Twitter hit by ANOTHER attack - but this ain’t no worm
By Asavin Wattanajantra in Editorial
Posted in worm, social engineering, phishing, Twitter, Security on
If you’ve followed IT PRO for any length of time, you’ll probably know that Twitter has been suffering security wise all year.
The latest attack that became public on the weekend was first believed to be a cross-scripting worm, similar to the worm that a 17-year old managed to unleash on the Easter weekend.
However on closer inspection this isn’t all there is to it, according a post on Kapsersky’s Viruslist blog.
When clicking the link to tweets reading ‘best video’, a connection is quietly made to another server resulting in a malicious PDF being downloaded, which contains several exploits.
However, instead of a worm being downloaded with a successful exploit, a fake program will be downloaded, advertising fake anti-virus software.
The researcher couldn’t find any worm-like component, although the alert made it look like there was worm activity.
An explanation for this could simply be that the criminals behind the attack were using the stolen credentials of accounts which had been phished a week ago.
The blog said : “The attack is very significant. It would seem that at least one criminal group is now exploring the distribution of for-profit on Twitter.
“If the trends we’ve seen on other social platforms are any indicator for Twitter then we can only expect an increase in attacks.”
Twitter seems to be regularly hit with some sort of security scare, ever since January when a teenage hacker managed to take over high-profile accounts, while even celebrity twitterer Stephen Fry fell victim to a phishing attack.
We’ve also seen how a security researcher has said that Twitter’s API, used to make third party applications, is inherently flawed.
IT PRO has constantly tried to get in touch with Twitter simply to have some kind of statement, but has so far just come across a brick wall.
So what’s Biz and co gonna do? You can’t make money on something which is inherently unsafe (or can you?).
Not yet rated
Loading ...
Twitter accounts breached by hackers - again
By Asavin Wattanajantra in Editorial
Posted in social engineering, passwords, cybercrime, hacking, Twitter on
Twitter has confirmed that it has been hacked again by an outsider, with the French this time claiming responsibility.
According to reports, a person going by the name of ‘Hacker Kroll’ managed to access celebrity accounts as well as the account of Jason Goldman, Twitter’s director of product management.
The hacker claimed that they managed this to do this with a social engineering technique to access his Twitter account. He or she says they found it by accessing an admin’s Yahoo account to find his Twitter password.
Through screenshot images the hacker claims that they have broken into celebrity accounts belonging to those of Ashton Kutcher, Britney Spears and Lily Allen.
Reports said that the email addresses of the compromised accounts, mobile phone numbers as well as the accounts the affected users had blocked were accessible. (Kutcher and Allen are said to have blocked celebrity gossiper Perez Hilton).
In response, Twitter co-founder Biz Stone admitted that an outside party had gained unauthorised access, and that 10 individual accounts were viewed. He did say that no password information or personal information was revealed or altered,
Stone said: “Twitter takes security very seriously so we will be conducting a thorough, independent security audit of all internal systems.”
It wasn’t the first, and unlikely to be the last problem with hackers that Twitter will have. Back in January an 18-year old hacker who managed to breach administration systems admitted his guilt, but instead of a social networking attack he had used a self-created dictionary program tool.
One of Twitter’s most famous British followers in Stephen Fry also fell victim to a phishing attack. Considering Twitter’s rise in popularity, especially with businesses, can it be trusted to keep your accounts safe fromintruders?
Sophos security expert Graham Cluley said: “Although many will blame Twitter for no ensuring that its staff followed sensible policies to better secure critical administrator accounts, lets not forget that the real criminal here is Hacker Croll.
He added: “They have acted illegally by breaking into these accounts, even if they didn’t do anything malicious.”
Not yet rated
Loading ...
Tag cloud
Most commented posts
- Ten reasons why people are leaving MySpace
52 comments
- My Michael Jackson blog post
- Ten reasons why World of Warcraft is better than Second Life
- Facebook user arrested for poking somebody
- What should the staff writer have as his smartphone?
- Beware of hacked Facebook applications
- Ten funny sightings on Google Street View
- Twitter didn't actually get hacked - Google did
- Microsoft sues firm for instant messaging spam
- Joining the sheep - I'm getting an iPhone
Highest Rated Blog Posts
- Ten tips to avoid your satnav driving you over a cliff (100%)
- Does unfiltered internet 'disturb children'? (100%)
- The brain-controlled laptop computer (100%)
- Why Twitter is a better news tool than Digg (100%)
- Apple and its obsession with secrecy (100%)
- Twitter isn't for teenagers? It's common sense. (100%)
- Farming and becoming a Godfather with Facebook (100%)
- Orange and the iPhone - competition is a good thing (100%)
- Bendy phones straight out of the future (93.4%)
- How Pirate Bay sticks two fingers up at the industry (80%)
