Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
The Internet Security Spam

Do Twitter Phishing Scams Herald the End of Microblogs? 301

An anonymous reader writes "Twitter's been hit by a big phishing scam. Culture Crash blogger Dan Tynan says this is the end of Twitter's innocence. Will tweets become like email, with two out of every three just worthless spam?"
This discussion has been archived. No new comments can be posted.

Do Twitter Phishing Scams Herald the End of Microblogs?

Comments Filter:
  • Innocence? (Score:5, Funny)

    by TurboNed ( 1370389 ) on Monday January 05, 2009 @11:39AM (#26331087)

    this is the end Twitter's innocence.

    Isn't this the internet? What's innocent?

    • by Xtense ( 1075847 ) <xtense.o2@pl> on Monday January 05, 2009 @11:42AM (#26331151) Homepage

      For a truly internet-friendly explanation:

      Innocence is like loli before your ingame avatar gets his hands on her.

      *a loud "oooooooh, i get it!" runs through the audience*

      There you go! :)

    • Not news. (Score:5, Insightful)

      by Ethanol-fueled ( 1125189 ) * on Monday January 05, 2009 @11:45AM (#26331207) Homepage Journal
      The exact same crap has been going on with MySpace and other viral sites for years. This ain't news. The funny thing is that the idiots who eat that shit up like to say that their profile was "hacked" when they were really just too lazy to look at the damn address bar.
    • Re: (Score:3, Informative)

      by hannson ( 1369413 )

      Reported Web Forgery!

      This web site at twitter.access-logins.com has been reported as a web forgery and has been blocked based on your security preferences.

      Web forgeries are designed to trick you into revealing personal or financial information by imitating sources you may trust.

      Entering any information on this web page may result in identity theft or other fraud.

      Seems like Firefox already has this under control

  • by Rinisari ( 521266 ) * on Monday January 05, 2009 @11:40AM (#26331113) Homepage Journal

    If Twitter is smart, it will end its auth api or modify it so that folks have to go to twitter to authorize an application. This is the way that Facebook, Yahoo, and OpenID do it, as well.

    • by Rinisari ( 521266 ) * on Monday January 05, 2009 @11:42AM (#26331135) Homepage Journal

      Domain phishing like the access-urls thing in the article picture could be best fixed by ssl logins...

      • Re: (Score:3, Interesting)

        by cparker15 ( 779546 )

        They really should implement SSL logins soon. It appears as though Barack Obama's Twitter account was recently somehow affected by this: http://flickr.com/photos/cparker15/3171416978/ [flickr.com]

        While I know this doesn't really mean a whole lot to many on Slashdot, I'm sure @BarackObama [twitter.com] has a lot of followers that could have been duped by this.

      • by AnyoneEB ( 574727 ) on Monday January 05, 2009 @01:34PM (#26332783) Homepage

        How? If the user is willing to give their password to http://twitter.access-logins.com/login/, why wouldn't they give their password to https://twitter.access-logins.com/login/?

        SSL logins are a good idea, but I do not see how they address phishing. I guess an EV might have some effect because users might be trained to expect to see "Twitter, Inc." in the URL bar... but if they are not even looking to see if they are on twitter.com when entering their password, I doubt it.

        The real problem is sending passwords in plaintext (or encrypted plaintext like SSL, which doesn't help if you have an encrypted connection straight to the phishers) as opposed to some form of challenge response, but that is a hard one to fix since they are so prevalent and the framework to replace them does not really exist.

      • by Mashiki ( 184564 )

        Too bad people are stupid. It won't matter if they add ssl logins or not, people are clickhappy and don't pay attention. That's why raw phishing works, because no matter how much you try to protect people, some idiot is still going to click the link even if it's not ssl.

        The last time I looked on DSLR's phishtrak they were around 34k for the last year or so.

    • Re: (Score:3, Insightful)

      by Aladrin ( 926209 )

      And what does that have to do with this scam?

      I assume you mean it's because they use the API to send the messages, but they could easily have just scraped the website to send them anyhow. The only way to prevent twitter-spam (and any other service) is to only allow messages from friends. Since that is really, really restrictive, you won't get many services to do that.

      It's not that I don't agree that they should require authorization for apps on twitter, it's that it has nothing to do with this story.

    • by Lumpy ( 12016 )

      and it will destroy twitter overnight.

      the ONLY reason taht twitter is sucessful is the 90,000,000 apps for cellphones, browser bars, etc that let you "tweet" without effort.

      If my toilet cant twitter then I'll stop using it.

  • Let's hope so (Score:5, Insightful)

    by Gothmolly ( 148874 ) on Monday January 05, 2009 @11:42AM (#26331137)

    terms like "twitterverse" and "microblog" are heralding the end of the sane Internet, so lets hope they get consumed by the vermin of the Internet.

    • by Xtense ( 1075847 ) <xtense.o2@pl> on Monday January 05, 2009 @11:45AM (#26331205) Homepage

      Somehow my mind refuses to acknowledge that "w" in "Twitterverse".

      And thus my imagination brewed a beautiful image...

    • Re:Let's hope so (Score:4, Insightful)

      by Austerity Empowers ( 669817 ) on Monday January 05, 2009 @12:10PM (#26331547)

      The sane internet died a decade ago. We're in the death throws of the internet-of-the-corporate-hack. Likely our next stop will be the reincarnation of an AOL like atmosphere where a central application or website insulates you from the internet, and provides you with a limited array of things to do.

      • Re:Let's hope so (Score:5, Insightful)

        by _ivy_ivy_ ( 1081273 ) on Monday January 05, 2009 @12:25PM (#26331781)

        The sane internet died a decade ago. We're in the death throws of the internet-of-the-corporate-hack. Likely our next stop will be the reincarnation of an AOL like atmosphere where a central application or website insulates you from the internet, and provides you with a limited array of things to do.

        Ironically, it was the connection of AOL to the internet that marked the end of sanity in my book.

        • by Nethead ( 1563 ) <joe@nethead.com> on Monday January 05, 2009 @12:54PM (#26332189) Homepage Journal

          Me too! (c)AOL, 1996

          • your me-too post WOULD have had a better impact if you had quoted at least 1 or 2 posts up from yours, inline.

            the me-too belongs at the end so that the reader gets the most frustration possible.

            [teacher] now go back and do it again! [/teacher]

        • Re:Let's hope so (Score:5, Interesting)

          by DrVomact ( 726065 ) on Monday January 05, 2009 @02:18PM (#26333469) Journal

          The sane internet died a decade ago. We're in the death throws of the internet-of-the-corporate-hack. Likely our next stop will be the reincarnation of an AOL like atmosphere where a central application or website insulates you from the internet, and provides you with a limited array of things to do.

          Holy cow, you've hit on the solution! This is exactly what's needed! Needed not by us, of course, but by normals. Consider the possibilities. As you well know, over 90% of the people who own computers are not qualified to use anything more complex than a simple calculator. Computers are very complex tools. What are normals using these tools for? Well, to write email, maybe do their online banking, post stupid pictures of their kids on some website and...what else do normals use computers for? Not counting apps like Free Cell that don't require an internet connection, I mean. The rest of the CPU cycles of these computers are used to transmit spam and various malware—they are the soldiers of the botnets.

          Then there's the maintenance & support headaches. Who here doesn't have a gaggle of clueless relatives and friends who bombard them with stupid questions and pleas for help with their malware-clogged, zombified computers? And then blame you the next time something goes wrong?

          Well, the solution is now within our reach: put everyone of these people on dumb terminals connected to a service like AOL that gives them very limited options so they're not confused. They just plug it in, turn it on, and the user menu—complete with cute tail-wagging puppy—comes up. Give them access to word processing or spreadsheet apps on a pay-as-you go basis. (No installation hassles!) Sure, their data is now 0wnz0red by some corporate empire, but normals don't care about this kind of stuff.

          Better yet, all maintenance problems now become the service provider's problem. You can honestly say "Gee, I can't help you with that, but if you call MyIntarnet's tech support, I'm sure they'll fix it". Best of all, without an on-board hard drive, there's no problem with virus/trojan/worm propagation. Spam will finally die...well diminish, anyhow.

          Of course that's for them; people who know better would still use real computers. It would be even better if they could have their own internet sorta like AOL was in the early days...but that's probably not practical.

  • by Sycraft-fu ( 314770 ) on Monday January 05, 2009 @11:42AM (#26331147)

    Thus far Twitter seems like a totally useless idea to me. No, you are not so important that everyone cares what you are doing when you are going shopping.

    • While in your example that's probably true, I personally like it because it's a quick and brainless way to communicate with friends. It's just fun. Organizations find it's useful as a good way to update people, but past that it's not a serious experience, and shouldn't be treated as one.

      • "it's a...brainless way to communicate.... Organizations find it's useful as a good way to update people" Surprises, surprises.
      • by Hurricane78 ( 562437 ) <deleted&slashdot,org> on Monday January 05, 2009 @12:20PM (#26331713)

        That's what ICQ (or more recently Jabber/XMPP) is for! You can send one-to-many messages there too.

        Maybe Twitter is the webmailer of the messenger systems. Just as stupid. Also a step in the wrong direction.
        I bet this will all continue, as soon as someone writes an OS in "AJAX / Web 2.0", then a "Browser". Then "web"sites for it.... until someone comes up with an "interactive" way of writing "applications" for those "sites".

        It's called "the inner platform anti-pattern". Avoid it! ;)

        • My XMPP client pushes my status message to a separate program which adds it to my microblog atom feed, and an XSLT turns the last few entries into HTML. My friends can just subscribe to the atom feed. Twitter allows more than this, however, it allows you to 'listen' for specific keywords and get things that random people are saying about a given subject. I've not really seen the point of this, because I don't really care what random people are saying about anything, but apparently a lot of other people d
      • Re: (Score:3, Funny)

        by Dishevel ( 1105119 )
        I'm sorry. Did you just say that you like something because it takes no brain power for you to use?

        Cause that is just sad.

    • Thus far Twitter seems like a totally useless idea to me. No, you are not so important that everyone cares what you are doing when you are going shopping.

      I suppose if you don't have any friends that like to keep up with what's going on in your life and vice versa.

      • by Hatta ( 162192 ) on Monday January 05, 2009 @12:09PM (#26331537) Journal

        I suppose if you don't have any friends that like to keep up with what's going on in your life and vice versa.

        That's what conversations are for. You know, real physical human interaction. Remember that?

        • Re: (Score:3, Interesting)

          by billyt007 ( 126527 )

          I suppose if you don't have any friends that like to keep up with what's going on in your life and vice versa.

          That's what conversations are for. You know, real physical human interaction. Remember that?

          Just so I have this straight, phone conversations are real physical human interactions? Are text messages? And how is reading another's twitter feed, and responding to, different then a phone conversation? Twitter isn't meant to replace physical meetings or hanging out with friends, it's for seeing what people are up without having to directly interfere with what they're currently doing. At least until we master the whole being everywhere at once thing. Then Twitter will become outdated.

          • Re: (Score:3, Interesting)

            by Hatta ( 162192 )

            No, I was saying that face to face interaction is the best way to keep up with what's going on in your friends life. It makes great conversation over dinner. What's the point of asking your buddy how the kids are if you receive updates over twitter every time little Tommy burps?

            • Re: (Score:3, Insightful)

              by Aerynvala ( 1109505 )
              It might be the 'best' way, but it's not always an option. Particularly with friends who live nowhere near you and who you will not have a daily or even monthly chance to interact with face to face.
        • by HertzaHaeon ( 1164143 ) on Monday January 05, 2009 @01:43PM (#26332917) Homepage
          Conversations? Bah, back in my day, we used to grunt and throw rocks at each other to communicate. Then som smart whipper-snapper like you came along with his fancy language, destroying our fine old traditions.
    • by solios ( 53048 ) on Monday January 05, 2009 @11:52AM (#26331311) Homepage

      Agreed. Much like the "blogosphere," twitter is the kind of thing that is OMFG WORLD CHANGING.... but only to its users.

      It's great that the service is there and all, but like facebook, myspace, et al, I really wish people would stop blithering about how INSANELY GREAT it is.

      A web gui for the equivalent of an IRC or AIM /away message is about as world-changing as a gui for a MUD. Sure, at least one [worldofwarcraft.com] is successful... but I don't do MUDs or MMOs, so how has it changed my life, aside from a few of my friends disappearing for months whenever a new expansion is released?

      That said, a pointless-to-me-anyway service that people I otherwise respect can't shut up about is being crapflooded? Awesome!

      • by zappepcs ( 820751 ) on Monday January 05, 2009 @12:11PM (#26331557) Journal

        I'm kind of with you on this one. I remember back in the day, if you spent more than an hour on the phone people thought there was something wrong with you. Back then I thought they were right. If some galactic disaster wiped out electronics on Earth, there would be a lot of people who suddenly lose it because they have nobody to blab to. Twitter gives them this outlet even when they are surrounded by people that really don't want to hear their crap. It's really no different than thinking outloud or talking to walls; an umbilical cord to keep them from having to be alone. They talk about how great it is because they are addicted and cannot function without someone listening to them blabber on about nothing all day. As long as they are talking, they feel somehow important. - Yes, I get the irony

    • Most people I know use it like IRC; a really big IRC channel with every twitter user, people are default muted and friends are un-muted (followed). Some forget that their tweets go to the _whole_ "IRC" channel though. I'm ignoring twitter since I've only had two people tell me I _need_ to be using it, and the constant server troubles in the geek-news doesn't impress me either.
    • by larry bagina ( 561269 ) on Monday January 05, 2009 @11:53AM (#26331329) Journal
      2008-1-5 11:53AM - just took a dump.
    • by mclearn ( 86140 ) on Monday January 05, 2009 @11:59AM (#26331411) Homepage

      Then you haven't used it to track EVENTS (that affect more than one person) of personal importance to you: the first snippets of information to come out of Mumbai were via Twitter. Last night I used it to track snowfall (and traffic conditions) in Vancouver, BC. Coupled with instant upload of phone cam pictures, it was an amazingly realtime view of my personal geographic area.

      • Re: (Score:3, Interesting)

        by kmac06 ( 608921 )
        The first and only time I used Twitter was to get updates from my brother in the days (and hours) leading up to the birth of his first child. It was great, since he could just send one message and everyone in our family who wanted to follow it could.
        • Re: (Score:3, Insightful)

          by Animaether ( 411575 )

          Gone are the days of "*ring*ring* Hello? [It's a BOY!!!!!!!!!] Congratulations, dude!".. nowadays you have to subscribe to the twit's twits or be left behind... worse yet, if you did not subscribe, *clearly* you didn't care about his newborn at all so be prepared for a "F U."

          MySpace, Facebook, Twitter, etc. are all called part of the 'social networking' arena, but I'm starting to side with the psychologists of 5 years ago... these things are just making us -less- social and far more superficial.

          I love that

          • Re: (Score:3, Insightful)

            by kmac06 ( 608921 )
            Well I did get that call (and that announcement was not twittered). But I certainly wasn't going to get a call every 30 minutes or an hour saying "still no baby but she's doing fine", which I could follow via twitter.
    • No, you are not so important that everyone cares what you are doing when you are going shopping.

      If that's all your friend posts, then don't follow that friend. Problem solved.

      Oh yeah, that also solves the spam problem too. Or prevents the one that doesn't yet exist. If someone is spamming you, unfollow. It's like email whitelisting.

    • I like Twitter precisely for bloggish status updates like Facebook's "status" option (and have my Facebook status auto-updated from Twitter).

      I can easily text message Twitter that I'm heading over to a different town for work and wouldn't mind getting together for coffee with friends and leave it open for people to give me a call.

      Its a useful service, but some people have hacked it into a large never-ending chat room which it isn't.

      • Re: (Score:3, Insightful)

        by vux984 ( 928602 )

        I can easily text message Twitter that I'm heading over to a different town for work and wouldn't mind getting together for coffee with friends and leave it open for people to give me a call.

        Cool, then they can send a text message to twitter that they they like coffee in different towns, and leave it open for people to call them.

        Then you can text message twitter just to reinforce just how open to the idea of someone calling you you are.

        And they can text message twitter with the same.

        And then...

        Gee, no wonde

        • Re: (Score:3, Insightful)

          by MikeBabcock ( 65886 )

          First off, your post made no sense.

          Secondly, your post shows an immense lack of comprehension of what I said.

          I text a message status to Twitter " ... is going to be in Toledo this weekend, anyone free?" instead of calling EVERYONE I might know in Toledo and then saying "well hold on, I haven't called Y or Z yet."

          X, Y and Z can then either privately message me back or give me a call directly that they're free and want to do something.

          Funny, sounds much more efficient than leaving voice mail messages everywhe

    • by Aladrin ( 926209 )

      Ah, not so!

      There are 3 reasons why this is not 'useless'.

      1) Entertainment is not useless. That is -all- this was made for. Entertainment.

      2) My friend uses this to put up a 'going to X tonight' so that all his friends can tag along like the sheeple they are. (Honestly, he really is the life of any party, so I can't really blame them.)

      3) Language learning! It's a great tool to help learn another language. Nowhere else on the internet exists so much mindless chatter as on twitter. You'd think forums h

  • Aren't tweets already like email, with two out of every three just worthless?

    That seems appropriate.
    • I like the concept of Tweeter. A way to communicate without having to direct the message to someone specific. And so far this doesn't fall under ediscovery.

      I can send a tweet from my cell phone that I completed a project which has "this" impact on the network. Anyone who cares can see what I've done. If they didn't care before but something is broke then they can subscribe.

      It's good for team communications when you don't have a real project management system.

      Of course, you want to not use the public

    • by xstonedogx ( 814876 ) <xstonedogx@gmail.com> on Monday January 05, 2009 @12:13PM (#26331583)

      You are implying one in three has value. I beg to differ.

      xstonedogx is reading slashdot.
      xstonedogx is scratching his crotch.
      xstonedogx alsj;dfl;kj;
      xstonedogx Sorry everybody, that was my cat.
      xstonedogx is reading slashdot.
      xstonedogx got up to get a Mountain Dew and some Cheetos.
      xstonedogx is reading slashdot.
      xstonedogx discovered the Higgs Boson.
      xstonedogx False alarm.
      xstonedogx HANNAH MONTANA RULES.
      xstonedogx is punching his sister.
      xstonedogx is cleverer than you.
      xstonedogx is cleverer a word? is it more clever?

    • Aren't tweets already like email, with two out of every three just worthless?

      Don't be ridiculous. Email's nowhere near that good.

    • by anothy ( 83176 )
      wait, they consider that a bug? i always assumed it was one of their primary design goals.
  • This is why (Score:3, Funny)

    by Anonymous Coward on Monday January 05, 2009 @11:44AM (#26331193)

    we can never have nice things!

  • by Hoplite3 ( 671379 ) on Monday January 05, 2009 @11:49AM (#26331265)

    "Do Twitter Phishing Scams Herald the End of Microblogs?"

    *Crosses fingers*

    A man can dream...

  • No more "X has lost its innocence". Retire it already. It's sappy and a relic of the previous century.
    • New rule: No more new rules. It is so last year :). Seriously, though, there is nothing scarier than the uttered phrase "There ought to be a law ...".
  • Innocence? Since when was Twitter innocent. They've been guilty of insidious viral marketing for about a year. They've basically been spamming everything and anything they can to get the Twitter name out there.

    So, this is poetic justice. Probably it was some forum user who had simply had enough of their sock puppetry that hacked them. The fact that their infrastucture has never been up to the task they needed it for, probably only made it easier to hack.

    It is just another overvalued site that is most
  • by GPLDAN ( 732269 ) on Monday January 05, 2009 @12:02PM (#26331443)
    This is like saying that spammers spell the death of IRC. Or spammers spell the death of Usenet. In the case of both, moderators were the answer.

    In the case of Twitter, trust lists and a trust rating system would solve all the issues within a few weeks.

    Also, wouldn't the phish have triggered most new browsers anti-phish code? Twitter could probably expand it's use of SSL, that would take care of several problems as well.
    • by Nethead ( 1563 )

      Actually DDOS spelled the death of my IRC server (irc.nethead.com for those that may recall.)

  • by Ohio Calvinist ( 895750 ) on Monday January 05, 2009 @12:03PM (#26331451)
    I think we'll see spammers start to attack social networks as vastly improving spam filters make e-mail less and less viable. If a social networking site sends all "messages" on the site as e-mail or texts to the user and the user whitelists *.myspace.com or *.twitter.com (or whatever domain it sends as) all they need is to get an open pipe on that service and they've blasted both their screen, inbox and mobile.

    Networks are huge blocks of users often with similar, or easily deturmined interests making the marketing more effective and development to exploit their native openness or a security flaw more profitable than spamming huge blocks of @yahoo.com addresses via e-mail only as many have good spam filters, are spam-only accounts or have gone fallow when XX69sExYbUnNiE69XXHOLLA realizes that might not be the best addy for her college admission papers or her resume.

    IANAL but it would be interesting to see if using a social network as a proxy would give one any sheilding from CAN-SPAM or other state statutes since their is no protection on social networking sites, and users did opt-in to reiceve emails from the social network site.
    • Re: (Score:3, Interesting)

      by RegularFry ( 137639 )

      IANAL but it would be interesting to see if using a social network as a proxy would give one any sheilding from CAN-SPAM or other state statutes since their is no protection on social networking sites, and users did opt-in to reiceve emails from the social network site.

      Here in the UK they'd probably be liable under the Computer Misuse Act for breaking the T&Cs of the social network site in question, which is arguably a bigger deal. I don't know what the US equivalent would be.

  • by girlintraining ( 1395911 ) on Monday January 05, 2009 @12:18PM (#26331687)

    Every method of human communication brings with it the reasons we communicate. Spam, reduced to its essential quality, is broadcasting greed. And that emotion has been around since the dawn of civilization. Every "new" communications medium will have it, and in western civilization with its emphasis on individuality, materialism, and consumerism, it will be all the more prominent. So is it really news that another medium (in this case, twitter) has started to reflect this? Not really.

    Concurrently, we've been evolving ways of blocking out this trash -- ad filtering, blocking software, downloading our TV episodes online, etc. There is a real grassroots effort underway to fight back against advertising and an emphasis on "real" communication -- that is, honest opinions by people we trust. In this disconnected world, networks of trust have become more important than ever as a way of not drowning in the sea of greed, self-indulgence, and attention-grabbing behavior. I know people that use gmail for one reason alone: The spam filtering is just that damn good. I have seen people breathe a sigh of relief and leap to hug me after setting up firefox with ad blocking software -- they are geniunely happy.

    The real story here isn't twitter turning to a sea of suck, it's that our culture is changing on a fundamental level. And it is doing this without any real organization, without any center. It doesn't seem necessary for a person to be part of a certain subculture or have exposure to a certain trigger to start it; It's a stand alone complex. That is, for those who haven't seen Ghost in the Shell, a phenomenon where unrelated, yet very similar actions of individuals create a seemingly concerted effort.

    We're going to see more of this in the years to come.

  • It is beginning to approach the levels we see of more conventional email spam and related hacking... and in many cases, they are simply an extension or growth of the original set of problems.

    Recently, a compromised machine led to the inclusion of my company's mail server in some RBLs. It was annoying, but I do not disapprove of RBLs as a means of ranking trust when processing incoming emails.

    I think the same sort of system should be developed for Web server applications and should be built as a security mo

  • no (Score:5, Funny)

    by daveb ( 4522 ) <.davebremer. .at. .gmail.com.> on Monday January 05, 2009 @12:23PM (#26331751) Homepage
    unfortunately
  • by Al Al Cool J ( 234559 ) on Monday January 05, 2009 @12:25PM (#26331783)

    I don't get this scam at all. They use email disguised as a Twitter DM to drive people to a phishing site to steal Twitter logins, so they can do what exactly? The article says they they can then use Twitter to send messages to drive people to websites. Umm, aren't they already doing that with the email?

    Twitter is a free service and holds no personal info that doesn't appear on your public profile, other than an email address. People routinely hand over their Twitter logins to third party sites so they can find out their twitter rankings and other such things.

    I can understand phishing for bank and paypal logins, but this seems like a lot of effort to achieve very little.

    • I can understand phishing for bank and paypal logins, but this seems like a lot of effort to achieve very little.

      It depends on the numbers. Phishers gathering twitter logins might be able to sell them at a profit to groups wanting to spam users, trick them into installing malware, or try to use the same username/password combinations against webmail or even paypal accounts. At least the value of a twitter account is much higher than that of a simple email address as you've got people who trust the twit and

  • by Jason Levine ( 196982 ) on Monday January 05, 2009 @12:28PM (#26331817) Homepage

    Many people who are replying don't seem to use Twitter or even understand really what is going on with the phishing. Since I use Twitter, I'll explain:

    With Twitter, you set up lists of people that you follow. When you follow someone, you can then see their Twitter messages on your main screen (or in your client application if you use one). Everyone else following that person can see the person's messages. People you follow can also send you Direct Messages. These messages aren't seen by anyone but the sender and recipient. In this respect, it is sort of like e-mail only it requires a "trusted relationship" to have been formed first i.e. No spamming from joe_random@somesite.com to everyone_else@somewhere-else.org.

    What the Phishers are doing are sending DMs from compromised accounts telling the recipients about some blog post that they should check out. The recipients (assuming they fall for the phish), see a page that looks like the Twitter login page (but is really on access-logins.com). They enter their username and password and now the Phishers have another account to send DMs from. Rinse and repeat. I strongly suspect that there's a Phase Two in there that involves more than just collecting Twitter account information but so far they are just collecting accounts.

    Stopping it is easy. If you change your password, they no longer have access. People have been outing people who "sent" them DMs (and thus were compromised). If a person doesn't fix their situation, you could unfollow them. This would mean they could no longer send you Direct Messages. As people stop following compromised people, they will either fix the problem or will dwindle to zero followers. Spam stopped. (If only e-mail spam were so easy to stop.)

    And to address the "Twitter is useless" commentary, yes there are a lot of people on Twitter who post inane things. Then again, there are some good posters. (For example, I follow Greg Grunberg from Heroes and love reading his tweets.) I think you'll find that in any online medium. Blogs are like this, web sites are like this, even comments on Slashdot are like this. Choose a random Slashdot article and browse at -1. You're sure to find many worthless comments for every worthwhile comment. As for Twitter, I tend not to follow the inane Twitter posters, so I don't see those posts in my Twitter-feed. Like any online tool, Twitter is only what you make of it.

    • Address mining using malware (viruses, botnets) has been a regular part of email spam for years. It comes in and out of fashion, but it's been over a decade since it's been possible to treat unsolicited links and attachments even from people you know as "safe".

  • Unable to connect to database server

    This either means that the username and password information in your settings.php file is incorrect or we can't contact the MySQL database server. This could mean your hosting provider's database server is down.

    The MySQL error was: Too many connections.

    Currently, the username is cw_blogs and the database server is 10.10.10.93.

    • Are you sure you have the correct username and password?
    • Are you sure that you have typed the correct hostname?
    • Are you sure that the database ser
  • You can no longer innocently follow a link because some quasi-stranger tweeted it to you without being wary

    Let me fix that for you:

    You can't innocently follow a link because some quasi-stranger tweeted it to you without being wary

    Why would you, or anyone, have ever assumed otherwise?

    • by Lumpy ( 12016 )

      exactly what moron clicks on every link they are sent?

      This simply underlines that internet access should require a license and training classes.

  • Will tweets become like email, with two out of every three just worthless spam?

    What I wouldn't give for one out of three e-mails not being spam. The ratio for me is more 97 out of every 100 e-mails are spam.

  • Then yes, it will be spammed to oblivion. Any method of transmitting information is a potential source of spam and becomes an actual one as soon as the potential ROI nears the cost of abusing it.

  • Can we not now flood the collector site with endless bogus twitter auths? I imagine it's probably already slashdotted anyway...

  • by Lord Bitman ( 95493 ) on Monday January 05, 2009 @01:12PM (#26332445)

    Why worry about those claiming to be an existing well-known social networking site? It's already common practice for these places to, no impostering involved, ask for login details of completely unrelated sites when you sign up. That should _NOT_ be considered in any way okay, even from a site you "trust".

    And then there's OpenID or whatever it's called, which basically says "make it not just disturbingly common, but recommended!" wtf?

  • Yeah just like phishing scams heralded an end to email.

  • Follow the Money (Score:3, Insightful)

    by Detritus ( 11846 ) on Monday January 05, 2009 @01:37PM (#26332835) Homepage
    Why don't we string up the "term life insurance broker in Charlotte, North Carolina" who paid for this crap? Any business that pays spammers to promote their business should face criminal charges and civil damages.
    • by Epsillon ( 608775 ) on Monday January 05, 2009 @02:31PM (#26333709) Journal

      ...at which point random malicious Internet users would have an ideal instant-revenge plan for whichever company they don't like very much today. You don't want me to post that response form, do you? You know:

      Your method specifically fails to take into consideration:
      [x] Douchebags
      [x] Assholes
      [x] Wastes of oxygen

  • by dmomo ( 256005 ) on Monday January 05, 2009 @01:43PM (#26332925)

    It's that Tim O'Reilly doesn't sleep!

    http://twitter.com/timoreilly [twitter.com]

    And that this "old-timer" is more in touch with technology and society than I will ever be.

  • by Sparr0 ( 451780 ) <sparr0@gmail.com> on Monday January 05, 2009 @02:19PM (#26333489) Homepage Journal

    Is this the end of people logging into random web pages that are not the page they asked to visit? Or the end of people using web browsers that will install malware without your authorization just by visiting a web page?

    Clicking a link should never be dangerous.

  • by teh kurisu ( 701097 ) on Monday January 05, 2009 @02:29PM (#26333673) Homepage

    FTA:

    But "Twitter phishing scam" is too clumsy a phrase. We need a new portmanteau. Twishing? Twitphishing? Something like that. Because this is far from the last we will see of this scam.

    I vote for 'whaling', or possibly 'phailwhaling'.

  • Dumb title (Score:3, Insightful)

    by Feanturi ( 99866 ) on Monday January 05, 2009 @03:47PM (#26334725)
    Why would phishing attempts on Twitter spell the death of microblogs? I guess because phishing already killed email. Oh wait, it didn't. Maybe it killed eBay then. Hmmm, nope, still going. Ah, but PayPal is surely in troub-- nope, it's ok too. Has phishing actually killed anything at all yet?

"...a most excellent barbarian ... Genghis Kahn!" -- _Bill And Ted's Excellent Adventure_

Working...