X.com marks the spot…or does it?
Let’s face it: Many of the changes X (Twitter) has made under Elon Musk’s ownership haven’t been well thought out. The company is certainly following the “move fast and break things” business method.
Security journalist Brian Krebs wrote today about the company’s latest fumble, which fortunately has been fixed.
Yesterday, the company began automatically modifying links that included “twitter.com” to read “x.com” while still going to the actual URL they referenced.
Any domain with twitter.com in it was converted, even if that was just part of the domain.
Consider the domain name fedetwitter .com. This became Fedex.com visually but clicked through to the actual domain.
And goodrtwitter .com became GoodRx.com visually.
The registrant of the latter domain forwarded it to a page with this message:
Krebs noted that many domains were registered to take advantage of this brute-force domain change. Many were registered defensively by people with good intentions, but others might not have been.
The story quotes DomainTools’ VP of research and data about how bad actors could take advantage of this for phishing.
Franck J says
Talking about a tech founder, ha. This guy is just nuts