Share This

Monday, 10 May 2010

Twitter hit by major disruption

Twitter screenshot 
The fllaw could have been exploited by spammers 
 
Twitter has fixed a major bug that saw many users of the service appear to lose all of their followers and friends. 

The problem began when a flaw was uncovered that allowed people to force others to "follow" them on the site.

People who typed "accept" followed by a person's Twitter name forced the user to be added to their list of followers.

The hack was quickly passed around the social network with many people using it to force celebrities to follow them.

It could have easily allowed spammers to insert messages into thousands of accounts.

Web flaw
  Twitter quickly closed the loophole but was forced to temporarily reset many accounts as it cleaned up the damage. The reset made it look like many users had no followers and were also following no one.


"We identified and resolved a bug that permitted a user to 'force"' other users to follow them," the site said in a blog post.

People were still able to use the service during the disruption.

Twitter allows users to post messages - known as tweets - up to 140 characters long.

People can see what others are writing by choosing to "follow" them. However, unlike many social networks, both parties do not have to reciprocate the friendship.

The new bug allowed many people to force celebrities, such as Lady Gaga, to follow them by simply typing "accept @ladygaga".

This would make it appear that Lady Gaga had chosen to follow them and would also inject a user's tweets into the singer's feeds.

The flaw only worked on the website and not through third-party software used to access the service, such as Tweetdeck.

Twitter has exploded in popularity since 2007, when it was launched, and now has more than 100 million users.
News of the flaw follows the discovery of a recent high-profile security bug at Facebook, another poster child of the social web.

The exploit - now fixed - exploited the site's privacy settings and allowed users to eavesdrop on their friends' live chats and see their pending friend requests.

Newscribe : get free news in real time 

Saturday, 8 May 2010

Five hidden dangers of Facebook

Facebook claims that it has 400 million users. But are they well-protected from prying eyes, scammers, and unwanted marketers? 

Not according to Joan Goodchild, senior editor of CSO (Chief Security Officer) Online.

She says your privacy may be at far greater risk of being violated than you know, when you log onto the social-networking site, due to security gaffes or marketing efforts by the company.

Facebook came under fire this past week, when 15 privacy and consumer protection organizations filed a complaint with the Federal Trade Commission, charging that the site, among other things, manipulates privacy settings to make users' personal information available for commercial use. Also, some Facebook users found their private chats accessible to everyone on their contact list--a major security breach that's left a lot of people wondering just how secure the site is.

In two words, asserts Goodchild: not very.

On "The Early Show on Saturday Morning," Goodchild spotlighted five dangers she says Facebook users expose themselves to, probably without being aware of them:

  1. Your information is being shared with third parties
  2. Privacy settings revert to a less safe default mode after each redesign
  3. Facebook ads may contain malware
  4. Your real friends unknowingly make you vulnerable
  5. Scammers are creating fake profiles
Below is an edited transcript of the interview.

Is Facebook a secure platform to communicate with your friends?

Here's the thing: Facebook is one of the most popular sites in the world. Security holes are being found on a regular basis. It is not as inherently secure as people think it is, when they log on every day.

Certainly, there are growing pains. Facebook is considered a young company, and it has been around a few years now. It is continuing to figure this out. They are so young, they are still trying to figure out how they are going to make money. It is hard to compare this to others; we have never had this phenomenon before in the way [so many] people are communicating with each other--only e-mail comes close.

The potential for crime is real. According to the Internet Crime Complaint Center, victims of Internet-related crimes lost $559 million in 2009. That was up 110 percent from the previous year. If you're not careful using Facebook, you are looking at the potential for identity theft, or possibly even something like assault, if you share information with a dangerous person you think is actually a "friend." One British police agency recently reported that the number of crimes it has responded to in the last year involving Facebook climbed 346 percent. These are real threats.

Lately, it seems a week doesn't go by without some news about a Facebook-related security problem. Earlier this week, TechCrunch discovered a security hole that made it possible for users to read their friends' private chats. Facebook has since patched it, but who knows how long that flaw existed? Some speculate it may have been that way for years.

Last month, researchers at VeriSign's iDefense group discovered that a hacker was selling Facebook usernames and passwords in an underground hacker forum. It was estimated that he had about 1.5 million accounts--and was selling them for between $25 and $45.

And the site is constantly under attack from hackers trying to spam these 400 million users, or harvest their data, or run other scams. Certainly, there is a lot of criticism in the security community of Facebook's handling of security. Perhaps the most frustrating thing is that the company rarely responds to inquiries.

Do people really have privacy on Facebook?

No. There are all kinds of ways third parties can access information about you. For instance, you may not realize that, when you are playing the popular games on Facebook, such as FarmVille, or take those popular quizzes--every time you do that, you authorize an application to be downloaded to your profile that gives information to third parties about you that you have never signed off on.

Does Facebook share info about users with third parties through things such as Open Graph?
Open Graph is a new concept for Facebook, which unveiled it last month at its F8 conference. It actually is basically a way to share the information in your profile with all kinds of third parties, such as advertisers, so they can have a better idea of your interests and what you are discussing, so Facebook can--as portrayed--"make it a more personal experience."

The theory behind Open Graph--even if it has not implemented it--is its whole business model, isn't it?

That is the business model--Facebook is trying to get you to share as much information as possible so it can monetize it by sharing it with advertisers.

Isn't it in Facebook's best interest to get you to share as much info as possible?

It absolutely is. Facebook's mission is to get you to share as much information as it can so it can share it with advertisers. As it looks now, the more info you share, the more money it is going to make with advertisers.

Isn't there also a security problem every time it redesigns the site?

Every time Facebook redesigns the site, which [usually] happens a few times a year, it puts your privacy settings back to a default in which, essentially, all of your information is made public. It is up to you, the user, to check the privacy settings and decide what you want to share and what you don't want to share.

Facebook does not [necessarily] notify you of the changes, and your privacy settings are set back to a public default. Many times, you may find out through friends. Facebook is not alerting you to these changes; it is just letting you know the site has been redesigned.

Can your real friends on Facebook also can make you vulnerable?

Absolutely. Your security is only as good as your friend's security. If someone in your network of friends has a weak password, and his or her profile is hacked, he or she can now send you malware, for example.
There is a common scam called a 419 scam, in which someone hacks your profile and sends messages to your friends asking for money - claiming to be you--saying, "Hey, I was in London, I was mugged, please wire me money." People fall for it. People think their good friend needs help--and end up wiring money to Nigeria.

A lot of Web sites we use display banner ads, but do we have to be wary of them on Facebook?
Absolutely: Facebook has not been able to screen all of its ads. It hasn't done a great job of vetting which ads are safe and which are not. As a result, you may get an ad in your profile when you are browsing around one day that has malicious code in it. In fact, last month, there was an ad with malware that asked people to download antivirus software that was actually a virus.

Is too big a network of friends dangerous?

You know people with a lot of friends--500, 1,000 friends on Facebook? What is the likelihood they are all real? There was a study in 2008 that concluded that 40 percent of all Facebook profiles are fake. They have been set up by bots or impostors.

If you have 500 friends, it is likely there is a percentage of people you don't really know, and you are sharing a lot of information with them, such as when you are on vacation, your children's pictures, their names. Is this information you really want to put out there to people you don't even know?
This interview, "Five Hidden Dangers of Facebook," was originally published on CBSNews.com.
 
Facebook flooded with fake profiles

Spammers and malware writers exploiting site to infect users

Up to 40 per cent of new Facebook profiles could be fictitious registrations created by spammers and malware writers to infect end users, security firm Cloudmark has warned.

Neil Cook, European head of technology services at Cloudmark, told vnunet.com that research carried out by the firm revealed that between 20 and 40 per cent of new profiles on the popular social networking site could be bogus.

Cook explained that, once set up with a portfolio of fake profiles, virus writers encourage users to click on links to malicious sites by including them on postings on other users' walls or blogs.

Another tactic is to try and get users to visit their profile pages through friend requests or personal messages. The profile page then redirects visitors to a malware site.

"Social networks are very collaborative so it's great for spammers and virus writers to attack," said Cook. "As soon as social networking took off, so did the attacks."
Cook also predicted that SMS spam would eventually seep into the UK market, spreading from China and other Asian countries.
 

Topics:

Privacy and data protection

Mother day Special: Made out to be a tyrant

AM 60 and still working so as not to be a burden to my three children, who give me some pocket money. I was the breadwinner/home-maker of the family when they were very young.


I’m conservative and I love my family. I love to see everyone sitting down for dinner at least once weekly, to enhance the family bond.

My younger son, who lives with me, is married to an Indonesian woman who would only come downstairs at about 1pm, when he wakes up for work. She will not acknowledge the presence of others in the house if they do not speak to her first. At times, she just walks past me as if I were a piece of glass.

She had been staying with us well before she married my son. I was not in favour of their marriage but gave in when my son insisted. I even signed as a witness for their registration.

Apart from sweeping the floor which I have swept and mopped before leaving for work, she hardly does any housework. She only cooks dinner when she feels like doing so. I do my husband’s and my own laundry, while my daughter does hers and helps with the housework when asked.

I speak and joke with my daughter-in-law when she wants to communicate, even though I do not like her, for which I cannot give any reason. I have never scolded her or shouted at her for not helping with the housework. Most of the time she stays in her room when I am in the house.

Once when I commented to my son that his wife was not helping with the housework, he retorted that since my daughter did not help, why should his wife do. He has been staying in the house for years but has never helped with the financial upkeep, or to clean it.

The first time we had a spat, my daughter-in-law left the house and only returned after three months. One morning, she kept quiet when I asked why she looked as if everybody had offended her. When asked further, she exploded, saying that I did not like her and so forth. I countered that I had never scolded or asked her to do anything and I had to accept the fact she was married to my son.

She is behaving as if I am the cause of her problems. My son condones his wife’s behavior. He has not advised her to respect her elders, or told her her duty and responsibilities in the house. I feel she is trying to tell me that she is the one in control.

My son seldom speaks to me now, and they’re planning to move out. It’s not that I cannot live without them; what really hurts is that despite trying to build a happy family I am being labelled a tyrant.

Tyrant

IT would be best for all when your son moves out. Having them in the house is creating too much tension and unhappiness.

Do not blame yourself or worry that you are deemed a tyrant. You are a great mother who has sacrificed much for your family. But perhaps your son and his wife feel that your earlier objection to their marriage marks your disapproval and dislike. This would have made them more sensitive to what you say and do. 

Your son must love his wife very much and has been trying very hard to protect her. However, he seems to lack maturity and understanding of the situation.

While you have been trying your best to accept your daughter-in-law, they prefer to stay at arm’s length and keep from being too close and warm. From the bad start, she might have felt unwanted and unwelcome in your home. She probably had been badly advised to stay aloof to avoid quarrels and altercations. And being so insecure about her position, she wouldn’t want to start her married life being treated like the housemaid in her husband’s house.

Your son and his wife should appreciate your trying so hard to hold the family together. They should also understand that you are only human and there would have been moments when you could not hold back your disappointment or disgruntlement. They could also have tried harder to fit in instead of acting like strangers in your house. 

You face a very common problem of trying to live with the daughter-in-law. Each of you has a story to tell as both sides try to justify words and actions. The best way is to simply accept your son’s decision to move out and wish them well.

If they have bought a house, be happy for them. Invite them back for the weekly family dinner, and be warm and gracious to your daughter-in-law. Treat her like family, and do not be overly polite. Hopefully, time will heal the rift. 

Thelma StarMag, Sunday May 9, 2010