By Robert McMillan, March 20, 2009
Computer security researchers have devised a new Twitter attack that they say could spread virally, much like a worm on the microblogging service. The attack, posted online Thursday by researchers at Secure Science, is an innocuous proof of concept that forces users to send out a predetermined Twitter message, but it could be repurposed into a very nasty worm, said Lance James, chief scientist with Secure Science. "You can couple an attack with our code and it would just tear the crap out of Twitter," he said. The hack is similar to a clickjacking attack that was making the rounds on Twitter last month. There, hackers used a sneaky technique to trick users into clicking on a link without realizing it. That link would post the Twitter message saying "don't click" along with a URL. This time around, Secure Science's researchers found a way to take advantage of a Web programming error on Twitter's support site to post the unwanted message. After a warning message, Secure Science's test code posts the message: "@XSSExploits I just got owned!" to the victim's profile.
Read more here -->Link
Also read this-->Twitterers Punked by Early April Fools' Prank
This is the kind of Negative stuff that becomes the Norm when a service becomes popular -- it attracts the nefarious type and it's just the beginning of more to come.
No comments:
Post a Comment