Social networking sites have proven to be incredibly popular, but they also are proving to be less than secure.
You have to be agile to keep up with teenagers if you're well into middle age, but you should give credit to those of us who are making an effort. For instance, having Twitter and Facebook accounts is one way to stay in the groove with the Web 2.0 crowd. But you have to be a little careful when you're out there mingling with the hoi polloi.
We took note recently that COMMON and iSociety have collaborated on a joint initiative to go Web 2.0. COMMON now has a Twitter account and also one on Facebook. Plans are to post activities from the upcoming 2009 annual meeting and exposition in Reno, Nevada, (April 26-30) on Twitter as the show unfolds. If you have a free Twitter account, you can follow COMMON activities, and people can then link to you. I have a Twitter account, and if I could remember my password, I would be able to follow COMMON and get a sense of what all the people who are following me on Twitter are doing with their fascinating lives. Hopefully, they're also following someone who is actually more interesting than I, since I'm actually only a pseudo interesting tweeter.
What's really interesting about Twitter these days is that it's been repeatedly hacked. Tweeters (those of us who tweet) have been responsible for automatically propagating a worm after visiting compromised profiles. The site had to discard thousands of tweets in order to get rid of the malicious code. Last weekend, the Twitter staff was trying to deal with several sustained attacks and determined that the vector was a cross-site scripting (XSS) weakness. Users who were visiting the profile of a compromised account were themselves compromised. The result was a string of messages being posted that promoted a Web site called StalkDaily.com, a site similar to Twitter. Following being infected, users began tweeting about stalkdaily.com with messages such as "Dude, www.StalkDaily.com is awesome. What's the fuss?" The first wave affected about 90 accounts. Later in the day, a new wave of attacks hit that displayed similar messages but exploited a different weakness. Some 100 accounts were compromised. A third strike happened on Sunday. The creator of StalkDaily has taken credit for the attacks.
Biz Stone, founder of Twitter, wrote in his blog that the Twitter team "secured the accounts that had been compromised and removed any content that might help spread the worm. All told, we identified and deleted almost 10,000 tweets that could have continued to spread the worm."
Stone said the company takes the attacks seriously and would follow up in pursuing the person responsible. He likened the attacks to one in 2005 on MySpace in which a hacker introduced the Samy worm, a virus that spread to a million users within a mere 20 hours. The worm carried a payload that would display the text "but most of all, Samy is my hero" on the compromised profile of the user. Anyone who viewed a compromised profile would have the payload planted on their page. MySpace filed a lawsuit against the virus creator, Samy Kamkar, who was also charged with a felony. In 2007, Kamkar entered a plea agreement, whereupon he was sentenced to three years of probation and 90 days of community service, and he had to pay restitution to MySpace.
The messages on Twitter last weekend were relatively harmless, but the dangers that Twitter users are exposed to could lead to more serious consequences since most users are accustomed to simply clicking on TinyURL links without using Twitter's preview feature to see where they actually lead. The disturbing thing about the Twitter attacks this past weekend is that the XSS vulnerability was identified earlier by two security researchers, Lance James and Eric Wastl, who work for Secure Sciences Corp. The flaws allow attackers to force unwanted behavior through URL manipulation.
Twitter was hit earlier this year by a clickjacking attack, and 16-year-old actress Miley Cyrus, the lead actress in Disney's TV series Hannah Montana, had her Twitter account hacked, with obscene references posted. Last month, Facebook was hit by an attack similar to the one directed against Twitter this past week.
The whole Web 2.0 phenomenon is fun and is the product of some youthful minds that have tapped into people's desire to communicate and interact frivolously. Obviously, more work needs to be done on these free services to tighten up what is an appalling lack of security. Until it's secured, users should be aware of the inherent dangers in using these services from computers containing any information of value to hackers and thieves.
Safe password management is a must when using these types of accounts. Long and strong passwords that have both uppercase and lowercase letters, numbers, and special characters are important. Using the same password for multiple services is not a good idea, but one at least should use a unique password for banking or payment services.
More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.
TRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now! Request Now.
Forms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.
Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:
Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.
IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn:
LATEST COMMENTS
MC Press Online