For the second time in a week, a worm has managed to crawl through Twitter's microblogging infrastructure and post malicious links.
The worm worked its malicious mojo behind the scenes. When a user would click on a link reading, "WTF: <link>" they would be shown a blank page. But while they were staring at an empty page, the worm would get busy posting vulgar messages to Twitter from the victim's account.
Twitter was aware of the problem, and as of Sunday evening said they have "fixed the exploit and are in the process of removing the offending Tweets."
Good news, Twitter junkies, it's now safe to return to your normal 140-character microblogging about whatever's on your mind without fear of falling prey to a nasty XSS attack that was running rampant yesterday.
"The exploit is fully patched," Twitter announced in a status update early this morning.
Things are looking grim for the once king of social networking, MySpace. The site's numbers have been plummeting since Facebook and Twitter started to really gain traction. In December of 2008, MySpace had 43 billion page views. Last month they were down to only 12 billion according to ComScore. But on October 15, MySpace is expected to take one last stab at this whole social networking thing with a complete redesign of the site.
The new design is being called Project Futura internally. It is described as a much lighter interface. It will have less clutter and will focus on the news stream. Sound like any wildly successful website you know? Parent company News Corp. is expected to be keeping a close eye on the project. It's no secret that the value of MySpace has plummeted since it was acquired.
Can a redesign, however needed, stop the bleeding? It might just be too late for MySpace. With Facebook and Twitter both growing by leaps and bounds, News Corp. might be looking at an unpleasant reality in the coming months.
Twitter co-founder Evan Williams let it slip in (what else) a tweet yesterday that he paid $7,500 for the twitter.com domain name back in 2006. After four years, and millions of users, that domain name is one of the most valuable in the world. Even by traditional methods of measurement, twitter.com is hugely valuable thanks to the 78% share of total twitter traffic it gets.
It's not only a bargain because of the success the company has had, but the old name of the service was pretty terrible. The original "Twttr" domain is still active and redirects to twiter.com. Twttr, with the dropped letters, feels unmistakable and stereotypically web 2.0. Have you ever paid a premium for an existing domain name?
Excuse us a moment while we die a little inside, an inevitable result of learning that teen pop idol Justin Bieber consumes 3 percent of Twitter's resources at any given time. Dude even has his own servers.
"Any any moment, Justin Bieber uses 3% of our infrastructure. Racks of servers are dedicated to him. - Twitter employee," Dustin Curtis tweeted.
Twitter sent out an email on Wednesday announcing a couple of upcoming updates, one of which includes automatic t.co link wrapping. In the coming weeks, Twitter's link wrapping service will intercept all URLs posted on the microblogging service and convert them into shorter, easier to read URLs. So what exactly has privacy mavens up in arms? This little tidbit:
"When you click on a wrapped link, your request will pass through the Twitter service to check if the destination site is known to contain malware, and we will then forward you on to the destination URL ... When you click on these links from Twitter.com or a Twitter application, Twitter will log that click. We hope to use this data to provide better and more relevant content to you over time," the microblogging site said.
Even so, this will come as little consolation to privacy advocates who view this move as a "disgusting data landgrab."
It seems TweetDeck is the latest target of unscrupulous internet fiends. Just weeks after seeing a fake TweetDeck app show up in the Android Market, hacked Twitter accounts are spewing out links purporting to be an update to the popular Twitter client. As TweetDeck notes on their website, "These tweets are from hacked accounts and this file does not come from us. Do not download it."
The scam tweets are usually packed with some sort of phrase making them seem more authentic. The tweets may read, " Download TweetDeck udate ASAP!" or, "Sorry for offtopic, but it is a critical TweetDeck update. It won't work tomorrow!" It is unclear what the download does, but users that fell for this are advised to run a full virus scan of their computer, and have it serviced if need be.
Have you seen these tweets floating through the social web? Do you know anyone that fell for it? We can't find any victims 'round here.
Smartphones are really amazing devices. They do so many things that many people can't really keep track of all of them. Such is the case with the geotagging of images many smartphones do by default. A new site called "I Can Stalk U" is parsing Twitter in search of geotagged photos. The information then shows up in the stream on the site.
Now that phones have both GPS and cell network location services, it's easy to add geographical information to the EXIF data every time a picture is snapped. Most of the time, users are expected to turn this off if they do not want their location stored. I Can Stalk U is the brainchild of security researchers Ben Jackson and Larry Pesce. They explain that the site is aimed at raising awareness regarding what people are really telling the world at large about their movements.
This site is not unlike the now defunct Please Rob Me, which consisted of an aggregation of everyone that Tweeted they were not at home. In the case of I Can Stalk U however, it's not about the blatant statements people are making, but rather about data they might not know exists. Have you ever posted an image someplace only to realize you'd posted your location?
You know that Facebook 'like' button you're seeing everywhere? Well, Twitter is about to follow suit by releasing an official Tweet Button for sharing content you find online. Leaked documents suggest the button could start showing up as soon as Thursday. The button is available in three sizes, with five different display customizations. This single line of code can be added to any page, allowing users to share it over Twitter easily. The button will also be a way to track how many people are retweeting a page.
Tweetmeme is the company currently running most of the twitter button embeds you currently see around. This move from Twitter certainly threatens their business model. That's nothing new for Twitter though. Be it URL shorteners, mobile clients, or buttons, Twitter might make an official option at any time.
We knew something like this was coming. Twitter couldn't get by forever just showing advertising on the website. A Twitter developer advocate has confirmed that changes are being made in the API to insert ads automatically into the stream. The system is set t o be beta tested with a small group of developers before a wide scale rollout.