Tagged with twitter

Sep 25 2009
Technology

Effortless infection

Twitter can be bad for your computer’s health – as can the NY Times.

Twitter’s shortened urls are making it easier for online criminals to get people to visit malicious web pages and infect their computers. With only 140 characters to play with in a tweet, twitterers use a service such as bit.ly to compress web links – this one http://bit.ly/21nu7v shows the potential results.

The shortened web link looks innocent but, until you click it, even the most web-savvy users doesn’t know where it’s going. If it’s a site that requires the user to do something silly – like taking the bait of a virus scanner that says your PC is infected and takes your cash to clean it up – then Twitter has made it more likely that some users will fall into the trap.

But if the site exploits a bug in your operating system or browser to install a password-stealer or other malware, then even the most experienced web user is caught.

And another angle of attack has appeared – the baddies have snuck malicious adverts onto Google’s DoubleClick ad distribution network, ending up on the NY Times web site. In this attack, users were tricked into buying useless antivirus software – but it could have been a direct attack on a bug in your PC.

The moral of the story is not only to be on the alert for scams, but to keep your PC fully patched and updated and to use a web filtering service to block bad web sites. We’re pushing this hard at Conosco for our business customers as part of our IT support services, but consumers are pretty exposed here – automatic PC updates don’t always work and firewall-level web filtering isn’t on offer.

Tagged ,
Jul 21 2009
Technology

The Twitter hack – the frailty of the cloud

The details emerging from last week’s hack of Twitter’s corporate documents should worry anyone who uses web-based applications – GMail, Google Docs, Salesforce.com and so on.

TechCrunch has an in-depth account of the hack which is required reading if you’re using such services. Here’s their summary. ‘HC’ is Hacker Croll, a curious but not malicious – nor especially brilliant, worryingly – French geek:

  1. HC accessed a Twitter employee’s personal Gmail account by using the Gmail password recovery feature that sends a reset link to a secondary email address. In this case the secondary email was an expired Hotmail account so he simply registered it, ran the password recovery, picked up the Gmail email in Hotmail, clicked the link in it and reset the Gmail password. Gmail was then owned.
  2. HC then read the user’s emails in Gmail to find one confirming his registration with a new site and containing his email for that site; assuming correctly that the user used the same password for all his sites, HC now had his original Gmail password and reset it in Gmail so the user would not notice the account had changed.
  3. HC then used the same password to access the employee’s corporate Google account, getting access to a gold mine of sensitive Twitter company information from emails and, particularly, email attachments.
  4. HC then used this information along with additional password guesses and resets to take control of other Twitter employees’ personal and work emails.
  5. HC then used the same username/password combinations and password reset features to access AT&T, MobileMe, Amazon and iTunes, among other services. A security hole in iTunes gave HC access to full credit card information in clear text. HC now also had control of Twitter’s domain names at GoDaddy.
  6. Even at this point, Twitter had absolutely no idea they had been compromised.
Tagged ,
Mar 05 2009
Technology

Obama’s CIO

Obama has appointed a technologist who’s already used YouTube, Twitter, wikis and Google to streamline government departments’ IT and cut costs.

Vivek Kundra slashed the planned cost of an intranet by 97% by using Google Sites and moved 38,000 employees of Washington DC to Google Apps.

Google’s plans for world domination just leapt forward…

Tagged , , ,
Follow

Get every new post delivered to your Inbox.