Sunday, April 13, 2014

Tweet? No.

I have very little to say that can be said in 140 characters.

I'm not saying Twitter is useless. If I were trying to meet some arbitrary group of people at a security convention, trade show, or whatever, it is useful to send one message and contact everyone.

But mobile (and Twitter) has given rise to things such as URL-shortening services, of which there are now many. Enough that tools they provide to resolve the final destination are not used. There are too many 'services'.

Think about this. Security practitioners have preached, for time out of mind, that you should not follow an unknown link. That has never really worked; people still fall victim to social-engineering attacks on a regular basis. This has worked about as well as strong-password advocacy. Which is to say, not at all.

Now we have people operating in the security profession, who are doing URL-shortening, and obfuscating link destinations. The arrogance is astonishing: give them any weird link, they will click it. The same thing that we said 'Do Not Do', we are now using as a marketing tool.

That is such a very, very broken idea. We are promoting the behaviors that history has proven will end in tears. Does any practitioner think that is an ethical thing to do?

No comments:

Post a Comment

Comments on posts older than 60 days go into a moderation queue. It keeps out a lot of blog spam.

I really want to be quick about approving real comments in the moderation queue. When I think I won't manage that, I will turn moderation off, and sweep up the mess as soon as possible.

If you find comments that look like blog spam, they likely are. As always, be careful of what you click on. I may have had moderation off, and not yet swept up the mess.