These are my links for December 28th:

• Former Morgan Stanley Coder Gets 2 Years in Prison for TJX Hack | Threat Level | Wired.com – The two great friends talked every day and shared information about all of their exploits — sexual, narcotic and hacking — according to prosecutors. Now another thing they’ll have to share information about is their experience in federal prison.
• Torrent Search Engines Unlawful, U.S. Judge Says | Threat Level | Wired.com – The operator of a popular BitTorrent search site said Monday he will likely challenge last week’s landmark decision by a U.S. judge declaring such sites unlawful and no different from conventional peer-to-peer piracy services.
• Piracy Surcharge Set To Force 40,000 Households Offline | TorrentFreak – Earlier, ISP BT predicted that operating an anti-filesharing scheme in the UK would cost £365m a year. Now the government has admitted that not only will broadband customers have to foot a £500m bill, but that burden will prove too great for 40,000 households – who will have no choice but to give up their Internet connections.
• Top 7 Disruptions of the Year | Epicenter | Wired.com – Technology is like a dog; each year of it seems like the equivalent of seven human years — at least when you get to the end of it and realize it’s only been 12 months since that now indispensable service first launched.
• Code That Protects Most Cellphone Calls Is Deciphered – NYTimes.com – A German computer engineer said Monday that he had deciphered and published the secret code used to encrypt most of the world’s digital mobile phone calls, saying it was his attempt to expose weaknesses in the security of global wireless systems.
• Palm Pre Users Rejoice: webOS 1.3.5 is Coming Today – Here’s a nice Christmas present for Palm Pre users: According to Sprint’s website, a new version of Pre’s operating system, webOS 1.3.5, is due to go live today.
• Facebook more than doubled its number of users this year | Technology | guardian.co.uk – Even by Facebook's standards, the past 12 months have been remarkable. The site cemented its position as the world's favourite social network, reached the verge of profitability and even exerted its influence over the race for the Christmas No 1.
• Twitter’s List Of 370 Banned Passwords – Twitter appears to have learned from its security scare earlier this year and seems to be taking password security more seriously than most Internet services.
• 5 Reasons to Learn Social Media | Search Engine Journal – Have you ever noticed how many bloggers and social media marketers just tell people that they should go out try social media? How you shouldn’t worry about learning social it? That you’ll learn it on the fly and everything will be fine.

But what set this morning’s outage apart from others was that Twitter wasn’t the only social media hub that was down. Facebook the “go-to” social media community online and a major Internet player was also down. The dominate social media community was viewable one second then offline the next. This continued on and off all morning.

After I realize that the outage wasn’t just Twitter having a “fail whale” moment, a slight panic set in. I called one of my associates to ask if his Twitter and Facebook were down… they were. At that point I slumped into my chair and thought to myself, “What are we going to do?! Is this the end of the world?”

No not really. I have to admit it was a bit of an annoyance not having the tools of my trade at my fingertips, but what bothered me most was that finding another service for communicating with everyone wasn’t as easy. Yes there was FriendFeed, which that worked quite well and did cure some of the withdrawal jitters, but it still wasn’t the same.

It wasn’t until two of the most powerful social media players were taken out of the equation did I realize how much we all, me very much included, had become dependent, or dare I say it, addicted to Twitter and Facebook.

These services aren’t just a way for people to waste time. They’re a way of communicating everyday and extraordinary events between people all across the world. Often times, news breaks on these platforms before the traditional media gets wind of it. Social media is becoming ingrained in the fibers of our society. Take that away and panic of varying degrees set in.

This is the post on Twitter’s status blog:

Thu Aug. 6

Ongoing denial-of-service attack

We are defending against a denial-of-service attack, and will update status again shortly.

Update: the site is back up, but we are continuing to defend against and recover from this attack.

Update (9:46a): As we recover, users will experience some longer load times and slowness. This includes timeouts to API clients. We’re working to get back to 100% as quickly as we can.

Below is my latest video that I recorded about the events of this morning. Watch it and please post your comments on how you survive the outage either in the comments or on the video’s Youtube page.

Here are some tips the Googlers gave to make sure you site is safe:

What can you do?

This isn’t an easy problem to solve – the bad guys are attacking a wide range of sites and seem to be able to adapt their scripts to get around countermeasures. Google is constantly under attack by spammers trying to create fake accounts and generate spam profiles on our sites, and despite all of our efforts some have managed to slip through. Here are some things you can do to make their lives more difficult and keep your site clean and useful:

• Make sure you have standard security features in place, including CAPTCHAs, to make it harder for spammers to create accounts en masse. Watch out for unlikely behavior – thousands of new user accounts created from the same IP address, new users sending out thousands of friend requests, etc. There is no simple solution to this problem, but often some simple checks will catch most of the worst spam.
• Use a blacklist to prevent repetitive spamming attempts. We often see large numbers of fake profiles on one innocent site all linking to the same domain, so once you find one, you should make it simple to remove all of them.
• Watch out for cross-site scripting (XSS) vulnerabilities and other security holes that allow spammers to inject questionable code onto their profile pages. We’ve seen techniques such as JavaScript used to redirect users to other sites, iframes that attempt to give users malware, and custom CSS code used to cover over your page with spammy content.
• Consider nofollowing the links on untrusted user profile pages. This makes your site less attractive to anyone trying to pass PageRank from your site to their spammy site. Spammers seem to go after the low-hanging fruit, so even just nofollowing new profiles with few signals of trustworthiness will go a long way toward mitigating the problem. On the flip side, you could also consider manually or automatically lifting the nofollow attribute on links created by community members that are likely more trustworthy, such as those who have contributed substantive content over time.
• Consider noindexing profile pages for new, not yet trustworthy users. You may even want to make initial profile pages completely private, especially if the bulk of the content on your site is in blogs, forums, or other types of pages.
• Add a “report spam” feature to user profiles and friend invitations. Let your users help you solve the problem – they care about your community and are annoyed by spam too.
• Monitor your site for spammy pages. One of the best tools for this is Google Alerts – set up a site: query along with commercial or adult keywords that you wouldn’t expect to see on your site. This is also a great tool to help detect hacked pages. You can also check ‘Keywords’ data in Webmaster Tools for strange, volatile vocabulary.
• Watch for spikes in traffic from suspicious queries. It’s always great to see the line on your pageviews chart head upward, but pay attention to commercial or adult queries that don’t fit your site’s content. In cases like this where a spammer has abused your site, that traffic will provide little if any benefit while introducing users to your site as “the place that redirected me to that virus.”

Has your site ever been hacked? Have you ever fallen for a fake profile? (You can admit it, we won’t tease you.) Share your experience in the comments.