Computer Security Articles

Kian Egan, a singer with the Irish boyband Westlife, has been forced to deny that he is leaving the chart-topping pop group after statements were posted on his Twitter account.

Egan had over 60,000 followers on Twitter, and the news would surely have plucked the heartstrings of his many young female fans:

it took my a very long time to come to this conclusion. I have had an amazing 12 years with the boys and wish them the best of luck in the future. The boys are going to continue as a three piece.

Egan claims, however, that the tweets were posted by a hacker who compromised his @KianEganWL account, which has subsequently been suspended.

He took to the Twitter account of his singer/actress wife Jodi Albert to blame a hacker for the posts announcing his retirement from Westlife.

@JodiWonderland
Jodi Albert
Hi Everyone Kian here on Jodi's account. I am NOT Leaving Westlife. Someone has hacked into my account. Trying to sort out my account now. X
April 22, 2011 7:28 pm via webReplyRetweetFavorite

Famous figures who have fallen victim to a Twitter hack in the past include Ashton Kutcher, Lil Wayne, Axl Rose, Britney Spears and plummy-voiced British TV property crumpet Kirsty Allsopp.

Even publications like the New York Times and humourous phenomenon ShitMyDadSays have fallen foul of hackers on Twitter.

It’s worth bearing in mind, however, that sometimes celebrities might have claimed to have been hacked on Twitter when in fact it’s quite possibly not true.

But if we take Kian Egan at his word, and believe that he was indeed hacked on Twitter, then he would be wise to take steps now to prevent it from happening again.

Remember, you should always choose a non-dictionary word that’s hard to guess as your Twitter password, and never use the same password on multiple websites.

Here’s a video where I describe how to choose a stronger password. Unfortunately it’s not like a Westlife video, as I don’t step up from my stool and make a dramatic key change towards the end..

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Also, be on your guard against phishing sites and ensure that your computer is running up-to-date anti-virus software to protect against keylogging spyware which may attempt to steal your information.

Finally, consider carefully which third-party applications and websites you allow to connect with your Twitter account.

A Twitter follower sent me this link to check out: www.hackfacebook.org

This page promises to retrieve the Facebook password from your cheating girlfriend or if you just have an insatiable desire to know everything about a person.

Are you ready for this? Let’s:

But don’t get too excited just yet! You need to fill out a survey:

Online surveys are just dumb questionnaires to get you to enter your cell phone number.

What is the big deal you may ask? Well, By entering your number in there you agree to a contract. It is very sneaky and well done courtesy of online marketers. Since most people don’t read the fine prints, they get stuck paying charges for something they never wanted in the first place.

This particular scam charges you $5 a week for ‘Amazing facts’ or you may call this garbage.

Jerome Segura

It’s been over a month since we wrote about fake Twitter email messages, and if it worked once for scammers, they’ll certainly try it again. Commtouch labs is seeing large quantities of – you guessed it – fake Twitter email messages, similar to the one here:

How can the uninitiated determine that it’s not a real message from microblogging service Twitter? Well, the typo in the subject and body give the first clue (it should say “2 direct messages” not “message” in the singular – but that’s just petty). The really easy way to tell is to simply mouse over the “twitter” URL and look for the real URL that will show up either at the bottom of the window, or right over the cursor, depending on your email program. If the real URL is not a Twitter URL, then it’s definitely a scam.

I can’t even tell you what this particular message was trying to get from its recipient since by the time I clicked the link — less than 24 hours after it had been received — the link was already dead. Past fake Twitter messages have been pharmacy spam, but since the site was already taken down it may have been phishing. A short-lived landing page is also a surefire sign that the email is not legit. Real web sites typically keep their landing pages around for a long time — practically forever, in fact — since no marketer wants to take the chance that someone will open their mail several weeks after its been sent and execute the sought-after act of clicking through, and then have this enchanted potential customer land on a non-existent page. Phishers and scammers, however, are always trying to outrun security software and the law, and one of the ways they try to do so is to keep their sites up for a very short time. The flood inboxes with messages linking to the ephemeral scam/phish landing page, and anyone that they can convince to click through in the short time the page is live, clicks, anyone after that short time the site is taken down has been saved from the scam simply by being slow to open their email.

Once again Twitter users are finding themselves hit by a fast-infecting attack, more commonly encountered by their Facebook-using cousins: a rogue application spreading virally across the network.

Thousands of Twitter users have fallen into the trap of allowing rogue third-party applications access their Twitter accounts, believing that it would tell them how many people have unfollowed them.

A typical message reads:

58 people have unfollowed me, find out how many have unfollowed you: [LINK] #rw2011 #duringsexplease #youneedanasswhoopin

See the hashtags? They appear to be currently trending phrases on Twitter – presumably the rogue applications are using them in the messages they spam out in an attempt to trick more users into clicking on the links.

If you do click on the link you are asked to give authorisation for a third-party application to access your Twitter account.

Don’t, whatever you do, press the “Allow” button. If you do, then a third party is now capable of tweeting messages in your name to all of your Twitter followers – which spreads the scam virally across Twitter and may result in one of your online friends also having their account compromised.

So, how do the scammers make money? That’s the next piece of the jigsaw.

You’re anxious to find out who has unfollowed you on Twitter. The scammers take advantage of that by presenting a webpage which looks as if it’s about to reveal that information – but is actually designed to make you take an online survey instead.

The scammers make money for each survey that is completed.

If you were unfortunate enough to grant one of these rogue applications access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Connections and revoking the offending app’s rights.

(Note that the scammers are using a variety of different applications – so you may see a different name from the one I picture above).

Don’t make it easy for scammers to make money in this way, and always exercise caution about which third party apps you allow to connect with your social networking accounts.

If you’re on Twitter and want to learn more about threats, be sure to follow Naked Security’s team of writers.

Delicious cake – for years, the symbol of a reward never to materialise.

This sad trend continues with the upcoming release of Portal 2, which – as you would expect – is prompting a rash of utterly fictitious cake designed to lure the unwary into mind bending puzzles of a three dimensional nature, or at least some surveys and a slice of malware.

Over the last few days, Twitter users have reported a huge wave of Portal spam.and this will no doubt continue to be an annoyance as excitement builds over the release. Much of the spam makes no sense, or mashes up random Portal related comments and lines.

See if you can spot the cake mention (yes, this cake was a lie too):


Click to Enlarge

A lot of these spambots were directing users to a “Portal 2 Loader” (hat tip to MrTom), which has been downloaded roughly 4,000+ times and appears to be a Portal 2 crack.


We’re still taking a look at this one, but personally I’d steer clear.

Elsewhere, we have dubious search results. Simply looking for “Portal 2 Still Alive” (you know, the catchy ditty sung by the smiley death robot at the start of the writeup) will bring you a liberal scattering of this:


Click to Enlarge

And also some of that:


Click to Enlarge

Many of the sites are currently down, but there’s a lot of dubious results in there so be careful (you can also bring up a bunch of them by searching for the songwriter, the awesome Jonathan Coulton). In a nutshell, any searches involving songs and a state of being alive may serve up some bad vibes in your general direction.

Are those “this site may harm your computer” warnings useful or what?

Anyway, we also have the usual Youtube suspects in the form of endless “Portal 2 keygen / crack” videos:


Click to Enlarge

Without fail, they’ll all dump you on cookie cutter blogs and file upload sites that want some surveys filling in:


Click to Enlarge


Click to Enlarge

Needless to say, filling in these surveys won’t give you a working crack – it’ll be a non functional dummy file or an infection.

I can tell you this much for certain, there definitely won’t be any cake.

There never is.

Christopher Boyd

Short URL services are problematic, and they are becoming even more so in combination with IP location technologies.

From twitter.com earlier today:



If you look closely, you’ll notice it’s one spambot, @olasher, replying to another spambot, @MorabsShimb3554. Lame, right?

Well, the @olasher account was too obvious, Twitter suspended the account within hours of its creation. The @MorabsShimb3554 is more subtle however, and attempts to fly under the radar (successfully so far) by asking the reader to “copy & paste” the ow.ly link.

The ow.ly short link directs through maxbounty.com, and from Finland, redirects to http://fi.toluna.com/Register.aspx, but with an affiliate ID attached, which is how the spammer hopes to make money.

There’s no good way of telling just how many sites the ow.ly link opens, it’s entirely subjective to the user’s point of origin (IP address) and the number of MaxBounty commissions.

Twitter has a very nice tool tip feature that attempts to help by expanding short URLs, but it too suffers from being USA-centric. The links displayed are based on twitter.com’s home IP address. It works great for legitimate links, but not always so well for spammy and/or malicious links, because results vary according to location.

And sometimes Twitter can’t expand to the end point for some other reason.

Let’s look at the link that was being pushed by @olasher:



It pointed to adf.ly, that’s another short URL service, one which attempts to monetize short URL with an advertisement that the viewer needs to click past.



From a Finnish based IP address, the adf.ly URL will open to legitimate sites such as Groupon’s citydeal.fi. Again, with an affiliate ID attached. There could be many dozens of variations within Europe alone.



Once you click to skip the ad, you’ll be directed to amazon.com.



And yes, there’s another affiliate ID on the iPad 2 page as well.

All of the links used in this example are rather harmless. Unfortunately, short URL services with IP location technologies and benign affiliate ID spam are just the tip of the iceberg. More malicious links are on the horizon.

So what can be done?

Feature suggestion to bit.ly et al. – disallow URL to other short URL services, there’s no real legitimate reason for this.

Short URLs are useful, please make them less so for spammers and scareware vendors.

You’ve probably heard by now that the US Department of Homeland Security is working on an overhaul of its terrorist alert system, which would involve, among other things, alerting people through Twitter and Facebook of changes to the threat level.

If you were one of the 140 individuals who took a poll on Internet Evolution last week then you definitely heard about this and even had an opinion on it. Wow!

We posed the following question to readers: “The US government may begin issuing terror alerts via Twitter and Facebook. Are you in favor of this new warning system?” Here’s the response we got:

A near-majority of poll-takers, 48 percent, said “Yes.” And, why not? As some people pointed out on the boards, a site like Twitter or Facebook is just another medium where lots of people gather. It seems like a no-brainer to leverage these widely read and highly trafficked channels in order to alert people to a crisis. Were the government to use Facebook and Twitter alone, that would be a different and more ridiculous story, but that’s not the case. The social networks would only get the alerts after state and local leaders had been directly informed.

So, great. I know I’m excited. But it’s worth considering why 36 percent of our seemingly skeptical respondents said “No,” they are not in favor of such a system, and why 16 percent aren’t sure.

Hmm… Ponder. Ponder.

Well, perhaps some people don’t think this will make much of a difference. Alan Reiter in a video blog on the subject notes that these alerts are all well and good, but they don’t help him feel any safer than he would otherwise (good for you, Alan, stay on guard!).

But, more than that, if we take into account how much misinformation is spread through social networking sites, it’s worth considering that there’s the potential for real disaster here.

Let’s say you see a Tweet or Facebook status saying the alert level is “Imminent.” Sure, any Internet Evolution user would know that we should be looking for the “Verified” Department of Homeland Security Twitter account, or the “Official” DHS Facebook page… but let’s say a very viable impersonator pops up and spreads word of terrorism? And then it spreads from there through many people, channels, trusted sources? The rapid spread of this “information” could cause mass chaos before the government or the social sites themselves even catch on.

Once people are informed that they can and should be looking on Twitter and Facebook for terrorist alerts, they will be looking, and the potential to misinform here is huge.

This is not to say that the government is wrong for looking to the Web’s most populated hangouts in order to constructively frighten people. Rather, it just points to a flaw inherent in the Internet, and the problem with leveraging every social tool for every use.

We’ve lamented before about the perils of using technology in ways such technology wasn’t intended to be used. Despite parties’ best intentions, as we’ve seen with the recent political uprisings, it doesn’t always work out.

Facebook and Twitter are unfortunately not equipped to stop every fake account and fake update in its tracks, and these instances are often not caught until it’s too late. They might be sites where hundreds of thousands of people gather to exchange information, but they are also places where people exchange a lot of wrong information. Factor in widespread terror threats, and the potential for chaos may be Imminent.

- Nicole Ferraro

Spam mails claiming to be from Twitter that send you to pharmacy sites are a popular wheeze for spammers, and here we go again.

Click to Enlarge

It seems I have “two PR messages from Twitter”. If that wasn’t enough to get me clicking (it isn’t), I can also join in on sports conversations, argue with bloggers and tell the World when I stumble into some form of natural disaster.

Hammering one of the many links will actually take me to 219(dot)84(dot)119(dot)56/afternoon(dot)html, which will send me to pharmacydrugstorehealthprofessionals(dot)net.

Click to Enlarge

All the Cialis you can eat!

That might not be a good idea though.

Bear in mind that spam blasts like the one above can sometimes lead to malware most horrid, so – as always – stay safe (and don’t go messing with random pills bought on the internet, either).

Christopher Boyd

It appears that a new Twitter scam is making its way in lots of innocent users twitter account. We call this a Profile Spy worm app. Its basically a rogue Twitter application known as Profile Spy which tricks Twitter users into believing that it can tell them who has been viewing their online profile.

If you happen to see below tweets put by someone you follow that means that the person you follow is infected by this worm. Profile Spy adds below tweets to infected users account:

Wow! See who viewed your twitter with Profile Spy.

The above tweet is followed by a link. Twitter users those who click on the link are asked to allow the application to access their profile and also update it. This is a good trick as it does not asks user for any password and simply asks for the permission to access the Twitter account just like other Twitter official applications. The user is shown below message in the browser.

Once the user gives Profile Spy full access to their Twitter account it then takes control of the account and posts the above tweet to the account. After that the application shows lots of popup and other scam page links some of them ask to fill out survey forms that tell you will win a price at the end. This goes on. All the advertisements and popup that are displayed by the worm are part of scam where the hacker (creator of the Profile Spy application) is going to gain out of it.

We recommend all Twitter users not to click on the link offered by Profile Spy. Those who are already affected by the scam can easily recover from it by following below steps:

1. Go to your “Profile”.
2. Select “Edit your profile”.
3. Then selet connections Tab.
4. List of applications accessing your profile will be shown.
5. click “Revock Access” for Profile Spy.

Also do not forget to remove the two posts that the applications add in to your tweets. This will make sure nobody else among your followers will falls victim to this worm by clicking on the link in the post.

Following Google and Facebook, on Tuesday this week Twitter added a new feature to its website: https access. Users can enable the secure access by going to their settings and check the box “Always use HTTPS” found at the bottom of the page.

Enabling this improves the security of your account by making the communication with the website secure as the communication gets encrypted. When using non encrypted WiFi connections, this prevents tools like Firesheep to take control over your session because the communication is now encrypted and only your browser is able to decrypt it.

Twitter mention in their blog that “in the future, we hope to make HTTPS the default setting”. At the moment, this is default for the login on Twitter and for the official applications for iPhone and iPad. And what happened with Android, Symbian and Windows Mobile?

Another problem is that the browsers on mobile devices accessing mobile.twitter.com are not able to switch automatically to a secure session even if the feature is activated. In order to use a secured session, you need to type in https://mobile.twitter.com. Twitter promised that they are working on a solution for this problem.

Sorin Mustaca
Data Security Expert

MX Lab, http://www.mxlab.eu, started to intercept a large spam campaign with the subject “Twitter – You have X unread message(s)”, where the X is a number from 1 to 3,  that leads to the U.S. Drugs web site. This campaign is slightly different from the previous campaign at the end of February 2011 but leads to the same pharmacy site.

The campaigns is send from the spoofed email address “Twitter <twitter-message-RECIPIENT=DOMAIN@postmaster.twitter.com>” where the recipients email address is included in the from address.

An example of the email:

The final destination of the URL:

More information regarding this site can be found at http://spamtrackers.eu/wiki/index.php/US_Drugs.

Data breaches happen to organizations of all shapes and sizes. A critical aspect of such security incidents is the manner in which the company handles public relations (PR), keeping affected customers appraised of the situation. Twitter, if used correctly by the organization, can be a powerful vehicle for dealing with this aspect of the breach.

Consumers Turn to Twitter During Site Outages

Microsoft and Psychster Inc. conducted research to explore how to use Twitter to reassure users during a site outage. Though the study looked at generic IT crises, we can learn from its findings how to use Twitter as a mass-scale communications platform during a data breach. The relevant findings of the study included:

• “Half of the respondents would consult a Twitter feed to get information about an outage.”
• The Tweets “tended to reduce negative feelings about the outage and increase the perception that the responsible company cares.”
• Users were less likely to contact customer support of the Tweets acknowledged and explained the situation—“but only when the tweets were made by an employee/social media manager rather than the company or its executives.”

We can reinforce these findings by observing how airlines, such as JetBlue, have been using Twitter to assist customers dealing with flight delays. In addition to assisting with itinerary logistics, such communications reassure customers that the company is looking out for their interests.

Twitter Can Help With Data Breach PR

An organization should be able to use Twitter appraise its customers how it is handling the data breach. Such Twitter communications might include:

• Acknowledging that the security incident occurred
• Clarifying what the company knows about the breach (who, what when)
• Explaining what the company is doing to investigate the incident and protect the users
• Offering tips for what the users might consider doing to protect themselves in relation to the incident
• Offering additional ways to get in touch with the company’s representatives using phone, email, etc.

Exercise Care With Twitter for PR

A few caveats regarding the use of Twitter for breach-related PR:

• Since Twitter limits the number of characters that can be incorporated into a Tweet, the company should consider hosting longer messages elsewhere—but not on the breach-affected infrastructure—and including the links in the Tweets.
• The company needs to establish a Twitter account in advance of the incident as a way of confirming the authenticity of the account. Twitter is setting up a “Verified Badge” program, but it is currently closed to the public; still, see if you can find a way to get the badge.
• The company should use a strong password for its Twitter account. It should also consider the security of the mechanism Twitter would use to reset the “forgotten” Twitter password to make it more difficult for an unauthorized party to take over the account.
• The company should consider how non-customers—such as the press, the intruder and government officials—will perceive its Twitter communications.

More on Incident Response

For additional tips regarding security incident response, see:

• Tips for Starting a Security Incident Response Program
• Initial Security Incident Questionnaire for Responders
• How Not to Respond to a Security Incident

— Lenny Zeltser

One of the great things about being British is that I have almost no idea who Kim Kardashian might be. It turns out that many Americans aren’t quite sure why she’s famous either.

In fact, I always thought the Kardashians were an alien race in Star Trek: Deep Space Nine.

However, according to the wonder of Wikipedia, I now know that Kim Kardashian is a model and reality TV star who rose to notoriety after she appeared in a sex tape. In fact, she’s so famous that she has over six million followers on Twitter.

Yesterday, Kim Kardashian posted a message on Twitter claiming that she had been hacked. Here’s what she tweeted to her many millions of followers:

Twitter please help me get my password back! How is it that I can tweet from my cell but my home computer says wrong password! #HACKED

Kim’s equally media-friendly sister Kourtney Kardashian also posted about the incident:

@KourtneyKardash
Kourtney Kardashian

Some stalker freak loser hacked @KimKardashian twitter and email. Its called 911 and its called get a life. So just beware of her tweets.

February 22, 2011 6:28 am via Twitter for BlackBerry®RetweetReply

Certainly, if Kim Kardashian had had her Twitter account hacked she wouldn’t be the first celebrity to have had problems in that area.

Famous figures who have fallen victim to a Twitter hack in the past include Lil Wayne, Axl Rose, Britney Spears and plummy-voiced British TV property crumpet Kirsty Allsopp.

Even publications like the New York Times and humourous phenomenon ShitMyDadSays have fallen foul of hackers on Twitter.

But was Kim Kardashian really hacked on Twitter as she claimed and thousands of her followers and celebrity chums retweeted?

It seems possible that she was mistaken. Her mobile phone still allowed her to post messages, including the one that claimed she had been hacked whilst she claimed was unable to log in via Twitter.com.

Is it possible that Miss Kardashian’s long fingernails caused her a little trouble entering her password, or that she’d simply forgotten what her password was, rather than her Twitter account had been hacked?

A few hours later, Kim Kardashian tweeted that normal service had resumed for her on Twitter:

My money is on user error rather than a genuine hack. After all, no abuse of her account appeared to occur – and the typical intruder would have found it impossible to resist posting a joke message or spammy link during the time when her account was allegedly “hacked”.

But if it was true that both her Twitter and email address were hacked, you would expect the contact details and email addresses of many celebrities to now be in the hands of hackers.

Should you be afraid if an imposter duplicates a friend’s Facebook account and connects with you on the social network?

@michaelgrayer
Michael Grayer

/@gcluley A facebook friend had her account duplicated and I accepted the imposter’s friend request (since unfriended). Should I be worried?

February 20, 2011 10:42 am via webRetweetReply

That’s the question I was asked on Twitter this weekend, and I thought rather than try and squeeze my response to Michael into 140 characters it probably warranted a few more bytes worth of attention.

The short answer as to whether you should be afraid or not, even if you have since unfriended the bogus user, is “possibly”.

First things first, why might someone have created an account in the name of somebody you know and attempted to trick you into accepting them as a friend? Here are some possibilities:

• Stalker. We don’t know who it is who is trying to enter your circle of friends on Facebook, but it could be someone who wants to track your activity without you know. Possibilities include a jealous partner you’ve fallen out with, a rival in love or business, or simply someone who has an unhealthy crush on you.Whatever their motive, someone stalking your online activities and able to read your newsfeed without your permission is creepy. Imagine, for instance, the possibility of coming to harm if you are using a service like Facebook Places which allows other users to determine your physical location.
• Identity thief. Your bogus Facebook friend may be interested in your profile because of the information you might be sharing up there.In the past we’ve discovered that many users are all too willing to share a dangerous amount of personal information with complete strangers on Facebook – such as their full date of birth, email address, and phone number. This is all information that could be useful to identity thieves.
• Spammer/Malware author. You’re more likely to open a message from a Facebook “friend” than a complete stranger, because you implicitly trust the person you believe has sent you the message. Therefore, if a bogus Facebook friend sends you a link to a webpage with an alluring enough title, you might well click on it.Don’t be surprised if you’re taken to a webpage containing adverts for improving your sexual performance, or a website carrying a malicious Trojan horse, a rogue Facebook application that tricks you into taking a survey, or even a bogus Facebook login page that attempts to phish your password from you.

So, imposters posing as your friends on Facebook can use the tactic to keep tabs on you, to steal personal information from you, and to try to spread malware and spam.

But more than that, they can use your acceptance of them into your network of friends as a springboard for connecting with others on Facebook too. For instance, imagine Bogus Ben manages to trick you into becoming Facebook friends with him. Bogus Ben can then approach your other friends, and the fact that he is already linked on Facebook to you effectively endorses him to them.

Don’t forget that anyone can create an account on Facebook which uses a bogus name, and scrape together some personal information and a photograph to make it a convincing fake identity to trick you into accepting their friend request. Websites like FriendsReunited and Classmates have made it easy to work out who individuals might have known years before, and give imposters a head start as to who they might want to pose as.

Of course, stalking, spamming, spreading malware and identity theft can all occur on Facebook without creating a bogus account. It’s also important to realise that cybercriminals have often hijacked genuine users’ accounts to spread these sorts of attacks too. So you may already have added a legitimate friend to your network on Facebook, only for their account to later begin to send you, for instance, spam-laden links

But to go back to the original question – should you be afraid?

Well, that rather depends on what information you share on your Facebook page, or whether you clicked on any links or ran any applications promoted by the imposter.

If you find that you’ve befriended a false Facebook friend, unfriend them immediately and warn your genuine friends about what happened in case they have also added them to their network. You should also check out our tips for better security and privacy on Facebook to make sure that you are following best practices to defend your account.

One thing you definitely need to learn is that it’s sadly just not possible to tell if you should accept someone’s friend request on Facebook just because you recognise their name. Everything on Facebook can be faked, and so the only way you can tell if a friend request was genuine or not is to speak (yes, in real life!) with the person who is trying to add you as a friend.

Otherwise, it might be an imposter, and their motive might vary from mischief to malice.

If you want to learn more about threats on Facebook, join the Sophos Facebook page where more than 60,000 people are benefiting from early warnings about the latest attacks.

Egyptian protesters have openly thanked social media’s role in the revolution against the country’s ruling government.

One protest leader, Wael Ghonim, said he wanted to meet Facebook CEO Mark Zuckerberg and thank him.

"This revolution started online," he said in an interview Friday on CNN. "This revolution started on Facebook."

But as a company, Facebook Inc. – and to a similar extent Twitter Inc. – has taken great pains to appear neutral about the uprisings in Egypt and elsewhere in the Middle East because taking too much credit could leave the Palo Alto company open to blame or being shut off from other countries.

And that, experts say, would not help its long-term business prospects.

"They don’t want to be put in the position where they are held responsible … if something negative or catastrophic happened," said David Bell, a professor of marketing management at the Wharton School of Business at the University of Pennsylvania. "They could be vulnerable to misinformation as well. People could be saying things (on Facebook or Twitter) that are not necessarily true."

Political influence

From the rise of President Obama to the fall of Egyptian President Hosni Mubarak, Facebook and Twitter have become major conduits for news, information and commentary that united grassroots movements to change and challenge governments.

In 2008, Obama’s successful run for the White House was helped by his campaign’s extensive use of social networking. At the time, Facebook had about 100 million members worldwide, a number that is now estimated at 600 million.

That same year, a young engineer in Colombia mobilized millions of people by starting a Facebook group to protest the rebel group Revolutionary Armed Forces of Colombia, known as FARC.

That call to action "showed how the power of an individual with a single, powerful idea and message can make things happen," said Lafayette social media marketing expert Andy Smith, who with wife Jennifer Aaker co-wrote "The Dragonfly Effect: Quick, Effective, and Powerful Ways to Use Social Media to Drive Social Change."

Twitter, the San Francisco microblogging service with more than 175 million members, played a key role in spreading news of a 2009 post-election protest in Iran. Social networking has also been a force in recent anti-government uprisings in Tunisia and Syria.

But the most dramatic use of social media by anti-government demonstrators came in the past month in Egypt.

Key Facebook page

An anti-Mubarak Facebook page started by Ghonim, a Google Inc. marketing manager in the Middle East, was credited with helping embolden millions of Egyptians to take to the streets to demand that Mubarak step down after three decades of authoritarian rule.

Even when the government made the unprecedented move to shut the country’s Internet connections with the outside world for several days, engineers from Twitter and Mountain View’s Google developed a "Speak-to-Tweet" service, giving people on the inside a way to send voice messages transmitted by Twitter.

Several memorable news photos showed handmade cardboard signs and wall paintings that read "Thank you, Facebook" in Arabic and English.

China concerns

Those photos and stories might not go over well in countries like China, which is seen as a potentially large new market for both Facebook and Twitter. Both are now blocked by the government, although Zuckerberg visited China in December.

"If they want to get into China, then they’d want to get somewhat of a good relationship with the government," said Zsolt Katona, a UC Berkeley Haas School of Business assistant professor who studies social networks.

Meanwhile, governments in Egypt’s neighboring Arab countries might view the "incursion" of Facebook, Twitter and Google as a symbol of U.S. interference in their affairs, said Smith, who runs Vonavona Ventures, a marketing consulting firm.

Also, Smith wondered if that golden feeling about Facebook in Egypt would remain if conditions in the country are worse in two years.

Showing restraint

Therefore, he said Facebook and Twitter executives need to remain circumspect with their public statements about Egypt as they "thread the needle" of international diplomacy.

Facebook – which frequently touts its corporate belief that more communication and social interaction will make the world a better place – has publicized how political groups and elected officials in the United States use the network. The company also has executives based in Washington, D.C.

Yet Facebook has repeatedly fallen back upon one basic, non-inflammatory statement about Egypt, issued when Internet access was cut:

"A world without the Internet is unimaginable. Although the turmoil in Egypt is a matter for the Egyptian people and their government to resolve, limiting Internet access for millions of people is a matter of concern for the global community."

A Facebook spokesman declined to comment further for this story.

Twitter list

Twitter last week posted a staff-picked list of Twitter accounts to follow that provided "perspectives from in and around Egypt."

However, a Twitter representative also declined to comment specifically about Egypt, although he noted that co-founder Biz Stone co-authored a company blog post with a carefully crafted generic message supporting freedom of expression:

"Some Tweets may facilitate positive change in a repressed country, some make us laugh, some make us think, some downright anger a vast majority of users. We don’t always agree with the things people choose to tweet, but we keep the information flowing irrespective of any view we may have about the content."

Americans’ dilemma

Involvement in international affairs has always been a pesky problem for American companies, especially for those that operate on an Internet that reaches into countries that operate under differing social norms and government restrictions.

"When you’re a global organization, the way you operate effectively in the United States may not be the way you can effectively operate in Egypt" or elsewhere, said Bell of the Wharton school. "For some of it, you almost have to figure it out on the fly."

Facebook and Twitter are quickly maturing into corporations that have similar public responsibilities as traditional newspapers because they are both conduits of vital public information and for-profit companies that depend on advertising for revenues.

So, Smith said, "they have to be seen as relatively neutral, but in favor of getting the truth out."

© Benny Evangelista, SFGate

With Valentine’s Day approaching, love is in the air — and Facebook scams are starting to get hot and heavy.

Cybersecurity researchers at the security firm Sophos have noticed timely Valentine’s Day-themed scams, including one that presents the chance to send a love poem to your special someone and another that promises to reveal who your Valentine date will be.

Love can make people do crazy things — including falling for these scams. Clicking on the links embedded in these appealing but rogue messages will take you to Facebook applications that try to sweet-talk their way into accessing your private information.

Sophos also ripped the covers off a scam that is tricking Facebook users in Italy into watching what they believe will be a salacious video of an Italian school teacher stripping.

Those lusting after the footage are sure to be disappointed. Embedded in the video’s “play” button is a malicious script that can allow a hacker to gain unauthorized access to the victim’s computer. And to add insult to injury, the video never plays.

Holiday or no, there’s one group that really doesn’t love Facebook: political dissidents.

A representative of Facebook’s public policy team told the British tech website The Register that Facebook’s stance on mandating that people register profiles with their real names is non-negotiable.

The policy has been blamed for allowing oppressive governments to easily identify and quash outspoken activists who’ve expressed their discontent via Facebook and Twitter.

In last month’s Tunisian protests, the government reportedly took down the Facebook pages of several high-profile journalists.

Aside from the scams and Facebook’s strong stance on using real names, some frightening news is emerging about Facebook’s effects on teenage girls.

A study of 248 girls ages 12 to 29 conducted by the University of Haifa in Israel reveals that the more time the girls spent on Facebook, “the more they suffered conditions of bulimia, anorexia, physical dissatisfaction, negative physical self-image, negative approach to eating and more of an urge to be on a weight-loss diet.”

© Matt Liebowitz, SecurityNewsDaily

Valentine’s Day is a favorite holiday of lovers — and hackers.

For years, cybercriminals have used Valentine’s Day as a way to spread spam and viruses using e-cards and offers of bogus gifts.

Today, hackers have another avenue of attack — social media.

That’s why Randy Abrams, director of technical education at Slovakia-based antivirus software company ESET, warns users to keep an eye out for anything that looks out of the ordinary around Valentine’s Day.

“Watch out for messages from friends that are not in their usual style of writing or conversation, especially if they have a link,” Abrams said. “If you get a message from a friend, talk to the friend before you click. That’s how you find out if the friend really meant to send the link.”

Because we don’t communicate the same way across all social-media platforms, hackers will use different methods to entice potential victims.

For example, Twitter has such a tight limit on message size that shortened URLs, which disguise Web links, are prevalent in all messages, good or bad.

Hackers will often use sensationalism in the message such as, “This is so cute!” or “This is really funny!” to encourage the recipient to click on the shortened URL.

Another approach, Abrams said, is a message received through a hijacked account. The message seems to come from someone you know, so there is an inherent trust in the message.

Abrams pointed out that in April of 2010, a hacker was selling 1.5 million compromised Facebook accounts. The odds are significant that at least one of those accounts belonged to a friend or a friend of a friend of yours — or it might have belonged to you.

And in February of 2011, rogue apps calling themselves “Valentine’s Day” and “Special Valentine” were roaming free on Facebook, duping users into taking money-generating surveys and opening up their friends lists so that the apps could spread further.

So if you think a friend’s account may be compromised, send a private e-mail or pick up the phone to ask if messages he or she sent are legitimate. And always ask friends to return the favor if they see suspicious behavior coming from your account.

Abrams also suggested avoiding the use of third-party vendors to send messages through social media if possible.

“For e-cards, stick with known vendors,” he said. “If you go to a gift shop and look at a greeting card, they have a website and they are in for the long haul. You can trust them.”

The bottom line is that the hackers are out to use you and your information to make money.

“If you click on a link, they might get paid for generating traffic to the website,” Abrams said. “If you fall for a phishing attack and give someone your password because you thought there was a problem with your account, they will steal your account and try to trick your friends into doing things that make them money. If you install an app or other software, they will take control of your computer and rent it out.”

Abrams made a suggestion for this Valentine’s Day. “The Web is a great facilitator, but never replaces a true heart-to-heart. Valentine’s Day is not about trivial clichés, it’s about true sharing. Talk to your friends and loved ones. Not just links, but real conversation.”

(© Sue Marquette Poremba, SecurityNewsDaily)

Tunisia’s “Twitter revolution” must have Egypt’s rulers worried. Reports came in Tuesday (Jan. 25) that access to the popular microblogging service was blocked even as thousands demonstrated in the streets of Cairo and other cities.

“mubarak regime is blocking internet access to us. keep spreading the word. we are being trapped #25jan,” wrote one Egyptian tweeter, referring to President Hosni Mubarak, who’s been in office 30 years. She added the hashtag “#25jan” used by supporters of the Egyptian protesters.

On Jan. 14, the dictator of nearby Tunisia, who had ruled for 23 years, fled the country after a month of protests. Angry Tunisians coordinated their efforts through Facebook and Twitter, even as the country’s security services tried to block them. (Read here how Facebook foiled those attempts.)

There was no indication that Facebook was blocked in Egypt Tuesday, but the Harvard-run HerdictWeb site showed a large number of Twitter outages in the country. Cell-phone outages were reported to be sporadic.

Tuesday is Police Day, a national holiday in Egypt, and citizens inspired by the events in Tunisia seized upon the occasion to protest decades of one-party rule, corruption and failed economic policies.

A new attack on Twitter users has been arriving as spam with a phishing link. It appears as a notification about an unread message from Twitter Support with a subject line such as “Twit 73-923.” The ending number can vary. The body of the message includes “You have [some number of] delayed message(s) from Twitter” and a link to a phishing site.

If you receive one of these emails, make sure to check where the link points to before clicking on it. To visit a page such as this (or any page even), it’s much safer to manually type the web address instead of clicking a link in an email. Links can easily be faked!

Users without protection who click on any of these links could infect their PCs or reveal their Twitter credentials.

We recommend you take advantage of either or both of McAfee’s TrustedSource™ reputation system and SiteAdvisor Technology to protect yourself against malicious phishing attacks and the sites that host them.

Tweet, search and surf safely out there!

View full post on McAfee Avert Labs

Twitter has been dealing with a denial of service attack this morning that has resulted in millions of users not receiving or posting tweets.

These days denial of service attacks typically are launched from botnets–large numbers of consumer PCs that have been infected with Trojans that wait to do the bidding of the “bot-herders” who manage them. The users of these machines may not know anything is wrong other than, “Gee, the Internet seems slow today.” Their Internet is slow because their computer is sending lots of traffic to the targeted site, in this case twitter.com. The bot-herders collect infected machines and then rent them out. Twitter is such a high profile site, it may be just a bot-herder or one of their customers wanting to show off the power of their bot net.

Is your computer a member of one of these botnets? It’s not easy for the average Internet user to find out. Seeing rapidly blinking lights on your cable modem even if you aren’t using your computer may suggest something is going on. But it could just be an updater downloading a new Firefox or operating system patch.

You may not be too worried about the state of Twitter. But you should Know that botnets can be told to do many things. They can be instructed, for example, to download keyloggers or other data stealing malware. The stolen data is then shipped off to collection servers where the bad guys can then use your bank username and password to steal money.

Keep your antivirus up to date and perform a full scan if you’re a little concerned.

Download and use SafeCentral if you want to bank and shop without the worry. SafeCentral users talk about this stuff here: community.safecentral.com.

Update:

It may be coincidental, but we saw a large increase yesterday in our virus-collection network. We received 200 times the normal average of emails with malicious attachments. One node, for example, went from 10 items to 2000 in a day. These were phony emails telling random recipients that a UPS parcel could not be delivered and asking the reader to “print out the attached invoice”. The attachment was not an invoice, it was a trojan.

Example of the email. Do not open the attachments in these emails if you get one!

We get some pretty interesting feedback from readers of Naked Security from time-to-time, but this one takes the word oddball to all new heights of space-hopperdom.

A fan of the SophosLabs YouTube channel sent us a message with an unusual request:

i love your videos man and i was wondering if you can hack back into twitter and have Taylor Swift follow me?

my twitter is [LINK] and hers is [LINK] incase you didnt know... but you probably did haha.
please write back...

Wow – that’s true fan dedication. I know Taylor Swift is very talented, but imagine being such a worshipper of the young country pop singer that you would beg a computer security firm to break into her Twitter account so she’d hear what you have to say!

I checked out our correspondent’s Twitter page. Judging by his wallpaper, he appears to be confirming his love for Taylor Swift, and may be hoping to jump in now that she’s split up from boyfriend Jake Gyllenhaal.

Unfortunately, though, this is one request from a Naked Security reader that we’re not going to be able to help with – however politely he phrased it.

All the other Taylor Swift fans out there (and there are plenty of them – over 5.2 million people follow the singer-songwriter on Twitter) should note that she only follows 50 people on Twitter herself. Your best chance of her showing you any interest is to become a celebrity yourself, catch her eye on the Nashville music scene, or get a job as her minder in case Kanye West leaps onto the stage.

By the way, if you’re on Twitter feel free to follow the Naked Security team of writers to get your up-to-the-minute security fix. Although, just like Taylor Swift, we can’t promise that we’ll definitely follow you back either..

Full story: Naked Security – Sophos

Mashable – The Spark of Genius Series highlights a unique feature of startups and is made possible by Microsoft BizSpark. If you would like to have your startup considered for inclusion, please see the details here.

Full story: Yahoo! News: Security News

Twitter has been resetting passwords for accounts that started distributing links promoting fake antivirus software in an attack that used Google’s Web address shortening service to conceal the links’ destination.

Full story: Computerworld Security News

A new Twitter worm is spreading fast, using the “goo.gl” URL shortening service to distribute malicious links

Full story: Securelist / All Updates