Forgot your password?
typodupeerror
Bug Communications News

Twitter Bug Lets Users Force Others To Follow Them 143

Posted by Soulskill
from the take-that-conan dept.
Several readers have sent word of a Twitter bug which has been allowing users to make any other user follow them by simply tweeting "accept [username]." People have been abusing it to make the accounts of various celebrities and publications follow them. Twitter acknowledged the bug and disabled the follow/unfollow system until they can get it fixed.
This discussion has been archived. No new comments can be posted.

Twitter Bug Lets Users Force Others To Follow Them

Comments Filter:
  • Bug fixed (Score:2, Informative)

    Twitter says they have resolved this bug. http://status.twitter.com/post/587210796/follow-bug-discovered-remedied [twitter.com]
  • Looks like it's being fixed...
  • Probably not a bug (Score:5, Interesting)

    by BadAnalogyGuy (945258) <BadAnalogyGuy@gmail.com> on Monday May 10, 2010 @01:32PM (#32158554)

    Consider that selling a list of users and their preferred content information to advertisers could result in a huge profit for Twitter. Then imagine a captive audience forced to receive what is essentially spam tweets.

    This is definitely a feature, not a bug. And this disabling of the feature for the time being is a temporary measure to let the furor blow over before reactivating it later.

    Twitter isn't a public utility. It's a business just like Google and Microsoft. They will find a way to monetize your behaviors.

    So what should you do? Stop using Twitter?

    • by Yvan256 (722131) on Monday May 10, 2010 @01:47PM (#32158822) Homepage Journal

      So what should you do? Stop using Twitter?

      Yes.

      • Re: (Score:2, Insightful)

        by Anonymous Coward
        That would imply starting to use Twitter.
    • Re: (Score:1, Redundant)

      by janeuner (815461)

      So what should you do? Stop using Twitter?

      Yes.

    • by fotbr (855184) on Monday May 10, 2010 @02:03PM (#32159102) Journal

      A strange game. The only winning move is not to play.

      • by fustakrakich (1673220) on Monday May 10, 2010 @02:47PM (#32159776) Journal

        That might not be allowed. If you don't sign up with these social networks, you will be flagged as a "loner" type , and put on the no fly list. Customs already does this to people who don't have a credit card. I speak from experience. So, what have you got to hide? Sign up already!

        • but how did you acquire your ticket? cash?

          • Yeah, of course.. That's one of the things that flag you. And I bought it through an ad in the Sunday paper at the last minute because the price was so cheap. They gave me all sorts of shit. I know I "fit a description". Fuck them.. Bitch was completely convinced I was carrying.. Even said so as I was leaving.. "You just don't have it on you." Fuck them twice.. Five days later four airliners crashed almost simultaneously.. by people who had credit cards.. All their papers were in order

            But now, in these days

          • but how did you acquire your ticket? cash?

            Yes, actually.

            PROTIP: Buying a ticket for "next flight to <X>" at the airport using cash gets you instantly flagged for Special Treatment [wikipedia.org]... Handy if you're at a busy airport. :-)

    • So what should you do? Stop using Twitter?

      Not a bad solution, this [twitter.com] link claims locking your twitter account would also work.

    • by 517714 (762276)
      Never start.
    • by Dalambertian (963810) on Monday May 10, 2010 @03:03PM (#32160026)
      The suggestion that we should stop using twitter because of spam is quite strange. Has spam stopped you from using email?
      • by owlnation (858981)

        "The suggestion that we should stop using twitter because of spam is quite strange. Has spam stopped you from using email?"

        Yes. Well, specifically, it has stopped me using Yahoo or Hotmail as an email provider.

        Twitter is perhaps a useful tool for a few people, but it's far from essential. There's plenty of alternative means of communication. There's no reason anyone "needs" twitter. I've never used it, and I can't imagine any situation where I would ever do so. It's simply a fad, nothing of value will

        • Like many others here I use gmail to make spam negligible, and I'm sure enterprising people will do the same for twitter should spam become a real problem. Twitter's value comes in what you stand to gain by using it, not by what you think is currently necessary. Think about the effects of #cnnfail or Kevin Smith's Southwest Airlines incident. Compare the effects of a single subversive tweet to all the hundreds of letters you might write your congressman. But aside from its role in society, its personal valu
          • by fotbr (855184)

            Think about the effects of #cnnfail or Kevin Smith's Southwest Airlines incident.

            The what? Who's Kevin Smith, and why do I care what happened between him and an airline I avoid like the plague?

            Twitter still isn't important.

            • #cnnfail was the twitter hash tag used when CNN neglected to cover the Iranian protests last summer. It's what prompted CNN to include a twitter feed in their broadcasts. Kevin Smith is the writer/director of Dogma, Clerks, Chasing Amy and other counter-culture cult classics. He complained over twitter about getting kicked off a plane for being too fat. Southwest Airlines was forced to make a few public statements defending their policy. I mention these stories as examples of how twitter is helping shift t
      • Re: (Score:1, Insightful)

        by Anonymous Coward

        yes

      • As soon as Twitter is useful for sharing confidential business information, receiving bills and shipping information, having personal conversations with one other person or just a select group of people, and transferring attachments... then and only then can it be compared in any way to email.
        • If you share confidential business information over unencrypted email, you might as well just be posting it on twitter.

          • Absolutely right. Which is just another feature of email--the fact you have the option of encryption--that sets it so far apart from Twitter, you can't possibly start comparing the two as the parent poster did.
            • My point in the comparison is simply to illustrate that the benefits of twitter as a utility outweigh the costs of whatever spam that might get through, just as with email. Twitter does not need to duplicate the functionality of email for it to be genuinely useful to society.
    • "So what should you do? Stop using Twitter?"

      Exactly. They'd loose 90% of their users like that if it they started doing that.

    • Re: (Score:3, Insightful)

      by Jer (18391)

      Whether or not this would be useful for spam, it would be more profitable for Twitter to be able to control it, rather than letting individuals force other people to follow them. This is clearly a bug - there's no financial benefit to Twitter with this and if it went on for too long they'd lose users (which is probably why they shut off the follower mechanism as soon as the bug was publicized).

      Not to say Twitter couldn't introduce their own advertising scheme. Just that if they did they'd want it to be on

  • by abbynormal brain (1637419) on Monday May 10, 2010 @01:32PM (#32158556)

    test command embedded into the code that allows "dummy" testing within the development environment. Either way - oops.

    • by squiggleslash (241428) on Monday May 10, 2010 @02:03PM (#32159108) Homepage Journal

      I'm going to stick my neck out and suggest it's more a case of someone deciding not to check for errors in a bit of code.

      In Twitter, you can have either protected tweets or unprotected tweets. If the former, then if someone wants to follow you, they have to request it, and you can either "accept" them following or deny it.

      It looks to me that the commands are sent in-band, and that the command "accept " is related to the above code. What isn't happening is any check that the person identified ever actually sent a request in the first place.

      So, this isn't an evil conspiracy to send people advertising (was BAG being serious?), and I doubt it's test code either. The above just "fits" with everything we know about twitter.

  • Justin Bieber is actually a secret computer hacker, breaking simple algorithms like this is cake for him.

    In fact, all of his music is about IRC.

    • Re: (Score:1, Funny)

      by Thelasko (1196535)
      From what I understand, this bug was discovered by someone who calls himself "Bobby Tables [xkcd.com]." However, there appears to be no records of such person in any school system computers.
  • So...? (Score:5, Funny)

    by fahrbot-bot (874524) on Monday May 10, 2010 @01:34PM (#32158594)
    All your tweets are belong to us?
  • looked up my twitter and i have 0 followers now

    • by TheLink (130905)
      Looks like the mods here hate you too since you're modded off-topic (even though your post is more on-topic than most posts :) ).

      Maybe you could try posting "accept +1 Insightful". It worked for some slashdotter earlier (who went for +1 Funny).
  • In-Band Signalling (Score:4, Insightful)

    by captaindomon (870655) on Monday May 10, 2010 @01:50PM (#32158880)
    This is one of the difficulties of In-Band Signaling [wikipedia.org]. Their communication channel is so limited that handling secure signaling is difficult.
    • Re: (Score:3, Insightful)

      by Amouth (879122)

      not exactly.. their failure was not implementing some type of request/accept queue system.. and if they did they bypassed it and gave the accept message the ability to add people even if they where not in the queue, which is just stupid.

      while i agree that In-Band Signaling is not easy to do right, and that they do have a limited communication channel.. they do not have a limited processing or back-end infrastructure..

      there is no excuse for this type of screwup..

    • it's not *that* difficult: you could have a simple UUID sent on follow requests that has to be returned in the accept/not accept response for example; the fact that twitter fixed this issue very quickly could mean that that this was indeed a testing command that was left in and that the user-initiated follow/unfollow works a bit more securely...

      • well, go ahead and accept me at my /. twittername and see if it works. I think they've disabled follow/unfollow requests for now

        Plus, I really wanna see if it shows up on both ends of the queue, or just the one end.

  • TWITTER BEFORE ZOD!

  • Blue Box (Score:5, Interesting)

    by John Whitley (6067) on Monday May 10, 2010 @01:52PM (#32158906) Homepage

    Heh, it's tempting to view this as an accidental homage to the blue box [wikipedia.org].:

    An early phreaking tool, the blue box is an electronic device that simulates a telephone operator's dialing console. It functions by replicating the tones used to switch long-distance calls and using them to route the user's own call, bypassing the normal switching mechanism. The most typical use of a blue box was to place free telephone calls - inversely, the Black Box enabled one to receive calls which were free to the caller.

    For those new to the party, on early telephony networks the telco's control signals were sent on the same channel as the content (voice) signals. Some bright folks figured out how to exploit this weakness. Oops. ;-)

    • Re: (Score:3, Interesting)

      by BlueBoxSW.com (745855)

      Interesting...

    • by TubeSteak (669689)

      For those new to the party, on early telephony networks the telco's control signals were sent on the same channel as the content (voice) signals. Some bright folks figured out how to exploit this weakness. Oops. ;-)

      The main difference being that back in the blue boxing days, security was an afterthought and now it's a multi-billion dollar industry.

      Which only makes Twitter's glaring mistake all the more embarrassing.
      It's up there with Norton's "stopkeylogger" fiasco.

      • Re:Blue Box (Score:4, Informative)

        by hitmark (640295) on Monday May 10, 2010 @02:10PM (#32159226) Journal

        yep, telcos operated on the "security by obscurity" system. Only their own personnel should in theory know the unlisted numbers to the switches and so on. But thanks to anything from grabbing manuals from the back of repair trucks, to wardailing whole area codes, this didnt work in the long run.

      • Which only makes Twitter's glaring mistake all the more embarrassing.
        It's up there with Norton's

        Damn it! Why does your post keep crashing my browser? There's nothing after this...

      • Re: (Score:3, Insightful)

        by cgenman (325138)

        The main difference being that back in the blue boxing days, security was an afterthought and now it's a multi-billion dollar industry.

        It's a multi-billion dollar industry... that gets called in after-the-fact once a tool gets really popular.

  • I thought the Woot blog response [woot.com] to the matter was more interesting. I haven't been corrupted by Twitter yet, so it's all just amusing to me anyway.

  • ..not on third-party apps?
    Twitter, meet WWW::Mechanize [cpan.org].
    WWW::Mechanize, meet a twat.
  • until you realize that as twitter creeps further into english language use, the following conversation following english language convention is only a few months away:

    "i was going to twitter that until i got the tweet you twatted yesterday and i realized its no fun twuttering anymore, you twat"

    "don't call me a twat you twit"

    (shudder)

    • Re: (Score:1, Funny)

      by Anonymous Coward
      saying twat in the context of twitter was funny for like the first 5 minutes of twitter existing
      • Acting grown up is easier when you like, use correct capitalisation, punctuation and like, don't use the word "like" like that.
  • Testing (Score:5, Funny)

    by Dan East (318230) on Monday May 10, 2010 @02:21PM (#32159358) Homepage Journal

    modfunny 318230

  • by Anonymous Coward

    http://twitter.com/ConanOBrien/status/13631062967

  • ... but most of all, samy is my hero.

  • Has anyone abused this to follow themselves? That has much more fun potential than pretending random strangers care about your tweets.
    • by Phrogman (80473)

      I would agree, but the only people following me are random strangers - possibly because I signed up for Twitter, sent one tweet as a test, and haven't been back again. I just don't see the point if you aren't a celebrity who wants to get more publicity.

      • by cgenman (325138)

        If you have a large group of friends and associates, it's a nice way to let each other know of goings-on. Things like BBQ's, beach outings, cocktail nights, etc.

        If people you know aren't using it, then it is exceedingly useless.

    • Infinite loop! Let's try that out... out... out... out... out... ....

    • Re: (Score:3, Funny)

      And so dawns the age of the auto-lobotic circle-tweet.
  • One tweet to rule them all... One tweet to find them... One tweet follow them all... and in the darkness... pitch them your script for your Lord of the rings spin-offs.
  • "Twitter bug and ensuing 0 followers/0 following fiasco was inadvertently started by a Turkish fan of heavy metal band Accept. When this young man tweeted "Accept pwnz," he found that the user @pwnz was suddenly following him."

  • As a programmer, I found the story of how the 'bug' was discovered quite amusing.

    "The bug was inadvertently exposed by a Turkish fan of the German heavy metal band ACCEPT. When this young man tweeted "Accept pwnz," he found that the user @pwnz was suddenly following him." (Details (in Turkish) at http://inci.sozlukspot.com/e/4266098/ [sozlukspot.com])

    This should forever be used as an example of why security through obscurity is no security at all.

We are Microsoft. Unix is irrelevant. Openness is futile. Prepare to be assimilated.

Working...