Hacked

The appeals court has ruled against the Winklevoss twins in their suit against Facebook; going so far as to say, in so many words, the time for litigation to end has come. The twins’ next move? More, litigation, duh.

Join Baratunde Thurston (left), The Onion’s Director of Digital and author of How to Be Black, for an entertaining look at creative social media campaigns in our Social Media Marketing Boot Camp starting February 16. Other speakers include Morin Oluwole (Facebook), Tim Devane (bitly), and SocialTimes' writer Devon Glenn.   Register now.

If it ain’t one thing, it’s another: Mark Zuckerberg wasn’t even given a chance to rest the one week he wasn’t being sued by the Winklevoss twins: the dark horse with the previously laughable case has now earned the title ‘most likely to take a whole lot of Zuck-bucks.’

Distributed denial-of-service (DDoS) attacks were the hot topic at WikiLeaks and Online Civil Disobedience, a Social Media Week New York panel hosted by the Personal Democracy Forum and moderated by its editor and curator, Micah Sifry.

Speakers at the event, in order, were Deanna Zandt, author of Share This: How You Will Change the World with Social Networking; Evgeny Morozov, author of new book The Net Delusion: The Dark Side of Internet Freedom; and John Perry Barlow, co-founder of the Electronic Frontier Foundation. The event was held at Hearst’s Art & Culture Hub in Manhattan.

Zandt made it a point to differentiate between DDoS attacks and hacking, saying, “Denial-of-service attacks are not hacking. Hacking tends to be where systems are broken into and data are compromised. None of the business data or practices was compromised in any way. I do feel that DDOS is a civil form of disobedience.”

Speaking specifically about Anonymous, the group responsible for attacking several corporate Web sites in defense of WikiLeaks, she said, “In the past, Anonymous hasn’t done anything in this scale that was explicitly, overtly, hugely political,” adding that the group was made up of “chaos enthusiasts — they’re interested in the drama of chaos unfolding. It’s not as if there was this sleeper cell of people who were ready to attack this big, bad corporation.”

On digital activism in general, Zandt concluded, “I’m often very, very frustrated with what the face of actual digital activism looks like. We have the ability and the freedom to risk ourselves for the benefit of many who don’t. We can’t ultimately rely on these digital tools to do our dirty work. If governments and corporations can easily collude to disable our ability to communicate with one another, what is our response?”

Read more

Slate has a handy tool for Gawker readers who are concerned about whether their email addresses were compromised in the hacker attack on the latter this past weekend: Just go to this page and enter email addresses into the widget.

Neither Shit My Dad Says creator Justin Halpern nor his iconic dad just got a free Dell laptop: The Twitter feed was hacked, and clicking the link led to a Web site featuring a Wyoming woman who claims to be earning $6,595 per month part time, CNET reported, so packing your bags for Wyoming isn’t recommended, either, at least until ski season kicks off at Jackson Hole.

Hot on the heels of Firefox add-on Firesheep, which enables hacking into the accounts of mobile users of Amazon, Facebook, Twitter, Flickr, or Google, Katie Kindelan at sister blog Social Times reports on a new threat: Idiocy.

Idiocy was created by London-based software developer Jonty Warieing, according to Social Times, and it searches for users logged onto Twitter over unsecured Wi-Fi networks, hijacks their sessions, posts a Tweet warning the users that they are vulnerable, and links to a Web site explaining what happened.

For more, please see Kindelan’s post on Social Times.

Users who log onto Amazon, Facebook, Twitter, Flickr, or Google via open Wi-Fi networks are at risk of having their identities hacked due to a Firefox add-on called Firesheep, released by Seattle software developer Eric Butler at the Toorcon 12 security conference in San Diego, reports Katie Kindelan from sister blog Social Times.

The app — which Butler claims he created to expose the dangers of using public Wi-Fi networks to go online — has been downloaded nearly 50,000 times, according to Social Times.

There is a possible remedy, though, other than the obvious one of not logging on via Wi-Fi: Social Times reported that a TechCrunch user posted about another Firefox plug-in that blocks Firesheep, although the URL was not functioning at the time of this post.

Add “This you????” to direct messages via Twitter to avoid, or suffer the same fate as those who clicked on message with “lol, is this you,” “Lol. this is me??,” “lol , this is funny,” or anything similar, as the phishers are at it again, according to IT-security firm Sophos, as reported by Mashable.

Just like the attacks reported earlier this week, clicking the links brings users to fake Twitter pages that swipe their login information and use compromised accounts to send spam messages.

Sophos shared a video on the phishing attacks:

IT-security firm Sophos advises Twitter users to be extra wary of direct messages reading “lol, is this you,” “Lol. this is me??,” “lol , this is funny,” or anything similar, as they are part of a phishing attack, Mashable reported.

Phishers are using compromised accounts to send spam messages about Viagra via the microblogging service, according to Mashable.

Sophos provided further details in this video:

UPDATE AT 11 P.M. ET: Twitter director of trust and safety Del Harvey explained the reasons why some users of the microblogging service had to reset their passwords in a post on the Twitter Status Blog titled Reason #4132 for Changing Your Password. Highlights follow:

As part of our ongoing efforts to monitor our user base for odd activity, we noticed a sudden surge in followers for a couple of accounts in the last five days. Given the circumstances surrounding this, we felt it was best to push out a password reset to accounts that were following these suspicious users.

Torrent sites aren’t exactly “new”; however, this is one of the first times that we’ve seen an attack that came from this vector. It appears that for a number of years, a person has been creating torrent sites that require a login and password, as well as creating forums set up for torrent-site usage, and then selling these purportedly well-crafted sites and forums to other people innocently looking to start a download site of their very own. However, these sites came with a little extra — security exploits and back doors throughout the system. This person then waited for the forums and sites to get popular and then used those exploits to get access to the user name, email address, and password of every person who had signed up. Additional exploits to gain admin root on forums that weren’t created by this person also appear to have been utilized; in some instances, the exploit involved redirecting attempts to access the forums to another site that would request log-in information. This information was then used to attempt to gain access to third-party sites like Twitter. We haven’t identified all of the forums involved (nor is it likely that we’ll be able to, since we don’t have any connection with them), but as a general rule, if you’ve signed up for a torrent forum or torrent site built by a third party, you should probably change your password there.

Several Twitter users have received emails from the microblogging service, which Mashable reports are genuine, advising them that they need to change their passwords and supplying a link for them to do so.

The emails read: “Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset.”

The Next Web updated the situation, blaming user account @THCx:

We’re hearing unconfirmed reports from Twitter users that this might be in regard to a user account @THCx. A thread on Twitter’s support system recommends that users change their passwords immediately if they are currently following that specific Twitter account.

@THCx, supposedly a tips/tutorials service, has managed to gain access to over 42,000 user accounts in a matter of days and doesn’t appear to be following one.

Read more