back to article Twitter diet spam splurge blamed on Gawker compromise

Compromised Twitter accounts are being abused to post spam messages promoting a diet website. Tens of thousands of messages promoting an acai berries diet website appeared on Sunday, prompting speculation that a worm was spreading across the micro-blogging service. However, it seems the spam fest was not caused by twits tricked …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Not sure if that's the case...

My twitter account published one of the spam messages and I'm pretty sure I've never had a gawker account.

0
0
Anonymous Coward

Ahhh

"The attack illustrates the importance of using different login credentials on different websites"

That's right everyone on the planet uses different logins, for every single fucking site that asks for one. I would need to know and manage about 50 if that were the case.

And no I dont use gawker or twitter, so not affected, but just a realist.

6
1
Thumb Up

Sir Boddington of Smeddly will do

Agreed

I use different passwords for different levels of sites and gawker and twitter would rate at the same low level. If they managed to access both, they'd just find made up info, so no great loss.

Now if only main stream sites would allow non alpha numeric characters in passwords. We'd all have a chance of actually creating secure passwords then.

1
0
Anonymous Coward

Here's a trick

Remember dozens of different random passwords is not realistic. It's possible to generate and remember lots of unique passwords if you have a key.

Use a core password, for example - abc123

Now integrate that into every site or service you use.

So for Twitter, it could be "twitabc123".

For The Register, it could be "therabc123".

Obviously, your core password needs to be strong.

1
0

Agreed

I don't use these sites as well but i have used the same passwords on numerous sites :(

0
0
Thumb Down

core, schmore

Let's take the following scenario - your twitter account gets compromised. A ne'er do-well sees that your password is TWITaabbcaa22. it is not a long stretch to realise that your gmail is GMAIL.... and paypal is PAY....

0
0
Anonymous Coward

Core

Yeah, well if your personal hash of twitter, is TWIT, then you probably deserved to get hacked.

Harri - imagination, try using some.

0
0

stupid people

I'm amazed that there are still enough stupid/ignorant/ill educated people following links from spam to make it pay for the spammer!

Isn't it about time some clever bod got antispam software to detect urls in spam and start pinging the advertised server? That way sending a million spam emails instantly results in a DDOS attack against the server in question. just a thought...

1
1
Stop

Think not.

That suggestion has more holes in it than a hole full of holes.

Here's a couple:

1) Spamvertised websites often point to compromised content on legitimate servers. Spammer sends out junk message pointing to compromised content hosted on a legit host's server. The server promptly dies, at which point the host of the server sues the developer of your antispam software for damages caused by the server outage, as well as contacting the police to file criminal charges (DDoS attackes are explicitly illegal in the UK, USA, and Sweden to name but some, and it'd probably be both the software developer and all the users of the software that're liable).

2) Instant free DDoS botnet to anyone that can send a few junk mails. I work for company A and decide that company B, my competitor, is doing a bit too well on its' online shop. Send out a few emails advertising company B's website, make the messages look a bit spammy, and bam, down goes my competitor's website.

0
0
Anonymous Coward

El Reg passwords...

Use AES and not DES right?

0
1
Anonymous Coward

AES???

I really hope you forgot the joke alert icon... if you encrypt passwords then please do the world a favour and stay away from anything where security is important

salted SHA1 more like... (or MD5 works too, but SHA1 is better and just as widely supported so no real reason not to use it)

0
0

Best encryption

I like double-ROTT13 encryption myself...

0
0
Coat

Eh?

Sorry, that post is unreadable, do I need your PGP key or something?

0
0
This topic is closed for new posts.

Forums