If you find that your Twitter password doesn't work the next time you try to login, you won't be alone. The service was busy resetting passwords and revoking cookies on Friday, following an online attack that may have leaked the account data of approximately 250,000 users.

"This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data," Bob Lord, Twitter's director of information security, writes in a blog post.

According to Lord, Twitter was able to shut down the attack within moments of discovering it, but not before the attackers were able to make off with what he calls "limited user information," including usernames, email addresses, session tokens, and the encrypted and salted versions of passwords.

The encryption on such passwords is generally difficult to crack – but it's not impossible, particularly if the attacker is familiar with the algorithm used to encrypt them.

As a precaution, Lord says Twitter has reset the passwords of all 250,000 affected accounts – which, he observes, is just "a small percentage" of the more than 140 million Twitter users worldwide.

If yours is one of the accounts involved, you'll need to enter a new password the next time you login. Lord reminds all Twitter users to choose strong passwords – he recommends 10 or more characters, with a mix of letters, numbers, and symbols – because simpler passwords are easier to guess using brute-force methods. In addition, he recommends against using the same password on multiple sites.

Lord says Twitter's investigation is ongoing, and that it's taking the matter extremely seriously, particularly in light of recent attacks experienced by The New York Times and The Wall Street Journal:

This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.

Although the attack took place this week, it seems to have no relationship to the outage that took Twitter offline for several hours on Thursday. On the other hand, however, Lord's post does make rather cryptic mention of the US Department of Homeland Security's recent recommendation that users disable the Java plug-in in their browsers. He mentions Java twice, in fact.

While it's true that the Java plug-in contains multiple known vulnerabilities and that numerous security experts have warned that it should be considered unsafe, the connection between Java and the attack Twitter experienced isn't clear and twitter is yet to respond to our request for clarification.

A group of hackers leaked email contact information of experts working with the International Atomic Energy Agency (IAEA) after breaking into one of the agency's servers.

The group published a list of 167 email addresses along with its manifesto on Sunday in a post on Pastebin.

"Some contact details related to experts working with the IAEA were posted on a hacker site on 25 November 2012," IAEA spokeswoman Gill Tudor said Wednesday in an emailed statement. "The IAEA deeply regrets this publication of information stolen from an old server that was shut down some time ago. In fact, measures had already been taken to address concern over possible vulnerability in this server."

The hacker group calls itself Parastoo and wants the IAEA to investigate Israel's nuclear activities at the Negev Nuclear Research Center near Dimona, an Israeli city located in the Negev desert. "Israel owns a practical nuclear arsenal tied to a growing military body and it is not a member of internationally respected nuclear, biochemical and chemical agreements," the group said.

Israel has long had a policy of nondisclosure regarding its nuclear military capabilities and has never signed the international Treaty on the Non-Proliferation of Nuclear Weapons (NPT).

The experts whose email addresses were leaked should sign a petition demanding that IAEA investigate the activities at Dimona, the hacker group said, claiming that it has evidence of "beyond-harmful operations" taking place at the site.

Parastoo threatened to published information on the whereabouts of every single individual on the list together with their personal and professional details, saying that all of them could be considered responsible if an accident was to happen at Dimona.

"The IAEA's technical and security teams are continuing to analyse the situation and do everything possible to help ensure that no further information is vulnerable," Tudor said. "The Agency treats information security, including cybersecurity, as a top priority and takes all possible steps to ensure its computer systems and data are fully protected."

The IAEA is an international organization that promotes the safe and peaceful use of nuclear energy and discourages the proliferation of nuclear weapons. The agency reports issues of non-compliance by states to the United Nations General Assembly and Security Council.

If you're using BitTorrent without taking special measures to hide your activity, it's just a matter of time before your ISP throttles your connection, sends you an ominous letter, or worst case, your ISP gets a subpoena from a lawyer asking for your identity for a file-sharing law suit. Here's how to set up a simple proxy to keep your torrenting safe and anonymous.


Note, you don't need to be doing anything illegal. Maybe you just want to keep Big Brother out of your business and from throttling your connection. Either way, if you really want to keep your activity private, your best bet involves routing your BitTorrent connection through an external service. BTGuard is a dead simple BT-focused proxy server and encryption service, and it's my service of choice. Below, I'll explain what it does, how it works, and how to set it up to privatize and anonymous your BT traffic.

How BTGuard Works

When you download or seed a torrent, you're connecting to a bunch of other people, called a swarm, all of whom—in order to share files—can see your computer's IP address. That's all very handy when you're sharing files with other netizens, but file sharers such as yourself aren't necessarily the only people paying attention. Piracy monitoring groups (often paid for by the entertainment industry either before or after they find violators) also join BitTorrent swarms, but instead of sharing files, they're logging the IP addresses of other people in the swarm—including you—so that they can notify your ISP of your doings. A proxy (like BTGuard) funnels your internet traffic—in this case, just your BitTorrent traffic—through another server, so that the BitTorrent swarm will show an IP address from a server that can't be traced back to you instead of the address that points to your house. That way, those anti-piracy groups can't contact your ISP, and your ISP has no cause to send you a harrowing letter.

But wait, can't the piracy groups then go to the anonymizer service (BTGuard) and requisition their logs to figure out that you're the one downloading the new Harry Potter? Theoretically, yes, but the reason why we chose BTGuard is because they don't keep logs, so there's no paper trail of activity leading back to you. All the piracy monitors see is BTGuard sharing a file, and all your ISP sees is you connecting to BTGuard—but not what data you're downloading, because it's encrypted.

If you subscribe to an ISP that throttles BitTorrent traffic, and aren't using an anonymizer service, you have an additional problem. Your ISP can still see what you're doing, and if they detect that you're using BitTorrent—even if you're using it for perfectly legal purposes—they'll throttle your connection so you get unbearably slow speeds. When you encrypt your BitTorrent traffic, your ISP can't see what you're using your connection for. They'll see that you're downloading lots of information, but they won't be able to see that it's BitTorrent traffic, and thus won't throttle your connection. You still have to be careful of going over your ISP's bandwidth cap, however, if that exists.

BTGuard offers you both a proxy (to combat spying) and encryption (to combat throttling)—though many torrent clients have encryption built-in as well.

First, BTGuard isn't free. At $7/month (as little as $5 if you pay for a year in advance), it isn't very expensive, and we think it's well worth it if you want to torrent anonymously. A law suit settlement, if it comes to that, will cost you at least a couple thousand dollars, which equals a couple decades of BTGuard subscriptions, so keep that in mind, too. The other potential downside is that piping your downloads through another service may decrease your upload and download speeds. How much depends on what torrent you're downloading, who from, and a lot of other factors, but just know that it's a possibility. In my experience, more popular torrents stayed at their top speed of 1.4 MB/s (my bandwidth cap) with a proxy, while other less popular torrents (which flew at 1.4MB/s without a proxy) would fluctuate around 200 or 300 kB/s with BTGuard in place. Again, though, a little longer wait on downloads is well worth the protection you get.

Lastly, proxies aren't supported by every client, which means you'll have to use one with more advanced features. uTorrent (for Windows) and Vuze (for Windows, Mac, and Linux) both support proxies, but sadly Mac and Linux favorite Transmission does not. (If you're absolutely stuck with a client that doesn't support proxies, check the end of this article for some alternative solutions to the anonymity problem.)

How to Set Up BTGuard

BTGuard has a one-click install process, but we're going to show you how to do it the manual way, since it works in any BitTorrent client that supports SOCKS5 Proxy—not just the ones supported by BTGuard's installer. It'll also give you a better sense of what exactly BTGuard does, so if you run into problems, you'll have a better idea of how to fix it.

Step One: Sign Up for BTGuard

First, sign up for an account over at BTGuard.com. It'll just take a minute, and then you can get to configuring your client. Their BitTorrent proxy service costs $6.95 a month, but you can get discounts by buying multiple months at a time (up to a year's service for $59.95). Once you're done, you should receive an email telling you that BTGuard is ready to go.

Step Two: Configure Your Client

Next, open up your torrent client of choice and find the proxy settings within its preferences. In uTorrent, for example, this is under Preferences > Connection. Your client may have them in a different place (Google around to find out where), but no matter your client, your settings should look like this:

• Proxy Type: Socks v5
• Proxy Host: proxy.btguard.com
• Proxy Port: 1025
• Username: Your BTGuard username
• Password: Your BTGuard password

You'll also want to make sure you're using the proxy for hostname or tracker lookups as well as peer-to-peer connections, so check all boxes that say anything like that. You'll also want to disable connections or features that could compromise the proxy, so check all the boxes under uTorrent's "Proxy Privacy" section, or anything similar that your client may have. Hit Apply, exit the preferences, and restart your client. Your proxy should now be active.


Step Three: See If It's Working


To ensure that it's working, head over to CheckMyTorrentIP.com. This site can tell you what your IP address is, and compare it to the IP address of your torrent client, which will let you know whether your proxy is working correctly. To test it, hit the "Generate Torrent" button, and open the resulting torrent in your client. Then, go back to your browser and hit the Refresh button under the "Check IP" tab. If it's the same as your browser IP—which you'll see next to the Refresh button—then your proxy isn't working, and you'll want to double-check all of the above settings. If it shows a different IP address (often from another country like Germany or Canada), then BTGuard is successfully tunneling all your traffic for you.

Step Four (Optional): Enable Encryption

If you want extra security (or if you're trying to protect your connection from being throttled), you'll also want to encrypt all that traffic. Many clients have this feature built-in. In uTorrent, for example, just head to Preferences > BitTorrent and look for the "Protocol Encryption" section. Change your outgoing connection to Forced encryption, and uncheck the "Allow incoming legacy connections" box. From there, you should be good—your ISP shouldn't throttle your connection after this is enabled.

If your client doesn't support encryption, or you want a more powerful encryption behind your torrenting, BTGuard offers an encryption service as well. Just head to their Encryption page, download the software, and install it to C:\BTGUARD (this is very important; don't change the installation directory). Then, start the BTGuard Encryption program (accessible from the Start menu), and open up your BitTorrent client. Change your proxy server from proxy.btguard.com to 127.0.0.1, restart your client, and you're golden. Again, this isn't necessary if your client already supports encryption, but it is an extra layer of protection if you really want to keep everything private.

BitTorrent isn't the safe place it once was, and if you're going to use it to share and download files, we highly recommend getting some sort of protection from the services above so you can avoid DCMA notices and throttled speeds. Got any other tips for keeping your file sharing on the down low? Share them with us in the comments