Tweet Attack, Yikes!

All Your Tweets belong to us,

Hey Guy’s and Gal’s, while doing a search for the latest “twitter news” I came across an article about “Twitter botches patch for nasty account-hijackers” written by Dan Goodin out in San Francisco

In his article written on August 26th, he talks about the fact that Twitter Engineers have been fighting a gaping hole, that makes it easy for hackers to hijack the accounts of users, who do nothing more than view a booby-trapped message.”

Twitter Fail Whale Belly upAnd he goes very deep into the discussion about this nasty little XSS or cross-site scripting (like javascript and other scripting platforms) that makes it easy to bypass Twitters Protection Schema. In other words, while viewing the so called booby trap message the script can access your account and start doing what ever it likes, and everyone that follows you will think that these message (or tweets) are coming directly from you.

And your followers in turn, will see the same message you did, and be hijacked in the same way.

I find this subject matter very interesting and very informative, but there is a big problem.

Even though alot of people are talking about the XSS Cross-Site scripting problem and this neaky little booby trap message, nobody is telling anyone what the message says.

Now I understand that trying to fix a scripting issue that evokes security breaches can be an exhausting task (to say the least), but, why not at least inform your users that this problem exists and what to look out for.

James Slater (who is mentioned on www.theregister.co.uk) mentioned that a nofollow link that was recently enabled by Twitter could be by-passed by adding the rel=”external” to the end of the URL that you put in your Bio which could be used to envoke malicious scripting.

Boy oh boy! What is Twitter in for?

I don’t know about you, but I would be very careful what links you click on in someones Bio, I would suggest that you try and get to know a person through your tweets before you go and check out your followers websites.

You could get caught up in the Tweet Attack, Yikes!

Get instant Twitter Watchdog Secrets, Tips and Tools that will help maximize both your personal and professional Twitter experience. Just enter your name and email address now.

Follow Skeeter Hansen @SkeeterHansen

Follow Al Ferretti @AlFerretti

Leave a Reply

Search TwitterWatchdog