Coder fires ‘Idiocy’ warning to Twitter users

A London-based coder has created a tool to hack Twitter accounts and then warn the victim of their vulnerability.

Stupid

A coder has developed a hijacking tool to compromise Twitter accounts and then post a warning to the victim.

The tool, named "Idiocy," searches for users insecurely visiting Twitter over public Wi-Fi networks and then hijacks their session to post a tweet informing them they are vulnerable to attack.

A link has also been included in the tweet directing users to a website explaining what has happened once a user has been exploited.

Jonty Wareing, a London-based software developer, has been credited as the tool's creator and he made the exploit code available on GitHub.

He claimed to have been inspired by the creation of the Firesheep tool a Firefox browser extension, which was designed to exploit weak transaction security on social network applications, such as Facebook and iGoogle.

Firesheep allows the hacker to scan for vulnerable active social networking sessions and gives the user a simple-to-use interface to launch attacks.

"A large amount of the communication between individuals today is through social networking sites, where rapid growth is first priority and security is an after thought, but most don't implement any sort of encryption at all," said Daniel Peck, research scientist at Barracuda Networks.

"The only way to make these attacks go away for good is for application level encryption (such as SSL) to be ubiquitous. While it is certainly more common than just a few years ago, most sites are either still missing the feature or they are implementing it incorrectly."

While the majority of login pages are protected by SSL, often the secure connection is subsequently abandoned by the site, he explained.

"The user is dropped back to an insecure connection that exposes the cookie or session ID that uniquely identifies the user allowing tools like Firesheep to impersonate the account," Peck added.

Social networks have increasingly become the target of cyber criminals; this week a Mac version of the dangerous Koobface trojan was discovered.

Featured Resources

Five lessons learned from the pivot to a distributed workforce

Delivering continuity and scale with a remote work strategy

Download now

Connected experiences in a digital transformation

Enable businesses to meet the demands of the future

Download now

Simplify to secure

Reduce complexity by integrating your security ecosystem

Download now

Enhance the safety and security of your people, assets and operations

Enable a true vision of security with an engineered solution based on hyperconverged and storage platforms

Download now

Recommended

'Largest ever' Magecart hack compromises 2,000 online stores
hacking

'Largest ever' Magecart hack compromises 2,000 online stores

15 Sep 2020
Twitter expands civic integrity policy ahead of US election
social media

Twitter expands civic integrity policy ahead of US election

11 Sep 2020
Common malware slipped past the macOS notarization process twice
malware

Common malware slipped past the macOS notarization process twice

31 Aug 2020
Infocyte integrates with Palo Alto Networks Cortex XSOAR
cyber security

Infocyte integrates with Palo Alto Networks Cortex XSOAR

19 Aug 2020

Most Popular

Accenture ploughs $3 billion into cloud migration support group
digital transformation

Accenture ploughs $3 billion into cloud migration support group

17 Sep 2020
Google takes on Zoom with launch of Meet hardware
video conferencing

Google takes on Zoom with launch of Meet hardware

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020