Here’s an interesting thing to consider next time you’re looking through your web stats: the popularity of Safari 4 and later (the desktop version, not the iOS one) probably looks way higher than it actually is.

Safari’s “Top Sites” feature checks sites to see if any content has changed since you were last there (and also to draw the preview images), and it does this reasonably often. The way it checks is to load your website behind the scenes, which means your server gets hit, and your stats show Safari’s more popular with each refresh.

Perhaps Apple should make the background thread use a different user agent string so that we can differentiate real requests from the Top Sites updates?

I figured I’d write up my experience with the Facebook Roadblock, as it might come in useful for other people who get locked out.

Last night I noticed Adium started spinning away on my dock, unable to connect to one of its configured networks, which turned out to be Facebook. A few minutes later I closed whatever browser tab I had open, and noticed that Facebook tab I had open behind it was showing the “Please login to continue” dialog over my previous session. Clicking the login button took me to something I’d not seen before, the Facebook Roadblock:

The Facebook Roadblock

A few minutes of checking the SSL certs, retyping bookmarks, checking for DNS spoofing, and even trying from my iPhone over the 3G data network (which still didn’t work, it instantly logged me out once it loaded and didn’t let me back in), I received an email claiming to be from Facebook. And the headers seemed valid too:

Return-Path: <notification+z4o6=66@facebookmail.com>
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on
  server01.filesanctuary.net
X-Spam-Level:
X-Spam-Status: No, score=-99.0 required=5.0 tests=AWL,BAYES_50,
  DNS_FROM_OPENWHOIS,RCVD_IN_DNSWL_LOW,SPF_PASS,USER_IN_WHITELIST autolearn=no
  version=3.2.4
X-Original-To: aaron@unadopted.co.uk
Delivered-To: aaron.unadopted@server01.filesanctuary.net
Received: from mx-out.facebook.com (outmail013.snc4.facebook.com [66.220.144.145])
  by server01.filesanctuary.net (Postfix) with ESMTP id CF77B315237
  for <aaron@unadopted.co.uk>; Thu, 28 Oct 2010 19:04:33 +0100 (BST)
DKIM-Signature: v=1; a=rsa-sha1; d=facebookmail.com; s=201006181024; c=relaxed/relaxed;
  q=dns/txt; i=@facebookmail.com; t=1288289073;
  h=From:Subject:Date:To:MIME-Version:Content-Type;
  bh=qEIXppA9YVJnzP16lPu8knjBLI4=;
  b=R8irJgwrt6XVn16hAvSUFeIlM++vWMcDyAYhNXrhKnQ6ItFMnyMlWp5Mpop9/8qW
  RBXeIrBlbl9R+MhQ7tTzmYKGcHpDpA4sMc27xKmYwDphIdANX0rgfCfxLzsRwYvJ
  wu+CZxtaBphfkFdMo0RZabSpGN4v5Q0WCW12jqDxKBM=;
Received: from [10.30.185.191] ([10.30.185.191:35133])
  by mta018.snc4.facebook.com (envelope-from <notification+z4o6=66@facebookmail.com>)
  (ecelerity 2.2.2.45 r(34222M)) with ECSTREAM
  id F6/5B-27367-13BB9CC4; Thu, 28 Oct 2010 11:04:33 -0700
X-Facebook: from zuckmail ([MTI3LjAuMC4x])
  by localhost.localdomain with local (ZuckMail);
Date: Thu, 28 Oct 2010 11:04:33 -0700
To: "Aaron B. Russell" <aaron@unadopted.co.uk>
From: Facebook <notification+z4o6=66@facebookmail.com>
Reply-to: Facebook <notification+z4o6=66@facebookmail.com>
Subject: Security Warning From Facebook
Message-ID: <9202ff1cbcd06add33c763f96edc88cd@localhost.localdomain>
X-Priority: 3
X-Mailer: ZuckMail [version 1.00]
X-Facebook-Notify: roadblock; mailid=333b85fG1e289220G6f8ad57G7b
Errors-To: notification+z4o6=66@facebookmail.com
X-FACEBOOK-PRIORITY: 0
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"

Dear Aaron B. Russell,

We have detected that your Facebook account is infected with a form of
malware, or virus, called Koobface. You downloaded the virus after
receiving a message from a friend, which invited you to view a video.

To restore your account, please log in to Facebook and follow the
instructions you see there. You can also learn more in our Help Centre at:

http://www.facebook.com/help/?topic=koobface

Thanks,
Facebook Security Team

Hmm. So I really was locked out. But was I really infected? As I use a Mac, I wondered if I’d been hit by the (supposedly harmless) OSX/Koobface.A virus (Intego Security Memo). But if that was the case, why didn’t VirusBarrier X6 tell me about it? And why didn’t I get the Java applet warning? My mind wandered back a couple of days and I remembered I’d logged in on my Windows 7-based HTPC recently too, so there was a slim chance that I got infected that way.

So off I went to set some scans running. Kaspersky Internet Security finished on the HTPC first due to it’s relatively small HD, but that was clean, which only left my MacBook Pro as a potential candidate for infection. After discovering just how long it takes to scan a 500gb hard disk (more than 8 hours)… VirusBarrier told me that it didn’t find anything on my laptop either.

VirusBarrier says "no virus detected"

Both Kaspersky Internet Security and VirusBarrier X6 claim to be able to deal with various versions Koobface worm/trojan hybrid, but neither of them picked anything up despite having the latest virus definition updates, so my systems seem to be clean. Having checked my systems meant that I was now “allowed” through the Roadblock (Facebook requires you to certify that you’ve checked your system — that said, it’s only a checkbox to tick and you could easily lie, but if you receive genuine reports that your computer appears to be compromised, it’s better not to chance it), and I went through this sequence of steps…

Facebook give you a few options to prove your identity

I opted for SMS message verification

Facebook then try to educate you about what happened...

... which is a really good idea (though they should detect I'm on a Mac)

... and then they forced me to reset my password (also good!)

And then after a confirmation screen, my account was restored.

So… what the hell happened? Well, from what I can tell my machines are not infected, so either my account was compromised, or it was a false alarm (possibly due to Adium’s frequent reconnects to Facebook Chat, because it drops the connection often). Either way, I think Facebook handled this very well from a security point of view. They also offered me a (Windows-only) 6 month free subscription to McAfee VirusScan Plus on the final confirmation screen, but I skipped that as I’m on a Mac and already use Intego VirusBarrier X6, but it’s good to be offering protection to people who might not be protected.

I’m interested to hear if anyone else has gone through this (especially Mac users), so if you have a similar story to share, please drop me a comment.

It seems that things have progressed into the ridiculous in the YouTube vs Viacom spat:

For years, Viacom continuously and secretly uploaded its content to YouTube, even while publicly complaining about its presence there. It hired no fewer than 18 different marketing agencies to upload its content to the site. It deliberately “roughed up” the videos to make them look stolen or leaked. It opened YouTube accounts using phony email addresses. It even sent employees to Kinko’s to upload clips from computers that couldn’t be traced to Viacom. And in an effort to promote its own shows, as a matter of company policy Viacom routinely left up clips from shows that had been uploaded to YouTube by ordinary users. Executives as high up as the president of Comedy Central and the head of MTV Networks felt “very strongly” that clips from shows like The Daily Show and The Colbert Report should remain on YouTube.

Viacom’s efforts to disguise its promotional use of YouTube worked so well that even its own employees could not keep track of everything it was posting or leaving up on the site. As a result, on countless occasions Viacom demanded the removal of clips that it had uploaded to YouTube, only to return later to sheepishly ask for their reinstatement. In fact, some of the very clips that Viacom is suing us over were actually uploaded by Viacom itself.

– Zahavah Levine, YouTube Chief Counsel, YouTube Blog

This sort of mess surely can’t look good for Viacom?

From an Associated Press article:

Twelve administrators of the website Formspring.me, including CEO Mark Baxter were arrested on Monday for data phishing and misleading the public, when the site was revealed to be a “social experiment,” which will culminate in the automatic revealing of users’ private data on April 1, 2010.

Update: seems like this is a hoax…