(Page 2 of 2)
Tweet scam A message sent through a compromised Twitter account by a hacker (highlighted in red). The message includes a link that leads to malware.
Twitter
Twitter advises that users who see unauthorized tweets issued under their name should change their password immediately (if it hasn't been changed by the hacker) and to revoke access for any unrecognized third-party application. It also offers advice for safe tweeting on its forums. The company did not immediately reply to a question about the Russian black market or the number of compromised accounts.
The discovery by Kaspersky Lab comes one month after reports surfaced that Facebook was facing similar problems. Verisign's iDefense Labs said it had found a website peddling 1.5 million compromised Facebook accounts, offering them for $25 per 1,000 accounts with 10 friends or less, and $45 per 1,000 accounts that have more than 10 friends.
The hacking of Twitter accounts represents a change in strategy by Twitter scam artists. Earlier this year, the trend among spammers was to create Twitter accounts from scratch, try to gain as many followers as possible, then attempt to sell them, with prices listed on Russian cybercriminal forums of between $500 and $1,000.
But this strategy found few customers, and proved difficult to maintain. Twitter fought back by blocking accounts that gathered followers too quickly--a sign that a spammer was behind the account. Scammers next built automated programs to slowly build up followers and post realistic-looking tweets copied from other Twitter users.
"It was a lot of work for them," Raiu says. "Probably the cybercriminals discovered earlier this year that it's easier to steal logins to people's Twitter accounts than create them from scratch."
Data-mining techniques reveal fake Twitter accounts that give the impression of a vast political movement.
Approach could help software learn how to identify fake accounts with less honorable intentions.
A Twitterista twooted a tweet,
That really wasn't very sweet,
Because a link was deflected,
Which no one detected,
And made the bird too infected to eat.
Theres 4 points i would like people to see.
Authentication
Authorisation
Hacked
Compromised
Once a user is authenticated....and this is the the if the user is then authorised to perform whatever actions that security level provides. Ie selling 1billion of shares instead of 1 million etc.
Authentications takes the form of passwords,fingerprints, facial recognition. As a help for you Password authentication was cracked 20 years ago for most cryptographic systems...By this is mean every combination of passwords you can ever enter is stored on a large database and takes milliseconds to hack a password. Even a moderately powerful computer today given an encrypted password can crack every password in the world pretty quickly.
Hacked is a simple flaw in a piece of software accessible to outside influence.
Compromised is (e.g.) an authenticated channel between 2 systems that is then used online by someone or offline by a trojan to perform actions like taking all your money out of your account and sending it to theirs...all whilst youre logged in and unaware. You passed the tests for authentication/authorisation however it was hacked without your knowledge and a package was left behind. So what can you do....the answer is easy never/ever use a computer.
Can we achieve 100% authentication...
as you saw above even 100% authentication doesnt help in the real-world in fact it makes things WORSE..much WORSE cause you are then trusting a compromised environment.
Is there a real-solution or solutions...
Yes but you'll never get the "IT experts" putting them forward cause theyre a bunch of dufus'
Actually scrub that I believe i came across a TRUE IT expert some 10-20 years ago, and his proposal still holds true today...
Now wheres that mirror gone.
I imagine the phony spam links could be even more dangerous if they were disguised with Tiny Url or a similar service. I would never click on a link going to 4chan, for example, but if it was hidden with TinyUrl I might not know.
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
martinaatayo
112 Comments
Common Password or Security Code and Privacy issues
It is extremely important to realize that issues
that are hypersensitive as ideas being muted by both Facebook and Mozzilla,specifically, password
security and privacy issues,ought not to be treated so lightly as contained in the news report,or left in the hands of the two
enterprises alone
The trend of web based applications is very broad, to the extent, 10-20 years from now,
human life and conduct of day to day activities will dramatically be impacted by electronic and
computer based applications.
The vast emerging applications and transformation
of human life seem not to favor sensitive matters of password storage and privacy issues to be handled by these two giant service providers.
Such a security matter ought to take Federal Government attention, advanced technology community, global community, and more importantly,
democratic discuss approach as to sound modalities
for application.
Facebook and Mozilla could contact me on martin@mpgatechnology.com for further details on
respective ideas.
Martin Atayo
Washington, DC 20013
Reply