Elliott C. Back: Internet & Technology

I was watching the MacWorld 2009 Apple Keynote live when a message appeared in the feed–”STEVE JOBS JUST DIED”–surprising everyone. In a few minutes, the MacRumors feed was full of coordinated hacked spam:

Highlighted is the beginning of the spam

MacRumors apologized for the incident: “Our MacRumorsLive keynote coverage was hacked today, inserting inappropriate content into the text and photo feeds. We apologize for the inconvenience and are working to restore our services.” However, it was simply negligence on their part for having a control panel which was publicly accessible rather than some kind of nefarious hack. One of the nicer 4chan readers took this screenshot of it before it was taken offline:

See also When Livestreams Go Wrong and 4chan’s /g board where the chaos originated. Hopefully this will teach bloggers and web startups to pay more attention to the security of their websites, as hacking websites is growing more and more popular with savvy internet pranksters.

Just got this lovely email, pretending to be from Blizzard:

Subject: Warning : World of Warcraft Account Notice
From: donotreply@blizzard.com
To: arfenhousetoo@gmail.com

An investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded. As you may not be aware of, this conflicts with Blizzard’s EULA under section 4 Paragraph B which can be found here:

WoW -> Legal -> End User License Agreement

and Section 8 of the Terms of Use found here:

WoW -> Legal -> Terms of Use

The investigation will be continued by Blizzard administration to determine the action to be taken against your account. If your account is found violating the EULA and Terms of Use, your account can, and will be suspended/closed/or terminated.

In order to keep this from occurring, you should immediately verify that you are the original owner of the account.

To verify your identity please visit the following webpage:

http://www.worldofwarcraft.com/account

Only Account Administration will be able to assist with account retrieval issues.

Thank you for your time and attention to this matter, and your continued interest in World of Warcraft.

Sincerely,
Account Administration
Blizzard Entertainment

See, the thing is that the first two links go to real Blizzard pages, but the last one secretly goes towww.blizzard.com.login.xml.mcnewvision.com, which is clearly a moronic phishing attempt. This leaves me with two questions:

1. Did they target me as a Wow user specifically by harvesting my WoW-associated email address somehow? A Blizzard partial hack?
2. What would they do with my account if they got it? Sell my lousy lvl 45 char on ebay? LOL….

I was somewhat scared when I noticed this list of usernames / passwords for MySpace. Yeah, someone actually managed to hack my MySpace account, which is more incredible given that I don’t ever log into it:

Myspace hacked accounts 3/20/08
Here a list of myspace accounts and passwords

Example:
Username : Passwords get it

MySpace is pretty advanced in this regard; somehow they detected that my account had been compromised and when I logged in now to change the password, I received this neat message warning me:

MySpace Announcement: Your account has been phished!

What can I do?
Change your password. And don’t use your current password ever again. Why do I care? We’ve blocked your account until you change your password. This means you can’t send a message, post a bulletin, send a comment or add a friend until you’ve changed your password.

What does “phished” mean?
“Phished” means that someone stole the email address & password that you use to login to MySpace. They might be sending out messages, comments or bulletins as you!

How did this happen?
You went to a fake page that asked for your MySpace login email and password, and you gave them your info. Only login to www.myspace.com. Learn more

I’ve changed all my users and passwords now, but still it’s a tiring experience…