Mr Blog... Mr Blog... Log on to Mr Blog... Blogging website.

"The blog is named in honor of a TV ad jingle for a certain Chinese fast-food chain here in the San Francisco Bay area, particularly well-known in the Silicon Valley. It was also originally meant as a good-natured jab at the blog craze at the turn of the 21st century and an ironic exaggeration of the ego-centric blog names common at the time."
RSS Subscribe to RSS

Posts Tagged ‘security’

Another Twitter password stealing spamming scam

go0gle-wizards

Here we go again. A site called GO0GLE-WIZARD.com is actively posting bogus (forged) tweets on behalf of thousands of compromised Twitter accounts. There’s a few differences from the similar twittercut episode a few weeks ago. In the case of GO0GLE-WIZARD.com, it’s not yet obvious where the site is getting the compromised account credentials. Presumably, the users have logged in to some web site or service on the net using their Twitter username/password and that site is operated by the same people as GO0GLE-WIZARD.com or somehow made a deal with them to share compromised accounts. Another possibility is the GO0GLE-WIZARD.com folks compromised some other site that had thousands of Twitter IDs and passwords on file. The whois record for the domain says the info is “protected” , meaning hidden behind a proxy, in this case some outfit called “WhoisGuard”.

I’ll post updates if we find out who is really behind this and what site they’re getting the stolen Twitter credentials from. In the mean time, don’t believe any tweets that suggest your friends are making money from this scam website.

UPDATE 7/30/2009: Twitter’s spam-monitoring account sent a tweet a few hours ago warning anyone who had entered their log-in information into a website called TwitViewer to change their password. Perhaps this is the culprit of the stolen Twitter accounts.

UPDATE 7/31/2009: TwitViewer is apparently a scam too, but perhaps not related to GO0GLE-WIZARD.com. Some people are seeing a relation to Foursquare, an iPhone Twitter app, but some dispute that too. So I don’t think we know for sure yet where GO0GLE-WIZARD.com is getting the stolen Twitter IDs and passwords.

UPDATE 7/31/2009: What’s worse here is accounts are getting suspended by Twitter even if they delete the spam and change their password. Come on Twitter, get a clue.


2 Comments »
RSS Subscribe to the comments for this post
Posted on : Jul 30 2009
Tags:
Posted under twitter |

BEWARE: twittercut is a password stealing SCAM!

A quick search on twitter will show this site is bogus: http://search.twitter.com/search?q=twittercut

DO NOT sign up there (or even visit the site).  If you did sign up, change your Twitter password asap.

Here’s what the home page to the site says:

Welcome to TwitterCut.com.

TwitterCut.com is the best place for you to grow your twitter network and gain a ton of followers. We recommend giving it a shot, it’s free and will help you get the followers you need. This system is brand new, so the quicker you get involved the better it will be, fill out the form below and get started right away…

It looks like they stole some Twitter graphics there. I note that the Home, About etc. links are all no-ops.

The WHOIS record, gives the following:

Registrant:
Jordan EMbry
1646 thompson drive
owensboro, Kentucky 42302
United States

Domain Name: TWITTERCUT.COM
Created on: 21-May-09
Expires on: 21-May-10
Last Updated on: 21-May-09

Administrative Contact:
EMbry, Jordan  jembry13@gmail.com

I have not found a white pages listing for an Embry at the above address.  The domain is registered with GODADDY.COM, INC.

May or may not be the same person as:


2 Comments »
RSS Subscribe to the comments for this post
Posted on : May 26 2009
Tags: , , ,
Posted under twitter |

PicDoodle virus shows Facebook’s true colors

Facebook continues to claim that they respect users’ privacy and discourage bad behavior in third-party applications.

Well, that must depend on how much they’re paid, or who you know, or some other random factors, because the PicDoodle app exhibits all the worst behaviors of an evil, evil virus, and yet Facebook continues to serve it up to users and defend the application.

The lame Silicon Alley Insider (which I refuse to link to here – look it up if you really need to see their awful reporting) attributes the following quote to Facebook:

“The PicDoodle application was tagging the maximum allotment of a user’s friend in each saved photo… This ran counter to user expectations…”

That statement is just infuriating. It is far beyond misleading and suggests that there’s a lot more to this story. There’s got to be something going on behind the scenes at Facebook for them to spew such total BS.

If PicDoodle messed around with tagging people (that I didn’t tag) in a “saved photo” that would be bad enough.  But what it actually does isn’t even on the same planet.  When one “Allows” (installs) the app, before they take any action at all, PicDoodle does it’s dirty work, all in the background. PicDoodle creates a Photo album and sticks a fake blank “photo” in it. It then tags people (your friends) who are not in that “blank” photo as being in that photo.

This causes all your friends to receive notifications from the Photos app (not from PicDoodle) saying they were tagged in a photo by you.  When they click to see what photo you tagged them in, instead of viewing a photo, they see a link to the PicDoodle app that suggests they need to click it to continue.  Since there is nothing else to see besides that link (because the actual photo is “blank”), the user clicks the link, hoping to finally see the photo that you tagged them in.

They get the usual “Allow” prompt to install the PicDoodle app, and still wanting to finally see the photo in which they appear, they click it.  And viola, the process starts all over again for that user.  And of course they never get to the “Photo” containing them – because there isn’t one.

How Facebook can declare this is just a “glitch” is beyond me.  PicDoodle was very obviously designed to perform these evil tasks to spread itself, even conning Facebook’s own “Photos” app into doing its bidding.

The Insider story concludes with:

Meanwhile, rumors on Twitter that PicDoodle is a virus or phishing scheme appear to be inaccurate.

So who are these guys blowing to get this kind of white-wash?


7 Comments »
RSS Subscribe to the comments for this post
Posted on : Mar 25 2009
Tags:
Posted under facebook |

FBI asks for broad expansion of wiretapping laws

As I predicted, the FBI has asked for new laws to facilitate broad snooping at broadband internet service provider facilities. The first question is what will this mean for end-to-end encryption. The FBI wants to force Vonage, 8×8, AT&T, and other broadband telephone providers to enable easy wiretapping, but what about pure P2P systems like Skype (and even peer-to-peer SIP)? How will they force end-users to provide easy wiretapping of themselves? When will the government outlaw encryption, so that only the outlaws will have encryption?

From FBI adds to wiretap wish list:

Baker [who represents Internet providers as a partner at law firm Steptoe & Johnson] agrees that the FBI’s proposal means that IP-based services such as chat programs and videoconferencing “that are ‘switched’ in any fashion would be treated as telephony.” If the FCC agrees, Baker said, “you would have to vet your designs with law enforcement before providing your service. There will be a queue. There will be politics involved. It would completely change the way services are introduced on the Internet.”

If the FBI’s request is enacted, it will be very expensive. And, more importantly, my argument is that it doesn’t really help solve the real problem either. Why aren’t the existing laws enough? What’s wrong with getting a warrant and going to a particular service provider and getting the data they need? In fact, they already have greatly expanded wiretapping powers as part of the USA Patriot Act so they don’t even need court approval in many situations as things are now.

So to me, it looks like a lot of money wasted for no practical benefit. It will have little effect on real criminals since they can just use encryption and they will be the only ones using encryption if encryption is made illegal.

One potential positive side-effect of this kind of regulation is to push more functionality to the edge. If service providers cannot introduce new products to fill needs for users due to bureaucratic governmental red-tape, users will buy edge-devices to fill those needs (as they did for home routers).


Comments Off
RSS Subscribe to the comments for this post
Posted on : Mar 14 2004
Tags: ,
Posted under politics |

Plan for ‘terror market’ scraped before it got off the ground

On Monday, the Pentagon announced a highly controversial plan for a terror futures market (see news story) that immediately drew harsh criticism. Accordind to AP “[Sen. Ron] Wyden said $600,000 has been spent on the program so far and the Pentagon plans to spend an additional $149,000 this year. The Pentagon has requested $3 million for the program for next year and $5 million for the following year.”

The crazy idea involved “setting up a stock-market style system in which investors would bet on terror attacks, assassinations and other events in the Middle East. Defense officials hope to gain intelligence and useful predictions while investors who guessed right would win profits.”

Today, CNN is reporting that the plan has been cancelled, shortly after Tom Daschle denounced the program on the senate floor as “an incentive actually to commit acts of terrorism” and calling the program a “plan to trade in death.”

The whole thing is just surreal.


Comments Off
RSS Subscribe to the comments for this post
Posted on : Jul 29 2003
Tags: ,
Posted under politics |
PhoneGnome
FREE calling
VoIP for the rest of us!