tag:www.readwriteweb.com,2011:/1/tag:www.readwriteweb.com,2009://1.16538- 2011-08-16T16:34:01Z Comments for Cartoon: The Worm Has Turned Movable Type 4.35-en tag:www.readwriteweb.com,2009://1.16538 2009-09-27T18:10:27Z 2009-09-27T17:41:15Z Cartoon: The Worm Has Turned Last week's flurry of Twitter DM spam from hacked or phished accounts wasn't the first instance of that and won't be the last. As long as people are willing to trust their Twitter log-in information to third parties - and don't look carefully at URLs before they log into websites - and as long as... Rob Cottingham Last week's flurry of Twitter DM spam from hacked or phished accounts wasn't the first instance of that and won't be the last.

As long as people are willing to trust their Twitter log-in information to third parties - and don't look carefully at URLs before they log into websites - and as long as a small number of bad actors want to pee in the social media swimming pool, this kind of thing will continue happening.

]]> And it's not just the log-in-here-and-we-will-steal-your-password.com's of the world you have to worry about. Legitimate third-party services whose security isn't up to snuff could be compromised, and your credentials could be stolen from them. Twitter's use of OAuth is a big step forward... although the rash of Mobster World spam shows that that isn't a perfect solution either.

Apparently there's no substitute for ruthlessly and constantly policing your own feed, thoroughly investigating services before you sign up for them, double-checking the URL every time you are about to enter info into a form, and regularly purging your OAuth settings of services you no longer use.

Also, to be safe, change your password regularly... you don't have to be obsessive about it: every three hours or so should be enough. And because erring on the side of caution is always a good idea, fake your own suicide and change your identity at least once a year.

And you thought Twitter was going to be fun? Slacker.

More Noise to Signal.

]]> tag:www.readwriteweb.com,2009://1.16538-comment:161413 Comment from su arıtma cihazı on 2009-10-06 su arıtma cihazı http://www.prolinesuaritma.com Thanks

]]> 2009-10-06T19:50:46Z tag:www.readwriteweb.com,2009://1.16538-comment:160763 Comment from iş elbisesi on 2009-10-02 iş elbisesi http://www.ilaydaiselbiseleri.com 2000 yılından bu yana iş elbiseleri, promosyon ve bilumum proje bazında ve teklif bazında hizmet vermekteyiz. Kurucusu ve sahibi olduğum firmamın bu günlere gelmesinde büyük emeği geçen iş ortaklarıma, derin tecrübelerine ve siz değerli iş ortaklarımıza büyük teşekkür borçlu olan firmam, çalışanları ve ben her gün ve her projede daha bir çok yeniliği tekrar tekrar amatör ruhla kuçaklamaktayız.
İlayda iş elbisesi Adına Saygılarımla Kürşat Kanburoğlu

]]> 2009-10-02T08:55:43Z tag:www.readwriteweb.com,2009://1.16538-comment:160055 Comment from Rob Cottingham on 2009-09-28 Rob Cottingham http://www.socialsignal.com/n2s @blaine - Great comment, and no disagreement from me - I'm leery of authorizing pretty much anything for fear that one of those cringe-worthy "I just became a GOLDEN UNICORN in PRINCESS WORLD!!!" tweets will go out under my name. Er, just an example. Purely hypothetical.

Any of the more technically-minded folks here want to weigh in on Twitter, OAuth and granularity?

]]> 2009-09-28T19:43:27Z tag:www.readwriteweb.com,2009://1.16538-comment:160041 Comment from Simon Firth on 2009-09-28 Simon Firth Why are the Americans obsessed with making money all the time

We have a saying in the U.K. What you never have you never miss
And as long as you have good health, enjoy life to the full, spend what you have and enjoy
And remember when you are dead you cant take your money with you

]]> 2009-09-28T18:49:25Z tag:www.readwriteweb.com,2009://1.16538-comment:159986 Comment from Blaine Cook on 2009-09-28 Blaine Cook http://romeda.org/ One way Twitter can mitigate some of this is to support more nuanced permissions, and lean on developers to only request elevated access when they need it. For example, disqus does not need read/write access to my Twitter feed, but asks for it anyways.

Most applications should never have access to send DMs (client software being the notable exception), and many shouldn't have access to send updates at all. In any event, these actions should be configurable by users, so even if an app developer wants to be able to send DMs, the user should be able to over-ride that privilege.

I don't authorise many applications, because the increased openness that OAuth has enabled means that app developers are taking greater liberties with the account once they have access. Changing this dynamic would be great for users, and great for Twitter, not to mention broaden people's understanding of how OAuth can be a powerful tool beyond addressing the password anti-pattern.

]]> 2009-09-28T14:28:27Z tag:www.readwriteweb.com,2009://1.16538-comment:159949 Comment from Moshe on 2009-09-28 Moshe http://itok.in I've heard people that creates hundreds of fake accounts only for spamming/advertising, or to fake popular users with many followers.
That puts Twitter in a very bad light, and expecially if they want to compete with Facebook as "Single-Sign-On" service, like Facebook Connect.

I'm developing a service that is currently using Facebook connnect only, and because of articles like this one, twitter is a big question mark

http://itok.in

]]> 2009-09-28T09:27:03Z tag:www.readwriteweb.com,2009://1.16538-comment:159879 Comment from acido folico on 2009-09-27 acido folico http://www.acidofolico.net Great post and draw. Thank you for sharing.

]]> 2009-09-27T22:23:39Z