When Elon Musk decided to buy Twitter, he immediately thought about rename the platform to X. In 1999, in fact, the South African entrepreneur with Canadian citizenship and a naturalized US citizen founded X.com, a banking services site which later became the basis for the birth of PayPal. The X symbol is also used by SpaceX, the aerospace company founded by Musk, and in xAi, a new company developing artificial intelligence solutions.
Il X symbol it is therefore important for Musk because it contains the idea of an all-encompassing project, an interactive platform that includes audio, video, messaging, payments and other features. The name change of Twitter is part of a broader plan to transform the social network into a more complete solution, capable of going well beyond the features we all know.
Redirect from Twitter to X: The company slips on a banana peel
Today, typing x.com in the address bar of your web browser you are automatically redirected to Twitter. A couple of days ago, however, the systems engineers of X Corporation, founded in 2023 and owner of Twitter, committed a very serious mistake. An oversight that seems like a beginner’s and could have opened the doors to effective activities phishing. The reason is soon to be said.
Twitter had activated the redirect to X within posts: basically, typing a URL twitter.comthe user’s browser was redirected to the “new” domain name x.com.
On the surface, everything is fine, right? Only apparently because many immediately noticed a huge mistake made by the administrators. For anyone domain name which ended with twitter.comthis string was replaced with x.com. Think, for example, of the domain fedetwitter[.]com: the rule set on the server side by X Corporation transformed this domain into fedex.com (in this case corresponding to the well-known transport company specializing in express shipments).
An attacker could thus create convincing posts on twitter.com) was automatically converted to by replacing that part of the URL with x.com.
Problem corrected but… what an oversight!
The mistake made by X’s technicians had the potential to divert traffic from legitimate sites and brands, effectively encouraging the proliferation of fraudulent activities online.
Due to its serious implications, the incident caused a stir with Elon Musk’s company which immediately intervened to put remedy the problem. Many domain names have since been registered for defensive purposes or to demonstrate the potential of the problem introduced by
Think for example of the domain netflitwitter.comregistered for prevent any abuse compared to the properties and services of the well-known streaming platform Netflix.
Following what happened, it is easy to hypothesize that the X technicians used regular expressions in a bad way, allowing unwanted redirects within the posts published on the social network.