Sign up to our newsletter
The latest security news direct to your inbox
I’m still getting the occasional request to follow on my most obscure Twitter account, which is protected (meaning that I have to approve requests to follow me on there). Sorry, but if I don’t know who you are, you won’t get approved on that one. Even if I do know who you are, you won’t get approved unless you’re one of the very few people who need to know (or have the slightest interest) in where I am from day to day.
However, don’t get upset about it. As you may already know, I also have a Twitter account (http://twitter.com/ESETblog) which is open to anyone who hasn’t actually annoyed me, and which I use mostly for announcing new blogs, papers etc. (and for following other people of course. However, as there are a few of us now in the ESET Research team based in San Diego who use Twitter to pass on information, we’ve attempted to consolidate our efforts into a single account (http://twitter.com/esetresearch) which any of us may use. I’m assured that it will only be used by this team, not for direct marketing purposes. Since it has very few followers at the moment, I’ll continue to use @ESETblog to flag blogs and papers, but if that’s your principle interest, you might want to consider following @esetresearch, since there’ll probably be more of that stuff there.
Actually, I just came across an article in yesterday’s USA Today – yes, I am still in the US – that makes me wonder if I should encourage you to use Twitter at all, but I suppose if people stopped using every site with potential security problems, there’d be no internet at all, let alone web 2.0… Still, you might find Aviv Raff’s Month of Twitter Bugs fascinating reading, though far from comfortable. It strikes me that, as with Facebook, many of the security problems with Twitter derive less from the core service than with the exploitation of the Twitter API (the code that interfaces with external applications). Also, of course, the accelerating use of shortened URLs.
As I’ve pointed out before, TinyURL has a useful preview setting: if you go to tinyurl.com and enable it, it can set a cookie so that each time you click on a TinyURL, you get a preview of the full URL. That doesn’t guarantee the site’s safety, of course, but it does give you more information to work with when deciding whether to access it. Unfortunately, bit.ly, leaving aside the many problems highlighted by Raff, uses a different approach: a plug-in which works with Firefox but not, apparently, with Internet Explorer. Well, some will say that’s another good argument for using Firefox rather than IE, but let’s not forget that Firefox and other popular alternatives to IE have had their security issues too….
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
Author David Harley, ESET