22
Wed, May
2 New Articles

Keeping Up with Today's Youth Can Be Risky

Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

Social networking sites have proven to be incredibly popular, but they also are proving to be less than secure.

 

You have to be agile to keep up with teenagers if you're well into middle age, but you should give credit to those of us who are making an effort. For instance, having Twitter and Facebook accounts is one way to stay in the groove with the Web 2.0 crowd. But you have to be a little careful when you're out there mingling with the hoi polloi.

 

We took note recently that COMMON and iSociety have collaborated on a joint initiative to go Web 2.0. COMMON now has a Twitter account and also one on Facebook. Plans are to post activities from the upcoming 2009 annual meeting and exposition in Reno, Nevada, (April 26-30) on Twitter as the show unfolds. If you have a free Twitter account, you can follow COMMON activities, and people can then link to you. I have a Twitter account, and if I could remember my password, I would be able to follow COMMON and get a sense of what all the people who are following me on Twitter are doing with their fascinating lives. Hopefully, they're also following someone who is actually more interesting than I, since I'm actually only a pseudo interesting tweeter.

 

What's really interesting about Twitter these days is that it's been repeatedly hacked. Tweeters (those of us who tweet) have been responsible for automatically propagating a worm after visiting compromised profiles. The site had to discard thousands of tweets in order to get rid of the malicious code. Last weekend, the Twitter staff was trying to deal with several sustained attacks and determined that the vector was a cross-site scripting (XSS) weakness. Users who were visiting the profile of a compromised account were themselves compromised. The result was a string of messages being posted that promoted a Web site called StalkDaily.com, a site similar to Twitter. Following being infected, users began tweeting about stalkdaily.com with messages such as "Dude, www.StalkDaily.com is awesome. What's the fuss?" The first wave affected about 90 accounts. Later in the day, a new wave of attacks hit that displayed similar messages but exploited a different weakness. Some 100 accounts were compromised. A third strike happened on Sunday. The creator of StalkDaily has taken credit for the attacks.

 

Biz Stone, founder of Twitter, wrote in his blog that the Twitter team "secured the accounts that had been compromised and removed any content that might help spread the worm. All told, we identified and deleted almost 10,000 tweets that could have continued to spread the worm."

 

Stone said the company takes the attacks seriously and would follow up in pursuing the person responsible. He likened the attacks to one in 2005 on MySpace in which a hacker introduced the Samy worm, a virus that spread to a million users within a mere 20 hours. The worm carried a payload that would display the text "but most of all, Samy is my hero" on the compromised profile of the user. Anyone who viewed a compromised profile would have the payload planted on their page. MySpace filed a lawsuit against the virus creator, Samy Kamkar, who was also charged with a felony. In 2007, Kamkar entered a plea agreement, whereupon he was sentenced to three years of probation and 90 days of community service, and he had to pay restitution to MySpace.

 

The messages on Twitter last weekend were relatively harmless, but the dangers that Twitter users are exposed to could lead to more serious consequences since most users are accustomed to simply clicking on TinyURL links without using Twitter's preview feature to see where they actually lead. The disturbing thing about the Twitter attacks this past weekend is that the XSS vulnerability was identified earlier by two security researchers, Lance James and Eric Wastl, who work for Secure Sciences Corp. The flaws allow attackers to force unwanted behavior through URL manipulation.

 

Twitter was hit earlier this year by a clickjacking attack, and 16-year-old actress Miley Cyrus, the lead actress in Disney's TV series Hannah Montana, had her Twitter account hacked, with obscene references posted. Last month, Facebook was hit by an attack similar to the one directed against Twitter this past week.

 

The whole Web 2.0 phenomenon is fun and is the product of some youthful minds that have tapped into people's desire to communicate and interact frivolously. Obviously, more work needs to be done on these free services to tighten up what is an appalling lack of security. Until it's secured, users should be aware of the inherent dangers in using these services from computers containing any information of value to hackers and thieves.

 

Safe password management is a must when using these types of accounts. Long and strong passwords that have both uppercase and lowercase letters, numbers, and special characters are important. Using the same password for multiple services is not a good idea, but one at least should use a unique password for banking or payment services.

Chris Smith

Chris Smith was the Senior News Editor at MC Press Online from 2007 to 2012 and was responsible for the news content on the company's Web site. Chris has been writing about the IBM midrange industry since 1992 when he signed on with Duke Communications as West Coast Editor of News 3X/400. With a bachelor's from the University of California at Berkeley, where he majored in English and minored in Journalism, and a master's in Journalism from the University of Colorado, Boulder, Chris later studied computer programming and AS/400 operations at Long Beach City College. An award-winning writer with two Maggie Awards, four business books, and a collection of poetry to his credit, Chris began his newspaper career as a reporter in northern California, later worked as night city editor for the Rocky Mountain News in Denver, and went on to edit a national cable television trade magazine. He was Communications Manager for McDonnell Douglas Corp. in Long Beach, Calif., before it merged with Boeing, and oversaw implementation of the company's first IBM desktop publishing system there. An editor for MC Press Online since 2007, Chris has authored some 300 articles on a broad range of topics surrounding the IBM midrange platform that have appeared in the company's eight industry-leading newsletters. He can be reached at This email address is being protected from spambots. You need JavaScript enabled to view it..

BLOG COMMENTS POWERED BY DISQUS

LATEST COMMENTS

Support MC Press Online

$0.00 Raised:
$

Book Reviews

Resource Center

  • SB Profound WC 5536 Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application. You can find Part 1 here. In Part 2 of our free Node.js Webinar Series, Brian May teaches you the different tooling options available for writing code, debugging, and using Git for version control. Brian will briefly discuss the different tools available, and demonstrate his preferred setup for Node development on IBM i or any platform. Attend this webinar to learn:

  • SB Profound WP 5539More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.

  • SB HelpSystems ROBOT Generic IBM announced the E1080 servers using the latest Power10 processor in September 2021. The most powerful processor from IBM to date, Power10 is designed to handle the demands of doing business in today’s high-tech atmosphere, including running cloud applications, supporting big data, and managing AI workloads. But what does Power10 mean for your data center? In this recorded webinar, IBMers Dan Sundt and Dylan Boday join IBM Power Champion Tom Huntington for a discussion on why Power10 technology is the right strategic investment if you run IBM i, AIX, or Linux. In this action-packed hour, Tom will share trends from the IBM i and AIX user communities while Dan and Dylan dive into the tech specs for key hardware, including:

  • Magic MarkTRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now!  Request Now.

  • SB HelpSystems ROBOT GenericForms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.

  • SB HelpSystems ROBOT GenericIT security is a top priority for businesses around the world, but most IBM i pros don’t know where to begin—and most cybersecurity experts don’t know IBM i. In this session, Robin Tatam explores the business impact of lax IBM i security, the top vulnerabilities putting IBM i at risk, and the steps you can take to protect your organization. If you’re looking to avoid unexpected downtime or corrupted data, you don’t want to miss this session.

  • SB HelpSystems ROBOT GenericCan you trust all of your users all of the time? A typical end user receives 16 malicious emails each month, but only 17 percent of these phishing campaigns are reported to IT. Once an attack is underway, most organizations won’t discover the breach until six months later. A staggering amount of damage can occur in that time. Despite these risks, 93 percent of organizations are leaving their IBM i systems vulnerable to cybercrime. In this on-demand webinar, IBM i security experts Robin Tatam and Sandi Moore will reveal:

  • FORTRA Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:

  • FORTRAManaging messages on your IBM i can be more than a full-time job if you have to do it manually. Messages need a response and resources must be monitored—often over multiple systems and across platforms. How can you be sure you won’t miss important system events? Automate your message center with the Robot Message Management Solution. Key features include:

  • FORTRAThe thought of printing, distributing, and storing iSeries reports manually may reduce you to tears. Paper and labor costs associated with report generation can spiral out of control. Mountains of paper threaten to swamp your files. Robot automates report bursting, distribution, bundling, and archiving, and offers secure, selective online report viewing. Manage your reports with the Robot Report Management Solution. Key features include:

  • FORTRAFor over 30 years, Robot has been a leader in systems management for IBM i. With batch job creation and scheduling at its core, the Robot Job Scheduling Solution reduces the opportunity for human error and helps you maintain service levels, automating even the biggest, most complex runbooks. Manage your job schedule with the Robot Job Scheduling Solution. Key features include:

  • LANSA Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.

  • LANSAWhen it comes to creating your business applications, there are hundreds of coding platforms and programming languages to choose from. These options range from very complex traditional programming languages to Low-Code platforms where sometimes no traditional coding experience is needed. Download our whitepaper, The Power of Writing Code in a Low-Code Solution, and:

  • LANSASupply Chain is becoming increasingly complex and unpredictable. From raw materials for manufacturing to food supply chains, the journey from source to production to delivery to consumers is marred with inefficiencies, manual processes, shortages, recalls, counterfeits, and scandals. In this webinar, we discuss how:

  • The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit

  • Profound Logic Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application.

  • SB Profound WC 5536Join us for this hour-long webcast that will explore:

  • Fortra IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn: