Twitter lets you send a private message directly to someone else that is following you by placing a "D" in front of their user ID.
D @davidmead this is private, shh!But quite a few people were under the assumption that if you placed "DM" in front it would work the same - not so.
Someone found these not-so-private private messages floating around and created a site called DMfail which listed them for all to see. It was covered on TechCrunch and there were plenty of tweets about it.Twitter was quick to implement a change and now if you did place a "DM" instead of a "D" your message was private once more, rendering DMfail without content. All this in a matter of hours.
It's great that they can be quick enough to remedy this as promptly as they did, but I still find it funny that Twitter has not implemented OAuth if their users security was utmost in their minds.
Whatever type of website you run you must have this thought in the back of your mind at all times - As soon as it's live, it's not mine anymore. Search engines, scrapers, and browsers all enable whomever to do virtually whatever they want with your content. You have to be listening and have the ability to respond at all times.
No comments:
Post a Comment