Slashdot Mirror
Do Twitter Phishing Scams Herald the End of Microblogs?
An anonymous reader writes "Twitter's been hit by a big phishing scam. Culture Crash blogger Dan Tynan says this is the end of Twitter's innocence. Will tweets become like email, with two out of every three just worthless spam?"
this is the end Twitter's innocence.
Isn't this the internet? What's innocent?
If Twitter is smart, it will end its auth api or modify it so that folks have to go to twitter to authorize an application. This is the way that Facebook, Yahoo, and OpenID do it, as well.
Colin Dean Go a year without DRM
terms like "twitterverse" and "microblog" are heralding the end of the sane Internet, so lets hope they get consumed by the vermin of the Internet.
I want to delete my account but Slashdot doesn't allow it.
Thus far Twitter seems like a totally useless idea to me. No, you are not so important that everyone cares what you are doing when you are going shopping.
we can never have nice things!
The exact same crap has been going on with MySpace and other viral sites for years. This ain't news. The funny thing is that the idiots who eat that shit up like to say that their profile was "hacked" when they were really just too lazy to look at the damn address bar.
Thus far Twitter seems like a totally useless idea to me. No, you are not so important that everyone cares what you are doing when you are going shopping.
I suppose if you don't have any friends that like to keep up with what's going on in your life and vice versa.
Open Source, Open Standards, Open Minds
"Do Twitter Phishing Scams Herald the End of Microblogs?"
*Crosses fingers*
A man can dream...
Use the Firehose to mod down Second Life stories!
Agreed. Much like the "blogosphere," twitter is the kind of thing that is OMFG WORLD CHANGING.... but only to its users.
It's great that the service is there and all, but like facebook, myspace, et al, I really wish people would stop blithering about how INSANELY GREAT it is.
A web gui for the equivalent of an IRC or AIM /away message is about as world-changing as a gui for a MUD. Sure, at least one is successful... but I don't do MUDs or MMOs, so how has it changed my life, aside from a few of my friends disappearing for months whenever a new expansion is released?
That said, a pointless-to-me-anyway service that people I otherwise respect can't shut up about is being crapflooded? Awesome!
2008-1-5 11:53AM - just took a dump.
Do you even lift?
These aren't the 'roids you're looking for.
Then you haven't used it to track EVENTS (that affect more than one person) of personal importance to you: the first snippets of information to come out of Mumbai were via Twitter. Last night I used it to track snowfall (and traffic conditions) in Vancouver, BC. Coupled with instant upload of phone cam pictures, it was an amazingly realtime view of my personal geographic area.
This is like saying that spammers spell the death of IRC. Or spammers spell the death of Usenet. In the case of both, moderators were the answer.
In the case of Twitter, trust lists and a trust rating system would solve all the issues within a few weeks.
Also, wouldn't the phish have triggered most new browsers anti-phish code? Twitter could probably expand it's use of SSL, that would take care of several problems as well.
I think we'll see spammers start to attack social networks as vastly improving spam filters make e-mail less and less viable. If a social networking site sends all "messages" on the site as e-mail or texts to the user and the user whitelists *.myspace.com or *.twitter.com (or whatever domain it sends as) all they need is to get an open pipe on that service and they've blasted both their screen, inbox and mobile.
Networks are huge blocks of users often with similar, or easily deturmined interests making the marketing more effective and development to exploit their native openness or a security flaw more profitable than spamming huge blocks of @yahoo.com addresses via e-mail only as many have good spam filters, are spam-only accounts or have gone fallow when XX69sExYbUnNiE69XXHOLLA realizes that might not be the best addy for her college admission papers or her resume.
IANAL but it would be interesting to see if using a social network as a proxy would give one any sheilding from CAN-SPAM or other state statutes since their is no protection on social networking sites, and users did opt-in to reiceve emails from the social network site.
Forgive my spelling from time to time. I'm often posting during short breaks.
Celebrating the one year anniversary?
This guy's the limit!
I suppose if you don't have any friends that like to keep up with what's going on in your life and vice versa.
That's what conversations are for. You know, real physical human interaction. Remember that?
Give me Classic Slashdot or give me death!
I'm kind of with you on this one. I remember back in the day, if you spent more than an hour on the phone people thought there was something wrong with you. Back then I thought they were right. If some galactic disaster wiped out electronics on Earth, there would be a lot of people who suddenly lose it because they have nobody to blab to. Twitter gives them this outlet even when they are surrounded by people that really don't want to hear their crap. It's really no different than thinking outloud or talking to walls; an umbilical cord to keep them from having to be alone. They talk about how great it is because they are addicted and cannot function without someone listening to them blabber on about nothing all day. As long as they are talking, they feel somehow important. - Yes, I get the irony
Support NYCountryLawyer RIAA vs People
You are implying one in three has value. I beg to differ.
xstonedogx is reading slashdot.
xstonedogx is scratching his crotch.
xstonedogx alsj;dfl;kj;
xstonedogx Sorry everybody, that was my cat.
xstonedogx is reading slashdot.
xstonedogx got up to get a Mountain Dew and some Cheetos.
xstonedogx is reading slashdot.
xstonedogx discovered the Higgs Boson.
xstonedogx False alarm.
xstonedogx HANNAH MONTANA RULES.
xstonedogx is punching his sister.
xstonedogx is cleverer than you.
xstonedogx is cleverer a word? is it more clever?
Every method of human communication brings with it the reasons we communicate. Spam, reduced to its essential quality, is broadcasting greed. And that emotion has been around since the dawn of civilization. Every "new" communications medium will have it, and in western civilization with its emphasis on individuality, materialism, and consumerism, it will be all the more prominent. So is it really news that another medium (in this case, twitter) has started to reflect this? Not really.
Concurrently, we've been evolving ways of blocking out this trash -- ad filtering, blocking software, downloading our TV episodes online, etc. There is a real grassroots effort underway to fight back against advertising and an emphasis on "real" communication -- that is, honest opinions by people we trust. In this disconnected world, networks of trust have become more important than ever as a way of not drowning in the sea of greed, self-indulgence, and attention-grabbing behavior. I know people that use gmail for one reason alone: The spam filtering is just that damn good. I have seen people breathe a sigh of relief and leap to hug me after setting up firefox with ad blocking software -- they are geniunely happy.
The real story here isn't twitter turning to a sea of suck, it's that our culture is changing on a fundamental level. And it is doing this without any real organization, without any center. It doesn't seem necessary for a person to be part of a certain subculture or have exposure to a certain trigger to start it; It's a stand alone complex. That is, for those who haven't seen Ghost in the Shell, a phenomenon where unrelated, yet very similar actions of individuals create a seemingly concerted effort.
We're going to see more of this in the years to come.
#fuckbeta #iamslashdot #dicemustdie
That's what ICQ (or more recently Jabber/XMPP) is for! You can send one-to-many messages there too.
Maybe Twitter is the webmailer of the messenger systems. Just as stupid. Also a step in the wrong direction.
I bet this will all continue, as soon as someone writes an OS in "AJAX / Web 2.0", then a "Browser". Then "web"sites for it.... until someone comes up with an "interactive" way of writing "applications" for those "sites".
It's called "the inner platform anti-pattern". Avoid it! ;)
Any sufficiently advanced intelligence is indistinguishable from stupidity.
unfortunately
I don't get this scam at all. They use email disguised as a Twitter DM to drive people to a phishing site to steal Twitter logins, so they can do what exactly? The article says they they can then use Twitter to send messages to drive people to websites. Umm, aren't they already doing that with the email?
Twitter is a free service and holds no personal info that doesn't appear on your public profile, other than an email address. People routinely hand over their Twitter logins to third party sites so they can find out their twitter rankings and other such things.
I can understand phishing for bank and paypal logins, but this seems like a lot of effort to achieve very little.
your thoughts are intriguing ... can I follow you?
Many people who are replying don't seem to use Twitter or even understand really what is going on with the phishing. Since I use Twitter, I'll explain:
With Twitter, you set up lists of people that you follow. When you follow someone, you can then see their Twitter messages on your main screen (or in your client application if you use one). Everyone else following that person can see the person's messages. People you follow can also send you Direct Messages. These messages aren't seen by anyone but the sender and recipient. In this respect, it is sort of like e-mail only it requires a "trusted relationship" to have been formed first i.e. No spamming from joe_random@somesite.com to everyone_else@somewhere-else.org.
What the Phishers are doing are sending DMs from compromised accounts telling the recipients about some blog post that they should check out. The recipients (assuming they fall for the phish), see a page that looks like the Twitter login page (but is really on access-logins.com). They enter their username and password and now the Phishers have another account to send DMs from. Rinse and repeat. I strongly suspect that there's a Phase Two in there that involves more than just collecting Twitter account information but so far they are just collecting accounts.
Stopping it is easy. If you change your password, they no longer have access. People have been outing people who "sent" them DMs (and thus were compromised). If a person doesn't fix their situation, you could unfollow them. This would mean they could no longer send you Direct Messages. As people stop following compromised people, they will either fix the problem or will dwindle to zero followers. Spam stopped. (If only e-mail spam were so easy to stop.)
And to address the "Twitter is useless" commentary, yes there are a lot of people on Twitter who post inane things. Then again, there are some good posters. (For example, I follow Greg Grunberg from Heroes and love reading his tweets.) I think you'll find that in any online medium. Blogs are like this, web sites are like this, even comments on Slashdot are like this. Choose a random Slashdot article and browse at -1. You're sure to find many worthless comments for every worthwhile comment. As for Twitter, I tend not to follow the inane Twitter posters, so I don't see those posts in my Twitter-feed. Like any online tool, Twitter is only what you make of it.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
You can no longer innocently follow a link because some quasi-stranger tweeted it to you without being wary
Let me fix that for you:
You can't innocently follow a link because some quasi-stranger tweeted it to you without being wary
Why would you, or anyone, have ever assumed otherwise?
I suppose if you don't have any friends that like to keep up with what's going on in your life and vice versa.
That's what conversations are for. You know, real physical human interaction. Remember that?
Just so I have this straight, phone conversations are real physical human interactions? Are text messages? And how is reading another's twitter feed, and responding to, different then a phone conversation? Twitter isn't meant to replace physical meetings or hanging out with friends, it's for seeing what people are up without having to directly interfere with what they're currently doing. At least until we master the whole being everywhere at once thing. Then Twitter will become outdated.
Open Source, Open Standards, Open Minds
Why worry about those claiming to be an existing well-known social networking site? It's already common practice for these places to, no impostering involved, ask for login details of completely unrelated sites when you sign up. That should _NOT_ be considered in any way okay, even from a site you "trust".
And then there's OpenID or whatever it's called, which basically says "make it not just disturbingly common, but recommended!" wtf?
-- 'The' Lord and Master Bitman On High, Master Of All
Cause that is just sad.
Why is it so hard to only have politicians for a few years, then have them go away?
No, I was saying that face to face interaction is the best way to keep up with what's going on in your friends life. It makes great conversation over dinner. What's the point of asking your buddy how the kids are if you receive updates over twitter every time little Tommy burps?
Give me Classic Slashdot or give me death!
The first and only time I used Twitter was to get updates from my brother in the days (and hours) leading up to the birth of his first child. It was great, since he could just send one message and everyone in our family who wanted to follow it could.
Why don't we string up the "term life insurance broker in Charlotte, North Carolina" who paid for this crap? Any business that pays spammers to promote their business should face criminal charges and civil damages.
Mea navis aericumbens anguillis abundat
Conversations? Bah, back in my day, we used to grunt and throw rocks at each other to communicate. Then som smart whipper-snapper like you came along with his fancy language, destroying our fine old traditions.
It's that Tim O'Reilly doesn't sleep!
http://twitter.com/timoreilly
And that this "old-timer" is more in touch with technology and society than I will ever be.
Just because I personally don't use something like Twitter doesn't mean it has no value. Personally I would hate that level of being pestered but I'm from a generation that is pre-cell phone, etc. Heck, I still only use my cell phone when I want to use it and don't have any of the annoying web services on it.
All this means is that another communication medium is being exploited. Not exactly big news. There's probably stone tablets out there that could be classified as 'phishing' or 'spam' as we use the concepts.
We'll see yet another iteration of pseudo and real security measures and user training and it won't prevent it from happening again and again and again. Nigerian scam, anyone?
Back on topic. I'm not going to slam the service or any of the new terms that have sprung up in a way to sound bite what it does. It's just a wake up call that there is no free lunch, there is no free beer, the cake is a lie, and only you can prevent forest fires.
Is this the end of people logging into random web pages that are not the page they asked to visit? Or the end of people using web browsers that will install malware without your authorization just by visiting a web page?
Clicking a link should never be dangerous.
Throw rocks? You and your fancy tools. It's club-wielding whippersnappers like you that chased us away from the watering hole years back.
FTA:
I vote for 'whaling', or possibly 'phailwhaling'.
I can easily text message Twitter that I'm heading over to a different town for work and wouldn't mind getting together for coffee with friends and leave it open for people to give me a call.
Cool, then they can send a text message to twitter that they they like coffee in different towns, and leave it open for people to call them.
Then you can text message twitter just to reinforce just how open to the idea of someone calling you you are.
And they can text message twitter with the same.
And then...
Gee, no wonder it ended up being a never ending chat room.
See... the way I do it is... If I want to have coffee with you, I'll just call or email you. If I don't, then I don't. I don't need to play this ridiculous game of passive aggressive "I want to have coffee with you, but you have to ask me." that you seem to enjoy.
People like this seem to be selectively blind to the usefulness of great ideas and new technology in an attempt to keep a stranglehold on their "back in my day" ways of doing things. With any luck they'll be arrested in some foreign country and have no one to converse with. 'Cept for a large man named Cheryl who loves "physical human interaction".
Why would phishing attempts on Twitter spell the death of microblogs? I guess because phishing already killed email. Oh wait, it didn't. Maybe it killed eBay then. Hmmm, nope, still going. Ah, but PayPal is surely in troub-- nope, it's ok too. Has phishing actually killed anything at all yet?
Gone are the days of "*ring*ring* Hello? [It's a BOY!!!!!!!!!] Congratulations, dude!".. nowadays you have to subscribe to the twit's twits or be left behind... worse yet, if you did not subscribe, *clearly* you didn't care about his newborn at all so be prepared for a "F U."
MySpace, Facebook, Twitter, etc. are all called part of the 'social networking' arena, but I'm starting to side with the psychologists of 5 years ago... these things are just making us -less- social and far more superficial.
I love that the tools exist, I hate what they tend to do to people.
This is true for people who use it like idiots, the kind who do follow everyone. For people who have enough self control to follow only people whose updates they care about - twitter is a valuable tool.
Well I did get that call (and that announcement was not twittered). But I certainly wasn't going to get a call every 30 minutes or an hour saying "still no baby but she's doing fine", which I could follow via twitter.
I seriously hate to defend Twitter, because I generally agree that it's stupid, but keep in mind that some people leave their hometowns after they grow up. I live in Indiana, but most of my friends are in Minnesota and Wisconsin, with many elsewhere in the country and some on other continents.
It's not always practical to physically hang out with people, and writing dozens of e-mails to various friends and family members saying "How are you doing?" is not the most ideal way to keep in touch. Before Facebook, I communicated regularly with exactly 2 geographically distant friends, and kinda/sorta kept in touch with maybe 20 others. Now, I can see what everyone is up to, and how they're doing. It doesn't replace seeing them, or even sending one-to-one e-mails, but it's better than nothing.
Of course, this is only defending the general idea of passive methods of communication like Twitter and Facebook because regular face-to-face interaction is not practical if you have more than about 10 friends. In practice, I don't give a crap what the person who was in my high school economics class ate for dinner last night. I get annoyed reading people's Facebook statuses, I can't imagine reading Twitter updates.
Being a computer scientist means you tell people how computers should work, not that you know how they actually work.
First off, your post made no sense.
Secondly, your post shows an immense lack of comprehension of what I said.
I text a message status to Twitter " ... is going to be in Toledo this weekend, anyone free?" instead of calling EVERYONE I might know in Toledo and then saying "well hold on, I haven't called Y or Z yet."
X, Y and Z can then either privately message me back or give me a call directly that they're free and want to do something.
Funny, sounds much more efficient than leaving voice mail messages everywhere, or texting everyone I know in sequence. Also consider that many other people I know are also very mobile and might be in Toledo when I am without me knowing it.
Of course, you sound pretty selectively social by comparison with your "I'll call you" attitude. No need to tell your friends they'd be free to call you instead huh?
- Michael T. Babcock (Yes, I blog)
It might be the 'best' way, but it's not always an option. Particularly with friends who live nowhere near you and who you will not have a daily or even monthly chance to interact with face to face.
http://transformativeworks.org/
Problem is one of using the right tool for a job - a blog (or twitter) is not a substitute for real time, acknowledged communication, any more than it's a good idea to email me to let me know my mail server is down.