AllFacebook InsideFacebook InsideMobileApps InsideSocialGames SocialTimes LostRemote TVNewser TVSpy AgencySpy PRNewser MediaJobsDaily UnBeige

Posts Tagged ‘Hack’

How Hackers Are Targeting Your Twitter Account [INFOGRAPHIC]

Can you guess how many of the top 10 Twitter users have been hacked? Or what the most common password was before Twitter had to ban it for security reasons?

On the internet, privacy and security are major concerns, and this telling infographic depicts just how rampant hacking – whether as a result of malicious software or human error – is on Twitter.
Read more

Mediabistro Course

Blogging

BloggingWork with a content strategist to discuss your brand, creative content, or business through blogging! Starting January 15, McLean Robins will teach you how to design, promote, and maintain a blog, develop an audience, integrate social media platforms, and build connections with your community with link sharing. Register now!

We Wuz Hacked

Timing is everything. My Samsung NC10 netbook had a massive fail yesterday, which left me unable to access this blog (or, indeed, the internet), and some charming individuals seized this opportunity to hack into Twittercism and add some rather nasty exploits.

I couldn’t get the blog or (more worrying) the admin panel to load at all. Wherever I went, I just got an error message.

Even better, Google decided to mark the domain as a malware risk, which obviously has some impact on traffic.

Fortunately, the exploit, which attempted to load a file from the website c8t.at, was fairly easy to track down, and I removed it manually via FTP.

If you’re a WordPress user impacted by this issue, I recommend two courses of action:

  1. Check your default-filters.php, default-widgets.php and pluggable.php files (all are located in the wp-includes folder), as well as the main index.php file in your theme. I had a single line of code at the very bottom of all of these files (which starts with <iframe... and linked to a file at c8t.at). Remove it (carefully), save and re-upload your file(s).
  2. Always make sure you upgrade to the latest version of WordPress. I was using WordPress 2.8.3, which is only a single upgrade behind the current version (2.8.4), but it was enough to allow others to have a sneaky in.

Despite Google’s concerns, the exploit never actually loaded. It simply presented an error message. So, if you happened to visit Twittercism during this period, don’t worry. Nothing bad happened. But the sites (c8t.at and c8t.ru) are known to Google and the warning was legitimate, if a little excitable.

Of course, I’m certainly not in bad company with my blog being hacked. But it’s a lesson learned. Always make sure your online security is top-notch, as the crap has a nasty habit of hitting the fan at exactly the wrong time.

HOWTO: Remove Mikeyy From Your Twitter Profile (UPDATED)

Mikeyy is a similar Twitter exploit to yesterday’s StalkDaily. It can be removed pretty easily if you are infected.

(To see if you are infected, check your profile timeline for Mikeyy-approving tweets you didn’t submit yourself. They should be pretty easy to spot.)

How To Remove Mikeyy

  1. Turn off Javascript in your browser. (This will be in settings or options – Google for more detail.)
  2. Close down any exernal Twitter clients (i.e., TweetDeck or Tweetie).
  3. In your Twitter settings page, delete anything suspicious that you did not add yourself. Check everywhere carefully, but it’s usually in the URL or location fields.
  4. Check that your profile design hasn’t been compromised. Some folk are saying their colours have been reset. (You will need to turn Javascript back on to edit your profile design. This is fine at this stage.)
  5. Consider resetting your password on Twitter. There is no evidence that these hacks are malicious enough to break into your Twitter account, but why take the risk? You may also like to clear your cookies and cache (which can be found in your browser’s settings).
  6. Once done, log back out of your account and then back in. If Twitter has locked your account, or does so in the future, you will have to ask for a password reset.

If your Javascript is still disabled in your browser you can now re-enable it.

Mikeyy is not being hidden in shortened URLs, but you may wish to avoid clicking on these from sources you do not absolutely trust in case the URL takes you to an infected profile or other varient of the exploit. Likewise, avoiding visiting user profiles on Twitter or within TweetDeck until Twitter has said with absolute certainty that the threat has passed. Monitor Twitter’s status page for updates.

UPDATE: There have been some reports that infected profiles are visible by rolling your mouse over their username on Twitter.com. If infected, code is sometimes visible after their username in the URL bar. This can help you to avoid infected profiles.

These tips will likely work for any similar exploits on Twitter. You should also take all necessary precautions to protect yourself in the future.

(Lynne Pope has more detail and additional steps you can take at her blog.)

APRIL 12 UPDATE: Twitter has commented on the steps they took and are taking to handle these exploits on their official blog. As of 2130 GMT, and judging by instances on Twitter search, Mikeyy seems to have been defused. Panic and hyperbole remains – help out Twitter by forwarding concerned users to this blog. Thank you. :)

APRIL 13 UPDATE: (1000 GMT) Mikeyy seems to have returned en masse (Twitter search), likely with a new strain. Twitter is once again addressing the situation. Meantime, you can take the steps above to remove Mikeyy if you are infected. Please share this post with all your friends on Twitter. Thank you. :)

APRIL 17 UPDATE: A new strain of Mikeyy returned to Twitter. The cure remains the same. :)