Social networking sites like Twitter and Facebook can already be dangerous places. Things like short links and bogus messages from friends with compromised accounts put unsuspecting and under-prepared users at risk.

Now, AVG's security researchers have discovered a new threat on Facebook. For the first time, they've found hacked Facebook apps. According to AVG, the apps are being used to launch drive-by attacks which target vulnerabilities in Adobe Reader and Adobe Flash. AVG reports finding seven hacked apps, but they admit there could well be more.

First things first: if you're not running up to date versions of either of those, download them right now. Here's the link to Flash and here's one for Reader. Using anything but the most current version could leave you open to attack.

The attack works like this. Visit the Facebook page for any of the hacked apps and click to install. Instead of the normal process, the page will try to push a poisoned PDF document to your machine. Once open, the infected PDF infects your system with a bogus antivirus application - which are often notoriously difficult to remove.

I've mentioned fake antivirus programs like these before on Download Squad. If you've been infected, you can try the tools listed on this post to clean up your system.

To keep from getting infected in the first place, make sure you:

• have a good antivirus program installed and that it is fully updated
• update browser plugins like Java, Flash, and Adobe Reader as soon as you are prompted to do so
• install any critical Windows updates that are available
• check comments on new apps before you install - others may have already been infected and left a post on the wall!

Moneyseize is a very straightforward single-screen platformer with charming 8-bit graphics and music. The goal in Moneyseize is to, well, seize all the money.

You're in charge of the 'gentleman', and your job is to jump around in each level and collect all the gold coins. Your gentleman is attempting to build a skyscraper, and needs to collect 1000 coins to complete it. There are critters in most levels, and they also hold coins, and you must also avoid the various obstacles and hazards, like the prototypical spikes.

An interesting twist in the game is that while there are 25 coins available in each level, in many levels it is not possible to reach them all. As you progress through later levels, you can press switches that will occasionally change the layout of previous levels, making once impossible-to-reach areas reachable. Since you control which levels you visit from the map screen, the game takes on a bit of a puzzle flavor to go along with the straight platform style, which feels very reminiscent of early Mario Brothers games.

While I can't imagine actually completing MoneySeize, my building has already grown far larger than I ever intended it to get, just in testing it for this post. That's usually the sign of a good game.

Do YouTube and other Flash-based videos stutter when you view them in Firefox, but work fine in other browsers like Internet Explorer, Chrome, and Safari? This appears to be a problem that affects both the Windows and Mac versions of Firefox, and the problem (surprisingly enough) turns out not to be Flash - it's Firefox's session restore feature.

Lifehacker has a post based on information that one of their readers wrote in with. Basically, Firefox takes a snapshot of all of your open tabs every ten seconds, so that if you close your browser, you can open it to where you left off. Though you wouldn't think grabbing the plain text URL of a few webpages would be such an arduous task for the browser that it causes video to stutter, for some reason it is.

So what's the solution? Well, if you want to throw the baby out with the bath water, you can turn off the session restore feature altogether. A more sane solution is to simply lengthen the period of time between snapshots. To do this, type about:config into Firefox's address bar, then in the filter box enter browser.sessionstore.interval. The default value is 10000, which is the number of milliseconds between snapshots. Setting the number to 120000 lengthens the period to two minutes, a more reasonable but still useful period. Of course, you can set it to whatever you want, as long as you keep in mind that you're dealing with milliseconds.

I can't tell you how happy I am with this little hack - it has already prevented me from cursing Firefox a few times today.

What do massacres and bloodbaths have to do with your Gmail account? Lifehacker has discovered that they could be the key to getting rid of the pesky, hard-to-block text ads that show up next to your messages in Gmail's web interface. It turns out that advertisers don't like being associated with certain keywords, falling into categories like profanity and tragic violence. Rather than risk an amusing (at best) or offensive (at worst) ad placement, Google just doesn't display ads next to messages that have a certain density of these keywords.

Lifehacker was able to take advantage of this filtering system to create an email signature that should eliminate the ads. Rather than going the profane route, they whipped up the following innocuous statement: "I enjoy the massacre of ads. This sentence will slaughter ads without a messy bloodbath." If you can live with a violent email signature, you can probably come up with your own variation.

First you got your hands on a leaked copy of the Windows 7 RTM. Bad idea, says Microsoft.

Then you tracked down 7loader, which took advantage of a leaked Lenovo product key. We know it's out there, came the nonchalant reply from Redmond.

And now, thanks to a cooperative effort, the workaround has already been defeated. The official blog post touts improvements in Windows 7, which "already includes an improved ability to detect hacks, also known as activation exploits, and alert customers who are using a pirated copy." The post continues, stating that no systems will ever be sold using the particular OEM key that was utilized by the exploit.

So what's Microsoft's real goal here? "Our objective isn't to stop every "mad scientist" that's out there from dabbling; our aim is to protect our customers from commercialized counterfeit software that impacts our customers' confidence in knowing they got what they paid for."

Sure...There's absolutely no reason it would have anything to do with crippling the biggest Windows competitor on the market - pirated copies of Windows.

Louis Suarez-Potts, the community manager for the open-source Open Office project, says software piracy also hurts the open-source community, and though it can be argued that open-source is bad for innovation, most of us love the open source community. So does the occasional pirated piece of software really hurt our beloved open source projects?

Suarez-Potts thinks it's bad for everyone including the open source community since pirated software theoretically takes "customers" away from open source projects. For example, a college student may never end up downloading Open Office since he copied Microsoft Office from a friend, but that's not to say it hurts the money-makers like Microsoft at all. A little bit of piracy helps to establish big company's products as "the standard", hurting open source projects even more and making it harder for them to get their foot into a user's door.

Now we'd like to pose a question: Like the college student used in the example above, does pirating software generally prevent you from trying Open Source software or would you have put the cash down anyway even if you couldn't get it for free?

It has come to our attention that there's an Adobe Flash player vulnerability in the wild that may affect your PC.

Simply by visiting a naughty website, the unsuspecting web visitor will be attacked with a piece of code that redirects you to an evil .SWF file that can then execute nasty code on their PC.

Adobe has blogged about the issue, but hasn't issued any releases, or patches to take care of the problem as of yet. Security firm Symantec says that 20,000 web pages may be affected by this style of attack.

Since there's no real way around getting hit with this one, you can either disable your flash player altogether, or get the No-Script add-on for your Firefox browser.

[via webmonkey]

UPDATE: Adobe has issued a fix, click here to update. Read here for more info.

Experts such as Brian Livingston, editorial director of the Windows Secrets newsletter, say Microsoft is intentionally allowing a loop-hole to exist, which enables more advanced users of Microsoft's operating systems to upgrade to Vista SP1 without having the necessary previous versions of Windows.

The loop-hole exists in the Vista SP1 Upgrade Edition, which requires a previous install of Windows 2000, XP, or Vista but the upgrade edition will install even if they're absent. The Vista SP1 Upgrade Edition retails for about $110 less than the full version of Vista SP1, which means users can save money on upgrading to Vista by purchasing the cheaper upgrade box.

Livingston believes Microsoft supports the hole since the upgrade edition installs over itself in Vista SP1. Although it may seem absurd at first, Microsoft may benefit from such software pirates -- if they can be called that anymore.

The theory behind this is already at play and has been at play for many years. As more and more users install some version of Windows, others will see it as "the standard", and then they will buy it -- or they'll pirate it and indirectly influence others to buy it.

1. Full access to YouTube in Windows Mobile: Everyone's got a solution for playing YouTube Mobile videos on a Windows Mobile phone, but it seems no one's giving Windows Mobile users a way to access YouTube.com's full, flash video library. Oh wait, there is a solution. It only requires users to install a specific version of TCPMP and the Flash Video Bundle, an add-on to TCPMP to give it the ability to play flash video. Use Pocket IE to navigate to YouTube (a few other flash video sites are also supported). Clicking on a video will open TCPMP to play it. Easy, right?

You could also install Orb on your PC and use the Orb mobile client to find YouTube videos on the go, but that solution requires you to leave your home PC on all the time.

One of the great things about the Eee PC is that, unlike a $400 PDA or phone, the $400 laptop is a full fledged computer that just happens to weigh less than 2 pounds.

And while Asus went through a lot of work to load a customized Linux interface onto the Eee PC, the company also made it pretty easy to slap your own operating system on there. In fact, the Eee PC ships with instructions for wiping the hard drive and installing Windows XP (if you happen to have a Windows XP installation disc and a USB DVD drive).

And if you can install Windows, that means you can install Mac OS X. Not officially, of course. Apple only sells OS X licenses for Apple-labeled machines. But the folks over that OSx86 project have been tinkering with ways to install OS X on PCs ever since Apple started to support Intel chips.

So it was only a matter of time until someone went and installed Leopard on an Eee PC. You'll need to get your hands on Leopard disc image, either by making one yourself or from other means that we won't go into here. Leopard reportedly is something less than a speed demon on the Eee PC's 900MHz celeron processor and 512MB of RAM. But we could have predicted that.

If you mess up your computer beyond belief, you can use the restore disc that Asus shipped with the Eee PC. But we still probably wouldn't recommend this hack for anyone who doesn't know what the word "kernel" means.

When Apple introduced the iPhone at this year's Macworld Expo, there was a great sigh of disappointment when Steve Jobs informed his developer community that only web-based applications would be supported on the iPhone. That is, no Software Development Kit (SDK) to create native programs. Among other things, this letdown limited developers' ability to harness the iPhone's coveted multi-touch user interface features.

But that may soon change. Business Week has a hunch that Apple has been waiting for the right moment to throw down with an iPhone SDK, and not for the reasons you might think. Instead of avoiding ticking off their wireless partner, instead of trying to maintain quality control, instead of assuming Dashboard-quality applications would keep iPhone code junkies happy, it seems Apple may've had a different reason altogether for the long wait: Leopard.

If Leopard is the official development platform for the iPhone (and who would expect Apple to release an iPhone development environment for Windows?), then the wait may've been warranted after all. After all, we've not seen any multi-touch technology from Apple except on the iPhone, and one wonders if multi-touch is hanging out in the background of Leopard somewhere, waiting to get called to duty. Meanwhile, Business Week openly speculates that Electronic Arts has already received the SDK, but this hasn't been confirmed. Madden 2009 on the iPhone? Sounds good to us.

Sometimes the cure can be more painful than the disease. Case in point: the federal government tried to help a California county website recover from a hacker's attack yesterday and wound up knocking every California state website offline for 7 hours.

Here are the details. A hacker had diverted traffic from the Marin County website so that visitors found themselves looking at porn. That's bad. But when the feds tried to lend a helping hand, the accidentally "deleted the ca.gov domain."

While that did prevent users from finding naughty pictures when searching for Marin County services, it also meant Californians couldn't get information about vehicle or voter registration or find contact information for Arnold Schwarzenegger's office. Oh yeah, and California state employees couldn't reliably send or receive e-mail.

By last night everything was restored to normal. but it just goes to show, it's hard to find good help these days.

[via Techdirt]

While Apple has yet to authorize third party development on the Apple TV, hackers have been adding applications to the box pretty much since the day it was released.

The Apple TV is a $300 box designed to let you watch iTunes content on your TV set without plugging your computer directly into your TV. It streams content from your Mac and the internet over your home network.

Hackers have added RSS feeds, support for non-iTunes videos, and the ability to upgrade your hard drive. Now Jaman has released a commercial plugin for renting movies from the Jaman service. You'll need to hack your Apple TV in order to install the plugin, and you'll need to have the Jaman Player installed on both your computer and your Apple TV.

If we've learned anything recently, it's that these hacks might wind up causing more trouble than they're worth. Apparently Jaman is more than aware of this fact, because the company won't even support its own software hack.

[via last100]

Your open Gmail account could be in severe jeopardy, thanks to a malicious script that initiates itself when a website is viewed,

The tables have turned from hacking your computer, to hacking your virtually stored information. Supposedly hackers are not seeing the benefits of attacking your protected and firewalled computer these days, and are much happier to go after hacking Web 2.0 API's. Such is the case in a recent exposure of a critical process that executes a filter looking for specific incoming emails, sending them to another email address for snooping and prying. The filter would be in place until the Gmail account owner deletes it from the Settings>Filter menu.

Gnucitizen broke the news on this, and it has been verified by a few sources. He is not planning on demonstrating this process, or releasing more details on findings until Google has fixed this concern. He is also urging that others do not expose anything until they have notified Google and a fix is implemented. But does say that the hacks are out in the open for anyone searching Yahoo or Google.

Despite rumors that Dell might be working on a Windows Mobile-based phone, the company is pretty much out of the Windows Mobile business for now. And that leaves Axim X50/51 users pretty much on their own if they want to upgrade their devices from Windows Mobile 5.0 to Windows Mobile 6.

Overall, that might not be such a bad thing. Dell did an infamously poor job offering X50 users an upgrade from WM2003SE to Windows Mobile 5.0. The upgraded units ran slower and had more bugs than units running the older operating system.

But where Dell dropped the ball, the hacker community steps in. And after attempting to improve Dell's Windows Mobile 5.0 installation, one enterprising member of the XDA Developers forum has gone on to port Windows Mobile 6 to the Dell Axim X50v. Bear in mind, this upgrade is only for the VGA model. If you've got a Dell Axim X50 with a 320 x 240 pixel screen, this ROM will not run. Oh yeah, and installing any unofficial operating system upgrades like this could leave your PDA in an unbootable state. So this hack is not for the feint of heart.

That said, X50vs do seem to run much faster with Windows Mobile 6 than Windows Mobile 5.0. And you get upgraded versions of Word, Excel, Internet Explorer, Outlook, and other programs.

Update: If you've upgraded your X50v and are scratching your head trying to figure out how to revert back to Windows Mobile 5.0 or Windows Mobile 2003SE, check out our article on downgrading from Windows Mobile 6.