Archive for the ‘twitter’ Category

Hack or hoax? Jester brags of QR code smartphone attack against Anonymous

Posted: 14/03/2012 in All Teched UP!, Anonymous, Cyber Crime, Geek Stuff, Hacking, twitter
Tags: , , , , ,
0

With the huge popularity of smartphones, two-dimensional barcodes called QR codes are beloved by marketers and are being targeted by hackers and spammers. A user simply scans the QR code with a mobile device and is then directed to a website. The QR codes may be linked to coupons or special offers, but “if people see a random QR code that’s not connected to anything, just a sticker on the wall, they’re going to scan it because they want to know what the heck it is.” Damon Petraglia, Chartstone director of forensic and information security services, told Dark Reading, “The biggest risk is that people cannot deny their own curiosity.” As is becoming increasingly common, “attackers depend on that curiosity and the innate obfuscation of QR codes to craft their attacks.”

Curiosity is exactly what “pro-American hacker” The Jester was banking on when he changed his Twitter avatar into a QR code attack. There’s been plenty of ire and support in the past for what @th3j35t3r tweeted. The “hacktivist for good” is best known for DDoS attacks to disrupt pro-Jihadist sites as well as his contempt for Anonymous. The Jester blogged, “Anyone who scanned the QR code using their mobile device was taken to a jolly little greeting via their device’s default browser hosted on some free webspace. The greeting featured my original profile pic and the word ‘BOO!’ directly below it.”

He claims to have exploited the open-source software Webkit which is built into web browsers for mobile phones. This is precisely the same vulnerability exploited in Mobile Rat, turning Android into the “ultimate spy tool” as was demonstrated at the RSA conference. The Jester called the hack “a highly targeted and precise attack, against known bad guys.” The Register reported, “‘Enemies’ of the hacker listed as targets included @AnonymousIRC, @wikileaks, @anonyops, @barretbrownlol (the Twitter address of sometime Anonymous spokesman Barrett Brown) and @RepDanGordon (Rhode Island State Representative Dan Gordon) and others. Gordon made it onto The Jester’s hit list for his comments on Twitter referencing Anonymous in what The Jester saw as a sign of approval for the hacktivist group.”

“Creepy? Only if you are naughty,” The Jester blogged. The “‘curiosity pwned the cat’ sting went on for 5 days un-noticed,” during which the QR code was scanned over 1,200 times and “over 500 devices reverse shelled back to the listening server.” The hacker added this was a “Proof of Concept QR-Code based operation against known bad guys, the same bad guys that leak YOUR information, steal YOUR CC nums, and engage in terror plots around the world.” The Jester posted an encrypted 143-megabyte file with all the extracted data to the file-sharing site MediaFire.

“As far as LEA’s [law enforcement authorities] taking an interest in me, we will have to wait and see,” he told SecurityNewsDaily. After being “reminded that Twitter was receiving subpoenas for information on users, The Jester replied, ‘There is no identifying information held in my profile, and I never connect even close to directly. It’s a rule of mine’.”

It’s a hoax, a mind game, all “bluff and bluster,” Heise Security reported. “The technical details of the hack given are, however, not credible. The security vulnerability he claims to have exploited, CVE-2010-1807, has been in the public domain since autumn 2010 and was fixed in most browsers shortly thereafter. That does not sit well with his claimed success rate of 40 per cent of visitors. Similarly, he claims that a single exploit was able to bypass the security mechanisms present in multiple versions of iOS and Android. A more likely explanation is that The Jester is playing mind games with his enemies.”

But it’s not impossible as mobile malware via tainted QR codes have been spotted in the wild. AVG Technologies chief technology officer, Yuval Ben-Itzhak said, “Putting a malicious QR code sticker onto existing marketing material or replacing a website’s bona fide QR code with a malicious one could be enough to trick many unsuspecting people.”

Tomer Teller, security evangelist at Check Point Software Technologies, said it’s basically a “drive-by-download attack, where a user scans a bar code and is redirected to an unknown website. This website hosts modified exploits of the original jailbreak. Once visited, the user phone will be jailbroken and additional malware could be deployed [such as keyloggers and GPS trackers].” Teller told Dark Reading the attacks work against iOS and Android, but the Android “is more susceptible to QR code attacks.”

Source:  http://blogs.computerworld.com

Who Tweeted the Raid on Bin Laden and Didn’t Know It?

Posted: 02/05/2011 in General, In The News, twitter
Tags: , , , , , ,
0


 Yesterday Sohaib Athar (@ReallyVirtual on Twitter) was just a “an IT consultant taking a break from the rat-race by hiding in the mountains”, specifically Abbottabad, northern Pakistan.

The IT contractor and graduate of Preston University (which would account for his excellent British-sounding English) also says he’s a ‘startup specialist’ on his LinkedIn profile.

But today he will become known as the guy who, while live-tweeting a series of helicopter flypasts and explosion, unwittingly covered the US forces helicopter raid on Osama Bin Laden’s compound. And he knows it. Here’s a selection of his Tweets:

Helicopter hovering above Abbottabad at 1AM (is a rare event).
Go away helicopter – before I take out my giant swatter :-/
A huge window shaking bang here in Abbottabad Cantt. I hope its not the start of something nasty :-S
@m0hcin all silent after the blast, but a friend heard it 6 km away too… the helicopter is gone too.
@m0hcin http://bit.ly/ljB6p6 seems like my giant swatter worked !
@m0hcin the few people online at this time of the night are saying one of the copters was not Pakistani…
RT @han3yy: OMG :S Bomb Blasts in Abbottabad.. I hope everyone is fine 😦
Since taliban (probably) don’t have helicpoters, and since they’re saying it was not “ours”, so must be a complicated situation #abbottabad
The abbottabad helicopter/UFO was shot down near the Bilal Town area, and there’s report of a flash. People saying it could be a drone.
@wqs figures, if they have the right to shoot planes flying over the president house, the must have the same instructions for PMA
@smedica people are saying it was not a technical fault and it was shot down. I heard it CIRCLE 3-4 times above, sounded purposeful.
@tahirakram very likely – but it was too noisy to be a spy craft, or, a very poor spy craft it was.
Here’s the location of the Abbottabad crash according to some people >>> http://on.fb.me/khjf34
Two helicpoters, one down, could actually be the training accident scenario they’re saying it was >> http://bit.ly/ioGE6O
and now I feel I must apologize to the pilot about the swatter tweets :-/
And now, a plane flying over Abbottabad…
Interesting rumors in the otherwise uneventful Abbottabad air today
Report from a taxi driver: The army has cordoned off the crash area and is conducting door-to-door search in the surrounding
@kursed What really happened doesn’t matter if there is an official story behind it that 99.999% of the world would believe
@kursed Another rumor: two copters that followed the crashed one were foreign Cobras – and got away
Report from a sweeper: A family also died in the crash, and one of the helicopter riders got away and is now being searched for.
@kursed Well, there were at least two copters last night, I heard one but a friend heard two, for 15-20 minutes.
@kursed I think I should take out my big blower to blow the fog of war away and see the clearer picture.
RT @ISuckBigTime: Osama Bin Laden killed in Abbottabad, Pakistan.: ISI has confirmed it << Uh oh, there goes the neighborhood :-/
I need to sleep, but Osama had to pick this day to die :-/
Uh oh, now I’m the guy who liveblogged the Osama raid without knowing it.
and here come the mails from the mainstream media… *sigh*
Follow me on Twitter @ http://twitter.com/alancain

8 Must-Have Twitter and Facebook Add-Ons

Posted: 09/03/2010 in Facebook, twitter
0

By no means are Twitter and Facebook perfect: You might wish that Facebook made it more intuitive to hide FarmVille or certain status updates. Or, maybe you wish that Twitter would introduce a new feature like nested tweets. Good news: For many of these website tweaks or suggestions, there’s likely to be a script you can download to fit the bill.

Here are my top eight picks for Facebook and Twitter add-ons. Many of these solve common user gripes (such as not knowing to what site shortened URLs will bring you on Twitter). Some, like “Facebook Fixer,” enhance the site and allow you to customize it beyond standard options. Do note that most of these scripts require that you first download Greasemonkey, and not all are compatible with every browser, so be sure to check the requirements before you download a script.

1. Facebook Fixer.

This script lets you customize your Facebook account and offers many features that are enabled by default, but can be enabled or disabled independently. Some of these features include: larger profile and album pictures; homepage customization where you can hide independent sections such as pokes, suggestions and “connect with friends”; and calendar integration, which includes a link on each profile that synchs birthdays with Google Calendar, or the option to export a file with all your friends’ birthdays, which can be imported into sites such as Google Calendar, Yahoo, Apple iCal, Microsoft Outlook and more.

2. Facebook Purity.

The Facebook Purity script cleans up your homepage and removes all newsfeed items from third-party games such as Mafia Wars and FarmVille, and zaps announcements on who’s become friend with who, who’s attending a certain event, who joined a group and who became a fan of something. Optional items you can block include: comments on a status, photo, photo album or link; tags in a photo or photo album; and event postings.

3. Unfriend Finder.

Ever wonder if you’ve been dropped by a Facebook friend? Every time you log in, the script checks to see if someone is missing from your friend list. When the script detects someone is no longer your friend, you get a notification and a bubble counter in the Facebook toolbar. There are two types of “unfriends:” Either you removed them from your friend list or they removed you (but they’re still on Facebook), or they deactivated their account and are no longer on Facebook. If they reactivate their account, you’ll also be notified.

4. No Facebook Ads.

If you’re tired of the age-targeted ads Facebook runs, take advantage of this script. Downloading it will remove ads from your Facebook account-including flyer ads, network ads, bumper ads-leaving its appearance a lot cleaner.

5. TinyURL Decoder.

While URL shorteners do save space on Twitter, you’re often clicking at your own risk-phishing scams and spam-laden direct messages are becoming more and more common on the microblogging site. This script decodes the shortened URLs on Twitter’s website and displays the original URL, so you can decide whether or not to click.

6. Nested Twitter Replies.

Twitter’s website still only allows you to view @replies in a list, which can be confusing if you’re trying to follow a conversation. Applying this script automatically displays tweets in a nested conversation format, making it easier to follow.

7. @Troynt’s Twitter Script.

This Twitter script does it all. Among its many features: expansion of Links in tweets; inline inclusion of YouTube videos and Twitpic images; nested tweets; option to save, reply to or retweet a tweet when you hover over it; autocompletion of a username when you begin typing “@” in a tweet and much more.

8. Twitter Old Style RT Emulator.

If you hate Twitter’s retweet button and long for the old method, this script will convert all retweet symbols and user pictures into “RT @username.” Note that this script only works in Safari and Firefox.

How to Customize Your Business’s Twitter Background

Posted: 27/01/2010 in twitter
0

If your business maintains a presence on Twitter, chances are you have a logo or other branding in your profile picture. You can take this one step further by creating a custom background for your Twitter page that expresses more about your business identity.

Twitter allows you to upload any image as your profile background, but in order to use this feature effectively you need to know a bit about how Twitter lays out its page, and where you should include your design elements.

Hiring a professional graphic designer is always the best route to go if you want your profile to look clean, original, and eye-catching.  But if that’s not in your budget, or you’re into do-it-yourself design, here are some tips.

Use an Image Editor

To create your background, you’ll need an image editor, preferably one with layering and compositing tools.  Photoshop is best suited for the task, but there are a few comparable online (and free) alternatives.

Gimp is a free, open-source image editing and compositing tool that has many of Photoshop’s abilities and filters. Aviary‘s Phoenix is another great free tool that is entirely web based.  You can edit and layer images in a Photoshop-like environment right in your web browser and save the results to your desktop. Photoshop.com also offers a free, “light,” web-based version of the popular software.

Lay Out Your Background

Once you’ve chosen your tools and have your ideas, take a moment to understand how a Twitter profile page is formatted and build your design from there.

Page Dimensions: Twitter houses its content in a 760 pixel column in the center of the page.  This element remains constant for anyone viewing your profile on the web.  The amount of space left for the background will depend on the resolution of the monitor on which it is being viewed.

To ensure that your background image will not be cut off or overlapped by Twitter’s content column at varied resolutions, use a large image size for your background.  A safe bet is 1680 x 1200 pixels.

Maximum File Size: 800 KB JPEG, GIF, or PNG

Layout: When designing your background, leave about 65 pixels at the top of your image for the Twitter logo, and utilize a width of about 200 pixels at the left for your key design elements (logos, text, etc.).

It’s important to note that Twitter will align the background image to the top-left of the page, so focus your main content there and place it as far to the left as possible.  This will ensure that viewers at lower resolutions won’t lose half of your logo behind the content column.

There are a few tools that can help you determine what your layout will look like at different resolutions. To quickly determine your own resolutions as a reference point, check out whatismyscreenresolution.com. FireFox users can install the Web Developer add-on which will resize your browser at common resolutions.  You can simulate how others may be viewing your page. Screen-resolution.com is also a handy tool for popping URLs into resolution-specific browser windows.

Add your background to Twitter by logging into your account on the web and clicking Settings > Design > Change Background Image, and then browsing for your file.  Once you upload, you can see your design in action and get a sense of any layout changes you may need to make.

Also, be sure to choose text and link colors that compliment your background.

Design Tip: Don’t clutter your background with too much information. Because URLs are not clickable in a background, this space is best suited for logos, photos, or other clean graphic elements that express what your business is all about.

Have you designed your own Twitter background? Tell us more about your experience and share a link to your profile in the comments.

Twitter’s List Of 100 Banned Passwords

Posted: 29/12/2009 in twitter
Tags: , ,
1

Twitter appears to have learned from its security scare earlier this year and seems to be taking password security more seriously than most Internet services.

TechCrunch and a few other people noticed this list of 370 passwords that Twitter bans its members from using when they sign up for new accounts. They range from the obvious — “password,” “twitter,” etc. — to the obscene and bizarre.

Why ban them? They’re very easy for humans and brute-force hacking scripts to figure out, making it easier for people to get access to your account. On Twitter, this can be embarrassing. On other sites, this can be very costly.

A good, strong password is long, has multiple numbers and letters, mixes upper and lower case, and includes special characters like ! or &. Different sites use different security techniques, and might not allow some characters. But in general, the harder to remember, the better! (Which doesn’t help when you forget your password, of course.)

Here’s the full list of banned Twitter passwords, via TechCrunch:

FOLLOW ME ON TWITTER

1. 111111
2. 11111111
3. 112233
4. 121212
5. 123123
6. 123456
7. 1234567
8. 12345678
9. 131313
10. 232323
11. 654321
12. 666666
13. 696969
14. 777777
15. 7777777
16. 8675309
17. 987654
18. aaaaaa
19. abc123
20. abc123
21. abcdef
22. abgrtyu
23. access
24. access14
25. action
26. albert
27. alexis
28. amanda
29. amateur
30. andrea
31. andrew
32. angela
33. angels
34. animal
35. anthony
36. apollo
37. apples
38. arsenal
39. arthur
40. asdfgh
41. asdfgh
42. ashley
43. august
44. austin
45. badboy
46. bailey
47. banana
48. barney
49. baseball
50. batman

 51. beaver
52. beavis
53. bigdaddy
54. bigdog
55. birdie
56. bitches
57. biteme
58. blazer
59. blonde
60. blondes
61. bond007
62. bonnie
63. booboo
64. booger
65. boomer
66. boston
67. brandon
68. brandy
69. braves
70. brazil
71. bronco
72. broncos
73. bulldog
74. buster
75. butter
76. butthead
77. calvin
78. camaro
79. cameron
80. canada
81. captain
82. carlos
83. carter
84. casper
85. charles
86. charlie
87. cheese
88. chelsea
89. chester
90. chicago
91. chicken
92. cocacola
93. coffee
94. college
95. compaq
96. computer
97. cookie
98. cooper
99. corvette
100. cowboy