It was only three days ago that I wrote about the almost hopeless challenge of web security, specifically around new vectors with cross-site scripting attacks. Today came news that an XSS vulnerability had been found in the RubyOnRails development framework – and that applications built on the framework, such as Twitter and Basecamp, were vulnerable to XSS attacks. The vulnerability was discovered by Brian Masterbrook. He probed Twitter with some Unicode characters and found it vulnerable, tried the same thing on Basecamp and found it vulnerable, and then deduced that it must be a problem with RubyOnRails. He has an excellent and detailed write-up on his site about the process he went through. If you are running RubyOnRails anywhere, stop now and read his post as well as the security notice from the Rails developers and get your servers updated (the patch is in the notice, it will be in the release branch ‘today or tomorrow’). There are a few parts to this story. The first part is that it is great that Brian just happen to be one of the ‘good guys’. We find out about this vulnerability because he put the effort in to inform the parties involved and to get a fix out. We could have easily found out about this the hard way. The second part is the poor response he got from the guys at Basecamp. I use Basecamp, I have two accounts there and we use it somewhat internally at Techcrunch. Not anymore. Their response to a major security issue does not inspire any confidence, at least not enough confidence that I would feel comfortable having my personal data residing on their servers (for more details on their response, see Brian’s post). Twitter I am not as concerned about – they seem to have their act together in terms of responding to issues promptly (they have had their fair share of security issues, no link required there I think). Brian originally discovered this issue almost a month ago – he seems to have spent a lot of time just communicating with these vendors. Third part – learning from the mistakes of others. Point one would be: if you are a vendor of an application, get your shit together so that when one of the good guys wants to be able to tell you about a vulnerability he or she discovered, you don’t lose a → Read More
Many professionals I know are not project managers by profession and yet most at some point or another have had the dubious pleasure of battling it out with a project management (PM) application—MS Project typically the nightmare of choice. It begins with lofty ideals of planning and running an organized project (for once). Yet what usually happens is that they end-up managing the project management tool, rather than have it manage the project. Granted, PM tools have made progress in recent years, with Basecamp from 37Signals leading the charge with a Web-based subscription model that sports a user-friendly interface. The fact remains though that there’s a long way to go before non-project managers can put a hand on their heart and claim that the benefits of using a PM tool outweigh its overhead.
This was that I had in mind when Israeli startup Clarizen approached me, explaining theirs is a project management and collaboration tool specifically aimed at non-project managers. There’s no question Clarizen is a latecomer to the space, but they seem to have the right ingredients: A fairly convenient interface, a smidgen of unique differentiation, and friendly pricing to boot—and $15M in funding doesn’t hurt either, of course.
Clarizen is making two great offers available for TechCrunch readers: → Read More
College students now have their own Yammer. Last week, Wiggio came out of beta with a new look and a slew of group messaging and group management features. For each private group that you create, Wiggio provides a Twitter-like message stream from all the group members. But it also includes a slew of other features such as a shared calendar, mass text and voice messaging, file-sharing (including online docs and spreadheets), polling, and more.
Many of these features can be found in other products such as Yammer, Basecamp, WizeHive, and Producteev. But Wiggio is a solid addition to the group messaging family, and it is already gaining some traction by targeting college students and their particular group dynamics (academic, extracurricular, social, committees, sports teams, music/dance, religious, charity, etc.). Wiggio, which has been in closed beta for a year, already has 45,000 users, about 80 percent of which are college students and faculty members. → Read More
Yammer definitely started something. The enterprise Twitter service has more competition today from Wizehive, a Web-based group messaging and task management service for businesses. WizeHive just launched in beta. We have 500 invites (just enter “TC2009″ when you sign up).
Although it is similar in many respects to Yammer, Present.ly (our review), Basecamp, Central Desktop, and even in some ways to Producteev (our review), WizeHive is a worthy competitor and adds a few twists of its own. → Read More
Web design and programming firm WeBreakStuff just released a new project planning suite, GoPlan, similar to Basecamp and ActiveCollab. You use this stuff when you want to get a team organized around accomplishing project milestones – a lightweight Microsoft Project with collaboration built right in. The products have a lot of similarities. They’re all web based applications for managing your team projects. Both GoPlan and BaseCamp are hosted pay services made by staunch Ruby evangelists, while the more basic ActiveCollab is an open source PHP installation. GoPlan and BaseCamp prices range from free plans up to beefier pay plans (BaseCamp’s unlimited maxes out at $150/month, while GoPlan tops off at $100/month). Derek over at 5ThirtyOne has a detailed feature comparison of the three. GoPlan’s project management tool offers modules for note-taking, calendaring (with iCal export), task management, issue tracking, file management and online real-time chat (optional SSL). BaseCamp has a lot of the same features, minus bug tracking and a public project blog. GoPlan has also approached project tracking with a different design methodology. GoPlan not only lets you choose features based on plan levels, but also turn them on and off as needed to keep navigation free of feature clutter. GoPlan has also shot for a lower price point than BaseCamp (basic $20/$24; premium $100/$150), but with less file storage (GoPlan tops out at 8GB). Their free account gets you everything except calendaring and chat. However, for the paid accounts, GoPlan unlocks features faster. $10/month gives you all of GoPlan’s features for 12 projects of 8 people each. For an extra $20/month you get unlimited users, and 30 projects (twice BaseCamp). For readers interested in real-time project collaboration, check out our comparison coverage of ConceptShare and Thinkature. → Read More
37 Signals’ announced a couple of new features yesterday and today for their popular (100,000 users claimed on home page) and useful Basecamp project management product. First, Basecamp now hosts files directly on their servers without the need to set up your own FTP server. Files as large as 20 mb can be uploaded. Second, Basecamp has created a basic affiliate program. If an affiliate pushes new paying members to Basecamp, the user gets credits against their Basecamp fees. → Read More
San Francisco, CA
