Friday, August 7, 2009

Twitter, Facebook attack targeted one user

August 6, 2009 4:32 PM PDT


A Georgian blogger with accounts on Twitter, Facebook, LiveJournal, and Google's Blogger and YouTube was targeted in a denial-of-service attack that led to the sitewide outage at Twitter and problems at the other sites on Thursday, according to a Facebook executive.

The blogger, who uses the account name "Cyxymu," (the name of a town in the Republic of Georgia) had accounts on all of the different sites that were attacked at the same time, Max Kelly, chief security officer at Facebook, told CNET News.

"It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard," Kelly said. "We're actively investigating the source of the attacks, and we hope to be able to find out the individuals involved in the back end and to take action against them, if we can."

Cyxymu LiveJournal account on cached version of Google.

(Credit: LiveJournal)

Kelly declined to speculate on who was behind the attack, but he said: "You have to ask who would benefit the most from doing this and think about what those people are doing and the disregard for the rest of the users and the Internet."

Twitter was down for several hours beginning early Thursday morning, and it suffered periodic slowness and time-outs throughout the day.

Cyxymu's LiveJournal page wasn't accessible, but a cached version showed that it was updated on Thursday with a message about the denial-of-service, or DoS, attacks on his accounts on the United States-based sites. "Now it's obvious it's a special attack against me and Georgians," said the message, in Russian.

The site also apologized for a spam e-mail attack in which the sender was spoofed and made to look like the e-mails were sent by him. Screenshots are shown. It's unclear whether or how the spam attack is related to the DoS attacks.

In the distributed denial-of-service (DDoS) attack on the sites, computers that have been compromised by viruses or other malware are instructed by the attacker's computer to visit the specific Web sites all at the same time and repeatedly. The barrage of connection requests overwhelms the target sites, making it so that legitimate Web traffic can't get through.

Such coordinated attacks require the efforts of tens of thousands or more of hijacked computers, which together form a botnet. Spammers send e-mails with malicious attachments or URLs to millions of people to create botnets. Criminals also can lease existing botnets for specific campaigns for as little as 5 cents to 10 cents per bot.

A Facebook representative dismissed a theory that the attack was triggered by a spam campaign in which e-mails had links to the sites. It's unlikely that there would be enough recipients--all clicking on the URLs at the same time--to bring a site down, he said. There was a spam campaign that directed people to Cyxymu's accounts, but it wasn't the cause of the DoS, he said.

"The people who are coordinating this attack, the criminals, are definitely determined and using a lot of resources," Kelly said. "If they're asking our infrastructure to generate hundreds of pages a second, that's a lot of pages our users can't see."

Facebook and Google were able to minimize any impact to their sites, including Blogger, YouTube, and Google Sites, a free Web site service. Facebook even managed to keep the Cyxymu account accessible to Web surfers from that region, Kelly said, though it was inaccessible to people in other geographic areas, including San Francisco.

This was the first coordinated attack on the sites, and all the companies involved were working closely on the investigation, he said. "My team and the teams that are working together at all these companies are doing a really good job very quickly, and I'm proud and happy," he said.

Twitter and LiveJournal did not immediately return e-mails and calls seeking comment.

A Google representative offered this statement: "We are aware that a handful of non-Google sites were impacted by a DoS attack this morning and are in contact with some affected companies to help investigate this attack. Google systems prevented substantive impact to our services."

Political conflicts between Russia and its former republic spilled online last year with DoS attacks and Web site defacements going in both directions.

For more information, listen to Larry Magid's podcast interview with Elinor Mills.

Updated at 7:39 p.m. PDT, with Facebook saying a spam campaign did not cause the DoS, and at 6:35 p.m., with information from Cyxymu's site, more about the spam attack, how DDoS attacks work, and background on the Russia-Georgia conflict.

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.

Mars Life Looks Increasingly Unlikely

Mars Life Looks Increasingly Unlikely

Shared via AddThis

Sunday, April 12, 2009

Worm infiltrates Twitter

A worm apparently infected Twitter on Saturday.

The worm may originate with the StalkDaily.com site, and Twitter warned people against visiting the site or linking to it.

"If you have been locked out of your acct due to the StalkDaily issue, pls do a p/w reset; we may have reset your p/w for safety," Twitter informed its users on Saturday afternoon.

Details about the worm itself were scarce, but the micro-blogging site was awash in the news by Saturday night. "StalkDaily Worm Runs," "#stalksdaily," and "Twitter hit by" were the No. 2, 3 and 5 top topics at that time.

According to a TechCrunch report, visiting the profile page of an infected user can lead to one's own profile getting infected. The worm also apparently sends spam tweets from the infected person's account that direct others to the StalkDaily site.

The worm apparently hit in the morning, according to Twitter, and then had a resurgence in the afternoon.

StalkDaily's site states that it has nothing to do with the attacks, according to TechCrunch. But that statement apparently is being taken with a grain of salt.

Saturday, April 11, 2009

What is guarana?

Other Names: Paullinia cupana, Brazilian cocoa

Guarana (pronounced gwa-ra-NAH) is a creeping shrub native to Venezuela and northern Brazil in the Amazon rain forest. The fruit are small, bright-red, and contains black seeds.

Guarana seeds are rich in caffeine and contain up to 4-8% caffeine, more than coffee beans, which contain approximately 1–2.5% caffeine. The seeds are also rich in tannins and xanthine alkaloids theophylline and theobromine.

Why do people use guarana?
GuaranĂ¡ is reputed to be a stimulant and increase mental alertness, fight fatigue, and increase stamina and physical endurance.

Guarana drinks and sodas are very popular in Brazil (where guarana is considered to be a health tonic), almost as popular as cola-based sodas. Sweet, carbonated guarana drinks include the popular brands GuaranĂ¡ Antarctica, GuaranĂ¡ Brahma, and Kuat (from Coca-Cola Company).

In North America, guarana has recently become a popular ingredient in energy drinks and teas.

Guarana is one of the richest sources of caffeine, containing up to three times the amount of caffeine as coffee. Unlike coffee, the amount of caffeine doesn't have to be listed on guarana drinks.

In addition to its stimulant properties, guarana is also a popular ingredient in herbal weight loss pills. Some evidence indicates that guarana may suppress appetite and increase fat-burning.

What research has been done on guarana?

An animal study examined the effect of 14 days of guarana supplementation on fat metabolism in sedentary and trained rats and found that the guarana's fat-burning effect is due to the caffeine content. Decaffeinated guarana extracts had no effect on lipid metabolism.

A Journal of Psychopharmacology study found that guarana improved memory, mood and alertness at low (37.5 mg, 75 mg) vs. higher (150 mg, 300 mg) doses. However, another study examined the long-term use of guarana, caffeine, or placebo on the cognition of 45 older individuals. There were no significant effects of guarana on cognition.

Safety
Guarana should not be used by people who are sensitive to caffeine or xanthines.

People with heart conditions, diabetes, high blood pressure, epilepsy, overactive thyroid, anxiety, insomnia, and kidney disease should only use guarana under the supervision of their doctor.

The safety of guarana in pregnant or nursing women has not been established. Since many doctors recommend limiting caffeine during pregnancy and nursing, guarana should be avoided because caffeine content differs from product to product and it isn't possible for consumers to accurately estimate how much caffeine they are consuming through guarana.

Guarana should not be taken with any products containing ephedra. Serious adverse effects have been reported with this combination. It may increase the risk of stroke, hemorrhage, myocardial infarction, and sudden death and has been associated with increases in heart rate, blood pressure, and potentially harmful changes in glucose and potassium levels.

A report published in the Journal of Herbal Pharmacotherapy described the case of a heart rhythm abnormality called premature ventricular contraction associated with two herbal supplements that both contained large doses of guarana.

Initial symptoms of guarana overdose include difficulty urinating, vomiting, and abdominal cramps and spasms. If you suspect a guarana overdose, seek medical attention immediately.

Common Forms
Guarana can be found in powder or pill form. It is an ingredient in energy drinks, sodas, and other beverages.

Drug interaction
Guarana has been found to decrease platelet aggregation and thromboxane synthesis, so it may increase the risk of bleeding when taken with aspirin, anticoagulants such as Warfarin (Coumadin®), and platelet inhibitors such as Ticlopidine (Ticlid®), Clopidogrel (Plavix®).

Guarana should not be combined with MAO-inhibitors, and may cause headaches.Sources

Baghkhani L and Jafari M. "Cardiovascular adverse reactions associated with Guarana: is there a causal effect?" Journal of Herbal Pharmacotherapy. 2.1 (2002):57-61.

Bydlowski SP et al. "A novel property of an aqueous guarana extract (Paullinia cupana): inhibition of platelet aggregation in vitro and in vivo." Brazilian Journal of Medical and Biological Research. 21.3 (1988):535-8.

Galduroz JC and Carlini EA. "The effects of long-term administration of guarana on the cognition of normal, elderly volunteers." Sao Paulo Medical Journal. 114.1 (1996):1073-8.

Lima WP et al. "Lipid metabolism in trained rats: effect of guarana (Paullinia cupana Mart.) supplementation." Clinical Nutrition. 24.6 (2005):1019-28.

Haskell CF et al. "A double-blind, placebo-controlled, multi-dose evaluation of the acute behavioural effects of guarana in humans." Journal of Psychopharmacology. 2006 Mar 13.

Nyska A et al. "Acute hemorrhagic myocardial necrosis and sudden death of rats exposed to a combination of ephedrine and caffeine." Toxicological Sciences. 83.2 (2005):388-96.

Thursday, April 9, 2009

Saturday, April 4, 2009

Facebook rolls out storage system to wrangle massive photo stores

Facebook rolls out storage system to wrangle massive photo stores

Posted using ShareThis

Friday, April 3, 2009

Should Obama Control the Internet?

Should President Obama have the power to shut down domestic Internet traffic during a state of emergency?

Senators John Rockefeller (D-W. Va.) and Olympia Snowe (R-Maine) think so. On Wednesday they introduced a bill to establish the Office of the National Cybersecurity Advisor—an arm of the executive branch that would have vast power to monitor and control Internet traffic to protect against threats to critical cyber infrastructure. That broad power is rattling some civil libertarians.

story continues below
story continued from above

The Cybersecurity Act of 2009 (PDF) gives the president the ability to "declare a cybersecurity emergency" and shut down or limit Internet traffic in any "critical" information network "in the interest of national security." The bill does not define a critical information network or a cybersecurity emergency. That definition would be left to the president.

The bill does not only add to the power of the president. It also grants the Secretary of Commerce "access to all relevant data concerning [critical] networks without regard to any provision of law, regulation, rule, or policy restricting such access." This means he or she can monitor or access any data on private or public networks without regard to privacy laws.

Rockefeller made cybersecurity one of his key issues as a member of the Senate intelligence committee, which he chaired until last year. He now heads the Committee on Commerce, Science and Transportation, which will take up this bill.

"We must protect our critical infrastructure at all costs—from our water to our electricity, to banking, traffic lights and electronic health records—the list goes on," Rockefeller said in a statement. Snowe echoed her colleague, saying, "if we fail to take swift action, we, regrettably, risk a cyber-Katrina."

But the wide powers outlined in the Rockefeller-Snowe legislation has at least one Internet advocacy group worried. "The cybersecurity threat is real," says Leslie Harris, head of the Center for Democracy and Technology (CDT), "but such a drastic federal intervention in private communications technology and networks could harm both security and privacy."

The bill could undermine the Electronic Communications Privacy Act (ECPA), says CDT senior counsel Greg Nojeim. That law, enacted in the mid '80s, requires law enforcement seek a warrant before tapping in to data transmissions between computers.

"It's an incredibly broad authority," Nojeim says, pointing out that existing privacy laws "could fall to this authority."

Jennifer Granick, civil liberties director at the Electronic Frontier Foundation, says that granting such power to the Commerce secretary could actually cause networks to be less safe. When one person can access all information on a network, "it makes it more vulnerable to intruders," Granick says. "You've basically established a path for the bad guys to skip down."

The bill's scope, she says, is "contrary to what the Constitution promises us." That's because of the impact it could have on Internet users' privacy rights: If the Commerce Department uncovers evidence of illegal activity when accessing "critical" networks, that information could be used against a potential defendant, even if the department never had the intent to find incriminating evidence. And this might violate the Constitutional protection against searches without cause.

"Once information is accessed, it can be used for whatever purpose, no matter the original reason for accessing something," Granick says. "Who's interested in this [bill]? Law enforcement and people in the security industry who want to ensure more government dollars go to them."

Nojeim, though, thinks it's possible the bill's powers could be trimmed as it moves through Congress. "We will be working with them to clarify just what is needed and how to accomplish that," he says. "We're hopeful that some of the very broad powers that the bill would confer won't be included."