PCMag SecurityWatch

Don't trust twitter.

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 15 November 2022, 2018 UTC.  Content provided by email subscription to "PCMag SecurityWatch."

Source:  https://mail.google.com/mail/u/0/?tab=rm&ogbl#inbox/FMfcgzGqRZgLVhMTpBClcgBZwgKQwsWR

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

Trouble viewing this email? View in a browser
PCMag SecurityWatch
Don't Trust Twitter
If you haven't had a chance to catch up on the latest happenings in the social media landscape, here's a quick refresher: Facebook and Instagram's parent company Meta is cutting thousands of jobs; Oracle is monitoring TikTok to make sure Chinese authorities aren't manipulating the app; and last week, after billionaire blatherskite Elon Musk bought Twitter and dismissed half the staff, the platform devolved into absolute chaos. 

Double Secret Verification

One of Musk's first ideas in his new role was to offer a blue verification badge to any user who shelled out $7.99 per month without going through an independent verification process. The new policy's effects were immediate and disastrous, as users rushed to impersonate brands, celebrities, government officials, and even a certain fledgling social media CEO.


Twitter's solution to combat the paid blue check impersonators was to roll out a second, gray "official" verification badge for certain verified accounts processed through the previous verification system. The company also stopped selling the blue ticks and began suspending accounts for impersonation. The damage is already done, though, as people with paid badges get to keep them, and they can now elevate or disperse misinformation at will.

Musk is even in hot water with a sitting member of congress. A reporter was able to impersonate Senator Edward Markey from Massachusetts on Twitter by purchasing a blue check, and a verification pop-up message from Twitter incorrectly identified the faux senator's account as a legitimate one that Twitter's team had verified. Markey posted a letter to Musk on the platform, with an ominous follow-up tweet stating: "Fix your companies. Or Congress will."

Musk offered a glib reply in response to the senator's initial impersonation complaint, but the people who pay to run ads on his site aren't laughing. Not surprisingly, advertisers don't love it when anyone can impersonate their brands, so they’re abandoning the platform.

More Misinformation 

Twitter was never great at handling disinformation campaigns, and a recent report shows that misinformation has been out of control on the platform for years. The decision to monetize verification badges without actually verifying anyone's identity has made the situation even worse and has shown that Musk may not have a firm understanding of how the site he purchased is meant to function for most of its users. 

Musk demonstrated some of that unfamiliarity with the site when he received public pushback from his own moderation feature. Twitter's fact-checking function determined that Musk's boast about his new acquisition driving the most clicks to external sites was false and alerted the oblivious oligarch to his factual error by placing a warning label under his statement. The tweet and warning disappeared swiftly, but as with everything else on the internet, the exchange was recorded.


Verify, Then Trust

The sheer chaos on Twitter is entertaining for some, but there's plenty of potential for dangerous consequences from Musk's reckless decision-making in a public forum. Following the rollout of the paid blue check badges, some users impersonated the official Twitter account and posted links to malicious websites, as seen in the example below. 


The situation with impersonation and misinformation on Twitter probably won't improve anytime soon. Twitter's head of security is out, along with the chief privacy officer, chief compliance officer, and several other members of the company's privacy and security division. 

All of this is to say: Twitter is not safe right now. We do not know Musk's plans for the company, but as long as widespread impersonation continues, you shouldn't trust information or links from unfamiliar Twitter accounts.

Next Steps for Displaced Twitter Users

Maybe it's time to let Twitter go. If you decide not to stick around on the site, consider the following tips:

  • Don't delete your account. If your profile is related to your work or real identity, don't delete it! A stranger can claim your abandoned username and impersonate you.

  • Add multi-factor authentication to your account. Adding another form of identity verification for your account makes it harder for someone else to hack your account and impersonate you.

  • Back up your tweets. It may take a while for Twitter to generate your backup files (mine took about 24 hours). 

  • Keep an eye out for any activity related to your abandoned Twitter account. If you decide to leave Twitter, keep an eye on your old activity feed and look for notifications related to your account's security. A hacker could steal your abandoned account and post under your screen name.

  • Explore Twitter alternatives. No, there are no social networks that function exactly as Twitter does, but there are some decentralized alternatives for socializing online.

Did you get this email from a friend? Get it delivered to your inbox weekly. Sign up for the SecurityWatch newsletter.

What Else Is Happening in the Security World This Week?

Russian Code Found in US Army, CDC Apps. Everyone thought Pushwoosh was a US company, not a Russian entity operated from Siberia with its code embedded in 8,000 mobile apps.

FBI Almost Deployed Pegasus Spyware in Investigations. The spying tool allows hackers to remotely turn on an infiltrated device's camera and microphone and access its contents.

Canadian Man Charged Over Involvement in Global LockBit Ransomware Campaign. Mikhail Vasiliev is in custody in Canada and is awaiting extradition to the US.

Kaspersky Is Shutting Down Its VPN Service in Russia. Russians have until December to subscribe for a final year of access.

Nearly Half of Local Govt. Employees Use Old Android Devices. The slow uptake of new operating system releases means millions of government devices are vulnerable to cyberattacks.

Save $50 on IPVanish VPN
1Password’s CEO Says ‘Bad Habits’ are the Real Competition
Competing against both Apple and Google might not seem like a comfortable spot for a smaller tech firm—especially not if the big two beat it on price. But that’s where 1Password operates, running a subscription-based password-manager service while Apple and Google offer free, if less capable, tools to create, store, sync, and auto-fill passwords.

As PCMag’s Rob Pegoraro reports, at the Web Summit conference in Lisbon, 1Password CEO Jeff Shiner discussed the Toronto firm’s competitive positioning, its user experience, and its path to a passwordless future. Click here to find out why Shiner says an online experience free from passwords may be more secure. 

No More Passwords: How to Set Up Apple's Passkeys for Easy Sign-ins

Google One Premium Subscribers Now Get VPN Protection on Windows, Mac

What to Do if Your Antivirus Stops Working

NortonLifeLock Merges With Avast to Form New Company Called 'Gen'

New Signal Boss: We're No WhatsApp

All product and deal information such as discount, price and availability are believed to be accurate as of the time of publication. Please verify these details with the merchant site and check the merchant's terms and conditions before you buy. Publisher is not responsible for errors or omissions.


Popular posts from this blog

SecurityWeek Briefing.

Cyber War Newswire

SecurityWeek Briefing.