Diigo, a social bookmarking and annotation site, is finally back online 50 hours after the domain was first hijacked. It’s an incredible story that involves crisis management, blackmail, investigative research, payoffs, a clever thief, and points to potential problems with the domain name registry system that could affect anyone with a website. Diigo’s co-founder called it a nightmare and crisis that he’d like to help other companies avoid.

Diigo has 5 million registered users. For two days this week, they couldn’t access the site. The service is both a collaborative research tool, and a social content site. TechCrunch called Diigo “a research tool that rocks”, back in 2006. I’m a big fan and started using Diigo (pronounced Dee’go) to bookmark websites after Yahoo shut down its popular bookmarking site Delicious.

What Happened To Diigo.com

This past Wednesday, I tried using Diigo’s browser bookmarklet to save a site to my library. But, it didn’t work. I went to the Diigo.com site and it got one of those junky parked domain pages that you see when you mistype a URL. My first thought was, did the site close or perhaps their domain name expire? I checked Diigo’s twitter account and learned their domain was hijacked. The twitter account directed users to anemergency announcement that was put up at diigo.net, notdiigo.com.

“Dear Diigo users,

We’re terribly sorry to inform you that we’re experiencing domain hijacking, ie. someone gained access to our Yahoo domain registrar account, and illegally hijacked the domain, www.diigo.com. Very soon www.diigo.com may not be accessible to you until this issue is resolved.

But please rest assured that all our servers and user data are NOT compromised…”

The message also included a way users could help:

“Meanwhile, if you’re an avid Diigo/ twitter user, plesae (sic) help RT and speed up the recovery. Thanks!

@Yahoo @YSmallBusiness, pls help prevent the stealing of http://diigo.com , as done here http://bit.ly/Xqi6Ki …! pls RT!”

On Friday afternoon, after 50 hours, the Diigo.com came back online.

Diigo posted an update saying:

“After an unbelieveable 48 hours roller coaster ordeal, Diigo.com is back! While all our servers and user data were completely unaffected during this time, our domain name registered through yahoo domain service (completely separated access from Diigo servers / user data) was “hijacked” for the past 2 days (no, our domain didn’t expire, but was literally stolen and illegally “transferred out”. According to Yahoo’s log, the thief even called into Yahoo and pretended to be the owner to inquire the transfer, if you can believe that!)

Simply looking-around the web shows that domain theft / hijacking has been causing a lot of disruptions and economic damage. During this ordeal, we have learned some valuable lessons to share with you all. Stay tuned after we get some much needed rest first!”

The Backstory

I contacted Wade Ren, Diigo’s Co-founder and Executive Chairman to get the details of what happened. He agreed to share his story in the hope that other companies will learn some valuable lessons and not have a similar crisis.

Ren told me “it’s a nightmare since it was unexpected. It was a crisis because it may damage Diigo the brand if it isn’t resolved quickly. And it was an ordeal to go begging for help and getting frustrating go-arounds.”

The Diigo team learned their site was being redirected Wednesday morning. They did a WHOIS search and learned their domain was moved from their Yahoo domains to another domain registrar called Aust Domains.

Ren called Yahoo to find out what happened. Ren says he had several calls with Yahoo over the course of 30 hours, but Yahoo staffers repeatedly told him they couldn’t do anything to help. They insisted the only option was to file a police report, which Ren knew, at best, would take a long time to get his domain back.

Ren also discovered Yahoo is not an official domain name registry operator, like GoDaddy, eNom, Tucows, and Melbourne IT. It turns out Yahoo is a domain reseller, and anyone using Yahoo Domains really uses a third party DNS registry operator. Ren’s account used Melbourne IT Ltd., based in Australia.

I discovered that Yahoo discloses this in the fine print in our Small Business Terms of Service

In section 1.3,

“Certain Services that You purchase or receive from Yahoo! may be provided by one or more third-party vendors, contractors, or affiliates selected by Yahoo! … Currently such third parties include: Melbourne IT Ltd for Yahoo! Merchant Solutions, Yahoo! Web Hosting, Yahoo! Business Email, and Yahoo! Domains customers.”

Ren discovered that the actual DNS registry operator, Melbourne IT, would need to get involved to get this resolved. After much pleading, a Yahoo staffer called Melbourne IT to help, and was told that since the domain was transferred out, there was nothing they can do.

At the same time, Ren called and sent an email to Aust Domains, where diigo.com was now registered. His email, titled “high traffic domains stolen, please help!” got a boilerplate reply from customer support saying:

“In this case, you will need to contact your domain registrar (Yahoo) to submit a complaint to Verisign (Global domain registry).

Once we receive the formal decision from Verisign, we will take the further action.”

Aust Domains and Yahoo weren’t going to help Ren get his domain back quickly. But then Ren was contacted by someone who could. The thief.

The thief, who had a yahoo email address, wanted money in exchange for Diigo to get their domain back. Ren says the thief bragged about how he had done this many times before and was very careful.

Of course, Ren in principle didn’t want to do business with a cyber blackmailer. But, he wanted to get his site back as quickly as possible for his users and didn’t want to deal with this problem much longer. He said the thief was well aware of the timing. He said the criminal knew it may still take 2 weeks for Diigo to get their site back even with the help of Yahoo, and it would be a lot quicker to pay him to get the domain back, otherwise known as blackmail.

Weighting options, Ren decided to pay the money and was given the account information at Aust Domain so Diigo could get their site back, by pointing the DNS settings back to his servers. Ren doesn’t want to disclose the exact amount of the payment, but it was in the 3-figures.

Searching the web, Ren found many cases of domain hijacking, and in one case, by the same hijacker at HowardForum.com, the thief was paid $400. You can read the timeline of that attack here.

In that case, the website owner says his registrar, GoDaddy, worked with Aust Domains to get the domain back. It took 13 days. Howard shared some of the emails he got from the thief:

Hello, I’m ready to sell that domain for 400 $. let me know if you are interested so we can talk about the transaction method.

My offer is valid for 12 hours anyway. Good luck.

I’m not looking for any trouble, You pay and I’ll provide you the info instantly after payment

The important thing is I’m the owner of this domain at this moment and after few weeks I decided to sell this domain…. you are wasting my time by asking unrelated questions.

Back to Diigo, Ren says that at the same time he was in contact with the criminal, a more senior person at Yahoo got in touch with him. This person was much more eager to help.

I sent requests via email and phone to Yahoo for comment. After 22 hours, Yahoo’s PR department told me they will look into this. I’m still awaiting their reply and will update this post with any response.

Lessons Learned

Ren says he’s learned several lessons this past week that he wants to share.

Ren isn’t sure how the thief got the account’s password. He speculates it could have happened on some public wifi network and was perhaps sold to the blackmailer. But, all the thief needed to transfer the domain was his email and password.

The thief was very careful according to Ren. He doesn’t let his target know that he’s hijacking their domain until it’s too late. The thief didn’t change his Yahoo account password. He just took actions to transfer the domain to the new registrar.

Since the thief still had access to the Yahoo account’s email, Ren suspects the thief was watching his emails and quickly deleted ones that might have warned Ren of the domain transfer. This wasn’t Ren’s main email account so he didn’t check it as often.

He says 2-step verification of logins could have prevented all this. Yahoo offers 2-step verification where “any sign-in attempt Yahoo! deems suspicious will require a second verification, either answering your account’s security question or entering a verification code we send to the mobile phone or non-Yahoo! alternate email address we have on file.”

Ren says that unfortunately, this security feature is still in beta and does not seem to work as promised. After the hijacking happened, Ren says he tested his account and was surprised to find that he could still login without the verification step. When Ren told Yahoo about this problem during the hijacking, they asked him to fill out a bug ticket to report it.

Would the domain locking featured offered by Yahoo and other registrars have helped? Ren says no, it only provides false hope. Since the thief had access to his account, the thief was simply able to turn domain locking off. And the thief was able to get the domain transferauthorization code, designed to prevent fraudulent or unauthorized transfer, because he had access to the account.

Ren says he’s learned it’s better to use a domain name registry operator, rather than a reseller.

Based on his experience, Ren says the the domain name registry system is flawed and it needs a system to freeze a domain transfer and revert the domain to its pre-transfer state, immediately after a transfer dispute is submitted, pending further investigation.

Ren makes a comparison to the online banking industry. If someone steals you financial account, you have more recourse and security since further verification steps are typically required. But even though your website might be your most business important asset, you don’t have the same protection from your domain host, and there ought to be better procedures and recourse in place to prevent this from happening.

Until that happens, criminals will still be out there taking advantage of the situation and prying on unsuspecting website owners.

Via TechCrunch

Tags: .

As e-book publishers and Apple face an antitrust lawsuit over pricing, magazine publishers are now looking into an alternative solution to the digital pricing dilemma: being able to extricate themselves from Apple’s grip entirely. A startup called Netizine, makers of a new, tablet-ready social magazine platform for publishers is currently in talks with seven of the ten top global publishers, we’re told, including three of the top five in the U.S.

And what is Netizine offering? Only a fully functional, HTML5-based tablet application that turns digital magazines into social networks…networks that run outside the App Store, that is.

Magazine publishers’ efforts, to date, have been a mixed bag. Some are OK, while others have been pretty awful,  basically turning their content into slow and heavy apps that take up more than their fair share of the iPad’s disk space. Their early failure on this front has left room for startups likeFlipboard and Zite to innovate and build new ways to consume news in a “magazine-like” interface.

Enter Netizine.

The company, now in closed beta with an early launch scheduled for summer 2012, is an entirely new take on how magazines can operate in the new digital, tablet-focused computing age. And it’s all about social.

Netizine CEO Jonathan Harris, a self-described “print guy,” the former GM of a large publishing business (Africa’s Media24), explains that today’s “social magazine apps” are not really social.

“I’m a big consumer of Flipboard, but I do not define that as a social magazine.” he says. “The reason it’s labeled a ‘social magazine’ is because when it started, it aggregated my social feeds and turned that into a magazine experience.”

“But social is broadly limited [in Flipboard] to a page-to-many experience – i.e. share the page, tweet the page – which is pretty much a commodity these days, and a fairly standard experience across the board.”

With Netizine, however, publishers have the tools to build an entire social network within their magazine, in order to allow readers to socialize around content. It’s a more in-depth an experience that something like the community solutions designed for websites – like Disqus, Badgeville, or Livefyre, for example, which are mainly focused on commenting, user profiles, and reputation management.

Netizine builds an entire network, with a robust feature set that includes not just profiles and commenting, but also tools to share, bookmark, favorite, and rate articles, plus live chat, one-to-one instant messaging, groups (similar to LinkedIn), both the ability to friend other readers as well as the ability to follow them (one-way friendships), support for check-ins (!), integrations of the publishers’ and advertisers’ social presences from Facebook and Twitter, support for reader blogs, and more.

Publishers can pick and choose which of the tools they want included, of course, and they’re all customizable. And while for readers, the additions may just be seen as fun new ways to interact, for publishers, it’s all about building up the demographic profiles of their audience, which can then be sold to advertisers. (Sound familiar?)

One example of how this would work: magazine ads may show readers a “check-in” option (with optional sync to Foursquare) in exchange for some sort of deal, discount or coupon. Readers, wanting the deal, then do so, providing the publisher with details as to where they are located and what they were reading at the time.

The numerous social features aren’t provided solely to allow readers a new way to socialize around the magazine’s content or for better analytics, though – they also make it possible for the magazines to introduce new ways to navigate through content.

Instead of trying to reproduce the print magazine in digital format, with Netizine, the solution is to use social metrics as a way to present a magazine’s articles. For example, readers can dive into the “most commented,” section first, or the “most bookmarked,” “most shared,” or “highest rated.”

But the entry of Netizine raises the question: what of Next Issue Media, the magazine industry’s joint venture to build a “Hulu for magazines,” (involving Conde Nast, Hearst, Meredith, News Corp., and Time Inc.)? Some of those players are also looking at Netizine, it seems.

Explains Harris, “these guys are cognizant of what happened to the music industry, which is the creation of the dominant intermediary – more money being in music today, but not the music companies making it – so what they’re doing is toeing the water,” he says.  ”[Next Issue] is a really good first attempt…I think they’re experimenting. And for us, it’s the best news we could ever hear of, because it gives us channel we didn’t have a couple of weeks ago.”

The new platform, which is built with HTML5 and CSS3 for responsive design (meaning screen size doesn’t matter), can be used in two ways by publishers. For those behind on the HTML5 “trend” (sadly, that’s many), Netizine can convert their PDFs to HTML5 for them, wrap the social layer around the content, and return to them, in a couple of hours, their brand wrapped in social. Alternately, publishers can choose to take their own HTML pages and use Netizine as more of a white label service. Regardless of which option they take, however, Netizine hosts the content, giving the publisher a URL.

Netizine plans to take its cut off as a “small percentage” off the magazine’s app’s subscription price, which, not surprisingly, will be lower than Apple’s.

It remains to be seen which publishers end up launching on Netizine later this summer, of course. But Harris says he believes this is the future. “Our bet is that the social magazine space is the next big space, and the native, enriched app was a stepping stone.”

In other words, it’s a big bet that magazine publishers will pull out of the iTunes App Store, and move to the web instead, lest they risk splitting their audience into the countable, social group and the native-based, less social demographic. While publishers may be willing to take this shot, whether users will follow them – especially when there are other great apps for browsing news and features (like Flipboard!) – definitely remains to be seen.

Netizine is currently self-funded. Interested parties can sign up here.

Via TechCrunch

Tags: ,,.

by Jonathan Harris

Jonathan Harris is CEO of Netizeen, a company which offers software to add social features to magazines.

Jonathan Harris

Two years ago, Steve Jobs stood in front of a room packed with self-confessedApple fanatics and held up the iPad, the most “magical and revolutionary device” in the history of the company,” he told the audience.

Among those hanging on every word were magazine publishers who believed they now had the tool needed to give them a competitive edge. Their readers finally had a lean-back digital option. A page could be turned with the swipe of a finger. Though cautiously optimistic, publishers were hopeful that this new device would offer their readers a magazine experience that would propel them into the digital age. They also hoped it would rescue what was rapidly disappearing from their back pockets.

Fast forward two years, and publishers find themselves fighting even harder to compete in a rapidly-changing digital ecosystem. While Apple has made good on its basic promises, mainly delivering a device-driven audience and facilitating bulky back-end micropayments, it has also consolidated its role as the dominant intermediary, edging publishers closer to a state similar to that of the music industry. It has fostered a reliance on its closed platform and ultimately stifled innovation.

If publishers want to stay in the game and establish a future for magazines that is less uncertain than the one they are currently facing, they must embrace options outside of the current Apple-dominated landscape and hedge against its control of both the end consumer and the content delivery mechanism.

Here’s how.

  • You’re Only As Good the Data You Keep

You don’t have to be the smartest kid in Silicon Valley to know that the absence of customer data hurts brands. In my discussions with advertisers, the number one reason for their lack of investment, or in some cases dis-investment, into tablet editions is too little data that comes too late.

Ironically, publishing has always been about packaging and selling audience data, so there’s a natural affinity with the concept. But in a digital era, it is the depth, quality and timeliness of audience data that is separating the winners from the rest. This is where publishers are falling increasingly far behind as they are left scrapping for relatively low quality subscription data from Apple.

From the beginning, iPad magazine development was approached from the wrong angle, driven by Apple-centric thinking that only addressed the question of what can we do for readers rather than what they can we do withreaders. There is an important difference between enrichment (adding videos, images and graphics to the page) and engagement (establishing a meaningful contact or connection). Engagement appears to have been ignored altogether and the result has been apps that focus on leveraging the operating system more than they do the connectedness of the device.

Publishers must consider new ways for readers to consume – and connect around – magazine content. They need to design and track content experiences that are more socially driven, building new direct channels of engagement and extending the touch points of readers with content and each other.  As advertisers increasingly demand that publishers move upstream with their businesses around data, providing more granular insights about their audiences is going to be a necessity, not a choice.

A new data-driven business is needed to gain greater control of future revenue growth. This upstream model is within the reach of publishers today, and those that are able to develop – and own – their brands’ engagement data will not only survive … but thrive.

The takeaway: Sell your data, you earned it.

  • Native Apps Are Counterintuitive For Content

Magazines were one of the earliest mechanisms for social grouping, and before the onset of the digital age, publishers were very good at building and monetizing highly valuable networks of similar people built around different content verticals. But as the business model of online content has evolved, publishers have seen this position erode and with it, their revenue.

We are now at a tipping point and if publishers want to claim any meaningful portion of future digital revenue, they need to make a decision about whether a magazine is a container or a connector. The definition makes all the difference.

If magazines compete as containers of editorially aggregated content then the future is pretty bleak. The digital content containers offered by aggregators like Flipboard and Zite are much more compelling than any single source alternative and fit far better with the nature of content consumption on the Web that is forming itself around streams. But if magazines are seen as connectors, bringing clusters of people together around well-defined special interests then publishers may have reason to be far more optimistic.

With the iPad, iTunes and subsequently Newsstand, Apple drove native app development as a strategy by connecting access to the marketplace to developing for device. Publishers happily took Apple’s lead without consideration for the new form and function of digital content threaded through the social Web. They began to replace one type of controlled distribution for another. And although in some cases what they delivered was a newly crafted content offering, this model did nothing to re-architect the proposition of magazines on a connected device.

Native siloed app development is simply not a good model for content. It’s completely counterintuitive to develop with greater consideration for the operating system than for the Web.

There is a potential future for magazines on the tablet that is more open, collaborative and connected, but readers, not the device or the marketplace, must be at the heart of the next evolution.

The takeaway: It’s an open Web, don’t build for a closed one.

  • So what does this all mean?

You may argue that the damage being done to publishers is self-inflicted; Apple gave them the tools and what they did with it was up to them. But actually the device Jobs introduced as the iPad was designed to effect control right from the start.

In a 2004 interview with Businessweek, Jobs said, “I’ve always wanted to own and control the primary technology in everything we do.” Owning the technology is one thing, owning the audience another.

To stay ahead of the game, publishers must think outside of the Apple box. They must take true ownership of their digital brands, regain the direct relationship with their customers and figure out how to increase revenues by putting the reader at the heart of their strategy. In short, if they are to flourish, they must take control of their three D’s – Data, Development and ultimately their Destiny.

Via Forbes

Tags: ,,,,.


北京时间10月29日消息,美国《福布斯》杂志网络版特邀撰稿人乔纳森·哈里斯(Jonathan Harris)发表文章称,两年前iPad发布时,许多出版商都曾对其充满期望,期望这款“神奇的设备”能够拯救日落西山的出版行业。但两年多之后,出版行业的处境并未有任何改善。相反,它们如今需要做的,是摆脱苹果的控制,以避免重蹈音乐行业的覆辙。


两年前,史蒂夫·乔布斯(Steve Jobs)站在挤满苹果粉丝的房间里,用双手拿起了iPad,“iPad是苹果公司历史上最有魔力和革命性的产品,”他对观众说。






















Tags: ,,,.

The publishing industry, roiled by ebooks and Amazon’s behemoth behavior, has been the target of government price-fixing charges. The situation raises the question of whether books are a special cultural product that the law should treat differently than buttons or rubber boots.

According to antitrust experts speaking at a New York book event this week, books should be treated like any other good in the market.

“There’s never been a defendant sued for antitrust who didn’t think their market was special,” said Chris Sagers of Cleveland State University, adding that “agency pricing” (a commission-style pricing system used by the publishers to check Amazon) is just another word for price-fixing.

And according to Ariel Katz, a law professor at the University of Toronto, publishers have been engaging in cartel-like behavior for more than a century. In 1908, for instance, a publisher sued the department store Macy’s for disobeying notices that required books to be sold for at least $1 (the publisher lost and the Supreme Court established copyright’s first sale doctrine).

The recent price-fixing charges, in which publishers allegedly ganged up with Apple in order to stop Amazon, also appear to be classic cartel behavior — meaning the government was justified to sue them to protect the free market. Yet, it also feels intuitively wrong to equate book publishers with oil barrons, AT&T or other antitrust villains.

This is because books are not oil or boots or buttons. They are the repositories of our collective knowledge and exemplify what is best about humanity. Nina Elkin-Koren of the University of Haifa, who also spoke at the event, questioned the antitrust experts about whether it is appropriate to leave something as important as books to the whims of the market.

In the language of economists, the question is whether books are a big enough “cultural externality” to justify interfering with the market through corporate protectionism or government regulation.

Sagers suggested that governments can indeed make economic policies to favor cultural and intellectual activities but that the right way to do is by favoring cultural creators directly — and not through intermediaries like publishers.

The antitrust experts make a compelling case for regarding publishers as just another cartel. It will be interesting to see if the theory continues to hold up as Amazon expands its ever-growing influence on the nation’s reading habits.

The experts spoke at “In Re Books,” a two-day conference on law and and the future of books held at New York School.

Via Paidcontent

Tags: ,.










App Store 下载地址

越狱版官方 下载地址


Tags: .