In an interesting semi annual survey, the CTIA has released their most recent telephone usage statistics. Did you know that 740 billion text messages (yes, with a “b”) were sent in the last six months alone? And that’s only counting US subscribers. The number works out to 11.7 text messages per day, per citizen in the US.

Someone else is certainly using up my quota. I barely send one text per month. I’m holding this thing called a “telephone” and want to tell someone something…so I call them. I guess I’m just weird.

There are also far more cell phones available, with “about 276,610,580 wireless subscribers in the U.S., up about 14 million from last year, and more than double the number in 2002.” And even as this is happening, the number of landlines (hardwired home telephones) keeps dropping. But even as we buy more phones (and give way more money to those ever-growing wireless carriers) we’re talking less…or at least we’re making shorter calls. The “average length of a voice call was just 2.03 minutes” in this last survey, which is shorter than at any point during the 21-year history of record keeping.

Are we all just spending more time on the Internet? Are we staying in touch via Facebook, Twitter, and other social networking services, and bypassing voice communications? We’re all typing a whole lot more, that’s for sure. The same statistics suggest that, by volume, the US texting population is writing “the equivalent of about 656,000 [100,000 word] books.” That’s a lot of output. And it doesn’t even count the amount of text generated online using email, social networking, and other means.

We live in a very interesting age. We’re better connected with one another than ever before, but apparently we spend a lot less time talking. Maybe it’s time to get out from behind all those keyboards and get some “face time” with friends and family. The holidays are coming up, after all.

Social networking sites are becoming popular vectors for spyware and other malware, not to mention phishing attacks and malicious redirects to bogus websites. Places like Twitter and Facebook are tempting targets — they have millions of users, direct access to active (and presumably legitimate) email addresses for those users, and high volume. All a self-respecting hacker has to do is gain access to a valid Facebook account and they can send messages to thousands of users in one easy step.

The problem is that social networking sites use various account-verification methods to help ensure bogus accounts can’t be created easily. Facebook, for instance, uses a CAPTCHA scheme that requires the potential user to enter a sequence of letters and numbers generated as images on the account-creation form. Many sites use these schemes, and they’re pretty effective in guarding against automated account-creation hacks.

Sadly, someone appears to have found a way around Facebook’s CAPTCHA scheme. According to a recent article, researchers have found hundreds of bogus accounts, all using the same profile photo of an unknown woman, under different names. What made them obviously fake was that “each page had a link to a supposed video that would infect user computers with spyware if clicked.”

Facebook is pretty good about shutting down rogue accounts when these are brought to their attention, but tracking down hundreds (thousands?) of such accounts isn’t going to be simple if they’re being created by a malicious script somewhere on the Internet. If the CAPTCHA process has indeed been circumvented, it bodes ill for other sites with similar safeguards in place.

The FBI has even released a warning stating that people should be aware of the hazard of social networking sites. The statement points out that “cybercriminals are increasingly using social networking websites such as Facebook to launch attacks. Among the popular techniques used by hackers are hijacking a user’s account and sending spam to their friends that leads to a phishing site; creating applications on the site that include malware or rougue antivirus software; and using malware to gain access to users’ personal information.”

Be careful out there. Don’t accept links or messages from people you don’t know, or click on profile messages containing URLs unless you’re really sure where they’ll take you.

One of the advantages of social networks is that they can put you in contact with old friends, schoolmates, and co-workers. With a few clicks, you can reach out to people you haven’t seen in decades (presuming you’ve been alive that long), and meet up with like-minded people.

However, one of the disadvantages of social networks is that they can put you in contact with people you’ve never met, whose profiles may be bogus, and who might not be the nicest people in the world. They’re a lot like talking over CB radio: the person on the other end of the mike might claim to be a stunningly beautiful college student (of whichever gender) living just across town. But they could turn out to be a 14-year old kid using a hijacked account, or a 50-year old stalker looking for their next victim.

This isn’t to say you should be paranoid online, but you should be careful. This is even more apparent when you take the ACLU’s Facebook Privacy Quiz and find out how much information might be accessible to people you don’t even know.

If you set up a default FB account and never adjust the privacy settings, your profile can be picked up and published externally by various search engines without your knowledge. And if you subscribe to any of the popular quizzes that frequently show up on Facebook, your profile information becomes immediately accessible to those applications. Answer some questions in the “Which Tolkien Character Are you?” quiz, and some guy in Lithuania might gain access to all your photos, posts, friend lists, and other information.

Facebook itself has a privacy policy, and claim that developers must adhere to it. But you can set yourself up as as Facebook application developer using nothing more than an email address, so how much checking really goes on? Probably very little, since hundreds of applications and quizzes pop up on a daily basis.

Take the quiz. Then follow the ACLU’s suggestions about your profile settings. Lock them down so that only friends, and friends of friends, can see your information. Don’t provide unnecessary levels of information regarding your personally identifying data to any social networking site (especially your full birthday, phone number, or other sensitive information). Protect your privacy.

In another case of social networking sites being targeted by hackers, an application called “Fan Check” is causing waves on popular site Facebook. I first noticed a ‘tag’ from a friend who apparently started using the application about a week ago. I ignored it, then noticed a comment from another friend referring to an off-site article asking whether the application was legitimate.

Now it turns out the application may not be malicious in and of itself, but it’s become pretty controversial as a possible Terms of Service violation. One of the problems is that Facebook applications aren’t supposed to access a user’s profile without permission. But I received notification I’d been “tagged” without granting that permission…so was this legitimate or not? I suspect Facebook personnel are reviewing the source now to see if there’s any problem or malicious intent involved.

The other issue is that hackers have picked up on the controversy, and are using it to promote bogus “get rid of ‘Fan Check’ viruses” websites. These are, as one would suspect, sites that “alert” users their machine “may be compromised” and helpfully suggest allowing the site to install “antivirus” software to remedy the situation.

Who knows how many people have blindly clicked “okay” and allowed these sites to install keyloggers, botnet clients, or other malware. And I also suspect lots of users have given out their credit card information in an effort to remove a non-existent “Fan Check” virus.

Sophos and other companies are looking at the application in more detail now, but haven’t decided whether it’s actually malware. According to the latest news, “there are also many messages in the application’s page from Facebook members claiming that the application disrupted their Facebook profiles and their PCs as well, with some people wondering whether the application itself is some sort of malware.”

The same article also notes that “a link in the page to contact Fan Check’s developer doesn’t appear to be working.” That’s cause for concern. Either the developer has gone underground out of sheer embarrassment over the situation, or knows the application is malicious. Either way, if you’re a Facebook user I recommend not using this application at present. If you’ve already allowed it to access your profile, go to the Application Security tab in Facebook and click the X. That should remove its access to your profile.

Tweeting on the popular social networking site Twitter came to an unexpected halt on Thursday, when unknown hackers launched a massive DDoS (Distributed Denial of Service) attack that crippled the popular service for several hours. Facebook was also affected, but not as severely. Twitter’s rapid growth in popularity over the last year probably was a factor in the attack. On the Internet, visibility usually translates to vulnerability.

Details are still sketchy, but some suggest that the attack was launched from one of several well known, massive illegal botnets scattered around the globe. These are composed of millions of infected “zombie” PCs running botnet client software — and in most cases, the owners of these compromised machines are probably unaware they’re being used to conduct criminal activities. Some indications are that the attack was political in nature. According to an initial analysis, it “may have been related to the ongoing political conflict between Russia and Georgia.” The attack “started with hackers using a botnet to send a flurry of spam e-mail messages that contained links to pages on Twitter, Facebook and other sites written by a single pro-Abkhazia activist.”

The question is which side the hackers were on. As one researcher noted, “it’s hard to immediately tell whether it was a case of hackers trying to punish the sites for publishing views they disagree with, or if they were directing traffic to the sites out of sympathy for the activist’s message.”

While I’m not one to point fingers, I will suggest that anyone who found frustration in this event might want to consider their own possible role in it. Anyone who’s running an unpatched, unprotected system lacking current antivirus/anti-malware software and a decent firewall could be the not-so-proud owner of a zombie PC. Thus, your own machine may have been participating in the DDoS attack even as you were complaining about Twitter’s unavailability.

Patch your systems. Protect them properly. Spend the $50 for a decent malware detection tool and signature subscription. Otherwise, you might be helping take down the very sites you enjoy using. Think about it.

Everyone who uses Facebook should be careful which applications they allow to access their profile, as shown by this recent incident. Likewise with any of your personally identifying data (full name, address, birth date, etc.).

While Facebook is pretty good about policing its content, many application developers are probably just gathering statistics (name, age, other demographics) using the application as a cover. Think of those “win a free car” paper applications in stores–what really happens when you fill one out is that you’re added to a local dealership’s mailing list.

Example: if you click on one of the polls or IQ tests, you may see photos of your friends at the top. This is the application pulling data from their profile.

Question: if the app is able to pull photos from user profiles, what else is visible to it?

Answer: anything you’ve allowed it to access in your profile settings.

I strongly suggest navigating to the “Settings” portion of Facebook and checking through some of the options. If you have things that are set to “everyone” (meaning anyone on Facebook can see this info) you might want to back it down to “friends only.” If you’re allowing your name, marital status, full birth date, and location to be viewed by “everyone,” you’ve just given an identity thief enough data to hijack your life. This is pretty much all the info you’d need to get a bogus Social Security card issued.

Also go to Settings->Application Settings and change the view from “recently accessed” to “authorized.” This will give you a reasonably full view of everything you’ve given access to. If you’re not actively using a given app, click on the X to remove its access to your profile. Or, if you want to retain access to an application, change the privacy settings from “everyone” to “only friends.” The same concept applies to all other social networking sites.

Basically, don’t allow others access to your personal info unless you absolutely know where it’s going.

The first online chat program I ever used was IRC, or Internet Relay Chat. It’s still around, and is very popular among smaller groups since it’s so flexible and anyone can run a server. Since then we’ve seen everything from AOL Instant Messenger (AIM) to Yahoo chat, ICQ, Jabber, and many others.

Nowadays, with Facebook, Twitter, and other social networking sites added into the mix, one could have a dozen IM clients open simultaneously. Keeping track of all those windows could be tough, and there’s the annoyance of maintaining each application as upgrades occur.

The good news is that you can probably find a “unified” client application that supports most, if not all your IM and Social Networking sites. Several years back some co-workers and I started using Trillian, which provides plugins for AIM, IRC, and numerous other services. It’s great — fire up one client, configure it with your various login ID and passwords, and you’re ready to go. All your connections appear in one application, and you can toggle through each one as events occur.

The one bad point is that, at present, some of these unified apps support only Windows. Vendors have mostly stated support for Mac and Linux, but have yet to deliver. That said, eBuddy is web based, which means it should be multiplatform already (presuming the developers have done their job well).

Even better — several of these apps are now available for the iPhone and other mobile devices, like the Android phone. So you don’t even need a PC or Mac. You can keep up with your friends and IM on the road as well. And finally, both Adium and Pidgin are Open Source, so “if you want to modify the code to fit your own IM desires, that’s possible. And those in the open-source community are constantly improving the product, whose updates typically install with ease.” Those last points are the sign of a good, stable product. And any app that allows you to monkey with the code is all right by me.

Facebook has been taking a few heavy hits lately. First there was a huge flap over their updated terms of service. That resulted in the company reverting to its older ToS agreement just to quell the outrage. Now it’s the appearance of a new variant of a worm, dubbed “Koobface” (Facebook spelled half backwards, get it?) by researchers who first isolated it in the wild.

To be fair, Facebook isn’t the only social networking site that’s been hit. About ten sites, including Friendster and MySpace, have reported sightings of Koobface recently. Thus, these are also potential breeding grounds for the new worm.

The attack itself is fairly basic: a user receives a message, allegedly from someone in their network, directing them to a YouTube video. However, the URL in the message actually sends you to a faked YouTube site that apparently looks pretty convincing. This site (major warning flag!) tells you it needs to install a new Adobe Flash version in order to play the video you’re allegedly getting ready to watch.

The result is predictable: the “Flash update” is a fake, and you end up with malware installed on your machine.

The good news is that the infection appears to be fairly small at present. According to the article, “this latest incarnation of Koobface doesn’t appear to be widespread. Trend Micro has only found 28 computers infected by it worldwide (26 in the U.S. and the other two in France).”

The bad news is that it’s only one of four (yes, really) infected applications that have shown up on Facebook recently. “One of these malicious applications tries to trick people into adding it by claiming that their friends were having trouble looking at their profiles. If the application is added it spams itself to every Facebook friend that a member of the site has, according to the BBC.” Like I said, they’ve been taking a few heavy hits lately.

The obvious warning is: be careful what you click on while visiting social networking sites. These have become a major vector for malware distribution, and few roadblocks are presently in place to prevent worm authors from publishing evil applications. I’m a Facebook user, and I’ve taken to ignoring all application requests. That might not be the friendliest response, but it’s the safest.