From @BrightEyedDyer who DMed me the breaking news and confirmed by both @LibraryCongress and USA Today comes an unexpected bit of news from Washington D.C. The Library of Congress has acquired Twitter archives dating back to 2006!

The Library of Congress go into details on their Facebook page, but USA Today reports the institution’s motivations in a nutshell:

The library notes that Twitter processes more than 50 million tweets a day and says its emphasis will be on the ”scholarly and research implications of the acquisition.”

Just a few examples of important tweets:

• The first-ever tweet from Twitter co-founder Jack Dorsey (http://twitter.com/jack/status/20)
• President Obama’s tweet about winning the 2008 election (http://twitter.com/barackobama/status/992176676)
• A set of two tweets from a photojournalist who was arrested in Egypt and then freed because of a series of events set into motion by his use of Twitter (http://twitter.com/jamesbuck/status/786571964) and (http://twitter.com/jamesbuck/status/787167620).

Expect a deeper dive into this topic on the next Bird House Rules; but for now, think of all the goofy things you’ve said and done since you’ve been flying about the birdhouse…and now think “Hey, my tweets are heading for the Library of Congress!”

Don’t you dare change a thing in how you tweet. After all, it’s that unabashed honesty that got you (and the rest of us Twitterakians) into these hallowed halls!

More to come…

No, you’re not seeing things. I’m back, and I’m coming out of the Bird House swinging!

It’s been a long break, the first half of it expected and the other half completely unexpected; and I return to talk about foursquare, Please Rob Me, and the current concern sweeping through the Twitterverse. Adding to the debate of how much information is too much information comes FortheHack and their stand against sharing GPS coordinates for neat-o badges and free stuff from various vendors in the real world. Hear my own view of it from the Bird House and pick up a few twips in this episode on how to stay safe while sharing with your fellow Twitterakians.

Guest introduction by Starla Huchton

Featured movie and TV clips:

• Firefly
• The Treasure of the Sierra Madre
  
• Monty Pyhton’s “How Not to Be Seen” sketch
  
• Army of Darkness
  

Featured People and Stories:

• Security Expert Robert Siciliano
• Siciliano’s Twitter posting to CBS segment on “Please Rob Me”
• Siciliano’s tweet concerning “Please Rob Me”
• Exchange between me and Brand Gamblin
• Brightkite

Album Artwork by Paul Fischer of Dancing Cat Studios

Feel free to syndicate this audio, and provide feedback or topics you’d like to hear discussed on Bird House Rules at 703.791.1701, tmorris (at) imaginethatstudios (dot) com, Twitter, or here at the Bird House Rules Blog!

Numerous Twitter users are pointing out that Twitter forced them to change their passwords out of the blue. According to blogger Andrew Girdwood, these users have received an e-mail containing the following message: “Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset,” together with a link for resetting the password.

Although the e-mail itself looks like a phishing attack, it’s genuine; it seems that admins at Twitter have discovered something fishy is going on, and they’re trying to prevent further damage before it happens.

I’ve been reading up on this all morning (with postings from TechCrunch and The Washington Post as examples); and while this situation shouldn’t be taken lightly, I am not scrambling to change my passwords on my accounts. Why?

1. I’m finding out about this scam via Twitter.
2. The people on Twitter are finding out via an “official email” from Twitter.com.
3. On Twitter’s Status and News blogs and on Twitter’s own feed, there is no mention of this phishing scam whatsoever.

Seeing as through email and social networks is how phishers work, this gives me a moment’s pause. And it should do the same for you, too.

Before concerning yourself with changing of passwords and falling prey to a malicious hacker, follow this simple checklist:

• Check your third party clients (TweetDeck, DestroyTwitter, etc.) and see how they are behaving. If they are connecting with Twitter, you are doing just fine.
• Check Twitter Status. This is one of two blogs that keep users in the know about what is happening on Twitter. This particular blog is more technically oriented, but reports outages and hostile actions such as DoS attacks.
• Check Twitter’s Blog. This is news and developments from Twitter’s home base, and usually developers will give commentary here on any hacker attacks, interface redesigns, or serious issues that Twitter is encountering at that time.
• Follow @Twitter’s feed. No, they might not answer a query, but with something as serious as this there may be some updates in their feed that can give you sound advice on how to fix a potential problem.

As of the posting of this column, there has been no solid confirmation from Twitter of this phishing attack. While many are tweeting and retweeting that something is up in the network, it does not necessarily mean that it is actually happening. Always check with Twitter before taking action. It may be a moment’s hesitation, but in that brief second you may be able to avoid unwanted stress and undue inconvenience.

Keep an eye on the Bird House for more as this develops.

UPDATE, 12:58pm EST: With special thanks to Lila Scot, another resource to check is @safety, Twitter’s Trust and Safety account. They did have a post about this at 11:26 am, several hours after Mashable, The Washington Post, et. al. went live with their postings. However, there is still no mention of this being a phishing attack.

UPDATE, 3 February, 11:25am EST: I checked @safety this morning and saw that there was a posting in Twitter Status that mentions the importance of changing your password. While what they describe is a phishing attack, the situation from yesterday appears to be less of an attack and more of a preemptive strike from the Twitter Safety Team headed up by Del Harvey. Whatever the case may be, it appears that all is right in the Twitterverse and our status is at green. You are now free to tweet happily. Make it so.

This morning, a lot of things were explained.

Maybe these hackers were partially responsible for yesterday’s intermittent service. Maybe the odd behavior from Twitter was merely a precursor for what PCWorld reported early this morning. Maybe I was the only one thinking about the DoS Attack from this summer, but Twitter was once again under fire. A group referring to themselves as The Iranian Cyber Army redirected for a brief time all Twitter traffic to a landing page of their design. Sumner Lemon of IDG News Service reports:

Visitors instead saw a black screen with an image of a green flag and Arabic writing. The defaced site also included a message that said, “This site has been hacked by Iranian Cyber Army,” and an e-mail address.

Twitter blamed the outage on changes made to the company’s DNS (Domain Name System) records, which match the company’s domain name with the IP addresses of its servers.

Meanwhile, the news from Twitter Status was that as of 11:28pm, last night:

Twitter’s DNS records were temporarily compromised but have now been fixed. We are looking into the underlying cause and will update with more information soon.

So far, nothing new has really surfaced apart from critics who are saying this is just another show of how vulnerable Social Media sites are. I, for one, applaud Twitter’s resilience. They only lost service for an hour (which was probably when I was engrossed in my weekly dose of Mythbusters…) and managed to bounce back. Yesterday had been a somewhat uneven day for Twitter, but they have seen worse. Much worse. I think yesterday’s performance is proof extremely positive that Twitter has learned their lessons from previous growing pains.

So as the dust settles from yesterday, just remember…

…and tweet happy!

I’m back in the Bird House after a period of downtime, and I am coming back to talk a little bit about Phishing Scams that are popping up left and right on Twitter. What is with these scams popping up in our Direct Messages? Have a listen to pick up a few tips on how to avoid phishing scams on Twitter and resources on staying safe in the Twitterverse.

Guest introduction by Chooch Shubert

Featured movie clips:

• The King & I
• Serenity
• Spaceballs
• Army of Darkness

Featured Resources on Twitter:

• Social Media Security
• The Command Line
• IDGuardian

Album Artwork by Paul Fischer of Dancing Cat Studios

Feel free to syndicate this audio, and provide feedback or topics you’d like to hear discussed on Bird House Rules at 703.791.1701, tmorris (at) imaginethatstudios (dot) com, Twitter, or here at the Bird House Rules Blog!

We’re currently researching reports from users who are locked out after trying to reset their passwords or change their email address or user names.  This seems to affect new users as well as long term users; we do not advise changing your user name, email address, or password at this time.  We will update Status with more news as it becomes available.

That was yesterday evening, and still no updates at the time of this posting.

As I will be talking about at Blogworld this week, we all have to be careful concerning Phishing scams, spammers, and password protection. This recent development has me curious as to what is happening back at the Mother Ship but also reinforces exactly how important it is to check and double-check the Twitter Status blog. It remains one of the best ways to keep track of how the Twitterverse is behaving.

I am also breathing a bit easier, knowing Twitter is on top of this serious issue. With their incredible popularity and for offering this service for free (and keeping it so), security is an issue that must be address. It is rarely talked about (until something goes wrong), and this report from Twitter.com assures me as a user that they are not taking this lightly.

Some quick tips until this matter is resolved:

• Do not click on links from people you do not recognize nor follow in your networks
• If you are using TweetDeck, use the URL preview function as a precaution to see where the link leads
• If a link asks for your password, don’t give it. (Common sense, you would think, but…)

We all must think smart and remain safe when tweeting. Sure, it’s only 140 characters; but a lot can happen within a tweet exchange. Hang on to the password for now; and make sure you keep hanging on to it, especially when someone is asking for it.

When I clicked on the link, I was asked for my Username and Password.  Ummm…no. So I attempted to ping my Twitter contact here and ask if this was, in fact, a real URL. I could not get a DM reply to appear.

And then on the main feed, I saw this from @spam, Twitter’s Spam Hotline:

You might think this is common sense, but it may surprise you how easily people surrender their passwords, particularly from DMs coming from friends and acquaintances.

Be careful!
Someone is out there get phreaky with the phishing.

Just remember these safety twips when you are out in the Twitterverse:

• Never give out your password, even if it’s to someone you know or if they are promising you a bucketload of followers.
• If you do get a DM asking for your password, try to contact the friend on the open feed asking why?
• If someone is, in fact, DMing others with your account, immediately change your password, log out, wait a few ticks, then log in with the new password.
• If you can, change your password for Twitter every 30-60 days.

Twitter is on the case, but make sure you let your fellow Twitterakians know that something  is afoot. Stay safe, everyone, and tweet happy!

What’s the topic of the day at the Bird House? Inspired by an August 20, 2009 article entitled What People Are Tweeting About, the marketing magazine eMarketer and Pear Analytics took a closer look at the traffic on Twitter in order to answer the question “What is the purpose of Twitter?”

I ask the question “Does Twitter — or Social Media on a whole — need a purpose?”

Other articles cited in this episode:

“One Blog Created Every Second” (Aug 2, 2009), BBC News

Chris Brogan’s “Birds on a Wire”

Chris Abraham’s “All a Twitter is Twitter for Smarties”

Linda Vandevrede’s “Finally a Very Readable Book about Twitter” (for Valley PR Blog)

Guest introduction by Chris Lester

“That’s a fact, Jack!” from Stripes

Album Artwork by Paul Fischer of Dancing Cat Studios

Feel free to syndicate this audio, and provide feedback or topics you’d like to hear discussed on Bird House Rules at 703.791.1701, tmorris (at) imaginethatstudios (dot) com, Twitter, or here at the Bird House Rules Blog!

Welcome to Birdhouse Rules, the Official Podcast of All a Twitter and Sams Teach Yourself Twitter in Ten Minutes.

I promised that the show was going to post on a fortnightly schedule; but in light of recent events, I decided to shuffle the schedule around and make the first episode something timely. I wanted to talk about what happened on Twitter (and elsewhere) all day Thursday, August 6, 2009.

Just in case you missed it, you can hop over to the link I provide here in the show notes, but safe to say, it was a really busy day. It has taken Twitter a few days to recover. From the looks of things and according to the Status blog, there are still a few pieces needing to be picked up but Twitter — on a whole — is running smoothly.

This show was imspired not only by the events of last week but also by a comment left behind by our Guest Voice. Take a look at the blog, have a listen to this episode, and take a moment to send a “thank you” note to Twitter.com. They really managed to hold things together, and we should all be appreciative of their hard work for this free service they provide.

Guest introduction by Fred Castaneda

“All is Well” drop-in’s from National Lampoon’s Animal House.

Album Artwork by Paul Fischer of Dancing Cat Studios

Feel free to syndicate this audio, and provide feedback or topics you’d like to hear discussed on Bird House Rules at 703.791.1701, tmorris (at) imaginethatstudios (dot) com, Twitter, or here at the Bird House Rules Blog!

It all started this morning when, from Twitter Status, this nugget of good news arrived, explaining the odd, intermittent service:

We are defending against a denial-of-service attack, and will update status again shortly.

For those of you (like me) who didn’t know what a Denial-of-Service or DoS Attack was at the beginning of the day, you probably know what it is now. The U.S. Computer Emergency Readiness Team (CERT) defines a DoS Attack as the following:

In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, web sites, online accounts (banking, etc.), or other services that rely on the affected computer.

The most common and obvious type of DoS attack occurs when an attacker “floods” a network with information. When you type a URL for a particular web site into your browser, you are sending a request to that site’s computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can’t process your request. This is a “denial of service” because you can’t access that site.

This attack didn’t stop with Twitter, though, as Wired Magazine gave confirmation that Facebook was also under a DoS attack…

Facebook has confirmed to Wired.com that — like Twitter — it was the victim of a denial-of-service attack Thursday morning.

“Earlier this morning, Facebook encountered network issues related to an apparent distributed denial-of-service attack, that resulted in degraded service for some users,” responded Facebook spokeswoman Kathleen Loughlin via e-mail.

And now from several news sources, Epoch Times cited in this column, the popular blogging site LiveJournal is also being hammered and hammered hard…

Popular blog site LiveJournal also confirmed that it had been hit by a DoS attack. The company said that an attack had occurred at approximately 6 a.m. Pacific time.

The denial-of-service attacks are the latest in a round of such attacks. In July of this year, several websites run by the U.S. government, the New York Stock Exchange and websites in South Korea were taken down by similar attacks. While North Korea was suspected to be involved in those attacks, analysts have indicated in interviews with The Epoch Times that it was most likely the Chinese Communist Party helping North Koreans with the technology to launch the attacks.

In no way am I suggesting that the sky is falling, but I will give a bit of thought to what David Grizzly Smith asked me after my original posting on this morning’s assault on Twitter:

Given the whole thing with #iranelection, think the State Department will investigate the DDoS?

I’m hoping that someone up on Capitol Hill is paying attention. No, I don’t think this is Social Media’s 9-11, but something is most definitely afoot. This isn’t just a fluke happening. To hit Twitter, Facebook, and LiveJournal is impressive in a particularly scary way. It will be some time before the dust clears until we discover the responsible party behind these attacks, but right now we must all remain patient and (above all) calm. The creators and developers of these Social Media outlets are all working to keep their services online. I also have faith that other administrators to other popular sites are preparing for similar attacks. We, as the consumers, must keep our own heads about us and not flip out.

Today’s a weird, weird day…but consider this: Tomorrow’s Friday.

UPDATE

From the Twitter Status blog:

Thursday, 4:14 p.m. Site latency has continued to improve, however some web requests continue to fail. This means that some people may be unable to post or follow from the website.

From the blog comments, Aline sends in word from the New York Times that Google was also hit in the DoS onslaught. The article goes on to comment:

But Bill Woodcock, research director of the Packet Clearing House, a nonprofit technical organization that tracks Internet traffic, said the attack was an extension of the conflict between Russia and Georgia.

It was not clear who initiated the attack, Mr. Woodcock said, but it was likely that “one side put up propaganda, the other side figured this out and is attacking them.” He said he found evidence that the attacks had originated from the Abkhazia region, a territory on the Black Sea disputed between Russia and Georgia.

Twitter is still a tag sluggish (although TweetDeck is running like a champ), but they are online and running. Remember, if your account starts acting squirrely, swing by Twitter Status and see what is going on back aboard the Mothership.

From Twitter Status comes this nuggest of good news:

We are defending against a denial-of-service attack, and will update status again shortly.

Okay, that doesn’t sound good.

What exactly is a Denial-of-Service or DoS Attack? Heck — I’d never heard of it and I’m a geek, passionate about his Social Media. So, I turned to Google and started the research. In a nutshell, it’s bad. REALLY bad. From the files of U.S. Computer Emergency Readiness Team (CERT) comes a definition of what a DoS Attack is all about:

In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, web sites, online accounts (banking, etc.), or other services that rely on the affected computer.

The most common and obvious type of DoS attack occurs when an attacker “floods” a network with information. When you type a URL for a particular web site into your browser, you are sending a request to that site’s computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can’t process your request. This is a “denial of service” because you can’t access that site.

So yeah. This is bad.

Right now, according to Twitter, they are back online and picking up the pieces of this malicious assault on their servers; so if you feel like coming on to the network and complaining about them, think twice. As I mentioned last night (and probably will, again, in an upcoming interview), Twitter has been growing like Kutzu on steroids, and trying to come up with adequate security is an ongoing challenge. I applaud them for keeping us all in the loop and for handling this as well as they have, but sadly this is a reminder of how their security should become an issue of highest priority.

I’ll have more information here as the day progresses, but remember you can keep tabs on Twitter’s Status by clicking here. See you all on the tweet side.

UPDATE at 3:14pm EST

Doesn’t look like Twitter is the only one getting slammed by hackers. From Wired Magazine comes confirmation that Facebook is also under a DoS attack:

Facebook has confirmed to Wired.com that — like Twitter — it was the victim of a denial-of-service attack Thursday morning.

“Earlier this morning, Facebook encountered network issues related to an apparent distributed denial-of-service attack, that resulted in degraded service for some users,” responded Facebook spokeswoman Kathleen Loughlin via e-mail.

Facebook seems to be weathering the storm, but Fan Pages have been reported offline and their response time on other pages slow. Twitter has been on and off, and some folks in my networks have been voicing their ire abut their inconsistency. Remember that while, yes, Twitter is awesome, it is also dealing with people today that are not-so-awesome and are making life in 140-characters-or-less close-to-near impossible. Be patient with Twitter. It’s not going anywhere, but it is getting hammered by hackers today.

This was my first official interview for the title, and a terrific kickoff in promoting this latest title concerning Social Media. If you would like to have me on your podcast or would care to host a guest blog column with me, feel free to contact me here! Thanks for listening.

…but in light of recent events, Twitter has shown their human side. Or more to the point: when Twitter screws up, it is on an epic scale.

From TechCrunch, Robin Wauters reports that on July 15, 2009, a security issue plagued the Twitter servers unexpectedly. It was a technological Black Death of the worst kind: user error. Someone had made the password to Twitter’s servers the following: password.

Wow.

Wauters continues in TechCrunch’s “Another Security Tip for Twitter” article:

Twitter co-founder Biz Stone, responding to our email, said “this bug allowed access to the search product interface only. No personally identifiable user information is accessible on that site.” Although no user accounts were compromised or accessible, the vulnerability speaks to a greater culture of lax security at the startup, and may be indicative of how earlier breaches possibly occurred.

With that in mind, we have some friendly advice for Twitter. For instance, it would be wise if in the future Twitter insiders do not use the password “password” for the back ends of its systems or one of its co-founder’s names (Jack) as a username.

What makes this cock-up truly frightening is that this particular incident is in no way related to another security breach Twitter was addressing on their blog that same day. This has kicked up a lot of speculation and criticism both here and at other sites like the earlier cited TechCrunch and Mashable.com concerning the security measures at Twitter.com. Mashable’s Stan Schroeder, in his own commentary, thinks:

One thing is certain. Twitter needs to burn everything security-related down to the ground and build it all anew to make sure this won’t happen again. Employees should adopt stricter security practices; services that don’t offer adequate security should be replaced with better ones; in short, Twitter needs to seriously rethink its attitude towards security and privacy in all aspects of their work.

Twenty-four hours later, people are still asking a lot of hard questions concerning who is keeping the gates at Twitter.com. These are questions I’d love answers to, but as of the posting of this article there is no new chatter either at the Twitter Blog or at Twitter Status.

From the reassurances of Biz Stone, Twitter appears on top of this; but I remain stunned that using “password” as a password to access servers got by their checks and balances. For the love of tweets, Twitter, you’ve been on the cover of Time Magazine and have been hailed as one of the innovations of modern communication. The backlash has been flying and flying hard in comments for these cited articles, and Twitter should respond. This is no longer an issue of “growing pains” but more concerning a careless, lacidasical approach to what should never be taken lightly: the security of their membership.

I also came up with an easier-to-circulate link, thanks to Bit.ly. Go to http://bit.ly/AllaTwitter and order your copy of All a Twitter today! And feel free to share this video across the blogosphere.