Hackers launch attack on Facebook


Facebook has been working to clean up its site after its 200 million members were targeted by hackers. Facebook spokesperson Barry Schnitt wouldn’t comment on how many accounts had been hit but he did confirm it was blocking any that had been compromised.

The hackers used a common “phishing” scam to get hold of users’ passwords. After breaking in to people’s Facebook accounts they sent out emails to friends of members asking them to click on links to fake websites.

The sites are designed to look like legitimate pages from Facebook but have been set up and are controlled by the hackers. Then it’s a simple case of tricking users into handing over all sorts of details from passwords to e-mail addresses.

All of this is done with the overall aim of being able to provide lists of addresses which can then be targeted to help spread spam.

Read the full story on the BBC Newsbeat website.


Spam soars back up to 94% of all e-mail


Spam, the scourge of the inbox, has bounced back to the same horrific high levels as five months ago according to anti-spam company Postini, a division of Google.

Back in November last year, spam levels registered a dramatic drop when Internet backbone providers cut off McColo Corp., a California Web-hosting service used by steenkin’ spammers to coordinate e-mail attacks.

The McColo slapdown saw global spam traffic crash by about 70 percent, with Postini’s product marketing manager, Adam Swidler, commenting that it was, “By far… the most dramatic event we have ever seen.”

Sadly, it seems that the spammers have recovered and regrouped from that setback, with the average seven-day spam volume during the latter half of this month now at roughly the same levels as October of last year – in other words, 94 percent of all email that get sent is spammy rubbish.

Read the full story on the Digital Lifestyles website.

Why URL shorteners suck


Delicious founder Joshua Schachter says that URL shorteners like TinyURL are a bad idea, because they make the web more fragile, dependent on the shortener services as central points of failure. They also assist spammers, undermine googlejuice, and expose users to security vulnerabilities.

I agree – and I like Kottke’s suggestion: “With respect to Twitter, I would like to see two things happen: 1) That they automatically unshorten all URLs except when the 140 character limit is necessary in SMS messages. 2) In cases where shortening is necessary, Twitter should automatically use a shortener of their own.”

The transit’s main problem with these systems is that a link that used to be transparent is now opaque and requires a lookup operation.

“From my past experience with Delicious, I know that a huge proportion of shortened links are just a disguise for spam, so examining the expanded URL is a necessary step. The transit has to hit every shortened link to get at the underlying link and hope that it doesn’t get throttled. It also has to log and store every redirect it ever sees.”

Read the full story on the Boing Boing website.

Spam attack halts Virgin email


Tens of thousands of Virgin customers have spent four days cut off from, or with little access to, their email accounts after a suspected spam attack.

The problem affected a company which processes messages delivered through the Virgin.net platform.

All legitimate emails were held back when the “large” attack began on Tuesday evening so the spam could be removed, a Virgin Media spokesman said.

E-mails were gradually being delivered now the fault was cleared, he added, but access via webmail may take longer to restore.

Read the full story on the BBC News website.