Friday, February 18, 2011

Twitter Vs. UberTwitter

If you are a Blackberry and Twitter user then you probably already know about the ban-hammer that Twitter hit UberTwitter with earlier today. The problem is that the official response wasn't very clear. Additional information was picked up by other blogs. But the damage was already done, people immediately felt that Twitter was killing it's competition in the mobile market.

It didn't help that #TwitterMobile was made a promoted trending topic, directing users where to download the official Twitter for Blackberry app. I'm sure this was done to help confused users get back on-line as quickly as possible, but scorned UberTwitter users saw this as additional evidence that Twitter was just trying to squash competitors.

The official reason for blocking UberTwitter is that they were violating the Twitter API policies. If this is truly the case then UberTwitter just needs to correct those violations. It also sounds like they've had nearly a year to correct some of these issues. It's not like Twitter didn't give them ample time.

But who are the users mad at? Twitter, not UberTwitter. The anger and frustration is understandable but misdirected. If Twitter is being honest about looking out for their customer base and simply enforcing the policies it makes everyone stick to, then why should they have to take the heat? They are doing what they have to do or risk being overrun by developers abusing the Twitter API and worse abusing Twitter data.

It's entirely possible that Twitter is doing all this to knock out a competitor, but that seems unlikely simply because it's only targeting a couple large clients, not all of them. Many Twitter clients are unaffected.

Hell, it may simply be Twitter enforcing it's copyright. UberTwitter has the word Twitter right in it. So this could all be resolved with a simple name change.

-----------------------
UPDATE: From @UberTwitter at approximately 3:24 PM CST, 02/18/2011

Interesting. This doesn't suggest a new download for users or anything. So what WAS the problem or will there be a new version of UberTwitter to come yet?

-----------------------
UPDATE 2: 2/19/2011

Well it seems that perhaps the name WAS the issue, as now UberTwitter is known as UberSocial. www.ubertwitter.com also redirects you to, www.ubersocial.com. So a new version of the software is now available for download as of 5:00PM CST. Additionally their Twitter account has been changed to: @UberSoc

Yesterday evening they posted these two posts:




This suggests not only was the name the issue but also a feature that UberTwitter had was deemed unacceptable to the Twitter team.

Friday, February 11, 2011

Passwords - Public Service Announcement


Ah passwords... Everyone hates them. They are a necessary evil in the world of computing and these days the world of computing is the world at large.

Mobile devices have made the Internet accessible from everywhere. Mark Zuckerberg says privacy is dead, but we still don't want other accessing our digital identities. After all, as I just mentioned, the digital/computing world is our world now. Stealing access to someones email or Facebook or Twitter is identity theft. It's not just about stealing credit card or social security numbers.

Stealing someones online identity may not have the same long term effects as stealing someones bank account info but the mental/emotional effects can be just as damaging, especially for the younger generations who live on the Internet. That is their way of life.

So strong passwords are a big deal. Yet they still suck. No one likes to use them. They don't want to have to remember them. So the passwords end up weak; too short, easy to crack. They don't change them often enough. They use the same password over and over again.

I'm not a hacker but what would I do to crack your password? First I'd try simple brute force. Many password cracking tools can break a weak password in seconds. Did you simply take a common word, found in any dictionary, and put a number on the end? Cracking programs can find that password very quickly.

Second thing I'd try is social engineering. I would email/call/txt you and try to convince you I'm a legitimate person from whatever service I'm trying to break into (Email, Facebook, Bank, etc.). Some of you might be smart enough to avoid this, but there are a lot who are not. This is a pretty effective way to steal a password and many hackers do this all the time. It's also called Phishing.

Oh and if you write down your passwords and keep them by your monitor I might call your coworker and try to social engineer them to find your password for me. Or if it's worth enough to me, pay off the cleaning person in your building to be looking/collecting passwords for me.

These first two give me your current password. If I'm lucky you use that same password on a lot of other sites too. That grants me greater access. I can collect data on you quickly, before you figure out what is going on and reset things. Really by the time you have figured it out, it'll be too late.

Third I'd try to break the password reset system on one of the sites you use. If I know your email address, I can try to break into your email. Most email systems now have a series of questions that you answer to authenticate you when you tell it you forgot your password. I can use Facebook and many other public data sources to figure out what your Elementary school was or your mom's maiden name.

This isn't as useful as having your password because I may not be able to get into your other systems, but if I can retain access to your email or maybe add a mail forwarder (when you get mail I can get a copy in my mailbox too) then I can use your account to collect additional info about you or use it to access other sites. Your email address is often used as your username in many systems.

So you are sitting there thinking one of three things:
  1. OMG! What do I do!?
  2. Yea right. You are just being paranoid.
  3. Yea, I know all this already and take steps to be careful.
Those of you in the #3 camp. If you have suggestions/corrections please add them to the comments.

Those in the #2 camp. Perhaps I am being a bit paranoid, but your are a perfect target. You don't think it'll happen to you so your guard is down.

Ah my scared little bunnies in camp #1. Don't worry all is not lost. You don't have to cut yourself off from the Internet. There are a number of things you can do to protect yourself.

  1. Never ever give your password to anyone over the phone (or in person). The only person I give my passwords to is my wife and she only gets a couple weak ones. You've probably been told this many times but it still rings true. It's also applicable to other info that you should keep secure, especially if it has anything to do with your bank or credit cards. Those are prime targets of organized crime these days.
  2. Change all your passwords. Don't use the same password every where. If one of your passwords is compromised, the damage is isolated. The online media-blog site Gawker had many of their users passwords compromised not long ago. Would you want to be one of the many who had to scramble and quickly change all the passwords of all the other sites where you might have used that same password.
  3. Use large complicated passwords. While some sites still have short maximum password lengths, take advantage of those who allow more characters. The more characters the longer it takes to brute force an attack. After while the hackers will move on to a different, easier target.
  4. Get a password manager. There are a number of good password managers out on the market now that can help you create and store all these complex passwords. The downside is that if it's compromised all your passwords are compromised. So make sure you have at least one really strong password that you can use for it. Many can be installed on your mobile device or are online, making them usable when not at your primary computer. A couple good ones are: LastPass and KeePass
  5. If you don't want to use a password manager use pass phrases instead of passwords. Use the spaces and punctuation. That'll make the password strong but easier for you to remember.
  6. Use a password card. These are a matrix of random characters that create passwords for you. The basic concept is rather than remembering the actual password you remember a simple one or two character/color combo. It can go in your wallet too so you always have your passwords available.
  7. Change your passwords often. Why you might ask? I change mine on a regular basis because if my password was compromised and I didn't know it, the hacker could be in my system for weeks/months and I'd have no idea.
  8. When setting up your password reset questions put in fake information. If your first car was a Chevy Camaro, put in Ford Mustang. Something you can easily remember but someone with information about your past would not figure out. As long as it's clearly not BS the password reset tools won't care. This works for credit cards and the like when you have to call in and give a passkey too.
A few don'ts, just to re-stress:
  • DON'T use passwords with words that can be found in the dictionary. They can be cracked quickly, even if you have a number at the end. Most cracking tools have that factored in and it won't slow them down.
  • DON'T write down your passwords and especially don't leave them taped or Post-it noted to your monitor or leave them under your keyboard.
  • DON'T give your password(s) out to anyone but your most trusted.
  • DON'T think you are immune.
I added that last don't because it's easy to believe, "Why would anyone want to hack my accounts?" Well they may not be targeting you directly. You may be right that you aren't really a prime target, but one on one attacks are probably unlikely unless you are a specific target. With the Gawker leak that I mentioned above, the site's username/password database was broken into. They didn't target you specifically but if you are on that list then you'd be a target.

So go update your passwords! It's more important than ever that you have good strong passwords. Your whole life, not just your digital one, could depend on it.

Related articles: Passwords Revisited

Tuesday, February 08, 2011

Déjà vu - I'm pretty sure I haven't written this before

...most people suffer a mild (i.e. non-pathological) epileptic episode regularly (e.g. a hypnagogic jerk, the sudden "jolt" that frequently, but not always, occurs just prior to falling asleep), it is conjectured that a similar (mild) neurological aberration occurs in the experience of déjà vu, resulting in an erroneous sensation of memory.
from: Wikipedia

This is very interesting to me because I've never realized that these two events are related or that my mild little jolts in bed were little epileptic episodes. I never really knew what they were. Nothing serious, just weird. Plus they don't happen that often. Neither does my déjà vu but that freaks me out every time.

The question remains...is it just a weird quirk of our brains or is there something else going on? Memory is pretty powerful so it's very conceivable that it can build these 'memories' for us. Just think about how vivid some dreams can be. I know mine are so vivid and realistic that I wonder if I'm peeking into parallel universes. I mean if not, my brain should be a movie director because my dreams are more entertaining that most of the drivel from Hollywood these days! Precognition seems unlikely to me as there are way too many variables to consider to look into the future.