Common Paradox Tech Blog

We’ve received multiple tips right around 10 pm that Twitter was hacked and defaced with the message below.
The site was offline for a while.

We’re looking into this and awaiting on a response from Twitter.

Further updates below. Story developing

Russian security experts Kaspersky ventures a forecast for malware development in 2010 and sees new types of attacks coming our way.

That didn’t take long. Just 24 hours after Facebook began rolling out a privacy announcement and settings tool to its more than 350 million users, a number of privacy experts and security firms are already out with statements advising against using the social network’s new recommended settings, which encourage users to share more data with “everyone.”

The issue, as we highlighted yesterday, is that while Facebook is spinning the changes as “setting a new standard in user control,” another goal is clearly getting users to share more information publicly, which makes its search partnerships with Google and Bing all the more valuable. And security experts are seeing right through it.

Experts Weigh In

Here’s what the ACLU of Northern California said in the comments of our post yesterday:

“As you’ve pointed out, the ‘privacy’ changes are all about encouraging [users] to share more stuff publicly.’ It’s great that Facebook is making all users think about privacy, but we are concerned that the transition tool and other changes actually discourage or eliminate some privacy protections that Facebook users currently employ.”

Here’s what the Electronic Frontier Foundation concludes in a lengthy commentary on the changes:

“The Facebook privacy transition tool is clearly designed to push users to share much more of their Facebook info with everyone, a worrisome development that will likely cause a major shift in privacy level for most of Facebook’s users, whether intentionally or inadvertently … Even worse, the changes will actually reduce the amount of control that users have over some of their personal data.”

A spokesperson from security firm Sophos says in a statement to Mashable:

“These could be the most important clicks you ever make on Facebook. If you don’t read carefully you could find that every post you make on Facebook, and your personal information, is visible to everyone in the world who has a computer rather than just your Facebook friends.

Let’s make this clear. If you make your information available to ‘everyone,’ it actually means ‘everyone, forever.’ Because even if you change your mind, it’s too late — and although Facebook say they will remove it from your profile they will have no control about how it is used outside of Facebook.”

The company has also produced this video demonstrating the new privacy transition tool while providing some security commentary:

A spokesperson from Web security firm Trend Micro adds in a statement to Mashable:

“It’s laudable that Facebook has taken continuous interest in this, but I would remind Facebook users that it is just not a private place. If you require strict privacy for your communications, photos, etc., find some other medium to share them. I would encourage all Facebook users to read and understand the privacy guidelines to be found on the site.

Second, what gets revealed in my FB page is entirely up to me. I choose the photo, I make the comments. Striking a balance between utter security (no visibility at all, and if that’s what you need may I suggest a diary) and entirely publicly visible and archived statements (as we have with Twitter) must lie the happy medium we seek. Getting there is not going to be instant because we don’t yet know what there means.”

I like that there is controversy about these settings. It shows people at least notice that there is something going on.”

A Huge Mistake?

All of these sources are essentially saying the same thing: The privacy changes at Facebook have the potential to create significant issues for those who don’t carefully review them, which, let’s be honest, is likely to be most users.

Like other controversial decisions the company has made, Facebook surely weighed the risks and rewards of this move. Their analysis likely concluded that the benefits of being more public (and search-engine friendly) far outweighed the risk of a lot more “Scandalous Facebook photos cost so and so his/her job” stories.

But really, there’s no turning back now. Millions of users have already been greeted by the new privacy tool, made changes and/or ignored it and moved on using Facebook how they always have, unaware of the ramifications of a change they might spend 30 seconds thinking about.

If it turns out that millions of users ultimately screw up their lives somehow thanks to Facebook’s privacy settings, the stigma that gets attached to the site could end up being a catastrophic blunder that sees the site lose its seemingly insurmountable lead, much like MySpace and Friendster before it.

Reviews: Bing, Facebook, Friendster, Google, Mashable, MySpace, Twitter

Tags: facebook, privacy

Unexpof writes “A man has been arrested by the British Police Central e-Crime Unit (PCeU) accused of stealing the usernames and passwords from players of the RuneScape MMORPG. Security experts report that this is one of the first occasions when a Brit has been apprehended for “virtual robbery”, although incidents have happened in the past. For instance, the CEO of the sci-fi trading game Eve Online stole 200 billion “kredits”, which he then used as a deposit on a real-world house, and in October last year a Japanese woman was arrested by police after allegedly hacking her virtual husband “to death”.

Read more of this story at Slashdot.

Apple is currently hiring and is in search of an iPhone OS platform security manager. What does the particular job consist of? Here is the low down:

The team is responsible for secure booting and installation of the OS, partitioning and hardening of security domains within the OS, cryptographic services, and risk analysis of [...]

This is a story by the iPhone Blog. This feed is sponsored by The iPhone Blog Store.

Apple Seeking iPhone OS Platform Security Manager: What does this mean for Jailbreaking?

Phishing and worms go together like, well, fishing and worms. But unlike the latter, you’re the prey, and it can be particularly dangerous swimming in social networking waters, suggests a new report by Microsoft and McAfee.

The two software makers noted a sizable spike in phishing attacks during the months of May and June, driven in large part by hackers concentrating their efforts on social networking sites. Other popular targets included gaming sites, banking portals, and e-commerce.

While Trojans still topped the charts, Microsoft noted that worms are becoming much more prevalent, rising from fifth place in the second half of last year to now being the second most prevalent category of threats. Much of the rise can attributed to Conficker, which still has most security experts puzzled.

For those still clinging to XP, Microsoft noted that infection rates for Vista were significantly lower than for XP.

Image Credit: serc.carleton.edu

alphadogg writes “The Conficker worm has passed a dubious milestone. It has now infected more than 7 million computers, security experts estimate. On Thursday, researchers at the volunteer-run Shadowserver Foundation logged computers from more than 7 million unique IP addresses, all infected by the known variants of Conficker. They have been able to keep track of Conficker infections by cracking the algorithm the worm uses to look for instructions on the Internet and placing their own ’sinkhole’ servers on the Internet domains it is programmed to visit. Conficker has several ways of receiving instructions, so the bad guys have still been able to control PCs, but the sinkhole servers give researchers a good idea how many machines are infected.”

Read more of this story at Slashdot.

In what security experts are calling one of the biggest security breaches of all time, Microsoft on Monday confirmed that several thousand Windows Live Hotmail account usernames and passwords were leaked to the Web. The Redmond company says the breach was likely the result of an elaborate phishing campaign.

"We determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts," a Microsoft spokeswoman said in an email to Computerworld.

Neowin.net first reported the incident, claiming that "more than 10,000" credentials had been compromised. But the number could actually be much, much larger. Neowin.net said it only saw a partial list representing usernames starting with the letters "A" and "B." Dave Jevans, the chairman of the Anti-Phishing Working Group (APWG), surmises that the actual number could be over 100,000 accounts.

"A 0.5 percent rate, which is what 100,000 users would represent, isn’t unreasonable for 10 to 20 million users," Jevans said. "They wouldn’t have to spam every user to get that."

According to Microsoft, Hotmail stands at 400 million registered users strong, though the company didn’t say how many of those are active users.

Image Credit: serc.carleton.edu

Cyrus writes “DHS Secretary Janet Napolitano plans to hire 1,000 security experts over the next three years. ‘Department officials could not say precisely how many cyberexperts now work at DHS and its various component agencies such as the Secret Service and Immigration and Customs Enforcement. Napolitano said she doubts it will be necessary to fill all 1,000 of the authorized positions, but she is focused on making DHS a “world-class cyberorganization.”‘” Cringely points out, “There aren’t one thousand civilian cybersecurity experts in the entire friggin’ world!!!!,” except he uses all caps and bold.

Read more of this story at Slashdot.

This week on TreeHugger, a weird solar phone that’ll get you to stop upgrading, green robots that will be our overlords, cool augmented reality for cyclists, digital ants that swarm your computer, and more!

Biomimicry has been in the news a lot this week, but one of the top stories is security experts creating digital ants that will swarm on viruses and worms in order to protect your computer.

A handcrafted Lotus replica gets 100 miles to the gallon…on homemade biodiesel! Talk about DIYing it.

NTT DOCOMO has crafted some <a href=”http://www.treehugger.com/files/2009/09/ntt-docomo-introduces-cell-phones-made-of-waste-wood.php”beautiful cell phones made of waste wood. And one looks like a little bean.

A solar powered cell phone concept is aimed at getting us to quit upgrading every two years. But is it weird enough to work, or too wacky to make its point?

Not all solar concepts fall flat. Here are 13 solar concepts inspired by plants that we love.

Move over energy efficiency – the next step in TV labeling will be carbon footprints. Check out the world’s first carbon footprint-verified TV.

Li-Ion batteries are getting super strength with a new breakthrough – silicon nanotubes that boost their capacity by an order of magnitude.

Not all green robots are as cute as WALL-E. Check out some green robots that are destined to be our overlords.

Augmented reality on your…bike helmet? Maybe! This gadget geek put google maps on his head so he can navigate while cycling.

And one last solar gadget – a mailbox you can see from half a mile away. Making it easier on friends finding your house, or a beacon for baseball bats?

TreeHugger’s EcoModo column appears every Tuesday on Gizmodo.