back to article Twitter diet spam splurge blamed on Gawker compromise

Compromised Twitter accounts are being abused to post spam messages promoting a diet website. Tens of thousands of messages promoting an acai berries diet website appeared on Sunday, prompting speculation that a worm was spreading across the micro-blogging service. However, it seems the spam fest was not caused by twits …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Not sure if that's the case...

    My twitter account published one of the spam messages and I'm pretty sure I've never had a gawker account.

  2. Anonymous Coward
    Anonymous Coward


    "The attack illustrates the importance of using different login credentials on different websites"

    That's right everyone on the planet uses different logins, for every single fucking site that asks for one. I would need to know and manage about 50 if that were the case.

    And no I dont use gawker or twitter, so not affected, but just a realist.

    1. noboard
      Thumb Up

      Sir Boddington of Smeddly will do


      I use different passwords for different levels of sites and gawker and twitter would rate at the same low level. If they managed to access both, they'd just find made up info, so no great loss.

      Now if only main stream sites would allow non alpha numeric characters in passwords. We'd all have a chance of actually creating secure passwords then.

    2. Anonymous Coward
      Anonymous Coward

      Here's a trick

      Remember dozens of different random passwords is not realistic. It's possible to generate and remember lots of unique passwords if you have a key.

      Use a core password, for example - abc123

      Now integrate that into every site or service you use.

      So for Twitter, it could be "twitabc123".

      For The Register, it could be "therabc123".

      Obviously, your core password needs to be strong.

    3. The main man


      I don't use these sites as well but i have used the same passwords on numerous sites :(

  3. Steve Martins

    stupid people

    I'm amazed that there are still enough stupid/ignorant/ill educated people following links from spam to make it pay for the spammer!

    Isn't it about time some clever bod got antispam software to detect urls in spam and start pinging the advertised server? That way sending a million spam emails instantly results in a DDOS attack against the server in question. just a thought...

    1. Alex 0.1

      Think not.

      That suggestion has more holes in it than a hole full of holes.

      Here's a couple:

      1) Spamvertised websites often point to compromised content on legitimate servers. Spammer sends out junk message pointing to compromised content hosted on a legit host's server. The server promptly dies, at which point the host of the server sues the developer of your antispam software for damages caused by the server outage, as well as contacting the police to file criminal charges (DDoS attackes are explicitly illegal in the UK, USA, and Sweden to name but some, and it'd probably be both the software developer and all the users of the software that're liable).

      2) Instant free DDoS botnet to anyone that can send a few junk mails. I work for company A and decide that company B, my competitor, is doing a bit too well on its' online shop. Send out a few emails advertising company B's website, make the messages look a bit spammy, and bam, down goes my competitor's website.

  4. Anonymous Coward
    Anonymous Coward

    El Reg passwords...

    Use AES and not DES right?

    1. Anonymous Coward
      Anonymous Coward


      I really hope you forgot the joke alert icon... if you encrypt passwords then please do the world a favour and stay away from anything where security is important

      salted SHA1 more like... (or MD5 works too, but SHA1 is better and just as widely supported so no real reason not to use it)

    2. Si 1

      Best encryption

      I like double-ROTT13 encryption myself...

      1. Anonymous Coward


        Sorry, that post is unreadable, do I need your PGP key or something?

This topic is closed for new posts.

Other stories you might like