advertisement
Facebook Instagram Linkedin Youtube Spotify
Search
Close this search box.
Facebook
X
LinkedIn
WhatsApp
Reddit

X gets a grave lesson on why search and replace is a bad idea

  • Earlier this week X nearly caused a cybersecurity catastrophe as it transitions away from Twitter.
  • The website began replacing URLs that end in twitter.com with x.com allowing ne’er-do-wells to sneak malicious URLs into tweets.
  • Cybersecurity expert Brian Krebs reports many domains, similar to netflitwitter.com, were registered before X reverted the change.

While the “search and replace” function can be handy, one must be careful. For example, if you want to replace all instances of “grand” with “great” you best hope the word “aggrandise” doesn’t become “aggreatise”.

Elon Musk’s X learned this lesson the hard way this week when it started to replace URLs ending that end in twitter.com with x.com. The change was only live for users on iOS and it was quickly reverted once folks realised they could abuse this.

“On April 9, Twitter/X began automatically modifying links that mention “twitter.com” to read “x.com” instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links — such as fedetwitter[.]com, which until very recently rendered as fedex.com in tweets,” writes security research Brian Krebs.

The cybersecurity expert wrote on his blog that at least 60 domain names were registered over two days that end with twitter.com. Thankfully, many of those names were registered defensively and contained warnings for users.

Essentially, by abusing this rule, an attacker could make a user think they are heading to netflix.com when instead they’re headed for netflitwitter.com.

The potential for abuse here was massive but thankfully, X reverted the change and stopped replacing URLs that end with twitter.com.

We suspect that Musk is growing weary of seeing twitter in replies, quotes and more and ordered the engineering team to solve the problem quickly.

The transition to X from Twitter has been hamfisted, to say the least. While Musk hopes to make X an everything app where folks make calls, complete financial transactions and more, the site still battles to get the most minor of things right. Hell, Musk himself still calls it Twitter, illustrating just how much of a legacy the billionaire erased because of his obsession with a singular letter.

The website also still sends automated emails from Twitter.com, as Ars Technica discovered while seeking commentary from X. You can also find the Twitter URL, logos and more in rarely visited parts of the site.

We can’t wait to see what misstep X makes next.

[Image – Kelly Sikkema on Unsplash]

advertisement

About Author

More
Brendyn Lotz

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.
advertisement

Related News

Local scammers have started adding targets to WhatsApp groups

Did Apple warn you about targeted spyware? Take it seriously

Malware creators find innovative ways to steal your data

IEC notification to Regulator short on details

Is it over for GBWhatsApp users?

Survey says online dating is still risky business

advertisement
Facebook Instagram Linkedin Youtube Spotify
Hypertext is one of South Africa’s leading technology news and reviews sites. We publish original content daily for consumers and businesses.
All original words & media by Hypertext by htxt.media are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Permissions beyond the scope of this license may be available at Hypertext. Where images and material are supplied by rights holders outside of htxt.media, original publishing licences are indicated and unaffected.
Click here to suggest a story.
Click here for advertising.
© 2024. All rights reserved by HTXT.