case of the tweep abduction

 
 01 Sep 2009 @ 7:40 PM 

I joined twitter quite some time ago and as I didn’t expect to engage in it very much, I chose some random nickname that didn’t actually represent anything, domdingelom.  It was just a try-out …

In the past months I had thought about changing my twitter account to something more meaningful, as, you know, I became quite fond of the little tool and how it allows me to interact with the security community at large. I’ve learned a lot from the security tweeps. Finally, yesterday, I changed my nick to my real name.  It only made sense since, I am no fancy avatar, I’m just me.

While changing my nick, the thought of registering an new account with my old nick, briefly crossed my mind but the following made me decide not to do it :

  1. I’m not THAT important for anyone to go and hijack my old nickname.
  2. It didn’t actually go back far (max. 12 months) and it didn’t really represent something.  I couldn’t bother

One thing I forgot though is that, however small the risk, we’re talking about the security community here … Some guy or gal is gonna pwn your @ss whenever he gets the possibility.

So, my good friend Didier registered an account today with my old nick and since he knows who I interact with (I had unprotected tweets until yesterday AND he is on my friends list) and briefly tested it’s possibilities.  Quickly he tricked some of my contacts into talking to him, believing he was me.

I learned a few good lessons today :

  1. In the security community, take nothing for granted.
  2. Your online ‘person’ is can be a valuable asset
  3. Twitter doesn’t protect ‘dropped’ nicknames, you better register a new account with your old nick if you don’t want somebody else to do so.
  4. It’s better to be pwned by a friend than a foe.

On the bright side, it’s only 17 days until Brucon starts … I’ll have a chance to unleash my demons upon Didier there … Didier, you are forewarned ;-)

  • Share/Bookmark
Posted By: admin
Last Edit: 01 Sep 2009 @ 05:43 PM

EmailPermalink
Tags
Categories: Uncategorized
Previous Next


 

Responses to this post » (One Total)

 
  1. Link: case of the tweep abduction « Didier Stevens says:
    September 1, 2009 at 10:15 pm

    [...] Link: case of the tweep abduction Filed under: Entertainment, Uncategorized — Didier Stevens @ 20:15 I know, I love a bit of mischief [...]

    Like or Dislike: Thumb up 0 Thumb down 0

Post a Comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

Tags
Comment Meta:
RSS Feed for comments
TrackBack URI
Last 50 Posts
Back
Register an account
Change Theme...
  • Users » 3
  • Posts/Pages » 90
  • Comments » 55
Change Theme...
  • VoidVoid « Default
  • LifeLife
  • EarthEarth
  • WindWind
  • WaterWater
  • FireFire
  • LightLight

About



    No Child Pages.

Tools

Media



    No Child Pages.

Disclaimer



    No Child Pages.

Help People



    No Child Pages.

Conferences



    No Child Pages.

Reviews



    No Child Pages.