Jump to content
  • Elon Musk’s X botched an attempt to replace “twitter.com” links with “x.com”


    Karlston

    • 555 views
    • 4 minutes
     Share


    • 555 views
    • 4 minutes

    Automatic text replacement let users spoof URLs ending in x, like netflix.com.

    Elon Musk's clumsy brand shift from Twitter to X caused a potentially big problem this week when the social network started automatically changing "twitter.com" to "x.com" in links. The automatic text replacement reportedly applied to any URL ending in "twitter.com" even if it wasn't actually a twitter.com link.

     

    The change apparently went live on X's app for iOS, but not on the web version. It seems to have been a problem for a day or two before the company fixed the automatic text replacement so that it wouldn't affect non-Twitter.com domains.

     

    Security reporter Brian Krebs called the move "a gift to phishers" in an article yesterday. It was a phishing risk because scammers could register a domain name like "netflitwitter.com," which would appear as "netflix.com" in posts on X, but clicking the link would take a user to netflitwitter.com.

     

    "A search at DomainTools.com shows at least 60 domain names have been registered over the past two days for domains ending in 'twitter.com,' although research so far shows the majority of these domains have been registered 'defensively' by private individuals to prevent the domains from being purchased by scammers," Krebs wrote.

     

    Even if the change had been implemented smoothly, auto-replacing "twitter.com" with "x.com" doesn't do much to help Musk cement his branding shift because x.com still redirects to twitter.com.

    Domains ending in “x” could be spoofed

    One of the newly registered domain names inspired by X's text replacement is the example mentioned above. Navigating to netflitwitter.com will show you a message that says, "This domain has been acquired to prevent its use for malicious purposes." The webpage was set up by X user @yuyu0127_ and goes on to say:

     

    As of April 8, 2024, the iOS Twitter (now X) client automatically replaces the text "twitter.com" in posts with "x.com" as part of its functionality. Therefore, for example, a URL that appears to be "netflix.com" will actually redirect to "netflitwitter.com" when clicked.

     

    Please be aware that there is a potential for this feature to be exploited in the future, by acquiring domains containing "twitter.com" to lead users to malicious pages. This domain, "netflitwitter.com," has been acquired for protective purposes to prevent its use for such malicious activities.

    As another X user (@Arcticstar0) pointed out, "the actual link is unchanged. It's just the text placeholder that appears different. So the link goes to a different url than it appears."

     

    Krebs quoted Sean McNee, VP of research and data at DomainTools, as saying that "bad actors could register domains as a way to divert traffic from legitimate sites or brands given the opportunity—many such brands in the top million domains end in x, such as webex, hbomax, xerox, xbox, and more."

    First fix attempt reportedly fell short

    In an article on Tuesday, Mashable wrote that X had fixed the problem "for some of the domains affected by this change" so that domains like netflitwitter.com no longer appeared as netflix.com. But at the time of that article's publication, Mashable said it was able to "confirm that the X for iOS app is currently still changing many other references of 'Twitter.com' to 'X.com.'"

     

    X may have the text replacement working as intended now so that it changes the appearance of twitter.com links but not other links containing the word "twitter."

     

    A post by @Arcticstar0 lists some real Twitter URLs alongside "space-twitter.com." A screenshot in the Mashable article showed that at one point, this post, when displayed on the iOS app, rendered "space-twitter.com" as "space-x.com." But today, the same post when viewed in the iOS app displays "space-twitter.com" correctly while rendering the "twitter.com" link as "x.com."

     

    Of course, clicking that latter link actually takes you to twitter.com. Typing x.com into your browser also redirects you to twitter.com because the Twitter-to-X transition is woefully incomplete.

     

    Today, when we emailed X's media contact address, [email protected], we got the standard "busy now, please check back later" auto-reply. It came not from an x.com email but from [email protected].

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...