Update October 6 at 11:25 a.m.: This was later discovered to be an industrywide problem that has affected users of Gmail and possibly other e-mail services as well. See more details here.
Thousands of Windows Live Hotmail passwords have been leaked online, Microsoft has confirmed. The news was first reported by Neowin.
According to Microsoft, it "learned that several thousand Windows Live Hotmail customers' credentials were exposed on a third-party site" at some point over the weekend. Neowin originally reported that the credentials were posted to a developer forum on Pastebin.com on October 1.
After learning of the breach, Microsoft "immediately requested that the credentials be removed and launched an investigation to determine the impact to customers," it wrote on its Windows Live blog.
The company was quick to point out that credentials were stolen through what was "likely a phishing scheme." The company said that it "was not a breach of internal Microsoft data." It's currently "working to help customers regain control of their accounts."
Microsoft did not immediately respond to CNET's request for comment.
Microsoft didn't say exactly how many accounts were affected, but Neowin reported that the original list displayed accounts with names starting with "A" and "B."
Twitter and other social networks are abuzz with people advising others to change their passwords. Microsoft wrote in the blog post that those who believe they were affected by the phishing scheme should immediately do just that.
Updated at 1:30 p.m. PDT to include Microsoft's confirmation of the breach.
Twitter's latest security hole has less to do with its users than it does with its staff, but lessons can be learned on both sides.
In the case of Jason Goldman, who is currently Twitter's director of product management, the simplicity of Yahoo's password recovery system was enough to let a hacker get in and gain information from a number of other sites, including access to other Twitter staff's personal accounts.
The aftermath of the hack, which took place in May, is just now coming to fruition. Documents that a hacker by the alias of Hacker Croll recovered from Goldman's account and others (including Twitter co-founder Evan Williams) could be a treasure trove of inside information about the company and its plans.
While Croll was planning to release the entire batch publicly (and at once), tech blog TechCrunch posted news late Tuesday that it had received them and was considering posting the details of at least some of them.
Although it seems that Twitter has been thrust into this situation a bit unfairly, a hack along these lines could have happened to the executives of more Web companies than anybody would like to admit. What it really highlights is the extreme interconnectedness of the social Web: with the likes of e-mail contact importing and data-portability services like Facebook Connect now commonplace, a savvy hacker can have access to multiple accounts simply by accessing one.
A post Wednesday on Twitter's official blog highlights just how far-reaching this can be.
"About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked," the post from co-founder Biz Stone read. "From the personal account, we believe the hacker was able to gain information which allowed access to this employee's Google Apps account which contained Docs, Calendars, and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company."
Following that attack, Twitter conducted a security audit, and Stone's post says that there was not a security vulnerability in Google Apps and that Twitter continues to use the suite internally. A separate hack targeted the account of CEO Evan Williams' wife, and from that some of Williams' personal accounts were accessed as well, Stone explained.
But Twitter is front and center in the news these days, and is now talked about as a communications protocol as much as a Web start-up. Not only does that make it a particularly appealing target, but also... Read more
Hot on the heels of Quietube, the YouTube enhancer we covered last week, reader Jason wrote in to let us know about a similar project he co-created named Theeter. Like Quietube it removes all the UI elements from a YouTube video and presents everything in a stark black or white background. It also throws in some nice features that advanced users will like, such as the option to change the color scheme or the aspect ratio, default to the HD or HQ stream, auto-play the video, and pick the precise time when it should start.
Additionally, Theeter has a bookmarklet that lets you create a Theeter page from any clip you're on. It also allows users to create a custom link to their creation that will bring along all the changes they made like the start time and UI color. The only difference is that instead of using a shortening service like TinyURL, Theeter's got one built-in, so you can create your own vanity URL within the Theeter domain.
These tools continue to add to the YouTube watching experience by simply reducing what's on the page. YouTube has made efforts of its own to cut down on the noise by compartmentalizing features into nested menu items and rolling out a "dimmer switch" on some long-form content, however it's not yet a part of all the videos on the service.
Theeter takes YouTube videos and makes them better-suited for sharing. You can pick both the color and the start time. It also lets you create a custom URL for the sake of vanity or easy remembering.
(Credit: CNET Networks)
If you often use the print story button just to get a Web article on one page, and without the hijinks that get you to mistakenly click on advertisements, Readability may be just what you're looking for. This small bookmarklet, which you simply drag up to your bookmarks toolbar to add to your browser, will re-format the page you're on to make it easier to read. It gets rid of layout, advertising, and any of the site's original navigation. In return, the story retains its links, photos, and any embedded content, letting you read freely and without distraction.
To customize the experience you can set the default font size, and layout style, which includes a quirky "terminal" view that puts creamy white text on a dark green background. You can also set the width from super wide to a narrow column view that looks and feels like a newspaper (something my boss would no doubt enjoy). All of this, however, must be done when first setting up the bookmarklet, so there's no option to change the text side and width from within the Readability view.
This tool reminds me quite a bit of PrintWhatYouLike, the service that lets you customize what page elements you want to print, even if the source site does not have its own print story function. It is, however noticeably faster about cutting out the page elements--it's almost instantaneous.
Update: If you liked Readability, you'll definitely enjoy TidyRead. It does the same exact things as Readability but lets you swap things like the font size, width, and style on the fly. It works in other languages, which as of now Readability manages to flub. It also lets you send simplified article pages to friends via a special re-direct page, just like this one.
(via Metafilter)
Readability : An Arc90 Lab Experiment from Arc90 on Vimeo.
If you had previously been using Videosurf's Greasemonkey script to preview videos from search engine results, the company has released a new Firefox add-on that does a bit more--and without the need for Greasemonkey.
Once installed in your browser, the add-on still lets you see previews of videos from search results on Google and Yahoo. However it now throws in video previews on FriendFeed pages, and adds a neat timeline view in YouTube that lets you skip to later parts of a video just like DVD chapter markers.
I had the Greasemonkey script installed on my machine last November, but recently turned it off. It directs links that would normally go to where the video is hosted to a special page on Videosurf where it has been re-embedded. This can be useful for some videos, but if you like reading comments and leaving ratings on the original video page it's adding an extra step to get there. Worth noting is that the Firefox iteration of this tool no longer does that.
With the extension installed you can skip to various parts of a video--as long as it's been indexed.
(Credit: Videosurf)
A Turkish court has sentenced Maksym Yastremski, the alleged "Maksik" hacker, to 30 years in prison for attacks he allegedly perpetrated on Turkish banks, according to reports.
Authorities believe Yastremski is also the mastermind behind the T.J. Maxx credit card theft debacle in 2007 and various other attacks around the United States. The 30-year prison sentence isn't punishment for any alleged attacks in the United States.
In other news, RocketLawyer, a company that provides free online legal information and forms, raised $2.09 million from information compiler LexisNexis, according to an SEC filing. RocketLawyer is now just $1 million away from its stated goal of raising $3.09 million, which it plans to use toward improving its infrastructure and expanding the service's reach.
iMergent, a company that provides e-commerce software for small businesses, announced on Friday that it will reduce its work force by 25 percent due to the impact the recession is having on the small to midsize enterprise market.
After the layoffs are complete, iMergent's will have a total staff count of 250, but its CEO, Steve Mihaylo, did say that it expects its operation and profit potential to remain constant through the first quarter of 2009.
Facebook's iPhone application has been updated to version 2.1, the company reported Friday. The social network says the update improves the app's stability and has corrected inaccurate time stamps for time zones around the world.
More importantly, sync time is much faster now, and Inbox loading has been enhanced to improve the overall experience. The update is available now, but it requires iPhone firmware version 2.2.
CNN anchor Rick Sanchez wasn't really high on crack this morning, and the reason his Twitter feed said so wasn't the phishing scam that's been going around--it was a lone hacker, the microblogging service said later on Monday.
"The issue with these 33 accounts is different from the Phishing scam aimed at Twitter users this weekend," a post on the Twitter blog explained. "These accounts were compromised by an individual who hacked into some of the tools our support team uses to help people do things like edit the e-mail address associated with their Twitter account when they can't remember or get stuck. We considered this a very serious breach of security and immediately took the support tools offline. We'll put them back only when they're safe and secure."
The same hacker was responsible for compromising a number of Twitter's most popular accounts, including those belonging to pop singer Britney Spears, media outlet Fox News, and President-elect Barack Obama.
Twitter has said, meanwhile, that the phishing scam--which used messages from Twitter friends to trick users into entering their user names and passwords into a bogus log-in screen--is under control. "Our on-call team was able to attend to the matter quickly and prevent too many people from being affected," Twitter's blog post read. "Our support team is definitely going to have a busy week because we reset a bunch of passwords just to be on the safe side."
Several readers have e-mailed me and asked for instructions on how to take their HD YouTube videos and embed them elsewhere. As I mentioned before, this isn't an officially sanctioned feature, and as such, the embed code you get on these video pages will still yield the lower-quality, non-widescreen clip.
Needless to say, this is completely unacceptable.
The good news is that you only need to make a few changes to the stock embed code get the job done. Here's what to do:
Step 1: Copy this code and paste it to wherever you intend to embed the video:
Step 2: Grab the direct link to your video. In case you've never done this before, it can be found to the right of the video player on YouTube or from your browser's address bar.
Step 3: Tweak the embed code. The finishing touch involves making a simple change to embed's URL source code to direct it to the HD version. To do this, you simply need to copy the alphanumeric gobbledygook at the end of the link you grabbed in step 2 and paste it into the part between /v/ and the & symbol in the embed code. For simplicity's sake I've labeled this "YOURVIDEOCODEHERE" in the embed code.
That's it--you're done, and all you had to do was use copy and paste twice! The end result is this:
Video search and identification tool VideoSurf has a new script for Greasemonkey users that lets you see VideoSurf-enhanced results on Google, Yahoo, and YouTube. If a result has been indexed by VideoSurf you'll see its timeline, along with links to each segment which skip you straight to that part of the video.
VideoSurf is advertising this as a way to see video results before you click on them, similar to some scripts and extensions that show you site thumbnails straight from search results or on-site links (like Snap). I found it to work particularly well on mainstream content, although videos that have not yet been processed by VideoSurf won't show up.
If you're a Greasemonkey user I'd say this is definitely worth a go. The same goes for any users who frequently click on videos in search results, only to be disappointed by what they end up being. VideoSurf's scene-by-scene analysis puts an end to any surprises.
Previously: VideoSurf demo nearly lives up to pre-show hype
VideoSurf's Greasemonkey extension puts scene-by-scene analysis in your search results--that is, as long as it's a mainstream piece of content.
(Credit: CNET Networks)
On Monday Joop Dorresteijn, contributing editor at The Next Web, unveiled a vulnerability in Google-owned feed tracking service Feedburner that lets anyone with some basic copy and paste skills and a Netvibes account pump up their blog subscriber numbers into the hundreds of thousands.
The "hack" is a two step affair, involving first tweaking an OPML file that lists your subscriptions, then subscribing to said feed in a simple feed-aggregation tool like Netvibes or My Yahoo. The data will then be fed through Feedburner's counters overnight, with the freshly increased numbers showing up the next morning.
Google is likely to fix the loophole by changing the way subscriptions are counted, either by tracking it on a per-service basis or using a more extensive security system that links up each subscription to a central account system. In the meantime the easiest way to spot blogs that have done this will likely be to keep an eye on abnormally large influxes of subscriptions within a 24-hour period.
You can see a video of how to do this with your own blog below, just keep in mind Google is likely to patch this shortly, although it has yet to acknowledge the vulnerability in the company's Feedburner product blog.
Feedburner hacked! from Boris Veldhuijzen van Zanten on Vimeo.
