Over the last 24-48 hours we are [again] seeing a DM phishing attack blowing through Twitter accounts. Are you spamming your Twitter followers with Direct Messages (DM) that contain links leading to phishing websites? Have you received a Twitter DM to a Twitter login page that isn’t the actual Twitter login page?

How would you know?

One quick way is to filter tweets on yourself by using the @’youaccountname’ link to the right on Twitter’s home page. Do you see tweets from you, but in fact not from you? If you answered yes, your Twitter account may likely be compromised.

The number of ways your Twitter account is susceptible to hacking possibly depends on more than one factor. Here’s Twitter’s guidance on compromised accounts:

Reset your password and Revoke Connections
1. Reset your password. if you can log into your account, please change your password immediately from the Passwords Tab in your Account Settings. You can also use the Twitter password reset feature to request an email with instructions for resetting your password. Select a strong password you haven’t used before.

2. Revoke connections. Once you’ve logged in, visit the Connections tab in Account Settings. Revoke access for any third-party application that you don’t recognize.

3. Update your new password in your third-party applications. If a trusted external application or widget uses your Twitter password, be sure to update your password in the application. Otherwise, your account may be temporarily locked.

If You Still Can’t Access Your Account
1. Request a password reset: If you can’t get into your account, try to reset your password first, using both your username and email address. Be sure to check all your email inboxes if you’re uncertain which email address you associated with your account.

2. Contact support from the email you created the account with: If you still can’t get in, contact us by submitting a Support request.

Please be sure to include in your request:

Your username
Any email addresses you think might be associated with your account
The last date you had access to your account
The phone number associated with the account (if you verified your phone)

Protect your Account with Simple Precautions!
If you think your account was hacked and you’re able to regain access, please make sure to:

Delete any remaining, unwanted Tweets.
Scan your computers for viruses & malware, especially if unauthorized tweets continue to be posted after you’ve changed the password.
Always use a strong, new password you don’t use elsewhere and would be difficult to guess.
Visit our Safe Tweeting page for more information on avoiding hacks and phishing.

How Accounts Become Compromised (Did somebody hack me?)
Accounts may become compromised if you’ve entrusted your username and password to a third-party application, or if your Twitter account is vulnerable due to a weak password, viruses or malware on your computer, or a compromised network

Unexpected updates don’t always mean that your account was hacked. Occasionally, a third-party application can have a bug that causes weird things to happen your account. If you see strange behavior, changing your password and revoking connections will stop it, as the application will no longer have access to your account.

It’s best to take action as soon as possible if updates are appearing in your account that you did not intend to have posted or approve. You can find more information about Account Security on the Safe Tweeting help page.

Tweet safely.

Related Posts

No related posts.

Even our gracefully fast cellular internet connections in Japan still present one significant roadblock to accessing data through web-based applications: No network – No productivity.

Can a web-app ever replace a native smartphone app? Not likely without significant enhancements in cellular and Wi-Fi infrastructure.

Take Google Apps for example. We all know that Google is a heavy pusher of their web-based applications. With tools like Gmail, Google Docs, Google Calendar and that OS-killing Chrome, Google in fact does a great job rolling out it’s web app offerings.

Unfortunately though, Google has a hard time pushing the majority of its web apps without a continuously live internet connection.

With smartphones [like the iPhone] growing in popularity and not expected to go away anytime soon, it seems wise for developers like Google to build apps that integrate natively and allow some [hopefully large] degree of offline synchronization — similar to the way Google allows the iPhone mail app to act as a Gmail client.

Granted, internet connectivity has come a long way since the days of 28.8 Kbps modem dial-ups to Sprynet. And albeit much better now, there’s no such thing as ‘always on’ connectivity as it relates to cellular.

So for now, Google Apps and other web-apps for smartphones will continue to suffer that common web app dilemma: No network – No productivity.

Related Posts

No related posts.

With Adobe’s latest crasher bug going on two years after being discovered, Adobe finally released a statement saying they in fact dropped the ball during software development of Adobe Flash 10.

Did Adobe just ignore a well known and significant flaw in their software and in turn ship a degraded Flash player out to the masses?

Emmy Huang, Product Manager for Adobe Flash Player, blogged it like this:

We picked up the bug as a crasher when it was filed on September 22, 2008, and were able to reproduce it. Remember that Flash Player 10 shipped in October 2008, so when this bug was reported we were pretty much locked and loaded for launch. The mistake we made was marking this bug for “next” release, which is the soon to be released Flash Player 10.1, instead of marking it for the next Flash Player 10 security dot release. We should have kept in contact with the submitter and to let him know the progress, sorry we did not do that.

It’s really difficult to believe that a software bug of this magnitude, one that crashes a widely used product like Adobe Flash, would fly under the development radar and do so for nearly 18 months on a small oversight.

“Locked and loaded for launch”? This type of product flaw should have never ‘knowingly’ made it to the consumer. FAIL.

Related Posts

No related posts.

Apple fanboys across the globe are ready to blindly plunk down cash on what’s being billed as a technology game changer. Enter…Apple’s magical tablet.

“Apple is holding a “special event” on Jan. 27 to “come see our latest creation,” with invitations being sent out just seconds ago. 10am PST, at the Yerba Buena Center for the Arts Theater in San Francisco.” –Gizmodo

We’re already guessing this is a touch-screen type computer that looks and feels like an overgrown iPhone.

Will it be called an iSlate? Are you buying one? Two?

Apple’s announcement coming in less than 48 hours.

Related Posts

No related posts.

People with bosses usually either want to do 1 of 2 things to him (or her, but for the purposes of this article, let’s stick with him): impress him or annoy him without being obviously annoying. Here’s how to pimp your Excel worksheet to either impress him or annoy him, whichever it is you feel like doing. Who knows, you may even be able to use it at work.

To activate Data Validation, go to the ‘Data’ menu on the Menu bar and select ‘Validation…’.

Basically, Data Validation allows you to set what you want the value in the selected cell to be. It could be a number, text, or a whole number. By default, it’s set to ‘Any Value’, allowing the user to input anything that they want in the cell. Here’s the breakdown of the options:

Whole Number / Decimal

Selecting the ‘Whole Number’ option restricts the user to only entering a full number into the cell and not letters or fractions like 1.244. If the user attempts to put in anything other than a full number, an error message will appear, thus annoying him to bits, as such.

Likewise, the ‘Decimal’ option restricts the user to only entering numbers into the cell. This gives the user more flexibility, as they can input both whole numbers and fractions. Anything else will result in an error message.

These options can only be set to allow a specific range of numbers, like ‘between’, ‘greater than’, ‘equal to’, etc. This is great if you’re one of those people who create quizzes on Excel in their free time, but if you want to allow any number, you could always just set it to a minimum of 0 and a maximum of 1,000,000,000.

List

The ‘List’ option is far more interesting and has the potential to totally impress your boss instead of annoy the hell out of him when he tries to enter something and Excel doesn’t let him. Activating the ‘List’ function creates a dropdown box where the values are made up of things that you specify. This has the potential to impress anyone with anything less than an intermediate level knowledge of Excel functions, i.e. anyone above the age of 40.

To input the list of what you want the dropdown box to say, click the ‘Source:’ box and select the cells you are using as a reference.

The drawback of this function is that the values that you specify have to be kept somewhere in the same worksheet. You can’t even create a separate worksheet for the data because it has to be in the same one.

For this option, there’s a box called ‘In-cell dropdown’. Un-checking that box will get rid of the dropdown list but still restrict the values entered into the cell to whatever you want it to be. If your box tries to put in something other than what you choose, an error message will appear and annoy the hell out of him.

Date / Time

The ‘Date’ and ‘Time’ options are exactly like ‘Whole Number’ and ‘Decimal’ in that the user can only enter dates in a mm/dd/yyyy format and times in 00:00 format. Anything else will create an error message or appear as a date or time.

Text Length

The ‘Text Length’ option allows you to set how long you want the entry to be. For example, if you’re asking your boss to fill in a report on your performance and you want him to write ‘Awesome’, you could set it to 8 characters and drop psychological hints by using the word ‘Awesome’ frequently around him. “Isn’t this pen awesome?” “How awesome was that Tiger Woods thing?”

Custom

Of course, a much easier way would be to set it so that he can only type ‘Awesome’ and nothing else. But seriously, you can customize the cell according to whatever formula you want using the ‘Custom’ option.

That’s that. On the next episode of Pimp Your Worksheet, we work on other visual effects, like creating scroll buttons. Who knows, we may even make it to pimping charts one day. Excel Pimp Out!

Related Posts

No related posts.

Kevin Kutz, Director of Public Affairs at Microsoft, said in a statement today that Microsoft will comply with an injunction just upheld against the software behemoth that would have forced Microsoft Word and Microsoft Office off store shelves by January 2010.

“With respect to Microsoft Word 2007 and Microsoft Office 2007, we have been preparing for this possibility since the District Court issued its injunction in August 2009 and have put the wheels in motion to remove this little-used feature from these products. Therefore, we expect to have copies of Microsoft Word 2007 and Office 2007, with this feature removed, available for U.S. sale and distribution by the injunction date. In addition, the beta versions of Microsoft Word 2010 and Microsoft Office 2010, which are available now for downloading, do not contain the technology covered by the injunction.”

Read the full statement at Microsoft Presspass.

Related Posts

No related posts.

The holiday season is almost upon us and many of you might be trying to think of a gift to give someone, or maybe you’d like to add something to your own wish list. Every year we see more and more tech gadgets coming out that can help us with the daunting task of keeping ourselves in good health. And why not? After all, health is of paramount importance in living a happy and fulfilling life.  If you don’t agree then ask yourself this, “What will I have if I lose my health?” If you do agree then why would you not make health the number one priority in your life? Think about it. Now on to the gadgets.

Instead of buying something that will promote bad health, like a deep fat fryer to make lots of artery-clogging french fries, how about a heart rate monitor. I’ve personally used one for years and I highly recommend everyone who works out to use one, especially if you’re getting up in age. This device usually consists of a sensor on a chest strap with a receiver on a wristwatch. Being able to monitor your heart rate allows you to keep it in a safe and efficient range while not letting it get too high and overdoing it.  There are lots of different manufacturers and models with a myriad of bells and whistles available but I have only used a simple Polar, and it more than meets my needs.

If you like to know where you are, where you’ve been, and how far you’ve gone you might want to have a personal GPS tracking device. Polar also makes these along with Garmin and others. You can save routes and review them later on your home computer or online. They can also work together with a heart rate monitor so you can compare new results with those of a past workout.

There’s nothing like progress to keep you motivated.  Whether you’re trying to lose fat or gain muscle mass a body composition monitor will let you know how things are going. Tanita has a good selection of these. Not only will it weigh you but it will tell you your body fat, body water, and muscle mass percentages, and much more. These devices use Bioelectrical Impedance Analysis (BIA) to measure your body’s fat and muscle content.

Finally, if you want to keep it really simple and you’re able to walk, just do it. Walk. Aim for no less than 6,000 steps per day. A pedometer is the perfect companion to keep count for you. Simply clip it to your waist and go. It’s not very high tech, but it’s a gadget and it’s dirt-cheap.

So there you have it, a few gift ideas to help keep health your top priority. After all, once your health is gone there is nothing left. Now go have a steamy bowl of natto miso soup.

Related Posts

No related posts.

Dear iPhone and Blackberry users,

I know your phones are awesome. I know that your phones have video editing capabilities and Blackberry Messenger respectively. I know that your phones can do a gajillion things all at once. I know that your phones have their own plans from your providers.

Even so, despite being the Mobile Brat that I am, I do not want to spend every moment with you watching you play with your phone. I do not want to discuss the latest thing that you’ve discovered that your phone can do.

Dear iPhone and Blackberry users,

No, I do not think that your phone is all that. I do not think that your phone is better than mine, and I do not feel the need to get a new phone, and even if I did, it would not be yours.

Believe it or not, some people actually do not like your phone. Some people think that despite your ability to download useless battery-sucking apps and a glorified instant messenger, your phones aren’t all that.

I appreciate that you like your phone, but I like mine too. In return for not running me through every single capability of your phone, I won’t run you through every capability of mine.

If we all act responsibly and maturely, iPhone users, Berry users and Nokia users could all live in harmony. All bets are off with regard to other unfortunate (read crappy) phone users.

Sincerely,
A Nokia E71 user.

Related Posts

No related posts.

Information Assurance remains a growing field of expertise, maturing on an almost daily basis. The industry has exploded over the last 10 years even though the concepts of IA has been around since as early as the 1960’s. Although the industry and its practitioners continue to evolve, those in upper-management have a difficult time fully grasping the core principles. As in many areas of management these days, there are far too many gun-shy managers who are more concerned with appearances and perception than properly mitigating risk to the networks they are charged with protecting.

Information Assurance, like any job where managing risk is involved, is about tough decisions. Almost all information assurance choices are not cut and dry, not black and white. Security versus convenience. The vast majority of IA work resides in that gray area, where a case can be made for either argument.

The deciding factors are similar to traditional security models, with risk topping the list. Is the risk, whether small or large, acceptable? Determinations are based on a successful evaluation of the threat. Is it credible? Easy to exploit? Etc…

Risk management is a huge domain of information assurance, and one that practitioners take seriously. IA professionals regularly complete risk assessment and continually evaluate the threat. These opinions are likely regularly compiled in to reports and or briefed to management so they can make informed decisions.

How does this affect information security specifically?

Unfortunately, most in upper management subscribe to the cover your ass mentality. In the majority of cases, upper managers are far more concerned with their careers and peer relationships than pulling the trigger on difficult decisions. When it comes to brass tacks, many upper managers will weasel their way out of a tough decision to save face with their peers.

This is what I have aptly dubbed the, “I don’t want to be a dick” syndrome of information assurance. Managers, whether directly involved in IA or charged with rendering a verdict based on risk assessments performed by IA staff, opt not to make the tough, right decision. Instead, they choose to accept unnecessary risk because they don’t want to be perceived as a dick by those within their organization.

Simply put, in their eyes it is easier to maintain good working relationships with their peers than to properly protect the network. In this day and age, when networks are constantly under attack from unknown, unforeseen vectors, it is important to make tough decisions, otherwise such decisions may have unintended consequences in the future. Playing the CYA game in IA is not an adequate security posture even though it may be a popular route with ones peers.

Adding unnecessary risk to a network is dangerous and can lead to bad things(tm), especially if not properly managed. If upper management is content with taking the easy route then the IA team is going to find it exponentially more difficult to protect the network. Displaying weakness when making IA decisions is tantamount to a General displaying weakness on the battlefield – the enemy will exploit those vulnerabilities to the organizations detriment.

While it is important the IA team not be perceived as the “network Nazi’s” it must not be accomplished by evading complicated decisions when the risk is unacceptable. If there is a valid threat then the decision, while not necessarily inline with the desires of the end-users, should be fairly obvious. IA must not be a roadblock to productivity, however legitimate security concerns must be addressed rather than ignored.

So how is the “Dick” syndrome mitigated?

As I mentioned at the beginning of the article, information assurance decisions are rarely black and white. They are often times difficult, complicated and thorny. In many cases, the choices will likely piss off the end-users who will look for ways around the policies implemented by the IA team.

Being perceived as a dick is fairly easy to mitigate. Listen to your end-users and make them believe you truly care about their operations and productivity. They need to understand that their thoughts are taken in to consideration when the IA team performs risk assessments. Even though the decision to implement may not go the way they desire, if they feel as that they are part of the process then they will understand in the end.

Consistency is key. When IA decisions are constantly going back and forth it sends the wrong signals. End-users feed off of consistency and should come to know what to expect from their IA team. Fear of the unknown is one of the reasons end-users perceive their IA team as the bad guys. Inconsistency leads to uneven application of IA policies, which in turn causes confusion for the end-users. Never send mixed signals.

“NO” can not always be the first answer. When an IA team automatically responds to inquiries with “no” that ends up causing more harm than good, even if the request must be disapproved. This links back to what I mentioned about allowing the users to feel as if they are part of the process. An automatic “NO” answer is decidedly against such a mantra.

Conclusion

IA, like many professions, has its ups and downs, and is filled with days where you may feel like an asshole even though you desire to assist the end-user. Unfortunately, doing the right thing is not easy – it’s tough because the very people who you are providing a service to are staring at you, awaiting a helpful answer.

If you are charged with making difficult IA-related decisions you must think of the risk to the network before anything else. Relationships with peers, with supervisors, with subordinates, must be placed on the back burner. Failure to do so because you “don’t want to be a dick” is dereliction of duty. Placing unacceptable, unnecessary risk to the networks is self-serving and precarious.

Related Posts

No related posts.

Ever felt like getting your karaoke on but found yourself to be miles away from the nearest karaoke bar? Ever feel like singing off-key with your BFFs but found yourself to be in a totally different country? Ever go camping and suddenly feel the need to play Rock Band? Never fear, technology comes to your rescue! Mobile carriers in Thailand and USA have what they call a ‘mobile karaoke solution’, enabling users to karaoke over the phone. I kid you not. Just in case there weren’t enough people who think they’re awesome singers when they’re actually not.

Developed in collaboration by NMS Communications, Grammy Thailand and Golden Dynamics, the arrival of mobile karaoke was hailed as the future of the Idol franchise. Like a mini Rock Band, you can sing along to a song over the speakerphone and overlay the recording with your own voice. Just in case that isn’t enough, you can send the whole thing to your friends, and the song can be set as your ringtone. Or your husband’s, just to remind him of your existence everytime someone calls.

What should be less surprising to me but totally wasn’t, is that this isn’t a new application. In 2003, Nokia showcased a mobile karaoke application called air.karaoke developed by Alatto, but totally failed to make an impact on the karaoke world, despite marketing it only in Asia which should be like shooting fish in a barrel.

The next step was, of course, a TuneWiki application which allows you to do all that and then some, clearly because TuneWiki isn’t being sued enough for things like publishing lyrics online. TuneWiki is available for both iPhones and Blackberry in both paid and free versions, but sadly no version is as yet available for Symbian users. TuneWiki even lets you search for other TuneWiki users in the area, just in case you’re walking down the street and feel the need to do a duet, I guess.

So seriously, just in case you ever feel that you need to rock out at the top of your lungs while air guitaring, you totally can. But before I say goodbye to my ears and eardrums respectively, here’s a community service message: Sometimes when your family tells you that of course, dear, you have a lovely voice and you could totally be the next Mariah Carey/Jamie Foxx/Beyonce, they’re just telling you that to make you feel good and so that they can tick the box next to ‘Be A Supportive Family Member’ on their ‘Being A Good Person’ list in their head. I beg of you, listen to reason.

Related Posts

No related posts.