Yesterday I posted an article about a serious vulnerability I found in Twitter. As it was a bit on the geeky side, it may well have gone over a few people’s heads, so I thought I’d try to explain it in a bit more detail. Incidentally I don’t think Twitter really got it either, as we’ll see in a moment.
Twitter Exploit Video
Why should I care?
With a few minutes work, someone with a bit of technical expertise could make a Twitter ‘application’ and start sending tweets with it. Using the simple instructions below, it can be arranged so that if another Twitter user so much as sees one of these tweets – and they are logged in to Twitter – their account could be taken over.
Imagine that for a moment. Simply by seeing one of these tweets, code can be run inside your browser impersonating you and doing anything that your browser can do. Perhaps it may simply redirect you to a pornographic website? Or maybe delete all of your tweets? Send a message to all of your friends? Maybe it would delete all of your followers, or worse still, just send the details needed to log in to your account off to another website for someone to use at their leisure.
All of that, just from seeing one of these tweets.
If I tweet something, all of my followers will see it instantly. Do you trust everyone you’re following?
I could mention a few of the trending topics of the moment, and there’s a good chance that someone will see one of my tweets that way.
Maybe I could just drop your name into my tweet and see if you look at it to see why I’ve mentioned your name? Read It All
[NOTE: As if the attention-grabbing title ruining the surprise for you wasn't bad enough, I've got some more bad news. We let Twitter (via Kevin Rose) know about this before it went live but we think somebody saw the Test ! . ] So as I’m sure everyone heard about Read It All
Ever since I arrived here at Bronco (Britain’s brightest search engine marketing company – sign up today!) it’s been bugging the hell out of me that a post (now deleted) on Dave’s blog ranks for ‘link building’. Not that it’s atrocious or anything, but it’s titled as “top 20 tips” Read It All
Because everyone loves a diagram, right? Should be self-explanatory, but here’s the gen: if you don’t invest in content, you won’t get links. If you don’t get links you won’t get traffic – either through rankings or referrals. And if you don’t have traffic you don’t have any money to Read It All
For quite a while now in the Bronco office we’ve been saying “how much longer before Google TBPR stops showing?”, well Google finally started the process IMO when they removed Pagerank from Webmastertools Susan Moskwa (Google Employee) said : We’ve been telling people for a long time that they shouldn’t Read It All
So here is my issue, I have a big web site with lots of pages indexed and we run an aggressive affiliate program in fact it was the affiliate program causing dupe content issues. We can’t redirect the ?afid=123 so we decided to test out the rel canonical. http://www.mysite.com/landingpage But, Read It All
I was thinking about the different types of content the other day and how you to organise your approach to it – in terms of both building content and acquiring links from that content. And now, I present to you the result of my deliberations: The Content Pyramid. The Originators Read It All