Slashdot Mirror

← Back to Stories (view on slashdot.org)

Twitter Bug Lets Users Force Others To Follow Them

Posted by Soulskill on from the take-that-conan dept.

Several readers have sent word of a Twitter bug which has been allowing users to make any other user follow them by simply tweeting "accept [username]." People have been abusing it to make the accounts of various celebrities and publications follow them. Twitter acknowledged the bug and disabled the follow/unfollow system until they can get it fixed.

19 of 143 comments (clear)

  1. That might explain Chavez's Top Twitterer Status by ZuchinniOne · · Score: 3, Funny

    http://news.bbc.co.uk/2/hi/americas/8671581.stm

  2. Re:Solution... by PeekabooCaribou · · Score: 4, Interesting

    Slashdot has comments, friend/foe, and journal (blog) space. What's to prevent you from getting fired for using Slashdot?

    --
    "I'll say it again for the logic-impaired." -- Larry Wall.
  3. Probably not a bug by BadAnalogyGuy · · Score: 5, Interesting

    Consider that selling a list of users and their preferred content information to advertisers could result in a huge profit for Twitter. Then imagine a captive audience forced to receive what is essentially spam tweets.

    This is definitely a feature, not a bug. And this disabling of the feature for the time being is a temporary measure to let the furor blow over before reactivating it later.

    Twitter isn't a public utility. It's a business just like Google and Microsoft. They will find a way to monetize your behaviors.

    So what should you do? Stop using Twitter?

    1. Re:Probably not a bug by Yvan256 · · Score: 5, Insightful

      So what should you do? Stop using Twitter?

      Yes.

    2. Re:Probably not a bug by fotbr · · Score: 5, Insightful

      A strange game. The only winning move is not to play.

    3. Re:Probably not a bug by fustakrakich · · Score: 5, Funny

      That might not be allowed. If you don't sign up with these social networks, you will be flagged as a "loner" type , and put on the no fly list. Customs already does this to people who don't have a credit card. I speak from experience. So, what have you got to hide? Sign up already!

      --
      “He’s not deformed, he’s just drunk!”
    4. Re:Probably not a bug by Dalambertian · · Score: 3, Insightful

      The suggestion that we should stop using twitter because of spam is quite strange. Has spam stopped you from using email?

  4. That sounds more like a by abbynormal+brain · · Score: 3, Insightful

    test command embedded into the code that allows "dummy" testing within the development environment. Either way - oops.

    --
    L'esperienza de questa dolce vita (The experience of this sweet life) - Dante Alighieri, The Divine Comedy
    1. Re:That sounds more like a by squiggleslash · · Score: 3, Insightful

      I'm going to stick my neck out and suggest it's more a case of someone deciding not to check for errors in a bit of code.

      In Twitter, you can have either protected tweets or unprotected tweets. If the former, then if someone wants to follow you, they have to request it, and you can either "accept" them following or deny it.

      It looks to me that the commands are sent in-band, and that the command "accept " is related to the above code. What isn't happening is any check that the person identified ever actually sent a request in the first place.

      So, this isn't an evil conspiracy to send people advertising (was BAG being serious?), and I doubt it's test code either. The above just "fits" with everything we know about twitter.

      --
      You are not alone. This is not normal. None of this is normal.
    2. Re:That sounds more like a by AndrewNeo · · Score: 3, Interesting

      They're likely sent in-band because most SMS commands are the same as the web interface. You can follow, direct message, etc. through both SMS or the update interface.

  5. So...? by fahrbot-bot · · Score: 5, Funny

    All your tweets are belong to us?

    --
    It must have been something you assimilated. . . .
    1. Re:So...? by Abstrackt · · Score: 5, Funny

      "In Soviet Russia, celebrities follow YOU!"?

      --
      They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
  6. Re:Bug fixed by Scrameustache · · Score: 5, Funny

    Twitter says they have resolved this bug.

    http://status.twitter.com/post/587210796/follow-bug-discovered-remedied

    It's not so much fixed as unreproducible by way of disabling the entire "follow" feature. The twits are in a panic, wondering if they've offended people since their followers have all disappeared.

    --

    You can't take the sky from me...

  7. Does this work on Slashdot? by InvisibleSoul · · Score: 5, Funny

    accept +1 Funny

    1. Re:Does this work on Slashdot? by Idiomatick · · Score: 3, Interesting

      I like that this was marked troll as if the mods were personally offended that someone dare suggest that /. doesn't have 'Super Cow Powers'.

  8. In-Band Signalling by captaindomon · · Score: 3, Insightful

    This is one of the difficulties of In-Band Signaling. Their communication channel is so limited that handling secure signaling is difficult.

    --
    Just because I can hook a shark from a boat, I do no offer to wrestle it in the water.
  9. Blue Box by John+Whitley · · Score: 5, Interesting

    Heh, it's tempting to view this as an accidental homage to the blue box.:

    An early phreaking tool, the blue box is an electronic device that simulates a telephone operator's dialing console. It functions by replicating the tones used to switch long-distance calls and using them to route the user's own call, bypassing the normal switching mechanism. The most typical use of a blue box was to place free telephone calls - inversely, the Black Box enabled one to receive calls which were free to the caller.

    For those new to the party, on early telephony networks the telco's control signals were sent on the same channel as the content (voice) signals. Some bright folks figured out how to exploit this weakness. Oops. ;-)

    1. Re:Blue Box by hitmark · · Score: 3, Informative

      yep, telcos operated on the "security by obscurity" system. Only their own personnel should in theory know the unlisted numbers to the switches and so on. But thanks to anything from grabbing manuals from the back of repair trucks, to wardailing whole area codes, this didnt work in the long run.

      --
      comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
  10. Testing by Dan+East · · Score: 4, Funny

    modfunny 318230

    --
    Better known as 318230.