Mashable had several post about this. http://mashable.com/2009/01/03/warning-twitter-phishing-attack-underway/
"You can follow updates on the attack by subscribing to the Twitter topic #phishingalert" http://search.twitter.com/search?q=%23phishingalert Rex -- Sydney: +61 421 591 943 HK: +852 6901 2682 Ankoder - Video Encoding On Demand http://www.ankoder.com On Thu, Jan 8, 2009 at 6:02 PM, John Masson <jmas...@gmail.com> wrote: > > An excellent point that some of us at work were discussing a few weeks > ago, there are SO many dodgy looking sites asking for twitter > credentials to do who knows what with it's scary!! It's like phishing > attacks without even pretending to look like something else :) > > Will definitely aim to talk about this in our next Instantiate > Podcast. > > JM > > On Jan 4, 5:06 pm, Elias Bizannes <elias.bizan...@gmail.com> wrote: > > Hi everyone, > > > > I personally believe Twitter is being irresponsible by creating an > > ecosystem off their API without creating appropriate safeguards to > > protect users like us. I am looking for some Aussie bloggers to help > > me make some noise. The silicon beach community literally turned the > > fight against the clean feed to a whole new level, so I'm looking for > > us do it again by creating a better Internet through example. > > > > Quick background: > > For you to give access to things like third party apps (like Twhirl), > > you need to give up your login and password. As has been reported in > > the tech news this last week, there have been security breaches of > > people taking your Twitter password and selling it and the like. A > > simple change to their API can avoid this bad password anti-pattern. > > > > With delegated authunentication or through the use of an open standard > > called "oAuth" you can actually allow websites to access your data > > without you needing to give up your password (by simply giving them > > permission through the Twitter interface). What happens is that > > instead of you punching in your password, and giving some random your > > personal details which they can then take advantage of, you can > > instead have them request Twitter for authorisation, and you can > > simply click a button saying "approved". > > > > I will be posting something on the DataPortability Project's blog > > about the issue and hope to give it some attention. The more people we > > have posting a synchronised blog post, the better chances we can turn > > this into news and get them to pull out their finger out. I know for a > > fact the only reason they are not doing this is because they don't > > give it a high enough priority - but of course they don't, as it's not > > them hurting but us. With a bit of awareness, we can make people > > realise there is a simple way to fix a very serious issue, which is > > comprimising your online identity. > > > > I've already had to change my passwords a few times due to third party > > apps, and I am sick of doing it, and it annoys me when I know I don't > > need to do it! > > > > Please contact me if you are willing to participate. For those looking > > to get a bit more exposure of their blogs, this is a good way to do > > it :) > > > > Thanks! > > Elias > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Silicon Beach Australia" group. To post to this group, send email to silicon-beach-australia@googlegroups.com To unsubscribe from this group, send email to silicon-beach-australia+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/silicon-beach-australia?hl=en -~----------~----~----~----~------~----~------~--~---
