Twitter can be dangerous. That being said, Twitter is fun, useful, informative and overall entertaining; in this guest post I’d like to build upon my previous post 11 Useful Twitter Tools That Don’t Require Your Password and talk a little about security do’s and don’ts.

Twitter has become the place for events that are happening now, however with great technology, comes great responsibility. The following list contains a few basic measures we can take to ensure Twitter remains safe and fun:

Security Don’ts:

1. Never use your password on suspicious third party sites, hundreds pop up everyday and we can not know for sure witch ones are legit.
2. Don’t be too specific: there’s a big difference between “Just bought a gazillion caret ring on XX Avenue, leaving store now” and “Just bought and engagement ring, wish me luck!”
3. On that note, say it, don’t spray it: Don’t spit excessive personal information, this is about as dangerous on Twitter as it is on any other social network.
4. Call the police, don’t tweet about it!: inspired by recent news involving celebrity blogger Perez Hilton and Black Eyed Peas front man Will.I.Am.
5. Don’t tweet about moving servers, changing passwords or any other type of situation where your security could be compromised more easily.

Security Do’s:

1. There are hundreds of twitter tools everywhere, so try to use oath whenever possible (Oauth lets third party tools access your twitter’s information in a safe way as long as you’re logged on Twitter). In your Twitter Settings you can manage witch applications have access to your data and which don’t in the Connection tab.
2. Choose a strong password: Twitter’s famous attacks have been known to start by a hacker guessing someone’s password. I recommend using a strong password generator.
3. Do use direct messages when appropriate, not everything is meant to be said in the wild.
4. Consider having a private separate account for work or project related purposes.
5. Finally, have fun! It’s not about being paranoid .)

What other security do’s and don’ts would you recommend? Share those important tips with us on the comment section!

[image credit: seanmcgrath]

© 2008 TwiTip Twitter Tips.



Twitter Security Do’s and Don’ts

Twitter explained what happened in a post on their blog:

“The issue with these 33 accounts is different from the Phishing scam aimed at Twitter users this weekend. These accounts were compromised by an individual who hacked into some of the tools our support team uses to help people do things like edit the email address associated with their Twitter account when they can’t remember or get stuck. We considered this a very serious breach of security and immediately took the support tools offline. We’ll put them back only when they’re safe and secure.”

To be fair to Twitter – both this situation and the Phishing one were responded to quickly by Twitter however it does show that Twitter is increasingly being targeted by malicious attacks and should serve as a warning to those using Twitter to expect the unexpected. While there wasn’t anything that those who had their accounts hacked could have done to prevent this – do keep your password secret and regularly updated.

Twitter does seem to be moving towards a more secure system with an beta test of OAuth scheduled for later this month – but until it goes live (and even after it) be a little more alert than normal.

© 2008 TwiTip Twitter Tips.



33 High Profile Twitter Users Accounts Hacked

The Phishing ’scam’ went like this:

Emails were sent out to Twitter users that resembled emails you’d get if you got a Direct Message. The email said that a blog post had been written about the Twitter user and contained a link. The link led to a page that looked like the Twitter front page – complete with a login form.

It seems that quite a few Twitter users didn’t realize that they were not on the front page of Twitter and logged in anyway – in doing so giving their login details.

Once this happened the second wave of attack has set in with those people who gave away their login details now having their accounts being used to send DM’s to their friends telling their friends to check out a link on a blog. Again these links were directed to a page looking like a Twitter front page.

It seems that the attack didn’t have much more agenda than to cause trouble as to this point there are only reports of the information being used to keep the scam going – but none the less many Twitter accounts seem to have been compromised (I’ve had 20+ DMs from legit Twitter users in the last 12 hours).

Twitter have acted pretty quickly and have reset the passwords on accounts that have been compromised and have reported the URLs concerned to OpenDNS’ and Google’s reported phishing lists. I just visited the page and firefox warned me of the danger.

If you’re trying to login to Twitter and your password has been reset by Twitter you can reset it here.

Update – it seems that the phishers are now starting to send DMs using the accounts of those who have given their login details that invite people to visit an iPhone site. While Twitter say they’ve changed people’s passwords I’m still getting quite a few of these DMs. Looks like this Phishing thing has still got legs!

© 2008 TwiTip Twitter Tips.



Twitter Under Phishing Attack