I am overwhelmed with a geeky sense of joy when I search for “Philadelphia Flyers” on Google and instantly get a schedule of upcoming games as well as scores from previous ones at the top of the results.

Those type of “instant answers” make my day go smoother and keeps me from having to dig through the top ten results for the high-level things that I’m looking for, such as sports scores or flight schedules.

As with any other technology, we have our choice of search engines to pick from. While most of the world uses Google, Microsoft has Bing, and there’s a fast-rising alternative to both that we’ve told you about called DuckDuckGo. Since the end of last year, daily search queries on the site have gone up 227 percent.

To stand out from the crowd, DuckDuckGo provides some interesting search assistants or hack, which it calls “goodies”, to make your search experience more enjoyable and streamlined. Being a dark horse in the race of search also gives the company the opportunity to try out new ideas, such as letting people write plugins that alter how search results are shown.

DuckDuckHack

The company announced this initiative today and calls it “DuckDuckHack“. The platform will allow any developer to create a plugin that creates instant answers for search queries performed on the search engine.

Here what DuckDuckGo founder Gabriel Weinberg had to say about the new platform today:

For example, suppose you often do searches on bioinformatics or lego parts or on other topics that we don’t know much about. Then you’re in a great position to help craft great instant answers in that area and improve your own results along with the results of others doing similar searches. We hope that DuckDuckHack will give you the opportunity to do so.

When visiting DuckDuckGo today and searching for “xkcd 115″, you’ll instantly be shown the 115th iteration of the popular web comic xkcd:

You don’t have to install these “plugins”, as they’re baked right into the search engine once they’re approved by the company. You can follow @DuckDuckHack on Twitter to find out some of the newest easter eggs.

That’s just one example of the type of search hacks that developers can start coming up with now using the platform. By visiting DuckDuckHack.com, you can find answers to all of your questions as well as get more information about the platform itself and how to get started.

The company has funding through solid investors like Union Square Ventures, so its safe to say that the growth of DuckDuckGo will continue. Is it a threat to Google? Probably not in the grand scheme of things, but the idea of innovation in search coming from a company outside of Google isn’t a crazy notion.

When you visit Amazon’s homepage, you’ve more than likely seen the recommended items that the company suggests you check out. It’s a really great way to get people into the mood of shopping when they might have just come to browse a bit.

Sometimes I visit Amazon with an intent to buy something and have no idea of what I want to get, and that’s why its recommendation technology is so powerful. What if someone could control the things that pop up under Amazon’s recommendations? It would be a pretty powerful, and profitable, trick wouldn’t it? One guy has figured out how to do just that simply by having you visit a page first.

In a post titled “I can manipulate your amazon.com recommendations” Felix Middendorf discusses exactly how he goes about having Amazon recommend things to you by his choosing, and here’s how you can test his methods:

1. Open this page.
2. Visit amazon.com.
3. Observe Dale Carnegie’s classic “How to win friends and influence people” appear on your personalized amazon.com homepage (see screenshot below for comparison).
4. Order it if you are interested, it is a great read (optional step ;-) )!

I tried it and yep, it worked:

Middendorf explains exactly how he did it:

The page contains a hidden iframe that triggers an HTTP GET request to the book’s page on amazon.com. Now amazon thinks you are interested in this article and recommends it and similar ones to you on their homepage. I would like to leave possible malicious applications to your imagination.

How to fix this? If the X-Frame-Options response header is set to SAMEORIGIN, modern browsers will not allow third party websites to include a page. Interestingly, the German amazon website amazon.de does this.

I have informed amazon.com of this issue via Twitter and E-Mail.

While it’s good that he reached out to Amazon about the issue, the fact that your recommended list is so easily manipulated is pretty scary. Anyone on the web who wants to put a specific item in front of you to buy can easily do this.

Have you ever seen something recommended to you on Amazon that made absolutely no sense? This might be why.

When I was at SF Music Hack Day last month there were a few projects that jumped out at me. Some of them were software based and a few were hacks of hardware. One project that instantly caught my eye was a projected called “Tabber”, which is a contraption that hooks onto your guitar to teach you how to play.

Yes, I’m attracted to bright blinking lights, but as I watched one of the developers hacking away on it alone in a room, I could tell that this thing might actually work. What Tabber does is stream guitar tabulators to a device and lights blink up on the next note of the song. You can tweak the speed of the song so you can keep up with it until you’ve mastered it, which makes this thing an incredible learning tool.

The team behind the Tabber has finally launched its Kickstarter campaign to bring the device to the masses. To make it a reality for all, the team of three passionate music geeks are hoping to raise $45,000. Check out the Tabber in action:

Along with looking super neat and potentially helping you to become the next Van Halen member, the team wants to keep the project hackable and open-sourced:

We believe that music is every bit as much about people as it is about notes in a song. Our goal is to create a community of not only music lovers, but creative people who like to build things that others can use. What kind of things will get built? We don’t know yet, but that’s the point. Should our project reach it’s funding goal, both the hardware and software will be hackable to people and we’ll be able to share all of those ideas on www.tabber.co!

If you’re a music fan or a hardcore gadget fan, this is a project that you should really get behind. I can attest to the fact that the team is hardworking, believes that everyone can learn how to play guitar, and are more than passionate enough to see this project all the way through.

With Kickstarter blowing up with activity lately, I see no reason why the Tabber won’t see similar success.

➤ Tabber on Kickstarter

Google’s Chrome browser is becoming more secure as we speak, thanks to a program we talked about last week. The Chromium Security Rewards Program is sponsoring an event at the CanSecWest security conference right now, and the highest monetary reward has already been given.

Here’s what the Chrome releases team had to say about it today:

The Chrome Stable channel has been updated to 17.0.963.78 on Windows, Mac, Linux and Chrome Frame. This release fixes issues with Flash games and videos, along with the security fix listed below.

Security fixes and rewards:

Congratulations again to community member Sergey Glaznov for the first submission to Pwnium!

[Ch-ch-ch-ch-ching!!! $60,000] [117226] [117230] Critical CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey Glazunov.

While it may take a while for these security updates to get integrated into a future release of the browser, if you’re a fan of installing iterative versions of Chrome, you can get all of the details on the changelog here.

As we noted last week, Google is building a great relationship with developers by having programs like this, and also keeps nasty hacks out of the public eye. Developers must submit their security exploit directly to Google without sharing it with anyone else first. If they publicized the exploit, they wouldn’t be able to claim a prize. That’s super smart on Google’s part.

Google plans on giving up to $1M in total rewards during the event, in increments of $60k, $40k, and $20k, depending on the level of the hack. Apparently Glazunov’s was a big one, netting the Russian student a top prize in the category of “Full Chrome exploit”.

Making sure that you have the most secure browser on the web means that you need a whole lot of people doing continual security audits and QA. While Google surely has this experience and capability in-house, the company like to challenge outsiders to find holes in its Chrome browser, and give money away to those who do.

For a little over two years, the Chrome team has had a “Chromium Security Rewards Program” that offers pretty sizable monetary rewards to developers who find security holes and bugs within its browser and increases the reward for those who successfully create a fix for the issue they find.

At the CanSecWest security conference in Vancouver from March 7th-9th, Google will be sponsoring a challenge to exploit Chrome with a total of $1M being given away in the following categories:

$60,000 – “Full Chrome exploit”: Chrome / Win7 local OS user account persistence using only bugs in Chrome itself.

$40,000 – “Partial Chrome exploit”: Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows sandbox bug.

$20,000 – “Consolation reward, Flash / Windows / other”: Chrome / Win7 local OS user account persistence that does not use bugs in Chrome. For example, bugs in one or more of Flash, Windows or a driver. These exploits are not specific to Chrome and will be a threat to users of any web browser. Although not specifically Chrome’s issue, we’ve decided to offer consolation prizes because these findings still help us toward our mission of making the entire web safer.

By holding this type of challenge, Google gets to build a much better relationship with hackers and developers and keep the exploits away from those with nefarious intentions. The company is also giving away a Chromebook to all of the winners, a great way to get these security experts relying on Google’s technology platform even more.

To be able to win the prizes, participants must submit their exploits directly to Google and not anywhere else first, such as publishing them on a blog or sharing them in the press.

It looks like Go Daddy isn’t the only company drawing ire from the Internet over support for the Stop Online Piracy Act (SOPA). Sony also supports the act, and Anonymous isn’t too pleased about it.

The hacker group posted a messaging threatening an attack against Sony as well as Sony recording artists that include Justin Bieber and Lady Gaga, if the company continues to support SOPA:

Hello, SONY.

We are Anonymous.

It has come to the attention of the Anonymous activist community that you have chosen to stand by the Stop Online Piracy Act. This act will halt online businesses and restrict access to many sites for many users. Supporting SOPA is like trying to throw an entire company from off a bridge. Your support to the act is a signed death warrant to SONY Company and Associates. Therefore, yet again, we have decided to destroy your network. We will dismantle your phantom from the internet. Prepare to be extinguished. Justice will be swift, and it will be for the people, whether some like it or not. Sony, you have been warned.

To those doubting our powers. We’ve infiltrated the servers of Bank of America, The United States Department of Defense, The United Nations, and Lockheed Martin. In one day.

For their approval to SOPA, we have also declared that our fury be brought upon the following persons. Justin Bieber. Lady Gaga. Kim Kardashian. and Taylor Swift.

Operation Blackout, engaged.
Operation Mayhem, engaged.
Operation LulzXmas, engaged.

We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.

Supporters of SOPA, you should’ve expected us.

If the letter didn’t creep you out enough, check out the video that went along with it:

Anonymous was said to have targeted Sony’s PSN earlier this year, but refuted its involvement in the attack. According to an updated list of SOPA supporters, the Electronics group at Sony is no longer listed, but will that be enough to keep Anonymous away from PSN?

Two weeks ago, Anonymous put out a message in regards to SOPA saying “We’ll Deface The Internet In Protest”. It looks like the internet starts with Sony, according to this threat.

If you have any doubt whether this type of “hacktivism” works, check out what’s going on over at Reddit. Not only has the community gone after Go Daddy, it’s now targeting congress, and anyone else who supports SOPA for that matter.

Will Anonymous successfully scare Sony away from supporting SOPA? Tell us what you think in the comments!

If you’ve taken a lot of photos using Instagram and are looking for a new way to share them, the Boston Music Hack Day app “Carousel” might be right up your alley, developed by hack day participant Johannes Wagener.

If you’re familiar with the show “Mad Men”, there’s an episode where Don Draper creates a marketing campaign for Kodak, in which he tells a story while going through slides on what he calls a “Carousel”. If you’ve never seen it, it’s worth watching the video clip before trying out the app.

With Carousel, you can pull in your Instagram photos and let Don Draper give his best sales pitch using your favorites.

The photos appear on the screen, as if you were a part of the infamous “Mad Men” meeting.

Alternatively, you can record your own soundtrack for the presentation. This is a fun mash-up, giving you a new way to display your photos to friends and family.

Be sure to check out my “Carousel” presentation, and share your own in the comments.

➤ Carousel

At a recent Music Hack Day in Boston, developers got together to play around with new technology and popular platform APIs like Spotify‘s.

Some of the apps were very basic, yet powerful, and some need a coat a paint on them before they get presented to the masses. And then there’s Spartify.

Spartify is a web app that gives control to multiple people to create a music playlist on the fly, using Spotify.

Developed by Andreas Blixt and Ricardo Vice Santos, Spotify lets you set up a “party” and turn the music choices over to everyone with the party code. The idea is genius.

Here’s how the duo explains Spartify:

Host a Party and let guests choose what songs to play on Spotify. No more huddling in front of one computer or messing up the queue! What if they’re all drunk? Don’t worry, We’ll fill it up for ya!

Set up a Spotify House Party

By simply clicking “Start a Party”, you are given a code to give out to your friends that they can enter from any computer or mobile phone on the Spartify site.

Your friends are then presented with a search box that uses Spotify’s API, and each track it finds has a +1 button next to it. By clicking the +1, you add the track to the party playlist.

All you have to do is set one computer as the host, and the Spotify desktop app will open up and play with Spartify tells it to. Your friends can even tap the +1 on songs in the playlist to promote it to the top of the list. If people start drinking too much and stop requesting tracks, Spartify will play similar tracks no matter what.

The app uses The Echonest API which is being extremely popular with hackers who are playing around with music technology and apps. It provides aggregated data with a smart layer on top of it, which lets recommendation come to life combined with apps like Spotify.

The next time you’re having a party, you might want to forget about iTunes, since you have to pay for each track. Having the huge Spotify database at your disposal during any party will make sure the beat goes on and on.

➤ Spartify

Even if you’re not a Facebook developer there has been a “hack” of sorts in place to become a developer and gain early access to your Facebook timeline, if you didn’t want to sign up and wait.

At this time, it is not known if Facebook’s Timeline will be available to everyone on October 19th, but as you can see by the screenshot above, Timelines will be published publicly on that date. However, when most of us were getting our Timeline, we weren’t shown a date at all, so this is a recent update from Facebook.

We’ve reached out to Facebook for more information about the Timeline launch, but have yet to hear back. We will keep you updated.

UPDATE: According to Liz Gannes, you are given a 7 day grace period before publishing your Timeline. This date may just be that. The tip came in last night, so when we tested today, we both saw the 19th. However, the tipster was outside of the US, thus it was 7 days previous to the 19th for him at the time. We will continue to monitor Timeline’s arrival.

Thanks to @JPKing88 who spotted this and tipped The Next Web.

Fox has found itself the target of a hacking campaign once again after attackers managed to compromise the Fox News Politics Twitter account and used it to spread misinformation that the US President had been shot and killed.

Hacking group the “Scriptkiddies” claimed responsibility for the hack, immediately tweeting the following message:

Fox news politics hacked by the scriptkiddies! http://t.co/6yZDcTS more embarrassment for FoxNews is imitate.

Whilst the group doesn’t affiliate itself with the loose online collective Anonymous, or the now disbanded LulzSec, Scriptkiddies reached out to the former to extend its support, offering help with the now infamous “AntiSec” campaign. It also followed closely in the steps of LulzSec by directing visitors to the group’s official Twitter account which, unlike its more established and revered predecessors, was suspended within hours of the account being popularised.

The group quickly set up a new account, which at the time of writing contains one tweet:

Our old twitter was suspended @TheScriptKiddie here is the new, hopefully permanent, address. @FoxNewsPolitics just hacked.

With full control of a Twitter account with 33,000 followers, the Scriptkiddies group began a campaign of misinformation which first attempted to trick followers into believing the account was back in Fox News’ control, before reporting that President Obama had been shot and had then died:

As America wakes up to celebrate Independence Day, many could be duped into believing the President had been gunned down, especially as they would believe news was being reported by a reputable outlet with an established following.

Also, as we published this report, the group deleted tweets detailing the hack so that the news would appear more authentic.

The group links back to 4chan, a site which is widely reported to house many members that associate themselves with the Anonymous collective, following advice from one such member which suggested they do the following:

If you had tweeted some fake news (i.e. Fox News sources say Obama died of a heart attack this evening), it would have had a bigger impact. Just saying. Others would have taken it over and sourced it to Fox News.

It is not known whether Fox News is aware of the compromise, we have reached out to them for comment.

Update: Think Magazine, a campus publication from Stony Brook University, scored an interview with the attackers:

“I would consider us to be close in relation [to Anonymous], 2 of the members of our group were members of Anonymous,” said a representative of The Script Kiddies, who, for reasons that should be quite clear, asked to remain, yes, anonymous. “I was a member of Anonymous. We hope to be working with them soon.”

We are looking to find information about corporations to assist with antisec. Fox News was selected because we figured their security would be just as much of a joke as their reporting. It will be a never ending battle

The names change from time to time like LulzSec and Anonymous or Script Kiddies. But [there] will always be a group of people that need to stand up for everyone else and attempt to keep the government in balance with it’s people. Without groups like Anonymous, what is there to prevent corruption?