Criminals hijack Twitter accounts using malware that injects JavaScript code to send malicious tweets

Criminals are once again using Twitter to spread malware, this time leveraging a Man-in-the-Browser (MitB) attack to infect PCs, gain access to Twitter accounts, and send malicious tweets. Since the messages come from existing legitimate Twitter users, some are being duped as they trust those who they follow.

This particular attack, discovered by security firm Trusteer, is being carried out by injecting JavaScript code into the Twitter account pages of the victims. The malware collects the users’ authentication tokens, letting it make authorized calls to Twitter’s APIs, which it then in turn uses to post new malicious tweets on behalf of the victim.

This appears to be a localized attack right now, but there’s nothing stopping it from staying that way, according to Trusteer:

At this time the attack is targeting the Dutch market. However, because Twitter is used by millions of users around the world, this type of attack can be used to target any market and any industry.

The malware is currently sending out tweets with Dutch text such as:

  • “Onze nieuwe koning Willem gaat nog meer verdienen dan beatrix. check zijn salaris” (English translation: “Our new King William will earn even more than Beatrix. Check his salary”)
  • “Beyonce valt tijdens het concert van de superbowl, zeer funny!!!!” (English translation: “Beyonce falls during the Super Bowl concert, very funny!!!!”)
  • “topman [Dutch Bank] gaat ervandoor met onze miljoenen!! De minister heeft weer het nakijken… zie” (English translation: “CEO of [Dutch Bank] is off with our millions!! The minister is inspecting again… see”.)

It’s easy to see how the text for these tweets could be swapped out for something else in Dutch, as well as internationalized to target users in other countries around the world. While the security firm found the above texts in multiple Twitter posts, meaning the attack has been successful in getting victims to click, the good news is that the malicious links being used appear to be currently inactive.

Trusteer says the threat in question has been used in the past as financial malware that can gain access to user credentials and target their financial transactions. This particular variant appears to be geared instead to spread across Twitter.

We have contacted Twitter regarding this attack. We will update this article if we hear back.


Infographic: Foursquare’s New Tool Maps Your Check-Ins

Rewarding users with a little personalized eye-candy.

As we amass more and more data about ourselves, the big challenge will be creating tools that help us put it to use in productive, positive ways. A quantified self is not necessarily an improved one. In the meantime, though, some personalized eye-candy can’t hurt.

Foursquare launched its own visualization tool last week, letting users view their last 12 months of activity in a few different ways. In each, check-ins are represented by colorful little badges. You can sort them by date or by category, which line the badges up into orderly little rows. The latter will probably just confirm what you already know: you go out for coffee way too often.

A circular “connections” view is a little more insightful, showing all the different places you went throughout the year after checking in at a certain location. Here, you might get confirmation of things you already knew deep down but never really liked to acknowledge. You’ll be able to see, say, where you tend to check-in after sessions at the gym. Take-out food joints? Oh well, you’ve earned it, or something.

As the company wrote in a blog post accompanying the release, the tool is “just our small way of saying, ‘Thanks! We think you’re awesome.'” Also a small way of saying think how much cooler these would look if you used Foursquare more often.

Try it out for yourself here.

Facebook builds public dashboards to show real-time power and water usage levels for its data centers

Facebook has launched two public dashboards today that show almost real-time information for power usage effectiveness (PUE) and water usage effectiveness (WUE) in two of its data centers.

Users can log-in to see these two crucial metrics, alongside the external humidity and temperature, for Facebook’s data installations in Prineville, Oregon and Forest City, North Carolina.

The data is remarkable and is displayed in a way that is simple for anyone to digest. The figures down the right-hand side show the current PUE and WUE levels, and will update automatically once the counter in the top left-hand corner refills.

Screen Shot 2013 04 18 at 17.49.34 730x594 Facebook builds public dashboards to show real time power and water usage levels for its data centers

The circular graph at the top of the page is particularly revealing, however, because it provides some context for the ongoing levels. Rolling over the graph will move the needle back and forth, displaying updated figures for earlier in the day.

The data can be pulled back by up to 24 hours, although it’s worth noting that the ‘real-time’ metrics on the right-hand side run on a two and a half hour delay.

Despite this considerable lag, Facebook should be commended for providing its users with such transparency. The company first released PUE information for its Prineville data center in the second quarter of 2011, following it up with some WUE data in the summer of 2012.

On both these occasions, Facebook only provided annualized averages. These are still prevalent in the new, public dashboards, however, and will be updated as necessary.

‘Far from straightforward’

Lyrica McTiernan, a program manager for Facebook’s sustainability team, said building the dashboards was far from straightforward. Part of the problem is that the data centers haven’t been completed yet; suites are still being installed and building management systems are yet to be tested.

It’s a work in progress, which makes the publication of such data even more commendable.

“All our data centers are literally still construction sites, with new data halls coming online at different points throughout the year,” she said.

“Since we’ve created dashboards that visualize an environment with so many shifting variables, you’ll probably see some weird numbers from time to time. That’s OK. These dashboards are about surfacing raw data – and sometimes, raw data looks messy.”

So expect Facebook to mess up. McTiernan says she welcomes users to look “behind the curtain” with how the data centers operate, but to appreciate that fluctuations and minor problems might occur. This is the real world, after all, and mistakes happen.

Google has published the PUE figures for its own data centers since 2008. Such releases are only available every quarter, however, which is a far cry from the real-time information that Facebook is aiming for.

Google+ comments arrive on Blogger, shows drive to link the social network to all Google services

Google announced today that it is making Google+ comments available on its Blogger service. Similar to Facebook Comments, Google+ allows users to share their thoughts not only on the relevant post, but also to its social network, thereby extending its social reach to more of Google’s services.

Yonatan Zunger, a principal engineer on the Google+ team wrote that one of the most interesting things about blogging is reading and responding to comments. We’ve all seen people leave engaging discussions on posts, even here on TNW, and some have even led to more lively discussions elsewhere or even follow-up posts.

While Facebook may have had its Comments plugin out on the market earlier, the release of Google+ Comments on the company’s blogging platform shows that the search engine company wants a piece of the market. In a way, this separates Google from Facebook because when the latter released its commenting platform, it did not immediately have a steady stream of publishers ready to adopt it. With Google, it has a huge lineup of blogs thanks to its Blogger service and can tap into that for immediate use.

Fountain screenshot EN Google+ comments arrive on Blogger, shows drive to link the social network to all Google services

Google touts that with Google+ Comments, publishers will find that it provides at least two “important benefits”: being able to view the blog and comments all in one place, and also to help readers comment and connect with their circles.

Publishers that enable the new commenting system will see people’s activity from those directly on the site and those who are talking about the content right from Google+. Additionally, readers can leave comments specifically for those in their circle or in public depending on how comfortable they feel. In a way, the specific visibility option given by Google+, which does not appear to be on other commenting platforms. So if you’re particularly fascinated by a certain story, being able to comment but leave it to your close friends or those that you know would be fascinated by the dialogue, you can.

The comments platform also allows for tagging and threaded conversations so that particular discussions don’t get lost in the rambling.

Those with Blogger accounts can get started using Google+ Comments by visiting the corresponding tab in the Blogger dashboard. Check the item marked “Use Google+ Comments” and it will automatically appear. Don’t worry about older comments as Google say they’ll remain visible within the new widget.

It will be interesting to see how soon Google+ Comments becomes available as a plugin for WordPress, TypePad, or any other blogging platform.

Photo credit: KIMIHIRO HOSHINO/AFP/Getty Images

Connect with startups in real-time: #NYTechDay actually lets you do it.

Picture (or tweet) this. You walk into a crowded room and immediately get a notification that someone wants to meet you. Strangely, that’s kind of cool, right? And completely flattering.

A three-person team behind the scenes at the world’s largest event for startups created a portal to let you do just that. Enter Adam Carver, John Petersen and Alec Hartman, the trio of tech nerds who are the minds behind NY Tech Day (#NYTechDay). Each wanted a way to connect the early-stage startups who’re exhibitors with attendees. So they started thinking outside the box and created an exhibitor directory. In short, “we want to give startups the access they need to grow,” says Petersen, who works alongside Hartman, the senior developer for this project. Petersen is a former veteran of the financial services industry, but quickly made the foray into developing products for NYC Dev Shop, which was the starting point for this meetup.

“I started doing my research and realized that there really were no events specifically focused around startups. And that’s kind of how NY Tech Day was born,” says director Adam Carver. Only in its second year, the event has managed to land sponsors like Chobani, Vimeo and Dropbox, to name a few.

Here’s how the portal works: after registering for the event as either an exhibitor or an attendee, you you should start checking out the exhibitor directory, where you’ll find videos, bios and job postings from many startups you already know about – and some you don’t. Filter these startups by geography, level of funding, your personal area of interest: e-commerce, fashion, dating. Even Cornell’s business school drummed up a 15-person team for an exhibitor tent. “I’ve never seen anything like this at any other conference. It’s totally unrivaled,” says Carver. Um, we haven’t either.

And if you’re an LLC just starting out? “So many [newer] startups have this idea of ‘it’s too early to exhibit,” says Carver. “But even if you want to be stealth, change your name or use an alias.” More proof that it’s never too early here.

Once you step onto Pier 92 next Thursday, April 25 and check in, nearly 400 exhibitors with their own portal profiles (“think of it as an OkCupid for networking purposes,” Petersen says) can connect with you and set up a meeting time after the event has ended. It’s the perfect marriage of networking and job-hunting, assuming you’re looking. And a built-in Twitter app lives on the portal, allowing you to not only connect in real-time, but to follow up with those startups you’re inspired by.

The #NYTechDay team will be blasting out more info for the event in the next few days, so if you’re on their email list, refresh your inbox. And if you’re not? Jump on board and sign up – it’s not too late.

Finally, NY Tech Day’s Twitter account is inviting you to connect and give them a reason why you should attend. Tweet at them with a Post-It note and you could be featured, RTed, or potentially even flagged by a startup.

And don’t forget to connect with our TheNextWeb team if you’re there, too! (We’re @martharpierce and @HarrisonWeber.)

With New Platform Updates, Facebook Continues Its Mobile Developer Lovefest

Facebook kicked off the first of three developer events on Thursday, continuing its push to court mobile coders to build applications atop the Facebook platform.

Aside from continuing to boast high stats on download rates for apps built atop the platform, the company launched a series of new features and tools for its platform at the Manhattan event, aiming to make it as easy as possible for mobile developers to integrate their apps into the very fabric of Facebook.

I won’t get into the nitty-gritty, as it’s pretty nerdy stuff. But, in a nutshell, the new tools make it somewhat easier for developers to share user activity from their apps to Facebook, with features like native sharing code, a faster mobile login, and a new version of the Facebook software developer kit for iOS. Basically, more tools for mobile devs.

That matters, Facebook reminds us, because small-time developers face a constant uphill battle in pushing out and promoting their applications amid the crowded typical markets like Google Play and Apple’s App Store.

“Your app is a pale blue dot — to paraphrase Carl Sagan — in the app cosmos,” said Doug Purdy, director of platform products, at the event. “So how do you get found in that cosmos?”

Better sharing features, the pitch goes, make your app more surface-able within the Facebook network, which in turn will drive more people to the respective app markets to install your app. In addition to Thursday’s launches, Facebook has pushed updates to Timeline, the launch of Graph Search and ongoing tweaks to News Feed over the past year, all in the name of giving better placement to outside app activity.

Facebook Home questions and answers session.Benevolent of Facebook? More like a sense of enlightened self-interest. Facebook needs third-party app activity to populate its News Feed in order to keep the public inside the Facebook app, scrolling through the feed and engaged on a regular basis.

Turns out that folks like messing around with app activity and photos much more than just text-based status updates. Facebook scratches your back with better sharing tools, and you’ll scratch Facebook’s back by keeping eyeballs on the feed.

The social giant isn’t the only company trying to court developers. Facebook’s New York conference falls just two weeks after Twitter’s recent mobile developer conference. There, the microblogging service unveiled improved and expanded versions of Twitter Cards, Twitter’s developer-centric technology that better integrates outside stuff like video, pictures and stories into Twitter’s platform.

Again, the philosophy here is simple: The more content-rich a company’s stream is, the more you’ll see people stick around the product in the long run.

Now the onus is on developers to choose which platforms — if any — they’ll decide to build atop of, and how much work they’ll put into it.

Windows RT 8.1 Preview and Windows Server 2012 R2 revealed in leaked code



While Microsoft is preparing to unveil a public preview of Windows 8.1, it looks like Windows RT and Windows Server 2012 users won’t be left out of the new upgrade cycle. A recently leaked build of Windows 8.1 has revealed references to a Windows RT 8.1 Preview and Windows Server 2012 R2 in the code of some files in the operating system. Microsoft is understood to be preparing a “Blue” update for its Windows range of products, so this naming is consistent.

The mention of a Windows RT 8.1 Preview suggests that the company may also be preparing to launch a Public Preview version of its Windows RT upgrade for Surface RT and other tablets at the upcoming Build developer conference. Microsoft is preparing to detail all of Windows 8.1’s changes at the conference, alongside new features and plans for the company’s 7- and 8-inch hardware due later this year. Microsoft CFO Peter Klein recently revealed that Microsoft is working on “small touch devices” that are powered by Windows and due from OEMs in the “coming months.” Windows RT hasn’t been adopted by many OEMs, but with rumored OEM pricing changes it might be the perfect match for smaller hardware this year.

Important Stuff

Anyone who’s been in IT for more than 10 minutes knows that troubleshooting is a huge part of the job. Some item — it doesn’t matter what — breaks in a new and entirely unexpected way, and by default, it’s up to you to get it fixed. It doesn’t matter how many books you’ve read, how well you know the user guide, or what you ate for breakfast. What matters is how quickly you can connect the dots and wiggle your way out of the problem.

No book or teacher can magically pour deductive problem-solving skills into your head. What works is lots of experience falling flat on your face — and lots of pounding your head on a desk until you solve a particularly intractable problem. I’ve learned the most from incidents during which I’ve broken something so thoroughly that I have absolutely no idea how to put it back together again. That’s a gauntlet no one wants to walk, but everyone does. “The more painful the experience, the more likely you are to get wiser”.

Nonetheless, received wisdom has its place — especially if you work in a siloed IT environment or specialize in a particular domain and need to broaden your knowledge. You’ll thank yourself the next time you’re so lost and alone in the weeds even Google can’t help you.