Today a Twitter user who goes by the name “Bon” utilized a flaw in Twitter’s code to post messages on other accounts (through the Twitter API).

Bon’s exposure of the bug posted this message on hundreds of Twitter accounts:

Looking at Bon’s Twitter page - http://twitter.com/x

Innocent enough, however the fear of hacking was in the air. Soon after the initial run of posts, Bon (who’s page appears to be victimized by the flaw as well) posted this message:

Hello everyone. Twitter has not been hacked. It has merely been taken advantage of. This is my little experiment. Everything is safe. Go back to bed.

The messages continued however and there was no certainty as to whether private information (passwords) had been accessed. Drew McClellan set aside those fears and posted this:

looked at Bon’s page with curl He’s using a CSS url hack to post with the API. It uses the fact that your browser is logged in. Account not compromised

As of right now Twitter appears to be back to normal. Twitterers are twittering that they’re sending emails in, so this issue should be resolved shortly.

In the meantime, this begs the question - how much customization is too much? At what point do we need to worry about compromising a user’s security? Of course, major sites like MySpace face this problem on a daily basis - in fact we reported on a similar issue at Google a few weeks ago. The web 2.0 space demands customization - however there are obvious drawbacks. It will be occurrences like these that help to define the line between security and creativity.

Update: Jack from Twitter responds in the comments below, noting that Bon did in fact alert Twitter about the bug. It is now patched!

Slashdot are reporting that for one title at least, the new AACS HD-DVD copy protection technology has been cracked and the special keys that protect the high-definition content for Serenity have been leaked.

Also, apparently, a decryption utility is available which will strip the encryption and bundled DRM from the high-definition video.

In the battle for content producers to ‘win the war’ against piracy, and to further restrict consumers in what they can do with their purchased content (or at least give themselves the ability to do this) they built the new AACS standard, which will feature on both HD-DVD and Blu-ray movie discs. Apparently, though, they didn’t build it well enough and these early cracks seem to be echoing what happened in the early days of the DVD when its Content Scrambling System was cracked.

I think the question here is have the content industry gone too far? Ever since the home taping days, the big media giants have been obsessed with protecting their content with technical measures. The new AACS includes technology that can ‘blacklist’ devices that have been compromised (they’ve had their encryption keys published, for example) which means that should the media giants so decide, they can blacklist that whole model of player with the release of new HD-DVD/Blu-ray titles.

Will the public accept this? Do people even know and understand and is the ever-increasing restriction of DRM becoming too much for consumers?

As we’ve covered extensively, Steve Jobs’ MacWorld keynote was quite an exciting time today.

Huw and I got together for a short podcast that gives our thoughts on today’s two major announcements: the iPhone and the Apple TV.

The podcast runs 23 minutes and 34 seconds, and is a 16.2mb download.

• Download the podcast
• Subscribe via a feed reader
• Subscribe via iTunes

When Steve Jobs announced the iPhone today, it sounded at first like he was talking about three products. He said that it was a widescreen iPod, a mobile phone and an internet communicator. The widescreen iPod and mobile phone aspects of it were largely expected, but when he said ‘internet communicator’ he was talking about far more than an internet browser and possibly a java feed reader.

Apple announced two major partnerships to support this goal. Jobs was joined on stage by Eric Schmidt (CEO of Google) and Jerry Yang (a founder of Yahoo!). Both are providing different areas of functionality to the iPhone, both potentially impressive.

On a side note, it must have hurt Eric and Jerry that they had to share a partnership with Apple, and didn’t manage to grab all of the business for themselves. It’s a mark of the power of Apple’s brand that Yahoo! and Google were prepared to work with each other just to be a part of the product.

The Google end of the deal involves Google Maps. On the iPhone, when you open Google Maps it will instantly know where you are (presumably from transmitter data). It will then allow you to move around and use a search feature to find local businesses, much like the computer-based product. A nice UI touch is the zooming in, which you do by placing your two fingers together like a pinch over the map, and then pulling them apart. Once you’ve found a local business, you will be able to call them from within the Maps interface. Satellite aerial photography is also available.

Yahoo! is also contributing fairly heavily. The new Yahoo! Go product, announced just yesterday at CES. According to the press release, the key features of this are a local maps widget (which is probably not included in the iPhone product given the partnership with Google), personalised news and stocks etc, photo sharing and email.

They also have a new kind of search built in, called ‘oneSearch’, which is supposed to give answers more useful for mobile users. As I understand it, if I search for ‘pizza’ on Yahoo Go it will return the locations and contact details of local pizza restaurants, whereas if I search for it on the main version of Yahoo, it will provide me with information about Pizza. All fairly sensible.

So those are the two partnerships summed up. We have more posts about the Apple announcements earlier today coming, as well as a podcast, and you can find all of our posts in the Apple category.

We’ll have a full analysis coming here soon, but here’s a very quick round-up of what happened at the MacWorld keynote.

iPhone announced

Check out more in-depth details from TUAW, but for now, here’s the most important stuff. Yes, despite the recent Linksys iPhone, it really is called the iPhone.

• Touch-screen interface, only one button on the front to go back to ‘home’.
• 3.5″ widescreen display
• 2 Mpixel camera
• Available on US mobile operator Cingular only
• iTunes synchronisation
• Apparently runs OS X (but it’s probably cut-down) and features mobile-enhanced versions of the Safari web browser and Mail email clients.

The iPhone will be available from July in the US.

Apple TV (formerly iTV) announced

Apple’s new linking device which allows you to play all your purchased media from iTunes (for Windows and OS X) on your TV. We first heard about the Apple TV at the WWDC late last year, then called the iTV. It has all the features you’d expect, including 720p HD support, 802.11a, b, g and n wifi support and a 40 GB internal hard drive.

More info is also available at TUAW.

The Apple TV is apparently shipping in February.

No Mac announcements!

Absolutely nothing on Mac OS X Leopard, Apple’s next operating system release and no word on updates to their flagship iLife and iWork software suites (traditionally they’ve released new versions of the suites at MacWorld). In fact, from what I can tell, nothing Mac at all!

As I’ve said, we’ll have a bit more in-depth post here on Gizbuzz fairly soon, so stay tuned.

UPDATE: Apple’s site has been updated with some new product pages for the iPhone and Apple TV.

CES is upon us, and Microsoft have apparently been busy and Bill Gates himself demonstrated a new product - Windows Home Server.

The idea behind Home Server is to provide a central location to allow sharing between all the Windows machines in a household and also to provide bridging functionality to other Microsoft products (like the Xbox 360 and the Zune), so that all of your Microsoft-equipped devices in the house can talk to each other.

It also has additional features such as backup capabilities and there is likely to be room for Microsoft to add new features to tightly integrate with Windows Vista (which, in case you’ve forgotten has a public launch on the 30th of January).

But Microsoft won’t be selling the Windows Home Server software - they’re going about it slightly differently. Hardware vendors are invited to build machines based on Microsoft’s reference design for Home Server, and then they can resell Home Server as OEM with their machines. It’s unlikely that the Home Server OS, a cut-down version of Windows Server 2003, will be sold separately - at least not for a while.

The Home Server can be administered via a web-based interface and a ‘Windows Home Server Console’ client application for Windows.

Leaving aside my personal opinions on Microsoft pushing towards domination in yet more spaces, this is an innovative idea and will provide features that maybe even non-geeky households might consider. I think now it’s up to Microsoft to ensure the success of this product by getting third-party software and hardware vendors warmed up to the idea, so they can make their products interoperate and share seamlessly with the presence of a Home Server. If you could bring home any new gadget and instantly connect to it by Wifi from all the computers in your house, then Home Server will become a very attractive package for anyone with a home network and sufficient machines to warrant one.

Today is the first birthday of Gizbuzz (as you may have guessed from the celebration picture on the site), and we’ve come a long way from that first post.

Here are some of the highlights:

Peter joining us. I went on holiday for a week, and asked around a forum to see if anyone would deputise for me. Peter agreed, and was so good that he stayed. He’s now been joined by Chris and most recently Sam.

Switching from Google’s Blogger (the old blog is here) to Wordpress. WP even allowed us to import all posts and comments. For the first few months of this arrangement Gizbuzz was hosted on a dedicated server, which happened to be an old laptop of mine running Ubuntu.

Getting to the front page of Digg. This brought a traffic spike of about 10,000 in the first day, and a great deal more over the coming week. It also ensured that the change of address for Gizbuzz didn’t result in a loss of Google juice by getting us serious linkage. Unsuprisingly, however, my laptop crashed, which meant that the spike wasn’t as high as it could have been. I have sinced moved over to Dreamhost.

The launch of the Gizbuzz podcast. The first episode of the podcast was with Raju Vegesna of Zoho, and after a break of a couple of months we have interviewed some fantastic people. Our most popular episode was with Sam Schillace and Jen Mazzon from the Google Docs and Spreadsheets team.

The new Gizbuzz design. Gizbuzz isn’t running on just another Wordpress theme any more, but on a custom design by Chris. Note the adaption to celebrate the birthday! Our redesign went somewhat better than TechCrunch’s rather green effort last year.

The founding of Oratos. Peter, Chris and I, as well as Jacob (who doesn’t write here but does on other network sites) founded Oratos Media, a tech blog network. If you look on the sidebar of Gizbuzz you will see a widget showing the latest headlines from our four blogs.

So, what for the future. We’ve got some exciting things to announce:

The launch of Gizbuzz Consulting for Web 2.0 companies. I have already conducted consulting for Web 2.0 companies who have contacted me through Gizbuzz, but have not advertised this service before. I think now is the time to start doing this, as we now have some great experience under our belts. You can find out about this here.

The development of Megaphone. Peter, a PHP genius, has been working on a new web application to support Oratos. We have said from the very beginning that Oratos will not be just another association of blogs, and Megaphone is a key part of that. Initially, Megaphone will allow users to submit ideas for posts (and submit their companies) and these will be accessible to all writers. They will also be able to upload segments for our podcasts. After the initial release, hopefully in this quarter (it’s well under way), we are looking to get even further into user generated content, possibly with you even writing some posts for us, and then deciding which ones get published. That should make our lives easier!

So thank you to both readers and writers for a great year. January’s going to be a busy month for us, and by the looks of things 2007 will be a big year as well. Here’s to another year of Gizbuzz!

The Macworld San Francisco 2007 Expo is drawing close. The bit of it everyone is waiting for - Steve Jobs’ Keynote - is on Tuesday 9th January at 9 am (or 5 pm in London - find for your timezone). The rumours are running wild as to just what will be announced. But a few things seem quite definite. It is expected that more details will be provided about the upcoming OS X 10.5 Leopard release and more on Apple’s “iTV” device that pulls music, photos and movies from your PC or Mac and puts them on your TV. Also quite firm predictions are the release of iLife 07, and an upgrade to the iWork software package (including a Spreadsheets program). Maybe there will be the true video iPod, and maybe there will be an iPhone. But probably in all honesty not.

So where can you find out exactly what is going on? Well all the Apple rumour sites are offering full coverage of the event. Here is just a pick of three ways to get the news.

World of Apple Live hope to offer a full audio stream live from the keynote. If this works and is not overloaded, then it will almost certainly be the best way to hear what happens.

MacRumors are offering two different ways to get the updates. Either you can watch their live site where there will be a constantly updated text commentary of events, or you can just bookmark this one post which will be updated with a link to the QuickTime video of the event which Apple post a few hours after the keynote has finished. The latter page promises not to have any spoilers on it - so you can watch the presentation (albeit a few hours late) still unaware of what has been announced.

Gizbuzz is not doing live commentary - however there will be summary posts of all the announcements as well as more in depth analysis about what they mean for the future. So watch out this Tuesday - whatever happens there will be plenty of news.

Update: Gizbuzz is building a series of posts on the announcement, and has also just recorded a podcast with some more in depth discussion. You can see all of these posts in our Apple category.

When feed analytics service FeedBurner acquired web stats service Blogbeat a few months ago, they announced that they would be integrating the two products. So, someone signed up to Feedburner is now able to see from one account how many people are subscribed to their feed and how many are visiting their website. So, the site statistics available (according to the Feedburner Blog) are:

• Visitor summary, detail and trends
• Page summary, detail and trends
• Referral and Search trends
• Inbound referral traffic breakdown, grouped by domain and broken out in detail
• Outbound click breakdown
• Visitor city cloud and live geographic visitor detail
• Percentage inbound traffic from search and the queries that drove the traffic
• Percentage of visitors that are new to your site today
• Browser and OS breakdown, with trend indicators
• Detailed historical traffic by page and by date

That’s a very comprehensive list. It doesn’t, however, offer anything which the free Google Analytics service won’t tell you. The unique selling point of the stats must therefore be usability, as Google Analytics has far more features than a blogger needs, and not all information on the above list is easy to find within Google’s product. For example, to see exact referral addresses rather than just referring domains in Analytics, you have to click on

• Marketing Optimization ->
• Visitor Segment Performance ->
• Referring Source ->
• ->
• Cross Segment Performance ->
• Content

That is far to many steps, with far to much jargon for any but the most determined blogger to successfully find detailed stats. There is then, a gap in the market for an easy to use stats tool for bloggers (especially after the likely demise of Performancing Metrics).

At the moment I’m waiting for the stats to populate on Gizbuzz’s Feedburner Dashboard. My intention is to run both stats systems in parallel. On a day to day basis I will use Feedburner (barring any usability or accuracy problems), but I will dig into GAnalytics for more detailed analysis not available from Feedburner. It will certainly be useful to have all stats in one place, nicely displayed (see the screenshots provided by Feedburner after the jump).

I’m going to go out on a limb and say that FeedBurner will be acquired itself during 2007 - it has a product which is indispensable to bloggers, and with new people deciding to blog every week, its target market continues to boom. The question is who; Google already has Measuremap (a stats service similar to the Site seciton of Feedburner’s offering, but which is yet to be released), although no RSS metrics tool. However, I think it would make sense for them to buy Feedburner and integrate it with Blogger. That, along with the release of the new version of Blogger and now the ability to use your own domain name without paying for hosting, could make Google’s struggling product a market leader in the hosted blog sector.

Screenshots after the jump (more…)

Google’s Reader team have rolled out a great new feature that allows you to take a peak at your “trends”. The feature, which is labeled as being new, allows you to track your RSS reading history.

Among the features are neat charts displaying how many items you read on a daily basis, monthly basis, or weekly basis. In addition, there is a chart showing how many items from specific blogs you have read (determining the most read blog in your feed readers) as well as a chart describing subscription trends.

This is a great way of unlocking all the great information that’s available in Google’s vast archive of data. Of course, it begs the question as to whether we’re secure with Google knowing this much about us. The issue has been debated mercilessly, and I’m one who tends to give my undying support to Google (they do host my email, calendar, RSS feeds, and provide my search), however as they slowly offer more ways for users to see their data I’m sure they’ll also need to ensure that this data is as secure as ever.

Interestingly, according to the blog post they got help from the people behind MeasureMap to make Trends. Google acquired the blog analytics service from Adaptive Path last year, and since then it MeasureMap has been closed (apparently to be improved and then re-opened, though my guess is that it will be rolled into the more used Google Analytics, a.k.a. Urchin). Adaptive Path are well known for their ability to design nice web user interfaces (and coincidentally are the folks who coined the term AJAX, really starting Web 2.0), and whilst the help of their former employees have ensured that Reader Trends works well and looks good, I would really like to have a look round MeasureMap.

It’s a nice feature - I didn’t know before, for example, that over the past month I have read 1,250 items from my 27 subscriptions, or that Scoble posted, on average, 6 items per day. By no means will this prove a killer feature for Reader, but it is something that other feed readers don’t have. To differentiate itself, a feed reader must have innovative features to add to the central functionality which it shares with all of the competition. This is such an innovative feature.

A screenshot of the new trends interface is after the jump.

(more…)