Compromised Twitter accounts are being abused to post spam messages promoting a diet website. Tens of thousands of messages promoting an acai berries diet website appeared on Sunday, prompting speculation that a worm was spreading across the micro-blogging service. However, it seems the spam fest was not caused by twits tricked …
Not sure if that's the case...
My twitter account published one of the spam messages and I'm pretty sure I've never had a gawker account.
"The attack illustrates the importance of using different login credentials on different websites"
That's right everyone on the planet uses different logins, for every single fucking site that asks for one. I would need to know and manage about 50 if that were the case.
And no I dont use gawker or twitter, so not affected, but just a realist.
Sir Boddington of Smeddly will do
I use different passwords for different levels of sites and gawker and twitter would rate at the same low level. If they managed to access both, they'd just find made up info, so no great loss.
Now if only main stream sites would allow non alpha numeric characters in passwords. We'd all have a chance of actually creating secure passwords then.
Here's a trick
Remember dozens of different random passwords is not realistic. It's possible to generate and remember lots of unique passwords if you have a key.
Use a core password, for example - abc123
Now integrate that into every site or service you use.
So for Twitter, it could be "twitabc123".
For The Register, it could be "therabc123".
Obviously, your core password needs to be strong.
I don't use these sites as well but i have used the same passwords on numerous sites :(
Let's take the following scenario - your twitter account gets compromised. A ne'er do-well sees that your password is TWITaabbcaa22. it is not a long stretch to realise that your gmail is GMAIL.... and paypal is PAY....
Yeah, well if your personal hash of twitter, is TWIT, then you probably deserved to get hacked.
Harri - imagination, try using some.
I'm amazed that there are still enough stupid/ignorant/ill educated people following links from spam to make it pay for the spammer!
Isn't it about time some clever bod got antispam software to detect urls in spam and start pinging the advertised server? That way sending a million spam emails instantly results in a DDOS attack against the server in question. just a thought...
That suggestion has more holes in it than a hole full of holes.
Here's a couple:
1) Spamvertised websites often point to compromised content on legitimate servers. Spammer sends out junk message pointing to compromised content hosted on a legit host's server. The server promptly dies, at which point the host of the server sues the developer of your antispam software for damages caused by the server outage, as well as contacting the police to file criminal charges (DDoS attackes are explicitly illegal in the UK, USA, and Sweden to name but some, and it'd probably be both the software developer and all the users of the software that're liable).
2) Instant free DDoS botnet to anyone that can send a few junk mails. I work for company A and decide that company B, my competitor, is doing a bit too well on its' online shop. Send out a few emails advertising company B's website, make the messages look a bit spammy, and bam, down goes my competitor's website.
El Reg passwords...
Use AES and not DES right?
I really hope you forgot the joke alert icon... if you encrypt passwords then please do the world a favour and stay away from anything where security is important
salted SHA1 more like... (or MD5 works too, but SHA1 is better and just as widely supported so no real reason not to use it)
I like double-ROTT13 encryption myself...
Sorry, that post is unreadable, do I need your PGP key or something?