Saturday, October 31, 2009

Spammers are exploiting UTF8 homonyms to hide the spam keywords

Don't know it that is the correct name, Twitter spammer are currently using UTF8 encodings of characters that are actually normal latin chars to hide their spam keywords e.g. EFBD89 -> i, EFBD8F -> o etc.

The code EFBD89 translates to FF49 in Unicode which is a 2nd i character in the Unicode table (I wonder what is the point of this) that display as spaced characters.

This can be fixed easily, but right now any keyword filter will fail on this I think.


Thursday, October 15, 2009

Idle ...

Meine Schwester hat sich beschwert dass hier keine neuen Posts auftauchen, deswegen mal ein paar Links:

Twitter.com

post.lehmann.cx (Posterous)

Facebook

www.lehmann.cx

Friendfeed

Aardvark

Redux

Saturday, August 29, 2009

40

Ok, I'm finally 40, doesn't feel any other than before ...

Tuesday, August 25, 2009

Finally mobile

Nobody will care but this is my first blog post via a mobile device

Tuesday, August 18, 2009

Spam filtering for Twitter

I decided to start a list of spam resources for Twitter, until now, I have the following:
  • first of all, I have started to draw up a preliminary request for spam filtering features in Twitter itself or in the clients and requested them on getsatisfaction (Twitter) and uservoice (Tweetdeck)
  • Tidytweet.com is a service to filter Twitter feeds, currently in private beta, looks pretty good
  • you can set up Twitter filters with Yahoo Pipes easily, I have created a few examples for this, that I will put up here later
  • Tweetblocker.com (looks ok, but is very picky about follower ratio)
if you know more spam resources for twitter let me know
twitter.com/alexlehm

Monday, August 10, 2009

Follower services may get you banned after all



I have previously mentioned that I am not a fan of follower services that require you to disclose your twitter password. I have created a test account to give this a try and registered with a few of these services.

As it turns out this is even more abusive than you would expect with the account password suddenly changed and multiple requests to reset the password, but that's not the worst of it.

Today I received an email from twitter.com that the account was suspended due to a TOS violation, for cross-posting duplicate tweets across multiple accounts. Since I haven't used the account at all that means that the repeated advertisement posts by the different services have triggered the spam heuristic of twitter.

On a side note, the account had about 500 followers and was following about 1500 users, so this was not really worth it, you can get this number of followers by normal activity without spamming.


Monday, July 27, 2009

Spam is getting stranger and stranger

I received the following message via IM spam: 

"The world of Mexican midget wrestling is in mourning after two of its most famous stars were apparently poisoned by fake prostitutes." 

This sounds like a randomly chosen headline, but I wonder what reason the spammer has to send a message without any link or other ad type content. 

The headline is an actual story.


Saturday, July 25, 2009

Making the case for shared authorization in twitter

Currently there are a few methods available to authenticate users on 3rd party sites via twitter, I'd like to make a strong case for two of these.

  • The simplest solution is for a 3rd party site to ask for your twitter username and password so that they can access the account via the twitter API and do whatever is necessary, e.g. post messages on your behalf. This will work until you change your password.
  • The second solution is to ask for the username only, have you follow them and send you a DM with a secret token that you can enter on their web page. This is a rather smart solution if the site has to check that you are actually who you claim to be, but the site doesn't get access to the account via the twitter API and cannot post messages or change settings. For sites that gather statistics this may be sufficient nonetheless.
  • The third solution is to redirect the page to a twitter API URL that then asks you to log in and gives the site feedback that the account has logged in. This means that the site cannot keep your credentials and e.g. post messages, but it can access data from your account after the login. Due to the way a browser caches login/passwords, you cannot logout unless you close your browser. However it may be possible to logout by redirecting to a logout URL (I haven't checked if that works with twitter)
  • The fourth solution is to OAuth, this basically means that the 3rd party site sends a challenge to twitter.com which returns with a authentication reply after it has asked you if you want to allow the 3rd party site to access your account after you have logged in. This means that the site can access your account and even post messages with knowing the password, since the site can keep the authentication token even after you have logged out. When you do not want a service to access your account anymore, you can block the application in the twitter settings. However most sites drop the authentication when their session expires, so you will be asked the next time for confirmation again.

Depending on what services a site offers, the choice of each of the methods makes sense, I would prefer sites that do not require the user to disclose the account password, however some very prominent sites currently do (e.g. twitpic.com).

When using a 3rd party site that asks you for your password, you have one important issue: if you are using a tool for phishing protection like pwdhash, the password will not be the same on the alternate site, so you have to calculate the pw hash in advance and enter it manually, the same would work with OAuth since the password is only entered on the actual twitter.com site.


Spam accounts are getting more difficult to spot

It seems that Spam accounts have adopted a new way to appear valid, (or I just noticed that, maybe it's not that new), by copying valid tweets from different users before sending the usual "here are my naked pictures".

Take a look at one example:

Cassidy_Callaha

Following
Click to view my naked profile http://xrl.us/be4juv
less than 20 seconds ago from web

@onlymehdi He is not alone, God is there, keeping him strong, his heart is full and our love/prayers sent to nourish him. #iranelection
half a minute ago from web

Follow Friday! @DavidArchie, @ddlovato, @Shontelle_Layne, @ muckytown @TheRealJordin, @TheDannyNoriega! :D
less than a minute ago from web

RT @TheTorchTheatre: Sunday! @bookmans sponsors The Improvised Bookclub! This month: Harry Potter & The 1/2 Blood Prince! @Space55, 7pm!
1 minute ago from web 

The most recent tweet contains a spam link, the other ones are copies from tweets a few hours ago, since the user starts mass following before the spam tweet is posted, you will not recognize that immediately.


Thursday, July 23, 2009

Follow services may be even worse than they appear

As you may have noticed from a previous post, I am not a fan of follow services, however it turns out that the services may be even worse than they claim to be.

The current approach of the services requires each user to enter their username and password, so that the service can use each user to post adverts (thinly disguised as praise, just use twitter search to find the identical copies a the posts). This raises some questions about the security of the sites, since nobody knows what the account will be used for.

As a test run, I have created a new account and registered it with the different follow services to check if this actually yields results and how much spam is posted (I will write a more elaborate summary of how it actually worked, until now it is not looking good).

One very odd thing happened during my tests, the account password was changed twice and the email address has received a series of password reset mails, so either an automation script is calling the wrong page or somebody is trying to compromise the account when the password is no longer working.

I will try to investigate which site is abusing the account and changing the password. At any rate, this means that the services cannot be trusted.


Saturday, July 18, 2009

"Follower services" to stay clear of

You will occasionally see tweets recommending services that promise a lot of followers by joining and then following the users that are listed on that site. This may seem like a good idea at first, but please consider the following caveats.
  • First of all, you are giving the service your twitter username and password and are giving them permission to send advertisement tweets as long as you are member of the service
  • To comply to the rules of the respective site, you have to follow everbody which will leave you with a lot of "marketing" accounts that probably want to spam you even further
  • You will probably follow considerably more users than you receive followers, regardless of what the site claims
  • The followers you get are not topical interested in you, they are just following you due to fact that they joined the same site
  • If you want to buy the "VIP" membership of such a site, keep in mind that the services may be rather short-lived and you probably not get any refund when the site goes down (see sample list below)
In all, I would suggest not joining any of the sites, if you already have joined, cancel your membership and change your password (if you cannot cancel your membership, just change the password and complain to Twitter.com about the abuse).
Sites operating with the same concept include the following (some of these sites are exact copies of each other with exchanged service names):
  • http://www.iwantfollowers.com/
  • http://www.morefollowers.info/
  • http://www.extrafollowers.com/
  • http://www.addfollowers.info/
  • http://vipfollowers.com/
  • http://www.tweeterfollow.com/
  • http://NeedFollowers.com/
  • http://www.youradder.com/
  • http://mytweetfollowers.com/
  • http://followadd.net/
  • http://tweeterattack.com/
  • http://www.twittershuffle.com/
  • http://followersfree.com/
  • http://followersnow.com/
  • http://ineedfollowers.com/
  • http://thousandfollowers.com/
  • http://followersfast.com/
  • http://the-twitter-follow-train.info/
  • http://www.followersplus.com/
  • http://bestfollowers.com/
  • http://findfollowers.info/
  • http://twitter-follow.de/
  • http://follow-u-follow.me/
  • http://twitterfollowtrain.com/
  • http://www.twitter-follow-train.info/
  • http://hugefollowing.com/ 
Feel free to visit any of the sites, I just wouldn't suggest them.

There are also quite a few more domains that forward to one of the services via an affiliate link, so if you end up at a domain from the list above with an added referral id, the same caveat applies, obviously.
E.g.
  • http://www.getfreefollowers.com/
  • http://www.moretwitterfollowers.tw/
The reason behind this is obvious, the services want to avoid becoming blacklisted.
(Updated 07/25/09)

Friday, July 10, 2009

New statistics

statistics from blvdstatus.com. lets see how this works out.

Also I have set up a feedburner.com account.

Saturday, July 4, 2009

Getting your invite Link on 140army.com


It seems that currently your own invite link isn't shown on the 140army.com site, here is my short solution to figure out your own link:

Send an invite to one of your followers from the page "Recruit", then go to twitter.com, click on "Direct Messages" and on "Sent". You should see a message to your follower containing a bit.ly URL, this is your invite link.

Friday, July 3, 2009

kill file feature similar to newsreaders for twitter

There are usually a few tweets by given users that I want to ignore without unfollowing the user, it would be very useful to be able to ignore tweets based on substring patterns or regexp, either for a given user or for all users.

The same could be useful for highlighting certain tweets.

This could be either implemented on the service itself (webpage and api) or it could be implemented in the 3rd party applications, e.g. Tweetdeck

I have proposed this on getsatisfaction/twitter and on tweetdeck.uservoice.com

let's how this turns out

Sunday, January 25, 2009

DNS

leider löscht mein DNS an und zu den Eintrag für blog.lehmann.cx

aber es liest sowieso keiner hier den Kram.