Jan 05 2009
Four information points on Twitter phishing
I don’t have a lot of time this morning, but here are four bits of information on Twitter and the phishing attack against it that started this weekend. Haven’t there been a number of us that have been saying for a while “Don’t put your username and password into 3rd party applications on the web!”?
- Twitter and the Password anti-pattern – I’ve only gotten about half way through this paper, but I like the ideas I’m reading. This is basically an argument for taking Twitter beyond username/password and adding in functionality that would allow you to share some of your capabilities as a user with a third party.
- Phishing Scam spreading on Twitter – This was the first article I read on the Twitter Phishing this weekend.
- Gone Phishing – This is Twitter’s take on the phishing scam. Glad they’re being proactive.
- Twitter Users attacked by Phishing efforts – Symantec’s take on events.
I asked once before “Is Twitter a security risk?“. This isn’t a problem with twitter, this is a problem with people who are willing to give up their usernames and passwords for … what? A little sense of an ego boost as they find they’re relevant somehow? A pretty graphic that shows how they’re connected to other Twits? People don’t seem to realize this is another extension of their digital identity, just like a facebook account or email address.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
[...] Four information points on Twitter phishing – McKeay [...]
Yes, it *is* a Twitter problem. No security issue should ever come down to “it’s the damn users”. Technology *can* solve this. In many cases the issue is with the third parties who request credentials so they can plug into the API’s. Grader.com does not ask for your Twitter password. Neither does tweetstats.
Twitter will solve this. They have to, or spammers will ruin their business model (such as it is.)
-Stiennon
Richard,
How about we meet half-way on this one: Yes, it is a problem with how Twitter manages user names and passwords but it’s also a problem with people putting in their information when they should know better. There were alarms raised before this point, but maybe they weren’t enough.
Martin