Story image

Anti-social networking

01 Jul 09

Twitter users have become the focus of a wave of attacks targeting social networks.

Inevitably, the ballooning popularity of the micro-blogging site has brought a range of scams, ranging from  invitations to click on dodgy links, to a fraudulent site set up by identity thieves.

One attack used thousands of Twitter addresses stolen in a phishing (identity theft) attack to post what  purported to be a link to an interesting/ exciting YouTube video. Instead, the link caused the user’s computer to download a variety of malware.

Another attack tried to lure users to an address called ‘Twittercut’, claiming that linking to this address would boost the user’s number of Twitter ‘followers’ (people reading your ‘tweets’). The link requests the user’s  login and password details.

And a BBC presenter’s mistake highlighted still another Twitter problem: Jonathan Ross mistakenly posted his  personal email address in a ‘tweet’, instead of just sending a private Twitter message, as he’d actually  intended. As a result, his address was disclosed to more than a quarter of a million Twitter followers of his postings.

While the post was quickly deleted, a copy was still available through Twitter’s advance search feature. It’s  likely that Ross has since been forced to change his email address – not only to avoid being spammed into  oblivion, but to (hopefully) deny online scammers the opportunity to send out all sorts of rubbish in his name.

Security expert Graham Cluley, of Sophos, said this was a serious problem and Twitter should take steps to  ensure that problem posts can be deleted immediately from all parts of Twitter – not just the user’s current stream.

Twitter recently started testing a new verification system to deal with ‘cyber squatters’ – people who  misappropriate a user’s identity and then use it to make misleading posts.

Of course, the speed and immediacy of Twitter  is the key to its appeal. Pity some people are so intent on  high-speed tweeting that they forget a fundamental rule of online communication: think before you send.

Meanwhile, security problems continue to plague Facebook. Symantec has observed a new wave of phishing  attacks using a compromised Facebook account to send a malicious link to friends and direct them to a site that looks identical to the Facebook login page. Users are prompted to provide their login credentials, which are  then used by the phishers to spread their attacks further.

Symantec advises users to beware of any messages from within a Web site or that appear to be sent by that  Web site and to keep their security definitions updated. Consumers who use the same password for multiple  accounts, including online shopping and banking, are most at risk.

Facebook has also been criticised by Cambridge University researchers, who claim it’s not doing enough to  ensure that harmful photos are completely taken down. The researchers posted photos on 16 popular Web sites,  then deleted them. Thirty days later, they found the direct links to the photos still worked on seven sites,  including Facebook. The researchers said this indicated a “lazy attitude” towards privacy. Facebook insisted  photos were deleted “immediately” but could still exist on its Content Delivery Network (CDN) – although  only for “a short period of time”.

CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."
Report finds GCSB in compliance with NZ rights
The Inspector-General has given the GCSB its compliance tick of approval for the fourth year in a row.
Game review: Just Cause 4 on PC
Rico Rodriguez returns to wreak over-the-top havoc for a fourth time. This time the island nation of Solís is our hero’s sandbox, ripe for destruction.
Hands-on review: Logitech G502 HERO gaming mouse
My favourite feature of the G502s is the ‘Sniper’ button, which is found on the left hand side of the device. When held, this lowers the DPI and allows you to achieve maximum accuracy whilst honing in on a kill on your favourite FPS title.
Interview: ZeniMax Online's game director talks Elder Scrolls Online
FutureFive’s Darren Price sat down with Matt Firor, ESO’s designer and now president and game director at ZeniMax Online.
IDC: Tablets stay dead, notebooks keep head above water
An IDC report predicts a soft personal PC market, slipping into further decline with the exception of notebooks, gaming PCs, and business PC upgrades.
A hands-on guide to Christmas shopping by Santa’s IT elf
Ho, ho, ho! So you’re back again for more inspiration for that hard-to-buy-for person in your life?
Govt commits $15.5m to digital identity research
“With more and more aspects of our lives taking place online it’s critical the government takes a lead to ensure New Zealanders have control of how and who uses their identity information,” says Minister Woods.