3:10 pm (UTC-7) | by Robert McArdle (Senior Threat Researcher)
I, like many others, am a big fan of Twitter, although I am fairly ruthless about pruning those I follow. Most of the people I follow are either other security professionals or close friends and they normally Tweet content that I am genuinely interested in. The first hint of someone going to the dark side are Tweets like:
In McDonalds—should I get a cheeseburger or a big mac?
4 minutes ago from iPhone by InaneTwit
So confused—must decide soon—1 person in front of me in Q!
3 minutes ago from iPhone by InaneTwit
I got the cheeseburger!
2 minutes ago from iPhone by InaneTwit
And I will ruthlessly remove them. There is one exception to this, however, one of my younger siblings, who for some reason, I let get away with with this kind of thing. So I was not too surprised to see the following Tweet earlier today:
This site is AWESOME!!!—http://TwitterBuilding.com
about 2 hours ago from API
Following the link, I came to the following page:
Suddenly, my spider senses are tingling—call me paranoid but that does not look particularly official. A quick search of the Web shows thousands of identical Tweets from thousands of people who have gladly handed over their passwords to this website (which is most likely the same password they use for everything, including the Holy Grail, their email account—something I wrote about way back in February 2009).
What is the message here? Simple—“Think before you click!”
Would you give your Twitter password to a random person on the street? Of course not, so why would you give it to a random site on the Web? If nothing else, it will save you time when, like my younger sibling, you have to now change your password on every site you use.
Share this article