Microsoft research is showing that there has been a spike in malware targeting Java vulnerabilities since the third quarter of 2011. Much of the activity has focused on vulnerabilities which are already patched. This suggests that attackers are hitting vulnerabilities that are in multiple versions of Java, rather than just one specific version. Jeong Wook Oh of Microsoft said that in Q3 and Q4 of 2012 two new vulnerabilities, CVE-2012-4681 and CVE-2012-5076, were found.
“But we didn’t observe any prevalence of Java malware abusing these newer vulnerabilities above malware abusing the older Java vulnerabilities, CVE-2012-0507 and CVE-2012-1723. The reason behind this might be that only Java 7 installations were vulnerable to CVE-2012-4681 and CVE-2012-5076, whereas CVE-2012-0507 and CVE-2012-1723 also target Java 6,” he said.
As there are still many users that use Java 6, the malware writers might have tried to target Java 6 installations by including older vulnerabilities in the exploit package. During 2012 there were two kinds of Java vulnerabilities one applied to both multiple versions of Java including Java 6 and 7, and the others only applies to Java 7.
“So when new vulnerabilities that are only applicable to Java 7 are discovered, the attacker’s strategy was usually to combine it with older vulnerabilities that cover more versions of Java. In that way, they could achieve more coverage than just using a single exploit in one package,” Oh said.
Of the four Java vulnerabilities from 2012 only one of which was a zero day vulnerablity. The other three flaws already had patches available when the malware targeting them appeared. The warning here is to install patches as soon as they come out.
Twitter, which announced Gaylor’s hiring in a tweet on Thursday, is expected to be the next big IPO to emerge from Silicon Valley. But executives have kept quiet about the company’s precise plans.
According to her LinkedIn profile, Gaylor led “technology execution efforts” at Morgan Stanley, including equity and debt securities issues, as managing director of mergers and acquisitions at its global technology group.
She has also advised on high-profile deals such as Amazon.com Inc’s purchase of Zappos and Google Inc’s acquisition of AdMob.
“Look forward to joining and focusing on M&A + strategy,” Gaylor tweeted on Thursday. “Pointed north … let the migration begin!”
Eagle-eyed Twitlio developer Jonathan Gottfried noticed the apparent confirmation of a Twitter app for Google Glass, having seen someone tweeting a picture from the source “Twitter for Glass” .
Is @mogroothmuddler beta testing an official Twitter for Glass app? Certainly looks like it. twitter.com/jonmarkgo/stat…
— Jonathan Gottfried (@jonmarkgo) April 29, 2013
According to Allthingsd, this leak is likely to be the real deal. Why? Because Twitter restricts the creation of apps with “Twitter” in the name, so it’s unlikely that someon has knocked up a fake application with the word “Twitter” in its name.
What’s more, the tweet in question came from @MogroothMuddler, an account that has since been deleted. However, this Twitter account has been traced back to a man called Shiv Ramamurthi, who works as an engineering manager at Twitter. If anyone was going to get their mitts on an early release of Twitter’s Google Glass application, it would be a Twitter engineer.
It’s unlikely that we’ll be seeing the release of Twitter for Google Glass any time soon, given that Google recently said that it is unlikely to release its spectacles until 2014.
However the leak does suggest that other software developers like Facebook and Instagram might be working on apps for Google’s eyewear.
Twitter said that it was unable to comment.
Facebook has to deal with a mass exodus of users who are no longer interested in giving up all their personal data so that they can be inundated with pictures of cute cats, conspiracy theories and US gun lobby propaganda.
While the company is expected to report that its revenues are up, it might also have to tell shareholders that its expansion in the US, UK and other major European countries has peaked. In the last month, the world’s largest social network has lost 6 million US visitors, a 4 per cent fall, according to analysis firm SocialBakers.
In the UK, 1.4m fewer users checked in last month, a fall of 4.5 per cent. In the last six months, Facebook has lost nearly 9million monthly visitors in the US and 2 million in the UK. It seems that these new users are not being replaced. Users are also switching off in Canada, Spain, France, Germany and Japan.
Like Catholicism, Facebook is being saved by growing fast in South America: monthly visitors in Brazil were up 6 per cent in the last month to 70 million.
Security outfit Trusteer has recently identified an active configuration of TorRAT targeting Twitter users. The malware launches a Man-in-the-Browser (MitB) attack through the browser of infected PCs, gaining access to the victim’s Twitter account to create malicious tweets.
Dana Tamir, Enterprise Security Director for Trusteer the malware, which has been used as a financial malware to gain access to user credentials and target their financial transactions, now has a new goal: to spread malware using the online social networking service. At this time the attack is targeting the Dutch market. But since Twitter is used by millions of users around the world, this type of attack can be used to target any market and any industry.
Tamir said that the attack is particularly difficult to defend against because it uses a new sophisticated approach to spear-phishing. Twitter users follow accounts that they trust. Because the malware creates malicious tweets and sends them through a compromised account of a trusted person or organization being followed, the tweets seem to be genuine. The fact that the tweets include shortened URLs is not concerning: Twitter limits the number of characters in a message, so followers expect to get interesting news bits in the form of a short text message followed by a shortened URL. However, a shortened URL can be used to disguises the underlying URL address, so that followers have no way of knowing if the link is suspicious.
The service, dubbed #music, uses tweets to cull the hottest new songs, groups and singers. It also focuses on musical artists and their music-related Twitter activity, letting users in on what groups or singers they follow and tweet about.
Twitter #Music can be accessed on the Web or used as an app for the iOS platform that is available for download from Apple’s App Store. Right now, the Web service is only available in the US, Canada, the UK, Ireland, Australia and New Zealand.
Twitter noted that it is looking to make the service available to more countries and to eventually make the app available on the Android platform.
“Twitter and music go great together,” wrote Stephen Philips, the founder of We Are Hunted, in a blog post. “Many of the most-followed accounts on Twitter are musicians, and half of all users follow at least one musician. This is why artists turn to Twitter first to connect with their fans — and why we wanted to find a way to surface songs people are tweeting about.”
This is a great move for Twitter, according to Zeus Kerravala, an analyst with ZK Research.
“This adds more value to the Twitter brand,” said Kerravala. “This is important to the future of Twitter as the company tries to expand into other content areas. It’s all about retaining eyeballs and that may be the most important metric for social companies.”
In the U.S., 27% of users’ time online is spent on forums and social networks, like Facebook, Twitter and Instagram, Experian said.
Experian included both desktop and mobile users in its study.
It found that the U.S. is a bit more fixated with social networks than Internet users in the United Kingdom, who spend 13 minutes of each hour on social nets, and Australians, who spend 14 minutes per hour.
U.S. social networking numbers have held fairly steady over the last few years. Experian reported that social media took up 30% of Americans’ time in 2011 and 27% last year.
Dan Olds, an analyst with The Gabriel Consulting Group, said he’s not surprised that people are spending so much time on Facebook, Google+ and Tumblr, despite the fact that there’s a treasure trove of information elsewhere online.
“Social networking is essentially flat year-to-year, which I think could be a signal that the social networking wave has crested and that the high growth days are gone, at least in the U.S.,” said Olds. “However, social networking is by far the biggest single task occupying people’s online time, which shows that social nets have become an integral part of people’s lives.”
Over the last several years, sites like Facebook and Twitter have gone from being largely used by people who want to post drunken party pictures or cute stories about their cats to sites where users debate politics, support each other during natural disasters and even gather support for political upheaval.
That kind of involvement has lifted the genre head and shoulders above other online activities.
Experian reported that 9 minutes out of the average hour online is spent on entertainment sites; 5 minutes go to online shopping; and about 3 minutes each go to business sites, email and news sites.
The report also noted that about 3 minutes out of an hour are spent on adult entertainment sites.
The Experian study is based on a survey of more than 50,000 mobile users and 10 million Internet users in the U.S. Everyone surveyed was 18 or older.
A new webpage, music.twitter.com, went live. With the Twitter bird logo and the hashtag #music, pressing the “Sign In” button takes you to a page that says it’s the Web version of the Trending Music App.
The page also asks if you will authorize Trending Music Web to use your account. However, the page, which is still under construction, doesn’t go anywhere.
And early Friday, Twitter announced that it has acquired We Are Hunted, a four-year-old music aggregation website that scans music blogs and social networks to continuously create a list of the 99 most popular new songs online.
We Are Hunted said Friday that it is shutting down but will continue to create services as part of the Twitter team. Executives behind the service would not say what they’re working on for Twitter.
“We wish we could say but we’re not yet ready to talk about it. You’ll hear more from us when we are,” the site said.
And on Thursday, Ryan Seacrest, host of American Idol and his own radio show, tweeted that he has been trying out Twitter’s new music app.
“Playing with @twitter’s new music app (yes it’s real!)…,” he tweeted. “Lovin the app…shows what artists are trending, also has up and coming artists… spinning u now @frankturner.”
We Are Hunted replied to Seacrest’s tweet, saying, “@RyanSeacrest so glad you’re enjoying it! Cc @twittermusic.”
Patrick Moorhead, an analyst with Moor Insights & Strategy, said Twitter could be making a big mistake with a music service or app.
“I think this is a horrible idea as this will undoubtedly start to clog up Twitter, adding superfluous music playing instances very few users care about,” he added. “Sure, a few demographics care what someone is listening to, but most don’t and consider it social garbage. This could very well turn other users off. Twitter needs to be very careful with this.”
However, Brian Blau, an analyst with Gartner Inc., said a Twitter music service could be a nice change from other streaming apps such as Pandora, Rhapsody and Spotify.
“While there are lots of services, it would be great to see Twitter get into the music business if they can provide some added value, such as to marry their real-time capabilities with music, have the capability for users to easily find new music from their Twitter followers, or to purchase songs directly from a twitter music app and then immediately share that with their own followers,” he said.
“Twitter content tends to be more public than say that on Facebook or other social networking services, so having that music-sharing capability with no issues around privacy could help artists reach more people,” Blau said. He added that it’s smart for Twitter to expand its business and revenue lines.
The company shot down speculation yet again today that it has a phone under wraps. Instead, the social network unveiled a home screen, along with a family of apps, for Android phones.
“There is no phone,” said Mark Zuckerberg, Facebook co-founder and CEO, taking on the latest rash of rumors at the company’s announcement today. “We are going to talk about how you’re going to be able to turn your Android phone into a great, simple social device.”
The Facebook-focused home screen, which will arrive first for smartphones and later on for tablets, has been dubbed Facebook Home. The launcher is designed to work with the apps you already have on your phone, along with Facebook’s new line of apps.
Home isn’t an operating system. It sits on top of the Android operating system, essentially as a user interface (UI) wrapper.
It’s scheduled to be available as a free download from the Google Play Store starting April 12.
“Facebook integration will be great for those who live on Facebook,” tweeted Michael Gartenberg, an analyst at Gartner Inc. “For those with lives *beyond* Facebook, not sure about the value proposition.”
Jack Gold, an analyst with J. Gold Associates, agrees, saying Home may really only be exciting to Facebook’s power users.
“I’m sure those who spend 90% of their time in Facebook will find it appealing. But I believe that is a small minority,” he added. “What Facebook sees as Home, others might see as a Jail – too much control and too many boundaries for them, especially if they are only occasional users of Facebook, which is the vast majority of people.”
The company announced that it will reach out to “several thousand” people through Twitter and its Google+ social network to take part in what Google is calling its Explorer project.
“A few weeks ago we revealed that we were seeking Explorers to help us shape the future of Glass,” the company said in a Google+ post. “To do that, we asked people across Google+ and Twitter to tell us what they would do#ifihadglass … There were so many creative, diverse, and (sometimes) crazy applications. We’ve certainly learned a lot through this whole process and it’s inspiring to hear how much passion there is for Glass.”
Google’s Glass, which is still in development, is a wearable computer. The computerized eyeglasses, which have a transparent display over the right lens, are designed to enable users to take photos, shoot video, search the Web, send email and share images and info across social networks. Glass can be controlled by voice, touch and gesture.
Last month, Google put out a call for volunteers to test Glass and to tell developers what they would do with them.
On Tuesday night, the Project Glass team contacted Shannon Rooney to ask her to become an official Explorer. Rooney said she would use Glass to travel to Japan and help her grandmother re-experience her homeland without leaving her house in the U.S. She wrote on Google+ that she doesn’t have many details yet.
Another explorer will be a woman who wants to use Glass at a Department of Veterans Affairs hospital to help veterans see their war memorials. A third explorer said he would use Glass to improve doctor-patient interaction for clinical trials.
Those selected will pay $1,500 for the glasses, plus travel expenses to attend a special “pick-up experience” in New York, San Francisco or Los Angeles.
Users can now access their archives in Danish, Filipino, Indonesian, Italian, Japanese, Portuguese, Russian, Simplified Chinese, Swedish, Thai, Turkish and Urdu, Twitter said in a press release.
Twitter introduced in December the ability for users to download an archive of their tweets and re-tweets going back to when they first started using the service. It said it was rolling out the feature slowly, starting with a small percentage of users whose language was set to English. It promised to make the archive feature available to all users around the world for all the languages it offers over the “coming weeks and months.”
In early March, the service had added support for 12 more languages, including Dutch, Farsi, Finnish, French, German, Hebrew, Hindi, Hungarian, Malay, Norwegian, Polish and Spanish.
With the Twitter archive, users can view tweets by month or search the archive for Twitter messages by words, phrases, hashtags or @usernames, the company said in December. “You can even engage with your old Tweets just as you would with current ones,” it added.
The option to download the Twitter archive can be activated from Settings on Twitter, which has a “Request Your Archive” option. Users receive an email with instructions on how to access their archive when it is ready for download.
In England, Twitter has come to the attention of MP George Galloway, who thinks it should defer to the wishes of local authorities or be sanctioned by the government.
Galloway is a Member of Parliament for Bradford West, has filed an early day motion called “Twitter and the detection of crime”.
These early day motions are formal things. It doesn’t flow well, so we’ve cut it down a bit.
“Twitter is now a very widely used mode of social networking; is a US-based enterprise whose primary motivation is to maximise its profits; Twitter is now used for a variety of criminal activities including sending malicious communications,” it says
“Twitter refuses to cooperate with the UK authorities in general and the police in particular in trying to detect the source of criminal communications ‘unless it is a matter of life and death’.”
These ‘life or death situations’ are “determined by Twitter”, it adds, and the social network doesn’t make it easy for the authorities.
“[This House] believes that this failure to cooperate with the detection of the sources of criminal behaviour is reprehensible,” it adds “and calls on the Government to impose sanctions on Twitter until it agrees to fully cooperate with the UK authorities and police in the detection of crime.”
Got that? In short, either Twitter coughs every time the police call, or it gets out of the country. To date there is only one signature on the motion and that is Galloway’s.
The Parliament website describes early day motions (EDMs) in rather unflattering terms.
“Although there is very little prospect of EDMs being debated, many attract a great deal of public interest and frequently receive media coverage,” it says, adding rather dismissively, “The majority will attract only one or two signatures.”
Media coverage and public interest are two things that attract Galloway. He infamously appeared live on television pretending to be a cat, and the clip is below. We warn you, it is excruciating to watch.
An early day motion would need “a large number of signatures” in order to be debated, adds the Parliament description.
Twitter has released new statistics detailing that the social network complied with government data requests 69% of the time in the U.S., as government requests for user information worldwide continue to rise.
The total number of information requests increased to 1,009 during the second half of 2012, up from 849 during the first half of the year, according to Twitter’s transparency report. Government requests for content removal also increased to 42 from just six.
“All signs suggest that these government inquiries will continue to climb into the foreseeable future,” Twitter said.
Copyright violation notices, on the other hand, fell slightly to 3,268 from 3,378 during 2012′s first six months.
At 815, more than 80% of all the user information requests during the second half of 2012 came from the U.S., up 20% from 679 during the first half of the year. Twitter complied with the requests 69% of the time, the company reported.
Of those requests, 60% came in the form of subpoenas, which generally do not require a judge’s sign-off and usually seek basic user information such as the email address associated with an account and IP logs, Twitter said.
Court orders, which must be signed by a judge, comprised 11% of the requests made in the U.S., the company reported.
Most user information requests are tied to criminal investigations or cases. Twitter’s policy is to notify users of requests for their account information unless the company is prohibited from doing so by law or in an emergency situation.
A French court has ordered Twitter to hand over any data that could help police identify users who posted racist and anti-Semitic tweets on its website.
The case, decided in the 17th Chamber of the Paris Criminal Court, stems from a complaint filed in October by the Union of French Jewish Students. The group acted after an increase in anti-Semitic remarks were posted to Twitter under the hashtag #agoodjew.
The student group wanted Twitter to remove the tweets and to adopt a new system for responding to hateful messages. “We ask Twitter to take responsibility,” UEJF president Jonathan Hayoun said prior to the ruling.
But the court’s decision went further, requiring Twitter to turn over any data that could identify those who posted the tweets. Twitter’s French site must also provide an easy way for users to flag tweets deemed illegal under French law, including racist and hateful messages.
Most of the #agoodjew tweets have since been removed by Twitter.
Hayoun called the court’s order an “historic decision.” “It reminds the victims of racism and anti-Semitism that they’re not alone, and that the French law that defends them must apply everywhere; there should be no exception for Twitter,” he said in a statement (in French).
But John Simpson, a consumer advocate with Consumer Watchdog, said Twitter should resist turning over the data to the extent that it can. “I fear, however, that under French law Twitter ultimately will have to release the information,” he said.
“Twitter can avail itself of appeals processes, but ultimately Twitter must obey the rule of law of sovereign nations, if they want to continue to operate in that country,” echoed analyst Scott Cleland, president at Precursor, a consultancy in McLean, Virginia.
Twitter did not immediately respond to a request for comment.
The service, called Vine, records six-second-long video clips, which can then be seamlessly embedded within tweets.
The foray into video marks the beginning of a new thread in Twitter’s development, which evolved from a simple SMS text-messaging service in its early days into a platform that now delivers multimedia content.
Privately held Twitter, which was founded in 2006 and is now expected by analysts to go public within two years, has spent the past year encouraging marketers to use its multimedia capabilities to deliver ads.
“Like Tweets, the brevity of videos on Vine (six seconds or less) inspires creativity,” Michael Sippey, a Twitter vice president, said on the company’s blog.
Twitter’s increasing emphasis on delivering video through its network has stirred speculation that it could eventually host longer content and grow into a bona fide media broadcaster.
The network has supported embedded YouTube videos since 2009, but for the first time, Twitter itself will host video content with Vine.
Thursday’s roll-out was the product of Twitter’s 2012 acquisition of Vine, then a three-person startup based in New York. Twitter has spent recent months integrating Vine’s video technology into its service, as well as launching Vine as an independent app for Apple’s iPhone.