Twitter vulnerability: beware unknown followers


One of our SAS cybersleuths just notified me that some good guys have identified a vulnerability in Twitter that could allow the bad guys to take over your Twitter account, and all you'd have to do to allow it is view a tweet. Maybe you read about it at Techcrunch. Twitter is apparently working to fix this, and as always in life and the Internet it's probably the odds that keep you safest, but best to be extra careful in accepting follow requests, and ignore any that look dodgy. And if you automatically follow everyone who follows you, stop.

Techcrunch also suggests that using third-party apps like TweetDeck or Seesmic will give a measure of safety, and recommends avoiding for a few days. They've got some other good info as well.

What do I mean by dodgy-looking? Evaluate a Twitter follow request the same way you would an email before you open the attachment. Do you know the person? If not, can you be reasonably certain they're legitimate? Do they have some crazy made-up name like Vluella Flaminglee or Cordney Spewsterson? Are they following 10,000 people and nobody is following them? Do they have a legitimate link to a real web page in their Twitter bio? Does their photo look like a real person, or does it look like they took the picture from a dating site? Are they tweeting about real stuff like a real person? Is there some reason you can see from their info that would make them want to follow you?

Obviously no list of suggestions like this can ever be comprehensive enough to ward off a clever and determined attack if you're one of the unlucky to get caught before reasonable countermeasures can be put in place, but common sense is always your best weapon.


About Author

Leave A Reply

Back to Top