Hey, the folks at American Legacy Foundation are the real deal, set up by lots of states as part of a settlement deal with the tobacco companies.

They run the Truth campaign, trying to prevent addiction among the young.

Here's their new effort to help people out:

Social media can help create social change, but it can also help with PERSONAL
change -- like helping people quit smoking. There are now iPhone apps that can help,
Twitter feeds, even online communities, like this one at BecomeAnEX.org.

The EX plan offers lots of other tools, resources, information and exercises that
can help you prepare to quit smoking today. Probably the best part is that EX comes
with a built-in network of friends and support. You can access their social network
of other people trying to quit at BecomeAnEX.org

 

Bot herders and the crimeware gangs behind banker Trojans have had a lot of success in the last few years with using bulletproof hosting providers as their main base of operations. But more and more, they're finding that social networks such as Twitter and Facebook are offering even more fertile and convenient grounds for controlling their malicious creations.

New research from RSA shows that the gangs behind some of the targeted banker Trojans that are such a huge problem in some countries, especially Brazil and other South American nations, are moving quietly and quickly to using social networks as the command-and-control mechanisms for their malware. The company's anti-fraud researchers recently stumbled upon one such attack in progress and watched as it unfolded.

The attack is as simple as it is effective. It begins with the crimeware gang setting up one or more fake profiles on a given social network (RSA isn't naming the network on which it saw this specific attack). The attacker then posts a specific set of encrypted commands to the profile. When a new machine is infected with the banker Trojan, the malware then goes out and checks the profile for new commands. The specific command in this case begins with a string of random characters that serves as an authentication mechanism of sorts, letting the Trojan know it's found the right commands.

The rest of the encrypted string are hard-coded instructions telling the Trojan what to do next, whether it's to look for other machines on the network, search for saved data or log keystrokes when the user visits a specific online banking site.

This certainly is not the first example of this kind of activity on social networks. There have been botnets controlled via Twitter for at least a year now, and researchers have found a number of example of Facebook profiles set up specifically for malicious activity. But this is one of the results of the success that researchers and law enforcement have had in recent years in shutting down the bulletproof hosting providers who have been harboring botnet C&C servers and Trojan drop zones for a long time.

"The most interesting thing is that it's part of a growing trend. These groups have had four main options for hosting if they want to put it in a resilient infrastructure," said Uri Rivner, head of new technologies--consumer identity protection at RSA, the security division of EMC. "You can build your own, and there are some that are very sophisticate with great disaster recovery, but that's expensive. You can go with bulletproof hosting, but that's getting harder. You can use cloud services, which we've seen some of lately. Or you can now use social networks. That's getting more popular because resilience is they key for some of these Trojans that can run for months or years. It's so important to them to find a good hosting environment."

The other thing that makes networks such as Twitter and Facebook attractive for bot herders and Trojan gangs is the ease with which they can set up new profiles. The profiles themselves essentially become disposable, because the attackers can code a list of dozens or hundreds of such profiles into the Trojan and if one is discovered and taken offline, the malware move on to the next one. It's also quite difficult for the operators of these sites to identify and block these profiles quickly enough, making them soft targets for the attackers.

"The only downside for the attackers is if the companies start fighting back against it, but that's hard," Rivner said. "This is the easiest, the cheapest and most reliable infrastructure that I see  (VIA /threatpost.com)

Students who use social networking sites don't seem to suffer academically, according to research out of Northwestern University. In a recent paper titled "Predictors and consequences of differentiated practices on social network sites," researchers found that heavy use of sites like Facebook and MySpace doesn't affect college students' grade point averages. In fact, it's the usual suspects such as gender, ethnic background, and parental education that appear to have more of a determining factor in GPA than any kind of Facebook addiction.

According to the researchers' data, female students tend to have higher grades than male ones, and white students have higher grades than non-Hispanic African-American students. Students whose parents have college degrees have higher GPAs than those whose parents only have a high school diploma or lower.

The researchers then added in data about overall Internet use and social networking use, and found that there were no significant differences. "The most prevalent findings... are the persisting differences between respondents with different demographic backgrounds," reads the paper.

Indeed, Internet and social network use didn't affect the difference in GPAs between male and female or white and African American students. However, social network use did eliminate the difference in GPAs between students whose parents had differing levels of higher education. In fact, when controlling for certain demographics, the researchers found a positive relationship between Internet use and GPA.

"The positive relationship between web-use skills and GPA may illustrate that students who have better online skills can draw on their Internet savvy to aid in their schoolwork," wrote the researchers. "[E]ngaging more intensely with [social networking sites], in particular, shows no relationship to our outcome variable of academic achievement."

The researchers do acknowledge that students are perfectly capable of distracting themselves from their schoolwork and wasting time online. However, the positive effects seem to outweigh the negative ones for some students, or at least cancel each other out for others. So, the next time your mom accuses you of spending more time online than on your freshman projects, tell her you're just connecting with your peers for better project --------Via arstechnica.com

F**** Facebook! More and more, fed up with ever-disintegrating privacy policies, are saying just that, even going so far as to kill their Facebook accounts. Gizmodo has "Top Ten Reasons You Should Quit Facebook," among them, one-sided terms of service, a "war on privacy," the sharing of private data with applications, but perhaps best of fall, "Facebook is not technically competent enough to be trusted":

“

Even if we weren't talking about ethical issues here, I can't trust Facebook's technical competence to make sure my data isn't hijacked. For example, their recent introduction of their "Like" button makes it rather easy for spammers to gain access to my feed and spam my social network. Or how about this gem for harvesting profile data? These are just the latest of a series of Keystone Kops mistakes, such as accidentally making users' profiles completely public, or the cross-site scripting hole that took them over two weeks to fix. They either don't care too much about your privacy or don't really have very good engineers, or perhaps both.

”

Top Ten Reasons You Should Quit Facebook [Gizmodo]

Senator Charles Schumer is upset on your behalf over Facebook's latest loosening of its privacy policies, and yesterday he called for the FTC to step in and provide some guidance, offering to introduce legislation if the agency feels it needs that extra authority. Specifically, Schumer wants three things: opt-out defaults should be switched to opt-in, sites should always disclose where the information is going, and there should be some general "guidelines for user privacy" that sites follow.

This may sound a little like political grandstanding, but in the letter to the FTC that he released yesterday, he noted that online behavioral advertisers currently follow stricter guidelines than social networking sites:

“While the online behavioral advertising industry has adopted a self-regulatory program created in concert with the FTC, there are no guidelines for user privacy on social networking sites including Facebook, Myspace, and Twitter,” Schumer wrote.

WCBS TV reports that Facebook is "surprised" by Schumer's call for more guidance, and that it looks forward to "sitting down with him and his staff to clarify."

"NY Sen. Schumer Asks FTC to Set Social Networking Guidelines  [Epoch Times]
"NY Senator Seeks Privacy Guidelines For Websites" [WCBS TV]