Comments on: TwitViewer – How to Identify a Twitter Phishing Site http://blog.nullvariable.com/2009/07/twitviewer-identify-twitter-phishing-site/#utm_source=rss&utm_medium=rss&utm_campaign=twitviewer-identify-twitter-phishing-site The musings of the Nullvariable Web Consulting Team. Thu, 04 Mar 2010 02:42:23 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: nullvariable http://blog.nullvariable.com/2009/07/twitviewer-identify-twitter-phishing-site/comment-page-1/#comment-384 nullvariable Wed, 29 Jul 2009 01:07:16 +0000 http://blog.nullvariable.com/?p=448#comment-384 yeah, they can block the site from using the API but not from taking your password. There was some interesting stuff underneath that site going to other sites. Maybe Twitter can file spam black listing? or perhaps they could hit them with DCMA copyright infringement and get the site taken down? <br><br>It's a problem that's not going to go away unless Twitter starts becoming less popular yeah, they can block the site from using the API but not from taking your password. There was some interesting stuff underneath that site going to other sites. Maybe Twitter can file spam black listing? or perhaps they could hit them with DCMA copyright infringement and get the site taken down?

It's a problem that's not going to go away unless Twitter starts becoming less popular

]]> By: sdfisher http://blog.nullvariable.com/2009/07/twitviewer-identify-twitter-phishing-site/comment-page-1/#comment-383 sdfisher Wed, 29 Jul 2009 00:16:09 +0000 http://blog.nullvariable.com/?p=448#comment-383 Oh, for sure, direct login is going to happen for a while. My point was just that other than talking to whoever happens to be hosting TwitReport and hoping... yes, hoping... they're reasonable, there's not much Twitter can do.<br><br>(Of course, I'm *extra* skeptical of direct login sites.) Oh, for sure, direct login is going to happen for a while. My point was just that other than talking to whoever happens to be hosting TwitReport and hoping… yes, hoping… they're reasonable, there's not much Twitter can do.

(Of course, I'm *extra* skeptical of direct login sites.)

]]> By: kentbrew http://blog.nullvariable.com/2009/07/twitviewer-identify-twitter-phishing-site/comment-page-1/#comment-385 kentbrew Tue, 28 Jul 2009 23:44:43 +0000 http://blog.nullvariable.com/?p=448#comment-385 Warning sign #0: they want your Twitter login and password. Never EVER give your Twitter login or password to someone that isn't Twitter. If they're not using Oauth, they are scamming you. Warning sign #0: they want your Twitter login and password. Never EVER give your Twitter login or password to someone that isn't Twitter. If they're not using Oauth, they are scamming you.

]]> By: nullvariable http://blog.nullvariable.com/2009/07/twitviewer-identify-twitter-phishing-site/comment-page-1/#comment-382 nullvariable Tue, 28 Jul 2009 23:20:29 +0000 http://blog.nullvariable.com/?p=448#comment-382 Agreed but OAuth still has issues and a lot of twitter users have become accustomed to entering their password on sites like Twitpic. Not exactly Twitter's problem but they should have started out using OAuth or something similar from the first. Wouldn't eliminate it but would make it a little less common. At least for Facebook scams they have to copy the Facebook login page verbatim. Scams like this can just look like a cool new app and people will fall for it. Agreed but OAuth still has issues and a lot of twitter users have become accustomed to entering their password on sites like Twitpic. Not exactly Twitter's problem but they should have started out using OAuth or something similar from the first. Wouldn't eliminate it but would make it a little less common. At least for Facebook scams they have to copy the Facebook login page verbatim. Scams like this can just look like a cool new app and people will fall for it.

]]> By: sdfisher http://blog.nullvariable.com/2009/07/twitviewer-identify-twitter-phishing-site/comment-page-1/#comment-381 sdfisher Tue, 28 Jul 2009 23:04:58 +0000 http://blog.nullvariable.com/?p=448#comment-381 Twitter really has no defense if people are going to be stupid enough to type their username and password into a third party site. It's not like they're piggybacking on Twitter's authentication system, this is pure phish and out of Twitter's control.<br><br>And it always will be.<br><br>You have to be smart. The Internet is not a safe place that a company like Twitter can keep clean for you. Twitter really has no defense if people are going to be stupid enough to type their username and password into a third party site. It's not like they're piggybacking on Twitter's authentication system, this is pure phish and out of Twitter's control.

And it always will be.

You have to be smart. The Internet is not a safe place that a company like Twitter can keep clean for you.

]]> By: nullvariable http://blog.nullvariable.com/2009/07/twitviewer-identify-twitter-phishing-site/comment-page-1/#comment-337 nullvariable Tue, 28 Jul 2009 18:07:16 +0000 http://blog.nullvariable.com/?p=448#comment-337 yeah, they can block the site from using the API but not from taking your password. There was some interesting stuff underneath that site going to other sites. Maybe Twitter can file spam black listing? or perhaps they could hit them with DCMA copyright infringement and get the site taken down? <br><br>It's a problem that's not going to go away unless Twitter starts becoming less popular yeah, they can block the site from using the API but not from taking your password. There was some interesting stuff underneath that site going to other sites. Maybe Twitter can file spam black listing? or perhaps they could hit them with DCMA copyright infringement and get the site taken down?

It's a problem that's not going to go away unless Twitter starts becoming less popular

]]> By: sdfisher http://blog.nullvariable.com/2009/07/twitviewer-identify-twitter-phishing-site/comment-page-1/#comment-336 sdfisher Tue, 28 Jul 2009 17:16:09 +0000 http://blog.nullvariable.com/?p=448#comment-336 Oh, for sure, direct login is going to happen for a while. My point was just that other than talking to whoever happens to be hosting TwitReport and hoping... yes, hoping... they're reasonable, there's not much Twitter can do.<br><br>(Of course, I'm *extra* skeptical of direct login sites.) Oh, for sure, direct login is going to happen for a while. My point was just that other than talking to whoever happens to be hosting TwitReport and hoping… yes, hoping… they're reasonable, there's not much Twitter can do.

(Of course, I'm *extra* skeptical of direct login sites.)

]]> By: kentbrew http://blog.nullvariable.com/2009/07/twitviewer-identify-twitter-phishing-site/comment-page-1/#comment-335 kentbrew Tue, 28 Jul 2009 16:44:43 +0000 http://blog.nullvariable.com/?p=448#comment-335 Warning sign #0: they want your Twitter login and password. Never EVER give your Twitter login or password to someone that isn't Twitter. If they're not using Oauth, they are scamming you. Warning sign #0: they want your Twitter login and password. Never EVER give your Twitter login or password to someone that isn't Twitter. If they're not using Oauth, they are scamming you.

]]> By: nullvariable http://blog.nullvariable.com/2009/07/twitviewer-identify-twitter-phishing-site/comment-page-1/#comment-334 nullvariable Tue, 28 Jul 2009 16:20:29 +0000 http://blog.nullvariable.com/?p=448#comment-334 Agreed but OAuth still has issues and a lot of twitter users have become accustomed to entering their password on sites like Twitpic. Not exactly Twitter's problem but they should have started out using OAuth or something similar from the first. Wouldn't eliminate it but would make it a little less common. At least for Facebook scams they have to copy the Facebook login page verbatim. Scams like this can just look like a cool new app and people will fall for it. Agreed but OAuth still has issues and a lot of twitter users have become accustomed to entering their password on sites like Twitpic. Not exactly Twitter's problem but they should have started out using OAuth or something similar from the first. Wouldn't eliminate it but would make it a little less common. At least for Facebook scams they have to copy the Facebook login page verbatim. Scams like this can just look like a cool new app and people will fall for it.

]]> By: sdfisher http://blog.nullvariable.com/2009/07/twitviewer-identify-twitter-phishing-site/comment-page-1/#comment-333 sdfisher Tue, 28 Jul 2009 16:04:58 +0000 http://blog.nullvariable.com/?p=448#comment-333 Twitter really has no defense if people are going to be stupid enough to type their username and password into a third party site. It's not like they're piggybacking on Twitter's authentication system, this is pure phish and out of Twitter's control.<br><br>And it always will be.<br><br>You have to be smart. The Internet is not a safe place that a company like Twitter can keep clean for you. Twitter really has no defense if people are going to be stupid enough to type their username and password into a third party site. It's not like they're piggybacking on Twitter's authentication system, this is pure phish and out of Twitter's control.

And it always will be.

You have to be smart. The Internet is not a safe place that a company like Twitter can keep clean for you.

]]>