cannot find this on official twitter blog posts, except couple of news grabbers ?
Twitter has had so many security breaches I'm shocked anyone still uses the thing.
Oh well, people still use that swiss cheese called Word Press too, what the heck.
But why everyone really follows twitter ?
I had 1 friend send me the rofl DM and 2 people sent me the make money DM. I clicked on the first link but noticed that it was a phishing attempt. I went and changed my pw.
There's an email being sent with a related URL. The domain is regged in china.
I received a Twitter spam DM message about a money making site. The domain was registered privately. I did click on the link, but not through my Twitter account.
I don't use twitter, but it sounds like this wasn't security related. Although the application should notice all those accounts being accessed from the same place and block access, but users openly gave out their username/passwords.
I'm amazed how many internet professionals were hit by this thing. Could this come from an account without the account holder having fallen for the phishing attempt?
One Twitter pal swore she did not fall for the phishing scam, but nevertheless had her account hacked. Was there some other hack at work, in addition to the obvious one? Maybe.
I think it's likely that some pros fell for the fake login screen because of Twitter's normal tendency to forget your login. Even though I always check "remember me" when I'm on a personal PC, I am often confronted by unexpected Twitter login screens. If you are multitasking and not paying close attention, it would be easy to mistake the bogus login screen for another Twitter fail.
I think that this kind of attack shows one of the main security 'weaknesses' of any social network:
The inhenrent trust that the individuals who participate have in the system.
Requests apparently coming from friends, etc. They don't treat them with the same caution they do with emails, etc. Only one member the social network needs to fall and many may follow...
I took a decision few days ago to block all traffic from the Chinese mainland and Hong Kong to few of our servers, proxy or direct. It was a difficult decision, but I found 90% of spam hitting dozens of large sites coming from that part of the world. I know that the majority of surfers from that great land and civilization are harmless, and only a minority of well seasoned spammers spoil the fun for the Chinese majority, but it had to be done until a better solution can be found.
What happened to Twitter is the price of fame you might say and they should have the financial clout to implement better security rather than do what I had done, none of our sites is as big or worth as much as Twitter. We may have some technical expertise, but we lack the expensive networking infrastructure needed, but they don't or at least they can afford it!
|they should have the financial clout to implement better security |
They do, but not the technical talent.