Sunday, June 05, 2011

The lies just never stop, do they?

A journal called The Daily has reconstituted a false argument first offered by The Mighty Seixon in order to "debunk" what I said about the Yfrog exploit.
But according to data provided exclusively to The Daily from, a nonprofit website that captures each member of Congress’s Twitter feeds in real time, the shot seen round the world was transmitted using TweetDeck — a popular Adobe desktop application that links up with social networking sites.
Chet Wisniewski, a senior security adviser at security software company SophosLabs, said the TweetDeck stamp “does make it more plausible that it did come from him.
Let's knock this one down quickly, shall we?

I revealed in this blog -- long before the Daily published its "exclusively" provided "data" -- that Weiner used TweetDeck that night. But so what?

The poor schlub writing for the Daily -- his name is Daniel Libit -- doesn't understand that Seixon's entire "TweetDeck" argument was based on the presupposition that the congressman used TweetDeck or some similar app EVERY SINGLE TIME. Thus, he never established a Yfrog account.

Yet even the Daily stipulates that this was not the case.

So there goes the argument. Poof.

Furthermore, TweetDeck and similar apps (such as the divinely-named Twitterberry) always append an identifying signature: "via TweetDeck" and "via Twitterberry." Something like that. Weiner's previous photos didn't have that data. They were labelled "via Yfrog" and "via Twitter."

Let's take it a step further. Suppose Weiner had used TweetDeck and nothing but TweetDeck during his entire career as a twitterer. Again: So what?

TweetDeck automatically establishes a Yfrog account for you. When you try to send a pic, it even flashes a message: "Sending via Yfrog." Don't take my word for it. Download the app for yourself and try it out.

I downloaded TweetDeck and had one of my fictional creations send a pic to another. "Chalice153" had never set up a Yfrog account -- and yet one was set up for her. Here it is. (That's Angela, my model. Pretty, isn't she?) That account was open to the very same exploit which I pointed out in my post.

Seixon, a known Republican operative with a long and irrefutable history of flim-flammery, tried to pretend that this was not the case. Interestingly, he set up his blog to make that argument on the very day when Yfrog plugged its security hole. The plugging made it impossible to prove him wrong via a real-world, real-time test.

Still, I don't think that such a test is necessary. Chalice153 has granted a Yfrog account the moment she sent a picture, even though she did not go to Yfrog's website to set one up. In the days before the security hole was plugged, anyone could have uploaded anything to that account.

So the entire argument is bogus. The Daily has given us techno-babble.

Weiner clearly did not use a TweetDeck-like app all the time -- and even if he had, his automatically-created Yfrog page was open to the same security exploit.

Just in case you are wondering whether the conspirators (in this case, that much-overused term is justified) lacked the computer savvy to make use of that exploit, let us recall what Dan Wolfe's partner Mike Stack has to say about himself:
In one 2009 post, Stack fired back at some of his online enemies, warning them to “be careful of what you say.” He claimed, “I can find out anything about anyone. The software and programs that I have at my disposal, in addition to the people who work in the wi-fi and technology field that I am partnered with make me a virtual cyber detective.”
Let's have another quote from Wisniewski:
“If I had his password, I could add his account into my TweetDeck and start sending tweets, and it would all say ‘TweetDeck,’” Wisniewski explained.
This statement proves that he hasn't been following the case. My entire point was based on the fact that Yfrog had a security loophole which allowed others to post to your account without knowing your password. That point was proven beyond rational debate when Yfrog closed that very loophole soon after my post became widely-read.

Does Weiner's use of TweetDeck that night constitute an "extra hurdle" for the conspirators? Of course not. The statement is nonsensical on its face.

It is stipulated by all sides that the anti-Weiner conspirators were watching his twitter feed the way a lioness studies her prey. That constant, careful scrutiny is (allegedly) the reason why Dan Wolfe just happened to see the photo immediately. They knew full well what Weiner was doing that evening. Anyone can download TweetDeck; it's a free app and takes a short time to set up.

Time to make a point which I should have mentioned earlier. Twitter is not like email. If you send a picture via Twitter to a private party (even if you use TweetDeck), that picture also shows up in your own Twitter record. For everyone to see. An experienced user of Twitter would have known that. I discovered that fact my first time out, and Weiner had been using the app for years.

If we are to take Gennette Cordova at her word (and I doubt that The Daily will take the legal or ethical risk of calling her a liar), then she and the congressman had never engaged in personal chit-chat. He had no way of knowing anything about her. Are we to believe that he suddenly -- and very non-anonymously -- sent a lewd photo to a girl he did not know and whose reaction he could not gauge? And that he did so knowing that the same image would be visible to anyone, including enemies like Dan Wolfe (whose Weiner-obsessive behavior was known to the congressman)?

Again: If you believe that, then Jonathan Lebed has some penny stocks to sell you.

I think that George "The Mighty Seixon" Gooding or one of his allied 'wingers contacted the Daily and got this story into the newstream. It's clear that the writer for the Daily did not even fully comprehend the argument. And I doubt that he had seen this.

Seixon has an established history of trying to buttress dubious assertions with highly-detailed arguments which ultimately prove to be bogus. He did they same thing when he "proved" that Saddam really did have WMDs. The guy is a classic flim-flammer.

Oh -- and Mr. Wisniewski? Hope you're reading this. Sophos is a good product, but: A while back, I had a nasty little rootkit which Sophos completely missed. Emsisoft caught it.

Nobody's perfect, eh wot?

Added point: People presume that Weiner's statement that he "can't be 100% sure" that the photo isn't of him means that is of him. If so, his consistent denials that he uploaded the photo would be a lie. But if he's willing to lie about uploading the photo, why wouldn't he simply say "Not me"?

As I've said many times, I think he was worried that that some photo-funnies between him and a former girlfriend had somehow escaped into the hands of an enemy.

The first time I got a camera phone, my ladyfriend and I took some shots which we might not want you to see. (They were by no means pornographic -- just unflattering.) I don't know if those shots still exist anywhere, and I have only a vague memory as to what they looked like. If you ever see those photos online, know that I didn't upload them.
If the photo was sent on twitter via Tweetdeck, does not that seriously damage the yfrog email explanation? I don't follow how your post addresses that criticism.
the "via tweetdeck" evidence, assuming its true, is a problem for weiner. it means hack had to be more of a true hack as opposed to exploit of yfrog email vulnerability.

its true weiner never sent a pic via tweetdeck before, but its also true he was on tweetdeck for the afternoon and evening of may 27. he had to have really been hacked for that to work.
In addition to the above, Joseph's "Yfrog exploit" theory appears to be collapsing. Yfrog has conducted an internal audit and confirmed that its e-mail upload feature "has not been compromised in any way" or "broken into."
milowent, TweetDeck creates a Yfrog account automatically. So the same exploit was available. Seixon was saying that it was not.

And where is the proof that the offending pic was sent from TweetDeck? I'm on Weiner's Twitter page right now and I don't see it.
Chris, I was perfectly aware that Yfrog said that the very first day they shut the thing down. What else do you expect them to say in public? "Yes, our shoddy practices compromised your security?"

Even George Gooding stipulated the security exploit. He said it was "well known." And so, it appears, it was -- to those who follow such things.

You can't have it both ways. You can't say it was "well known" and non-existent simultaneously.
milowent, this is very weird. I just saw a screencap of the version of Weiner's tweets that night, as published by Breitbart. Here:

It doesn't match the version printed by the Daily.

Also, is there any way for a REALLY GOOD tech wiz (which Mike Stack claims to be) to spoof the "sent via" part?

Your quote: "The Daily has given us techno-babble" No, The Daily has closed down the options of how and maybe who posted the tweet.

The information from, a nonprofit website that captures each member of Congress’s Twitter feeds in real time, the shot seen round the world was transmitted using TweetDeck and only TweetDeck.

This information confirms that your earlier blog posts and your yfrog theory a distraction and done. The tweet from @repweiner came from TweetDeck and not via
an email from some random email address: "very same exploit which I pointed out in my post". It was not "a via yfrog" as this example from Rep. Weiner on Feb. 25.

Anthony Weiner

Do I have to pay 1977 Weiner royalties to use this?

25 Feb via Yfrog

This tweet is still available in Rep. Weiner's twitter feed, the picture...was deleted by Rep. Weiner along with his other photos in his yfrog account.

Since the tweet with the link to the package came directly from TweetDeck. You are now back to it had to being someon having Rep Weiner's password or
hacking into Rep. Weiner's TweetDeck application or Twitter account. Back to being a Federal Crime or it was sent by Rep. Weiner.

So Rep. Weiner is back to needing an investigation and a court request for the logs that would confirm the details of the actual post.

The TweetCongress stream was published before, and the "via Tweetdeck" was not there.
By the way, I'm a little suspicious, frankly, about TweetCongress. There is no way to contact the organization. It seems to have been founded by two fellows in Texas who see fit to brag about being "Christians."

I've seen plenty of other Twitterstreams online where the "sent via Tweetdeck" appendage is there. But it is not present on Weiner's twitter page, and it is not present in the screencap on Brietbart's site.
Joseph, That is the point the public interface from does not show the "how" but they confirmed to "The Daily" that the post was via TweetDeck.

The only pubic interface that would show the via posting method would have been @repweiner's tweet feed but he deleted that tweet!

Nothing has been confirmed yet. Even if our two "Christian" friends from Texas were to confirm it, I'm not sure I would believe them. Their bias would be obvious, and no independent evidence would back them up.

The Daily's data does not match that of the earlier screencap. And "via Tweetdeck" does NOT appear on Weiner's Twitter page.

Does anyone else smell Photoshop?

No Photoshop needed, just check any other tweet that is still in @repweiner via the web. Select the tweet and the widown on the right will show the detail and "the via" detail.

So when Rep. Weiner deleted the tweet, the public detail of the via went with it.

Americans' Obsession with Folly or the Tale of the Twitteratti

As the brilliant Pascal observed the emperor needs must be feted with frivolity and games in order to keep his or her mind off his or her mortality. This is why fools and madmen alike obtain knighthood. I heard it said yesterday, or rather read it, that double entendres are a sign of immaturity. My imagination immediately seized upon the name of the greatest of playwrights and put up a vocal utterance of "really?" Perhaps this this attitude can be likened to a deservedly obscure "thinker" by the name of Vico, who opined that the Roman Empire was the coming of age of the ancient world. I suppose that Lycurgus, like Shakespeare, would be strictly a puerile jurist in Vico's bizarre world view. Aeschylus a schoolboy, Hamilton a ninny, hardly worth wasting one's breath on...and so on.

This brings us to Weinergate. As the astute reader of this so called blog knows by now, I see the repugnant Twitter bubble as a "sign of the (end)times" much like Robert Burton viewed the calamity of his days' everyman, who having the silver to publish any abject drivel to his liking. Plays, in those days were deemed not serious art. And how many of Shakespeare's contemporary and serious Latin poets share the dusty fate of Ozymandias? And so is it any wonder when a member of our ever estimable polity is suspended in delicto by his own rather prominent petard that we cannot withhold a hearty guffaw at his expense...Even in this post modern dark age that has come upon us a laugh or two may do us good.
Thing: I found your comment somewhat insulting, but since you referenced Vico, I let it through. Weiner was not hoist by his own petard.

You'd have to be nuts to believe that he would send a crotch pic to a girl he did not know, a pic that would be made public to everyone under any circumstances. And at the same time, JUST COINCIDENTALLY, a political zealot who brags about his skills as a hacker, and who also has access to a trove of pornographic images, is leading a multiparty effort to bring Weiner down on a sex charge.

That's relying on coincidence a little too heavily for my taste.

First lets assume the tweet was never meant to be public, it was meant to be a Direct Message.

A single character makes the difference between a private DM and a public tweet!

Now your version:

So you want a hacker, let's assume that you get a great hacker. Now, you want the hacker to be both smart and stupid at the same time.

Smart enough to hack in a leave no trace but dumb enough to not change the password so that Rep. Weiner could not just delete the tweet! Smart enough to know that Rep. Weiner would say that with certitude the picture was not his package!

However your hacker is not smart enough to update the image to appear to come from a Blackberry xxxx just like Re. Weiner used for his other yfrog photos by a simple edit of the EXIF data.

@joseph - yes, the public tweetcongress stream screencaps did not show tweet location. i am told, however, that this information is capture and retained by tweetcongress. chris mcclosky (sp? he's here on twitter) said he would look into finding the archived information. apparently the daily is who got it first. i would like to see the evidence, however, e.g., the actual info conveyed that shows the tweet location to tweetcongress.
Joe, this is a really dumb comment. The "D" sends the picture to the intended target. But the pic also shows up in your own twitterstream. I tried this out for myself. As I said: It's not like email.

"Smart enough to hack in a leave no trace but dumb enough to not change the password so that Rep. Weiner could not just delete the tweet!"

My theory (which wasn't really mine) posits that no knowledge of the password is needed. Did you miss that part?

If the password WAS known -- and there is actually some evidence to suggest it (Weiner's Facebook remark) -- then of course a hacker would not reset it. That would be like signing your work. And Weiner would then be able to say "someone changed my password."

The vast, vast majority of people who have been hacked have not had their passwords reset by the intruder.

No, if you uploaded a picture onto someone else's account, you would do what Dan did: Shout "Lookee here!" right away. And then take a (cropped) screencap and send it to Breitbart.

"Smart enough to know that Rep. Weiner would say that with certitude the picture was not his package!"

That was a gift. Of course, if we posit that the photo WAS of Weiner -- given to the miscreants by a vengeful ex (to cite just one scenario) -- then Weiner's reaction makes sense.

"However your hacker is not smart enough to update the image to appear to come from a Blackberry xxxx just like Re. Weiner used for his other yfrog photos by a simple edit of the EXIF data."

You haven't been paying attention, have you? The 800x600 does have data indicating a Blackberry, though not THAT Blackberry. You still haven't addressed the EXIF creation date.

Let's face it -- no-one on any side of this controversy has any explanation for THAT oddity.

The same "smart, yet dumb" argument applies to your side. Look, let's say Weiner sent a photo of himself to a girl (and the whole wide world). Wouldn't he say "I deny sending the photo and I deny that it is me"?

Instead, he said "I deny sending the photo but I can't deny 100% that it is of me." THAT (paraphrased) statement is consistent only with the scenario I've outlined: He feared that some miscreant had gotten hold of a private shot, perhaps from an ex.

Frankly, at this point -- and in light of the irrefutable conspiracy against Weiner (no-one denies that one existed) -- I wouldn't believe that Weiner sent that pic even if Weiner himself said that he did. And I would be very tempted to say those very words if I were him, just to get the business over with.

Right now, I'm trying to determine how to spoof the "via Tweetdeck" thing. Too bad Yfrog changed its policies, so I can't put it to the test...

Oh, and I've also been researching the long and dishonorable tradition of Twitter spoofing. YOW! I had no idea that the system was so vulnerable. I'm surprised that shit like this didn't happen years ago.
Milo: I've tried to get in contact with Chris, but it is difficult. He's obviously not on Weiner's side politically, and he seems to have been rather well connected, so the possibility of bias (or worse) is very real.

On the other hand, it seems he was a big fan of some comic book artists I like. So THAT's cool.

So the questions are...

1. How come there's no independent trace of the "sent via TweetDeck"? I've seen those words show up on other Twitter feeds.

2. Is it possible for someone like Mike Stack, who views himself as a computer genius, to spoof the "sent via TweetDeck" thing? (I'm sure that it's possible, for someone who is really clever.)

3. Given the fact that Weiner complained that his Facebook was hacked, isn't it possible that the same hacker got his Twitter password? Most people run the same password across a number of accounts. I have about eight different passwords, and keeping them straight is HELL.
This is over. The digital footprints have all been captured and analyzed. It's too late for the right-wingers to alter history to fit their frame job with the new sent from tweetdeck nonsense.

If they really wanted to pull this off they wouldn't have used the yfrog exploit until he was tweeting from his blackberry and not while he was at home using tweetdeck. The added bonus is he probably wouldn't have seen the phony tweet for quite some time using his blackberry. Tweetdeck is excellent at quickly updating your feed, mentions, etc.

You seem to be new to twitter. There is a big difference between a Direct Message (DM) and it is different than mentions and @replies.

Note: People you follow can send you a private message.
Note: You cannot send a direct message to a user who is not following you.

Example: How to Send a Private Message via the Web:
1.Log in to your Twitter account.
2.Click the "Messages" button on the top menu bar of your page.
3.You'll land on a page showing your private messages history. Click the "New Message" button, highlighted below. Click to send a new message.
4.In the pop-up box, type the name or username of the person you wish to send to.
5.Enter the message you wish to privately send, and click "Send."
Tip: Make sure that user follows you. You may only send a direct message to your followers


read this
Ah wind...still promoting Seixon? So I guess you also believe that Saddam really had WMDs, something that even Dick Cheney would now disavow?

The guy is a Republican operative. Come on, that's not even controversial.
Joe, I know all about that. Are you deliberately confusing the issue? I didn't say anything about using mentions and replies. I know that the messages are private. But when you send AN IMAGE VIA DIRECT MESSAGE, the image still shows up in Yfrog.

I admit I learned about this only because milowent mentioned it. But I've tested it. Look, I can't upload a screencap to the comments section,a nd this argument betweent he two of us does not warrant a separate post. Send a message to me at my email and I'll show you a screencapture to prove the point. All of the images that Chalice153 has sent to Gdowson153 showed up in Chalice's Yfrog account.
A little O/T but I realized when I went to Breitbart's site to look at the tweet timeline, that Breitbart's article claimed "Neither Weiner nor his staff have explained the uncanny coincidence that the congressman was tweeting out the time in Seattle just a few hours before the the now infamous crotch-shot tweet was addressed to a Seattle co-ed."

The woman is not a Seattle co-ed. She is a coed in Whatcom County (Bellingham, hometown of Glenn Beck). It's 90 miles from Seattle.
It's like confusing San Diego for LA.
I've seen a spreadsheet on another site that has more convincing data that Tweetcongress did capture the sender, and it was Tweetdeck. It comes down to the source on that one. I'd like to believe he's an honest source.

However, that doesn't explain the URL anomaly - unless that also appears in new Tweetdeck posts (and Yfrog has changed, so that wouldn't necessarily be the same.) It would still be worth testing.

The argument that he couldn't have been hacked and still on Tweetdeck at the same time is bogus, though. He couldn't have been hacked by someone who changed his password, but if he reused his password across accounts, a clever hacker would only have had to find out one of them to know all of them. No reason to change the password and alert suspicion. That's what happened to Twitter bigwigs a couple years ago.

An IP log would go a long way to figuring out what happened.
Post a Comment

<< Home

This page is 

powered by Blogger. 

Isn't yours?