Is your Twitter account sending Spam DMs?

If your Twitter account is where you talk to your customers or promote your business, the last thing you want the account to be known for is sending controversial tweets or DM spamming those who follow your account.

I’ve noted the amount of DM spam is on the rise again recently, following a long time between drinks, but thankfully there are some simple steps you can take to prevent your hard work from being compromised.

  1. Remove Applications which are connected to your Twitter account.
    In my experience giving authorisation to a dodgy app or website is the primary cause of a hack. Much of the relationships you build online are based upon trust, so make sure you first trust any service which wants to connect to your twitter account.
  2. Change your twitter password regularly.
    It’s good practice to change passwords on any service every 90 days or so, and while your twitter account wouldn’t usually contain any compromising information, you don’t want to be one of those embarrassed by the wrong (or even the right) people using your account.

That’s it.

The Security company Sophos just shared a post with similar guidance. The author prioritises running anti-spyware and keylogger checks on your computer. But I think that’s got little relation to a specific hack of your twitter account. If you are finding keyloggers or spyware on your computer it’s symptomatic of a larger problem.

We can only hope as twitter grows they revert to being wary of unfettered account creation, mention spam and Application connection. But as long as twitter continues with a reactive process for shutting down spammers, we’ll need to be on our guard.

UPDATE: Webroot are reporting HTTPS has become the default protocol for contacting twitter on the web. It may not solve all the problems, but it’s certainly no harm.

Twitter Applications and OAuth

Monday, August 30, 2010

If you are like most Twitter users, you have used use a third-party Twitter application to read or send Tweets. As of August 31, Twitter applications will all use OAuth, an authentication method that lets you use apps without them storing your password.

What does this mean for me?
The move to OAuth will mean increased security and a better experience. Applications won’t store your username and password, and if you change your password, applications will continue to work.

With OAuth, you still individually approve each application before using it, and you can revoke access at any time. To see which applications you have authorized or to revoke access, just go to the Connections section under Settings.

One thing to note – to continue to use your favorite applications, you should make sure you are running the latest version of the app. Otherwise, you may soon find that it doesn’t work anymore.

Tell me more about OAuth
In order for Twitter applications to access your account, developers have been able to choose one of two authentication methods: Basic Authentication or OAuth. Both require your permission, but there is an important difference. With Basic Auth, you provide your username and password for the app to access Twitter, and the application has to store and send this information over the Internet each time you use the app. With OAuth, this isn’t the case. Instead, you approve an application to access Twitter, and the application doesn’t store your password.

Fortunately, developers have known about our transition to OAuth since last December, so they’ve had time to update their apps. And many apps, including Echofon, TweetDeck, Twitterrific, Seesmic, and Twitter for Android, iPhone, and BlackBerry, are already using OAuth. We appreciate the work and time that developers have invested in this update in order to keep you safe.

Posted by @ at 1:37 PM