But Twitter wasn’t the only site targeted. As CNET reports, Facebook, LiveJournal and Blogger were all subject to a distributed denial-of-service attack yesterday, apparently to silence “Cyxymu,” one blogger from Georgia (the country not the state). Twitter was the most noticeably affected, though Cyxymu’s LiveJournal page was unaccessible.

The Chief Security Officer at Facebook, Chris Kelly, confirmed the attack to CNET:

It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard. We’re actively investigating the source of the attacks, and we hope to be able to find out the individuals involved in the back end and to take action against them, if we can.

You have to ask who would benefit the most from doing this and think about what those people are doing and the disregard for the rest of the users and the Internet.

Google managed to keep its sites working just fine, and Facebook suffered from some periodic slowness, but was able to keep Cyxymu’s profile visible to other users in his area.

The attack was coordinated through spy- or malware. Infected computers were instructed to request hundreds of pages per second from the targeted sites. The attack is designed to overload the sites’ servers and/or make it impossible for real users to access the sites.

Read Write Web reports that all the other affected sites have recovered, but Twitter is still suffering. Twitter went down again this morning and continues to operate with intermittent slowdowns. Worse, third party Twitter apps are suffering even more because of mixed downtime messages.

Perhaps unrelated, Cyxymu was also the victim of a spam spoof this week, where spam emails were mocked up to look as though he’d sent them.

I think this shows surprising strength from several social websites. I’m not terribly surprised that Twitter proved to be the weakest—they were once notorious for downtime problems even without malicious attacks.

On the other hand, targeting one user across multiple sites with a complete DDoS attack seems 1.) overkill and 2.) sure to backfire. How much more publicity will Cyxymu get now? Aren’t you wondering what it is that he has to say that incited this attack? (And of course there’s also the insidious possibility that Cyxymu is behind the attack in a play for publicity.)

What do you think? Are you surprised Twitter has suffered the most? Do you want to know more about this Cyxymu person?

Comments

But in all seriousness, Facebook just sent out the following tweet which explains their downtime:

For those of you unfamilair with a denial-of-service attack, here’s the defintion from Wikipedia:

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.

It seems that the individuals behind the DoS attack were successful with their attack, as Facebook was pretty much useless for hours today. Even though Facebook says that the service is now restored, I’m still getting several error messages while doing common things (e.g. posting links, visiting fan pages, clicking photos… etc) Anyone else having any of these issues? Below you can see a few of the error messages I’ve received:

It’s unclear at this time when Facebook will be back to its normal, fully functioning, self… but we hope it’s soon.

::Don’t like the format – it’s about open media, new media so have it free flowing. The beginning started with a ‘hold your questions’ type admonition, which is not the way it shoulda been.::

PR people do need to reach out to the bloggers in their space – a unanimous decision – because bloggers are looking for various and different stories than traditional journalists. And, some can be more interested and be more passionate about the subject rather than the trade journalist.

If a blogger follows journalistic standards, then you can deal with them the same way. But, it’s about knowing the people, the relationships. Treat them with respect – it’s a golden rule.

There are distinctions on bloggers – from professionals to semi-pros to amateurs. And, it’s a difference in outreach also. There’s IM versus email versus Facebook walls versus Twitter versus commenting on blogs (I view that as comment SPAM, though).

About sharing the stories, the good, bad and the indifferent. Cross-pollinating the stories, to the point of online and offline engagement.

Should there be a new PR person, or can the traditional PR people learn. Do there need to be specialized teams, or can the traditional teams need to be trained.

PR is everyone at the company’s responsibility – if you are an employee, you are in PR for the company whenever you are engaged in the public. There is a team for media relations, but we all have responsibilities in the public perception of the company.

Rachel Luxemburg also wrote on the panel.

Comments

Tag:

GayGamers was bullied offline over the weekend by a series of denial-of-service attacks, reports Kotaku, coupled with threatening emails and forum hate speech.

Brian Crecente reports, "The site deleted the offensive messages, but the continued DOS attacks lead [sic] to the site’s host taking GayGamer down until the attacks could be permanently blocked. De Marco hopes to get the site operational by Monday, but is having problems getting a straight answer from their host, GoDaddy.Com."

See, the puns are nearly unavoidable.

And "FruitBrute," (sigh) the editor of GayGamer, adds, "You can’t keep a good gay gamer down, so we’ll be back before you know it, serving up all the sassy game content you can handle."

Indeed, the attacks were, in the end, unsuccessful, and the GayGamer is back in operation.

It is kind of sad that people have nothing better to do than harass the gay community online, who, especially if you’ve never heard of them until this article, kept to themselves in their own corner of the Web.

By the way, there’s a link on the website to a listing of the top 20 gay game characters of all time, and I have to say, I didn’t know, but should have realized that Don Flaminco of Mike Tyson’s Punch-Out for NES was total flamer.

Or, as FruitBrute puts it, "In my opinion Don really walks that fine line between gay and Vain Latin Metrosexual Eurotrash."

Couldn’t have said it better myself.

They are very easy to do and pretty hard to protect against, which is why they are so popular.

The only thing you can do to prevent such an attack is to block the response to the attackers. You have no control over the requests, so you have to catch the attacker as early as possible after the request has been received by the web server.

There are two challenges to blocking the attacks

• Identify the attackers
• Block the response only to the attackers

To catch the request as early as possible, an HttpModule is the right place.

It is executed before any page or any other handler so the impact on the server can be minimized.

This HttpModule monitors all requests and block requests coming from IP addresses that make many requests in a short period of time.

After a while the attacking IP address gets released from blocking.

The module is a high performance and lightweight protection from DoS attacks and very easy to implement.

Implementation

Download the DosAttackModule.cs file below and put it into the App_Code folder of your website. Then add the following lines to the web.config’s section:

<httpModules>

</httpModules>

Download

DosAttackModule.zip (1,13 KB)

Comments

Tag:

Add to Del.icio.us | Digg | Reddit | Furl

Bookmark WebProNews:

Mads Kristensen currently works as a Senior Developer at Traceworks located
in Copenhagen, Denmark. Mads graduated from Copenhagen Technical Academy with a multimedia degree in
2003, but has been a professional developer since 2000. His main focus is on ASP.NET but is responsible for Winforms, Windows- and
web services in his daily work as well. A true .NET developer with great passion for the simple solution.

http://www.madskristensen.dk/

Free and open source software (FOSS) developers had hoped the agreement would be favorable to the work they do, and keep Microsoft from potentially hammering them with lawsuits. Such a state of affairs would go some way toward healing the perpetually open rift between FOSS developers and the technology giant.

However, Growlaw has cited an opinion from the Software Freedom Law Center (SFLC) that Microsoft’s patent pledge is not all it seems:

If you want to use Microsoft patents, SFLC chief technology officer Bradley M. Kuhn contended in the statement to the FOSS community, prepare to be “an isolated, uncompensated, unimportant Free Software developer.”

Across the pond, a British attorney thinks some liability for a crippling DoS attack should be laid at the doorstep of ISPs. New Scientist Tech noted how the prospect of lawsuits flying like Peter Pan and Wendy to Neverland will be considered:

One immediate problem comes to mind. If a website is taken down through the crush of traffic from a link on Digg or Slashdot, sites both known for sending lots of people to a featured site, and the visitors had no malicious intent, could the site publishers sue the ISP over the downtime?

Privacy advocates will have a field day with the notion that ISPs should be actively inspecting every packet crossing their network.

—

Add to Del.icio.us | Digg | Reddit | Furl

Bookmark WebProNews:

David Utter is a staff writer for WebProNews covering technology and business.

• Novelist – very clean, sharp text on plain white, looks like a book. (3.7/5)
• Slashdot – looks like Slashdot, complete with green bars (and rounded corners) and “posted at” times. (4.5/5)
• DOS Box – looks like a DOS command prompt windows, complete with C:\YourName> prompt. (4.3/5)
• Windows XP – similar to XP’s folder grouping. (2.6/5)
• PHP – looks like PHP code in a text-based HTML editor. (3.9/5)
• A combo of Bubbles and Ping Pong themes. (2.8/5)
• Windows XP – dialog boxes in the XP style (3.6/5)
• Daring Fireball – based on the website, white text on a charcoal gray background. (3.6/5)
• mIRC – By Phillip, resembles an IRC chat window (I’m using it right now). (3.8/5)
• Windows 9X – Windows 98-era dialog boxes. (3.4/5)
• Shoop – sheep with dialog balloons on a blue background. (4.0/5) Page also includes several other decent themes.
• Star Wars – Star Wars font names, lightsaber seperations on a starry background. (3.5/5)
• Digg – Digg font style names and seperators. (3.7/5)

There are a lot of themes being posted all the time here. If you have a cool one, post a link here or shoot me an email.

Just so you know, if you want a high rating, make me a Windows Vista theme.

Add to | DiggThis | Yahoo! My Web

Technorati:

Nathan Weinberg writes the popular InsideGoogle blog, offering the latest news and insights about Google and search engines.

Visit the InsideGoogle blog.

Maybe the text message was developed by good-hearted but unskilled geeks to speed up that process of elation/rejection. Texting is abbreviated and lightning fast, and according to the “Textual Healing” team at AOL, there are rules to texting love notes.

T9 maker Tegic Communications and AOL Love & Sex Coach and author John Gray have teamed up to deliver a top-ten dos and don’ts list “to help ensure a successful union of texting and dating,” just in time for Made-Up-By-Marketers DayI mean Valentine’s Day.

The first annual T9 Texting Outlook Survey found that 60% of those who sent text messages have sent one to tell someone they love them or miss them. Meanwhile, 27 percent have sent a flirtatious or sexy text message and 26 percent have used cell phone text messaging to say “Happy Valentine’s Day.” Seven percent have even sent a text message to ask someone out on a date (but were probably turned down for lack of courage! This is romance, not robotics-sorry have to beat down the old man within me-get back you old coot!).

Here’s the Texting and Dating Top Ten Do’s & Don’ts:

DO reply to a text message in a timely manner. No one wants to press “send” only to be left waiting (and waiting) for a reply.

DON’T read too much into whether he or she has (or hasn’t!) signed off with X’s and O’s for kisses and hugs.
DO carefully consider the effect your text message is going to have on the reader. Send a note that will put a smile on her face, not leave her wondering why she gave you her number in the first place.

DON’T overuse emoticons, such as smileys, and text speak, and make sure the recipient knows what you mean. You don’t want to scare off a potential date who thinks you mean “lots of love” rather than “laugh out loud” when you type LOL.

DO wait until at least the third date before you engage in “textual relations” with a new love interest. Be sure sexy or intimate texts are well-received before firing off note after note.

DON’T assume he is awake and sober just because you are. If you receive an outlandish reply at 3 in the morning or no reply at all, wait 12 hours and try again.

DO flirt and send love letters via text. But be careful about sending texts that you wouldn’t want read by anyone other than the intended recipient.

DON’T read too much into failure to reply right away to your text message. However, if you’ve texted three times without a reply, it may be time to move on.

DO make sure you’re sending a text message to the right person in your phone book. Imagine the discomfort upon learning you’ve sent hot and steamy love notes to your grandmother.

DON’T be a bad speller. It makes less of an impact on the intended to learn that you want to “kips” rather than “kiss” them. “Sending a text is a great way to get to know someone better and to let them know you are thinking of them. Text messages are an informal and fun way of communicating,” said Dr. Gray.

Drag this to your Bookmarks.

Add to | DiggThis | Yahoo My Web

This article from E-Commerce Times relays the story of anti-spam software provider Mailshell getting in bed with bulk-emailer Lyris to make the distinction clearer. The partnership has gotten mixed results.

“If I were in the business, I wouldn’t send out a news release about how I’m going to start sending out better spam,” Basex President and Chief Analyst Jonathan Spira told the E-Commerce Times.

But Lyris Vice President of Product Development Robb Wilson doesn’t equate spam with permission-based mail, and says the customer doesn’t either.

In that spirit, EmailLabs has produced a top ten “must dos” for boosting email marketing results in 2006.

“Email marketing has clearly arrived as a key marketing and CRM strategy for most companies,” said Loren McDonald, vice president of marketing at EmailLabs. “But in 2006 those companies that don’t align the proper resources and technology to take their program to the next level will find their competitors leaving them behind in the ‘inbox’ of their customers and subscribers.”

Here is the barebones version of the list; the full-length version by Loren McDonald can be found here.

1. Get relevant — dive into personalization and segmentation.

The emails that resonate most, through use of personalized subject lines, offers, articles, products showcased, and follow-on emails based on recipient activity, will be the clear winners.

2. Resolve or minimize deliverability and rendering issues.

Marketers must send pre-campaign test messages to uncover delivery problems before sending their actual message to recipients and monitor results after each message to spot ISP blocking, filtering and being on anti-spam blacklists. They should test their email messages in different email clients (Outlook, Lotus Notes, AOL, and Web clients like Hotmail/MSN, Gmail and Yahoo!) and platforms (PC and Macintosh) and correct problems. Establish authenticity as an email sender by publishing SPF code in their DNS record.

3. Redesign email messages for the inbox and users who view them in the preview pane and block images.

In 2006 Yahoo! Mail and Hotmail will both add preview panes to their Web-based clients, adding to the significant usage of preview panes by Outlook and Lotus Notes users. Marketers should redesign email message templates to deliver maximum information in the top 2 to 4 inches, increase their creative use of HTML fonts and colors, while relying less on the use of images that may be blocked by ISPs or the recipient’s email client.

4. Optimize the beginning of the email relationship.

Marketers must engage new subscribers immediately with an organized program as the most significant decline in email performance comes after two months of recipients opting in to a list.

5. Get on the permission train.

While not required by the CAN-SPAM Act, permission-based email is becoming the acknowledged standard in the industry and companies that send unsolicited email can expect deliverability problems and greatly risk damaging their brand and losing customers.

6. Focus on metrics that matter.

Instead of worrying about open and click-through rates, companies need to focus more on the end goals and focus on tracking conversion rates, revenue per email, whether specific desired actions were taken, etc.

7. Take better care of long-term subscribers.

EmailLabs estimates that 30-50 percent of a company’s email list may be inactive. Marketers need to take multiple steps to wake up these dormant subscribers.

8. Maximize search with email.

Companies need to integrate their email programs with their search efforts by using an email offer as a secondary objective on landing pages and then use email to move subscribers along the sales lifecycle.

9. Test, test, test and improve.

Email marketers must test variables continuously, including format, design, copy style and calls to action, subject line approach and offers, personalization, content types or product categories and more.

10. Create an email marketing plan and align resources.

Marketers need to develop a plan that clearly demonstrates to management the value and ROI of a strategic and well-run email marketing program.

From a hardware point of view, it works perfectly. No issues whatsoever, so I’m a more than satisfied Dell customer.

I wish I could say the same about some of the software running on it, especially Norton Internet Security 2006 (NIS) for Windows.

I’ve been a user of Symantec’s Norton product line for at least six years (and from long before that, when Peter Norton first rolled out Norton Utilities for DOS in the early 80s). So Norton is a brand I like, respect and am willing to lay out hard cash for.

Yet NIS drives me nuts.

As a first line of defence product, NIS ought to be one that you can rely on with absolute confidence to just work. I’m not talking about what it does (ie, provide a protection layer on your PC, which it does very well) – I’m talking about how it works.

After experiencing some weird behaviour which I finally pinpointed NIS as the culprit, I ended up yesterday with a pretty unstable PC. Ok, my subsequent fiddling undoubtedly contributed to that state, especially a little bit of carelessness when editing the Windows registry

So I decided to simply start over. Zap the partition, create it again, reformat the drive, reinstall Windows XP and start afresh.

And guess what? A clean install, fresh as a daisy, nothing on the system except the OS, critically-updated and patched to the hilt. Then, when I installed NIS from scratch, I got the same issues I just had! Every time the PC restarts, it takes forever and I keep getting those system dialogs saying it’s waiting for such-and-such a program, click here to end now. In each case, the programs were something to do with NIS. Prime culprit: ccApp.exe, a component of Norton AntiVirus.

But it looks like I’ve now stopped all that. And I’m not wholly sure how.

I installed Norton Systemworks 2005 (I haven’t upgraded to the 2006 version). And I also turned off a switch, so to speak, in NIS itself relating to the Personal Firewall – unchecked the option “Learn unrecognized programs that access the internet.”

Did both or either of those actions fix the problem? I have no idea. All I know is the Win XP Event Viewer is no longer peppered with errors relating to NIS components and I haven’t encountered more issues when shutting down or restarting. So it looks like my little problem is resolved (fingers crossed).

But what a rigmarole!

The response from two friends today when I mentioned this to them – switch to a different product. Yes, but which? I’ve tried Zone Alarm Internet Security Suite. It’s good, I’m sure, but I just don’t like it (the free Zone Alarm firewall is very good, though, which I have running on my IBM laptop). I’ve considered some free apps such as AVG. Maybe I should try out the beta of Windows One Care Live.

But I’m not really that keen at the moment to keep trying out different things for something as fundamental as network security and anti-virus software. From the protection and peace of mind points of view, NIS works and does its job well. Plus I’ve already laid out the cash for it.

So I think I’ll just stick with my now-functional installation of NIS. For the time being at least. And not fiddle so much.

Now onto fixing Nokia Lifeblog issues with errors like this in the Event Viewer:

The description for Event ID ( 101 ) in Source ( NokiaLifeblog ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Error in Lifeblog.

Huh?

Neville Hobson is the author of the popular NevilleHobson.com blog which focuses on business communication and technology.

Neville is currentlly the VP of New Marketing at Crayon. Visit Neville Hobson’s blog: NevilleHobson.com.