Twitter account hacking
I was informed by my partner that my twitter account had been hacked. Now I had a secure password set for my account and I do not have a windows desktop or laptop. I run Ubuntu Linux Jaunty Jackalobe. Of course the only windows device I have is an htc touch pro, which is windows mobile 6 pocket PC. I use hellotwitface to tweet when I’m out and about. So could that have compromised me? I’m unsure. The passwords been changed on my twitter account and I’ll see what happens before I tweet from my phone.
My account tweeted one weightloss spam advert. The tweet was done from the web. You’ll see my initial tweets after the event on the site as I have a twitter feed on it. The thing is I have advertising on this blog. However I try to keep it discreet and on the sidebar and at the bottom of the web page. But I expect my microblogging to be ad-free. No one want’s ad-spam.
According to my initial google foo, my account was one of hundreds being used to send out this spam. According to Ben Parr on mashable, last week twitter apparently suspended thousands of accounts that had been compromised and were sending out spam after being infected with malware Koobface/Win32. The only advise symantec gives is make sure bluetooth isn’t turned on. There’s no sign of infection on the phone, plus no initial sign of hellotwitface being the culprit.
Of course it isn’t the first time twitter’s been hacked. Back in july drabdavid wondered if twitter had been hacked. Although this was because of all the porn followers that that appear out of no where and do not tweet. I suspect that’s just bot account creation though.
Although perhaps someone has guessed the password to a twitter staffer again and has managed to use the account to send out tweets with thousands of accounts. The staffer compromise happened earlier this year and thetechherald has a bit more detail about the account compromisation and how the news broke as someone posted images of how they got the staffers password through social engineering. So does ZDNET which details how the person got onto the account in the first place and promptly offered access to various high profile accounts back in January.
I’ve always felt that you do need a bit of psychology to be able to get past peoples barriers to get at secure system. The greatest danger to the security of any system is always the human element.
It’s very embarrassing being told that your method of communication is being hacked. I remember losing my mobile and thinking I’d left it in my flat. I only got alerted to the fact that someone else was using my phone by my partner when he got rude messages from my phone that were completely out of character. Of course they’d signed my phone for porn and I had to change my mobile number. So I feel I’ve got off lightly this time.
Regardless of what’s happened or how it’s happened, I’ve changed my password. Deleted the tweet and explained what happened to my few followers. I’m just waiting to see what happens with my facebook account. In fact I think I’ll head over there and change the password on that too . Then I’ll need to put a lock on my phone.
Protecting your Online Presence
It’s no longer a question of whether you should go on-line, but how, and as with anything else, there is a range of products and service levels that vary in price and quality. Sometimes a cheap service wih occasional downtime for web pages or email is fine - for example, a site for a hobby or a local pub band. For business purposes, being online is more than just advertising, it is also a vital means of communication. So companies need to be careful how they buy!
The term ‘online presence’ simply means that a company has agreed to display your web pages and accept mail on your behalf. These companies are called ‘hosting providers’, and they have computers in air-conditioned data centres who do this job for many companies at once.
If you’re shopping around for a hosting provider, ask them what happens when:
- The Hosting Provider’s machines stop working (do they have spares?)
- Lines to the Hosting Provider’s data-centres are cut (Do they have alternatives)
- The Hosting Provider goes out of business (Will you lose your email?)
Then there is your domain, the words after the @ sign in your email address, and after the “www.” in your web address. For example, http://www.bbc.co.uk. Do you own your domain? If you do not own your domain then you can’t control what happens to it, and if you’re not happy with your current website or email provider (or they go out of business) then you can’t easily move that domain to be hosted by a new provider.
If you search the web for ‘whois’, you will find websites that run the whois tool on their website for you to list information about a domain. You put in the name of a domain e.g. ‘bbc.co.uk’ and can find out who it is registered to and who has the rights to administer it.
If you find that you do not own your domain then follow these steps.
- Contact who set up your website and ask them to arrange to put the registrant information for your domain in your or your companies name.
- Ask them to change the contact email for the registrant in your email address.
- If you have no joy with this, then you can contact the registrar directly. Different registrars have different procedures so you may have to contact the, directly to find your position
- Contact the registry for the domain (for .co.uk domains the registry is nominet)
- Consider asking help from another Hosting Provider.
Unfortunately it’s often not until a website owner would like to change providers that they find out that their movements are restricted. It can take longer to move a website to another provider if your last website provider has entered in the wrong details in the domain owners (registrants) area in the domain listing.
You can prevent that just by checking if you own domain. This can help to remove a possible issue or threat to your business.
Originally Published in Kirknewton Konnect Directory as Esther Payne, Operations Manager, Gladserv Limited.
Domain hosting pain
A friend of mine registered a domain with a large on-line provider. Then she asked for help from her friends for advice on hosting her website. She’s not a technical web expert, so this is perfectly reasonable.
I responded with what I did and that fact that I work for a hosted services company and we were a nominet registrar like the large online provider. She didn’t know that the work I did involved that.
I also gave her some advice regarding the fact that the large provider would probably provide web-hosting as part of the deal or for a bit extra per month. Of course I did also tell my friend that we could host the web site and email, although it would be easier for us to administer the hosting and any backend changes (like moving a server or changing to a shiny new one) if we were the registrar for the domain and could look after the DNS records directly. Otherwise there there would always be an additional delay in any domain changes. Either way it was up to her.
My friend decided that she would prefer my company hosting it as at least she can trust me. Meanwhile she had a rather frustrating afternoon trying to get the password to access her current hosted providers cpanel as they had not sent the password yet. She is also trying to get them to change the tag to us. The provider should do this for free, but not everyone does. A domain owner can change the tag through nominet itself (if the domain is a uk top level domain). However this can cost 11.50 per domain. This I suspect is because an ordinary domain owner is not a member of nominet so there is a charge.
The help desk for this company also charged 50p for phoning their support. Their online pages were also running rather slowly (during office hours). Needless to say my friend is less than impressed with their service so far. My friend still doesn’t have her control panel password.
What annoys me is that if I thought to actually let people know what I do and socialise more both online and offline, I could find out what my friends need and either help them directly or point them at the appropriate resources.
So for a start I’m posting an article that I wrote for a local magazine. It’s a basic article and not very technical.
At somepoint I will also put the link here to my personal blog. I’ve been under a rock for a bit too long, and it’s caused some pain points for others who did not necessarily have to go through the frustration.
