louisgray.com - Latest Comments in louisgray.com: Twitterank Can Have My Password, No Questions Asked

Re: louisgray.com: Twitterank Can Have My Password, No Questions Asked

Jonas — Thu, 20 Nov 2008 02:03:00 -0000

How much is your twitter profile worth? http://tweetvalue.com

Re: louisgray.com: Twitterank Can Have My Password, No Questions Asked

Deepak — Fri, 14 Nov 2008 16:42:52 -0000

Here's a list of some applications that may have your twitter credentials:

http://techtantra.net/2008/...

IMO the real take-away here are - Twitter needs to implement OAuth and users need to be a little more careful who they give their credential to.

Re: louisgray.com: Twitterank Can Have My Password, No Questions Asked

Richard Cunningham — Thu, 13 Nov 2008 13:27:05 -0000

The problem is not if you just trust the author of the site - but do you trust them to keep the site secure that no one can hack in and get all the stored passwords?

In my experience many web developers have a poor idea of security, after all even long established web apps have security flaws like the ones in WordPress or this one I found in phpMyAdmin ( http://www.phpmyadmin.net/h... )

Re: louisgray.com: Twitterank Can Have My Password, No Questions Asked

Mark Evans — Thu, 13 Nov 2008 10:59:51 -0000

I'm just as guilty as the next person when it comes to handing over my username and password to use new and interesting services. I need to be a lot more careful, and change my passwords more often.

Re: louisgray.com: Twitterank Can Have My Password, No Questions Asked

CraigK — Thu, 13 Nov 2008 10:33:23 -0000

Seems like a dumb gimmick site that has no purpose and could potentially be harmful in some way.

Craig
www.budgetpulse.com

Re: louisgray.com: Twitterank Can Have My Password, No Questions Asked

sciencebase — Thu, 13 Nov 2008 09:15:35 -0000

I think the twitterank, whether it was a scam or not (it probably wasn't), should serve as a wake-up call to everyone who thinks they are immune to phish

Re: louisgray.com: Twitterank Can Have My Password, No Questions Asked

@JoeHobot — Thu, 13 Nov 2008 08:30:29 -0000

Great post my friend, I just think that its part of the game. Twitter is probably soon going to release advertising feature as well, and rank will determinate how much your profile is worth and not advertising skills :)

Re: louisgray.com: Twitterank Can Have My Password, No Questions Asked

Beth — Thu, 13 Nov 2008 04:50:27 -0000

ZDNet called Twitter users gullible

...which is hilariously ironic, considering they bought some guy's JOKE tweet and immediately assumed it was the twitterank guy.

All they had to do was a simple whois search on the domain, and they could have even called the guy who made the site.

People are such sheep - everyone follows the herd first getting their "rank," then they all collectively go into a frenzy over ZDNet's paranoid and unresearched speculation. It took me about 30 seconds to find the guy, and I'm a complete n00b compared to what I'd expect from the people at ZDNet. Of course, that's just one guy on the blog - talking out of his arse, like most bloggers. ;)

Re: louisgray.com: Twitterank Can Have My Password, No Questions Asked

Richard Cunningham — Thu, 13 Nov 2008 03:20:27 -0000

Or someone will delete all your tweet history and all your friends. Then you ask twitter and they say they don't have way to recover that just for you.

Re: louisgray.com: Twitterank Can Have My Password, No Questions Asked

Hutch Carpenter — Thu, 13 Nov 2008 00:46:38 -0000

So if someone steals my password...I'll be tweeting viagra ads. So be it.

Re: louisgray.com: Twitterank Can Have My Password, No Questions Asked

Oliver Ortega Chua — Wed, 12 Nov 2008 22:12:07 -0000

Another downside to Twitter not supporting OAuth is that if and when you do decide to change your password (or username), you have to remember every other place that has it and update them all!

Re: louisgray.com: Twitterank Can Have My Password, No Questions Asked

Louis Gray — Wed, 12 Nov 2008 22:04:36 -0000

Bwana, you are of course right. There are a bajillion services that
require Twitter credentials. The issue here was that the service was
unknown, new, and had some odd comments in the source page that had
people uncomfortable. After that, it was just typical lemming behavior.

What!!!! Neiman-Marcus sells cookies? Microsoft is going to pay me to
surf the Web!!!

Re: louisgray.com: Twitterank Can Have My Password, No Questions Asked

Bwana — Wed, 12 Nov 2008 21:58:51 -0000

Exactly. This is Twitter's shortcoming. They need to implement OAuth ASAP.

Re: louisgray.com: Twitterank Can Have My Password, No Questions Asked

Bwana — Wed, 12 Nov 2008 21:57:55 -0000

I really don't see why this is an issue now? I mean there' a bajillion services that interface with Twitter that require your username and password. FriendFeed, BrightKite, geez, there's a ton. This is a non-issue and I can't fathom why anyone would think about their password NOW.

Re: louisgray.com: Twitterank Can Have My Password, No Questions Asked

Mike Templeton — Wed, 12 Nov 2008 21:51:18 -0000

I replied to your comment on our blog and I'll do so again over here. I believe, like you, that people are inherently good, and if you look at all of the other Twitter apps and services that have done this, none of them have turned out to be evil.

However, this is a good situation for Twitter to take note of and to work on implementing OAuth so we don't have to worry about someone actually running off with data.

Re: louisgray.com: Twitterank Can Have My Password, No Questions Asked

Louis Gray — Wed, 12 Nov 2008 21:46:19 -0000

Adam, I mentioned that: "Another concern would be if you or I used the same login and password combination on other services."

My issue is that what Twitterank is doing isn't too much different than other services, and it's not malicious. The author is here: http://twitter.com/ryochiji

Get Twitter on OAuth and this issue all goes away.

Re: louisgray.com: Twitterank Can Have My Password, No Questions Asked

Adam Ostrow — Wed, 12 Nov 2008 21:42:41 -0000

Really? Many people use the same password for everything. Once someone gets it, they can use it to login to far more serious stuff than Twitter.

Re: louisgray.com: Twitterank Can Have My Password, No Questions Asked

tweetip — Wed, 12 Nov 2008 21:20:43 -0000

1st Tweets Chart... http://tweetip.us/lkvhi

Re: louisgray.com: Twitterank Can Have My Password, No Questions Asked

Michael Sean Wright — Wed, 12 Nov 2008 21:16:37 -0000

I think you just gave me a post for tomorrow- If I Was Louis Gray For A Day. Sending you an email now for your Twitter password. Don't worry, It won't hurt that much.

Re: louisgray.com: Twitterank Can Have My Password, No Questions Asked

Edwin Khodabakchian — Wed, 12 Nov 2008 20:53:46 -0000

Hopefully the highest people at Twitter will hear this and decide to up the priority of OAuth support.

Re: louisgray.com: Twitterank Can Have My Password, No Questions Asked

Jesse Luna — Wed, 12 Nov 2008 20:53:28 -0000

Other issues include the silliness of rankings/ratings and how easy it is to discredit a new service. I retweeted a message about it being a possible scam or phishing scheme based off of a couple of other tweets. This kind of viral messaging is a large part of Twitted but can also lead to dis-information.
@jesseluna on Twitter.

Re: louisgray.com: Twitterank Can Have My Password, No Questions Asked

centernetworks — Wed, 12 Nov 2008 20:53:14 -0000

hi cyndy hi louis

Re: louisgray.com: Twitterank Can Have My Password, No Questions Asked

Louis Gray — Wed, 12 Nov 2008 20:51:37 -0000

If it turned out that this was a password sniffing site, I would have
admitted defeat, and gone around switching a few passwords. But it
doesn't look like that's the case. I do know my FriendFeed API key by
heart as well, but the best part is that my iPhone has it saved as a
previous address, so sending pics via e-mail from there is a cinch.

Re: louisgray.com: Twitterank Can Have My Password, No Questions Asked

CyndyA — Wed, 12 Nov 2008 20:43:16 -0000

I always switch my password out after I try this stuff, anyway. And I don't use the same password on any two sites. I do prefer the key thing that FF does. Tragic that I know THAT by heart.