Jan 05 2009

Four information points on Twitter phishing

I don’t have a lot of time this morning, but here are four bits of information on Twitter and the phishing attack against it that started this weekend.  Haven’t there been a number of us that have been saying for a while “Don’t put your username and password into 3rd party applications on the web!”?

I asked once before “Is Twitter a security risk?“.  This isn’t a problem with twitter, this is a problem with people who are willing to give up their usernames and passwords for … what?  A little sense of an ego boost as they find they’re relevant somehow?  A pretty graphic that shows how they’re connected to other Twits? People don’t seem to realize this is another extension of their digital identity, just like a facebook account or email address.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

3 responses so far

3 Responses to “Four information points on Twitter phishing”

  1. […] Four information points on Twitter phishing – McKeay […]

  2. stiennonon 06 Jan 2009 at 9:48 am

    Yes, it *is* a Twitter problem. No security issue should ever come down to “it’s the damn users”. Technology *can* solve this. In many cases the issue is with the third parties who request credentials so they can plug into the API’s. Grader.com does not ask for your Twitter password. Neither does tweetstats.

    Twitter will solve this. They have to, or spammers will ruin their business model (such as it is.)


  3. Martinon 06 Jan 2009 at 10:11 am


    How about we meet half-way on this one: Yes, it is a problem with how Twitter manages user names and passwords but it’s also a problem with people putting in their information when they should know better. There were alarms raised before this point, but maybe they weren’t enough.


%d bloggers like this: