Twitter Bug Lets Users Force Others To Follow Them 143
Several readers have sent word of a Twitter bug which has been allowing users to make any other user follow them by simply tweeting "accept [username]." People have been abusing it to make the accounts of various celebrities and publications follow them. Twitter acknowledged the bug and disabled the follow/unfollow system until they can get it fixed.
Bug fixed (Score:2, Informative)
Re:Bug fixed (Score:5, Funny)
Twitter says they have resolved this bug.
http://status.twitter.com/post/587210796/follow-bug-discovered-remedied [twitter.com]
It's not so much fixed as unreproducible by way of disabling the entire "follow" feature. The twits are in a panic, wondering if they've offended people since their followers have all disappeared.
Does this work on Slashdot? (Score:5, Funny)
Re: (Score:2, Funny)
Re: (Score:3, Funny)
Damn, I went back to Tristram for nothing.
Re:Does this work on Slashdot? (Score:4, Interesting)
Re: (Score:2)
Yup, works fine.
Re: (Score:2)
It's not so much fixed as unreproducible by way of disabling the entire "follow" feature.
Aaaaaaaaand now it looks fixed.
Re: (Score:2, Redundant)
Good job little Bobby Tables is not using Twitter.
http://xkcd.com/327/ [xkcd.com]
Re: (Score:2)
Good job little Bobby Tables is not using Twitter.
http://xkcd.com/327/ [xkcd.com]
Or his mum.
Re: (Score:1)
Re: (Score:2, Funny)
Twitter Bug Lets Users Force Others To Follow Them
Who could resist following someone who was doing the "TwitterBug"? It's such an irresistible dance!
Re: (Score:2)
Oh I wish that "cancel (username)" would work :)
Fast (Score:1)
That might explain Chavez's Top Twitterer Status (Score:4, Funny)
http://news.bbc.co.uk/2/hi/americas/8671581.stm [bbc.co.uk]
Re: (Score:2)
You are kidding, right?
Probably not a bug (Score:5, Interesting)
Consider that selling a list of users and their preferred content information to advertisers could result in a huge profit for Twitter. Then imagine a captive audience forced to receive what is essentially spam tweets.
This is definitely a feature, not a bug. And this disabling of the feature for the time being is a temporary measure to let the furor blow over before reactivating it later.
Twitter isn't a public utility. It's a business just like Google and Microsoft. They will find a way to monetize your behaviors.
So what should you do? Stop using Twitter?
Re:Probably not a bug (Score:5, Insightful)
Yes.
Re: (Score:2, Insightful)
Re: (Score:2)
that sounds awesome - sign me up!
btw. this twitter thing is not on at the same time as reality tv is it? because i'd hate to miss that.
Re: (Score:2)
that sounds awesome - sign me up!
I'll do that for you right now...
Re: (Score:1, Redundant)
So what should you do? Stop using Twitter?
Yes.
Re:Probably not a bug (Score:5, Insightful)
A strange game. The only winning move is not to play.
Re:Probably not a bug (Score:5, Funny)
That might not be allowed. If you don't sign up with these social networks, you will be flagged as a "loner" type , and put on the no fly list. Customs already does this to people who don't have a credit card. I speak from experience. So, what have you got to hide? Sign up already!
Sorry to go so far off topic-- (Score:2)
but how did you acquire your ticket? cash?
Re: (Score:1)
Yeah, of course.. That's one of the things that flag you. And I bought it through an ad in the Sunday paper at the last minute because the price was so cheap. They gave me all sorts of shit. I know I "fit a description". Fuck them.. Bitch was completely convinced I was carrying.. Even said so as I was leaving.. "You just don't have it on you." Fuck them twice.. Five days later four airliners crashed almost simultaneously.. by people who had credit cards.. All their papers were in order
But now, in these days
Re: (Score:2)
but how did you acquire your ticket? cash?
Yes, actually.
PROTIP: Buying a ticket for "next flight to <X>" at the airport using cash gets you instantly flagged for Special Treatment [wikipedia.org]... Handy if you're at a busy airport. :-)
Re: (Score:2)
So what should you do? Stop using Twitter?
Not a bad solution, this [twitter.com] link claims locking your twitter account would also work.
Re: (Score:2)
Re:Probably not a bug (Score:4, Insightful)
Re: (Score:2)
Yes. Well, specifically, it has stopped me using Yahoo or Hotmail as an email provider.
Twitter is perhaps a useful tool for a few people, but it's far from essential. There's plenty of alternative means of communication. There's no reason anyone "needs" twitter. I've never used it, and I can't imagine any situation where I would ever do so. It's simply a fad, nothing of value will
Re: (Score:2)
Re: (Score:2)
Think about the effects of #cnnfail or Kevin Smith's Southwest Airlines incident.
The what? Who's Kevin Smith, and why do I care what happened between him and an airline I avoid like the plague?
Twitter still isn't important.
Re: (Score:2)
Re: (Score:1, Insightful)
yes
Re: (Score:2)
Re: (Score:2)
If you share confidential business information over unencrypted email, you might as well just be posting it on twitter.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Don't be silly (Score:2)
"So what should you do? Stop using Twitter?"
Exactly. They'd loose 90% of their users like that if it they started doing that.
Re: (Score:3, Insightful)
Whether or not this would be useful for spam, it would be more profitable for Twitter to be able to control it, rather than letting individuals force other people to follow them. This is clearly a bug - there's no financial benefit to Twitter with this and if it went on for too long they'd lose users (which is probably why they shut off the follower mechanism as soon as the bug was publicized).
Not to say Twitter couldn't introduce their own advertising scheme. Just that if they did they'd want it to be on
Re: (Score:2)
Whoops. Meant to post under this account name.
That sounds more like a (Score:3, Insightful)
test command embedded into the code that allows "dummy" testing within the development environment. Either way - oops.
Comment removed (Score:4, Insightful)
Re:That sounds more like a (Score:4, Interesting)
They're likely sent in-band because most SMS commands are the same as the web interface. You can follow, direct message, etc. through both SMS or the update interface.
Of course (Score:1, Funny)
Justin Bieber is actually a secret computer hacker, breaking simple algorithms like this is cake for him.
In fact, all of his music is about IRC.
Re: (Score:1, Funny)
Re: (Score:1)
So...? (Score:5, Funny)
Re: (Score:2)
Re: (Score:2)
No, they belong to Bobby Tables.
Re:So...? (Score:5, Funny)
Re: (Score:1)
...
5) Profit!?
Holy crap! (Score:1)
I never thought I would see one of these soviet russia things where it was actually accurate and relevant.
Re: (Score:2)
I never thought I would see one of these soviet russia things where it was actually accurate and relevant.
Why, thank you. Let me add you as a follower on twitter. ;)
and i thought people just hated me (Score:2, Insightful)
looked up my twitter and i have 0 followers now
Re: (Score:2)
Maybe you could try posting "accept +1 Insightful". It worked for some slashdotter earlier (who went for +1 Funny).
Re: (Score:1, Funny)
In-Band Signalling (Score:4, Insightful)
Re: (Score:3, Insightful)
not exactly.. their failure was not implementing some type of request/accept queue system.. and if they did they bypassed it and gave the accept message the ability to add people even if they where not in the queue, which is just stupid.
while i agree that In-Band Signaling is not easy to do right, and that they do have a limited communication channel.. they do not have a limited processing or back-end infrastructure..
there is no excuse for this type of screwup..
Re: (Score:2)
it's not *that* difficult: you could have a simple UUID sent on follow requests that has to be returned in the accept/not accept response for example; the fact that twitter fixed this issue very quickly could mean that that this was indeed a testing command that was left in and that the user-initiated follow/unfollow works a bit more securely...
Re: (Score:2)
well, go ahead and accept me at my /. twittername and see if it works. I think they've disabled follow/unfollow requests for now
Plus, I really wanna see if it shows up on both ends of the queue, or just the one end.
Obligatory (Score:2)
TWITTER BEFORE ZOD!
Blue Box (Score:5, Interesting)
Heh, it's tempting to view this as an accidental homage to the blue box [wikipedia.org].:
An early phreaking tool, the blue box is an electronic device that simulates a telephone operator's dialing console. It functions by replicating the tones used to switch long-distance calls and using them to route the user's own call, bypassing the normal switching mechanism. The most typical use of a blue box was to place free telephone calls - inversely, the Black Box enabled one to receive calls which were free to the caller.
For those new to the party, on early telephony networks the telco's control signals were sent on the same channel as the content (voice) signals. Some bright folks figured out how to exploit this weakness. Oops. ;-)
Re: (Score:3, Interesting)
Interesting...
Re: (Score:2)
For those new to the party, on early telephony networks the telco's control signals were sent on the same channel as the content (voice) signals. Some bright folks figured out how to exploit this weakness. Oops. ;-)
The main difference being that back in the blue boxing days, security was an afterthought and now it's a multi-billion dollar industry.
Which only makes Twitter's glaring mistake all the more embarrassing.
It's up there with Norton's "stopkeylogger" fiasco.
Re:Blue Box (Score:4, Informative)
yep, telcos operated on the "security by obscurity" system. Only their own personnel should in theory know the unlisted numbers to the switches and so on. But thanks to anything from grabbing manuals from the back of repair trucks, to wardailing whole area codes, this didnt work in the long run.
Re: (Score:1)
Damn it! Why does your post keep crashing my browser? There's nothing after this...
Re: (Score:3, Insightful)
The main difference being that back in the blue boxing days, security was an afterthought and now it's a multi-billion dollar industry.
It's a multi-billion dollar industry... that gets called in after-the-fact once a tool gets really popular.
Woot this, Twitter! (Score:2)
I thought the Woot blog response [woot.com] to the matter was more interesting. I haven't been corrupted by Twitter yet, so it's all just amusing to me anyway.
Re: (Score:2, Informative)
Re: (Score:2)
It probably worked over SMS, too.
it's all fun and games (Score:1, Offtopic)
until you realize that as twitter creeps further into english language use, the following conversation following english language convention is only a few months away:
"i was going to twitter that until i got the tweet you twatted yesterday and i realized its no fun twuttering anymore, you twat"
"don't call me a twat you twit"
(shudder)
Re: (Score:1, Funny)
Re: (Score:2)
Testing (Score:5, Funny)
modfunny 318230
Re: (Score:1)
Conan saw it coming (Score:1, Insightful)
http://twitter.com/ConanOBrien/status/13631062967
myspace? (Score:2)
... but most of all, samy is my hero.
Recursive twittering (Score:2)
Re: (Score:2)
I would agree, but the only people following me are random strangers - possibly because I signed up for Twitter, sent one tweet as a test, and haven't been back again. I just don't see the point if you aren't a celebrity who wants to get more publicity.
Re: (Score:2)
If you have a large group of friends and associates, it's a nice way to let each other know of goings-on. Things like BBQ's, beach outings, cocktail nights, etc.
If people you know aren't using it, then it is exceedingly useless.
Re: (Score:1)
Infinite loop! Let's try that out... out... out... out... out... ....
Re: (Score:3, Funny)
I know someone tried this already, but,,, (Score:1)
friend VGPowerlord
One tweet... (Score:1)
Haha Turkish Metal Killed Twitter..... (Score:1)
"Twitter bug and ensuing 0 followers/0 following fiasco was inadvertently started by a Turkish fan of heavy metal band Accept. When this young man tweeted "Accept pwnz," he found that the user @pwnz was suddenly following him."
Security through Obscurity? HA HA HA (Score:2)
As a programmer, I found the story of how the 'bug' was discovered quite amusing.
"The bug was inadvertently exposed by a Turkish fan of the German heavy metal band ACCEPT. When this young man tweeted "Accept pwnz," he found that the user @pwnz was suddenly following him." (Details (in Turkish) at http://inci.sozlukspot.com/e/4266098/ [sozlukspot.com])
This should forever be used as an example of why security through obscurity is no security at all.
Re:Solution... (Score:4, Interesting)
Re: (Score:2)
> Slashdot has comments, friend/foe, and journal (blog) space.
> What's to prevent you from getting fired for using Slashdot?
much less obvious when comes the time to link it to my identity. Not that it is impossible although ;-)
I never told my Slashdot ID to anybody I know, I don't friend/foe anybody and I have no journal. Additionally, I try to be careful about what I post.
When can I pass the interview ? ;-)
Re: (Score:2)
> Slashdot has comments, friend/foe, and journal (blog) space. > What's to prevent you from getting fired for using Slashdot?
much less obvious when comes the time to link it to my identity. Not that it is impossible although ;-)
I never told my Slashdot ID to anybody I know, I don't friend/foe anybody and I have no journal. Additionally, I try to be careful about what I post.
When can I pass the interview ? ;-)
When you work for a company I'm pretty sure they know your identity. I think it's also safe to assume they don't care what your /. ID is, just that you're wasting company time.
Re: (Score:2)
> just that you're wasting company time.
Some people are paid by their company to read /.
Re: (Score:2)
Re: (Score:2)
Too bad there is no -1 Making me envious moderation.
Its not a good thing.
Re: (Score:2)
And yet some of us have been using slashdot for as long as we've been on the web (roughly so ~ more or less) as younger folks know it today.
I've been using this nick since 95 ish and haven't hidden that fact as far as I can remember. It was only lately that I even got an email addy that matched my real name (and that only for job hunt purposes). So I guess the fact that you don't share your username outside /. is related to the fact that you only got on the internets a couple years ago?
Also, who the f*ck ca
Re: (Score:2)
1) Do not hire anybody using social networking sites.
2) Make joining social networking sites a cause of immediate termination of employment.
Are you kidding me? How on earth do you expect employers to spy on their employees without the employees handing out their personal lives on a sliver platter? Sure, everyone wants the "best and the brightest" employees ... but do you really need a Rhodes scholar to do your accounts payable paperwork? Or handle your returns department? Of course not. Employers use these sites to "safely" monitor their herd of employees without "going to far".
Re: (Score:2)
Sorry I posted on the wrong topic, I had a FA linking to a topic about social networking sites and jobs in "sensible activity fields" on my /. front page and it doesn't seem to be there anymore ;-))
It might be a /. bug, I can`t explain it ;-(
Re: (Score:3, Interesting)
Sorry I posted on the wrong topic, I had a FA linking to a topic about social networking sites and jobs in "sensible activity fields" on my /. front page and it doesn't seem to be there anymore ;-))
Here is the link I posted to, it apparently has been rescheduled from 1:27 PM to 3:09 PM eastern time. So it seems like a /. problem.
http://tech.slashdot.org/story/10/05/10/1652245/Businesses-Struggle-To-Control-Social-Networking?art_pos=1 [slashdot.org]
Re: (Score:2)
Or better yet: ;DROP table users; --