Good news, Twitter junkies, it's now safe to return to your normal 140-character microblogging about whatever's on your mind without fear of falling prey to a nasty XSS attack that was running rampant yesterday.
"The exploit is fully patched," Twitter announced in a status update early this morning.
Prior to the patch, a flaw existed that allowed messages to pop-up and third-party websites to open just by moving your cursor over a link. The mischievous mouseover bug was widely being exploited, redirecting visitors of hacked accounts to hardcore porn sites. It was also being used to "auto-tweet" more mouseover links, affecting thousands of Twitter users before Twitter plugged the gaping security hole.
Things are looking grim for the once king of social networking, MySpace. The site's numbers have been plummeting since Facebook and Twitter started to really gain traction. In December of 2008, MySpace had 43 billion page views. Last month they were down to only 12 billion according to ComScore. But on October 15, MySpace is expected to take one last stab at this whole social networking thing with a complete redesign of the site.
The new design is being called Project Futura internally. It is described as a much lighter interface. It will have less clutter and will focus on the news stream. Sound like any wildly successful website you know? Parent company News Corp. is expected to be keeping a close eye on the project. It's no secret that the value of MySpace has plummeted since it was acquired.
Can a redesign, however needed, stop the bleeding? It might just be too late for MySpace. With Facebook and Twitter both growing by leaps and bounds, News Corp. might be looking at an unpleasant reality in the coming months.
Twitter co-founder Evan Williams let it slip in (what else) a tweet yesterday that he paid $7,500 for the twitter.com domain name back in 2006. After four years, and millions of users, that domain name is one of the most valuable in the world. Even by traditional methods of measurement, twitter.com is hugely valuable thanks to the 78% share of total twitter traffic it gets.
It's not only a bargain because of the success the company has had, but the old name of the service was pretty terrible. The original "Twttr" domain is still active and redirects to twiter.com. Twttr, with the dropped letters, feels unmistakable and stereotypically web 2.0. Have you ever paid a premium for an existing domain name?
Excuse us a moment while we die a little inside, an inevitable result of learning that teen pop idol Justin Bieber consumes 3 percent of Twitter's resources at any given time. Dude even has his own servers.
"Any any moment, Justin Bieber uses 3% of our infrastructure. Racks of servers are dedicated to him. - Twitter employee," Dustin Curtis tweeted.
Gizmodo claims that Dustin Curtis, a designer and blogger, was given his info by a real Twitter employee and that "his tweet is not a joke." But is that really true?
"At the moment, we are not making our user statistics public," Twitter insists.
Fair enough, but if it wasn't true, the microblogging service could have debunked the tweet and still held firm to its policy of not sharing user statistics. If this were an episode of Mythbusters, we'd have to at least rank this one as "Plausible."
For what it's worth, a followup tweet by Curtis claims that Justin Bieber isn't the only one with his own racks, and in fact "Most of the popular users on Twitter have dedicated servers for their accounts."
Twitter sent out an email on Wednesday announcing a couple of upcoming updates, one of which includes automatic t.co link wrapping. In the coming weeks, Twitter's link wrapping service will intercept all URLs posted on the microblogging service and convert them into shorter, easier to read URLs. So what exactly has privacy mavens up in arms? This little tidbit:
"When you click on a wrapped link, your request will pass through the Twitter service to check if the destination site is known to contain malware, and we will then forward you on to the destination URL ... When you click on these links from Twitter.com or a Twitter application, Twitter will log that click. We hope to use this data to provide better and more relevant content to you over time," the microblogging site said.
Even so, this will come as little consolation to privacy advocates who view this move as a "disgusting data landgrab."
It seems TweetDeck is the latest target of unscrupulous internet fiends. Just weeks after seeing a fake TweetDeck app show up in the Android Market, hacked Twitter accounts are spewing out links purporting to be an update to the popular Twitter client. As TweetDeck notes on their website, "These tweets are from hacked accounts and this file does not come from us. Do not download it."
The scam tweets are usually packed with some sort of phrase making them seem more authentic. The tweets may read, " Download TweetDeck udate ASAP!" or, "Sorry for offtopic, but it is a critical TweetDeck update. It won't work tomorrow!" It is unclear what the download does, but users that fell for this are advised to run a full virus scan of their computer, and have it serviced if need be.
Have you seen these tweets floating through the social web? Do you know anyone that fell for it? We can't find any victims 'round here.
Smartphones are really amazing devices. They do so many things that many people can't really keep track of all of them. Such is the case with the geotagging of images many smartphones do by default. A new site called "I Can Stalk U" is parsing Twitter in search of geotagged photos. The information then shows up in the stream on the site.
Now that phones have both GPS and cell network location services, it's easy to add geographical information to the EXIF data every time a picture is snapped. Most of the time, users are expected to turn this off if they do not want their location stored. I Can Stalk U is the brainchild of security researchers Ben Jackson and Larry Pesce. They explain that the site is aimed at raising awareness regarding what people are really telling the world at large about their movements.
This site is not unlike the now defunct Please Rob Me, which consisted of an aggregation of everyone that Tweeted they were not at home. In the case of I Can Stalk U however, it's not about the blatant statements people are making, but rather about data they might not know exists. Have you ever posted an image someplace only to realize you'd posted your location?
You know that Facebook 'like' button you're seeing everywhere? Well, Twitter is about to follow suit by releasing an official Tweet Button for sharing content you find online. Leaked documents suggest the button could start showing up as soon as Thursday. The button is available in three sizes, with five different display customizations. This single line of code can be added to any page, allowing users to share it over Twitter easily. The button will also be a way to track how many people are retweeting a page.
Tweetmeme is the company currently running most of the twitter button embeds you currently see around. This move from Twitter certainly threatens their business model. That's nothing new for Twitter though. Be it URL shorteners, mobile clients, or buttons, Twitter might make an official option at any time.
We knew something like this was coming. Twitter couldn't get by forever just showing advertising on the website. A Twitter developer advocate has confirmed that changes are being made in the API to insert ads automatically into the stream. The system is set t o be beta tested with a small group of developers before a wide scale rollout. The developers of Twitter clients like Tweetdeck and Seesmic will get a share of this ad revenue, but no exact values have been decided.
Twitter's limited use of advertising has, thus far, caused little objection. The trick will be getting enough ads in place to turn a profit, without alienating users. As for the developers, some of them stand to make quite the handy payday from this arrangement. Twitter has not clarified if displaying the ads from the API will be voluntary or not. Would you accept ads in your Twitter stream if it meant the developer got paid?
Hunch is a newly relaunched site that aims to offer users a personalized list of recommendations based on a brief questionnaire. Users log in with their Facebook or Twitter account, then answer around 20 questions to evaluate the user's tastes. Hunch then generates recommendations for movies, restaurants, music, books, products, and much more.
Hunch uses your seemingly random answers to build a profile based on what it has learned about other people. Some of the recommendations are also based on who is in your social circle, thus the Facebook and Twitter login. Most users find the recommendations eerily accurate. Some might feel discomfort at divulging this information to Hunch, but it's really not much different than what Facebook and Google already know about you.
Have you used Hunch? Let us know how good or bad the results were.