Sunday, July 11, 2010

The Next Web

The Next Web

Link to The Next Web

Google tosses $100+ mm investment at Zynga. Social network rumors continue.

Posted: 10 Jul 2010 06:30 PM PDT

Well then, this is quite juicy.  According to some information over at TechCrunch, Google has apparently invested between $100 and 200 million in social gaming company Zynga.  Given the recent rumors about Google building a social network, the popularity of Zynga games and the somewhat-recent fallout between Zynga and Facebook, this could prove to be money well spent.

Apparently Zynga will be the single most important player in a new platform of Google Games, set to launch later this year.  Of course, you’d have to log in to play these games, and thus a network is born.

Of course, there’s a whole lot of conjecture going on here, but the pieces are all seeming to line up perfectly for Google to make a big push into social networking.

We’ve contacted Google for a comment, but don’t hold your breath.  The company typically does not comment on unannounced, upcoming projects.  We will, however, be crossing our fingers.

Original title and link for this post: Google tosses $100+ mm investment at Zynga. Social network rumors continue.

Canada to Americans: Come play with us and our big Twitter walls

Posted: 10 Jul 2010 03:01 PM PDT

The Canadian Tourism Commission has set up big (8′ x 10′) interactive Twitter walls outdoors in Los Angeles, Chicago and New York City in the hopes that Americans will see just how fun Canada is by the way people tweet about it. Whether your in one of these cities or not, if you’re an American (of the south of the Canadian border and north of the Mexican border kind), you can enter a contest for a free trip up north by following @keep_exploring, and replying to the account with your dream Canadian vacation. Here’s the promo video put together by the Canadian Tourism Commission:

Original title and link for this post: Canada to Americans: Come play with us and our big Twitter walls

Counter-Phishing a Phisher

Posted: 10 Jul 2010 10:44 AM PDT

Editors Note: I came upon this piece and thought it was a fascinating example of the tables being turned on someone attempting to scam someone out of their money via the act of phishing . Tal Raviv, the individual who decided to take the matter into his own hands, has kindly shared the story with us.

The emails begin with an email to Raviv from his friends mother’s email account. The phisher had managed to gain access to her account and  decided to send Raviv an email impersonating her requesting money…urgently.

From: Victim’s Email Account
Sun, Jul 4, 2010 at 7:24 AM

Hello

How are you doing? we had a visit to London (United Kingdom) unannounced some days back, Unfortunately we got mugged at gun point last two nights. All cash,Credit card and cellphones were stolen,It was so traumatic;Thank God we have our life and passport saved,we have been to the embassy they are not 100% helpful so i concluded that returning back home will be the best option.we also have limited means of getting out of here,as we have canceled our cards So i won't get a new card till i get back home.I really need your support & assistance as my flight leaves in few hours,but i have problems checking out of the Hotel,as i need to sort out some bills, Wondering if you could loan me some bucks to sort out the hotel bills and also take a cab to the airport,

i wait to hear from you

Kind Regards

[Name of Victim].

The victim was a mother of a friend. Not only was her email password hacked, but she was completely locked out of her own account. The scammers had also changed her backup ‘alternate’ email.

What would be the harm in responding gullibly?

Sun, Jul 4, 2010 at 10:22 AM
Oh no!!!!!!!! How can I help!? Can I send you money??

Sun, Jul 4, 2010 at 10:46 AM
Thanks for your quick response,at the moment am mentally unbalance as i can’t think straight,it was so traumatic,i will brief you in full as soon as i get home,i will appreciate you help me wire $1850 via westernunion asap so i can add up and sort my bills.don’t worry i will def refund it as soon as i get home.

this is all you need in sending the money via western union

Receivers Name: [Victim's Name]

Location: 3 King Street Cloisters, London, United Kingdom

i wait to hear from you

Kind Regards

The Goal

The goal was not to identify or prosecute the individual since that’s likely impossible. The goal was simply to get back the victim’s password.

Two Ideas

Idea #1

Assuming they use the same password on all accounts they hijack, give them another email account that’s an easy one to take control of and see what they change the password to.
This would not work with the way most free email providers manage security.

Idea #2

They’re after money, so put the “money” behind a page that requires them to verify their identity [as the victim] via an “authenticate with your id” type page, hence phishing them back.

The Bait

After about ten more emails of me asking to send even more money “How can $1850 be enough to return first class?” I decided the only way to get the new password from the scammer would be to create one of those “log in with your credentials” pages on and old domain I still owned.

I used an old domain, made the index page all about “getting money during travel” and “saving for the future”

I made a page at the URL:

www.*****.org/talsraviv/fund_request/emergency/

That looked similar to a “Sign in using your email credentials” page.

It had added details to make it seem more legit that there was money waiting on the other side.

Then, I responded:
Sun, Jul 4, 2010 at 12:24 PM

I am SO sorry this has taken so long.
They are saying it’s currently on hold or something so they won’t take my money. Something about the london branch has made it unoperational. I don’t understand and I think this is ludicrous.

Fortunately, my son reminded me that two years ago I created an emergency travel funds account on ———.org I can’t believe I didn’t think of it!!!!!

I just listed your email account as authorized to get money from it . . (it’s you and my five children who can access it in case of this situation.)

http://www.—————.org/talsraviv/fund_request/emergency/

and then use your email credentials to prove your identity and then it will give you the paypal code for redeeming the money.

There’s only $1500 there right now and you can take it out in $500 increments every 30 minutes I believe my son said.

I can’t wait to have you here safely!! What a story I’m sure you have to tell!

Tal
Success!

It took a lot of e-mail acting and coaxing the scammer, but it turned out the best motivation was to stop communicating with them until they simply became desperate and just went ahead and tried it.

The bait was taken at approximately 6pm

Turns out the culprit had caught on that he got phished, and changed the victim’s email password again. So we were too late there.

BUT – and this is quick thinking on my friend’s part – what about the backup account (from another provider) he had used as the primary account’s “alternate email” that he also used to correspond with me?

IT WORKED ON THE ALTERNATE ACCOUNT! Our criminal had forgotten to reset THAT password too.

Then my friend told the primary account to send the alternate account reset instructions, re-secured the victim’s email account, and completely shut out the scammer.

Conclusions

  • Is there an opportunity here to help other victims on a larger scale?
  • Phishing is way too easy. There’s got to be a way to make login pages unique to disrupt large-scale phishing attacks. I’m not going to dedicate too much thought here. Banks better already be on this since there’s far more at stake for them.
  • Was my self-defense phishing illegal?
  • Are the scammers that stupid?

Oh. And one more thing.

When phishing gets broken, you get interesting data. Like the password they used was the name of a Nigerian man – my friend found him on MySpace.

And you can see login records, which allow one to do this.

Original title and link for this post: Counter-Phishing a Phisher

Twitter implements more features; ignores its broken platform.

Posted: 10 Jul 2010 09:24 AM PDT

I read a little blurb on the Twitter Engineering Blog yesterday that got me thinking.  According to the blog, Twitter will stay its current course when it comes to tweet storing; that course being MySQL. In view of this, Twitter won’t be migrating to Apache Cassandra for tweet storage.

What struck me about the entry, though, was the last line of the 2nd paragraph:

Our analytics, operations and infrastructure teams are working on a system that uses cassandra for large-scale real time analytics for use both internally and externally.

Internal and external analytics.  Now there’s a nifty idea for the blue bird.  Of course, the monetization of those analytics is potentially huge.  With Twitter constantly pushing itself more toward business viability, it only makes sense to integrate features that will benefit the people who will use it.

So where’s the problem?  Let me tell you, in words that everyone will understand quite clearly:

Twitter is broken.  Until it is fixed, nothing else matters.

The adage ”Band-Aid on a broken arm” seems to come to mind when talking about Twitter’s latest ways of dealing with problems.  As it gains users and acquires business, it still can’t seem to go for a day without displaying a fail whale or having to throttle its services so heavily that it becomes almost unusable.

Now, let me be clear, I am not sitting here screaming that I know the answers.  However, that’s not my job.  If Twitter starts to pay me to come up with ideas to fix things, then I’ll spend some time doing just that.  For now, however, all I do is write about it.

Even at that, though, people unrelated to Twitter have come up with solid ideas about how the service could ease some of its overhead while bringing in more revenue.  It is, clearly, easier to assess situations when you’re not involved with them.  But it just seems to make sense that Twitter has to make some changes in order to acquire the viability that it wants to have.

In short, new features don’t matter.  I’d venture to say that the majority of Twitter users only care that they’re able to use the service as intended.  You can paint the Hindenberg any color you want, you can tout its features forever and it will still crash and burn.

Original title and link for this post: Twitter implements more features; ignores its broken platform.

The Next Web, Here you can watch The Next Web online. Recently it is the latest update serial play for the The Next Web.The Next Web is fully Eng Subbed, and avail in eng sub. Now it is availab le to watch online. you can watch The Next Web by the given links below, click on The Next Web Parts below to watch online. The Next Web Vidoe is source of Mega Video, Youtube etc, so you can watch The Next Web without any issue.

The Next Web Part 1

The Next Web Part 1

The Next Web Part 1

Tags: The Next Web, The Next Web watch online, full The Next Web video, The Next Web download, The Next Web torrent, free The Next Web, The Next Web megavideo, The Next Web full, The Next Web eng sub

0 comments: