The Good NET Guide

Posts Tagged ‘account’

There is a tweet being retweeted heavily within the German Twitter community right now which roughly translates as

“BEWARE Nazi-pigs on Twitter! @Heil_Hitler_88 Please block so that the account gets deleted. #nazi #block #rt Please!” (original).

Now, if Twitter had servers in Germany an account like @Heil_Hitler_88 (we’re not linking BTW) would be illegal and would be deleted right away.

Shit My Dad Says, the Twitter phenomenon with over 1.2 million followers, and more notably, a TV pilot in the works, has taken his act to the new hot (or at least, controversial) social network, Google Buzz.

Now, before you get too excited, you’ll note that all this account is doing is importing the Shit My Dad Says tweets into Buzz. In fact, because the account doesn’t tweet all that regularly (I suppose creator Justin Halpern is busy trying to write dialogue for William Shatner, who will star in the show), there are only five total tweet imported so far since February 10, when the account was started. Still, there’s a lot of activity on those five tweets, with dozens of Buzz users liking and commenting on the blurbs.

There’s no way of knowing if this account is an official one since anyone can import any public Twitter account into their Buzz steam, but even if fake, the creator did a nice job recreating Justin’s father. For example, his profile says that the one thing he can’t find on Google is “my pants.” And his hometown is shown on a Google Map as somewhere just outside Columbus, Ohio. The About Me section reads the same as the Twitter bio, “I’m 29. I live with my 74-year-old dad. He is awesome. I just write down shit that he says.”

The most interesting thing about this account may be its level of engagement. If I were on the Buzz team, I might point out that even though this account is doing nothing beyond importing tweets, there’s clearly a huge demand to have conversations about these tweets — something which is much easier to do on Buzz then on Twitter. Of course, some brands are already understanding this.

Also note that the account name is technically “sh1tmydadsays,” because Google won’t allow swear word in Gmail addresses.

[thanks Louis]

It’s no secret that we consider the PR industry, for the most part, the bane of our existence. They’re just under too much pressure to get results, and when we don’t do what they want (write about their clients), things turn ugly. And before things turn ugly, we get spammed. By phone, by Twitter, by Facebook, by email, by mail and by fedex. Some PR firms will lie, cheat, manipulate and then just smear your reputation to get what they want.

Today something new happened though. It wasn’t a PR firm we went to battle with, it was a press release distributor – prMac. I know these guys well, because for the last year and a half they’ve sent me an average of 15 emails a day, sometimes far more. Each email contains a useless press release that someone paid them to spam out to the media. As far as I know, not one of these emails has ever turned into a story.

Most PR emails come from a human, and it’s easy to just reply and tell them to stop if it becomes annoying. The more streamlined operations that spam stuff out at least give us an opt out to get off their dreaded mailing list. But not prMac – none of their emails have an opt out.

Today was the day I decided to take a stand against the onslaught of prMac emails. Some small step in my hope to regain human dignity, I guess. Since there was no opt out, I simply sent out a Tweet, saying “prMac really needs to chill out on the unsolicited press spam, and give an unsubscribe link.” I followed up with a link to a single day’s emails from the company.

If I were prMac, I would have seen this and either kept on spamming, or quietly taken techcrunch emails off their list. But that didn’t happen. Instead, they got angry. Really pissed off, actually.

First came a comment to that image of the spam, saying “Claims it’s spam, but OPTED IN to the service. The reason for the duplicates is TechCrunch provided two email addresses.”

Then a barrage of emails (sort of ironic). One said in part, and I’m not kidding, “prMac is an OPT IN service for the media. We’re not spammers. We set up your account for you, only for your convenience and under your behalf…”

Yep, they followed a statement that they are opt in only and that they aren’t spammers with an admission that they set up our account for us “only for your convenience” (and certainly not at our request).

Unpleasant words were exchanged over the course of ten or so more emails. prMac forwarded an email from 2008 where they cajoled a CrunchBase staffer into giving up our emails to start the whole process. I noted that I had no way of stopping the barrage, and kept pointing out that a simple opt out in each email would have been so…legal of them.

But by far the most perfectly absurd comment came from prMac in one of their last emails, where they said to me “…you seriously need to take some diplomacy lessons my friend. The smart ass remarks aren’t assuaging me one iota, and only making a situation worse than it didn’t even have to be.”

Indeed. And since I want to become a better person, I’ve enrolled myself in a course on how to be diplomatic with spammers who don’t want to let go. Hopefully, I’ll handle the situation with more finesse next time.

In the meantime, though, the whole PR profession really needs to get a grip. We aren’t here to do their bidding. We serve our readers. At least, the readers we like. And our community. If they want to be part of that community, they need to lose the sense of entitlement and chill out on the aggressive marketing a little bit.

I would have been quite happy just venting on Twitter earlier today and eventually setting up an email filter to remove anything that came from them. But we’re only human. And this tirade of angry emails (just now yet another one from them popped into my inbox – “If your receiving distributions from us were such a problem, when didn’t you bring this up long before?? It’s not like we started doing this yesterday.”) was a little too aggressive and a little too much. So now I’ve vented more fully.

This morning, Twitter started locking out a subset of users of their accounts, sending them e-mails asking them to change their passwords in order to regain access to the service. The e-mail said those measures were taken due to concerns that their accounts may have been compromised in a phishing attack, and hinted at a third-party service being at fault.

We asked Twitter for more information about the attack, and this is the response that they just gave us:

As part of Twitter’s ongoing security efforts, we reset passwords for a small number of accounts that we believe may have been compromised offsite. In one case, a number of accounts posted updates indicative of given (sic) their username and password to untrusted third parties. While we’re still investigating and ensuring that the appropriate parties are notified, we do believe that the steps we’ve taken should ensure user safety.

Asked how many users were affected, Twitter declined to share details but said the number is ‘very small’. Twitter also said its response is for issues seen from last Wednesday on.

Twitter promises to continue to provide updates and encourages users to read the help pages on what to do if their account is compromised.

Note that Twitter has yet to communicate the whole ordeal on its company blog and/or status website, although the account @safety acknowledges the attack and refers to its security measures as a ‘precautionary step’.

We’ll keep you posted as we try and obtain more information about these attacks.

A tweet posted on Twitter account @Media_Markt_de resulted in a flurry of blog posts on leading tech news sites, reporting on possible confirmation of the existence and indicative pricing of the upcoming Apple tablet (including our own CrunchGear), albeit cautiously warning that there was something fishy there, considering the high pricing.

Turns out the Twitter account was indeed a fake. German electronics retailer Media Markt told IT news site Golem (in German) that the Twitter account does not belong to them at all.

In fact, the owner (or Twitter, although unlikely at this time of day) removed the account about 20 minutes ago. Looks like the handle was registered again shortly after, however, but the follower count went back to zero and there are not updates posted to the account at the time of this writing.

The original tweet leading to the worldwide coverage frenzy (embedded on top) spoke of the Apple iPad going on sale March 1st at a price of 499 Euros with contract with T-Mobile or 899 Euros without. It was deleted about 30 minutes after its original posting, leading many to believe it was in fact a slip-up by Media Markt. No, says the retailer, it wasn’t us.

One wonders why a prankster would delete that tweet if he or she was pulling everyone’s leg anyway, but I’m not even going to bother asking myself what happened.

Apple’s event takes place Wednesday, January 27th.

During and after Twittergate, when a hacker broke into a few hosted email accounts and obtained a number of internal documents, I had an opportunity to spend hours speaking to the actual attacker and document how he carried out the attack. The article was called The Anatomy of The Twitter Attack, and today we unfortunately find ourselves with a sequel to that post as the Twitter DNS servers were compromised last night and the site was redirected to a defacement page.

Unlike last time, on this occasion I have not had the benefit of speaking directly to the attackers, but have spoken to a number of people within the underground security scene familiar with matters and have constructed other parts of the story from public sources. The incident last night was perpetrated by a group called the Iranian Cyber Army – and we have been told that this group is working with the Iranian government. The attack occurred at the same time as a number of other diplomatic incidents, including the escalation of diplomatic hostilities between Iran and the US/EU as well as an incursion by Iranian troops into a disputed border area containing an oil field.

The defacement was carried out by hijacking the servers hosting the DNS records for the twitter.com domain (this is the server that maps the domain name to an IP address). The attackers modified the DNS records to point to an IP address with a web server hosting the defacement page. The twitter.com domain (registered with NetworkSolutions) was not hijacked, nor were its records altered.

The DNS records for Twitter are hosted at Dyn. A company that provides DNS hosting for over 100,000 domain names and provides other services for companies. We have been told, but have yet to confirm, that the account password recovery feature was used to reset the password for the Twitter account at Dyn. When we checked the password recovery page, it contains a request to contact Dyn directly – there is no form of any type. We have not been able to confirm is there was an automated process at this page which has since been taken down.

To reset the password to gain access to the account hosting DNS records, the attacker had access to the email address associated with the account. Twitter hosts all email on Google Apps for Domain, which played a central role in the previous attack on Twitter not because of any vulnerability within the application itself, but because of a lapse in password policies which lead to a minor account being compromised, which lead to other accounts being compromised.

The attackers gained access to the Twitter account at Dyn, and changed the DNS records for Twitter.com to point to an IP address that was on the anonymous Tor network. The attackers seemed to have changed all the records at Twitter.com, including sub-domains used for the API, the status page, etc. but because of varying caching levels and the fact that some clients were using a direct IP address not all services were affected immediately.

For most users the main Twitter web application was displaying the defacement page for just under an hour.

This type of attack is not very sophisticated, but it is extremely effective. It was not a direct vulnerability with the DNS server but rather with the accounts system and email addresses. While the Twitter application was not compromised, desktop applications and websites that directly send a users username and password back to Twitter over plain HTTP would have sent this information to the attackers IP address, from where it could easily have been harvested.

The solution to similar problems revolves around the management of account passwords, especially with critical services such as DNS hosting. Further, since the status page for Twitter was hosted on the same domain as the main site, it was also inactive during the period of time that the defacement was up on the site and for a short time afterwards while Twitter responded to the attack.

Crunch Network: CrunchBase the free database of technology companies, people, and investors

If you’re reading this, there’s a good chance you’ve never played Doodle Jump. Why? Because if you had ever played Doodle Jump, you’d probably still be playing it. The game is addictive gaming at its finest; it’s drop dead simple, yet ridiculously tough to put down. If I had to babysit a kid, I’d just hand them Doodle Jump and then go off and do something else for a few hours. They wouldn’t even notice I left.

Being insanely catchy has paid off. This morning, Doodle Jump’s developers, Lima Sky, are announcing that they’ve smashed through the 1 million download mark – an especially impressive feat when you consider the circumstances.

Read the rest of this post at MobileCrunch >>

Crunch Network: CrunchBase the free database of technology companies, people, and investors

This time next week, if Mel Tormé is to be believed, chestnuts will be roasting on an open fire and Jack Frost will be nipping at your nose. There will also be some business with a sleigh. But Christmas is still a whole seven days away and right now it’s business as usual on TechCrunch, as evidenced by our up to the minute coverage of Twitter being (apparently) hacked by the Iranians.

Obviously as regular TechCrunch readers will know, any hacker of Twitter is a friend of ours, but there’s something about this recent attack on the popular micro-blogging service that I find particularly heartening.

For too long the anti-Iranian lobby has had the upper hand on Twitter, with self-righteous celebrities turning their avatars green in protest at the fraudulent re-election of Mahmoud Ahmadinejad and various hashtag memes criticising the country’s human rights record. It’s about time that supporters of the murderous regime got their PR machine in gear and redressed the balance with a bit of pro-Iranian propaganda.

And – hell – why mess around with hashtags or avatars when you can just hijack the entire site with your message that “U.S.A. Think They Controlling And Managing Internet By Their Access, But THey Don’t, We Control And Manage Internet By Our Power, So Do Not Try To Stimulation Iranian Peoples To”? It’s always nice to see Hezbollah getting a bit of linklove too.

Let’s hope the fair and balanced trend continues:  I’m particularly looking forward to high-profile Iranian celebrities turning their avatars red, white and blue while a flurry of hashtag memes celebrates the continuing erosion of democracy and basic human rights and the subjugation of women.

Yunno, inshallah.

Next week: China.

No, Rock *you* of the week…
Just as the week ended with a high profile hack, so it began. Last Saturday, MG recommended that all of RockYou’s 32 million registered users change their passwords after “security firm Imperva issued a warning to RockYou that there was a serious SQL Injection flaw in their database.” Apparently “such a flaw could grant hackers access to the the service’s entire list of user names and passwords in the database,” which doesn’t sound good at all.

But it got worse – a few hours later Nik reported an even more dramatic twist: not only had RockYou been storing users’ passwords in plain text, but they’d been doing the same with login credentials for other services used by those users  via RockYou. The result: millions of users had their webmail, MySpace, Bebo, Facebook – and the rest – passwords exposed to hackers, fraudsters and other ne’er-do-wells. The phrase you’re looking for is ‘holy shit’. Thank God only children and idiots use RockYou, otherwise this could be really troubling.

Not all bad news, of the week…
But it wasn’t all doom and gloom this week – in fact for some companies it was as if Christmas had come early (or Hanukkah precisely on time). Yelp is about to be acquired by Google for half a billion dollars, UK-based affiliate platform Skimlinks has raised $1.5m in series A funding, Pandora has doubled its user base to 40 million since this time last year, Facebook’s US traffic has overtaken AOL’s, Groupon is valued at $250 million, Yahoo Pipes has been unblocked from CraigsList and Twitter has finally rolled out a German-language version of its service. Das Twitter: where 140 characters isn’t enough for even a hashtag.

WW.to of the week…
Can you imagine a more boring war than one over URL shortening services? Nor can I. Still, at least it’ll be short.

Living la vida start-ups of the week….
Another month, another stop on Lacy’s grand tour of the world’s emerging entrepreneurial markets. And it’s December, so it must be South America – starting with Puyuehue in Chile where TechCrunch’s intrepid editor at large attended Endeavor’s annual South American selection event.  She explains: “[Endeavor] started ten years ago to find and help the most promising high-growth companies in emerging markets. It doesn’t actually invest in the 270 or so companies it has selected to be “Endeavor companies,” and a lot of that “help” is hard to quantify—free consulting, coaching and mentoring, and introductions to potential investors… Endeavor companies have generated some $3.15 billion in revenues, generated nearly 100,000 jobs, and 93% of them are still business.”

After Chile, it was off to Argentina where Sarah met two interesting start-ups that just so happened to be based in the same building. First was MercadoLibre – the eBay of Latin America and the only company in the region to be quoted on Nasdaq, a refreshing counter to the usual South American route of selling quickly and cheaply to America. The second was Globant, an outsourcing company with clients in the UK and the US, which just so happens to also have its eyes on an IPO. Fascinating companies both, reflecting as they do the prevalence in emerging markets for copycats and outsourcing companies. Even most interesting to me though was the detail that Globant’s founders came up with the idea for the company in a bar. As Sarah says, “at TechCrunch we are firm believers that some of the best things happen in bars.”

Damn right.

Have a good weekend.

Crunch Network: CrunchBase the free database of technology companies, people, and investors

Here’s a new one. As Facebook continues to grapple with the negative press over its privacy overhaul, it’s now suggesting a new way to protect your personal information: lie about it. At least, that’s what Barry Schnitt, Facebook’s Director of Corporate Communications and Public Policy, told the Wall Street Journal in an article this evening. From the story:

Facebook also made public formerly private info such as profile pictures, gender, current city and the friends list. (Mr. Schnitt suggests that users are free to lie about their hometown or take down their profile picture to protect their privacy; in response to users’ complaints, the friends list can now be restricted to be viewed only by friends).

Of course, this directly violates Facebook’s own Terms of Service, which stipulate that users may not provide false information.

Registration and Account Security
Facebook users provide their real names and information, and we need your help to keep it that way. Here are some commitments you make to us relating to registering and maintaining the security of your account:

You will not provide any false personal information on Facebook, or create an account for anyone other than yourself without permission.

Update: I reached out to Facebook, and Schnitt has clarified his position:

I think WSJ is paraphrasing. What I said is profile picture and current city are optional. You don’t have to include a profile picture or you can include a picture of your dog or anything you like. Similarly, you don’t have to indicate your current city or you can indicate that your current city is “Atlantis”, “Valhalla” or, again, anything you like. We hope people will use accurate information if they are comfortable doing so because that information helps them to be found by their friends, which is part of the point of joining the site.

Facebook has always been heavily reliant on its users being honest, and it has thrived because of it. It was among the first social networks to mandate the use of real names rather than aliases, which has made it easier to find friends and also forces users to take more responsibility for their actions. If Facebook is actually going to start suggesting falsifying or removing information as a means to maintain privacy, then it’s making a serious mistake.

I’ve made no secret of my dislike for Facebook’s privacy overhaul. And while there have been plenty of articles questioning Facebook’s motivations, I think we’ve yet to really see the true backlash begin. This is just the tip of the iceberg.

Crunch Network: CrunchBoard because it’s time for you to find a new Job2.0

And… it’s… outta here. TiVo is down to less than three million subscribers and they sold about 500 DVRs a day last quarter, giving it 8% of the 38 million US DVR market. That’s not much

Read the original: 
Sad-Eyed TiVo of the Low Subscriber Rate