A TREND MICRO BLOG

May 12

Twitter Porn Names

Rik Ferguson

Filed under: Phishing, Web 2.0, data leakage | RSS 2.0 | TB | Tags: , , , | 16 Comments

One of the currently trending topics on Twitter goes by the hashtag #twitterpornnames. This is apparently the name of your first pet and the name of the street where you grew up.

12-05-2009-13-47-50

 

Now I really don’t know whether this has been conceived as a phishing scheme at the outset or as a reinvention of the playground/pub conversation. However, the fact remains, giving out things like your mother’s maiden name, name of your first pet, the street you grew up on is a Very Bad Idea. Giving them out online in a public forum that is indexed by search engines is Even Badderer.

 

This sort of information is gold dust to those people who have an interest in breaking into your online accounts through reseting the passwords, see my earlier blog post here where it happened to poor old Salma Hayek.

 

For the record, I don’t remember the name of my first pet, but I grew up on Donkey Street. 

 

Next trend? #twitterluckynumbers post your Credit Card number, CVV and Expiry Date.

 

UPDATE:

 

The “man behind the hashtag” goes by the name of PembsDave. I asked him for his views on the furore surrounding the trend…

pembsd

 

 

“It genuinely was set up as a fun thing to do and of course become a “trend” – but chinese whispers changed it. OK “proper” porn name is pets name + [mother's] maiden name but I felt that was too personal – hence head teacher. I have trended a few times to gain awareness of JessicasTrust their hashtag is #maternalhealth – and often cross-pollenate the trending # hashtag to theirs.”

 

So, Dave’s view and my own is, let’s hope some good can come of this, both in a raised profile for this worthy cause, and an increased awareness of the value of the information that we share far too readily on the internet.

 

Before you post anything, anywhere, ask yourself this “If a stranger called me on the phone asking me for this information, would I be happy to share it?” If the answer is “No“, then step away from the mouse.

 

UPDATE:

From the “Defies Credulity Dept.” this storm-in-a-teacup made it into the US Department of Homeland Security daily report (check page 15)


Bookmark
| More

This entry was posted on Tuesday, 12. May 2009 and is filed under "Phishing, Web 2.0, data leakage". You can follow any responses to this entry with RSS 2.0. You can leave a response here, or send a trackback from your own site.

16 Comments

  1. Tuesday, 12. May 2009 um 1:42 pm

    [...] This post was Twitted by ErrolCNN – Real-url.org [...]

  2. Tuesday, 12. May 2009 um 2:26 pm

    Just because Dave set it up as fun doesn’t mean some people will not use the info for badness.

  3. Tuesday, 12. May 2009 um 2:50 pm

    Hey Rik, thanks for the post, it’s good to be on top of these types of scams.

  4. Tuesday, 12. May 2009 um 3:01 pm

    A point to remember is sharing information that is also used for security question answers helps hackers regardless of the original intention.

    Those saying this is “not a scam” are missing the point that it is not a good thing to do, regardless of intention.

  5. Tuesday, 12. May 2009 um 5:15 pm

    I was the one who originally brought this to the attention of the mods last night. It appears this meme has been around for a while (google trace links an article that mentions it in Jan 05 http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2005/01/23/LVGT7ASCMR1.DTL). While I do not believe it was the intent of Dave to cause issues, he was just having fun, it would be a difficult argument to say that the original creators of the meme weren’t phishing (as one of it’s original forms was 1st pet and mother’s maiden name). The key difference between older versions of this game, and this new one is the location the game is played, twitter. The reason it is an issue is threefold: * Twitter records everything in an easily searchable fashion* Twitter is accessible to everyone (and has a huge audience)* Twitter attributes these recordings to non-anonymous accounts. While this is not enough for someone to steal your identity, it does make the job of identify thieves easier. Maybe his next game shouldn’t rely on personal security information.

  6. Tuesday, 12. May 2009 um 5:45 pm

    OK – I’ve seen all arguments for and against. Agreed – giving personal information out on the internet is wrong, every fool knows that. BUT! going hysterical over a “game” that even in the worst case you gave your Mothers Maiden name away – how does this then move on to scamming – 1st you’d need at least a name (granted Twitter does sometimes give that) and then a service that they use – (not available on twitter) and then you’d need to know at least login details for that service (not available on twitter unless someone tweets “logging in to my bank now with username joebloggs – but im not stupid enough to give you my password”

    the leap of faith to go from Porn Name to hack your account is far too much to leap. Sorry – Hysteria and scaremongering to get clicks to blogs and sites…

    @pembsdave

  7. Tuesday, 12. May 2009 um 5:53 pm

    Hi Mr M Wolf, this meme goes way back, beyond the birth of the internet,in its original form, the porn name was First pet + Mother’s maiden name, and it had a sibling called Soap Star Name which was always Middle Name + Street you grew up in..

  8. Tuesday, 12. May 2009 um 9:48 pm

    Dave, I don’t recall saying the word scamming … I guess that’s a case of ‘chinese whispers’. My original complaint was the game ‘looked like’ a phishing expedition, and could Twitter remind users not to divulge personal info. My original shout was “WHAT THE HELL? Don’t people realize that #twitterpornnames is just a way to divulge personal info that identity thieves use? DON’T DO IT”. I have no blog or site, and therefor no agenda, so your assumption on my motives is invalid.

  9. Tuesday, 12. May 2009 um 9:55 pm

    [...] Original [...]

  10. Tuesday, 12. May 2009 um 9:58 pm

    Rik, as any good blogger knows, ‘citation needed’. If you are going to make a bold genralization that this meme predates the internet, please supply reference. I have supplied a reference acknowledging the meme’s existance back in Jan of 2005. That’s the furthest back I have found so far, with most of the occurrence of the meme appearing in 2006 and later forums. I would not be surprised if the meme started in IRC, and considering what information is supplied, was a social engineered phishing expedition. That it was not Dave’s intention to have this version of the meme do so does not invalidate that the meme’s purpose is to divulge security related information.

  11. Tuesday, 12. May 2009 um 10:20 pm

    Reference to the meme from Nov, 2000 located (http://www.kuro5hin.org/comments/2000/11/2/65250/4133/217#217). Which is about 1/2 way to the ‘birth of the World Wide Web’ (assuming a birthyear of 1990, based off roughly of when it became more publically available – which is a debate for those more geekier than me). Not sure how easy it would be to find much before 2000.

  12. Tuesday, 12. May 2009 um 10:20 pm

    I don’t get this.

  13. Wednesday, 13. May 2009 um 8:03 am

    Hi there, I am citing my own memory of having had this converstaion with many people in the classroom, in the playground and in the pub in the early to mid eighties.

    Nothing is new, only forgotten :)

  14. Wednesday, 13. May 2009 um 8:40 am

    [...] Informationen sind im Countermeasures-Blog von Trend Micro unter http://countermeasures.trendmicro.eu/…; abrufbar.Über TREND MICRO Deutschland [...]

  15. Wednesday, 13. May 2009 um 8:54 am

    [...] Informationen sind im Countermeasures-Blog von Trend Micro unter http://countermeasures.trendmicro.eu/…; abrufbar.Über TREND MICRO Deutschland [...]

  16. Saturday, 16. May 2009 um 12:23 pm

    [...] und seine Passwörter in Online-Accounts unverzüglich ändern. Weitere Informationen sind im Countermeasures-Blog von Trend Micro abrufbar. Tags: Internetsicherheit, Security, Twitter ähnliche [...]

Leave a comment

XHTML allowed tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Spam protection

© Copyright 2010 Trend Micro Inc. All rights reserved.
Legal Notice. Disclaimer