Clickjacking Twitter
February 23, 2009
I’m curious as to how vulnerable the Twitter community is in terms of computer security. Partcularly since I’ve just read that Twitter have put measures in place to safeguard against clickjacking. Recently, Stephen Fry warned his followers about clicking a certain URL on Twitter. With only 140 characters, services like is.gd, tinyurl and snurl are used to encapsulate longer URLs into messages. Clicking such links is almost second nature to many tweeps, and as Twitter grows how likely is it that people’s accounts get hacked and mislead that persons followers to an insecure website?
The relatively good thing about Twitter is that you can choose who to follow, and therefore effectively block spam. On the flip side, it’s also not that hard to pose as a celebrity, which would be likely to gain a lot of attention from the growing number of people that are signing up to Twitter. Perhaps then, it’ll be the next way to circulate malicious links, as was email, myspace and Facebook. For the time being, Twitter seems to be doing a good job of keeping on top of spam. In fact, just today I noticed that a spam account I blocked yesterday has been suspended.
Interesting post. I’ve recently switched from having a protected account to an unprotected one and have been getting about two ‘spam followers’ per day, who I just block immediately. When I first joined twitter, only about a year ago, I don’t think spammers existed then.
@Andrew It’s definitely gotten worse, but wasn’t the increased spam users the reason that you protected your updates a few months ago? I really don’t want to protect my updates since I think that it breaks the flow of conversation between users; something which can be useful at times when the reply alone doesn’t make sense out of context. Protecting updates wouldn’t eliminate someones account from being hijacked to send out malicious links either.
Yes, I protected my stream from Spammers – but realised that all my hashtag posts/public enquiries were never getting through to people (that’s why I unprotected them again).
Timely post as I have noticed a marked increase in spam accounts following me in the last 48 hours. Scott Mills from Radio 1 is someone who had a fake account created just a couple of weeks ago, and ‘he’ had thousands of followers before the truth was revealed. While Twitter’s simplicity is one of it’s greatest attractions I wonder if it could be one of it’s biggest failings too.
@Steve It’s not really the simplicity of Twitter though, only the gullibility of this new wave of average users; who will solely use Twitter to follow celebrity figures.
There is a service called valebrity that outs the fake celebs. Although it validated James May who then outed himself as being a fake. Now they continues to post satirically. @RealJamesMay