A little too X-cited?

So how has everyone’s week been going? Has it been X-citing, X-hilarating, perhaps X-ceeded your X-pectations?

I’m sure you could tell that I repeatedly used the letter X in my intro because that has been the most popular letter in the alphabet over the last several days, thanks to Twitter CEO and megalomaniac Elon Musk.

Oh wait, I need to correct myself – X CEO Elon Musk. Yes, Musk continued his freewheeling ways since taking over the social media giant last year by dropping the famous blue bird symbol of Twitter over the weekend and rebranding the company with the letter X.

For some reason, when I first heard the news of Twitter’s rebranding, this 80s music fan flashed back 30 years when Prince announced that he changed his name to a symbol mashing up the gender symbols for a man and a woman.

Getting back to current times, the rebranding announcement by the maniacal Musk practically came out of nowhere, with the CEO ironically tweeting about the “death” of Twitter’s famous blue bird symbol, “And soon we shall bid adieu to the twitter brand and, gradually, all the birds.”

This tweet about the death of Twitter’s blue bird sent shockwaves throughout the social media world. How could Musk do this to Twitter’s seemingly irreplaceable symbol since its creation 17 years ago?

The simple answer is Elon Musk does what he wants, whenever he wants. But this blog is not about why he got rid of Twitter’s blue bird. As we are a security publication, let’s examine the security angle on the implications of Musk’s abrupt action over the weekend, so here it goes.

When Musk announced that Twitter had rebranded to X, he tweeted that Twitter had secured the x.com website domain.

So, of course, I was suckered into believing that when I went on to x.com, I would immediately be redirected to the Twitter site.

Wrong! When I tried to go on the x.com site, I knew it was not a good sign that a GoDaddy symbol was on the far left of the webpage, with the page telling me that “X.com is parked free, courtesy of GoDaddy.com. Get this domain.”

Whoopsie! This sounds to me like Musk was so anxious to announce the rebranding that he did not register the x.com domain in time for it to immediately redirect to Twitter.com.

In addition, it appears that Musk did not register similar domains that users could mistype, such as “xx.com” or (and my apologies for typing this) “xxx.com,” thus opening the opportunity for cyber hacks to steal Twitter log-in info if those other sites are not protected.

Here’s another cyber risk with the hastened rebranding that I thought of in recent days. What would prevent a cybercriminal from just taking the letter X and attaching it to a fake domain such as “Xtechsupport.com” and sending out phishing emails to users, saying something like “We‘ve noticed some unusual activity on your x.com account. Please click on this link to fix the problem.” An unsuspecting user clicks on the link and that person’s account could be hacked, or have malicious software installed on his/her computer.

Needless to say, this Twitter rebranding means all users of the social media entity, including Security Systems News, need to be even more cyber aware of the security risks associated with such an abrupt switch.

Elon Musk may be considered a visionary, but he certainly did not have the vision to think about the security implications of quickly rebranding Twitter.