Tuesday, November 18, 2008

Twitter Phishing

There's nothing that people love to do more than know where they stand in society. Don't believe me? What brand of jeans to you wear? What kind of car do you drive? How many iPhones/iPods do you own? What kind of mobile phone?

It's like we're all just walking around proving our rank to each other - even in the world of social media. How many friends do you have on Facebook? How many followers do you have on Twitter? How many contacts in Linkedin?

Come on, admit it. When you add someone to your social network - the first thing you look at is how they compare to you. "Oh, I see they only have 84 friends on Facebook... well, I hate to brag, but I have 142..."

And so on and so on.

It appears as if some enterprising person decided to tap into our collective egos and one-upsmanship and created a site called "Twitterrank". It's a very straightforward premise: "True to its namesake, it uses 'back references' of sorts to determine how worthy of a person you are in Twitterverse"

Oooooh - something shiny! Must... enter... my... secret... details... must... enter... my... secret... details...

There's a big disclaimer on the site that says:

I'm not out to steal ur twitterz. Frankly, I wish I didn't have to ask for your account info, but Twitter doesn't offer APIs using any other authentication mechanism (according to the docs). Read more about what I will and won't do with your account info/data in the FAQ.

I will not store your password. I will only use it once to calculate your Twitterank.

No, really, he won't. There's no "pinky swear" there - but it's implied. In researching a bit further, I came across a blog entry by Oliver Marks from ZDnet. In there, he points to a link with a screenshot of the source code of the application.

Well, if you look at the source code now - you'll see that those sort of offending remarks have been removed, and it appears as if Mr. Chijiiwa, the site's creator - decided it was best to take the criticisms of the social media community to heart - and has posted his site link and his resume.

Turns out he's a Google Engineer! Huh. Well, there's NO WAY that someone could put up a fake site or fake resume on the Internet... everyone knows that!

In the meantime, send ME your Twitter username and password - I won't store it either (wink, wink) and don't worry there's no way I would write an automated solution that would create 30 tweets an hour from your account that would point people to porn sites and scammer sites... I pinky swear!
Posted by Bob Cusick at 6:53 AM
Labels: , ,

1 comment:

Greg Pierce said...

Thanks for reminding people of the dangers. It something I don't think we tech people do enough for our non-tech friends and family.

Best way to protect yourself is to have a good password strategy. I blogged on the topic a couple of years ago and try to remind people regularly.

Most people just use the name of their dog and a number for all their passwords. Yikes!

greg.

11/18/2008 7:02 AM

Post a Comment

Subscribe to: Post Comments (Atom)
Web Analytics