48
votes
Twitter replaces twitter.com with x.com without user consent. Bad implementation invites an influx of Phishing attacks. (german source)
https://www.heise.de/news/X-veraenderte-User-Beitraege-Gefundenes-Fressen-fuer-Phischer-9681259.html
What happened is basically, that twitter attempted to replace twitter.com with x.com in all tweets without informing or asking users. As if that wasn't bad enough, their refactoring script was implemented so badly, that it introduced dangerous inconsistencies opening the door for novel phishing attacks.
The following (manually translated) paragraph explains what happened pretty well. (DeepL translation of full article below.)
This obviously created the perfect tool for malicious actors to lure people to fake phishing websites in an attempt to steal their data.
This is one of the most dangerously stupid moves Twitter has made since Elon took over. Seriously... Just leave it be already...
Full DeepL translation:
X modified user contributions: A feast for phishers
Without permission, X has replaced the string twitter.com in tweets with x.com. What could possibly go wrong if links are suddenly displayed differently?
Free speech on the microblogging service X sometimes only exists the way X likes it. Since Tuesday, the company has been replacing the string twitter.com with x.com in its users' posts without the permission of the authors. twitter.com was the service's previous advertised URL when it was still called Twitter. The new script was stupid enough to carry out the intervention at the end of URLs without removing or adapting the underlying hyperlink. For example, if a user posted a link to fedetwitter.com, the visible text faked a link to fedex.com, although clicking on it actually led to fedetwitter.com.
This kind of deception is a real treat for phishers. They can use it to set more convincing traps. Most users do not check the technical hyperlink and mistakenly believe they are accessing a well-known website such as carfax.com. In reality, however, they end up at carfatwitter.com, a completely different domain - where the website may look exactly the same, but data entered may fall into the wrong hands or downloaded files may contain malicious code.
The deception worked on Tuesday and Wednesday for all URLs ending in *x.com, of which there are a special number. X users could not defend themselves against this either.
Are you serious?
After the prominent IT security expert Brian Krebs drew attention to this risk on Wednesday, X stopped the script. By then, however, dozens of domains ending in *twitter.com had already been registered, including space-twitter.com, which was displayed in posts on X as space-x.com. Some of the domain registrations may have been done defensively to prevent phishing attacks.
"Are you serious, X Corp?" can be read at roblotwitter.com, for example. Someone else asks the same question at carfatwitter.com.
You just know that some poor sysadmin working for X was told "Make this happen!"
The sysadmin was probably really low level and went "This works, does anyone want to check it?"
Then the senior went "Just do it, FFS!"
When the management found out, the senior pointed at the junior and now the junior is looking for a new job.
I went looking for evidence of this in my Twitter (X) account and the only thing I found was a tweet warning about this. It seems the people I subscribe to don't talk about Twitter or X very much.
It certainly shows how untrustworthy they are, though.
I think it's been fixed by now.
Hey, we have a palestine/israel megathread, can we also have an "everything Musk touches is a shitshow" megathread? Nothing interesting is happening here.
Reminder that you can hit "Ignore Post" or add tags to your filters to not see the posts that you're not interested in.