It began: “Yahoos: A lot has happened since I last talked to you.”

You can say that again!

Yesterday, Yahoo CEO Scott Thompson sent out an email to the troops in what appears to be an attempt to soothe the company, which has been under a lot of stress, including more high-level exec departures, board changes and more. More importantly, the Silicon Valley Internet giant is nervously waiting for a restructuring expected to hit within weeks, and also has been unnnerved by Thompson’s aggressive legal attack on one of its key partners, social networking site Facebook.

Unfortunately, the memo didn’t say much, except vaguely but definitively referencing that even more tumult was coming.

After noting that he had been making a “deep dive” into the company after getting there at the beginning of the year, Thompson said that he was focused on “what makes Yahoo special and what doesn’t work.”

The plan then? To get the company to be “aggressive and lean forward,” because “real change is coming.”

Rut-roh.

(In a related move, but not noted in the memo — which several sources said was linked to all the uncertainty around the expected restructuring and also high costs — Thompson also cancelled Yahoo’s annual global sales meeting, which was to be held for about 1,300 advertising staffers in Florida later in the month.)

“We are moving as fast with real urgency to move back to Yahoo playing offense once again,” said the Thompson memo, which was read to me by several sources, because of increased worries about the company once again hunting for leakers.

(Apparently, like his predecessor before him did unsuccessfully early in her tenure, Thompson is on a yet another pointless hunt for those who talk to outsiders. Memo to Scott: Yahoo is an online media company and not a pay-for-that-used-iPad-on-eBay outfit and the peeps there like to share.)

Back to the memo action. “Were are fundamentally rethinking every part of our business and looking at all options to put maximum effort where we can succeed,” wrote Thompson. “I’m putting tons of pressure on my leadership team … so we can move faster and more deliberately.”

He added — and the bolding is his — “the changes we make will not be incremental ones. We will make bold, fundamental changes to what we do and how we do it.”

After properly freaking the Yahoo staff out — with everyone trying to grok exactly what that meant in terms of their jobs — Thompson then went into three core things the company was going to focus on under his rule (more bolding!):

“1) Focusing intently on those parts of the business that have a competitive advantage.

2) Liberating all of us to work faster and make better decisions.

3) Thinking really creatively about how to build new businesses that leverage our trusted relationships with users.”

Those will be applied, wrote Thompson, to five key parts of Yahoo: Its core business (such as the homepage and news); platforms (such as its cloud services and Yahoo Publishing Platform); data (which Thompson said was the “single most underrated, underappreciated and underused asset, also calling it a “cornerstone for the next generation” of Yahoo); international; and an amorphous thing he called “our future.”

About that, Thompson said Yahoo would “go beyond simply protecting our core assets … we will more than just tweak what we have today … to innovate, acquire and disrupt outside our core.”

Then, without giving any specifics at all, he noted that it’s as “important to know what we’ll do as how,” before launching into three “core principles” for the company, which were all in bold caps (this dude loves punctuating, which I can appreciate!).

They are:

“LISTEN, UNDERSTAND AND PUT THE CUSTOMER FIRST.

GET STUFF DONE.”

(Thompson also underlined “listen,” as well as bolding it, in an orgy of key-shifting.)

“I learned early in my career that innovative concepts without execution are of no value,” he then said, in a classic business-bromide tone. “The Yahoo of the future has to be the organization that consistently surprises the world by how much we get done and deliver to our customers.”

The letter did reference the patent-infringement lawsuit with Facebook at the very end.

“I want to point out that this lawsuit has one simple purpose: Protecting valuable assets of the company and its shareholders,” Thompson wrote. “Others have respected and have licensed our valuable innovations and Facebook must too.”

Thompson ended by noting that “my door is open.” It will be interesting to see who has the guts to walk through it today.

While it’s hard to believe that a decade has passed since the terrorist attack on the World Trade Center in New York, the 10th anniversary is fast approaching.

One of the myriad of tributes will be “Rebirth,” a documentary film that employs time-lapse photography and also just time passing in the lives of those who lost loved ones in the tragedy.

The film will get both a theatrical and a television release around September 11, and it looks like it deserves it.

Until then, here’s the gripping movie trailer:

There might have been tweets right from the Pakistani city of Abbottabad at the time of the attack, but this disturbing ABC News video from inside the house where the U.S. raid on al Qaeda terrorist leader Osama bin Laden took place depicts it in ways 140 characters simply cannot.

Warning: It’s a bloody scene in what appears to be a bedroom.

Here’s the video:

“We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network.”

In an email that it is sending its 70 million-plus customers of the two services, Sony said it believes that the attackers obtained personal information associated with accounts, including names, addresses, email addresses, birthdates, usernames and passwords. It said there is “no evidence” that credit card accounts have been breached, but that it cannot rule out that possibility. “If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained,” the statement says.

The attackers may have also seen purchase histories. Sony also says that a class of lesser accounts, known as sub-accounts, that are usually held by adults for their children, have been breached. “If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained,” Sony’s statement says.

It’s the latest in a long string of breaches involving customer data. Last year Silverpop Systems suffered a data breach that forced several large companies including McDonald’s and Honda to advise people who had signed for marketing messages from their Web sites to change passwords they use on other sites. As with those incidents, Sony is asking customers to change any passwords they may also use on other sites. (Lesson: Don’t use a single password on more than one site.)

The breach opens Sony’s customers up to the possibility of other kinds of attacks using their information. Armed with one set of information, say the knowledge that they have an account on Sony’s PlayStation Network, an attacker could send a customer an email pretending to be Sony seeking an updated credit card number or could send one pretending to be from the target’s bank asking for account information. As Sony puts it:

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking.

Sony says it has hired an outside security firm to conduct an investigation into the incident, though it declined to name it. Its gaming service still hasn’t been restored, though it said it expects to have it up and running again within a week. The incident has marred the releases of two eagerly anticipated games on the PS3, Portal 2 and Mortal Kombat, leaving those who bought them playing only in non-network mode.

That’s the essence of a new report from researchers at George Mason University.

George Mason professor Angelos Stavrou and some colleagues used an Android smartphone to launch a covert attack, but Stavrou said that any smartphone could be vulnerable when synchronizing to a computer or even just plugged into a charger. Once a cable is compromised, Stavrou said, it can attempt to act as an input device. Like a mouse or keyboard, it can then send signals to take control of a connected computer or phone.

The attack vector is especially pernicious because users aren’t even thinking they might be vulnerable.

“The typical user inherently trusts the connection when hooking up devices using a USB cable because they think they know what it is supposed to do, and they own the two connecting devices,” says Stavrou in a blog post. “Attacks through USB cables haven’t been seen before, so there are no defenses in place to prevent or even detect them.”

Google has said 58 malicious apps were uploaded to Android Market and then downloaded to around 260,000 devices before Google removed the affected apps last Tuesday evening. It isn’t clear how many users activated the applications, a Google spokesman said. But users who did activate the apps, which included Super Guitar Solo, Advanced Barcode Scanner, Bubble Shoot and many others, ran the risk of having their personal data stolen from their phone and sent to a remote computer server.

One potential clue lies in the server used to help carry out the attack. John Hering, CEO of mobile security provider Lookout, said that as part of his company’s investigation of the incident it found that the attack’s “command and control” server, which received the stolen data from the smartphones, traced back to Hurricane Electric, an Internet service provider based in Fremont, Calif. Mr. Hering said his company contacted Hurricane Electric on the morning of March 2 soon after it discovered the server’s role in the attack, and asked the company to shut it down.

Read the rest of this post on the original site

The company told VIP users the attack was “extremely large,” describing it as “multiple Gigabits per second and tens of millions of packets per second.”

Automattic said it had fixed the slowness early this morning, but it apparently flared up again a few hours later, according to the WordPress.com Twitter timeline.

Automattic has said it receives DDOS attacks frequently, but is usually able to contain them from affecting users. (The chart pictured here is from a previous attack.)

At this point we don’t believe AllThingsDigital was affected by the attack.

No, not the tech industry. The ad industry.

Verizon is attacking AT&T, AT&T is attacking Verizon, and T-Mobile is attacking both of them. Only Sprint is staying out of the fray, taking its mother’s advice that if it doesn’t have anything nice to say, it should perhaps just say nothing at all.

Among the more recent attack ads was one from Verizon touting the sound quality of its iPhone. Now, AT&T is firing back at Verizon with an ad touting the benefits of talking and surfing the Web at the same time, which is apparently very important for procrastinators. (That said, Mobilized is a huge procrastinator and rarely ever talks and surfs at the same time.)

The ad comes on the heels of Verizon’s announcement earlier Friday that it had sold out of the iPhones it had available for pre-order on Thursday. The iPhone goes on sale for all customers, including would-be switchers, next Thursday.

In any case, here’s the ad:

While he won’t officially take over as CEO of Google until April, the recent full-frontal slapfest on Microsoft’s Bing search engine for shoplifting results from the search giant was so Larry Page in tone and temperament that it brought back memories from many years ago when I covered Google more closely.

Like the time in 2004 when he railed on the investment banking system as Google considered its IPO. Or, a meeting in 2005 when Page aggressively argued minutiae about the size of Google’s index size after Yahoo claimed its data trove was bigger.

And my ears are still ringing from a Googleplex lunch we had in the midst of his ire over a 2005 story on CNET that chronicled a lot of personal information about CEO Eric Schmidt, trying to show how much data was easily available on Google.

Page thought it best to be on the offensive and attack the report as a privacy violation, while I took the position that it was accurate and fair game and you don’t argue with the press and win.

It’s unlikely Page remembers any of this, but I do because I kept notes as part of my ongoing assessment of his characteristics as an Internet leader.

In fact, after our first interview in 2001, my notes on the encounter had this one line underlined and in all caps:

LARRY PAGE=BILL GATES.

It was not meant as an insult, but I can tell you I never wrote such a note about Page’s co-founder, the jokey and affable Sergey Brin.

Even then, Gates had a fearsome reputation as a manically competitive exec, a cutting manner to those not as smart as he clearly is and a reputation as a very tough and often eviscerating boss. (And all that was also my experience whenever I was interviewing him.)

While much wonkier, friendlier and more of a sensitive new-aged male, Page, it seemed to me, had the exact same obvious drive and aggression as Gates.

I stopped covering Google as closely years later–for personal reasons (see disclosure above)–and, thus, largely fell out of regular touch with Page.

But in reading the tough quotes and later blog post by Amit Singhal–quite possibly the sweetest dude at Google–accusing Bing of cheating, it felt like he was channeling Page’s very clear and nerdily indignant voice again.

In a nutshell: We have data to prove Microsoft’s stealing. Look at our detailed proof from our complex sting. We are outraged by this violation of geek code. Don’t you lay people get it?!?

I would wager that we’re about to see a lot more of this pugnacious, in-your-face tone from Google under Page’s leadership, which could have far-reaching implications for the company.

While I have no idea if it was his decision to let loose the dogs of algo-war on Microsoft, many with knowledge of how Google manages its public persona observed to me this week that this was just the kind of popping off that the outgoing Schmidt often tried to mitigate and soften.

But such bravado will play well with Google’s elite and pampered engineering corps in Silicon Valley.

And, in any case, PR considerations have never really been the point for Page, who cares not for how it might come off in the media (which he largely disdains anyway).

Which is to say like a temper tantrum of a very smart and very gifted child, who is probably largely right, but should not be quite so exercised given the level of violation.

No matter, since Page likely still lives and breathes data and algorithms and the Spock-like application of information.

It’s the rest of us who are illogical.

According to a post on Microsoft’s corporate security blog, the vulnerability resides in something called MIME HTML or MHTML, which allows certain Web content to be rendered in a browser or other applications, such as an email program. As with so many other vulnerabilities that have come before it, an attacker sends you an HTML link to trigger a script in Internet Explorer that could do bad things, like collect user information.

The easiest fix? Use Firefox or Google’s Chrome browser, which are unaffected. But for those devoted to IE, Redmond is suggesting that people turn off the ability to handle MHTML until a fix is ready. How to do that? There’s a helpful FixIt button, in yet another blog post on the subject, that downloads the software needed to enable the temporary measure.

The vulnerability was first disclosed on a Chinese Web site last week. So far, there’s no evidence that anyone has gone to the trouble of carrying out an attack using this method, but hey, with zero-day vulnerabilities, you never know.

All the security attention paid in recent years to securing the Windows desktop and the applications running on it have paid off a little, Cisco found, making it harder for computer scammers to successfully carry off their intended crimes on that platform. The trouble is they’re now starting to focus more attention on mobile devices, including Apple’s iPhone and iPad, and devices running Google’s Android operating system, Cisco said.

Meanwhile, the overall global volume of spam, which often contains troublemaking links that are used to deliver attacks, decreased for the first time ever in 2010. Even so, spam still increased in some developed countries where broadband connections are multiplying. In the United Kingdom, spam volume nearly doubled, while the volume in France went up 115 percent. The U.S. saw a slight decline–11.1 trillion messages down from 11.3 trillion in 2009. Spam in Brazil, China and Turkey also declined. Some of the decline can be attributed to last year’s arrest by FBI agents in Milwaukee of a Russian accused of being the “king of spam,” and to the shutdown of a few botnets used by scammers to send spam.

One thing about Cisco’s report that’s likely to draw some attention is its finding that the raw number of vulnerabilities on Apple products appear to be growing. Apple users are usually pretty sensitive about this topic, and any comparison of the Mac to Windows on the security front tends to make them grind their teeth and pound out annoyed comments on tech blogs. I know because I’ve done the same teeth-grinding and have in the past criticized other reports for similar findings.

Here Cisco is addressing vulnerabilities that Apple has itself documented and patched in software updates. One thing that’s not clear to me–though it sure looks like it–is whether Cisco is combining vulnerabilities found on both iOS (iPhone and iPad) and OS X (the Mac). The data it’s using is from its IntelliShield service, which tracks vulnerabilities and security incidents, and shows that over five years Apple’s vulnerabilities rose, from less than 200 in 2006 to more than 350 in 2010. That rate was higher than Microsoft and Hewlett-Packard and Cisco itself, the report found, though it goes on to say that Apple has worked harder than most other vendors to protect its users. Security is one of the reasons Apple imposes such strict rules on what’s available in the App store, though people still jailbreak their phones.

Another trend Cisco found is something called “money muling.” Tom Gillis, VP and general manager of Cisco’s Security business unit, describes money muling as using unsuspecting people who are attracted by “work at home” spam messages and Web ads to participate in money laundering by moving small amounts of money into bank accounts, just a few thousand dollars at a time. He says the operations around this are becoming increasingly elaborate, and criminals will devote a lot of effort to developing it this year.

I talked with Gillis about the report and other security trends that Cisco found. Here are a few highlights from our conversation:

NewEnterprise: So you’re seeing fewer attacks on Windows and more on mobile devices. Is that simply because there are more of them?

Tom Gillis: It’s the simple fact that there’s this new class of mobile device coming into the enterprise that used to be a phone and now it’s a computer, and it can access enterprise information. So what we’re seeing is that the raw number, but not the severity, is down on Windows. Part of this is that Windows 7 was a very good release on Microsoft’s part from a security standpoint. And we’ve got these new devices coming into the enterprise, and so we’re seeing a shift in focus of attacks on these mobile devices. They’re vulnerable to attack and they’re relevant in the enterprise. Two years ago this would have been too small a population to be meaningful.

What kind of attacks are you seeing?

It varies. In some cases there’s a little “phone home” code in a free gaming app. Pretty gentle stuff so far. But as people start using smartphones to access sensitive information we need to start thinking about security considerations on these devices. There’s a larger theme here that the whole nature of attacks is changing dramatically. The fact that spam volumes dropped at all is a big tell. For 10 years this has only gone up. We’re not forecasting a steady decline in spam, but the fact that it slowed down at all is an indicator of the shift in the way that attackers are using email. The attacks are more targeted and personal, for one thing.

Can’t some of this decrease be attributed to some of the arrests that happened last year?

It can. There’s been a handful of arrests. And they went after not only the botnet operators but other parts of the spam value chain. There are firms and entities that build botnets of compromised machines that relay the spam, and then there are other firms and entities that rent time on those botnets that do the merchandising. The biggest category is selling fake pharmaceuticals. Some of these fake pharma operations were shut down and the people associated with them arrested. It’s not an easy thing to do, because they’re global, they move around, and so to make an arrest in this space is a huge accomplishment.

So what is the thinking now about securing the mobile device?

We think there are two ways to make mobile devices work in the enterprise. The flood of devices into the enterprise is huge, and everyone wants to use them to check their email and access corporate directories and other fundamental things. There needs to be some kind of software on the end point–the phone or device. It will have to be light. You can’t have some kind of antivirus suite running on the phone. It would be a little piece of software that’s on all the time that knows when you’re behind the corporate firewall and when you’re not, and manages your connection accordingly. We bought a company called ScanSafe that has 40 data centers around the world. When you’re outside the firewall it connects to you the nearest data center and enforces your corporate policies, but all you as the user know is that it just works. This notion of being on or off the corporate network goes away. And we can do all kinds of scanning for security, independent of the device that’s being used.

This year we also saw the Stuxnet attacks, which we now know for certain were carried out against the Iranian nuclear program. Clearly this is a new kind of attack that can be mounted against industrial control systems via computer networks. Is Cisco researching this?

Massively. Often these types of attacks are targeted against Cisco’s biggest enterprise customers. Who buys Cisco’s infrastructure? The biggest banks in the world, the defense contractors. If the goal of an attacker is to disrupt an economy, their targets will be our customers, and they’re demanding a response from us. I like to call it global threat correlation, but it comes down to taking huge samples of network traffic and picking out good traffic from the bad. Cisco has a good advantage here because our equipment is so widely deployed around the world. As we start measuring traffic we can develop reputation data on every publicly routable IP address on the Internet. As we start putting telemetry info into that equipment–and the customer can choose to enable it or not, and it’s turned off by default. But people turn it on because it helps them against the unknown kind of attacks that are popping up. If a Web server says its a Web server, but you just saw it sending spam three minutes ago, there’s a pretty good chance it’s part of a botnet. Once you know that you know that, you can start to mount a pretty good defense. We’re putting a lot of energy into developing that, and it’s proven to be pretty robust.

I can’t remember a year during which computer security stories jumped so readily from the tech and business pages to the front page.

The year 2010 was bookended by two such cases. It opened with Google’s disclosure that it had come under attack in China, an apparent attempt to penetrate the Gmail accounts of certain activists and journalists.

It ended with the WikiLeaks affair, which stemmed from the alleged theft by an Army private of classified documents stored on a government network.

And let’s not forget in mid-year came the story, as fascinating as it was sobering, of Stuxnet, a computer worm developed by parties unknown–although the smart money is on Israel–that penetrated and ultimately damaged equipment used in the Iranian nuclear program.

Computer hacking–which has for too long evoked images in the public mind-set of teenagers in basements taking digital joyrides–has finally revealed itself to everyone for what it has long been for those in the know: The domain of espionage, sabotage and possibly warfare.

In Google’s case, the attacks upon its systems raised questions about where it draws the line with authorities in Beijing about such matters as freedom of speech. When the attack was first disclosed, Google publicly mulled shutting down its operations in China.

Then in protest, it stopped censoring its search results, giving mainland Chinese access to the same search results available to residents of Hong Kong. Beijing responded by blocking access to Google’s site.

Finally, Google and China came to a new agreement, and Google appeared the loser in the battle of wills.

Computer security is one of those things that companies and governments say they take seriously, but never really seem to get a grip on, judging by the results.

In any case, there is no firewall or software in existence that could have prevented Bradley Manning from stealing the documents that he is alleged to have given to WikiLeaks. As a low-level Army intelligence analyst, he was a trusted insider who had access to this material in the course of his day-to-day job.

So, it was not technology that failed. The failure was one of internal policies that allowed him access to data not relevant to his position.

Any employee of a midsize company can see how wrong that is. Human-resources documents are limited only to those who work in that department. The same is true of people who work in the legal office, business development department and so on.

But it apparently didn’t occur to anyone in government to limit the access to what became the WikiLeaks cache to people who worked only for or closely with the State Department.

If it turns out that thousands of companies are better at protecting their business secrets than the U.S. government is, then it’s not for nothing that the Central Intelligence Agency task force investigating the WikiLeaks affair bears the initials “WTF.”

Something similar was true of Stuxnet. One of the reasons the attackers, whoever they are, succeeded was that they used several so-called “zero day” vulnerabilities in Windows.

These are undocumented weaknesses that hackers save up for special occasions as a way to open a back door into a computer and then insert a troublemaking payload, like a worm. Zero day exploits are a fact of life, and once spotted in the world, they’re usually patched.

The Stuxnet attackers used as many as four zero day exploits as a way to get their worm into targeted computers. Microsoft, to its credit, made short work of fixing them once they came to light.

Even so, the Stuxnet worm burrowed its way from Windows machines into industrial control computers known as SCADA systems, which are widely used to run factories, power plants, pipelines and all sorts of other infrastructure essential to modern life.

The worm was designed to find a specific target: The systems controlling a set of as many as 1,000 centrifuges at the uranium enrichment facility in Natanz, and make them spin faster than they were supposed to.

The ability to attack industrial computers and cause them to do things they’re not supposed to do has been a lingering fear among security experts for years. Researchers at the U.S. Department of Energy in 2007 looked at the potential for attacks on SCADA systems and proved that it was possible to seize control of an electrical generator and then make it destroy itself.

They also found that many of these systems are connected to the Internet for what seem like good reasons: Convenience and cost savings. But these connections have also opened them up to the same kind of attacks that rattled the Iranian facility in Natanz.

Another Stuxnet-like worm, the thinking goes, could be used to bring down a power grid, or poison drinking water, or shut down an oil or gas pipeline. The good news is that such an attack is expensive–Stuxnet, by one estimate, cost $10 million to create–and requires a lot of specialized insider knowledge.

The bad news is that the Stuxnet source code is circulating in the wild for anyone to study. And as the WikiLeaks case shows, there are often insiders willing to take part in criminal schemes.

The other bad news? Securing these systems won’t come cheap.

If history is any judge, there will likely be a barrage of computer security companies that try to spin these incidents into opportunities to make a sales pitch. That’s what security companies do, after all.

But they usually miss the point. How can you plan for a vulnerability you’ve never seen? How can you stop an otherwise trusted insider from abusing their access to sensitive information? Both are fundamentally difficult problems for which there are no easy answers.

Spending money on last year’s security vulnerabilities is like preparing to fight the last war: Circumstances inevitably change, and they certainly will in 2011. New kinds of attacks will arise, and they will catch their targets by surprise.

And the public, like the CIA, will reasonably ask, “WTF?”

The unvarnished fact is that the networked society to which we’ve become accustomed in the last several years has a soft, vulnerable underbelly.

And the more we rely upon it, the more people with a combination of advanced technical skills and repugnant motivations are going to look for ways to turn it against us.

Some will do so as a means of making a personal profit. Others may see it as a way of advancing a political or ideological agenda.

But others will want to use theirs skills to do serious harm to innocent people on a large scale.

And the events of 2010 point the way to a world where that’s a more realistic scenario than it ever was before.

Offline instant messages and group video chat services remain offline, he said.

Bates said Skype now knows what caused the crash, but he didn’t disclose it. He ruled out the possibility of some kind of malicious attack, and said it’s conducting a detailed postmortem.

This would probably be the worst time for Skype to experience a high-profile outage. Though the Skype service is working today, lots of people who might have used it to call family members heading into Christmas may have made alternate plans.

However, the failure, whatever its cause, is also a reminder that Skype isn’t always in charge of its own ability to stay online. In 2007 an otherwise routine Windows security update issued by Microsoft forced an abnormally high number of PCs running Skype around the world to restart at roughly the same time. A software flaw prevented the Skype peer-to-peer network from compensating properly and the service crashed for two days.

This incident will also hurt its reputation with two key constituencies: Prospective business customers and potential investors. Business customers will rethink plans to deploy Skype. And potential investors will question whether this company has its act together, hurting the potential benefit from its forthcoming IPO.

To its credit, Skype did manage to restore service much faster than it did in 2007, as SkypeJournal notes here.

System failure is one of the risks that Skype admits to in its S-1 filing with the U.S. Securities and Exchange Commission. Of the 2007 failure, Skype says in its filing:

“We experienced significant adverse publicity and lost net revenues as a result of this outage, and any similar outage in the future would likely harm our business. As we increasingly introduce products particularly targeted at business customers, any system failures could have a significant impact on our ability to attract or maintain our relationships with business customers.”

Bates’s video message to customers is below.

However, we’re starting to get more information about how the McDonald’s incident appears connected to hacking incidents at other sites. Chicago Business is reporting that the company responsible for McDonald’s email marketing is Silverpop Systems, and that it had been operating under a subcontract from Chicago-based Arc Worldwide.

So who else is a customer of Silverpop? Yesterday I received an email from someone who’s a customer of deviantArt, a social network where artists share their creations. DeviantArt has a base of 13 million users. Got an account there? You’d better change any passwords that overlap with other sites. The site advised customers that their accounts were compromised, and blamed Silverpop.

It could extend much further yet. Silverpop has more than 100 clients, and not all of them are publicly disclosed, though here are a few, found on its client quotes page and its case studies page: Stamps.com, Pitney Bowes/Mapinfo, Encyclopedia Britannica, Santander Consumer Finance and watchmaker Fossil. There’s no word how any of those other companies are affected, if at all.

Silverpop CEO Bill Nussey said in a blog message to customers that the FBI is investigating the incident, and that only a small percentage of Silverpop customers have been affected. He also said that Silverpop was “among several technology providers targeted as part of a broader cyber attack.” Stacy Kirk, a Silverpop spokeswoman, wouldn’t say anything beyond what’s in Nussey’s message.

I’m beginning to wonder if there’s some indirect connection between what happened to Silverpop and what happened to Gawker. I’m speculating here, but it’s no stretch of the imagination that numbering among deviantArt’s 13 million users are some of the 1.5 million people whose accounts were compromised in the Gawkergate affair. And the FBI is investigating both. Thomas Plunkett, Gawker’s technology chief, told me by email that there’s no evidence of a connection. Then again, as Business Insider tells it, he hasn’t yet had his meeting with the FBI.

Maybe I’m looking for connections that aren’t really there, but it’s really not hard to see how the breach at Gawker could turn out be the start of a domino effect that’s much larger than anyone has yet realized. There certainly is a lot of grumbling about changing passwords today.

If you know more more about any of this, get in touch!

Below is the email to deviantArt users.

From: deviantART.com (address deleted)
Date: Mon, Dec 13, 2010 at 5:54 AM
Subject: RE: Email Notice

Silverpop Systems, Inc., a leading marketing company that sends email messages for its clients, told us that information was taken from its servers. This was probably part of a sweep by spammers. As a result, email addresses belonging to deviantART members were copied. Corresponding usernames and birth date may also have been removed.

We can assure you that nothing occurred on our systems with respect to this incident and no access was gained to private information on deviantART’s servers.

As a member of deviantART, you certainly have a right to know when an incident of this kind occurs. Unfortunately spammers are an unavoidable part of living on the Web.

The likely result of this event might be an increase in spam to your email. Experts have told us that there is an increase in email scams out there on the Internet and you should be cautious. Only click links or download attachments from people you know, particularly if they ask for personal information, and be sure that your email service provider has adequate spam filters.

Because we value the information that members give us, we have decided not to rely on the services of Silverpop in the future and their servers will no longer hold any data from us.

Yahoo spokeswoman Dana Lengkeek just emailed a statement saying that some Yahoo users were required to reset their passwords. “As part of our ongoing security measures we issued a password reset to some users. Yahoo! does this periodically to ensure the security of users.” She didn’t specify whether or not this was in direct response to the Gawker incident, but it’s not hard to conclude that it was, given the timing. I’ll update if Yahoo says anything further.

I have a Yahoo account and was required to change my password today, and yes, I also had a Gawker commenting account, so at this point it’s safe to say they certainly seem connected.

Meanwhile, Blizzard Entertainment (developer of World of Warcraft and provider of the Battle.net gaming service) was abundantly clear about the connection in an email to its customers. “We’ve recently been informed that several Gawker Media websites have been compromised…To help minimize the effects of this compromise and help keep your Battle.net account safe and secure, we’ve reset your account password,” it said.

Other Web incidents–perhaps connected to Gawkergate, perhaps not–have occurred during the past few days as well. For instance, McDonald’s disclosed that a database containing email address and birthdates of people who had signed up to receive promotions was compromised. It notified those customers on Monday. Again, it’s not clear what connection, if any, there may be to the Gawker incident, but the timing certainly makes it seem possible. I’ve asked McDonald’s for a comment and will update if I get one.

In another incident, drugstore chain Walgreens disclosed on Friday that a database of email address belonging to its customers had been breached. Given the timing–the Gawker incident happened over the weekend–it’s probably not connected, though it’s hard to be sure, as the folks at Anonymous Gnosis, the group that attacked the Gawker sites, say they’ve had access to the database for about a month. I’ve asked a Walgreens spokesman for a comment, and as with all the other cases above will update if I hear back.

This comes on top of other related forced password changes at Twitter and LinkedIn, as my colleague Peter Kafka reported earlier today.

Meanwhile, our friends at Digits have a fascinating graphic on the Top 50 passwords used on Gawker. Topping the list: “123456,” “password” and “12345678.” The two lessons in all this? Make your passwords complex, and don’t use the same password for multiple sites.

Example 1: Twitter saw a rash of promotional tweets for a bogus berry weight-loss product, the result of a security breach thought to be connected to the Gawker break-in.

Example 2: LinkedIn has temporarily disabled the accounts of any users whose email addresses turned up in the public database of hacked accounts. It’s asking those users to reset their passwords.

LinkedIn PR guy Hani Durzy says the move, which started yesterday afternoon, has only affected a “small fraction” of LinkedIn’s 85 million members. He says the social network made the decision proactively, not because it had any evidence that any accounts had been misused;  LinkedIn now has a blog post on the topic.

Some context/math: Gawker has said it has had to notify users of 1.5 million email addresses to change their passwords following the break-in.

If, for argument’s sake, half of those emails belonged to LinkedIn users, that would be less than one percent of the company’s user base. And likely much less: For some reason I have two emails connected to my single LinkedIn account. And both were exposed during Gawkergate, so I got two emails this morning.

No real debacles so far, but that doesn’t mean we won’t see them. Who’s next?

Denton being Denton, he made his mea culpa in a relatively obscure corner of his blog network–an open comments thread with Gawker readers. And if you had a bit too much of the wrong kind of skepticism, you might think that this photo Denton posted to the thread was a bit cavalier:

But nope, says Denton. That’s real contrition: “Okay, here you go. That’s me on the left and Tom Plunkett, our CTO, on the right. We’re looking appropriately glum. It didn’t take any acting.” (Also worth noting that Denton was responding directly to a reader request for “a photo of yourself wearing a dunce cap or something of that nature. With a big ‘I’m sorry’ sign.”)

In more important news: Denton’s sites, which stopped posting yesterday afternoon as a result of the attack, are now back up again. And if you’ve ever left a comment on one of the sites, you should go there and change your password, then do the same at any other site where you’ve used the same login/password combo.

A few other notes:

• Gawker Media says that readers who used Twitter or Facebook logins to leave comments on the blog network haven’t been affected. But people who used the same login on Gawker as they have on Facebook or Twitter may very well be in trouble. Which may be one reason so many Twitter users I know are now promoting a bogus weight-loss berry.
• There’s a Google document that contains some of the hacked email/login info, and something called Hint has been emailing some hacked commenters with a reminder to change their passwords. (Who are they? Why do they want to associate their yet-to-launch site with a security breach? Anyone?) But not finding your info on the document and not getting an email doesn’t mean you don’t have a security problem. Play it safe and change your password now, regardless.

Investment bankers and stock markets can calm down–Microsoft and Adobe are not in talks about an acquisition.

Spurred by a story in the New York Times that Microsoft was eyeing the software company for purchase, Adobe (ADBE) stock went wild today, up 11.5 percent to $28.69.

Except, according to numerous sources at both companies with whom I talked today, it’s “nonsense.”

Sure, it might be an interesting idea–kind of like AOL (AOL) and Yahoo (YHOO) merging–but that’s not the case at this point either.

Chalk this one up to blabby bankers and stock speculators–this might be a good rumor for regulators to look into.

Of course, as is typical, the execs at both companies talk a lot–you might have noticed that Adobe has a lot of software that is popular on the Windows operating system.

So, they had a meeting!

But it is kind of hard to do an acquisition when “Steven A. Ballmer, Microsoft’s chief executive, recently showed up with a small entourage of deputies at Adobe’s offices to hold a secret meeting with Adobe’s chief executive, Shantanu Narayen.”

Memo to the Times: When there is an acquisition afoot–in my experience–it’s all private airplanes and law offices and not a company HQ visit by the very loud and very noticeable Ballmer, the exact polar opposite of a shrinking violet.

In any case, it is not a big surprise at this point if longtime rivals like Adobe and Microsoft (MSFT)–which makes a competing video technology called Silverlight to Adobe’s Flash–talk about trying to stop the explosive growth of Apple, especially in the mobile space.

Microsoft is about to launch its Windows Phone 7, after many cloddish efforts in the arena have failed, and Adobe has been subject to a withering attack from Apple (AAPL) and its CEO Steve Jobs.

Jobs, in no uncertain terms, has dissed Flash relentlessly as a technology.

Others have not, such as Google (GOOG), which recently showed strong support for Adobe’s Flash in its recent launch of Google TV.

In fact, it is Google that is more mentioned in Silicon Valley as the logical acquirer of Adobe, if there were to be a sale.

Along with all its various assets, such as the Photoshop and Acrobat software that dominates online publishing, Adobe’s Omniture unit is one of the more powerful and popular analytics companies on the Web, which is right in Google’s wheelhouse.

Personally, that’s the one I would bet on, although that’s entirely me speaking.

Until that happens, here is a video interview of Jobs smacking around Adobe and Flash at the eighth D: All Things Digital conference in June:

Please see this disclosure related to me and Google.

]]> http://allthingsd.com/20101007/adobsoft-nonsense-on-the-microsoft-adobe-rumor-in-any-case-itd-more-likely-be-goodobe/feed/ 13 http://allthingsd.com/20100601/in-other-news-windows-mobile-phones-are-banned-from-apple-hq-and-talking-up-sap-to-larry-ellison-is-a-bad-idea/ http://allthingsd.com/20100601/in-other-news-windows-mobile-phones-are-banned-from-apple-hq-and-talking-up-sap-to-larry-ellison-is-a-bad-idea/#comments Tue, 01 Jun 2010 12:00:51 +0000 John Paczkowski http://digitaldaily.allthingsd.com/?p=41780 Microsoft’s Windows operating system runs about nine out of 10 PCs worldwide. But not those at Google. Not for much longer, anyway. Sources inside the company tell the Financial Times that Google is no longer offering employees Windows as an operating system choice, steering them instead to Apple’s OS X operating system or Linux.

The reason is ostensibly security concerns related to the attack on its corporate network late last year. “We’re not doing any more Windows. It is a security effort,” one Google employee told the FT. “Many people have been moved away from [Windows] PCs, mostly towards Mac OS, following the China hacking attacks,” said another.

Which makes some sense, given Windows’ history of security vulnerabilities. That said, Google’s increasingly vicious rivalry with Microsoft (MSFT) clearly plays a role here as well. As does the forthcoming launch of the search giant’s own competing operating system, Chrome OS.

This move by Google (GOOG) was inevitable and, frankly, a long time coming. To chalk it up simply to security issues is to ignore the bigger picture here, as Microsoft’s VP of corporate communications, Frank Shaw, wryly noted in some caustic tweets this morning. “News flash: Google boards up all windows in its global HQ, citing security concerns. Must credit FT,” he wrote. “News flash: Google bans Bing from its computers. Must credit FT. Picture on Bing home page is distracting to G engineers.”

]]> http://allthingsd.com/20100601/in-other-news-windows-mobile-phones-are-banned-from-apple-hq-and-talking-up-sap-to-larry-ellison-is-a-bad-idea/feed/ 0 http://allthingsd.com/20100420/well-at-least-google-didn%e2%80%99t-ahem-lose-it-in-a-redwood-city-bar/ http://allthingsd.com/20100420/well-at-least-google-didn%e2%80%99t-ahem-lose-it-in-a-redwood-city-bar/#comments Tue, 20 Apr 2010 14:15:29 +0000 John Paczkowski http://digitaldaily.allthingsd.com/?p=38708 So that “intellectual property” that was stolen in the “highly sophisticated and targeted attack” against Google late last year? Turns out it was some pretty serious stuff–the source code to Single Sign-On, the password system that controls access to most of Google’s services.

Obviously, a significant and worrisome theft. Single Sign-On, or Gaia as it’s known internally, is used to authenticate users of Gmail and a number of other Google online applications, including some designed for business.

Little wonder then that Google (GOOG) responded with such outrage to the attack. While the company was quick to add further layers of security and encryption to Single Sign-On once it discovered it had been compromised, the possibility that the source code to one of the most widely used online password systems in the world is in the hands of someone with malicious intent is troubling.

As the New York Times, which broke the story, notes, access to the system’s source code could reveal some exploitable security vulnerabilities that may have eluded Google’s engineers. And that would be bad news indeed.

]]> http://allthingsd.com/20100420/well-at-least-google-didn%e2%80%99t-ahem-lose-it-in-a-redwood-city-bar/feed/ 0 http://allthingsd.com/20100222/twitter-still-attracting-new-users-phishers/ http://allthingsd.com/20100222/twitter-still-attracting-new-users-phishers/#comments Mon, 22 Feb 2010 12:33:32 +0000 Peter Kafka http://mediamemo.allthingsd.com/?p=16540 Twitter’s astonishing growth doesn’t just generate awe and giant valuations, it attracts scammers who want to prey on the service’s ever-expanding user base.

The most recent example: A new wave of phishing attacks, which are generally–but not always–sent via the service’s “direct message” feature. And which generally–but not always–feature language like “LOL is this you” in the message.

Like most phishing attacks, this one has some telltale signs, if you’re the kind of person who’s inclined to see them. There’s the odd text in the message itself. And the “bzpharma” text that appears in the URL address is a big giveaway.

But! As with many other phishing attacks, if you’re not looking for this stuff or you’re just clicking quickly, it’s easy enough to get duped. The fake Twitter homepage created by the phishers looks real enough, as does the “fail whale” message you get after entering your info.

One easy step you can take to arm yourself against this kind of thing: Follow Twitter’s “Spam Watch” account, which does a decent job of keeping people informed attacks like these. But while that account has 148,368 followers, and tends to get retweeted a lot, the majority of Twitter users still won’t learn about this stuff in advance. Maybe it’s time for Twitter to build some equivalent of the emergency broadcast system.

Meanwhile, if you don’t like reading, the video below from the Sophos security firm (via Mashable) gives you a good idea of what this is all about.

]]> http://allthingsd.com/20100222/twitter-still-attracting-new-users-phishers/feed/ 0 http://allthingsd.com/20100219/google-hack-traced-to-schools-in-china/ http://allthingsd.com/20100219/google-hack-traced-to-schools-in-china/#comments Fri, 19 Feb 2010 13:33:24 +0000 John Paczkowski http://digitaldaily.allthingsd.com/?p=35206 The online attacks that inspired Google’s (GOOG) “new approach to China” have been traced to computers at two educational institutions in the country, including one with ties to the Chinese military.

Anonymous sources close to the investigation into the attacks, which targeted dozens of American corporations, tell the New York Times they originated at Shanghai Jiaotong University and the Lanxiang Vocational School. The former boasts one of China’s top computer science programs; the latter has been known to train computer scientists for the Chinese military and reportedly has ties to Baidu, the dominant search engine in China.

While the implications of these findings seem obvious, insiders differ on what they really mean. Some suspect the schools are being used as a cover for Chinese government operations. Others speculate that they’re being used to hide intelligence operations run by a third country. Still others wonder if there’s no government involvement here at all, speculating that the attacks are criminal in origin and were intended to steal intellectual property from American tech firms.

Regardless of which scenario seems most plausible, it’s important to remember that just because the attacks have been linked to IP addresses at these schools’ networks doesn’t mean they necessarily began there.

Asked about the possibility the attacks originated at his school, a professor of Web security at Jiaotong’s School of Information Security Engineering said it was certainly possible.

“I’m not surprised,” the source told the Times. “Actually students hacking into foreign Web sites is quite normal. I believe there’s two kinds of situations. One is it’s a completely individual act of wrongdoing, done by one or two geek students in the school who are just keen on experimenting with their hacking skills learned from the school, since the sources in the school and network are so limited. Or it could be that one of the university’s I.P. addresses was hijacked by others, which frequently happens.”

PREVIOUSLY:

• Nearly a Month After Debut, Google’s “New” Approach to China Still a Lot Like the Old One
• Google CEO: Ask Not What Google Can Do for China–Ask What China Can Do for Google
• China on “Google Farce”: Our Internet Is Open
• China to Google: No Worries, We Were Planning to Clone Those Android Phones Anyway
• U.S. State Department to Complain to China About Google Hack. Not That China’s Going to Listen.
• Microsoft: “Don’t Be Evil” Is Google’s Motto, Not Ours
• What’s the Chinese Word for Bing? Google Threatens to Leave China.

[Image Credit: China Security Blog]

]]> http://allthingsd.com/20100219/google-hack-traced-to-schools-in-china/feed/ 0 http://allthingsd.com/20100212/googles-brin-says-he-is-always-optimistic-about-china-solution/ http://allthingsd.com/20100212/googles-brin-says-he-is-always-optimistic-about-china-solution/#comments Fri, 12 Feb 2010 19:47:34 +0000 Kara Swisher http://kara.allthingsd.com/?p=24416 Please see this disclosure related to me and Google.

Google’s Sergey Brin took the stage at the TED conference this morning for a brief discussion about the search giant’s recent declaration that it will pull out of the country if it has to continue to censor results.

Google has been quiet about its plans in China since it said a month ago that it was contemplating leaving the country over a range of issues centered on onerous censorship laws there.

Explaining Google’s “new approach” to China in a Jan. 12 blog post, chief legal officer David Drummond wrote:

“We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.”

While not adding a lot more to what has been said, Brin did shed some light on his own and Google’s thinking.

While the Google (GOOG) co-founder would not directly blame the Chinese government for the security attacks on his company, or for others, he did note that the entity was so huge that there was no telling where they came from.

“It might represent a fragment” of the government, he said, although he did not give any specifics, in a short Q&A interview with curator Chris Anderson at TED, which has been taking place this week in Long Beach, Calif.

Brin also noted that he wished all those who underwent cyberattacks, as Google claims it has, would go public.

“If all companies came forward, we’d all be better,” he said.

As to where Google goes from here, after declaring its “intent” to withdraw from China, Brin said the company would definitely not censor political results in the future.

That said–nearly a month after the original statement, Google does continue to censor search results in China.

This will end, Brin seemed to indicate, although he did allow that other kinds of censorship around porn or gambling barred by Chinese law, similar to what Google does in other countries, would remain in place.

Brin said he did not know how the situation would turn out or if Google would come to some kind of compromise.

But he said he is “always optimistic” about some kind of detente with China.

“We want to find a way to work within the Chinese system,” said Brin, but without having to censor political results. “A lot of people might think I am naive and that might be true.”

]]> http://allthingsd.com/20100212/googles-brin-says-he-is-always-optimistic-about-china-solution/feed/ 2 http://allthingsd.com/20100202/twitter-under-attack/ http://allthingsd.com/20100202/twitter-under-attack/#comments Tue, 02 Feb 2010 13:31:23 +0000 John Paczkowski http://digitaldaily.allthingsd.com/?p=34059 According to Sophos’s 2010 Security Threat Report, there has been a dramatic rise in attacks on social networks in the past year. So reports this morning from a number of Twitter users claiming they’ve received an email from Twitter asking them to reset their passwords after a suspected phishing attack are certainly cause for concern–either because they have indeed fallen victim to a phishing attack or because they’re about to fall victim to one by following the email’s instructions (see text below; click to enlarge).

Certainly, it’s difficult to determine if the email is genuine. After all, its subject line is “Please change your twitter password,” and conventional wisdom is to never click a password-reset link in an email. That said, Twitter users who received it and followed its instructions have regained access to the service after being locked out.

So, if you’ve received such an email, tread carefully.

As of this writing, Twitter has not commented on these reports on its blog or status page, though that doesn’t necessarily mean anything. In any event, I’ve asked the company for an explanation and will update here if and when I receive one.

UPDATE: Twitter just sent me the following comment:

As part of Twitter’s ongoing security efforts, we reset passwords for a small number of accounts that we believe may have been compromised offsite. In one case, a number of accounts posted updates indicative of giving their username and password to untrusted third parties. While we’re still investigating and ensuring that the appropriate parties are notified, we do believe that the steps we’ve taken should ensure user safety. We’ll continue provide updates as warranted at @safety and @spam. We do, as always, encourage our users to read our help pages on what to do if your account is compromised: http://twitter.zendesk.com/forums/10713/entries/31796 and how to stay safe on Twitter: http://twitter.zendesk.com/forums/10711/entries/76036.

[Image credit: Andrew R.H. Girdwood]

]]> http://allthingsd.com/20100202/twitter-under-attack/feed/ 0