Slashdot Mirror

← Back to Stories (view on slashdot.org)

Twitter Bug Lets Users Force Others To Follow Them

Posted by Soulskill on from the take-that-conan dept.

Several readers have sent word of a Twitter bug which has been allowing users to make any other user follow them by simply tweeting "accept [username]." People have been abusing it to make the accounts of various celebrities and publications follow them. Twitter acknowledged the bug and disabled the follow/unfollow system until they can get it fixed.

13 of 143 comments (clear)

  1. That sounds more like a by abbynormal+brain · · Score: 3, Insightful

    test command embedded into the code that allows "dummy" testing within the development environment. Either way - oops.

    --
    L'esperienza de questa dolce vita (The experience of this sweet life) - Dante Alighieri, The Divine Comedy
    1. Re:That sounds more like a by squiggleslash · · Score: 3, Insightful

      I'm going to stick my neck out and suggest it's more a case of someone deciding not to check for errors in a bit of code.

      In Twitter, you can have either protected tweets or unprotected tweets. If the former, then if someone wants to follow you, they have to request it, and you can either "accept" them following or deny it.

      It looks to me that the commands are sent in-band, and that the command "accept " is related to the above code. What isn't happening is any check that the person identified ever actually sent a request in the first place.

      So, this isn't an evil conspiracy to send people advertising (was BAG being serious?), and I doubt it's test code either. The above just "fits" with everything we know about twitter.

      --
      You are not alone. This is not normal. None of this is normal.
  2. Re:Probably not a bug by Yvan256 · · Score: 5, Insightful

    So what should you do? Stop using Twitter?

    Yes.

  3. and i thought people just hated me by alen · · Score: 1, Insightful

    looked up my twitter and i have 0 followers now

  4. In-Band Signalling by captaindomon · · Score: 3, Insightful

    This is one of the difficulties of In-Band Signaling. Their communication channel is so limited that handling secure signaling is difficult.

    --
    Just because I can hook a shark from a boat, I do no offer to wrestle it in the water.
    1. Re:In-Band Signalling by Amouth · · Score: 2, Insightful

      not exactly.. their failure was not implementing some type of request/accept queue system.. and if they did they bypassed it and gave the accept message the ability to add people even if they where not in the queue, which is just stupid.

      while i agree that In-Band Signaling is not easy to do right, and that they do have a limited communication channel.. they do not have a limited processing or back-end infrastructure..

      there is no excuse for this type of screwup..

      --
      '...if only "Jumping to a Conclusion" was an event in the Olympics.'
  5. Re:Probably not a bug by fotbr · · Score: 5, Insightful

    A strange game. The only winning move is not to play.

  6. Conan saw it coming by Anonymous Coward · · Score: 1, Insightful

    http://twitter.com/ConanOBrien/status/13631062967

  7. Re:Probably not a bug by Dalambertian · · Score: 3, Insightful

    The suggestion that we should stop using twitter because of spam is quite strange. Has spam stopped you from using email?

  8. Re:Blue Box by cgenman · · Score: 2, Insightful

    The main difference being that back in the blue boxing days, security was an afterthought and now it's a multi-billion dollar industry.

    It's a multi-billion dollar industry... that gets called in after-the-fact once a tool gets really popular.

    --
    The ______ Agenda
  9. Re:Probably not a bug by Jer · · Score: 2, Insightful

    Whether or not this would be useful for spam, it would be more profitable for Twitter to be able to control it, rather than letting individuals force other people to follow them. This is clearly a bug - there's no financial benefit to Twitter with this and if it went on for too long they'd lose users (which is probably why they shut off the follower mechanism as soon as the bug was publicized).

    Not to say Twitter couldn't introduce their own advertising scheme. Just that if they did they'd want it to be one they controlled - and took payments for - not one that random spammers could exploit for free.

  10. Re:Probably not a bug by Anonymous Coward · · Score: 2, Insightful

    That would imply starting to use Twitter.

  11. Re:Probably not a bug by Anonymous Coward · · Score: 1, Insightful

    yes