When Mashable.com cites your website, you know you’re doing something right. Andrew Girdwood must be thinking that as a lot of people are following his lead when Mashable’s Stan Schroeder reported early this morning:

Numerous Twitter users are pointing out that Twitter forced them to change their passwords out of the blue. According to blogger Andrew Girdwood, these users have received an e-mail containing the following message: “Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset,” together with a link for resetting the password.

Although the e-mail itself looks like a phishing attack, it’s genuine; it seems that admins at Twitter have discovered something fishy is going on, and they’re trying to prevent further damage before it happens.

I’ve been reading up on this all morning (with postings from TechCrunch and The Washington Post as examples); and while this situation shouldn’t be taken lightly, I am not scrambling to change my passwords on my accounts. Why?

1. I’m finding out about this scam via Twitter.
2. The people on Twitter are finding out via an “official email” from Twitter.com.
3. On Twitter’s Status and News blogs and on Twitter’s own feed, there is no mention of this phishing scam whatsoever.

If you kept up with me yesterday, you knew that my day from the Bird House was a rough one. I had a knee jerk reaction to the sudden disappearance of Twitter’s new Retweet function (and I openly admit that part of my ire was coming from the possibility that hard work I did for an upcoming print run of Sams Teach Yourself Twitter in Ten Minutes and my Bird House Rules Episode 8a was all for naught…) only to discover that Twitter was having a rough day of their own, far beyond new options pulling a Harry Houdini.

This morning, a lot of things were explained.

Welcome to Birdhouse Rules, the Official Podcast of All a Twitter and Sams Teach Yourself Twitter in Ten Minutes.

I promised that the show was going to post on a fortnightly schedule; but in light of recent events, I decided to shuffle the schedule around and make the first episode something timely. I wanted to talk about what happened on Twitter (and elsewhere) all day Thursday, August 6, 2009.

Just in case you missed it, you can hop over to the link I provide here in the show notes, but safe to say, it was a really busy day. It has taken Twitter a few days to recover. From the looks of things and according to the Status blog, there are still a few pieces needing to be picked up but Twitter — on a whole — is running smoothly.

This show was imspired not only by the events of last week but also by a comment left behind by our Guest Voice. Take a look at the blog, have a listen to this episode, and take a moment to send a “thank you” note to Twitter.com. They really managed to hold things together, and we should all be appreciative of their hard work for this free service they provide.

Guest introduction by Fred Castaneda

“All is Well” drop-in’s from National Lampoon’s Animal House.

Album Artwork by Paul Fischer of Dancing Cat Studios

 

 Episode #1: All Is Well — Lessons Learned from a Hack Attack [9:59m]: Play Now | Play in Popup | Download (823)

Feel free to syndicate this audio, and provide feedback or topics you’d like to hear discussed on Bird House Rules at 703.791.1701, tmorris (at) imaginethatstudios (dot) com, Twitter, or here at the Bird House Rules Blog!

What — a — day.

It all started this morning when, from Twitter Status, this nugget of good news arrived, explaining the odd, intermittent service:

We are defending against a denial-of-service attack, and will update status again shortly.

For those of you (like me) who didn’t know what a Denial-of-Service or DoS Attack was at the beginning of the day, you probably know what it is now. The U.S. Computer Emergency Readiness Team (CERT) defines a DoS Attack as the following:

In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, web sites, online accounts (banking, etc.), or other services that rely on the affected computer.

The most common and obvious type of DoS attack occurs when an attacker “floods” a network with information. When you type a URL for a particular web site into your browser, you are sending a request to that site’s computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can’t process your request. This is a “denial of service” because you can’t access that site.

Talk about a tough way to start a day.

From Twitter Status comes this nuggest of good news:

We are defending against a denial-of-service attack, and will update status again shortly.

Okay, that doesn’t sound good.

What exactly is a Denial-of-Service or DoS Attack? Heck — I’d never heard of it and I’m a geek, passionate about his Social Media. So, I turned to Google and started the research. In a nutshell, it’s bad. REALLY bad. From the files of U.S. Computer Emergency Readiness Team (CERT) comes a definition of what a DoS Attack is all about:

In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, web sites, online accounts (banking, etc.), or other services that rely on the affected computer.

The most common and obvious type of DoS attack occurs when an attacker “floods” a network with information. When you type a URL for a particular web site into your browser, you are sending a request to that site’s computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can’t process your request. This is a “denial of service” because you can’t access that site.

So yeah. This is bad.