Blog Archives

Why are you tagged in this video? It’s a viral Facebook scam , Please Avoid

Image representing Facebook as depicted in Cru...

Image via CrunchBase

Facebook users have been hit by another fast-spreading scam today, pretending to be a link to a YouTube video that they have been tagged in.

Facebook video scam

The scam messages use potential victims’ first names, claiming that they have been tagged in the “Youtube” video.

Phrases used in the attack include:

YO [name] why are you tagged in this video

WTF!! [name] why are you tagged in this video

hey [name] i cant believe youre tagged in this video

hey [name] you look so stupid in this video

omg! [name] why are you tagged in this vid

OMG [name] why are you in this video

Each “video” has a random number of views and likes, but the length of the movie always appears to be 2:34. Eagle-eyed Facebook users might realise something is awry when they see that the links refer to “Youtube” rather than the rather more accurate “YouTube”.

But if you do make the mistake of clicking on the video thumbnail you will be taken to a webpage which tries to trick you into cutting-and-pasting a malicious JavaScript code into your browser’s address bar (this appears to be one of the scammers’ favourite methods of attack at the moment).

You have to concede, it’s a cunning piece of social engineering by the bad guys. Wouldn’t you want to see a video that your Facebook friends say you have been tagged in?

If you’re a regular user of Facebook, make sure you join the Sophos page on Facebook to be kept informed of the latest security threats.

Source :- http://nakedsecurity.sophos.com

Lord Gaga video banned? Twitter rogue app spread by scammers

Lady GaGa

Image by ama_lia via Flickr

Scammers are seeding an attack against Twitter users, posing as a banned video of “Lord Gaga” in an attempt to compromise accounts.

Using a selection of newly created Twitter accounts, which have the names and avatars of young women, the tweeted-out messages all look similar:

#pssst Lord Gaga VIDEO BANNED -----> [LINK] #onethingiveneverdone #cnn

Lord Gaga banned video tweets

The mention of “Lord Gaga” refers to a running-joke on Twitter today, about what would happen if Harry Potter villain Lord Voldermort and Lady Gaga hooked up. The hashtags, which can vary, appear to be taken from Twitter’s trending topics in an attempt to reach a wider audience.

Interestingly, in the above screenshot all of the Twitter profiles used to seed the scam campaign have adopted the names of women beginning with the letter “B”: Bianca, Berenice, Betania, and so forth..

It has been no surprise while writing this article to find that the scammers have now run out of “B” names and have moved onto female names beginning with the letter “C”..

These aren’t your usual Twitter profiles, and as can be seen in the example below, appear to be newly created specifically for the purposes of spreading the link.

Twitter attack seeder

What makes the profiles even more suspicious is that the only messages they have tweeted out so far have all been to the same place – a fake YouTube site, which pretends to host the banned video.

Lord Gaga video

Twitter’s security team would be wise to shut down the bogus profiles as soon as possible, before the attack spreads further because rather than playing a music video, clicking on the player will attempt to trick users into giving a rogue application the rights to access their Twitter account.

Would you authorise this Twitter app?

An app called “money works new” hardly sounds like it would be connected to a music video, and you would be wise not to give it access to your account. But, as we’ve seen in the past, Twitter users can be tricked by such an attack into making poor decisions.

Indeed, even Lady Gaga herself appears to have recently fallen foul of such a scam on Twitter.

If you do make the mistake of authorizing the app, the scammers won’t waste any time posting the same message from your account – hoping to entrap more victims.

Rogue app victim on Twitter

If you were unfortunate enough to grant a rogue applications access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Connections and revoking the offending app’s rights.

Revoke app on Twitter

Don’t make it easy for scammers to make money in this way, and always exercise caution about which third party apps you allow to connect with your social networking accounts.

If you’re on Twitter and want to learn more about threats, be sure to follow Naked Security’s team of writers.

Source :- http://nakedsecurity.sophos.com

Google Dissolves Search Group Internally, Now Called “Knowledge”

Image representing Google as depicted in Crunc...

Image via CrunchBase

Google has seven major product groups. Advertising, Commerce & Local, Mobile (Android), Social, Chrome, YouTube and Search. Search is, of course, Google’s first and most important product. But that group actually no longer exists internally. As of April, when Larry Page took over as CEO of the company, the search group was renamed the “knowledge group” internally.

Google confirms the change. And, they point out, it was actually publicly announced in an SEC filing made on April 11. Nobody seems to have noticed that someone was named the SVP of a Google product group that previously hadn’t existed.

Why the change? That’s a longer story.

Leadership of Google search, like most other Google products, was previously split between Marissa Mayer as product lead and Udi Manber as engineering lead. Late last year Mayer moved over to run Local. Alan Eustace now runs the group, and Manber reports to him. There’s a single leader of the group, and he reports to Page.

Page, say our sources, has for a long while been thinking of search as much more than Google’s original mission to “organize the world‘s information and make it universally accessible and useful.” His goal is about more than organizing that information, though. It’s also about enhancing people’s understanding and facilitating the creation of knowledge.

The problem is, “search” still means “search.” And as Google has expanded that product over the years, first bringing in results from Google’s vertical search engines via Universal Search in 2007, and later via Google Squared, which structures information on the Internet.

And there have been other experiments as well. Google Base, for example, as well as Google Knol.

In fact, look back at this 2007 Google blog post about Knol, where Manber says “The challenge posed to us by Larry, Sergey and Eric was to find a way to help people share their knowledge. This is our main goal.”

These product efforts have generally been led by Manber in the past. And they remain in the search/knowledge group today.

Here’s how Google currently views the group. Remember that previously they split it up between Mayer (product) and Manber (engineering). But today Eustace is the overall lead. Manber reports to Eustace and focuses on finding ways to improve the knowledge out there and to encourage more high quality content creation, whether it’s on Google’s servers (Knol) or not.

Amit Singhal, Manber’s peer, focuses on the more traditional goals of search, such as the recent algorithm changes called Panda targeting content farms.

One way of thinking of this, says a source with knowledge of the group, is this. Singhal does the weeding (removing and pushing down low quality content in search), and Manber is focused on the seeding (encouraging “good stuff” to grow).

This isn’t supposed to be information that helps outsiders understand how Google operates, which is probably why Google made the SEC statement in as few words as possible and didn’t publicize it at all. Instead, it’s to make sure that the team inside Google understands that they aren’t just working on search. It’s not just about organization, it’s about enhancement of knowledge.

Other than confirming the creation of the Knowledge group to supplant the Search group, Google won’t comment on the personnel changes or the subtle shifts in strategy. For now, says one source, all Google wants to do is align everyone internally. When, and if, Google talks about this more publicly is a mystery.

Source :- http://techcrunch.com

Facebook comment-jacking? OMG! I Can’t believe JUSTIN Bieber did THIS to a girl

It’s starting to seem like Facebook can’t win against those who wish to use their service to scam, spam and simply cause trouble. Over the last day or so, a new type of attack has been spreading using the phrase “OMG! I Can’t believe JUSTIN Bieber did THIS to a girl”.

It leads to a page asking you to verify a simple math problem to “prevent bots from slowing down the site”. In actuality, it is another clickjack-type scheme in which you are asked to type the answer into a box.

Comment-jack security check

It doesn’t matter what you type, because it’s a social engineering trick. What you are actually typing is a comment that is used to share the link with your friends on Facebook. You can see the tooltip that says “Add a Comment” in the screenshot.

This bypasses Facebook’s recent attempt at detecting likejacking fraud. Links you comment on are not using the same mechanisms that Facebook is monitoring when you click “Like”.

Many moons ago, the first Facebook attacks started with illegitimate applications asking for permission to access your wall and spread their messages by spamming your friends through wall posts. While this worked well, it was a bit easy for Facebook to track down and remove the bogus apps.

Early in 2010 we saw the first attempts at likejacking. This technique involves layering one image over the top of a Like button and tricking the victim into clicking something that appears to play a video or a continue button, when in fact they are clicking the Like button hidden underneath.

Facebook Bieber scam wall post

More recently we have seen the attackers trying lots of new techniques. In the past few months we have seen them tagging people in photos they are not in to get you to click, inviting people to fake events and even making you an administrator of a Facebook page that isn’t yours.

While protecting yourself may not be as simple as not clicking anything that says “OMG!” that isn’t a bad start. Be skeptical, understand that messages from your friends may not in fact have been sent to you willingly, and if you are really tempted to click, take a short timeout to conduct a Google/Bing search.

As of the time of this writing some of the YouTube videos this scam leads to have been removed by YouTube. However, one video that is still working has over 525,000,000 views since February and thousands of comments in the last 24 hours — in other words, since this Facebook scam has been making the rounds.

To stay up to date on the latest threats, follow us on Facebook. For advice on how to configure your profile to protect your privacy check out This recommendations for Facebook settings.

Source :- http://nakedsecurity.sophos.com

Banned Lady Gaga video attack spreads on Twitter via rogue app

Watch out for tweets about a banned Lady Gaga video, currently spreading across the Twitter network.

The tweets are being posted by rogue applications, that users are allowing to access their profiles in the belief that they will get to view a prohibited video of Lady Gaga

Tweet promoting banned Lady Gaga video

VIDEO PROHIBIDO LADY GAGA banned [LINK] @shakira @ladygaga como ganar dinero facil

(Please note that the precise wording can vary)

If you make the mistake of clicking on the link you are taken to a fake YouTube webpage.

Fake YouTube page

Of course, you believe that you’re going to watch a banned video of Lady Gaga so you might very well click on the play button.

Doing so, however, asks you to grant permission to a third party app which wants to connect with your Twitter account.

Rogue Twitter application

Don’t, whatever you do, give it permission to continue. Because if you do, your account can now be accessed by third parties – who will be able to post messages in your name to all of your followers.

Hopefully the fact that the messages we have seen so far have all been in Spanish may reduce the impact of this particular attack.

Interestingly, it seems that Lady Gaga herself has been having trouble with these Twitter hackers.

The eccentric songstress, who has more followers on Twitter than anyone else in the world, posted a message yesterday saying:

Whoever is hacking my Twitter must answer to 10 million monsters and Twitter police. #Don'tMakeMeCallTheApostles

Lady Gaga@ladygaga
Lady Gaga

Whoever is hacking my Twitter must answer to 10 million monsters and Twitter police. #Don‘tMakeMeCallTheApostles

Although the singer quickly deleted the rogue tweets that had upset her so much from her page, I was able to discover them cached elsewhere on the net:

TAROT de shakira [LINK] clarividente de @shakira #horoscopo ganar dinero navegando

and

VIDEO PROHIBIDO LADY GAGA @ladygaga [LINK] ganar dinero navegando

The bit.ly links used in the messages posted to Lady Gaga’s Twitter page linked to the same fake YouTube page, and were created by the same person who appears to be behind the rogue application attack.

Lady GagaIs it possible that Lady Gaga, or the staff who manage her Twitter account, fell for the scam themselves? And that’s why the rogue message appeared on Lady Gaga’s Twitter page?

Lady Gaga has over 9.6 million followers on Twitter, making her the most popular person on the network (yes, beating even Justin Bieber..) and a prize goal for any scammer who wants their scammy spammy links to be spread to as wide an audience as possible.

If you were unfortunate enough to grant a rogue applications access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Connections and revoking the offending app’s rights.

Don’t make it easy for scammers to make money in this way, and always exercise caution about which third party apps you allow to connect with your social networking accounts.

If you’re on Twitter and want to learn more about threats, be sure to follow Naked Security’s team of writers.

Source :- http://nakedsecurity.sophos.com

Royal Wedding Chatter Amps Up on Facebook, Twitter [STATS]

One hardly need look at the numbers to know that talk of the Royal Wedding is accelerating rapidly ahead of the April 29 event. The numbers are nevertheless enlightening, especially in light of where and among whom conversations about the Royal Wedding are occurring.

News stories (as indexed by Bing) are up nearly sevenfold to 7 million per day since the beginning of the month. Blog posts have more than doubled from 46.7 million on April 5 to 102.9 million, according to data obtained from Trendrr.

According to Nielsen, the Royal Wedding has made up more than 0.3% of all news coverage in the U.S. since the engagement was announced. YouTube videos tagged with top Royal Wedding-related keywords (Royal Wedding, Kate Middleton, etc.) have grown more than 10 times from 37.5k per day to 460k per day.

Perhaps the most amusing is the rise in Royal Wedding-related eBay auctions, up from 7,435 in mid-February to more than 400,000 this week.

Just as with the U.S. media, more of the American public is talking about the Royal Wedding than their U.K. counterparts. 40% of Royal Wedding-related, English language tweets originate from the U.S., followed by the UK (31%), Canada (8%), Australia (6%), Indonesia (4%) and India (3%), Trendrr finds.

Interestingly, on a per capita basis, most tweets are originating from small American towns, such as New Haven, CT; Lubbock, TX; and Tulsa, OK, rather than big cities.

Overall, tweets about the Royal Wedding have quadrupled since the beginning of the month, averaging nearly 5,000 per hour over the last week and accelerating quickly in recent days. Sentiment has been mixed; 46% of tweets are positive, 43% are neutral and 12% are negative.

A Trendrr spokesperson says that the data has been difficult to track because of the volume and range of topics related to the wedding. The data doesn’t include, for instance, mentions of Kate’s ring, because tweets with the keywords “#Kate” and “ring” don’t necessarily refer to Kate Middleton. Including them would “spoil the data pools,” he said, meaning that actual discussion related to the event is undoubtedly much greater.

Thumbnail courtesy of Flickr, The British Monarchy

Source  -: http://mashable.com

Google Offers Easier Way to Transfer Video From Google Video to YouTube

Google’s listening. After notifying the world last week that Google Video was shutting down with no videos viewable after April 29, and giving users until May 13 to download them before they would be removed, Google’s backed away from that.

Numerous voices spoke out, asking why Google couldn’t create a quick way to transfer videos from Google Video to another of its video services, YouTube. Good news: The company’s done just that.

Besides eliminating that ominous April 29 deadline, Google says it’s “working to automatically migrate your Google Videos to YouTube.” In the meantime, Google’s added an “Upload Videos to YouTube” option, making it easy to send videos from a Google Video account to an associated YouTube account.

Here are the details from Google, posted on Google’s Webmaster Central blog on Friday and sent out to all Google video users early on April 23:

Dear Google Video User,
Last week we sent an email letting you know we would be ending playbacks of Google Videos on April 29 and providing instructions on how to download videos currently hosted on the platform. Since then we’ve received feedback from you about making the migration off of Google Video easier. We work every day to make sure you have a great user experience and should have done better. Based on your feedback, here’s what we’re doing to fix things.
Google Video users can rest assured that they won’t be losing any of their content and we are eliminating the April 29 deadline. We will be working to automatically migrate your Google Videos to YouTube. In the meantime, your videos hosted on Google Video will remain accessible on the web and existing links to Google Videos will remain accessible. If you want to migrate to YouTube now, here’s how you do it:
We’ve created an “Upload Videos to YouTube” option on the Google Video status page. To do this, you’ll need to have a YouTube account associated with your Google Video account (you can create one here). Before doing this you should read YouTube’s Terms of Use and Copyright Policies. If you choose this option, we’ll do our best to ensure your existing Google Video links continue to function.

If you’d prefer to download your videos from Google Video, that option is still available.
As we said nearly two years ago, the team is now focused on tackling the tough challenge of video search. We want to thank the millions of people around the world who have taken the time to create and share videos on Google Video. We hope today’s improvements will help ease your transition to another video hosting service.
Thank you for being a Google Video user.
Sincerely,
Mark Dochtermann Google Video Team

It’s great to see Google taking action on this, but we’re wondering why the company didn’t offer this option in the first place.

Source -: Mashable Blog

Google Video shuts down

Google has decided to shut down its video service and has reminded all its users to download their videos before May 13th after which all videos would be unavailable.

Google has further added April 29th, the videos will no longer be available for viewing on the site. However, the downloading function will be available for few weeks after that. Google had stopped adding videos on this site two years ago but they still haven’t transferred these videos to Youtube or Picassa.

Although in the mail to the users of Google videos, it advised them to move their videos to Youtube but the site does not provide for this option. Thus the users have to follow the entire downloading from Google videos and then uploading it to Youtube on their own. Many users feel that it is a very odd move as Google should have created a way where they could automatically transfer their videos to other sites like You tube.

Source : http://www.clickindia.com/news/2011/04/19/google-video-shuts-down/

Google to Revamp YouTube with Original Content Google to Revamp YouTube with Original Content

Image representing YouTube as depicted in Crun...

Image via CrunchBase

Pumps in $100 million for 20 channels hosting original content

The king of streaming video, YouTube, has made a success story out of hosting user generated content; stealing eyeballs off television networks, thanks to a user base that’s warmed up to the freedom of content that comes directly from the source and without the meddling of any TV network or production houses. According to a Wall Street Journal report, Google wants to bite into the broadcast TV model by hosting around 20 channels showcasing several hours of professionally produced original programming per week. YouTube got a cool $100 million from Google to implement the original programming.

The streaming website will be competing with traditional TV networks with its own model of original content, which is a daunting proposition considering the quality of professionally produced network content. The question is – will the average user, who fires up YouTube expecting memetic videos uploaded by random users, want to see YouTube’s version of network programming?

Source -: http://www.techtree.com/India/News/Google_to_Revamp_YouTube_with_Original_Content/551-115037-643.html

Chrome’s new “Speak to Search” option

Google chrome earlier had developed a software that allowed the users to talk to the browser via HTML5 code. Now, a team has come up with an extension of this software that allows this software to be used in search boxes across the web.

The extension, called “Speechify”, was developed by the Dugley Labs. Now many of the search engines display a small microphone icon right next to their search boxes. This icon when clicked allows users to “speak” what u wanted to search. Google, Bing, Youtube, Hulu are some of the sites that support this.

It is working pretty well as of now and returns exact searches for songs or sites or videos. Though there are minor hitches and glitches, like in some sites the microphone feature doesn’t work although it shows and in others it is shown at weird places like the title bar but it still works. But it works the best with Google and the Instant as it allows the users to search without using the keyboard.

This kind of feature has been used in mobiles before but to see it work on the web is interesting. As of now Chrome 11 beta supports it bu tit is expected to soon move to other builds too.

%d bloggers like this: