header image

Categories

HACKERS GOT INTO TWITTER ACCOUNTS

Twitter says it was hammered by a “sophisticated” cyber attack similar to those that recently hit major Western news outlets, and that the passwords of about 250,000 users were stolen.

“This attack was not the work of amateurs, and we do not believe it was an isolated incident,” Twitter information security director Bob Lord said in a blog post on Friday

iPhoneShop.net - The best iphone accessories at the best prices

Lord referred to an “uptick in large-scale security attacks aimed at US technology and media companies” as he told of Twitter detecting attempts this week to get unauthorised access to data in the firm’s network.

The attack coincided with the revelation of several high-profile security breaches. The New York Times and The Wall Street Journal said this week that they had been hacked, and pointed to attackers from China.

Twitter did not confirm the source of the intrusion.

But Lord noted that “the attackers were extremely sophisticated, and we believe other companies and organisations have also been recently similarly attacked”.

He said that Twitter shut down a live attack as it was in process.

But cyber attackers may have gained usernames, email addresses, passwords and other data.

As a precaution, Twitter invalidated passwords of accounts at issue and sent people email messages telling them to create new passwords.

Twitter announced in December that the number of active users of the service had topped 200 million, in a sign of soaring growth.

The one-to-many messaging platform is a popular tool used by people around the world to share thoughts, views and news in real time, typically from mobile phones and sometimes in the heart of protests or upheaval.

It was unknown whether the cyberattack on San Francisco-based Twitter was related to high-powered hacker assaults on the Times and the Journal.

The recent series of brazen cyberattacks on America’s most high-profile media outlets has revived concerns over Chinese hackers, who analysts say are likely linked to the secretive Beijing government.

The Times and the Journal reported that their computer networks had been compromised, alleging it was an effort by the Chinese government to spy on news media operating in the country.

US Secretary of State Hillary Clinton said on Thursday that there has been an increase in hacking attacks on both state institutions and private companies.

“The breach at Twitter is yet another wake up call – have we had enough yet?” said Mike Lloyd, chief technology officer at security firm RedSeal Networks.

“Attackers are clearly a step ahead of most defenders – it’s a war between corporations and data thieves, and we’re losing.”

AFP

ProtectCom - Internet Monitoring Software and Surveillance Software

Sourced & published by Henry Sapiecha

Private photos of facebook founder Mark Zuckerberg uploaded to his Facebook have leaked oot into the public internet following the discovery of yet another security flaw, one of the many that have plagued the social networking website since its inception in February 2004.

The flaw, which Facebook has acknowledged, appears to have first been posted about on a body building forum along with step-by-step instructions on how to obtain access to the private photos of any Facebook user.

The forum post has since been deleted and upon discovering the security flaw, Facebook said it “immediately disabled the system” used to obtain private photos and would only “return functionality” once it had confirmed a fix.

The flaw “allowed anyone to view a limited number of another user’s most recently uploaded photos irrespective of the privacy settings for these photos”, Facebook said in a statement, and was “the result of one of our recent code pushes”.

It was live for “a limited period of time”, it added.

One of the photos extracted from Facebook founder Mark Zuckerberg’s profile shows him holding a chicken upside down as if it were dead. Another shows him holding two plates, one with what looks to have battered chicken on it and the other, thinly-sliced potato chips.

If reports of Mr Zuckerberg only eating meat he has killed are anything to go by, it’s likely the chicken was slaughtered.

Other photos show him with “Beast”, his fluffy white dog, and girlfriend Priscilla Chan at their home.

There are also photos of Mr Zuckerberg with friends while eating and drinking, with US President Barack Obama and with children in costumes, likely taken during Halloween in the US.

Facebook has had a long history of access control vulnerabilities, especially around unauthorised access to photos, said Ty Miller, chief technology officer at the Australian security firm Pure Hacking.

In December 2009 a privacy overhaul of the social networking site saw almost 300 photos of Mr Zuckerberg and his friends as well as his calendar and wall posts made public to even non-friends. His access privileges were revised to “friends of friends” following reports of the photo treasure trove.

“Facebook users should expect variations of this type of security flaw to continue into the future,” Mr Miller said. “As a precaution Facebook users should ensure that they only upload content … that won’t negatively impact them if it is leaked.”

He added that the social networking giant should ensure that penetration tests were performed on all updates to the site to ensure that vulnerabilities like the recent one were detected prior to being released to the public.

Sourced & published by Henry Sapiecha

Germany puts access

limits on Facebook

January 26, 2011

FACEBOOK, which faces potential fines for violating privacy laws in Germany, has agreed to let users there better shield their email contacts from unwanted advertisements and solicitations.

After discussions which dragged out for more than six months, Facebook, which has more than 10 million users in Germany, agreed to modify its ”friend finder” service. Users will be better able to block Facebook’s ability to contact people, including non-Facebook users culled from a user’s email address books.

Tina Kulow, a spokeswoman for Facebook in Hamburg, said users in Germany would be advised that the site could send solicitations to people on their mailing lists if they uploaded their address books to friend finder.

Facebook is the second US internet business to modify its operations to suit German privacy laws, which give individuals extensive control over personal data.

Last year, Google, which also faced fines, let Germans exclude photos of their homes from its ”street view” photographic map archive before the service went live.

Like Google, Facebook changed its operation after Johannes Caspar, the data protection supervisor in Hamburg, began a review of the company’s practices. Violations of German privacy law carry penalties of up to €300,000 ($412,000), though adverse publicity can be more damaging.

Mr Caspar said his office had received ”many, many complaints” during the past six months from Germans who had never used Face- book but were receiving solicitations because their email addresses had been siphoned from friends.

The issue took on political overtones when the German data protection commissioner, Peter Schaar, and the consumer protection minister, Ilse Aigner, criticised Facebook for disregarding privacy laws.

Mr Caspar’s office initially demanded that Facebook deactivate its friend finder service in Germany. But in a compromise, Facebook has agreed to explain the features of friend finder prominently and to tell users how to limit its ability to gain access to contacts and to store them.

The New York Times

Sourced & published by Henry Sapiecha


Let the hacking begin:

Zuckerberg targeted

Louisa Hearn

January 26, 2011 – 1:39PM

Mark Zuckerberg's fan page: 'let the hacking begin'.Mark Zuckerberg’s fan page: ‘let the hacking begin’.

The fan page of Facebook founder Mark Zuckerberg looks to have been targeted by hackers, who penned a message from the billionaire himself suggesting Facebook be turned into a charity-focused business.

Although the message was swiftly removed, technology websiteTechCruch said it had captured a screen shot of the message that had already attracted 1803 likes and 438 comments.

The idealistic comment began with the words: “Let the hacking begin” and contained a link to a Wikipedia page about social businesses with references to Nobel prize winner Muhammad Yunus.

“If facebook needs money, instead of going to the banks, why doesn’t Facebook let its users invest in Facebook in a social way?” read part of the message.

Facebook has not yet responded to inquiries about the comment or its origins, but the social networking site has recently been the target of criticism owing to the escalating number of scams tailored specifically to its members.

A survey conducted by security company Sophos this month asking more than 1200 computer users which social network they felt posed the biggest security risk, found that Facebook ranked ahead of its peers by 82 per cent of respondents.

“One thing is certain, and is unlikely to be news that’s welcomed at Facebook HQ. There is a growing perception out there that Facebook isn’t the safest of places to be,” wrote Sophos senior technology consultant Graham Cluley in a recent blog post.

Some of the key threats recently highlighted by Sophos are rogue applications or survey scams that pop up from users’ own Facebook friends who have been tricked into clicking on an interesting looking news headline or YouTube video that then duplicates to everyone in their friend’s list. It then directs them to click on a website or survey, or inadvertently download malware.

One of the offenders now doing the rounds is a fake application that promises to let you see who has been viewing your profile.

Other Facebook scams have been created to target specific individuals, and then take over their accounts, telling friends they are overseas, have been robbed and are in urgent need of money.

Paul Ducklin, head of technology for Sophos Asia Pacific said fan pages such as Zuckerberg’s often granted a large number of company staff the ability to log in.

“Even if everybody with access to the page is straight-as-a-die honest, they could be keylogged, accidentally leave the page logged in, and all sorts of other things could go horribly wrong. The chain is only as strong as weakest link,” he said.

“Facebook does like to be compared to a country, but the flip side of that is how you actually provide for your citizens in terms of things like a bill of rights or a police service.

“If they set higher standards – for example requiring application developers to identify themselves in a way that is likely to be traceable – that would be slightly less convenient and less open but would be hell of a lot better for its 500 million strong community,” said Ducklin.

Sourced & published by Henry Sapiecha