The popular site Twitter has been experiencing a tremendous amount of phishing attacks that stole the usernames and passwords of site users. Many of these accounts were prominent Twitter accounts. Fox News’ account declared for about an hour that “Bill O’Reilly is gay” while Barack Obama’s account, which was last used in November on election day, posted a long link to a third-party survey with the lure of a gas card prize.

Rick Sanchez, a CNN anchor and frequent Twitterer, was declaring earlier he was “high on crack and might not be coming into work today.” Britney Spears account, started in October to promote her new single and upcoming tour, took a sharp turn from cheerful updates about eating Pinkberry frozen yogurt and relaxing with family to a poorly-punctuated attack on her nether region. Aw, hackers, just leave Britney alone!

Facebook’s Twitter account is also among the hacked, with a link to porn at “http://yougetlaid.info” that was just removed.

It doesn’t appear these hacked accounts are related to the phishing scam of the weekend, as ReadWriteWeb points out, since the phishing works through direct messages that send e-mail notifications to the user that run along the lines of “check out this funny blog about you!” The message includes a link to a site that looks exactly like the Twitter homepage. Once the unassuming user clicks on the link and logs in to the masquerading page, the hackers obtain the user’s log-in information and can take over an account.

According to Twitter many of the offending messages that are known as tweets have been removed.

Twitter also suffered a second large-scale scam yesterday when users began receiving direct messages telling them how to win a free iPhone — by signing up for a $5-a-month text messaging service.

Apple has admitted that CEO Steve Jobs is skipping Tuesday’s Macworld keynote for health-related reasons, after initially pointing to other reasons for his absence. (Credit: James Martin/CNET).

Throughout 2008 Apple was plagued with rumors about Jobs’ health, but steadfastly refused to acknowledge that anything was behind concerns over what many believed was substantial weight loss suffered by the iconic Apple founder. Apple stunned onlookers in December with the news that Jobs would be skipping his much-anticipated Macworld keynote, but said the reason was that Apple had decided not to invest in a Macworld keynote because it would be the company’s last year at the show.

Apple’s board of directors put out a statement Monday acknowledging that Jobs would need some time to recuperate from what he called a “hormonal imbalance” in a letter to employees Monday. Jobs said he decided a few weeks ago that getting to the bottom of his mysterious weight loss was his biggest priority, and doctors had determined that the imbalance was “robbing” the ability of his body to be healthy.

You can read the letter here http://www.apple.com/pr/library/2009/01/05sjletter.html

Jobs will continue as CEO while he is regaining weight in what he called a “simple and straightforward” remedy, which is expected to last until late spring, he said in the letter. “I have given more than my all to Apple for the past 11 years now. I will be the first one to step up and tell our Board of Directors if I can no longer continue to fulfill my duties as Apple’s CEO.”

We hope that Steve has a speedy recovery!

SSL certificates have become a huge part of Internet security. SSL certificates use hash codes generated by a variety of algorithms, to verify their issuer’s identity. The hash code is an important feature of public-key cryptography, which SSL is based on. SSL is used to protect the secret, private code that CAs uses to sign SSL certificates.

The researchers exploited a weakness specific to hashes generated with the MD5 algorithm. The MD5 algorithms are prone “collisions” or to multiple inputs producing the same output.

Security researchers knew that it was possible for MD5 collisions as early as 2004. Most researchers dismissed this as theoretical. The 25C3 researchers said they ran the attack, using a network of 200 PlayStation 3 game consoles at a cost of $657. The attack took only 4 weekends.

Using Amazon’s cloud-computing EC2 service, and about $2000 researchers say they could perform a similar attack. The attack would take about a day.

A successful attack would allow attackers to appoint themselves as an Intermediate Certificate Authority, and then generate trusted certificates without having to contact a real CA. The spoofed certificates could then be used to add the appearance of legitimacy to a phishing site designed to steal bank account passwords, for example.

The Extended-Validation SSL certificates cannot be cracked by the exploit demonstrated at the 25C3 presentation.

Microsoft reportedly downplayed the threat, stating that the researchers withheld important information that renders the attack “not repeatable”.

Customers holding an MD5-signed SSL certificate will need to contact their CA to acquire and install a new certificate on their servers.

Many of us probably manage more than one password, I manage more than 16. It can get frustrating when you forget a password and you have to go through additional steps to obtain your credentials. Secondly, we tend to use the same passwords when we have many to manage, and this can pose a security risk if someone gains access to your information.

There’s a great free solution called Roboforms that can eliminate the hassles of remembering your passwords.

ROBOFORM BENEFITS:

• Easy: Automatically memorizes your passwords and logs you into websites.
• Saves Time: Fills long registration and checkout forms with one click.
• Secure: Encrypts your passwords, fights Phishing, and defeats Keyloggers.
• Strong: Generates random passwords to protect you against hackers.
• Portable: RoboForm2Go runs from a USB flash drive.
• PDA-friendly: Sync your passwords to Pocket PC and Palm.
• Robust: Works with Internet Explorer, AOL, MSN, and other browsers.
• Always Current: Fully compatible with IE 7 and Vista.

Roboforms is spyware and malware free.

Awards:

PC Magazine Editors Choice
CNet Download.com awarded 5 stars
PCWorld.com named top 25 downloads

Visit Roboforms to download your free copy!

http://www.roboform.com/