twitter WordPress

Twitter oEmbeds are not responsive – The little things that bug me

If you have a website using WordPress you should be excited about the new 3.4 release which introduces a whole bunch of new features. For a brief look check out the announcement or you can get an in-depth look at all the newness in the Codex article for the release.

Twitter oEmbeds are here!

One of the many new features is the ability to use oEmbed to add Tweets to your posts. All you have to do is grab the URL to a tweet, for example, and paste it into the editor. WordPress finds the URL, figures out it’s from Twitter, and embeds a nice active Tweet window in the post, just like the one you see above. Very cool. Almost.

New technology hampered by old thinking

I have a serious issue with the Twitter oEmbed: Inspecting the code you’ll see the widget comes with a small inline style call:


This small and unnecessary piece of code makes the Twitter oEmbed awful to work with. As you see from the grab at the very top of the post, the oEmbedded tweet is not responsive. That’s because the width is hardcoded – something that should never happen, especially not inline. What’s worse is that infernal “!important” at the end of the offending piece of inline style code. That !important makes it impossible to use a stylesheet to override the width and make the box responsive.

The Solution (that you can’t apply)

The solution to this problem – one that must be implemented by either Twitter or WordPress (at present I’m not sure where that piece of code is originating) is to change the style code to say:


Oh, and don’t even get me started on the clear:both!important; call. WTF.

social media twitter

Twitter force-follow exploit makes us all friendless

Last night our dear friends at Gizmodo released a simple exploit that allowed you to force Twitter users to follow you, an exploit already nicknamed “twape” (a combination of the words “twitter” and “rape”… classy). The exploit was ridiculously simple: Just write the word “accept” in front of a username (so for example “accept mor10”) and that user would automatically follow you. So what happens? Everyone and their mother starts force following famous people.

Sticking my head out the window I can hear the entire North American continent shouting “Hey look everybody: Oprah / Ashton / Barack / Jesus is following me on Twitter! I’m special!”

And the result? Right now your Twitter profile reads “Following: 0 Followers: 0”

Not to be a total grump here, but serisously people, what did you think would happen? Operah would become your instant friend? Ashton would start retweeting your tips on cat hair removal? More than anything this exploit shows how willing we are to just jump at anything that pops up on the internet without thinking about the consequences.

Let’s just hope this exploit doesn’t mean we’re friendless forever. Twitter is saying they are going to restore status quo once they’ve sorted out all the bogus follows. So relax, you’ll be able to show everyone how many friends you have soon enough.

News twitter

This you??? Anatomy of a Twitter Phishing Attack

Over the last couple of days I’ve gotten at least 10 Direct Messages from Twitter friends – most of which are pretty well versed in modern web technologies and even one that calls herself a “social media expert”. The messages are all the same, the text “This you???” followed by a shortened link. The link takes you to a web page that looks a lot like the login page but when you log in your password is stored and passed on to evil people with eviler intentions yet to be unveiled.

Targeting (and hooking in) the pros

Twitter phishing attacks are nothing new but this one is a bit different – and all the more disturbing for it: It targets and manages to hook in Twitter power users more than any other exploit before it. This is done by taking advantage of the fact that most heavy Twitter users don’t actually use the regular page but rather a Twitter manager like TweetDeck or HootSuite. And whereas a person just using would immediately know something was up when they were redirected to the login page even though they were already logged in, a TweetDeck or HootSuite user would probably not be logged in and could potentially enter their information in a momentary lapse of reason.

Unknown agenda

Another thing that is disturbing about this particular attack is that unlike most other attacks which immediately start spamming people with badly disguised ads for teeth whitening, weight loss or other affilliate marketing junk, this one – at least for no – is only out to perpetuate itself sending out the same message over and over. This means there is probably some larger plan in progress, and so far we don’t know what that plan is.

Even more disturbing a lot of people use the same password for many things including their social media networks like Twitter, Facebook, YouTube, MySpace and whatever other timewaster fits their fancy. That means if someone gets a hold of their Twitter password they are likely to also have access to their other accounts, not to mention Gmail or Hotmail accounts!

How to aviod being phished (and what to do if you are a victim)’s help has a comprehensive breakdown of how to reset your password, sever connections and get your account back if you are the victim of a phishing attack or your account has been hacked. If you think your account has been compromised it is paramount that you follow these steps immediately to protect your online identity. That link again is here.

Here are a few simple steps to avoid becoming a victim of a Twitter hijacking:

  • Have a complicated password. If you can’t think of one, here are a few ideas: Do like Mulder from The X-Files and swap out words with numbers. His password was “trustno1” where the word “one” was exchanged for the number 1. Do like my friend Craig and show your support for a sports team. He’s a big fan of the Vancouver Canucks and hates the Toronto Maple Leafs. His password is “canucks>leafs” i.e. Canucks bigger than Leafs.
  • Change your password regularly. By “regularly” I mean every 6 months or so.
  • If anything unusual happens, change your password immediately.
  • Don’t use the same password for everything. That may sound like a lot of work but I use an algorithm based on the site name that changes the first and last character of my password so it’s not that hard.
  • Don’t give your password away.
  • Check the URL in the address bar before you enter your password. If it doesn’t say but something else, it’s not