Coder fires ‘Idiocy’ warning to Twitter users
By Tom Brewster,
A coder has developed a hijacking tool to compromise Twitter accounts and then post a warning to the victim.
The tool, named “Idiocy,” searches for users insecurely visiting Twitter over public Wi-Fi networks and then hijacks their session to post a tweet informing them they are vulnerable to attack.
A link has also been included in the tweet directing users to a website explaining what has happened once a user has been exploited.
Jonty Wareing, a London-based software developer, has been credited as the tool’s creator and he made the exploit code available on GitHub.
He claimed to have been inspired by the creation of the Firesheep tool – a Firefox browser extension, which was designed to exploit weak transaction security on social network applications, such as Facebook and iGoogle.
Firesheep allows the hacker to scan for vulnerable active social networking sessions and gives the user a simple-to-use interface to launch attacks.
“A large amount of the communication between individuals today is through social networking sites, where rapid growth is first priority and security is an after thought, but most don’t implement any sort of encryption at all,” said Daniel Peck, research scientist at Barracuda Networks.
“The only way to make these attacks go away for good is for application level encryption (such as SSL) to be ubiquitous. While it is certainly more common than just a few years ago, most sites are either still missing the feature or they are implementing it incorrectly.”
While the majority of login pages are protected by SSL, often the secure connection is subsequently abandoned by the site, he explained.
“The user is dropped back to an insecure connection that exposes the cookie or session ID that uniquely identifies the user allowing tools like Firesheep to impersonate the account,” Peck added.
Social networks have increasingly become the target of cyber criminals; this week a Mac version of the dangerous Koobface trojan was discovered.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- UK regulator shuts down Angry Birds scam
- Apple iPad 3 vs iPad 2 head-to-head review
- IBM bans use of Siri on iPhones
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell EqualLogic PS6100XS review
- Macs and Android under malware threat
- RIM loses its head of sales
- Local fibre broadband needs common standards
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
