Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

[ Create a new account ]

Do Twitter Phishing Scams Herald the End of Microblogs?

Posted by CmdrTaco on Monday January 05, @11:36AM
from the sure-why-not dept.
The Internet Security Spam
An anonymous reader writes "Twitter's been hit by a big phishing scam. Culture Crash blogger Dan Tynan says this is the end of Twitter's innocence. Will tweets become like email, with two out of every three just worthless spam?"
internet security itsalreadyworthless burmashave teatempestpot
tech internet
story

Related Stories

Firehose:twitter phishing scams -- the end of microblogs? by Anonymous Coward
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Do Twitter Phishing Scams Herald the End of Microblogs? 25 Comments More | Login | Reply /

 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.

  • Innocence? (Score:5, Funny)

    by TurboNed (1370389) on Monday January 05, @11:39AM (#26331087)

    this is the end Twitter's innocence.

    Isn't this the internet? What's innocent?

  • No, end of services (Score:5, Insightful)

    by Rinisari (521266) * on Monday January 05, @11:40AM (#26331113) Homepage Journal

    If Twitter is smart, it will end its auth api or modify it so that folks have to go to twitter to authorize an application. This is the way that Facebook, Yahoo, and OpenID do it, as well.

    • Re:No, end of services (Score:5, Interesting)

      by Rinisari (521266) * on Monday January 05, @11:42AM (#26331135) Homepage Journal

      Domain phishing like the access-urls thing in the article picture could be best fixed by ssl logins...

      • Re:No, end of services (Score:5, Insightful)

        by AnyoneEB (574727) on Monday January 05, @01:34PM (#26332783)

        How? If the user is willing to give their password to http://twitter.access-logins.com/login/, why wouldn't they give their password to https://twitter.access-logins.com/login/?

        SSL logins are a good idea, but I do not see how they address phishing. I guess an EV might have some effect because users might be trained to expect to see "Twitter, Inc." in the URL bar... but if they are not even looking to see if they are on twitter.com when entering their password, I doubt it.

        The real problem is sending passwords in plaintext (or encrypted plaintext like SSL, which doesn't help if you have an encrypted connection straight to the phishers) as opposed to some form of challenge response, but that is a hard one to fix since they are so prevalent and the framework to replace them does not really exist.

  • Let's hope so (Score:5, Insightful)

    by Gothmolly (148874) on Monday January 05, @11:42AM (#26331137)

    terms like "twitterverse" and "microblog" are heralding the end of the sane Internet, so lets hope they get consumed by the vermin of the Internet.

  • Thus far Twitter seems like a totally useless idea to me. No, you are not so important that everyone cares what you are doing when you are going shopping.

  • Please say yes (Score:5, Funny)

    by Hoplite3 (671379) on Monday January 05, @11:49AM (#26331265)

    "Do Twitter Phishing Scams Herald the End of Microblogs?"

    *Crosses fingers*

    A man can dream...

  • Large User Base and an Open Pipe (Score:5, Interesting)

    by Ohio Calvinist (895750) on Monday January 05, @12:03PM (#26331451)
    I think we'll see spammers start to attack social networks as vastly improving spam filters make e-mail less and less viable. If a social networking site sends all "messages" on the site as e-mail or texts to the user and the user whitelists *.myspace.com or *.twitter.com (or whatever domain it sends as) all they need is to get an open pipe on that service and they've blasted both their screen, inbox and mobile.

    Networks are huge blocks of users often with similar, or easily deturmined interests making the marketing more effective and development to exploit their native openness or a security flaw more profitable than spamming huge blocks of @yahoo.com addresses via e-mail only as many have good spam filters, are spam-only accounts or have gone fallow when XX69sExYbUnNiE69XXHOLLA realizes that might not be the best addy for her college admission papers or her resume.

    IANAL but it would be interesting to see if using a social network as a proxy would give one any sheilding from CAN-SPAM or other state statutes since their is no protection on social networking sites, and users did opt-in to reiceve emails from the social network site.

  • the nature of communication (Score:5, Insightful)

    by girlintraining (1395911) on Monday January 05, @12:18PM (#26331687)

    Every method of human communication brings with it the reasons we communicate. Spam, reduced to its essential quality, is broadcasting greed. And that emotion has been around since the dawn of civilization. Every "new" communications medium will have it, and in western civilization with its emphasis on individuality, materialism, and consumerism, it will be all the more prominent. So is it really news that another medium (in this case, twitter) has started to reflect this? Not really.

    Concurrently, we've been evolving ways of blocking out this trash -- ad filtering, blocking software, downloading our TV episodes online, etc. There is a real grassroots effort underway to fight back against advertising and an emphasis on "real" communication -- that is, honest opinions by people we trust. In this disconnected world, networks of trust have become more important than ever as a way of not drowning in the sea of greed, self-indulgence, and attention-grabbing behavior. I know people that use gmail for one reason alone: The spam filtering is just that damn good. I have seen people breathe a sigh of relief and leap to hug me after setting up firefox with ad blocking software -- they are geniunely happy.

    The real story here isn't twitter turning to a sea of suck, it's that our culture is changing on a fundamental level. And it is doing this without any real organization, without any center. It doesn't seem necessary for a person to be part of a certain subculture or have exposure to a certain trigger to start it; It's a stand alone complex. That is, for those who haven't seen Ghost in the Shell, a phenomenon where unrelated, yet very similar actions of individuals create a seemingly concerted effort.

    We're going to see more of this in the years to come.

  • no (Score:5, Funny)

    by daveb (4522) <d-k-bremer@sliPA ... z minus language> on Monday January 05, @12:23PM (#26331751)
    unfortunately

  • Twitter spam easy to stop (Score:5, Informative)

    by Jason Levine (196982) on Monday January 05, @12:28PM (#26331817) Homepage

    Many people who are replying don't seem to use Twitter or even understand really what is going on with the phishing. Since I use Twitter, I'll explain:

    With Twitter, you set up lists of people that you follow. When you follow someone, you can then see their Twitter messages on your main screen (or in your client application if you use one). Everyone else following that person can see the person's messages. People you follow can also send you Direct Messages. These messages aren't seen by anyone but the sender and recipient. In this respect, it is sort of like e-mail only it requires a "trusted relationship" to have been formed first i.e. No spamming from joe_random@somesite.com to everyone_else@somewhere-else.org.

    What the Phishers are doing are sending DMs from compromised accounts telling the recipients about some blog post that they should check out. The recipients (assuming they fall for the phish), see a page that looks like the Twitter login page (but is really on access-logins.com). They enter their username and password and now the Phishers have another account to send DMs from. Rinse and repeat. I strongly suspect that there's a Phase Two in there that involves more than just collecting Twitter account information but so far they are just collecting accounts.

    Stopping it is easy. If you change your password, they no longer have access. People have been outing people who "sent" them DMs (and thus were compromised). If a person doesn't fix their situation, you could unfollow them. This would mean they could no longer send you Direct Messages. As people stop following compromised people, they will either fix the problem or will dwindle to zero followers. Spam stopped. (If only e-mail spam were so easy to stop.)

    And to address the "Twitter is useless" commentary, yes there are a lot of people on Twitter who post inane things. Then again, there are some good posters. (For example, I follow Greg Grunberg from Heroes and love reading his tweets.) I think you'll find that in any online medium. Blogs are like this, web sites are like this, even comments on Slashdot are like this. Choose a random Slashdot article and browse at -1. You're sure to find many worthless comments for every worthwhile comment. As for Twitter, I tend not to follow the inane Twitter posters, so I don't see those posts in my Twitter-feed. Like any online tool, Twitter is only what you make of it.

  • You can no longer innocently follow a link because some quasi-stranger tweeted it to you without being wary

    Let me fix that for you:

    You can't innocently follow a link because some quasi-stranger tweeted it to you without being wary

    Why would you, or anyone, have ever assumed otherwise?

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 SourceForge, Inc.