, dahveed

More advice from Imahara on first design.

More About: developers, engineers, gadgets, grant imahara, hackers, hacking, Hardware, maker faire, mythbusters, robotics, robots

For more Dev & Design coverage:

Code for America seeking devs for its 2012 Fellowship Program, a year of public service that puts coders to work for communities.

The fellowship gives developers, researchers, entrepreneurs and designers a chance to build customized web and mobile apps for communities and governments. Their work is used to solve pervasive public problems and connect citizens to governments. Each app built will be open sourced, as well.

The 2012 fellowship will be the second annual program of its kind. This year, recent graduates are encouraged to file early decision applications, which would allow for better planning of internships, employment or continued education. Those applicants would be notified of CfA’s decision by May 1, 2011.

Early decision applications are due April 15, 2011, and all other applications are due August 1, 2011. Would-be fellows can apply now on Code for America’s website.

Last year, the fellowship program had room for 20 fellows, and more than 350 applications were received. Given the stature of government applicants for the second cycle, competition is expected to be even more fierce this year.

Fellows in the year-long program will receive a living-wage stipend, travel expenses and healthcare. They’ll also get leadership training, networking opportunities and future career support in the form of guaranteed interviews at top web companies.

More About: cfa, code for america, developers, fellowship, hackers, internship

For more Dev & Design coverage:

Coding can be a solitary and frustrating enterprise, but the best thing about it is the community, which is generally waiting and wanting to help struggling programmers get past bugs and issues.

HackerBuddy is a clever, free application that capitalizes on the strength of that community. It allows web developers to find and give help in their areas of expertise — be those areas C++ or Python, SEO or marketing.

The app is simple to use, attractively designed, and with the right userbase, could be a real boon to programmers and startup types.

Hacker News and other developer-friendly forums are often littered with simple requests for help with coding or startup-related projects. These requests can fall on the wrong ears or appear at the wrong time, and giving or getting hacking help isn’t necessarily the purpose of these platforms, which are generally devoted to discussing the news of the day as it pertains to web developers.

On the site, we read that HackerBuddy will allow users to “help out fellow hackers, get the chance to beta test new apps and maybe even make friends with an awesome new startup. Tell HackerBuddy what you’re good at, and it’ll pair you up with a fellow hacker that could do with your friendly advice.”

The app matches you one-on-one with a fellow hacker and potential mentor/mentee in the subject area at hand. For example, I’m learning Java; if I choose the “Get Help” option from my HackerBuddy page, I can find a hacker to help me and chat with me about my Java challenges.

When the app matches up two compatible users, it swaps their email addresses, then “gets out of the way.” The users take over from there with an email exchange, which may evolve into phone or IM chats or even in-person meetings.

In addition to getting one-on-one help, you can also browse all users (there are currently around 1,200). We wish you could browse users by areas of expertise; for example, if I was building a Java app and needed early-stage startup and coding help, I would like the option to get both kinds of advice from the same person.

HackerBuddy was built by Dave Peiris, an iCrossing analyst, developer and SEO expert. He said the site is “a weekend project built using Ruby on Rails.” He built the app to learn RoR and writes, “There is a very large chance that this site will collapse under the weight of its own awkward code. If it does, sorry. I plan to improve it as I get better at coding in Ruby; please bear with me.”

We’re more than happy to bear with Dave; perhaps he could use a HackerBuddy of his own.

Give the app a shot, and in the comments, let us know how your experience with it worked out. Did you get the help you needed, or were you able to help out a fellow hacker?

Image courtesy of iStockphoto, pkline

More About: developers, hacker news, hackerbuddy, hackers, startups

For more Dev & Design coverage:

The Web Development Series is supported by Rackspace, the better way to do hosting. Learn more about Rackspace’s hosting solutions here.

David Kadavy’s upcoming book concerns a topic of great interest to us and to many of our developer and entrepreneur friends: design for hackers.

His blog posts geared for folks building quick-and-dirty web apps have been hits with the Hacker News community; he dispenses sound advice for technically minded designers who need to do a good job and do it quickly.

He spoke with us via e-mail this week about the needs and pain points of would-be (or must-be) designers in the world of web development. Keep an eye on his blog for updates about his book, Design for Hackers: Reverse-Engineering Beauty, to be published by John Wiley & Sons.

What’s one fundamental principle of design that you think most hackers are wont to overlook?

I think many people, when consciously attempting to create a design, will worry too much about certain details that don’t matter that much.

For example, some people worry an awful lot about font choice, when really, you can get a wide variety of moods and feelings from just a few fonts. The fact that there are so many fonts available just confuses and distracts them.

The hard — and more important — part is differentiating chunks of information into a clear hierarchy, and mastering the use of proximity, size, and font weight in establishing this hierarchy is far more challenging and impactful than figuring out the exact font to use.

Do you think it’s more necessary now than it was 5 or 10 years ago for hackers to know about and be able to do their own design work?

Absolutely, and I think that’s why there seems to be an explosion of interest in design within the hacker community.

Hackers are becoming more business savvy and recognizing that good design is an important part of running a successful business. …Many hackers are finding that teams as small as one can start a startup. Everything goes faster, with less friction and with more clear vision if different skills can be consolidated into one individual.

Design is a critical tool in getting customers to trust your business, but when you’re starting with little or no money, you need to get decent design for next to nothing. So what are you to do?

Good designers are hard to find, expensive and one more person in your development process is just added friction. If you’re a single founder/hacker, you’ve taught yourself everything else about running your business, so why not learn how to design and take care of that until you can afford someone more specialized?

The problem with that is you can’t solve design issues with a couple of Google searches like you can with programming issues.

I strongly believe that the overarching trend is toward everyone learning how to design… Now that everyone can publish, everyone needs to learn to design in order to communicate clearly.

What’s one example of great hacker-created design — perhaps something that works better than its maker intended?

The first thing that comes to mind is Craigslist. It has been cleaned up a small amount, but in many ways it’s really hideous. It’s been wildly successful because it addresses a huge pain point. Additionally, the unpolished aesthetic expresses the fact that its a community-driven site that’s extremely modest, commercially.

I think many designers overlook the economics of design: that perfect design just isn’t economically feasible or necessary in every situation. I know when I was in design school, myself and my fellow self-righteous design students would rip on the poor design of something as simple as a lost dog poster, without even thinking about the economics of it. It all depends upon where the product lies within its landscape.

With Craigslist, the power of the democratization of information transfer superceded the need for beautiful design. As design savvy spreads throughout the population, however, the standard will be raised.

Is there anything that you like or that you find refreshing or amusing about how the typical hacker approaches design?

The thing I like most about working with technically minded people is that they understand the medium of the web: the whole concept of structured information, the practical limitations of CSS-based layout, SEO best-practices, etc.

The lack of this knowledge always frustrated me when working in advertising or the print design world. You still see it today, designers who were trained on print, trying to cram their design vision without regard for the spirit of the medium.

Design is — and always will be — about the transfer of information, and I haven’t met many designers whom that really excites: the fact that if you design something in harmony with the medium and use SEO best practices, your message will reach more of the people who are looking for it. Aldus Manutius rolls over in his grave every time a designer throws up a web page straight from Photoshop’s “Save for Web….”

Another thing I like about working with hackers is that they tend not to obsess over inconsequential details… If you’re just launching a product and don’t have huge distribution, it won’t make any difference to your business whether that photograph is half an inch to the left or not. You have bigger, more mission-critical things to worry about.

What’s a common mistake hackers make when throwing together UIs for their applications?

The biggest oversight I see amongst hackers and designers alike is lack of consideration for the relationship between the chunks of information and the white space around it.

If I have a header that is 16px, and below it is a subhead that is 9px, there should be some rationality to the amount of white space I have between them — maybe there should be 9px since that’s the height of the subhead. There should also be some rationality in the margin to the left of that information.

A lot of times, information is just haphazardly set on the page — lots of things that are just too close together, and it just doesn’t look right. As a result, people start using crutches like color shifts and ornamentation (such as a horizontal rule) when consideration for geometric relationships between elements and white space can go a long way in making things look nice and clean.

Series supported by Rackspace


The Web Development Series is supported by Rackspace, the better way to do hosting. No more worrying about web hosting uptime. No more spending your time, energy and resources trying to stay on top of things like patching, updating, monitoring, backing up data and the like. Learn why.

More Dev & Design Resources from Mashable:

5 Better Ways to Read “Hacker News”
A Beginner’s Guide to Integrated Development Environments
10 Chrome Web Apps to Check Out
HOW TO: Make Your WordPress Blog More Like Tumblr
10 Tools for Getting Web Design Feedback

Image courtesy of Flickr, localcelebrity.

Reviews: Craigslist, Flickr, Google, Hacker News

More About: david kadavy, design, design for hackers, developers, hacker news, hackers, web design, Web Development, web development series

For more Dev & Design coverage: