Had an uber-busy weekend. For those who observed it, I hope everyone had a good Easter. Jim’s brother and his family are in town, so we spent most of the weekend with them.
I didn’t get to spend a whole lot of time on the pc, so I’m just now catching up. Posted a lot of things to BYKYC that I’ve missed over the weekend. I had originally resigned to sit and go through my Twitter updates, but let’s face it — I got WAY too may Friends listed, and I’m not keen on pouring through 25 pages of one-liners, LOL!
I did read today’s though! hehe
I have run across a nice site for keeping up-to-date on new Twitter gadgets and various Twitter-related news: Twitter Hacks. They featured a piece on there today on how easy it is to spoof someone on Twitter:
Can someone pose as you on Twitter? With a very simple trick, yes they can.
Both Twitter and Jott authenticate users by their phone number. Twitter does this by validating users based upon the source of SMS messages sent to the phone number 40404 (US), and Jott does this by trusting the incoming Caller ID when someone calls 877-568-848. From a security perspective this means the following:
* Anyone who knows your phone number can update your Twitter page by spoofing a SMS message, i.e. post a Twitter entry as you.
* Anyone who knows your phone number can spoof his or her caller ID to send a Jott message as you.
Read Twitter and Jott Vulnerable to SMS and Caller ID Spoofing by Nitesh Dhanjani for the full details. Needless to say I hope they are able to fix this. I don’t know much about the SMS world but hopefully they’ll be able to block these fake sender services. The problem is new ones will fill up all the time. Does this mean Twitter and similar services need another layer of authentication? I know a lot of people on Twitter publish their cell phone numbers on their web sites so this could get ugly kinda quick like.
I guess lucky for me I don’t have a cellphone, so the above wouldn’t apply to me; but anyone who does, it would be easy to spoof an account and send an unGodly amount of spam — say, messages advertising that Phentermine stuff? Anyone with a blog has seen those! That’d likely piss off people on your friends list, easily having your account terminated, and worse: labeling you as a spammer.