RUN! Close down your browser, turn off your computer, do not pass “Go”, do not collect $200!

Why such panic? Because, if you ever see a pop-up similar to that above, it may not be as innocuous as the one created by the guys over at Dave Naylor’s blog. In fact, someone with half an ounce of tech savvy could

…make a Twitter ‘application’ and start sending tweets with it. Using the simple instructions below, it can be arranged so that if another Twitter user so much as sees one of these tweets – and they are logged in to Twitter – their account could be taken over.

Yikes!

Twitter confirmed that the exploit had been fixed, but apparently no one over at Twitter thought to contact Naylor’s team to learn exactly how they exploited the web interface, because even after the fix, they replicated it.

If you’re using a third-party application to send and read Tweets, you should be safe. Other advice includes:

• If you’re not logged in to Twitter, there’s no opportunity to steal your details or impersonate you, however malicious code could still send you to other websites or otherwise annoy you, so it doesn’t completely fix the problem.
• Unfollow anyone you don’t know or don’t trust that could be exploiting this. Who’s to say they’re not already stealing your details? If you don’t see their tweets they can’t harm you.

Let’s hope that Twitter gets a real fix in place soon.

Comments

Once Call Out has been integrated via the Open Voices APIs, users of the application will have access to international rates of a few pennies per minute. Anyone who has ever paid the going rate to telcos for international calls should find Call Out a pleasant change of pace.

Users have to pay for Call Out blocks of time, with the lowest bundle of call credits going for $5.  IN a few examples, callers can reach London for 2 cents/minute, Moscow for 1.5 cents/minute, and Sydney for 1.8 cents/minute.

Features for the Open Voices API appeared at AOL’s developer site:

This API allows any client application which supports the following industry standards to ‘just work’ with AOL Voice Services:

• RFC 3261 – Session Initiation Protocol
• RFC 2833 – RTP Payload for DTFM Digits, Telephony Tones and Telephony Signals
• RFC 4028 – Session Timers in SIP
• ITU-T E.164 – Formatted Telephone Numbers
• RFC 2617 – Basic and Digest Access Authentication

Though email and instant messaging help people accomplish a lot through communication, sometimes the best option for contacting a remote person and resolving an issue needs to happen by phone. At a low cost point, even modest reliability of developer applications for devices will be a significant gain for callers who have to foot the bill.

Nack, senior product manager for Adobe Photoshop, felt moved enough by the sturm und drang surrounding reports of his company’s products allegedly spying on Adobe customers to respond to the blogosphere drama.

Later, Nack blogged about the situation that Uneasy Silence noticed when Adobe CS3 pinged what looked like a non-routable IP address: 192.168.112.2O7.net:

According to Doug Miller from the Adobe.com team, “Omniture is Adobe’s web analytic vendor for Adobe.com. There are only 3 places we track things via Omniture anywhere in or around our products.”:

•  The welcome screens (these things) in some Adobe apps include a Flash SWF file that loads current news, special offers, etc. These requests hit Adobe.com servers and are logged, like regular browser-based traffic, by Omniture.

•  Adobe Bridge embeds both the Opera browser and the Flash Player, both of which can be used to load Adobe-hosted content. These requests are also logged.

•  Adobe apps can call various online resources (online help, user forums, etc.), and those requests are logged.

“This, as far as I’ve been able to discover, is the extent of the nefarious ‘spying’,” said Nack.

He also chided Valleywag, CenterNetworks, and Daring Fireball for throwing around “wild assertions” about the traffic to Omniture, especially with Adobe staff mostly off for the brief holiday. However, Nack did have a sense of humor about this, asking why no one had done a crude Photoshop to besmirch the company, too.

We’ll give Nack credit for responding to this on a slow day, but Adobe and Omniture also deserve a ding about the ear for the disguised IP address they use to connect to 2o7.net. There’s no way someone at Omniture came up with that clever little subdomain for any reason other that to try and deceive an admin watching network traffic into thinking it was an internal route.

]]> http://www.webpronews.com/adobe-bemused-by-spying-claims-2007-12/feed 2 http://www.webpronews.com/facebook-launches-self-translation-app-2007-12 http://www.webpronews.com/facebook-launches-self-translation-app-2007-12#comments Fri, 28 Dec 2007 14:29:43 +0000 Doug Caverly http://www.webpronews.com/?p=42947 In order to make Facebook available in many different languages, the company could have paid dozens of professional translators rather large fees.  Instead, in what we'll call an "accountant-approved alternative," Facebook has decided to involve its users and crowdsource the issue.