Archive of thenextweb.com
Written on 5th March 2009
11 COMMENTS 
Patrick de Laive, Internet entrepreneur and co-founder of The Next Web Conference. Twitter: @patrick
The news from Spotify being hacked once again shows that your data is not always safe. Even if you trust the company that holds it for you.
Most users know that they should use a different password for each service they use. But from personal experience I know that we don’t always do what is right. Most people use the same password for all their services.
The danger of using the same password:
Most web developers know that you should never save a password in plain text format but sometimes that just isn’t possible. Take Twitter, or any company with a popular open API.
While Twitter (hopefully) uses a hash for their users passwords, it is the Twitter ecosystem (the hundreds of services that are build around Twitter) that you should be worried about. Since Twitter doesn’t have a safe authentication method for their API (like oAuth) these services need to know your username and password in plain text (ie unencrypted) to query the Twitter API.
If you are a passionate Twitter user you probably use a lot of external twitter apps. What you get is hundreds of places where your Twitter password is vulnerable to hacking attempts.
As it is so easy to build a service around Twitter, and many of them have been build in less then 1 day or week, you can imagine that security is not the highest priority for these Twitter projects.
A hacker could probably hack Twitter services more easily than Twitter itself. What he/she would find is your Twitter username and password and in some cases even your email address. Obviously the hacker could abuse your Twitter account, change your password, sell your credentials, stalk you followers and more.
Given that many people use the same username/password combination for many different online services these hackers could also try to log into other web services such as gmail, flickr, Google docs and Yahoo.
In short, it’s a good idea to have a separate password for services like Twitter and don’t use the same password for different services. Use a password generator such as 1Password if you want to make sure your passwords are secure.
An extra benefit to changing your Twitter password is that you automatically filter out the services you don’t use anymore.
Thanks to Robert Beekman for the input.
Written on 14th August 2008
3 COMMENTS
Ernst-Jan Pfauth, editor in chief
Our Finnish Webtipr is a search engine anarchist. He denies submission to Google. Sure, he uses it a lot, and probably couldn’t live without it, but he’s critical. Timo Paloheimo basically has three problems with the search giant. He was so kind to mail them to me:
- Google has 70% market share in the US, worldwide even more. (in Finland their market share is said to be 95%).
- Google has no transparency, they do not reveal how their search engine ranks content. There are numerous opinions that Google does indeed favor their own content.
- Google’s reason for existence is to make money, which is done by delivering the best possible results for them, not the best for the user. A monopoly can do that.
You’ve probably heard these complaints before, maybe you discuss them with friends once in a while. But for Timo, it didn’t end with just complaining. He has used Google Custom Search to create a version of Google that doesn’t search within Google-owned services. So no Knol, YouTube, or Blogger. Google Minus Google offers you trustworthy results.
Media company or search engine?
Paloheimo found inspiration for his project in a New York Times article titled “Is Google a Media Company?“. The article raised questions like whether Google would give Knol pages a higher ranking than, say, a Mahalo or About.com page.
Paloheimo doubts whether Google offers the best pages, as it’s the party that offers the results, but also makes money from them. As an example, he mailed me two screenshots of a search for “analytics”. The Google search shows links to the Google Analytics tool and the blog, Google Minus Google offers links to Wikipedia pages and companies who specialize in analytics.
The best results
“Don’t get me wrong”, says Paloheimo – who hopes Google consider his idea to be a parody -, “I’ve been a Google fan for years and I use it every day perhaps a few hundred times. I love the search engine, it has delivered the best results. I want it to stay that way.”
Written on 24th May 2008
2 COMMENTS
Steven Carrol, Next Web WebTipr France
The greatest threat to any successful startup is competition. The more successful you become, the more competition you will piss off, and each contender will bring with them a new strain of hassle.
I’m not talking simply about competitive products, no I’m actually referring to the many underhand tactics that will be employed by at least some of these so-called competition. So what are these threats and how to best deal with them?
The Murky World Of Business
The first port of call for underhand competitors will be to learn everything they can about you, looking for any weaknesses they can find. These typically involve ‘competitive intelligence’ techniques which is a fancy way of saying they employ private investigators who will even sniff through your garbage.
Competitive Intelligence
This typically takes many forms and practitioners are not afraid to stoop to low levels. Private investigators are generally extremely creative and efficient, not least cost effective, who have many contacts and techniques that they leverage to build a portrait around individuals within the company. They can get access (break in) to bank account details, tap phone lines, bug offices, cars, even homes, follow people, pose as reporters / employees (man on the inside) etc. to gain access to people and information that could be useful.
Utilization Of Competitive Intelligence
Depending upon the nature of the rewards, a campaign to ‘levy distress’ will be initiated with various arms but the same goal. The goal being to chop the legs off ‘metaphorically speaking of course’ the main targets.
Legal Assault
One of the most cherished methods is to create phony legal cases against the targets. They do not need to be serious, just a host of frivolous nonsense is sufficient. It is very cheap to send out threatening letters and tie targets up in court battles which can become exponentially destructive and costly to fend off. Typically they will be cases that are 99% twisted around so that the aggressors will be claiming the targets are actually distressing them.
Creating Havoc
Paying off disgruntled employees to cause hassle within the company, setting traps for the targets, reporting the targets (to officials and dependencies) for anything and everything they can. Disconnecting ties between targets and their networks (such as distributors, retailers, suppliers etc.) and any other psychological torture they can muster.
Intellectual Property Theft
There is nothing like learning from others mistakes, all services, products etc. will be reversed engineered to learn secrets from the targets, then the cream will be repackaged into similar offerings, where the ‘competition’ use the building blocks that have been successful along with their greater financial muster to encroach upon the targets market. Patents and copyright laws are of very little significance for young companies who have not the experience, nor resources to leverage the law to their favor. Further, the rogues will be carefully protected from legal assault themselves as they use ‘front’ (disposable) companies for their full on attacks.
David Vs Goliath
Typically the targets ‘upstarts’ that enjoyed early success will be naive to the murky world of ‘business’ where cannibals and dinosaurs await the fresh bloods arrival for their feasts. In order to survive, here are some practical tips:
- Remain focused on the ‘real problems’ within the business.
- Continue to innovate and move the market.
- Learn the tricks of Goliath’s trade, the more you know about him and his tactics the better.
- Be very careful who you trust, especially when it comes to these ‘pillars of society’.
- Learn how to bat!
Batting
If you do find yourself in the middle of a ‘war of terror’ then the quicker you learn how to fight, obviously the better. Understand that the world of business is much like nature, it is not personal and brutal. Speed, intelligence, posture, bravery and trickery are the necessary assets to be packed in your survival kits.
Good luck out there! You will need it…
Written on 30th January 2008
4 COMMENTS
Ernst-Jan Pfauth, editor in chief
Every week we publish an interview with a start-up. We ask five questions, hoping the answers will give you inspiration and new views. Well, actually six questions, since we also ask the start-up to who he or she is passing the mic to.
This week we’re interviewing Charles Nouÿrit, founder and CEO of French start-up MyID.is. Since Matt Colebourne from CoComment asked us to do so.
MyID.is aims to certify your digital identity and to allow you to claim all your websites, blogs and on-line profiles. So that you can manage your on-line reputation. They we’ll be going in private alpha pretty soon.
How did you come up with the idea of MyID.is?
“Well, I was at a family dinner with my parents and sister. While we were eating, my father asked me what would be hot in 2008. I told him video, microblogging, social networks and since it was at the time that Kathy Sierra had her death threats problem, I came out with Digital ID Certification. As a matter of fact any attempt to certify digital identies so far was very complicated and couldn’t be deployed on a larger scale. So the idea just popped-out like that. I stayed at the dinner for another 30 minutes, then I left in a rush to put my idea on paper.
After 15 days of checking the validity of the certification process with two friends that became my partners in this new venture, I came out naked on my blog on April, 1st announcing what I was willing to do. I was amazingly surprised by the response of the French community that started talking about it everywhere, so it became imperative to create the company and start developing the platform. After eight months of development and wasting four other months with UK banks, we’re almost ready to launch the private alpha version in a few weeks.” (more…)
API, developers, FG*hj3#4@h, guess my password, hacked, hackers, oAuth, password, passwords, security, trust, twitter, username, vulnerability
The Next Web Blog is closely associated with The Next Web Conference which is held annually in Amsterdam, The Netherlands. At this event speakers from all over the world come together to talk about, and show off, the future of the Web. (More info 
