Not sure if that's the case...
My twitter account published one of the spam messages and I'm pretty sure I've never had a gawker account.
Compromised Twitter accounts are being abused to post spam messages promoting a diet website. Tens of thousands of messages promoting an acai berries diet website appeared on Sunday, prompting speculation that a worm was spreading across the micro-blogging service. However, it seems the spam fest was not caused by twits …
"The attack illustrates the importance of using different login credentials on different websites"
That's right everyone on the planet uses different logins, for every single fucking site that asks for one. I would need to know and manage about 50 if that were the case.
And no I dont use gawker or twitter, so not affected, but just a realist.
I use different passwords for different levels of sites and gawker and twitter would rate at the same low level. If they managed to access both, they'd just find made up info, so no great loss.
Now if only main stream sites would allow non alpha numeric characters in passwords. We'd all have a chance of actually creating secure passwords then.
Remember dozens of different random passwords is not realistic. It's possible to generate and remember lots of unique passwords if you have a key.
Use a core password, for example - abc123
Now integrate that into every site or service you use.
So for Twitter, it could be "twitabc123".
For The Register, it could be "therabc123".
Obviously, your core password needs to be strong.
This post has been deleted by a moderator
I'm amazed that there are still enough stupid/ignorant/ill educated people following links from spam to make it pay for the spammer!
Isn't it about time some clever bod got antispam software to detect urls in spam and start pinging the advertised server? That way sending a million spam emails instantly results in a DDOS attack against the server in question. just a thought...
That suggestion has more holes in it than a hole full of holes.
Here's a couple:
1) Spamvertised websites often point to compromised content on legitimate servers. Spammer sends out junk message pointing to compromised content hosted on a legit host's server. The server promptly dies, at which point the host of the server sues the developer of your antispam software for damages caused by the server outage, as well as contacting the police to file criminal charges (DDoS attackes are explicitly illegal in the UK, USA, and Sweden to name but some, and it'd probably be both the software developer and all the users of the software that're liable).
2) Instant free DDoS botnet to anyone that can send a few junk mails. I work for company A and decide that company B, my competitor, is doing a bit too well on its' online shop. Send out a few emails advertising company B's website, make the messages look a bit spammy, and bam, down goes my competitor's website.
Biting the hand that feeds IT © 1998–2020